Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
file.exe

Overview

General Information

Sample name:file.exe
Analysis ID:1502481
MD5:efb40a47d21362d07886b03a97d03e58
SHA1:f99b6ce9e18ce0cb97cbb9522c4ba8adbddf63d7
SHA256:32089eae1cd7e56eb8d73d38a3b26953df73d06ba80a4fd01d575f1d7f39d245
Tags:exe
Infos:

Detection

Score:68
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
AI detected suspicious sample
Binary is likely a compiled AutoIt script file
Found API chain indicative of sandbox detection
Machine Learning detection for sample
Maps a DLL or memory area into another process
Contains functionality for execution timing, often used to detect debuggers
Contains functionality for read data from the clipboard
Contains functionality to block mouse and keyboard input (often used to hinder debugging)
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Contains functionality to communicate with device drivers
Contains functionality to dynamically determine API calls
Contains functionality to execute programs as a different user
Contains functionality to launch a process as a different user
Contains functionality to launch a program with higher privileges
Contains functionality to modify clipboard data
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query CPU information (cpuid)
Contains functionality to read the PEB
Contains functionality to read the clipboard data
Contains functionality to retrieve information about pressed keystrokes
Contains functionality to shutdown / reboot the system
Contains functionality to simulate keystroke presses
Contains functionality to simulate mouse events
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Drops PE files
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
OS version to string mapping found (often used in BOTs)
PE file contains sections with non-standard names
Potential key logger detected (key state polling based)
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • file.exe (PID: 6812 cmdline: "C:\Users\user\Desktop\file.exe" MD5: EFB40A47D21362D07886B03A97D03E58)
    • msedge.exe (PID: 4456 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd MD5: 69222B8101B0601CC6663F8381E7E00F)
      • msedge.exe (PID: 7188 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2220 --field-trial-handle=2176,i,7983970190078579778,15414779449484211005,262144 /prefetch:3 MD5: 69222B8101B0601CC6663F8381E7E00F)
    • firefox.exe (PID: 4504 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
  • firefox.exe (PID: 4940 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd --attempting-deelevation MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
    • firefox.exe (PID: 7172 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
      • firefox.exe (PID: 8548 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2324 -parentBuildID 20230927232528 -prefsHandle 2264 -prefMapHandle 2260 -prefsLen 25359 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b2c51076-e2ba-496a-8a5d-bad7f0b747df} 7172 "\\.\pipe\gecko-crash-server-pipe.7172" 1e9e0c6d310 socket MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
      • firefox.exe (PID: 8892 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3504 -parentBuildID 20230927232528 -prefsHandle 2852 -prefMapHandle 3480 -prefsLen 26374 -prefMapSize 237879 -appDir "C:\Program Files\Mozilla Firefox\browser" - {df1c462e-2999-4128-a5ee-18d3d60123b5} 7172 "\\.\pipe\gecko-crash-server-pipe.7172" 1e9f2c64d10 rdd MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
      • firefox.exe (PID: 6256 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5660 -parentBuildID 20230927232528 -sandboxingKind 0 -prefsHandle 5652 -prefMapHandle 5592 -prefsLen 33976 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e87c3b9e-4be0-4f77-84ea-de9f8ccec19d} 7172 "\\.\pipe\gecko-crash-server-pipe.7172" 1e9f2c92110 utility MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
  • msedge.exe (PID: 7204 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd MD5: 69222B8101B0601CC6663F8381E7E00F)
    • msedge.exe (PID: 7608 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2452 --field-trial-handle=2108,i,175679224649341972,9737569458968521055,262144 /prefetch:3 MD5: 69222B8101B0601CC6663F8381E7E00F)
    • msedge.exe (PID: 8208 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=6428 --field-trial-handle=2108,i,175679224649341972,9737569458968521055,262144 /prefetch:8 MD5: 69222B8101B0601CC6663F8381E7E00F)
    • msedge.exe (PID: 8248 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=6688 --field-trial-handle=2108,i,175679224649341972,9737569458968521055,262144 /prefetch:8 MD5: 69222B8101B0601CC6663F8381E7E00F)
    • identity_helper.exe (PID: 8804 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=6984 --field-trial-handle=2108,i,175679224649341972,9737569458968521055,262144 /prefetch:8 MD5: 76C58E5BABFE4ACF0308AA646FC0F416)
    • identity_helper.exe (PID: 8828 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=6984 --field-trial-handle=2108,i,175679224649341972,9737569458968521055,262144 /prefetch:8 MD5: 76C58E5BABFE4ACF0308AA646FC0F416)
    • msedge.exe (PID: 2688 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-GB --service-sandbox-type=search_indexer --message-loop-type-ui --mojo-platform-channel-handle=7080 --field-trial-handle=2108,i,175679224649341972,9737569458968521055,262144 /prefetch:8 MD5: 69222B8101B0601CC6663F8381E7E00F)
  • msedge.exe (PID: 8680 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5 MD5: 69222B8101B0601CC6663F8381E7E00F)
    • msedge.exe (PID: 2044 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2280 --field-trial-handle=2068,i,13160541813465607293,2712023220913971906,262144 /prefetch:3 MD5: 69222B8101B0601CC6663F8381E7E00F)
  • msedge.exe (PID: 3604 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5 MD5: 69222B8101B0601CC6663F8381E7E00F)
    • msedge.exe (PID: 8988 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2144 --field-trial-handle=2020,i,12803728955632511086,9893143217689161617,262144 /prefetch:3 MD5: 69222B8101B0601CC6663F8381E7E00F)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Multi AV Scanner detection for submitted file
Source: file.exeVirustotal: Detection: 26%Perma Link
AI detected suspicious sample
Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
Machine Learning detection for sample
Source: file.exeJoe Sandbox ML: detected
Source: file.exeStatic PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49766 version: TLS 1.2
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49768 version: TLS 1.2
Source: unknownHTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.4:51098 version: TLS 1.2
Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.4:51109 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.4:51111 version: TLS 1.2
Source: unknownHTTPS traffic detected: 52.222.236.23:443 -> 192.168.2.4:51112 version: TLS 1.2
Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.4:51114 version: TLS 1.2
Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.4:51116 version: TLS 1.2
Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.4:51115 version: TLS 1.2
Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.4:51120 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.160.144.191:443 -> 192.168.2.4:51124 version: TLS 1.2
Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.4:51132 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:51137 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:51138 version: TLS 1.2
Source: unknownHTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.4:51141 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:51145 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:51146 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:51147 version: TLS 1.2
Source: Binary string: webauthn.pdb source: firefox.exe, 00000005.00000003.2148293540.000001E9FBC01000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: z:\task_1551543573\build\openh264\gmpopenh264.pdbV source: firefox.exe, 00000005.00000003.2071201402.000001E9F2EBE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2079114380.000001E9F1900000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.5.dr
Source: Binary string: wshbth.pdbGCTL source: firefox.exe, 00000005.00000003.2149380569.000001E9F08C6000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: wshbth.pdb source: firefox.exe, 00000005.00000003.2149380569.000001E9F08C6000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: pnrpnsp.pdb source: firefox.exe, 00000005.00000003.2148912587.000001E9F08C6000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: z:\task_1551543573\build\openh264\gmpopenh264.pdb source: firefox.exe, 00000005.00000003.2071201402.000001E9F2EBE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2079114380.000001E9F1900000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.5.dr
Source: Binary string: webauthn.pdbGCTL source: firefox.exe, 00000005.00000003.2148293540.000001E9FBC01000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: pnrpnsp.pdbUGP source: firefox.exe, 00000005.00000003.2148912587.000001E9F08C6000.00000004.00000020.00020000.00000000.sdmp
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00D8DBBE lstrlenW,GetFileAttributesW,FindFirstFileW,FindClose,0_2_00D8DBBE
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00D968EE FindFirstFileW,FindClose,0_2_00D968EE
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00D9698F FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToSystemTime,FileTimeToSystemTime,0_2_00D9698F
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00D8D076 FindFirstFileW,DeleteFileW,DeleteFileW,MoveFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,0_2_00D8D076
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00D8D3A9 FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,0_2_00D8D3A9
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00D99642 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_00D99642
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00D9979D SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_00D9979D
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00D99B2B FindFirstFileW,Sleep,FindNextFileW,FindClose,0_2_00D99B2B
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00D95C97 FindFirstFileW,FindNextFileW,FindClose,0_2_00D95C97
Source: firefox.exeMemory has grown: Private usage: 0MB later: 97MB
Source: Joe Sandbox ViewIP Address: 13.107.246.40 13.107.246.40
Source: Joe Sandbox ViewIP Address: 13.107.246.40 13.107.246.40
Source: Joe Sandbox ViewIP Address: 152.195.19.97 152.195.19.97
Source: Joe Sandbox ViewIP Address: 13.107.246.60 13.107.246.60
Source: Joe Sandbox ViewJA3 fingerprint: 28a2c9bd18a11de089ef85a160da29e4
Source: Joe Sandbox ViewJA3 fingerprint: fb0aa01abe9d8e4037eb3473ca6e2dca
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 142.250.81.238
Source: unknownTCP traffic detected without corresponding DNS query: 142.250.81.238
Source: unknownTCP traffic detected without corresponding DNS query: 142.250.81.238
Source: unknownTCP traffic detected without corresponding DNS query: 142.250.81.238
Source: unknownTCP traffic detected without corresponding DNS query: 142.250.81.238
Source: unknownTCP traffic detected without corresponding DNS query: 142.250.81.238
Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 142.251.35.164
Source: unknownTCP traffic detected without corresponding DNS query: 142.251.35.164
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00D9CE44 InternetReadFile,SetEvent,GetLastError,SetEvent,0_2_00D9CE44
Source: global trafficHTTP traffic detected: GET /crx/blobs/AY4GWKBMNax_FQrZEVzNkO_0mu3UShnzR6AihR_EPjVIUOT_pwZzkWCpOk8YKIu0qnIq_YObWXuPyiJ7NA0nDjMHUEYIIEknsNvJHXuPd0MqxESzoxi9xiMyJKNwZiVV1yEAxlKa5UVe61sINARQ7fO9dE0bkfP_W4GG/GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_80_1_0.crx HTTP/1.1Host: clients2.googleusercontent.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global trafficHTTP traffic detected: GET /assets/arbitration_priority_list/4.0.5/asset?assetgroup=ArbitrationService HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveEdge-Asset-Group: ArbitrationServiceSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global trafficHTTP traffic detected: GET /assets/edge_hub_apps_manifest_gz/4.7.107/asset?assetgroup=Shoreline HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveEdge-Asset-Group: ShorelineSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global trafficHTTP traffic detected: GET /assets/domains_config_gz/2.8.76/asset?assetgroup=EntityExtractionDomainsConfig HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveEdge-Asset-Group: EntityExtractionDomainsConfigSec-Mesh-Client-Edge-Version: 117.0.2045.47Sec-Mesh-Client-Edge-Channel: stableSec-Mesh-Client-OS: WindowsSec-Mesh-Client-OS-Version: 10.0.19045Sec-Mesh-Client-Arch: x86_64Sec-Mesh-Client-WebView: 0Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global trafficHTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: */*Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global trafficHTTP traffic detected: GET /assets/edge_hub_apps_search_maximal_light.png/1.3.6/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global trafficHTTP traffic detected: GET /assets/edge_hub_apps_shopping_maximal_light.png/1.4.0/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global trafficHTTP traffic detected: GET /favicon.ico HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.2045.47"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Microsoft Edge";v="117.0.2045.47", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-wow64: ?0sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://accounts.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global trafficHTTP traffic detected: GET /assets/edge_hub_apps_toolbox_maximal_light.png/1.5.13/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global trafficHTTP traffic detected: GET /assets/edge_hub_apps_games_maximal_light.png/1.7.1/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global trafficHTTP traffic detected: GET /assets/edge_hub_apps_outlook_light.png/1.9.10/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global trafficHTTP traffic detected: GET /assets/edge_hub_apps_M365_light.png/1.7.32/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global trafficHTTP traffic detected: GET /assets/edge_hub_apps_edrop_maximal_light.png/1.1.12/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global trafficHTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=KHPLYolBWPWnMA7&MD=vcr4pCUC HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global trafficHTTP traffic detected: GET /filestreamingservice/files/bdc392b9-6b81-4aaa-b3ee-2fffd9562edb?P1=1725821643&P2=404&P3=2&P4=UgdAS0p3fKzmiKJeonq8vdafyxQCI5w4Uwc7PUpxjA5abxnr4EyUkiM5dWKUPGPBm58PYDxdcJjKtbxH2EHlqQ%3d%3d HTTP/1.1Host: msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.comConnection: keep-aliveMS-CV: dZA1zPkJKVr11mYZRBOTvWSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global trafficHTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=KHPLYolBWPWnMA7&MD=vcr4pCUC HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: firefox.exe, 00000005.00000003.1887088091.000001E9EDB05000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1843827330.000001E9EDB51000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: "url": "https://www.facebook.com/", equals www.facebook.com (Facebook)
Source: firefox.exe, 00000005.00000003.1887088091.000001E9EDB05000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1843827330.000001E9EDB51000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: "url": "https://www.youtube.com/", equals www.youtube.com (Youtube)
Source: firefox.exe, 00000005.00000003.1887088091.000001E9EDB05000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: "default.sites": "https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/", equals www.facebook.com (Facebook)
Source: firefox.exe, 00000005.00000003.1887088091.000001E9EDB05000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: "default.sites": "https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/", equals www.twitter.com (Twitter)
Source: firefox.exe, 00000005.00000003.1887088091.000001E9EDB05000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: "default.sites": "https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/", equals www.youtube.com (Youtube)
Source: 065580ab-c5f8-4d6e-8c08-76ffa057f7b2.tmp.7.drString found in binary or memory: "url": "https://www.youtube.com" equals www.youtube.com (Youtube)
Source: firefox.exe, 00000005.00000003.2276588640.000001E9F13B0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2203055277.000001E9F13B0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: 8*://www.facebook.com/* equals www.facebook.com (Facebook)
Source: firefox.exe, 00000005.00000003.2196713947.000001E9FA0B4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2267368707.000001E9F9FE2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2266750220.000001E9FA0B6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: 8*://www.youtube.com/* equals www.youtube.com (Youtube)
Source: firefox.exe, 00000005.00000003.2203804431.000001E9ECB26000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2278442157.000001E9ECB26000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2195868070.000001E9FA342000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: 8https://www.facebook.com/ equals www.facebook.com (Facebook)
Source: firefox.exe, 00000005.00000003.2203804431.000001E9ECB26000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2278478951.000001E9ECB0A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2278442157.000001E9ECB26000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: 8https://www.youtube.com/ equals www.youtube.com (Youtube)
Source: firefox.exe, 00000005.00000003.2203055277.000001E9F1391000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2276588640.000001E9F138E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2276588640.000001E9F13B0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: 8www.facebook.com equals www.facebook.com (Facebook)
Source: firefox.exe, 00000005.00000003.2196713947.000001E9FA0B4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2266750220.000001E9FA0B6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: 8www.youtube.com equals www.youtube.com (Youtube)
Source: firefox.exe, 00000005.00000003.2198784140.000001E9F9B84000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: `https://www.facebook.com/ equals www.facebook.com (Facebook)
Source: firefox.exe, 00000005.00000003.2198784140.000001E9F9B84000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: `https://www.youtube.com/ equals www.youtube.com (Youtube)
Source: firefox.exe, 00000005.00000003.2203804431.000001E9ECB26000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2278442157.000001E9ECB26000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2195868070.000001E9FA342000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.facebook.com/ equals www.facebook.com (Facebook)
Source: firefox.exe, 00000005.00000003.2203804431.000001E9ECB26000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2278478951.000001E9ECB0A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2278442157.000001E9ECB26000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/ equals www.youtube.com (Youtube)
Source: firefox.exe, 00000005.00000003.2275444831.000001E9F2E80000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2202553127.000001E9F2E80000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.2914064409.00000130C8903000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/ equals www.facebook.com (Facebook)
Source: firefox.exe, 00000005.00000003.2275444831.000001E9F2E80000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2202553127.000001E9F2E80000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.2914064409.00000130C8903000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/ equals www.twitter.com (Twitter)
Source: firefox.exe, 00000005.00000003.2275444831.000001E9F2E80000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2202553127.000001E9F2E80000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.2914064409.00000130C8903000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/ equals www.youtube.com (Youtube)
Source: firefox.exe, 00000005.00000003.2198555051.000001E9F9BE6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: moz-extension://a581a2f1-688c-434b-8db8-16166b1993d9/injections/js/bug1842437-www.youtube.com-performance-now-precision.js equals www.youtube.com (Youtube)
Source: firefox.exe, 00000005.00000003.2203055277.000001E9F1391000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2276588640.000001E9F138E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2263558365.000001E9FACD9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: www.facebook.com equals www.facebook.com (Facebook)
Source: firefox.exe, 00000005.00000003.2196713947.000001E9FA0B4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2267368707.000001E9F9FE2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2266750220.000001E9FA0B6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: www.youtube.com equals www.youtube.com (Youtube)
Source: firefox.exe, 00000005.00000003.2263558365.000001E9FACD9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2191997004.000001E9FACD2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: www.youtube.com- equals www.youtube.com (Youtube)
Source: firefox.exe, 00000005.00000003.2072054023.000001E9F25AA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2264311366.000001E9FA752000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2072054023.000001E9F25F8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: x*://www.facebook.com/platform/impression.php* equals www.facebook.com (Facebook)
Source: global trafficDNS traffic detected: DNS query: clients2.googleusercontent.com
Source: global trafficDNS traffic detected: DNS query: bzib.nelreports.net
Source: global trafficDNS traffic detected: DNS query: chrome.cloudflare-dns.com
Source: global trafficDNS traffic detected: DNS query: prod.classify-client.prod.webservices.mozgcp.net
Source: global trafficDNS traffic detected: DNS query: detectportal.firefox.com
Source: global trafficDNS traffic detected: DNS query: prod.detectportal.prod.cloudops.mozgcp.net
Source: global trafficDNS traffic detected: DNS query: example.org
Source: global trafficDNS traffic detected: DNS query: ipv4only.arpa
Source: global trafficDNS traffic detected: DNS query: firefox.settings.services.mozilla.com
Source: global trafficDNS traffic detected: DNS query: prod.balrog.prod.cloudops.mozgcp.net
Source: global trafficDNS traffic detected: DNS query: prod.remote-settings.prod.webservices.mozgcp.net
Source: global trafficDNS traffic detected: DNS query: services.addons.mozilla.org
Source: global trafficDNS traffic detected: DNS query: contile.services.mozilla.com
Source: global trafficDNS traffic detected: DNS query: spocs.getpocket.com
Source: global trafficDNS traffic detected: DNS query: prod.ads.prod.webservices.mozgcp.net
Source: global trafficDNS traffic detected: DNS query: content-signature-2.cdn.mozilla.net
Source: global trafficDNS traffic detected: DNS query: prod.content-signature-chains.prod.webservices.mozgcp.net
Source: global trafficDNS traffic detected: DNS query: shavar.services.mozilla.com
Source: global trafficDNS traffic detected: DNS query: push.services.mozilla.com
Source: global trafficDNS traffic detected: DNS query: telemetry-incoming.r53-2.services.mozilla.com
Source: global trafficDNS traffic detected: DNS query: support.mozilla.org
Source: global trafficDNS traffic detected: DNS query: us-west1.prod.sumo.prod.webservices.mozgcp.net
Source: unknownHTTP traffic detected: POST /dns-query HTTP/1.1Host: chrome.cloudflare-dns.comConnection: keep-aliveContent-Length: 128Accept: application/dns-messageAccept-Language: *User-Agent: ChromeAccept-Encoding: identityContent-Type: application/dns-message
Source: global trafficHTTP traffic detected: HTTP/1.1 503 Service UnavailableContent-Length: 326Content-Type: text/html; charset=us-asciiDate: Sun, 01 Sep 2024 18:55:04 GMTConnection: closePMUSER_FORMAT_QS: X-CDN-TraceId: 0.cfbbd717.1725216904.df1e51cAccess-Control-Allow-Credentials: falseAccess-Control-Allow-Methods: *Access-Control-Allow-Methods: GET, OPTIONS, POSTAccess-Control-Allow-Origin: *
Source: firefox.exe, 00000005.00000003.1842661253.000001E9F0651000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2075478363.000001E9F0651000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2198555051.000001E9F9BE6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.2914510518.0000028D05970000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2913477496.00000130C87B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2913641047.000002D8D7430000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: http://127.0.0.1:
Source: firefox.exe, 00000005.00000003.2143379203.000001E9F0857000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2142106460.000001E9F0857000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2079114380.000001E9F1900000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2070917393.000001E9F2FA3000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.5.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: firefox.exe, 00000005.00000003.2143925622.000001E9F0899000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2141470479.000001E9F088A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2141398041.000001E9F089A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2143379203.000001E9F0893000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2144531048.000001E9F089A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: firefox.exe, 00000005.00000003.2147055831.000001E9F0881000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2143379203.000001E9F0857000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2145327172.000001E9F0881000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2079114380.000001E9F1900000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2141470479.000001E9F088A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2141398041.000001E9F089A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2070917393.000001E9F2FA3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2143379203.000001E9F0881000.00000004.00000020.00020000.00000000.sdmp, gmpopenh264.dll.tmp.5.drString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0
Source: firefox.exe, 00000005.00000003.2143925622.000001E9F0899000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2141470479.000001E9F088A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2143379203.000001E9F0893000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2144531048.000001E9F089A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: firefox.exe, 00000005.00000003.2143925622.000001E9F0899000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2141470479.000001E9F088A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2141398041.000001E9F089A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2143379203.000001E9F0893000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2144531048.000001E9F089A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: firefox.exe, 00000005.00000003.2075312751.000001E9F0B6E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ciscobinary.openh264.org
Source: firefox.exe, 00000005.00000003.2075312751.000001E9F0B6E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ciscobinary.openh264.org/
Source: firefox.exe, 00000005.00000003.2203592214.000001E9F0B54000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2075312751.000001E9F0B54000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2277414956.000001E9F0B54000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ciscobinary.openh264.org/openh264-android-aarch64-42954cf0fe8a2bdc97fdc180462a3eaefceb035f.zi
Source: firefox.exe, 00000005.00000003.2203592214.000001E9F0B54000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2075312751.000001E9F0B54000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2277414956.000001E9F0B54000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ciscobinary.openh264.org/openh264-android-arm-42954cf0fe8a2bdc97fdc180462a3eaefceb035f.zip
Source: firefox.exe, 00000005.00000003.2203592214.000001E9F0B54000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2075312751.000001E9F0B54000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2277414956.000001E9F0B54000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ciscobinary.openh264.org/openh264-android-x86-42954cf0fe8a2bdc97fdc180462a3eaefceb035f.zip
Source: firefox.exe, 00000005.00000003.2203592214.000001E9F0B54000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2075312751.000001E9F0B54000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2277414956.000001E9F0B54000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ciscobinary.openh264.org/openh264-android-x86_64-42954cf0fe8a2bdc97fdc180462a3eaefceb035f.zip
Source: firefox.exe, 00000005.00000003.2203592214.000001E9F0B54000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2075312751.000001E9F0B54000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2277414956.000001E9F0B54000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ciscobinary.openh264.org/openh264-linux32-2e1774ab6dc6c43debb0b5b628bdf122a391d521.zip
Source: firefox.exe, 00000005.00000003.2203592214.000001E9F0B54000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2075312751.000001E9F0B54000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2277414956.000001E9F0B54000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ciscobinary.openh264.org/openh264-linux64-2e1774ab6dc6c43debb0b5b628bdf122a391d521.zip
Source: firefox.exe, 00000005.00000003.2203592214.000001E9F0B54000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2075312751.000001E9F0B54000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2277414956.000001E9F0B54000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ciscobinary.openh264.org/openh264-macosx64-2e1774ab6dc6c43debb0b5b628bdf122a391d521-2.zip
Source: firefox.exe, 00000005.00000003.2203592214.000001E9F0B54000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2075312751.000001E9F0B54000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2277414956.000001E9F0B54000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ciscobinary.openh264.org/openh264-macosx64-aarch64-2e1774ab6dc6c43debb0b5b628bdf122a391d521-2
Source: firefox.exe, 00000005.00000003.2203592214.000001E9F0B54000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2075312751.000001E9F0B54000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2277414956.000001E9F0B54000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ciscobinary.openh264.org/openh264-win32-2e1774ab6dc6c43debb0b5b628bdf122a391d521.zip
Source: firefox.exe, 00000005.00000003.2203592214.000001E9F0B54000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2075312751.000001E9F0B54000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2277414956.000001E9F0B54000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ciscobinary.openh264.org/openh264-win64-2e1774ab6dc6c43debb0b5b628bdf122a391d521.zip
Source: firefox.exe, 00000005.00000003.2203592214.000001E9F0B54000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2075312751.000001E9F0B54000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2277414956.000001E9F0B54000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ciscobinary.openh264.org/openh264-win64-aarch64-2e1774ab6dc6c43debb0b5b628bdf122a391d521.zip
Source: firefox.exe, 00000005.00000003.2075919314.000001E9EECD5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1842936338.000001E9EECD5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://compose.mail.yahoo.co.jp/ym/Compose?To=%ss
Source: firefox.exe, 00000005.00000003.2079114380.000001E9F1900000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.5.drString found in binary or memory: http://crl.thawte.com/ThawteTimestampingCA.crl0
Source: firefox.exe, 00000005.00000003.2143925622.000001E9F0899000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2141470479.000001E9F088A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2141398041.000001E9F089A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2143379203.000001E9F0893000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2144531048.000001E9F089A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: firefox.exe, 00000005.00000003.2143379203.000001E9F0857000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2142106460.000001E9F0857000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2079114380.000001E9F1900000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2141470479.000001E9F088A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2070917393.000001E9F2FA3000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.5.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O
Source: firefox.exe, 00000005.00000003.2143925622.000001E9F0899000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2141470479.000001E9F088A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2143379203.000001E9F0893000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2144531048.000001E9F089A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: firefox.exe, 00000005.00000003.2143925622.000001E9F0899000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2141470479.000001E9F088A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2141398041.000001E9F089A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2143379203.000001E9F0893000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2144531048.000001E9F089A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: firefox.exe, 00000005.00000003.2147055831.000001E9F0881000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2143379203.000001E9F0857000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2145327172.000001E9F0881000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2079114380.000001E9F1900000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2141470479.000001E9F088A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2141398041.000001E9F089A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2070917393.000001E9F2FA3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2143379203.000001E9F0881000.00000004.00000020.00020000.00000000.sdmp, gmpopenh264.dll.tmp.5.drString found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05
Source: firefox.exe, 00000005.00000003.2143379203.000001E9F0857000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2142106460.000001E9F0857000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2079114380.000001E9F1900000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2141470479.000001E9F088A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2070917393.000001E9F2FA3000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.5.drString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: firefox.exe, 00000005.00000003.2147055831.000001E9F0881000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2143379203.000001E9F0857000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2145327172.000001E9F0881000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2141470479.000001E9F088A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2141398041.000001E9F089A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2143379203.000001E9F0881000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0K
Source: firefox.exe, 00000005.00000003.2079114380.000001E9F1900000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2070917393.000001E9F2FA3000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.5.drString found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0L
Source: firefox.exe, 00000005.00000003.2203804431.000001E9ECB69000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2202553127.000001E9F2E3E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://detectportal.firefox.com
Source: firefox.exe, 00000005.00000003.2075761671.000001E9EECFD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://detectportal.firefox.com/
Source: firefox.exe, 00000005.00000003.2203374404.000001E9F1354000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2277975151.000001E9ECBA3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.2914510518.0000028D05970000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2913477496.00000130C87B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2913641047.000002D8D7430000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: http://detectportal.firefox.com/canonical.html
Source: firefox.exe, 00000005.00000003.2203374404.000001E9F1354000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.2914510518.0000028D05970000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2913477496.00000130C87B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2913641047.000002D8D7430000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: http://detectportal.firefox.com/success.txt?ipv4
Source: firefox.exe, 00000005.00000003.2203374404.000001E9F1354000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.2914510518.0000028D05970000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2913477496.00000130C87B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2913641047.000002D8D7430000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: http://detectportal.firefox.com/success.txt?ipv6
Source: firefox.exe, 00000005.00000003.1887980483.000001E9EC48D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2130302315.000001E9EC48A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://exslt.org/common
Source: firefox.exe, 00000005.00000003.2130302315.000001E9EC481000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1888077375.000001E9EC481000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://exslt.org/dates-and-times
Source: firefox.exe, 00000005.00000003.1887980483.000001E9EC48D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2130302315.000001E9EC48A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://exslt.org/math
Source: firefox.exe, 00000005.00000003.2130302315.000001E9EC481000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1888077375.000001E9EC481000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://exslt.org/regular-expressions
Source: firefox.exe, 00000005.00000003.1887980483.000001E9EC48D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2130302315.000001E9EC48A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://exslt.org/sets
Source: firefox.exe, 00000005.00000003.2196132695.000001E9FA305000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://json-schema.org/draft-04/schema#
Source: firefox.exe, 00000005.00000003.2196132695.000001E9FA305000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://json-schema.org/draft-06/schema#
Source: firefox.exe, 00000005.00000003.2196132695.000001E9FA305000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://json-schema.org/draft-07/schema#-
Source: firefox.exe, 00000005.00000003.2196132695.000001E9FA305000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org
Source: firefox.exe, 00000005.00000003.2202553127.000001E9F2EE7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1838948272.000001E9F2FDA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1779508531.000001E9F3666000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2278478951.000001E9ECB0A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2275444831.000001E9F2EE7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2195249405.000001E9FA659000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2079399162.000001E9EDFF8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2124394438.000001E9F11EB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2074960341.000001E9F0C87000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2068068454.000001E9F3015000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2121898739.000001E9F11D2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2195249405.000001E9FA67A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1790378725.000001E9F4027000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2117753958.000001E9F12C3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1779508531.000001E9F3624000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2274479513.000001E9F34BB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2195249405.000001E9FA68F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1841465330.000001E9EDF18000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2124394438.000001E9F11FE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2204557289.000001E9FAAC8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1883492701.000001E9F4027000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/MPL/2.0/.
Source: firefox.exe, 00000005.00000003.2143925622.000001E9F0899000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2141470479.000001E9F088A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2141398041.000001E9F089A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2143379203.000001E9F0893000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2144531048.000001E9F089A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0A
Source: firefox.exe, 00000005.00000003.2143379203.000001E9F0857000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2142106460.000001E9F0857000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2143925622.000001E9F0899000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2079114380.000001E9F1900000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2141470479.000001E9F088A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2141398041.000001E9F089A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2070917393.000001E9F2FA3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2143379203.000001E9F0893000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2144531048.000001E9F089A000.00000004.00000020.00020000.00000000.sdmp, gmpopenh264.dll.tmp.5.drString found in binary or memory: http://ocsp.digicert.com0C
Source: firefox.exe, 00000005.00000003.2147055831.000001E9F0881000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2143379203.000001E9F0857000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2145327172.000001E9F0881000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2079114380.000001E9F1900000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2141470479.000001E9F088A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2141398041.000001E9F089A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2070917393.000001E9F2FA3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2143379203.000001E9F0881000.00000004.00000020.00020000.00000000.sdmp, gmpopenh264.dll.tmp.5.drString found in binary or memory: http://ocsp.digicert.com0N
Source: firefox.exe, 00000005.00000003.2143925622.000001E9F0899000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2141470479.000001E9F088A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2143379203.000001E9F0893000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2144531048.000001E9F089A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0X
Source: firefox.exe, 00000005.00000003.2079114380.000001E9F1900000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.5.drString found in binary or memory: http://ocsp.thawte.com0
Source: firefox.exe, 00000005.00000003.2075919314.000001E9EECD5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1842936338.000001E9EECD5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://poczta.interia.pl/mh/?mailto=%sw
Source: firefox.exe, 00000005.00000003.2268018169.000001E9F9B92000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2198784140.000001E9F9B84000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://r3.i.lencr.org/0
Source: firefox.exe, 00000005.00000003.2268018169.000001E9F9B92000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2198784140.000001E9F9B84000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://r3.i.lencr.org/0.
Source: firefox.exe, 00000005.00000003.2268018169.000001E9F9B92000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2198784140.000001E9F9B84000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://r3.o.lencr.org0
Source: firefox.exe, 00000005.00000003.2079114380.000001E9F1900000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2070917393.000001E9F2FA3000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.5.drString found in binary or memory: http://ts-aia.ws.symantec.com/tss-ca-g2.cer0
Source: firefox.exe, 00000005.00000003.2079114380.000001E9F1900000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2070917393.000001E9F2FA3000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.5.drString found in binary or memory: http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
Source: firefox.exe, 00000005.00000003.2079114380.000001E9F1900000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2070917393.000001E9F2FA3000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.5.drString found in binary or memory: http://ts-ocsp.ws.symantec.com07
Source: firefox.exe, 00000005.00000003.2075919314.000001E9EECD5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1842936338.000001E9EECD5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://win.mail.ru/cgi-bin/sentmsg?mailto=%sy
Source: firefox.exe, 00000005.00000003.2147055831.000001E9F0881000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2143379203.000001E9F0857000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2145327172.000001E9F0881000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2141470479.000001E9F088A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2141398041.000001E9F089A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2143379203.000001E9F0881000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.digicert.com/CPS0
Source: firefox.exe, 00000005.00000003.2335709775.000001E9EC176000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2335922500.000001E9EC176000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com
Source: firefox.exe, 00000005.00000003.2335922500.000001E9EC176000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers
Source: firefox.exe, 00000005.00000003.2075919314.000001E9EECD5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1842936338.000001E9EECD5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.inbox.lv/rfc2368/?value=%su
Source: firefox.exe, 00000005.00000003.2079114380.000001E9F1900000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.5.drString found in binary or memory: http://www.mozilla.com0
Source: firefox.exe, 00000005.00000003.2247627975.000001E9FB997000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.mozilla.org/2005/app-updatex
Source: firefox.exe, 00000005.00000003.1793143589.000001E9F2FBF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2071118371.000001E9F2F5A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1842430401.000001E9F0C0B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2073426685.000001E9F2F6A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1794174596.000001E9F1786000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1786076224.000001E9F30F4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul
Source: firefox.exe, 00000005.00000003.1839301059.000001E9F2FBF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1793143589.000001E9F2FBF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul8
Source: firefox.exe, 00000011.00000003.1787045150.00000130C93FC000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.1779512917.00000130C93FC000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.2919155685.00000130C93FC000.00000004.00000020.00020000.00000000.sdmp, mozilla-temp-41.5.drString found in binary or memory: http://www.videolan.org/x264.html
Source: firefox.exe, 00000005.00000003.2268018169.000001E9F9B92000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2198784140.000001E9F9B84000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://x1.c.lencr.org/0
Source: firefox.exe, 00000005.00000003.2268018169.000001E9F9B92000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2198784140.000001E9F9B84000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://x1.i.lencr.org/0
Source: firefox.exe, 0000000D.00000002.2914510518.0000028D05970000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2913477496.00000130C87B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2913641047.000002D8D7430000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://%LOCALE%.malware-error.mozilla.com/?url=
Source: firefox.exe, 0000000D.00000002.2914510518.0000028D05970000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2913477496.00000130C87B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2913641047.000002D8D7430000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://%LOCALE%.phish-error.mozilla.com/?url=
Source: firefox.exe, 0000000D.00000002.2914510518.0000028D05970000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2913477496.00000130C87B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2913641047.000002D8D7430000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://%LOCALE%.phish-report.mozilla.com/?url=
Source: firefox.exe, 00000005.00000003.2196445774.000001E9FA0BA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://MD8.mozilla.org/1/m
Source: firefox.exe, 00000005.00000003.1744468269.000001E9EE317000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1744994781.000001E9EE32C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1745590739.000001E9EE381000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1745454157.000001E9EE36C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1743913529.000001E9EE100000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1745294173.000001E9EE357000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1745156313.000001E9EE341000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ac.duckduckgo.com/ac/
Source: firefox.exe, 00000005.00000003.2203804431.000001E9ECB2C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1779508531.000001E9F36A4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1837560155.000001E9F36A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://account.bellmedia.c
Source: firefox.exe, 00000005.00000003.2191746105.000001E9FAD6C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.firefox.com
Source: firefox.exe, 00000005.00000003.2274035485.000001E9F3697000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2263457652.000001E9FADE3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2191120687.000001E9FADC6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.2914510518.0000028D05970000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2913477496.00000130C87B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2913641047.000002D8D7430000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://accounts.firefox.com/
Source: firefox.exe, 0000000D.00000002.2914510518.0000028D05970000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2913477496.00000130C87B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2913641047.000002D8D7430000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://accounts.firefox.com/settings/clients
Source: firefox.exe, 00000005.00000003.2277741138.000001E9ECBDF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2203804431.000001E9ECBDE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.firefox.comK
Source: firefox.exe, 00000005.00000003.2277975151.000001E9ECBA3000.00000004.00000800.00020000.00000000.sdmp, Session_13369690441613360.7.dr, 83625de1-c8a3-43d2-8a1c-23a41273cfa4.tmp.8.drString found in binary or memory: https://accounts.google.com
Source: firefox.exe, 00000005.00000003.2202151238.000001E9F343D000.00000004.00000800.00020000.00000000.sdmp, Session_13369690441613360.7.dr, 000003.log3.7.drString found in binary or memory: https://accounts.google.com/
Source: History.7.dr, Favicons.7.drString found in binary or memory: https://accounts.google.com/InteractiveLogin?continue=https://accounts.google.com/v3/signin/challeng
Source: recovery.jsonlz4.tmp.5.drString found in binary or memory: https://accounts.google.com/ServiceLogin?s
Source: firefox.exe, 0000000D.00000002.2913532188.0000028D0580A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/ServiceLogin?se
Source: Favicons.7.drString found in binary or memory: https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.co
Source: Session_13369690441613360.7.drString found in binary or memory: https://accounts.google.com/_/bscframe
Source: Favicons.7.drString found in binary or memory: https://accounts.google.com/favicon.ico
Source: firefox.exe, 00000005.00000003.2278375530.000001E9ECB36000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/v3/signin/challenge/pwd
Source: firefox.exe, 0000000D.00000002.2913532188.0000028D0580A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.2912585406.00000130C873A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/v3/signin/challenge/pwdMOZ_C
Source: file.exe, 00000000.00000003.1669980148.00000000015A0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1670865233.00000000015A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/v3/signin/challenge/pwdx
Source: Favicons.7.drString found in binary or memory: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Faccounts.google.com%2Fv3%2Fs
Source: firefox.exe, 00000005.00000003.2278517549.000001E9EC5F2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2075478363.000001E9F0626000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org
Source: firefox.exe, 00000005.00000003.2195567398.000001E9FA387000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/
Source: firefox.exe, 0000000D.00000002.2914510518.0000028D05970000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2913477496.00000130C87B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2913641047.000002D8D7430000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/%APP%/blocked-addon/%addonID%/%addonVersion%/
Source: firefox.exe, 0000000D.00000002.2914510518.0000028D05970000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2913477496.00000130C87B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2913641047.000002D8D7430000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/
Source: firefox.exe, 0000000D.00000002.2914510518.0000028D05970000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2913477496.00000130C87B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2913641047.000002D8D7430000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/language-tools/
Source: firefox.exe, 0000000D.00000002.2914510518.0000028D05970000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2913477496.00000130C87B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2913641047.000002D8D7430000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/search-engines/
Source: firefox.exe, 0000000D.00000002.2914510518.0000028D05970000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2913477496.00000130C87B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2913641047.000002D8D7430000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/search?q=%TERMS%&platform=%OS%&appver=%VERSION%
Source: firefox.exe, 0000000D.00000002.2914510518.0000028D05970000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2913477496.00000130C87B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2913641047.000002D8D7430000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/themes
Source: firefox.exe, 00000005.00000003.2263558365.000001E9FACD9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2191997004.000001E9FACD2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/firefox/addon/enhancer-for-youtube/
Source: firefox.exe, 00000005.00000003.2263558365.000001E9FACD9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2191997004.000001E9FACD2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/firefox/addon/facebook-container/
Source: firefox.exe, 00000005.00000003.2263558365.000001E9FACD9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2191997004.000001E9FACD2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/firefox/addon/reddit-enhancement-suite/
Source: firefox.exe, 00000005.00000003.2263558365.000001E9FACD9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2191997004.000001E9FACD2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/firefox/addon/to-google-translate/
Source: firefox.exe, 00000005.00000003.2263558365.000001E9FACD9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2191997004.000001E9FACD2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/firefox/addon/wikipedia-context-menu-search/
Source: firefox.exe, 00000005.00000003.2205834984.000001E9F26A1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2193864105.000001E9FAB7B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2263976392.000001E9FAB7B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ads-us.rd.linksynergy.com/as.php
Source: firefox.exe, 00000005.00000003.2072054023.000001E9F25AA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2072054023.000001E9F25F8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1841743049.000001E9F25F8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ads.stickyadstv.com/firefox-etp
Source: firefox.exe, 00000005.00000003.2198784140.000001E9F9B84000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://allegro.pl/
Source: firefox.exe, 00000005.00000003.1887088091.000001E9EDB05000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://amazon.com
Source: firefox.exe, 0000000D.00000002.2914510518.0000028D05970000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2913477496.00000130C87B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2913641047.000002D8D7430000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://api.accounts.firefox.com/v1
Source: firefox.exe, 0000000D.00000002.2914510518.0000028D05970000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2913477496.00000130C87B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2913641047.000002D8D7430000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://apps.apple.com/app/firefox-private-safe-browser/id989804926
Source: firefox.exe, 0000000D.00000002.2914510518.0000028D05970000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2913477496.00000130C87B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2913641047.000002D8D7430000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://apps.apple.com/us/app/firefox-private-network-vpn/id1489407738
Source: firefox.exe, 00000005.00000003.2075478363.000001E9F0651000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org
Source: firefox.exe, 00000005.00000003.2277414956.000001E9F0B6E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org/
Source: firefox.exe, 0000000D.00000002.2914510518.0000028D05970000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2913477496.00000130C87B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2913641047.000002D8D7430000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org/update/3/GMP/%VERSION%/%BUILD_ID%/%BUILD_TARGET%/%LOCALE%/%CHANNEL%/%OS_VER
Source: firefox.exe, 00000005.00000003.2076988081.000001E9EDB73000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org/update/3/GMP/118.0.1/20230927232528/WINNT_x86_64-msvc-x64/en-US/release/Win
Source: firefox.exe, 0000000D.00000002.2914510518.0000028D05970000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2913477496.00000130C87B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2913641047.000002D8D7430000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org/update/3/SystemAddons/%VERSION%/%BUILD_ID%/%BUILD_TARGET%/%LOCALE%/%CHANNEL
Source: firefox.exe, 00000005.00000003.2077114652.000001E9ECDF4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2264311366.000001E9FA752000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2198555051.000001E9F9BE6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2191120687.000001E9FADC6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org/update/6/Firefox/118.0.1/20230927232528/WINNT_x86_64-msvc-x64/en-US/release
Source: firefox.exe, 0000000D.00000002.2914510518.0000028D05970000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2913477496.00000130C87B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2913641047.000002D8D7430000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://blocked.cdn.mozilla.net/
Source: firefox.exe, 0000000D.00000002.2914510518.0000028D05970000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2913477496.00000130C87B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2913641047.000002D8D7430000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://blocked.cdn.mozilla.net/%blockID%.html
Source: firefox.exe, 00000005.00000003.1887088091.000001E9EDB05000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2130302315.000001E9EC4B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1843827330.000001E9EDB51000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1887817419.000001E9EC4B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.2914874948.0000028D05BCB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.2914064409.00000130C89F0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000002.2917723479.000002D8D7803000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.5.drString found in binary or memory: https://bridge.lga1.admarketplace.net/ctp?version=16.0.0&key=1696332238301000001.2&ci=1696332238417.
Source: firefox.exe, 00000005.00000003.1887088091.000001E9EDB05000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2130302315.000001E9EC4B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1843827330.000001E9EDB51000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1887817419.000001E9EC4B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.2914874948.0000028D05BCB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.2914064409.00000130C89F0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000002.2917723479.000002D8D7803000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.5.drString found in binary or memory: https://bridge.lga1.ap01.net/ctp?version=16.0.0&key=1696332238301000001.1&ci=1696332238417.12791&cta
Source: firefox.exe, 00000005.00000003.2194918535.000001E9FA7A3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1843277716.000001E9EE1A1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2191344423.000001E9FADB5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2191120687.000001E9FADC6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mo
Source: firefox.exe, 00000005.00000003.2128952615.000001E9FAEC9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2127543369.000001E9F12BE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2128998109.000001E9FAEDC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1189266
Source: firefox.exe, 00000005.00000003.2128952615.000001E9FAEC9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2128998109.000001E9FAEDC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1193802
Source: firefox.exe, 00000005.00000003.2128952615.000001E9FAEC9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1207993
Source: firefox.exe, 00000005.00000003.2128952615.000001E9FAEC9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1266220
Source: firefox.exe, 00000005.00000003.2128952615.000001E9FAEC9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2127543369.000001E9F12BE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2128998109.000001E9FAEDC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1283601
Source: firefox.exe, 00000005.00000003.2203804431.000001E9ECB30000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2278375530.000001E9ECB36000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1539075
Source: firefox.exe, 00000005.00000003.2203804431.000001E9ECB30000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2278375530.000001E9ECB36000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1584464
Source: firefox.exe, 00000005.00000003.2203804431.000001E9ECB30000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2278375530.000001E9ECB36000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1607439
Source: firefox.exe, 00000005.00000003.2203804431.000001E9ECB30000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2278375530.000001E9ECB36000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1616739
Source: firefox.exe, 00000005.00000003.2128952615.000001E9FAEC9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2127543369.000001E9F12BE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2128998109.000001E9FAEDC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1678448
Source: firefox.exe, 00000005.00000003.2128952615.000001E9FAEC9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2127543369.000001E9F12BE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=792480
Source: firefox.exe, 00000005.00000003.2128952615.000001E9FAEC9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=809550
Source: firefox.exe, 00000005.00000003.2128952615.000001E9FAEC9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=840161
Source: Reporting and NEL.7.drString found in binary or memory: https://bzib.nelreports.net/api/report?cat=bingbusiness
Source: Web Data.7.drString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
Source: Web Data.7.drString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: Network Persistent State0.7.drString found in binary or memory: https://chrome.cloudflare-dns.com
Source: manifest.json0.7.drString found in binary or memory: https://chrome.google.com/webstore/
Source: manifest.json0.7.drString found in binary or memory: https://chromewebstore.google.com/
Source: 83625de1-c8a3-43d2-8a1c-23a41273cfa4.tmp.8.drString found in binary or memory: https://clients2.google.com
Source: manifest.json.7.drString found in binary or memory: https://clients2.google.com/service/update2/crx
Source: 83625de1-c8a3-43d2-8a1c-23a41273cfa4.tmp.8.drString found in binary or memory: https://clients2.googleusercontent.com
Source: firefox.exe, 0000000D.00000002.2914510518.0000028D05970000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2913477496.00000130C87B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2913641047.000002D8D7430000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://color.firefox.com/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_content=theme-f
Source: firefox.exe, 00000005.00000003.2199557352.000001E9F36D3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1745590739.000001E9EE381000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1745454157.000001E9EE36C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1743913529.000001E9EE100000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1745294173.000001E9EE357000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1745156313.000001E9EE341000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://completion.amazon.com/search/complete?q=
Source: firefox.exe, 00000005.00000003.2267566706.000001E9F9FA4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://content-signature-2.cdn.mozilla.net
Source: firefox.exe, 00000005.00000003.2267566706.000001E9F9FA4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://content-signature-2.cdn.mozilla.net/
Source: firefox.exe, 00000005.00000003.2198555051.000001E9F9BE6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-202
Source: firefox.exe, 0000000D.00000002.2914510518.0000028D05970000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2913477496.00000130C87B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2913641047.000002D8D7430000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://content.cdn.mozilla.net
Source: firefox.exe, 00000005.00000003.1887088091.000001E9EDB05000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2130302315.000001E9EC4B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1843827330.000001E9EDB51000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1887817419.000001E9EC4B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.2914874948.0000028D05BCB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.2914064409.00000130C89F0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000002.2917723479.000002D8D7803000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.5.drString found in binary or memory: https://contile-images.services.mozilla.com/0TegrVVRalreHILhR2WvtD_CFzj13HCDcLqqpvXSOuY.10862.jpg
Source: firefox.exe, 00000005.00000003.1887088091.000001E9EDB05000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2130302315.000001E9EC4B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1843827330.000001E9EDB51000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1887817419.000001E9EC4B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.2914874948.0000028D05BCB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.2914064409.00000130C89F0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000002.2917723479.000002D8D7803000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.5.drString found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg
Source: firefox.exe, 00000005.00000003.2199070231.000001E9F9B5B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contile.services.mozilla.com
Source: firefox.exe, 00000005.00000003.2199070231.000001E9F9B5B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contile.services.mozilla.com/
Source: firefox.exe, 00000005.00000003.2198992249.000001E9F9B60000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.2914510518.0000028D05970000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2913477496.00000130C87B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2913641047.000002D8D7430000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://contile.services.mozilla.com/v1/tiles
Source: firefox.exe, 0000000D.00000002.2914510518.0000028D05970000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2913477496.00000130C87B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2913641047.000002D8D7430000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://coverage.mozilla.org
Source: firefox.exe, 0000000D.00000002.2914510518.0000028D05970000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2913477496.00000130C87B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2913641047.000002D8D7430000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://crash-stats.mozilla.org/report/index/
Source: Reporting and NEL.7.drString found in binary or memory: https://csp.withgoogle.com/csp/report-to/AccountsSignInUi
Source: Reporting and NEL.7.drString found in binary or memory: https://csp.withgoogle.com/csp/report-to/apps-themes
Source: Reporting and NEL.7.drString found in binary or memory: https://csp.withgoogle.com/csp/report-to/boq-infra/identity-boq-js-css-signers
Source: Reporting and NEL.7.drString found in binary or memory: https://csp.withgoogle.com/csp/report-to/static-on-bigtable
Source: firefox.exe, 0000000D.00000002.2914510518.0000028D05970000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2913477496.00000130C87B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2913641047.000002D8D7430000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://dap-02.api.divviup.org
Source: firefox.exe, 00000005.00000003.2205834984.000001E9F26A1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2193864105.000001E9FAB7B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2195868070.000001E9FA342000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2263976392.000001E9FAB7B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://datastudio.google.com/embed/reporting/
Source: firefox.exe, 00000005.00000003.2278517549.000001E9EC5C0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1887670152.000001E9EC5C5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/en-US/docs/Glossary/speculative_parsingDocumentWriteIgnored
Source: firefox.exe, 0000000D.00000002.2914510518.0000028D05970000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2913477496.00000130C87B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2913641047.000002D8D7430000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://developers.google.com/safe-browsing/v4/advisory
Source: manifest.json.7.drString found in binary or memory: https://docs.google.com/
Source: manifest.json.7.drString found in binary or memory: https://drive-autopush.corp.google.com/
Source: manifest.json.7.drString found in binary or memory: https://drive-daily-0.corp.google.com/
Source: manifest.json.7.drString found in binary or memory: https://drive-daily-1.corp.google.com/
Source: manifest.json.7.drString found in binary or memory: https://drive-daily-2.corp.google.com/
Source: manifest.json.7.drString found in binary or memory: https://drive-daily-3.corp.google.com/
Source: manifest.json.7.drString found in binary or memory: https://drive-daily-4.corp.google.com/
Source: manifest.json.7.drString found in binary or memory: https://drive-daily-5.corp.google.com/
Source: manifest.json.7.drString found in binary or memory: https://drive-daily-6.corp.google.com/
Source: manifest.json.7.drString found in binary or memory: https://drive-preprod.corp.google.com/
Source: manifest.json.7.drString found in binary or memory: https://drive-staging.corp.google.com/
Source: manifest.json.7.drString found in binary or memory: https://drive.google.com/
Source: firefox.exe, 00000005.00000003.1887088091.000001E9EDB05000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com
Source: firefox.exe, 00000005.00000003.1744468269.000001E9EE317000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2073647116.000001E9F258B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2123744943.000001E9FA9F7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1744994781.000001E9EE32C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1745590739.000001E9EE381000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1884719246.000001E9F258B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1745454157.000001E9EE36C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1743913529.000001E9EE100000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1745294173.000001E9EE357000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1745156313.000001E9EE341000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/
Source: firefox.exe, 00000005.00000003.2278517549.000001E9EC5FD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/?t=ffab&q=
Source: Web Data.7.drString found in binary or memory: https://duckduckgo.com/ac/?q=
Source: Web Data.7.drString found in binary or memory: https://duckduckgo.com/chrome_newtab
Source: Web Data.7.drString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
Source: firefox.exe, 00000005.00000003.2100297579.000001E9F9C54000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/y
Source: firefox.exe, 00000005.00000003.2042261128.000001E9F0534000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2075919314.000001E9EECD5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1842936338.000001E9EECD5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1747120982.000001E9F0533000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://e.mail.ru/cgi-bin/sentmsg?mailto=%s
Source: firefox.exe, 00000005.00000003.2075919314.000001E9EECD5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1842936338.000001E9EECD5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://e.mail.ru/cgi-bin/sentmsg?mailto=%sz
Source: firefox.exe, 00000005.00000003.2075919314.000001E9EECD5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1842936338.000001E9EECD5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://e.mail.ru/cgi-bin/sentmsg?mailto=%szw
Source: 000003.log1.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/arbitration_priority_list/4.0.5/asset?assetgroup=Arbit
Source: 000003.log0.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/domains_config_gz/2.8.76/asset?assetgroup=EntityExtrac
Source: HubApps Icons.7.dr, 065580ab-c5f8-4d6e-8c08-76ffa057f7b2.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_M365_light.png/1.7.32/asset
Source: 065580ab-c5f8-4d6e-8c08-76ffa057f7b2.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_action_center_hc.png/1.2.1/asset
Source: 065580ab-c5f8-4d6e-8c08-76ffa057f7b2.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_action_center_maximal_dark.png/1.2.1/ass
Source: 065580ab-c5f8-4d6e-8c08-76ffa057f7b2.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_action_center_maximal_light.png/1.2.1/as
Source: 065580ab-c5f8-4d6e-8c08-76ffa057f7b2.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_active_dark.png/1.1.17/asset
Source: 065580ab-c5f8-4d6e-8c08-76ffa057f7b2.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_active_dark.png/1.6.8/asset
Source: 065580ab-c5f8-4d6e-8c08-76ffa057f7b2.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_active_light.png/1.1.17/asset
Source: 065580ab-c5f8-4d6e-8c08-76ffa057f7b2.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_active_light.png/1.6.8/asset
Source: 065580ab-c5f8-4d6e-8c08-76ffa057f7b2.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_hc.png/1.1.17/asset
Source: 065580ab-c5f8-4d6e-8c08-76ffa057f7b2.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_hc.png/1.6.8/asset
Source: HubApps Icons.7.dr, 065580ab-c5f8-4d6e-8c08-76ffa057f7b2.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_edrop_maximal_light.png/1.1.12/asset
Source: 065580ab-c5f8-4d6e-8c08-76ffa057f7b2.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_hc.png/1.7.1/asset
Source: 065580ab-c5f8-4d6e-8c08-76ffa057f7b2.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_hc_controller.png/1.7.1/asset
Source: 065580ab-c5f8-4d6e-8c08-76ffa057f7b2.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_hc_joystick.png/1.7.1/asset
Source: 065580ab-c5f8-4d6e-8c08-76ffa057f7b2.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_maximal_dark.png/1.7.1/asset
Source: 065580ab-c5f8-4d6e-8c08-76ffa057f7b2.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_maximal_dark_controller.png/1.7.1/
Source: 065580ab-c5f8-4d6e-8c08-76ffa057f7b2.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_maximal_dark_joystick.png/1.7.1/as
Source: HubApps Icons.7.dr, 065580ab-c5f8-4d6e-8c08-76ffa057f7b2.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_maximal_light.png/1.7.1/asset
Source: 065580ab-c5f8-4d6e-8c08-76ffa057f7b2.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_maximal_light_controller.png/1.7.1
Source: 065580ab-c5f8-4d6e-8c08-76ffa057f7b2.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_maximal_light_joystick.png/1.7.1/a
Source: 065580ab-c5f8-4d6e-8c08-76ffa057f7b2.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_history_hc.png/0.1.3/asset
Source: 065580ab-c5f8-4d6e-8c08-76ffa057f7b2.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_history_maximal_dark.png/0.1.3/asset
Source: 065580ab-c5f8-4d6e-8c08-76ffa057f7b2.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_history_maximal_light.png/0.1.3/asset
Source: 000003.log1.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_manifest_gz/4.7.107/asset?assetgroup=Sho
Source: HubApps Icons.7.dr, 065580ab-c5f8-4d6e-8c08-76ffa057f7b2.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_outlook_light.png/1.9.10/asset
Source: 065580ab-c5f8-4d6e-8c08-76ffa057f7b2.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_search_hc.png/1.3.6/asset
Source: 065580ab-c5f8-4d6e-8c08-76ffa057f7b2.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_search_maximal_dark.png/1.3.6/asset
Source: HubApps Icons.7.dr, 065580ab-c5f8-4d6e-8c08-76ffa057f7b2.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_search_maximal_light.png/1.3.6/asset
Source: 065580ab-c5f8-4d6e-8c08-76ffa057f7b2.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_dark.png/1.4.0/asset
Source: 065580ab-c5f8-4d6e-8c08-76ffa057f7b2.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_dark.png/1.5.13/asset
Source: 065580ab-c5f8-4d6e-8c08-76ffa057f7b2.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_hc.png/1.4.0/asset
Source: 065580ab-c5f8-4d6e-8c08-76ffa057f7b2.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_hc.png/1.5.13/asset
Source: 065580ab-c5f8-4d6e-8c08-76ffa057f7b2.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_light.png/1.4.0/asset
Source: 065580ab-c5f8-4d6e-8c08-76ffa057f7b2.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_light.png/1.5.13/asset
Source: 065580ab-c5f8-4d6e-8c08-76ffa057f7b2.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_shopping_hc.png/1.4.0/asset
Source: 065580ab-c5f8-4d6e-8c08-76ffa057f7b2.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_shopping_maximal_dark.png/1.4.0/asset
Source: HubApps Icons.7.dr, 065580ab-c5f8-4d6e-8c08-76ffa057f7b2.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_shopping_maximal_light.png/1.4.0/asset
Source: 065580ab-c5f8-4d6e-8c08-76ffa057f7b2.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_toolbox_hc.png/1.5.13/asset
Source: 065580ab-c5f8-4d6e-8c08-76ffa057f7b2.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_toolbox_maximal_dark.png/1.5.13/asset
Source: HubApps Icons.7.dr, 065580ab-c5f8-4d6e-8c08-76ffa057f7b2.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_toolbox_maximal_light.png/1.5.13/asset
Source: firefox.exe, 00000005.00000003.2042261128.000001E9F0534000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2075919314.000001E9EECD5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1842936338.000001E9EECD5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1747120982.000001E9F0533000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://email.seznam.cz/newMessageScreen?mailto=%s
Source: firefox.exe, 00000005.00000003.1887088091.000001E9EDB05000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2202553127.000001E9F2ECC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2275444831.000001E9F2ECC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.2914064409.00000130C8912000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000002.2914464009.000002D8D7613000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox-api-proxy.cdn.mozilla.net/
Source: firefox.exe, 00000005.00000003.2101636032.000001E9FA152000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2102254078.000001E9FA151000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox-settings-attachments.cdn.mozilla.net/main-workspace/ms-images/706c7a85-cf23-442e-8a9
Source: firefox.exe, 0000000D.00000002.2914510518.0000028D05970000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2913477496.00000130C87B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2913641047.000002D8D7430000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://firefox-source-docs.mozilla.org/networking/dns/trr-skip-reasons.html#
Source: firefox.exe, 00000005.00000003.2278517549.000001E9EC5F2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox.settings.services.mozilla.com
Source: firefox.exe, 00000005.00000003.2278517549.000001E9EC5F2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox.settings.services.mozilla.com/
Source: firefox.exe, 00000005.00000003.2277852568.000001E9ECBCC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2203804431.000001E9ECBCA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/
Source: firefox.exe, 00000005.00000003.2077114652.000001E9ECDF4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox.settings.services.mozilla.com/v1/buckets/monitor/collections/changes/changeset?_expe
Source: 83625de1-c8a3-43d2-8a1c-23a41273cfa4.tmp.8.drString found in binary or memory: https://fonts.gstatic.com
Source: firefox.exe, 00000005.00000003.1886988630.000001E9EDB20000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2076284862.000001E9EEC48000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1843050761.000001E9EEC48000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://fpn.firefox.com
Source: firefox.exe, 00000005.00000003.2195567398.000001E9FA387000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://fpn.firefox.com/
Source: firefox.exe, 0000000D.00000002.2914510518.0000028D05970000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2913477496.00000130C87B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2913641047.000002D8D7430000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://fpn.firefox.com/browser?utm_source=firefox-desktop&utm_medium=referral&utm_campaign=about-pr
Source: firefox.exe, 0000000D.00000002.2914510518.0000028D05970000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2913477496.00000130C87B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2913641047.000002D8D7430000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://ftp.mozilla.org/pub/labs/devtools/adb-extension/#OS#/adb-extension-latest-#OS#.xpi
Source: firefox.exe, 00000005.00000003.1887088091.000001E9EDB05000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2202553127.000001E9F2ECC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2275444831.000001E9F2ECC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.2914064409.00000130C8912000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000002.2914464009.000002D8D7613000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.cdn.mozilla.net/
Source: firefox.exe, 00000019.00000002.2914464009.000002D8D76C8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.cdn.mozilla.net/v3/firefox/global-recs?version=3&consumer_key=$apiKey&locale_lang=
Source: firefox.exe, 00000019.00000002.2914464009.000002D8D76C8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.cdn.mozilla.net/v3/firefox/trending-topics?version=2&consumer_key=$apiKey&locale_l
Source: firefox.exe, 00000005.00000003.1887088091.000001E9EDB05000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2273526101.000001E9F47A4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.2914064409.00000130C892F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000002.2914464009.000002D8D7630000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.cdn.mozilla.net/v3/newtab/layout?version=1&consumer_key=$apiKey&layout_variant=bas
Source: firefox.exe, 00000005.00000003.1887088091.000001E9EDB05000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.cdn.mozilla.net/v3/newtab/layout?version=1&consumer_key=40249-e88c401e1b1f2242d9e4
Source: firefox.exe, 00000005.00000003.1887088091.000001E9EDB05000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/career?utm_source=pocket-newtab
Source: firefox.exe, 00000005.00000003.2199252121.000001E9F9B1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/career?utm_source=pocket-newtabL
Source: firefox.exe, 00000005.00000003.1887088091.000001E9EDB05000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/entertainment?utm_source=pocket-newtab
Source: firefox.exe, 00000005.00000003.2199252121.000001E9F9B1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/entertainment?utm_source=pocket-newtabC
Source: firefox.exe, 00000005.00000003.1887088091.000001E9EDB05000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/food?utm_source=pocket-newtab
Source: firefox.exe, 00000005.00000003.2199252121.000001E9F9B1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/food?utm_source=pocket-newtabA
Source: firefox.exe, 00000005.00000003.1887088091.000001E9EDB05000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/health?utm_source=pocket-newtab
Source: firefox.exe, 00000005.00000003.2199252121.000001E9F9B1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/health?utm_source=pocket-newtabE
Source: firefox.exe, 00000005.00000003.1887088091.000001E9EDB05000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/science?utm_source=pocket-newtab
Source: firefox.exe, 00000005.00000003.2199252121.000001E9F9B1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/science?utm_source=pocket-newtabG
Source: firefox.exe, 00000005.00000003.1887088091.000001E9EDB05000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/self-improvement?utm_source=pocket-newtab
Source: firefox.exe, 00000005.00000003.2199252121.000001E9F9B1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/self-improvement?utm_source=pocket-newtab?
Source: firefox.exe, 00000005.00000003.1887088091.000001E9EDB05000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/technology?utm_source=pocket-newtab
Source: firefox.exe, 00000005.00000003.2199252121.000001E9F9B1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/technology?utm_source=pocket-newtabN
Source: firefox.exe, 00000019.00000002.2914464009.000002D8D76C8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/trending?src=fx_new_tab
Source: firefox.exe, 00000005.00000003.1887088091.000001E9EDB05000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore?utm_source=pocket-newtab
Source: firefox.exe, 00000005.00000003.2199252121.000001E9F9B1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore?utm_source=pocket-newtabI
Source: firefox.exe, 00000005.00000003.2203804431.000001E9ECBEA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/firefox/new_tab_learn_more
Source: firefox.exe, 00000005.00000003.2199252121.000001E9F9B1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/firefox/new_tab_learn_more/
Source: firefox.exe, 00000019.00000002.2914464009.000002D8D76C8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/recommendations
Source: firefox.exe, 00000005.00000003.2278291574.000001E9ECB3F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/cfworker
Source: firefox.exe, 00000005.00000003.1744468269.000001E9EE317000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1744994781.000001E9EE32C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1745454157.000001E9EE36C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1743913529.000001E9EE100000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1745294173.000001E9EE357000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1745156313.000001E9EE341000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/mozilla-services/screenshots
Source: firefox.exe, 00000005.00000003.2203804431.000001E9ECB30000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2278375530.000001E9ECB36000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/w3c/csswg-drafts/blob/master/css-grid-2/MASONRY-EXPLAINER.md
Source: firefox.exe, 00000005.00000003.2203804431.000001E9ECB30000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2278375530.000001E9ECB36000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/w3c/csswg-drafts/issues/4650
Source: firefox.exe, 00000005.00000003.2273488440.000001E9F47BB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/zertosh/loose-envify)
Source: firefox.exe, 00000005.00000003.2277975151.000001E9ECBA3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2202553127.000001E9F2E3E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google.com
Source: firefox.exe, 00000005.00000003.2275444831.000001E9F2E80000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1839769343.000001E9F2E80000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2203592214.000001E9F0B1F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1793326442.000001E9F2E80000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2071201402.000001E9F2E80000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2202553127.000001E9F2E80000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2277414956.000001E9F0B1F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google.com/
Source: firefox.exe, 00000005.00000003.1793143589.000001E9F2FBF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1839275659.000001E9F2FCD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google.comp
Source: firefox.exe, 00000005.00000003.2203804431.000001E9ECB30000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2278375530.000001E9ECB36000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://gpuweb.github.io/gpuweb/
Source: firefox.exe, 0000000D.00000002.2914510518.0000028D05970000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2913477496.00000130C87B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2913641047.000002D8D7430000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://helper1.dap.cloudflareresearch.com/v02
Source: firefox.exe, 00000005.00000003.2196132695.000001E9FA305000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2125769426.000001E9FA9CE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2126943675.000001E9FA9CE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2195868070.000001E9FA342000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ib.absa.co.za/
Source: firefox.exe, 0000000D.00000002.2914510518.0000028D05970000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2913477496.00000130C87B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2913641047.000002D8D7430000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://ideas.mozilla.org/
Source: firefox.exe, 00000005.00000003.2191951992.000001E9FAD44000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://identity.mozilla.com/apps/oldsyncS
Source: firefox.exe, 00000005.00000003.2264311366.000001E9FA752000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://identity.mozilla.com/apps/relay
Source: firefox.exe, 00000005.00000003.2191951992.000001E9FAD44000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://identity.mozilla.com/cmd/H
Source: firefox.exe, 00000005.00000003.2191951992.000001E9FAD44000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://identity.mozilla.com/cmd/HCX
Source: firefox.exe, 00000005.00000003.2191951992.000001E9FAD44000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://identity.mozilla.com/ids/ecosystem_telemetryU
Source: firefox.exe, 00000005.00000003.2191951992.000001E9FAD44000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://identity.mozilla.com/ids/ecosystem_telemetryUFj
Source: prefs-1.js.5.drString found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4QqmfZfYfQfafZbXfpbWfpbX7ReNxR3UIG8zInwYIFIVs9eYi
Source: firefox.exe, 00000005.00000003.2203374404.000001E9F1354000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.2914510518.0000028D05970000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2913477496.00000130C87B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2913641047.000002D8D7430000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org
Source: firefox.exe, 00000005.00000003.1887088091.000001E9EDB05000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.2914064409.00000130C89AD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000002.2914464009.000002D8D76F4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submit
Source: firefox.exe, 00000005.00000003.2192122090.000001E9FACBB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2203804431.000001E9ECB9D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2277975151.000001E9ECBA3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submit/firefox-desktop/events/1/e9fb1f02-cc02-4571-939f-f121d
Source: firefox.exe, 00000005.00000003.2277852568.000001E9ECBCC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2203804431.000001E9ECBCA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submit/firefox-desktop/messaging-system/1/a5d6ec76-765c-4778-
Source: firefox.exe, 00000005.00000003.2190556685.000001E9FB08E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2203804431.000001E9ECBCA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submit/firefox-desktop/metrics/1/df581eb4-6580-4de6-a531-5a8d
Source: firefox.exe, 00000005.00000003.2205834984.000001E9F26A1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2196255896.000001E9FA2CA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submit/messaging-system/undesired-events/1/71207573-15c8-4a4e
Source: firefox.exe, 00000005.00000003.2205834984.000001E9F26A1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2275959383.000001E9F17F4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2196255896.000001E9FA2CA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submit/messaging-system/undesired-events/1/d15d3bcf-cc2c-400a
Source: firefox.exe, 0000000D.00000002.2914510518.0000028D05970000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2913477496.00000130C87B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2913641047.000002D8D7430000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://install.mozilla.org
Source: firefox.exe, 00000005.00000003.2198654074.000001E9F9BC7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://json-schema.org/draft/2019-09/schema
Source: firefox.exe, 00000005.00000003.2196132695.000001E9FA305000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://json-schema.org/draft/2019-09/schema.
Source: firefox.exe, 00000005.00000003.2196132695.000001E9FA305000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://json-schema.org/draft/2019-09/schema./
Source: firefox.exe, 00000005.00000003.2196132695.000001E9FA305000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://json-schema.org/draft/2020-12/schema/
Source: firefox.exe, 00000005.00000003.2196132695.000001E9FA305000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://json-schema.org/draft/2020-12/schema/=
Source: firefox.exe, 00000005.00000003.2130302315.000001E9EC4D9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://location.services.mozilla.com
Source: firefox.exe, 00000005.00000003.1793931753.000001E9F18DD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://location.services.mozilla.com/
Source: firefox.exe, 0000000D.00000002.2914510518.0000028D05970000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2913477496.00000130C87B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2913641047.000002D8D7430000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://location.services.mozilla.com/v1/country?key=%MOZILLA_API_KEY%
Source: firefox.exe, 00000005.00000003.1793931753.000001E9F18DD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://location.services.mozilla.com/v1/country?key=7e40f68c-7938-4c5d-9f95-e61647c213eb
Source: firefox.exe, 00000005.00000003.1787106032.000001E9F18DD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1793931753.000001E9F18DD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://location.services.mozilla.com/v1/country?key=7e40f68c-7938-4c5d-9f95-e61647c213ebx
Source: firefox.exe, 00000005.00000003.2102216394.000001E9FA183000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2203804431.000001E9ECB2C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1779508531.000001E9F36A4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1837560155.000001E9F36A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://login.live.com
Source: firefox.exe, 00000005.00000003.1792251419.000001E9F30DD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1786076224.000001E9F30DD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2203804431.000001E9ECB2C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1779508531.000001E9F36A4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1837560155.000001E9F36A4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1884297754.000001E9F30DD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://login.microsoftonline.com
Source: firefox.exe, 00000005.00000003.2205834984.000001E9F26A1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2194003996.000001E9FAB44000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2193864105.000001E9FAB7B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2263976392.000001E9FAB7B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lookerstudio.google.com/embed/reporting/
Source: firefox.exe, 00000005.00000003.2042261128.000001E9F0534000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2075919314.000001E9EECD5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1842936338.000001E9EECD5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1747120982.000001E9F0533000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.google.com/mail/?extsrc=mailto&url=%s
Source: firefox.exe, 00000005.00000003.2042261128.000001E9F0534000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2075919314.000001E9EECD5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1842936338.000001E9EECD5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1747120982.000001E9F0533000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.inbox.lv/compose?to=%s
Source: firefox.exe, 00000005.00000003.2075919314.000001E9EECD5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1842936338.000001E9EECD5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.inbox.lv/compose?to=%sv
Source: firefox.exe, 00000005.00000003.2042261128.000001E9F0534000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2075919314.000001E9EECD5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1842936338.000001E9EECD5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1747120982.000001E9F0533000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.yahoo.co.jp/compose/?To=%s
Source: firefox.exe, 00000005.00000003.2075919314.000001E9EECD5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1842936338.000001E9EECD5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.yahoo.co.jp/compose/?To=%st
Source: firefox.exe, 0000000D.00000002.2914874948.0000028D05B72000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.2914064409.00000130C898B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000002.2914464009.000002D8D7687000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://merino.services.mozilla.com/api/v1/suggest
Source: firefox.exe, 0000000D.00000002.2914874948.0000028D05B72000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://merino.services.mozilla.com/api/v1/suggestabout
Source: firefox.exe, 0000000D.00000002.2914510518.0000028D05970000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2913477496.00000130C87B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2913641047.000002D8D7430000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://mitmdetection.services.mozilla.com/
Source: firefox.exe, 00000005.00000003.2278517549.000001E9EC5F2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2077229833.000001E9ECDCA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1887271129.000001E9ECDCA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com
Source: firefox.exe, 00000005.00000003.2195567398.000001E9FA387000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/
Source: firefox.exe, 0000000D.00000002.2914510518.0000028D05970000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2913477496.00000130C87B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2913641047.000002D8D7430000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/?entrypoint=protection_report_monitor&utm_source=about-protections
Source: firefox.exe, 0000000D.00000002.2914510518.0000028D05970000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2913477496.00000130C87B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2913641047.000002D8D7430000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/about
Source: firefox.exe, 0000000D.00000002.2914510518.0000028D05970000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2913477496.00000130C87B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2913641047.000002D8D7430000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/breach-details/
Source: firefox.exe, 0000000D.00000002.2914510518.0000028D05970000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2913477496.00000130C87B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2913641047.000002D8D7430000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/oauth/init?entrypoint=protection_report_monitor&utm_source=about-protect
Source: firefox.exe, 0000000D.00000002.2914510518.0000028D05970000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2913477496.00000130C87B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2913641047.000002D8D7430000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/user/breach-stats?includeResolved=true
Source: firefox.exe, 0000000D.00000002.2914510518.0000028D05970000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2913477496.00000130C87B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2913641047.000002D8D7430000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/user/dashboard
Source: firefox.exe, 0000000D.00000002.2914510518.0000028D05970000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2913477496.00000130C87B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2913641047.000002D8D7430000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/user/preferences
Source: firefox.exe, 0000000D.00000002.2914510518.0000028D05970000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2913477496.00000130C87B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2913641047.000002D8D7430000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://mozilla-ohttp-fakespot.fastly-edge.com/
Source: firefox.exe, 0000000D.00000002.2914510518.0000028D05970000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2913477496.00000130C87B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2913641047.000002D8D7430000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://mozilla.cloudflare-dns.com/dns-query
Source: firefox.exe, 00000005.00000003.2147055831.000001E9F0881000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2143379203.000001E9F0857000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2142106460.000001E9F0857000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2145327172.000001E9F0881000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2141470479.000001E9F088A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2143379203.000001E9F0881000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://mozilla.org0/
Source: firefox.exe, 0000000D.00000002.2914510518.0000028D05970000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2913477496.00000130C87B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2913641047.000002D8D7430000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://normandy.cdn.mozilla.net/api/v1
Source: firefox.exe, 0000000D.00000002.2914510518.0000028D05970000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2913477496.00000130C87B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2913641047.000002D8D7430000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://oauth.accounts.firefox.com/v1
Source: firefox.exe, 00000005.00000003.2042261128.000001E9F0534000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2075919314.000001E9EECD5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1842936338.000001E9EECD5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1747120982.000001E9F0533000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://outlook.live.com/default.aspx?rru=compose&to=%s
Source: 83625de1-c8a3-43d2-8a1c-23a41273cfa4.tmp.8.drString found in binary or memory: https://play.google.com
Source: firefox.exe, 0000000D.00000002.2914510518.0000028D05970000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2913477496.00000130C87B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2913641047.000002D8D7430000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://play.google.com/store/apps/details?id=org.mozilla.firefox&referrer=utm_source%3Dprotection_r
Source: firefox.exe, 0000000D.00000002.2914510518.0000028D05970000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2913477496.00000130C87B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2913641047.000002D8D7430000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://play.google.com/store/apps/details?id=org.mozilla.firefox.vpn&referrer=utm_source%3Dfirefox-
Source: firefox.exe, 00000005.00000003.2042261128.000001E9F0534000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2075919314.000001E9EECD5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1842936338.000001E9EECD5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1747120982.000001E9F0533000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://poczta.interia.pl/mh/?mailto=%s
Source: firefox.exe, 00000005.00000003.2075919314.000001E9EECD5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1842936338.000001E9EECD5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://poczta.interia.pl/mh/?mailto=%sx
Source: firefox.exe, 0000000D.00000002.2914510518.0000028D05970000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2913477496.00000130C87B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2913641047.000002D8D7430000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://prod.ohttp-gateway.prod.webservices.mozgcp.net/ohttp-configs
Source: firefox.exe, 0000000D.00000002.2914510518.0000028D05970000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2913477496.00000130C87B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2913641047.000002D8D7430000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://profile.accounts.firefox.com/v1
Source: firefox.exe, 0000000D.00000002.2914510518.0000028D05970000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2913477496.00000130C87B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2913641047.000002D8D7430000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://profiler.firefox.com
Source: firefox.exe, 00000005.00000003.1843050761.000001E9EEC59000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://profiler.firefox.com/
Source: firefox.exe, 00000005.00000003.2264311366.000001E9FA709000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://push.services.mozilla.com
Source: firefox.exe, 00000005.00000003.2267566706.000001E9F9FA4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://push.services.mozilla.com/
Source: firefox.exe, 00000005.00000003.2075312751.000001E9F0B6E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://redirector.gvt1.com
Source: firefox.exe, 00000005.00000003.2075103922.000001E9F0BFA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://redirector.gvt1.com/
Source: firefox.exe, 00000005.00000003.2076482413.000001E9EDB83000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://redirector.gvt1.com/edgedl/widevine-cdm/4.10.2557.0-linux-x64.zip
Source: firefox.exe, 00000005.00000003.2076482413.000001E9EDB83000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://redirector.gvt1.com/edgedl/widevine-cdm/4.10.2557.0-mac-arm64.zip
Source: firefox.exe, 00000005.00000003.2076482413.000001E9EDB83000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://redirector.gvt1.com/edgedl/widevine-cdm/4.10.2557.0-mac-x64.zip
Source: firefox.exe, 00000005.00000003.2076482413.000001E9EDB83000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://redirector.gvt1.com/edgedl/widevine-cdm/4.10.2557.0-win-arm64.zip
Source: firefox.exe, 00000005.00000003.2074960341.000001E9F0C87000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2076482413.000001E9EDB83000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://redirector.gvt1.com/edgedl/widevine-cdm/4.10.2557.0-win-x64.zip
Source: firefox.exe, 00000005.00000003.2076482413.000001E9EDB83000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://redirector.gvt1.com/edgedl/widevine-cdm/4.10.2557.0-win-x86.zip
Source: firefox.exe, 00000005.00000003.2273488440.000001E9F47BB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://redux.js.org/api-reference/store#subscribe(listener)
Source: firefox.exe, 0000000D.00000002.2914510518.0000028D05970000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2913477496.00000130C87B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2913641047.000002D8D7430000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://relay.firefox.com/accounts/profile/?utm_medium=firefox-desktop&utm_source=modal&utm_campaign
Source: firefox.exe, 0000000D.00000002.2914510518.0000028D05970000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2913477496.00000130C87B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2913641047.000002D8D7430000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://relay.firefox.com/api/v1/
Source: firefox.exe, 0000000D.00000002.2914510518.0000028D05970000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2913477496.00000130C87B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2913641047.000002D8D7430000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.google.com/safebrowsing/diagnostic?site=
Source: firefox.exe, 0000000D.00000002.2914510518.0000028D05970000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2913477496.00000130C87B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2913641047.000002D8D7430000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.google.com/safebrowsing/downloads?client=SAFEBROWSING_ID&appver=%MAJOR_VERSION%
Source: firefox.exe, 00000005.00000003.2198555051.000001E9F9BE6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://safebrowsing.google.com/safebrowsing/downloads?client=SAFEBROWSING_ID&appver=118.0&pver=2.2&
Source: firefox.exe, 0000000D.00000002.2914510518.0000028D05970000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2913477496.00000130C87B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2913641047.000002D8D7430000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.google.com/safebrowsing/gethash?client=SAFEBROWSING_ID&appver=%MAJOR_VERSION%&p
Source: firefox.exe, 00000005.00000003.2195567398.000001E9FA390000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://safebrowsing.google.com/safebrowsing/gethash?client=SAFEBROWSING_ID&appver=118.0&pver=2.2
Source: firefox.exe, 0000000D.00000002.2914510518.0000028D05970000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2913477496.00000130C87B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2913641047.000002D8D7430000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.googleapis.com/v4/fullHashes:find?$ct=application/x-protobuf&key=%GOOGLE_SAFEBR
Source: firefox.exe, 00000005.00000003.2198555051.000001E9F9BE6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://safebrowsing.googleapis.com/v4/fullHashes:find?$ct=application/x-protobuf&key=AIzaSyC7jsptDS
Source: firefox.exe, 0000000D.00000002.2914510518.0000028D05970000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2913477496.00000130C87B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2913641047.000002D8D7430000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.googleapis.com/v4/threatHits?$ct=application/x-protobuf&key=%GOOGLE_SAFEBROWSIN
Source: firefox.exe, 0000000D.00000002.2914510518.0000028D05970000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2913477496.00000130C87B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2913641047.000002D8D7430000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.googleapis.com/v4/threatListUpdates:fetch?$ct=application/x-protobuf&key=%GOOGL
Source: firefox.exe, 00000005.00000003.2198555051.000001E9F9BE6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://safebrowsing.googleapis.com/v4/threatListUpdates:fetch?$ct=application/x-protobuf&key=AIzaSy
Source: firefox.exe, 0000000D.00000002.2914510518.0000028D05970000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2913477496.00000130C87B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2913641047.000002D8D7430000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://sb-ssl.google.com/safebrowsing/clientreport/download?key=%GOOGLE_SAFEBROWSING_API_KEY%
Source: firefox.exe, 00000005.00000003.2278517549.000001E9EC5F2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2077229833.000001E9ECDCA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1887271129.000001E9ECDCA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://screenshots.firefox.com
Source: firefox.exe, 00000005.00000003.1745156313.000001E9EE341000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://screenshots.firefox.com/
Source: firefox.exe, 0000000D.00000002.2914510518.0000028D05970000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2913477496.00000130C87B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2913641047.000002D8D7430000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/abuse/report/addon/
Source: firefox.exe, 00000005.00000003.2263601087.000001E9FAC13000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/addons/addon
Source: firefox.exe, 0000000D.00000002.2914510518.0000028D05970000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2913477496.00000130C87B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2913641047.000002D8D7430000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/addons/addon/
Source: firefox.exe, 0000000D.00000002.2914510518.0000028D05970000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2913477496.00000130C87B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2913641047.000002D8D7430000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/addons/language-tools/?app=firefox&type=language&appversi
Source: firefox.exe, 0000000D.00000002.2914510518.0000028D05970000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2913477496.00000130C87B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2913641047.000002D8D7430000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/addons/search/?guid=%IDS%&lang=%LOCALE%
Source: firefox.exe, 00000005.00000003.2076284862.000001E9EEC59000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2076482413.000001E9EDBD4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/addons/search/?guid=default-theme%40mozilla.org%2Caddons-
Source: firefox.exe, 0000000D.00000002.2914510518.0000028D05970000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2913477496.00000130C87B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2913641047.000002D8D7430000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/discovery/?lang=%LOCALE%&edition=%DISTRIBUTION%
Source: firefox.exe, 0000000D.00000002.2914510518.0000028D05970000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2913477496.00000130C87B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2913641047.000002D8D7430000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v5/addons/browser-mappings/?browser=%BROWSER%
Source: firefox.exe, 00000005.00000003.2203804431.000001E9ECBCA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2130069450.000001E9FA7CD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2194763934.000001E9FA7C9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shavar.services.mozilla.com
Source: firefox.exe, 00000005.00000003.2197120762.000001E9F9FE2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shavar.services.mozilla.com/
Source: firefox.exe, 0000000D.00000002.2914510518.0000028D05970000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2913477496.00000130C87B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2913641047.000002D8D7430000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://shavar.services.mozilla.com/downloads?client=SAFEBROWSING_ID&appver=%MAJOR_VERSION%&pver=2.2
Source: firefox.exe, 00000005.00000003.2195567398.000001E9FA390000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shavar.services.mozilla.com/downloads?client=SAFEBROWSING_ID&appver=118.0&pver=2.2
Source: firefox.exe, 00000005.00000003.2110081612.000001E9FA3EC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2194763934.000001E9FA7C9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shavar.services.mozilla.com/downloads?client=navclient-auto-ffox&appver=118.0&pver=2.2
Source: firefox.exe, 0000000D.00000002.2914510518.0000028D05970000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2913477496.00000130C87B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2913641047.000002D8D7430000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://shavar.services.mozilla.com/gethash?client=SAFEBROWSING_ID&appver=%MAJOR_VERSION%&pver=2.2
Source: firefox.exe, 00000005.00000003.2195567398.000001E9FA390000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shavar.services.mozilla.com/gethash?client=SAFEBROWSING_ID&appver=118.0&pver=2.2
Source: firefox.exe, 00000005.00000003.1787106032.000001E9F18DD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2107184763.000001E9FA79D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2072369698.000001E9F18F0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1793931753.000001E9F18DD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1884749515.000001E9F18F0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://smartblock.firefox.etp/facebook.svg
Source: firefox.exe, 00000005.00000003.1787106032.000001E9F18DD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2107184763.000001E9FA79D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2072369698.000001E9F18F0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1793931753.000001E9F18DD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1884749515.000001E9F18F0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://smartblock.firefox.etp/play.svg
Source: firefox.exe, 0000000D.00000002.2914510518.0000028D05970000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2913477496.00000130C87B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2913641047.000002D8D7430000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://snippets.cdn.mozilla.net/%STARTPAGE_VERSION%/%NAME%/%VERSION%/%APPBUILDID%/%BUILD_TARGET%/%L
Source: firefox.exe, 00000005.00000003.2198992249.000001E9F9B60000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://spocs.getpocket.com
Source: firefox.exe, 00000005.00000003.2198992249.000001E9F9B60000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.2914064409.00000130C8912000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000002.2914464009.000002D8D7613000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://spocs.getpocket.com/
Source: firefox.exe, 00000005.00000003.2198992249.000001E9F9B60000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2277975151.000001E9ECBA3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://spocs.getpocket.com/spocs
Source: firefox.exe, 00000005.00000003.2199252121.000001E9F9B1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://spocs.getpocket.com/spocs#
Source: firefox.exe, 00000005.00000003.2199252121.000001E9F9B1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://spocs.getpocket.com/spocs#l
Source: firefox.exe, 00000005.00000003.1887088091.000001E9EDB05000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2278478951.000001E9ECB0A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.2914064409.00000130C89AD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000002.2914464009.000002D8D76F4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://spocs.getpocket.com/user
Source: firefox.exe, 00000005.00000003.2072054023.000001E9F25AA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2072054023.000001E9F25F8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1841743049.000001E9F25F8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://static.adsafeprotected.com/firefox-etp-pixel
Source: firefox.exe, 00000005.00000003.2278517549.000001E9EC5F2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2077229833.000001E9ECDCA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2196195894.000001E9FA2F0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1887271129.000001E9ECDCA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org
Source: firefox.exe, 00000005.00000003.2195567398.000001E9FA387000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/
Source: firefox.exe, 0000000D.00000002.2914510518.0000028D05970000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2913477496.00000130C87B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2913641047.000002D8D7430000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/
Source: firefox.exe, 0000000D.00000002.2914510518.0000028D05970000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2913477496.00000130C87B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2913641047.000002D8D7430000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/cross-site-tracking-report
Source: firefox.exe, 0000000D.00000002.2914510518.0000028D05970000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2913477496.00000130C87B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2913641047.000002D8D7430000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/cryptominers-report
Source: firefox.exe, 0000000D.00000002.2914510518.0000028D05970000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2913477496.00000130C87B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2913641047.000002D8D7430000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/fingerprinters-report
Source: firefox.exe, 0000000D.00000002.2914510518.0000028D05970000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2913477496.00000130C87B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2913641047.000002D8D7430000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/firefox-relay-integration
Source: firefox.exe, 0000000D.00000002.2914510518.0000028D05970000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2913477496.00000130C87B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2913641047.000002D8D7430000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/password-manager-report
Source: firefox.exe, 0000000D.00000002.2914510518.0000028D05970000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2913477496.00000130C87B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2913641047.000002D8D7430000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/search-engine-removal
Source: firefox.exe, 0000000D.00000002.2914510518.0000028D05970000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2913477496.00000130C87B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2913641047.000002D8D7430000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/send-tab
Source: firefox.exe, 0000000D.00000002.2914510518.0000028D05970000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2913477496.00000130C87B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2913641047.000002D8D7430000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/shield
Source: firefox.exe, 0000000D.00000002.2914510518.0000028D05970000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2913477496.00000130C87B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2913641047.000002D8D7430000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/social-media-tracking-report
Source: firefox.exe, 0000000D.00000002.2914510518.0000028D05970000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2913477496.00000130C87B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2913641047.000002D8D7430000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/tracking-content-report
Source: firefox.exe, 00000005.00000003.2202222685.000001E9F30D7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2192122090.000001E9FACBB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2070135694.000001E9F30D7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2193864105.000001E9FAB7B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2263976392.000001E9FAB7B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1792251419.000001E9F30D7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1786076224.000001E9F30D7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/118.0.1/WINNT/en-US/
Source: firefox.exe, 00000005.00000003.2277852568.000001E9ECBCC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2203804431.000001E9ECBCA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/118.0.1/WINNT/en-US/firefox-relay-integration
Source: firefox.exe, 00000005.00000003.2074960341.000001E9F0C87000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1790378725.000001E9F4048000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2273526101.000001E9F47A4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2275959383.000001E9F17F4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2277852568.000001E9ECBCC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2196255896.000001E9FA2CA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2192368227.000001E9FAC7B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2195567398.000001E9FA387000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2203804431.000001E9ECB9D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1837150959.000001E9F4048000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2203804431.000001E9ECBCA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2277975151.000001E9ECBA3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.2914510518.0000028D05970000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2913477496.00000130C87B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2913641047.000002D8D7430000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/captive-portal
Source: firefox.exe, 00000005.00000003.2266034267.000001E9FA27E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
Source: firefox.exe, 00000005.00000003.2205834984.000001E9F26A1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/update-firefox-latest-release
Source: firefox.exe, 00000005.00000003.2266034267.000001E9FA27E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/products/firefoxgro.allizom.troppus.zvXrErQ5GYDF
Source: firefox.exe, 0000000D.00000002.2914510518.0000028D05970000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2913477496.00000130C87B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2913641047.000002D8D7430000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://token.services.mozilla.com/1.0/sync/1.5
Source: firefox.exe, 0000000D.00000002.2914510518.0000028D05970000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2913477496.00000130C87B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2913641047.000002D8D7430000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://topsites.services.mozilla.com/cid/
Source: firefox.exe, 0000000D.00000002.2914510518.0000028D05970000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2913477496.00000130C87B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2913641047.000002D8D7430000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://tracking-protection-issues.herokuapp.com/new
Source: firefox.exe, 00000005.00000003.2278517549.000001E9EC5F2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://truecolors.firefox.com
Source: firefox.exe, 00000005.00000003.2195567398.000001E9FA387000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://truecolors.firefox.com/
Source: firefox.exe, 00000005.00000003.2203804431.000001E9ECBCA000.00000004.00000800.00020000.00000000.sdmp, 065580ab-c5f8-4d6e-8c08-76ffa057f7b2.tmp.7.drString found in binary or memory: https://twitter.com/
Source: firefox.exe, 0000000D.00000002.2914510518.0000028D05970000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2913477496.00000130C87B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2913641047.000002D8D7430000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://versioncheck-bg.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEM
Source: firefox.exe, 0000000D.00000002.2914510518.0000028D05970000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2913477496.00000130C87B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2913641047.000002D8D7430000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://versioncheck.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEM_ID
Source: firefox.exe, 0000000D.00000002.2914510518.0000028D05970000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2913477496.00000130C87B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2913641047.000002D8D7430000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://vpn.mozilla.org/?utm_source=firefox-browser&utm_medium=firefox-%CHANNEL%-browser&utm_campaig
Source: firefox.exe, 00000019.00000002.2913641047.000002D8D7430000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://vpn.mozilla.org/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_campaign=about-pr
Source: firefox.exe, 0000000D.00000002.2914510518.0000028D05970000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2913477496.00000130C87B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2913641047.000002D8D7430000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://webcompat.com/issues/new
Source: firefox.exe, 0000000D.00000002.2914510518.0000028D05970000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2913477496.00000130C87B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2913641047.000002D8D7430000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://webextensions.settings.services.mozilla.com/v1
Source: firefox.exe, 00000005.00000003.2273488440.000001E9F47BB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://webpack.js.org/concepts/mode/)
Source: firefox.exe, 00000005.00000003.2198784140.000001E9F9B84000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://weibo.com/
Source: firefox.exe, 00000005.00000003.2198784140.000001E9F9B84000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.aliexpress.com/
Source: firefox.exe, 00000005.00000003.2198784140.000001E9F9B84000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.ca/
Source: firefox.exe, 00000005.00000003.2198784140.000001E9F9B84000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.co.uk/
Source: firefox.exe, 00000005.00000003.2203804431.000001E9ECBCA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.com/
Source: firefox.exe, 00000005.00000003.1887088091.000001E9EDB05000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2130302315.000001E9EC4B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1843827330.000001E9EDB51000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1887817419.000001E9EC4B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.2914874948.0000028D05BCB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.2914064409.00000130C89F0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000002.2917723479.000002D8D7803000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.5.drString found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_7548d4575af019e4c148ccf1a78112802e66a0816a72fc94
Source: firefox.exe, 00000005.00000003.1744468269.000001E9EE317000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2123744943.000001E9FA9F7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1744994781.000001E9EE32C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1745590739.000001E9EE381000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1787106032.000001E9F18DD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1745454157.000001E9EE36C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1743913529.000001E9EE100000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2072369698.000001E9F18F0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1745294173.000001E9EE357000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2203804431.000001E9ECB9D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1793931753.000001E9F18DD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1745156313.000001E9EE341000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1884749515.000001E9F18F0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2277975151.000001E9ECBA3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.com/exec/obidos/external-search/
Source: firefox.exe, 00000005.00000003.2277852568.000001E9ECBCC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2203804431.000001E9ECBCA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.com/exec/obidos/external-search/?field-keywords=&ie=UTF-8&mode=blended&tag=mozill
Source: firefox.exe, 00000005.00000003.2199557352.000001E9F364A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1843277716.000001E9EE1A1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2198784140.000001E9F9B84000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.de/
Source: firefox.exe, 00000005.00000003.2198784140.000001E9F9B84000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.fr/
Source: firefox.exe, 00000005.00000003.2198784140.000001E9F9B84000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.avito.ru/
Source: firefox.exe, 00000005.00000003.2198784140.000001E9F9B84000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.baidu.com/
Source: firefox.exe, 00000005.00000003.2198784140.000001E9F9B84000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.bbc.co.uk/
Source: firefox.exe, 00000005.00000003.2198784140.000001E9F9B84000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ctrip.com/
Source: firefox.exe, 00000005.00000003.2143379203.000001E9F0857000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2142106460.000001E9F0857000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2079114380.000001E9F1900000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2141470479.000001E9F088A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2070917393.000001E9F2FA3000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.5.drString found in binary or memory: https://www.digicert.com/CPS0
Source: firefox.exe, 00000005.00000003.2198784140.000001E9F9B84000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ebay.co.uk/
Source: firefox.exe, 00000005.00000003.2198784140.000001E9F9B84000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ebay.de/
Source: firefox.exe, 00000005.00000003.1887088091.000001E9EDB05000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2130302315.000001E9EC4B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1843827330.000001E9EDB51000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1887817419.000001E9EC4B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.2914874948.0000028D05BCB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.2914064409.00000130C89F0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000002.2917723479.000002D8D7803000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.5.drString found in binary or memory: https://www.expedia.com/?locale=en_US&siteid=1&semcid=US.UB.ADMARKETPLACE.GT-C-EN.HOTEL&SEMDTL=a1219
Source: 83625de1-c8a3-43d2-8a1c-23a41273cfa4.tmp.8.drString found in binary or memory: https://www.google.com
Source: firefox.exe, 00000005.00000003.2203804431.000001E9ECB56000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/
Source: content_new.js.7.dr, content.js.7.drString found in binary or memory: https://www.google.com/chrome
Source: firefox.exe, 00000005.00000003.2203804431.000001E9ECBB5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/complete/
Source: firefox.exe, 00000005.00000003.2198784140.000001E9F9B84000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2098125797.000001E9F1B35000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/complete/search
Source: firefox.exe, 00000005.00000003.2198784140.000001E9F9BA2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1745294173.000001E9EE357000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1745156313.000001E9EE341000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/complete/search?client=firefox&q=
Source: Web Data.7.drString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
Source: firefox.exe, 00000005.00000003.2198784140.000001E9F9B84000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1745294173.000001E9EE357000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2267447221.000001E9F9FBA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2203804431.000001E9ECB9D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1793931753.000001E9F18DD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1745156313.000001E9EE341000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1884749515.000001E9F18F0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2277975151.000001E9ECBA3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/search
Source: firefox.exe, 00000005.00000003.2278517549.000001E9EC5F2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/search?client=firefox-b-d&q=
Source: 83625de1-c8a3-43d2-8a1c-23a41273cfa4.tmp.8.drString found in binary or memory: https://www.googleapis.com
Source: firefox.exe, 0000000D.00000002.2914510518.0000028D05970000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2913477496.00000130C87B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2913641047.000002D8D7430000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/geolocation/v1/geolocate?key=%GOOGLE_LOCATION_SERVICE_API_KEY%
Source: 83625de1-c8a3-43d2-8a1c-23a41273cfa4.tmp.8.drString found in binary or memory: https://www.gstatic.com
Source: firefox.exe, 00000005.00000003.2198784140.000001E9F9B84000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ifeng.com/
Source: firefox.exe, 00000005.00000003.2198784140.000001E9F9B84000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.iqiyi.com/
Source: firefox.exe, 00000005.00000003.2198784140.000001E9F9B84000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.leboncoin.fr/
Source: firefox.exe, 00000005.00000003.2195115167.000001E9FA6E4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mobilesuica.com/
Source: firefox.exe, 00000005.00000003.1886988630.000001E9EDB20000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2076284862.000001E9EEC48000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2197801676.000001E9F9FA4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1843050761.000001E9EEC48000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2196195894.000001E9FA2F0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org
Source: firefox.exe, 00000005.00000003.2195868070.000001E9FA342000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/
Source: firefox.exe, 0000000D.00000002.2914510518.0000028D05970000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2913477496.00000130C87B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2913641047.000002D8D7430000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/about/legal/terms/subscription-services/
Source: firefox.exe, 00000019.00000002.2913641047.000002D8D7430000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/%VERSION%/releasenotes/?utm_source=firefox-browser&utm_medi
Source: firefox.exe, 0000000D.00000002.2914510518.0000028D05970000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2913477496.00000130C87B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2913641047.000002D8D7430000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/%VERSION%/tour/
Source: firefox.exe, 0000000D.00000002.2914510518.0000028D05970000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2913477496.00000130C87B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2913641047.000002D8D7430000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/geolocation/
Source: firefox.exe, 0000000D.00000002.2914510518.0000028D05970000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2913477496.00000130C87B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2913641047.000002D8D7430000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/new?reason=manual-update
Source: firefox.exe, 0000000D.00000002.2914510518.0000028D05970000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2913477496.00000130C87B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2913641047.000002D8D7430000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/notes
Source: firefox.exe, 0000000D.00000002.2914510518.0000028D05970000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2913477496.00000130C87B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2913641047.000002D8D7430000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/set-as-default/thanks/
Source: firefox.exe, 0000000D.00000002.2914510518.0000028D05970000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2913477496.00000130C87B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2913641047.000002D8D7430000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/xr/
Source: firefox.exe, 0000000D.00000002.2914510518.0000028D05970000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2913477496.00000130C87B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2913641047.000002D8D7430000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/privacy/subscription-services/
Source: firefox.exe, 00000005.00000003.2266034267.000001E9FA27E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.VsJpOAWrHqB2
Source: firefox.exe, 00000005.00000003.2101636032.000001E9FA152000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2102254078.000001E9FA151000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/about/legal/terms/mozilla/
Source: firefox.exe, 00000005.00000003.2263558365.000001E9FACD9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2191997004.000001E9FACD2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/anything/?
Source: firefox.exe, 00000005.00000003.2266034267.000001E9FA27E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.n0g9CLHwD9nR
Source: firefox.exe, 00000005.00000003.2277852568.000001E9ECBCC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2203804431.000001E9ECBCA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/en-US/about/legal/terms/subscription-services/
Source: firefox.exe, 00000005.00000003.2203374404.000001E9F1354000.00000004.00000800.00020000.00000000.sdmp, targeting.snapshot.json.tmp.5.drString found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/
Source: firefox.exe, 00000005.00000003.2191399909.000001E9FADB2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2266034267.000001E9FA27E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/Firefox
Source: firefox.exe, 00000005.00000003.2277852568.000001E9ECBCC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2203804431.000001E9ECBCA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/en-US/privacy/subscription-services/
Source: firefox.exe, 00000005.00000003.2266034267.000001E9FA27E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
Source: firefox.exe, 0000000D.00000002.2914510518.0000028D05970000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2913477496.00000130C87B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2913641047.000002D8D7430000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/firefox/android/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_c
Source: firefox.exe, 0000000D.00000002.2914510518.0000028D05970000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2913477496.00000130C87B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2913641047.000002D8D7430000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/firefox/ios/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_campa
Source: firefox.exe, 0000000D.00000002.2914510518.0000028D05970000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2913477496.00000130C87B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2913641047.000002D8D7430000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/legal/privacy/firefox.html
Source: firefox.exe, 0000000D.00000002.2914510518.0000028D05970000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2913477496.00000130C87B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2913641047.000002D8D7430000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/legal/privacy/firefox.html#crash-reporter
Source: firefox.exe, 0000000D.00000002.2914510518.0000028D05970000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2913477496.00000130C87B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2913641047.000002D8D7430000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/legal/privacy/firefox.html#health-report
Source: firefox.exe, 00000005.00000003.2130302315.000001E9EC44C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1888155208.000001E9EC45F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.2914874948.0000028D05BCB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.2914064409.00000130C89F0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000002.2914464009.000002D8D76F4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/
Source: firefox.exe, 00000005.00000003.1887088091.000001E9EDB05000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/#suggest-relevant-content
Source: firefox.exe, 00000005.00000003.2199252121.000001E9F9B1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/#suggest-relevant-contentP
Source: firefox.exe, 0000000D.00000002.2914510518.0000028D05970000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2913477496.00000130C87B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2913641047.000002D8D7430000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_c
Source: firefox.exe, 00000005.00000003.2199252121.000001E9F9B1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/V
Source: firefox.exe, 00000005.00000003.2191399909.000001E9FADB2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2266034267.000001E9FA27E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www.
Source: firefox.exe, 00000005.00000003.2076284862.000001E9EEC48000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1843050761.000001E9EEC48000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.orgP
Source: firefox.exe, 00000005.00000003.2203804431.000001E9ECB2C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1779508531.000001E9F36A4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1843277716.000001E9EE1A1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1837560155.000001E9F36A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com
Source: 065580ab-c5f8-4d6e-8c08-76ffa057f7b2.tmp.7.drString found in binary or memory: https://www.msn.com/widgets/fullpage/cgSideBar/widget?experiences=CasualGamesHub&sharedHeader=1
Source: 065580ab-c5f8-4d6e-8c08-76ffa057f7b2.tmp.7.drString found in binary or memory: https://www.msn.com/widgets/fullpage/cgSideBar/widget?experiences=CasualGamesHub&sharedHeader=1&game
Source: 065580ab-c5f8-4d6e-8c08-76ffa057f7b2.tmp.7.drString found in binary or memory: https://www.msn.com/widgets/fullpage/cgSideBar/widget?experiences=CasualGamesHub&sharedHeader=1&item
Source: 065580ab-c5f8-4d6e-8c08-76ffa057f7b2.tmp.7.drString found in binary or memory: https://www.msn.com/widgets/fullpage/gaming/widget?experiences=CasualGamesHub&sharedHeader=1
Source: 065580ab-c5f8-4d6e-8c08-76ffa057f7b2.tmp.7.drString found in binary or memory: https://www.msn.com/widgets/fullpage/gaming/widget?experiences=CasualGamesHub&sharedHeader=1&playInS
Source: Top Sites.7.drString found in binary or memory: https://www.office.com/
Source: Top Sites.7.drString found in binary or memory: https://www.office.com/Office
Source: firefox.exe, 00000005.00000003.2198784140.000001E9F9B84000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.olx.pl/
Source: firefox.exe, 00000005.00000003.2278517549.000001E9EC5C0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1887670152.000001E9EC5C5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.openh264.org/
Source: firefox.exe, 00000005.00000003.2203804431.000001E9ECBCA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.reddit.com/
Source: firefox.exe, 00000005.00000003.2198784140.000001E9F9B84000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.wykop.pl/
Source: firefox.exe, 00000005.00000003.2277975151.000001E9ECBA3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.2914064409.00000130C8903000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000002.2914464009.000002D8D760C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49742
Source: unknownNetwork traffic detected: HTTP traffic on port 51115 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 51087 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51144
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51145
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51142
Source: unknownNetwork traffic detected: HTTP traffic on port 49766 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51148
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51146
Source: unknownNetwork traffic detected: HTTP traffic on port 51138 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51147
Source: unknownNetwork traffic detected: HTTP traffic on port 49769 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 51093 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 51147 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 51109 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 51124 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49772 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49675 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 51135 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 51110 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49763 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 51104 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 51096 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 51129 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49760 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 51136 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 51095 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 51122 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 51116 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 51141 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 51133 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49765 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49768 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 51130 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 51098 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 51090 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 51144 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 51127 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51109
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51106
Source: unknownNetwork traffic detected: HTTP traffic on port 51140 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 51111 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 51134 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51104
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51105
Source: unknownNetwork traffic detected: HTTP traffic on port 49762 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 51131 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 51105 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 51097 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 51114 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49773
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49772
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49770
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51111
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51112
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51110
Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51115
Source: unknownNetwork traffic detected: HTTP traffic on port 49767 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51116
Source: unknownNetwork traffic detected: HTTP traffic on port 51139 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51114
Source: unknownNetwork traffic detected: HTTP traffic on port 51092 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 51089 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49773 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49769
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49768
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49767
Source: unknownNetwork traffic detected: HTTP traffic on port 51146 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49766
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49765
Source: unknownNetwork traffic detected: HTTP traffic on port 51142 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49764
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49763
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51129
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49762
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49761
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49760
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51089
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51122
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51123
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51087
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51120
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51088
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51126
Source: unknownNetwork traffic detected: HTTP traffic on port 51132 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51127
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51124
Source: unknownNetwork traffic detected: HTTP traffic on port 49764 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49770 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51092
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51093
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51090
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51091
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51096
Source: unknownNetwork traffic detected: HTTP traffic on port 51091 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51097
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51130
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51094
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51095
Source: unknownNetwork traffic detected: HTTP traffic on port 51088 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 51126 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 51145 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51139
Source: unknownNetwork traffic detected: HTTP traffic on port 51120 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51133
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51134
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51098
Source: unknownNetwork traffic detected: HTTP traffic on port 51112 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51131
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51132
Source: unknownNetwork traffic detected: HTTP traffic on port 49761 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51137
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51138
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51135
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51136
Source: unknownNetwork traffic detected: HTTP traffic on port 51137 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 51106 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51140
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51141
Source: unknownNetwork traffic detected: HTTP traffic on port 51094 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 51123 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 51148 -> 443
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49766 version: TLS 1.2
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49768 version: TLS 1.2
Source: unknownHTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.4:51098 version: TLS 1.2
Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.4:51109 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.4:51111 version: TLS 1.2
Source: unknownHTTPS traffic detected: 52.222.236.23:443 -> 192.168.2.4:51112 version: TLS 1.2
Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.4:51114 version: TLS 1.2
Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.4:51116 version: TLS 1.2
Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.4:51115 version: TLS 1.2
Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.4:51120 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.160.144.191:443 -> 192.168.2.4:51124 version: TLS 1.2
Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.4:51132 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:51137 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:51138 version: TLS 1.2
Source: unknownHTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.4:51141 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:51145 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:51146 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:51147 version: TLS 1.2
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00D9EAFF OpenClipboard,IsClipboardFormatAvailable,IsClipboardFormatAvailable,GetClipboardData,CloseClipboard,GlobalLock,CloseClipboard,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,DragQueryFileW,DragQueryFileW,DragQueryFileW,GlobalUnlock,CountClipboardFormats,CloseClipboard,0_2_00D9EAFF
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00D9ED6A OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,GlobalUnlock,OpenClipboard,EmptyClipboard,SetClipboardData,CloseClipboard,0_2_00D9ED6A
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00D9EAFF OpenClipboard,IsClipboardFormatAvailable,IsClipboardFormatAvailable,GetClipboardData,CloseClipboard,GlobalLock,CloseClipboard,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,DragQueryFileW,DragQueryFileW,DragQueryFileW,GlobalUnlock,CountClipboardFormats,CloseClipboard,0_2_00D9EAFF
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00D8AA57 GetKeyboardState,SetKeyboardState,PostMessageW,SendInput,0_2_00D8AA57
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00DB9576 DefDlgProcW,SendMessageW,GetWindowLongW,SendMessageW,SendMessageW,GetKeyState,GetKeyState,GetKeyState,SendMessageW,GetKeyState,SendMessageW,SendMessageW,SendMessageW,ImageList_SetDragCursorImage,ImageList_BeginDrag,SetCapture,ClientToScreen,ImageList_DragEnter,InvalidateRect,ReleaseCapture,GetCursorPos,ScreenToClient,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,GetCursorPos,ScreenToClient,GetParent,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,GetWindowLongW,0_2_00DB9576

System Summary

barindex
Binary is likely a compiled AutoIt script file
Source: file.exeString found in binary or memory: This is a third-party compiled AutoIt script.
Source: file.exe, 00000000.00000002.1670634464.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: This is a third-party compiled AutoIt script.memstr_199f1211-2
Source: file.exe, 00000000.00000002.1670634464.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: AnyArabicArmenianAvestanBalineseBamumBassa_VahBatakBengaliBopomofoBrahmiBrailleBugineseBuhidCCanadian_AboriginalCarianCaucasian_AlbanianCcCfChakmaChamCherokeeCnCoCommonCopticCsCuneiformCypriotCyrillicDeseretDevanagariDuployanEgyptian_HieroglyphsElbasanEthiopicGeorgianGlagoliticGothicGranthaGreekGujaratiGurmukhiHanHangulHanunooHebrewHiraganaImperial_AramaicInheritedInscriptional_PahlaviInscriptional_ParthianJavaneseKaithiKannadaKatakanaKayah_LiKharoshthiKhmerKhojkiKhudawadiLL&LaoLatinLepchaLimbuLinear_ALinear_BLisuLlLmLoLtLuLycianLydianMMahajaniMalayalamMandaicManichaeanMcMeMeetei_MayekMende_KikakuiMeroitic_CursiveMeroitic_HieroglyphsMiaoMnModiMongolianMroMyanmarNNabataeanNdNew_Tai_LueNkoNlNoOghamOl_ChikiOld_ItalicOld_North_ArabianOld_PermicOld_PersianOld_South_ArabianOld_TurkicOriyaOsmanyaPPahawh_HmongPalmyrenePau_Cin_HauPcPdPePfPhags_PaPhoenicianPiPoPsPsalter_PahlaviRejangRunicSSamaritanSaurashtraScSharadaShavianSiddhamSinhalaSkSmSoSora_SompengSundaneseSyloti_NagriSyriacTagalogTagbanwaTai_LeTai_ThamTai_VietTakriTamilTeluguThaanaThaiTibetanTifinaghTirhutaUgariticVaiWarang_CitiXanXpsXspXucXwdYiZZlZpZsSDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBoxSHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainermemstr_4135c0e4-f
Source: file.exeString found in binary or memory: This is a third-party compiled AutoIt script.memstr_e84d27bb-7
Source: file.exeString found in binary or memory: AnyArabicArmenianAvestanBalineseBamumBassa_VahBatakBengaliBopomofoBrahmiBrailleBugineseBuhidCCanadian_AboriginalCarianCaucasian_AlbanianCcCfChakmaChamCherokeeCnCoCommonCopticCsCuneiformCypriotCyrillicDeseretDevanagariDuployanEgyptian_HieroglyphsElbasanEthiopicGeorgianGlagoliticGothicGranthaGreekGujaratiGurmukhiHanHangulHanunooHebrewHiraganaImperial_AramaicInheritedInscriptional_PahlaviInscriptional_ParthianJavaneseKaithiKannadaKatakanaKayah_LiKharoshthiKhmerKhojkiKhudawadiLL&LaoLatinLepchaLimbuLinear_ALinear_BLisuLlLmLoLtLuLycianLydianMMahajaniMalayalamMandaicManichaeanMcMeMeetei_MayekMende_KikakuiMeroitic_CursiveMeroitic_HieroglyphsMiaoMnModiMongolianMroMyanmarNNabataeanNdNew_Tai_LueNkoNlNoOghamOl_ChikiOld_ItalicOld_North_ArabianOld_PermicOld_PersianOld_South_ArabianOld_TurkicOriyaOsmanyaPPahawh_HmongPalmyrenePau_Cin_HauPcPdPePfPhags_PaPhoenicianPiPoPsPsalter_PahlaviRejangRunicSSamaritanSaurashtraScSharadaShavianSiddhamSinhalaSkSmSoSora_SompengSundaneseSyloti_NagriSyriacTagalogTagbanwaTai_LeTai_ThamTai_VietTakriTamilTeluguThaanaThaiTibetanTifinaghTirhutaUgariticVaiWarang_CitiXanXpsXspXucXwdYiZZlZpZsSDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBoxSHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainermemstr_b562db49-9
Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 17_2_00000130C8A32377 NtQuerySystemInformation,17_2_00000130C8A32377
Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 17_2_00000130C8EC82F2 NtQuerySystemInformation,17_2_00000130C8EC82F2
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00D8D5EB: CreateFileW,DeviceIoControl,CloseHandle,0_2_00D8D5EB
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00D81201 LogonUserW,DuplicateTokenEx,CloseHandle,OpenWindowStationW,GetProcessWindowStation,SetProcessWindowStation,OpenDesktopW,_wcslen,LoadUserProfileW,CreateEnvironmentBlock,CreateProcessAsUserW,UnloadUserProfile,GetProcessHeap,HeapFree,CloseWindowStation,CloseDesktop,SetProcessWindowStation,CloseHandle,DestroyEnvironmentBlock,0_2_00D81201
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00D8E8F6 ExitWindowsEx,InitiateSystemShutdownExW,SetSystemPowerState,0_2_00D8E8F6
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00D920460_2_00D92046
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00D280600_2_00D28060
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00D882980_2_00D88298
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00D5E4FF0_2_00D5E4FF
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00D5676B0_2_00D5676B
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00DB48730_2_00DB4873
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00D2CAF00_2_00D2CAF0
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00D4CAA00_2_00D4CAA0
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00D3CC390_2_00D3CC39
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00D56DD90_2_00D56DD9
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00D291C00_2_00D291C0
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00D3B1190_2_00D3B119
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00D413940_2_00D41394
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00D417060_2_00D41706
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00D4781B0_2_00D4781B
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00D419B00_2_00D419B0
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00D3997D0_2_00D3997D
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00D279200_2_00D27920
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00D47A4A0_2_00D47A4A
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00D47CA70_2_00D47CA7
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00D41C770_2_00D41C77
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00D59EEE0_2_00D59EEE
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00DABE440_2_00DABE44
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00D41F320_2_00D41F32
Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 17_2_00000130C8A3237717_2_00000130C8A32377
Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 17_2_00000130C8EC82F217_2_00000130C8EC82F2
Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 17_2_00000130C8EC8A1C17_2_00000130C8EC8A1C
Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 17_2_00000130C8EC833217_2_00000130C8EC8332
Source: C:\Users\user\Desktop\file.exeCode function: String function: 00D3F9F2 appears 31 times
Source: C:\Users\user\Desktop\file.exeCode function: String function: 00D40A30 appears 46 times
Source: file.exe, 00000000.00000002.1670865233.00000000015BE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamemsedge.exe> vs file.exe
Source: file.exe, 00000000.00000003.1669980148.00000000015BE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamemsedge.exe> vs file.exe
Source: file.exeStatic PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
Source: classification engineClassification label: mal68.evad.winEXE@75/347@55/24
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00D937B5 GetLastError,FormatMessageW,0_2_00D937B5
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00D810BF AdjustTokenPrivileges,CloseHandle,0_2_00D810BF
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00D816C3 LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,0_2_00D816C3
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00D951CD SetErrorMode,GetDiskFreeSpaceExW,SetErrorMode,0_2_00D951CD
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00D8D4DC CreateToolhelp32Snapshot,Process32FirstW,Process32NextW,FindCloseChangeNotification,0_2_00D8D4DC
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00D9648E _wcslen,CoInitialize,CoCreateInstance,CoUninitialize,0_2_00D9648E
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00D242A2 CreateStreamOnHGlobal,FindResourceExW,LoadResource,SizeofResource,LockResource,0_2_00D242A2
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeFile created: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-66D4B845-1168.pmaJump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exeFile created: C:\Users\user\AppData\Local\Temp\firefoxJump to behavior
Source: file.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\file.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
Source: C:\Users\user\Desktop\file.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: firefox.exe, 00000005.00000003.2190091329.000001E9FB0F5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2193864105.000001E9FAB7B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2191746105.000001E9FAD6C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2263976392.000001E9FAB7B000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SELECT * FROM events WHERE timestamp BETWEEN date(:dateFrom) AND date(:dateTo);
Source: firefox.exe, 00000005.00000003.2191746105.000001E9FAD6C000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: CREATE TABLE events (id INTEGER PRIMARY KEY, type INTEGER NOT NULL, count INTEGER NOT NULL, timestamp DATE );
Source: firefox.exe, 00000005.00000003.2191746105.000001E9FAD6C000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: INSERT INTO events (type, count, timestamp) VALUES (:type, 1, date(:date));
Source: firefox.exe, 00000005.00000003.2191746105.000001E9FAD6C000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SELECT timestamp FROM events ORDER BY timestamp ASC LIMIT 1;;
Source: firefox.exe, 00000005.00000003.2275997236.000001E9F17C8000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SELECT sum(count) FROM events;
Source: firefox.exe, 00000005.00000003.2191746105.000001E9FAD6C000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SELECT timestamp FROM events ORDER BY timestamp ASC LIMIT 1;;Fy6
Source: firefox.exe, 00000005.00000003.2191746105.000001E9FAD6C000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: UPDATE events SET count = count + 1 WHERE id = :id;-
Source: firefox.exe, 00000005.00000003.2191746105.000001E9FAD6C000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SELECT sum(count) FROM events;9'
Source: firefox.exe, 00000005.00000003.2191746105.000001E9FAD6C000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SELECT sum(count) FROM events;9
Source: firefox.exe, 00000005.00000003.2191746105.000001E9FAD6C000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SELECT * FROM events WHERE type = :type AND timestamp = date(:date);
Source: Login Data.7.drBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
Source: file.exeVirustotal: Detection: 26%
Source: unknownProcess created: C:\Users\user\Desktop\file.exe "C:\Users\user\Desktop\file.exe"
Source: C:\Users\user\Desktop\file.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd
Source: C:\Users\user\Desktop\file.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd
Source: unknownProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd --attempting-deelevation
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2220 --field-trial-handle=2176,i,7983970190078579778,15414779449484211005,262144 /prefetch:3
Source: unknownProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2452 --field-trial-handle=2108,i,175679224649341972,9737569458968521055,262144 /prefetch:3
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=6428 --field-trial-handle=2108,i,175679224649341972,9737569458968521055,262144 /prefetch:8
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=6688 --field-trial-handle=2108,i,175679224649341972,9737569458968521055,262144 /prefetch:8
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2324 -parentBuildID 20230927232528 -prefsHandle 2264 -prefMapHandle 2260 -prefsLen 25359 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b2c51076-e2ba-496a-8a5d-bad7f0b747df} 7172 "\\.\pipe\gecko-crash-server-pipe.7172" 1e9e0c6d310 socket
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe "C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=6984 --field-trial-handle=2108,i,175679224649341972,9737569458968521055,262144 /prefetch:8
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe "C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=6984 --field-trial-handle=2108,i,175679224649341972,9737569458968521055,262144 /prefetch:8
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3504 -parentBuildID 20230927232528 -prefsHandle 2852 -prefMapHandle 3480 -prefsLen 26374 -prefMapSize 237879 -appDir "C:\Program Files\Mozilla Firefox\browser" - {df1c462e-2999-4128-a5ee-18d3d60123b5} 7172 "\\.\pipe\gecko-crash-server-pipe.7172" 1e9f2c64d10 rdd
Source: unknownProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2280 --field-trial-handle=2068,i,13160541813465607293,2712023220913971906,262144 /prefetch:3
Source: unknownProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2144 --field-trial-handle=2020,i,12803728955632511086,9893143217689161617,262144 /prefetch:3
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5660 -parentBuildID 20230927232528 -sandboxingKind 0 -prefsHandle 5652 -prefMapHandle 5592 -prefsLen 33976 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e87c3b9e-4be0-4f77-84ea-de9f8ccec19d} 7172 "\\.\pipe\gecko-crash-server-pipe.7172" 1e9f2c92110 utility
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-GB --service-sandbox-type=search_indexer --message-loop-type-ui --mojo-platform-channel-handle=7080 --field-trial-handle=2108,i,175679224649341972,9737569458968521055,262144 /prefetch:8
Source: C:\Users\user\Desktop\file.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwdJump to behavior
Source: C:\Users\user\Desktop\file.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwdJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2220 --field-trial-handle=2176,i,7983970190078579778,15414779449484211005,262144 /prefetch:3Jump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwdJump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2324 -parentBuildID 20230927232528 -prefsHandle 2264 -prefMapHandle 2260 -prefsLen 25359 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b2c51076-e2ba-496a-8a5d-bad7f0b747df} 7172 "\\.\pipe\gecko-crash-server-pipe.7172" 1e9e0c6d310 socketJump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3504 -parentBuildID 20230927232528 -prefsHandle 2852 -prefMapHandle 3480 -prefsLen 26374 -prefMapSize 237879 -appDir "C:\Program Files\Mozilla Firefox\browser" - {df1c462e-2999-4128-a5ee-18d3d60123b5} 7172 "\\.\pipe\gecko-crash-server-pipe.7172" 1e9f2c64d10 rddJump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5660 -parentBuildID 20230927232528 -sandboxingKind 0 -prefsHandle 5652 -prefMapHandle 5592 -prefsLen 33976 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e87c3b9e-4be0-4f77-84ea-de9f8ccec19d} 7172 "\\.\pipe\gecko-crash-server-pipe.7172" 1e9f2c92110 utilityJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2452 --field-trial-handle=2108,i,175679224649341972,9737569458968521055,262144 /prefetch:3Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=6428 --field-trial-handle=2108,i,175679224649341972,9737569458968521055,262144 /prefetch:8Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=6688 --field-trial-handle=2108,i,175679224649341972,9737569458968521055,262144 /prefetch:8Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe "C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=6984 --field-trial-handle=2108,i,175679224649341972,9737569458968521055,262144 /prefetch:8Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe "C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=6984 --field-trial-handle=2108,i,175679224649341972,9737569458968521055,262144 /prefetch:8Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-GB --service-sandbox-type=search_indexer --message-loop-type-ui --mojo-platform-channel-handle=7080 --field-trial-handle=2108,i,175679224649341972,9737569458968521055,262144 /prefetch:8Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2280 --field-trial-handle=2068,i,13160541813465607293,2712023220913971906,262144 /prefetch:3
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2144 --field-trial-handle=2020,i,12803728955632511086,9893143217689161617,262144 /prefetch:3
Source: C:\Users\user\Desktop\file.exeSection loaded: wsock32.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: winmm.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: mpr.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: wininet.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: userenv.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: propsys.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: profapi.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: edputil.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: netutils.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: windows.staterepositoryps.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: appresolver.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: bcp47langs.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: slc.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: sppc.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: onecorecommonproxystub.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: pcacli.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: sfc_os.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32Jump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: Binary string: webauthn.pdb source: firefox.exe, 00000005.00000003.2148293540.000001E9FBC01000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: z:\task_1551543573\build\openh264\gmpopenh264.pdbV source: firefox.exe, 00000005.00000003.2071201402.000001E9F2EBE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2079114380.000001E9F1900000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.5.dr
Source: Binary string: wshbth.pdbGCTL source: firefox.exe, 00000005.00000003.2149380569.000001E9F08C6000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: wshbth.pdb source: firefox.exe, 00000005.00000003.2149380569.000001E9F08C6000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: pnrpnsp.pdb source: firefox.exe, 00000005.00000003.2148912587.000001E9F08C6000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: z:\task_1551543573\build\openh264\gmpopenh264.pdb source: firefox.exe, 00000005.00000003.2071201402.000001E9F2EBE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2079114380.000001E9F1900000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.5.dr
Source: Binary string: webauthn.pdbGCTL source: firefox.exe, 00000005.00000003.2148293540.000001E9FBC01000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: pnrpnsp.pdbUGP source: firefox.exe, 00000005.00000003.2148912587.000001E9F08C6000.00000004.00000020.00020000.00000000.sdmp
Source: file.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: file.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: file.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: file.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: file.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00D242DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,0_2_00D242DE
Source: gmpopenh264.dll.tmp.5.drStatic PE information: section name: .rodata
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00D40A76 push ecx; ret 0_2_00D40A89
Source: C:\Program Files\Mozilla Firefox\firefox.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll.tmpJump to dropped file
Source: C:\Program Files\Mozilla Firefox\firefox.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll (copy)Jump to dropped file
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run MicrosoftEdgeAutoLaunch_C366A24065C39A1BE76E148DC2D0A868Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run MicrosoftEdgeAutoLaunch_C366A24065C39A1BE76E148DC2D0A868Jump to behavior
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00D3F98E GetForegroundWindow,FindWindowW,IsIconic,ShowWindow,SetForegroundWindow,GetWindowThreadProcessId,GetWindowThreadProcessId,GetCurrentThreadId,GetWindowThreadProcessId,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,SetForegroundWindow,MapVirtualKeyW,MapVirtualKeyW,keybd_event,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,SetForegroundWindow,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,0_2_00D3F98E
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00DB1C41 IsWindowVisible,IsWindowEnabled,GetForegroundWindow,IsIconic,IsZoomed,0_2_00DB1C41
Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

Malware Analysis System Evasion

barindex
Found API chain indicative of sandbox detection
Source: C:\Users\user\Desktop\file.exeSandbox detection routine: GetForegroundWindow, DecisionNode, Sleepgraph_0-96848
Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 17_2_00000130C8A32377 rdtsc 17_2_00000130C8A32377
Source: C:\Users\user\Desktop\file.exeAPI coverage: 3.3 %
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00D8DBBE lstrlenW,GetFileAttributesW,FindFirstFileW,FindClose,0_2_00D8DBBE
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00D968EE FindFirstFileW,FindClose,0_2_00D968EE
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00D9698F FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToSystemTime,FileTimeToSystemTime,0_2_00D9698F
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00D8D076 FindFirstFileW,DeleteFileW,DeleteFileW,MoveFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,0_2_00D8D076
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00D8D3A9 FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,0_2_00D8D3A9
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00D99642 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_00D99642
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00D9979D SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_00D9979D
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00D99B2B FindFirstFileW,Sleep,FindNextFileW,FindClose,0_2_00D99B2B
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00D95C97 FindFirstFileW,FindNextFileW,FindClose,0_2_00D95C97
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00D242DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,0_2_00D242DE
Source: firefox.exe, 00000011.00000002.2912585406.00000130C873A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWp1
Source: firefox.exe, 00000011.00000002.2918047347.00000130C8F80000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllY
Source: firefox.exe, 0000000D.00000002.2918580826.0000028D05D00000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllo
Source: firefox.exe, 0000000D.00000002.2913532188.0000028D0580A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.2918047347.00000130C8F80000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000019.00000002.2917310068.000002D8D7710000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000019.00000002.2912581263.000002D8D72EA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
Source: firefox.exe, 00000011.00000002.2918047347.00000130C8F80000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllf
Source: firefox.exe, 00000005.00000003.2278517549.000001E9EC5C0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1887670152.000001E9EC5C5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.2917720867.0000028D05C1E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW : 2 : 34 : 1 : 1 : 0x20026 : 0x8 : %SystemRoot%\system32\mswsock.dll : : 1234191b-4bf7-4ca7-86e0-dfd7c32b5445
Source: firefox.exe, 00000011.00000002.2918047347.00000130C8F80000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll=
Source: firefox.exe, 0000000D.00000002.2918580826.0000028D05D00000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: firefox.exe, 0000000D.00000002.2913532188.0000028D0580A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWC
Source: C:\Users\user\Desktop\file.exeProcess information queried: ProcessInformationJump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 17_2_00000130C8A32377 rdtsc 17_2_00000130C8A32377
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00D9EAA2 BlockInput,0_2_00D9EAA2
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00D52622 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00D52622
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00D242DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,0_2_00D242DE
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00D44CE8 mov eax, dword ptr fs:[00000030h]0_2_00D44CE8
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00D80B62 GetSecurityDescriptorDacl,GetAclInformation,GetLengthSid,GetLengthSid,GetAce,AddAce,GetLengthSid,GetProcessHeap,HeapAlloc,GetLengthSid,CopySid,AddAce,SetSecurityDescriptorDacl,SetUserObjectSecurity,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,0_2_00D80B62
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00D52622 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00D52622
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00D4083F IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00D4083F
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00D409D5 SetUnhandledExceptionFilter,0_2_00D409D5
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00D40C21 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_00D40C21

HIPS / PFW / Operating System Protection Evasion

barindex
Maps a DLL or memory area into another process
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeSection loaded: NULL target: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe protection: readonlyJump to behavior
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00D81201 LogonUserW,DuplicateTokenEx,CloseHandle,OpenWindowStationW,GetProcessWindowStation,SetProcessWindowStation,OpenDesktopW,_wcslen,LoadUserProfileW,CreateEnvironmentBlock,CreateProcessAsUserW,UnloadUserProfile,GetProcessHeap,HeapFree,CloseWindowStation,CloseDesktop,SetProcessWindowStation,CloseHandle,DestroyEnvironmentBlock,0_2_00D81201
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00D62BA5 KiUserCallbackDispatcher,SetCurrentDirectoryW,GetForegroundWindow,ShellExecuteW,0_2_00D62BA5
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00D8B226 SendInput,keybd_event,0_2_00D8B226
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00DA22DA GetForegroundWindow,GetDesktopWindow,GetWindowRect,mouse_event,GetCursorPos,mouse_event,0_2_00DA22DA
Source: C:\Users\user\Desktop\file.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwdJump to behavior
Source: C:\Users\user\Desktop\file.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwdJump to behavior
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00D80B62 GetSecurityDescriptorDacl,GetAclInformation,GetLengthSid,GetLengthSid,GetAce,AddAce,GetLengthSid,GetProcessHeap,HeapAlloc,GetLengthSid,CopySid,AddAce,SetSecurityDescriptorDacl,SetUserObjectSecurity,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,0_2_00D80B62
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00D81663 AllocateAndInitializeSid,CheckTokenMembership,FreeSid,0_2_00D81663
Source: file.exeBinary or memory string: Run Script:AutoIt script files (*.au3, *.a3x)*.au3;*.a3xAll files (*.*)*.*au3#include depth exceeded. Make sure there are no recursive includesError opening the file>>>AUTOIT SCRIPT<<<Bad directive syntax errorUnterminated stringCannot parse #includeUnterminated group of commentsONOFF0%d%dShell_TrayWndREMOVEKEYSEXISTSAPPENDblankinfoquestionstopwarning
Source: file.exeBinary or memory string: Shell_TrayWnd
Source: firefox.exe, 00000005.00000003.2139006279.000001E9FBC01000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: hSoftware\Policies\Microsoft\Windows\PersonalizationNoChangingStartMenuBackgroundPersonalColors_BackgroundWilStaging_02RtlDisownModuleHeapAllocationRtlQueryFeatureConfigurationRtlRegisterFeatureConfigurationChangeNotificationRtlSubscribeWnfStateChangeNotificationRtlDllShutdownInProgressntdll.dllNtQueryWnfStateDataLocal\SM0:%d:%d:%hs_p0Local\SessionImmersiveColorPreferenceBEGINTHMthmfile\Sessions\%d\Windows\ThemeSectionMessageWindowendthemewndThemeApiConnectionRequest\ThemeApiPortwinsta0SOFTWARE\Microsoft\Windows\CurrentVersion\Themes\PersonalizeAppsUseLightThemeSystemUsesLightThemedefaultshell\themes\uxtheme\render.cppCompositedWindow::WindowdeletedrcacheMDIClientSoftware\Microsoft\Windows\DWMColorPrevalenceSoftware\Microsoft\Windows\CurrentVersion\ImmersiveShellTabletModeMENUAccentColorSoftware\Microsoft\Windows\CurrentVersion\Explorer\AccentDefaultStartColorControl Panel\DesktopAutoColorizationAccentColorMenuStartColorMenuAutoColorSoftware\Microsoft\Windows\CurrentVersion\Themes\History\ColorsSoftware\Microsoft\Windows\CurrentVersion\Themes\HistoryAccentPaletteTab$Shell_TrayWndLocal\SessionImmersiveColorMutex
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00D40698 cpuid 0_2_00D40698
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00D98195 GetLocalTime,SystemTimeToFileTime,LocalFileTimeToFileTime,GetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,0_2_00D98195
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00D7D27A GetUserNameW,0_2_00D7D27A
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00D5BB6F _free,GetTimeZoneInformation,WideCharToMultiByte,WideCharToMultiByte,0_2_00D5BB6F
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00D242DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,0_2_00D242DE
Source: file.exeBinary or memory string: WIN_81
Source: file.exeBinary or memory string: WIN_XP
Source: file.exeBinary or memory string: %.3d%S%M%H%m%Y%jX86IA64X64WIN32_NTWIN_11WIN_10WIN_2022WIN_2019WIN_2016WIN_81WIN_2012R2WIN_2012WIN_8WIN_2008R2WIN_7WIN_2008WIN_VISTAWIN_2003WIN_XPeWIN_XPInstallLanguageSYSTEM\CurrentControlSet\Control\Nls\LanguageSchemeLangIDControl Panel\AppearanceUSERPROFILEUSERDOMAINUSERDNSDOMAINGetSystemWow64DirectoryWSeDebugPrivilege:winapistdcallubyte64HKEY_LOCAL_MACHINEHKLMHKEY_CLASSES_ROOTHKCRHKEY_CURRENT_CONFIGHKCCHKEY_CURRENT_USERHKCUHKEY_USERSHKUREG_EXPAND_SZREG_SZREG_MULTI_SZREG_DWORDREG_QWORDREG_BINARYRegDeleteKeyExWadvapi32.dll+.-.\\[\\nrt]|%%|%[-+ 0#]?([0-9]*|\*)?(\.[0-9]*|\.\*)?[hlL]?[diouxXeEfgGs](*UCP)\XISVISIBLEISENABLEDTABLEFTTABRIGHTCURRENTTABSHOWDROPDOWNHIDEDROPDOWNADDSTRINGDELSTRINGFINDSTRINGGETCOUNTSETCURRENTSELECTIONGETCURRENTSELECTIONSELECTSTRINGISCHECKEDCHECKUNCHECKGETSELECTEDGETLINECOUNTGETCURRENTLINEGETCURRENTCOLEDITPASTEGETLINESENDCOMMANDIDGETITEMCOUNTGETSUBITEMCOUNTGETTEXTGETSELECTEDCOUNTISSELECTEDSELECTALLSELECTCLEARSELECTINVERTDESELECTFINDITEMVIEWCHANGEGETTOTALCOUNTCOLLAPSEEXPANDmsctls_statusbar321tooltips_class32%d/%02d/%02dbuttonComboboxListboxSysDateTimePick32SysMonthCal32.icl.exe.dllMsctls_Progress32msctls_trackbar32SysAnimate32msctls_updown32SysTabControl32SysTreeView32SysListView32-----@GUI_DRAGID@GUI_DROPID@GUI_DRAGFILEError text not found (please report)Q\EDEFINEUTF16)UTF)UCP)NO_AUTO_POSSESS)NO_START_OPT)LIMIT_MATCH=LIMIT_RECURSION=CR)LF)CRLF)ANY)ANYCRLF)BSR_ANYCRLF)BSR_UNICODE)argument is not a compiled regular expressionargument not compiled in 16 bit modeinternal error: opcode not recognizedinternal error: missing capturing bracketfailed to get memory
Source: file.exeBinary or memory string: WIN_XPe
Source: file.exeBinary or memory string: WIN_VISTA
Source: file.exeBinary or memory string: WIN_7
Source: file.exeBinary or memory string: WIN_8
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00DA1204 socket,WSAGetLastError,bind,WSAGetLastError,closesocket,listen,WSAGetLastError,closesocket,0_2_00DA1204
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00DA1806 socket,WSAGetLastError,bind,WSAGetLastError,closesocket,0_2_00DA1806

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire Infrastructure2
Valid Accounts		1
Native API		1
DLL Side-Loading		1
Exploitation for Privilege Escalation		1
Disable or Modify Tools		21
Input Capture		2
System Time Discovery		Remote Services1
Archive Collected Data		4
Ingress Tool Transfer		Exfiltration Over Other Network Medium1
System Shutdown/Reboot
CredentialsDomainsDefault AccountsScheduled Task/Job2
Valid Accounts		1
DLL Side-Loading		1
Deobfuscate/Decode Files or Information		LSASS Memory1
Account Discovery		Remote Desktop Protocol21
Input Capture		11
Encrypted Channel		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAt1
Registry Run Keys / Startup Folder		1
Extra Window Memory Injection		2
Obfuscated Files or Information		Security Account Manager2
File and Directory Discovery		SMB/Windows Admin Shares3
Clipboard Data		4
Non-Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook2
Valid Accounts		1
DLL Side-Loading		NTDS15
System Information Discovery		Distributed Component Object ModelInput Capture5
Application Layer Protocol		Traffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon Script21
Access Token Manipulation		1
Extra Window Memory Injection		LSA Secrets131
Security Software Discovery		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC Scripts112
Process Injection		1
Masquerading		Cached Domain Credentials1
Virtualization/Sandbox Evasion		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup Items1
Registry Run Keys / Startup Folder		2
Valid Accounts		DCSync3
Process Discovery		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
Virtualization/Sandbox Evasion		Proc Filesystem1
Application Window Discovery		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt21
Access Token Manipulation		/etc/passwd and /etc/shadow1
System Owner/User Discovery		Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCron112
Process Injection		Network SniffingNetwork Service DiscoveryShared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1502481 Sample: file.exe Startdate: 01/09/2024 Architecture: WINDOWS Score: 68 50 us-west1.prod.sumo.prod.webservices.mozgcp.net 2->50 52 telemetry-incoming.r53-2.services.mozilla.com 2->52 54 24 other IPs or domains 2->54 72 Multi AV Scanner detection for submitted file 2->72 74 Binary is likely a compiled AutoIt script file 2->74 76 Machine Learning detection for sample 2->76 78 AI detected suspicious sample 2->78 8 file.exe 1 2->8         started        11 msedge.exe 150 527 2->11         started        14 firefox.exe 1 2->14         started        16 2 other processes 2->16 signatures3 process4 dnsIp5 80 Binary is likely a compiled AutoIt script file 8->80 82 Found API chain indicative of sandbox detection 8->82 18 msedge.exe 16 8->18         started        20 firefox.exe 1 8->20         started        68 192.168.2.4, 138, 443, 49723 unknown unknown 11->68 70 239.255.255.250 unknown Reserved 11->70 84 Maps a DLL or memory area into another process 11->84 22 msedge.exe 11->22         started        25 msedge.exe 11->25         started        27 msedge.exe 11->27         started        36 3 other processes 11->36 29 firefox.exe 3 198 14->29         started        32 msedge.exe 16->32         started        34 msedge.exe 16->34         started        signatures6 process7 dnsIp8 38 msedge.exe 18->38         started        56 13.107.246.40, 443, 51087, 51088 MICROSOFT-CORP-MSN-AS-BLOCKUS United States 22->56 58 s-part-0032.t-0009.t-msedge.net 13.107.246.60, 443, 49763, 49764 MICROSOFT-CORP-MSN-AS-BLOCKUS United States 22->58 64 15 other IPs or domains 22->64 60 prod.detectportal.prod.cloudops.mozgcp.net 34.107.221.82, 49771, 51086, 51113 GOOGLEUS United States 29->60 62 push.services.mozilla.com 34.107.243.93, 443, 51131, 51140 GOOGLEUS United States 29->62 66 8 other IPs or domains 29->66 46 C:\Users\user\AppData\...\gmpopenh264.dll.tmp, PE32+ 29->46 dropped 48 C:\Users\user\...\gmpopenh264.dll (copy), PE32+ 29->48 dropped 40 firefox.exe 29->40         started        42 firefox.exe 29->42         started        44 firefox.exe 29->44         started        file9 process10

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
file.exe26%VirustotalBrowse
file.exe100%Joe Sandbox ML

Dropped Files

SourceDetectionScannerLabelLink
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll (copy)0%ReversingLabs
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll (copy)0%VirustotalBrowse
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll.tmp0%ReversingLabs
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll.tmp0%VirustotalBrowse

Unpacked PE Files

No Antivirus matches

Domains

SourceDetectionScannerLabelLink
example.org0%VirustotalBrowse
chrome.cloudflare-dns.com0%VirustotalBrowse
prod.classify-client.prod.webservices.mozgcp.net0%VirustotalBrowse
prod.detectportal.prod.cloudops.mozgcp.net0%VirustotalBrowse
services.addons.mozilla.org0%VirustotalBrowse
prod.balrog.prod.cloudops.mozgcp.net0%VirustotalBrowse
prod.remote-settings.prod.webservices.mozgcp.net0%VirustotalBrowse
contile.services.mozilla.com0%VirustotalBrowse
sni1gl.wpc.nucdn.net0%VirustotalBrowse
prod.content-signature-chains.prod.webservices.mozgcp.net0%VirustotalBrowse
us-west1.prod.sumo.prod.webservices.mozgcp.net0%VirustotalBrowse
ipv4only.arpa0%VirustotalBrowse
s-part-0032.t-0009.t-msedge.net0%VirustotalBrowse
prod.ads.prod.webservices.mozgcp.net0%VirustotalBrowse
push.services.mozilla.com0%VirustotalBrowse
googlehosted.l.googleusercontent.com0%VirustotalBrowse
detectportal.firefox.com0%VirustotalBrowse
telemetry-incoming.r53-2.services.mozilla.com0%VirustotalBrowse
spocs.getpocket.com0%VirustotalBrowse
bzib.nelreports.net0%VirustotalBrowse
support.mozilla.org0%VirustotalBrowse
firefox.settings.services.mozilla.com0%VirustotalBrowse
content-signature-2.cdn.mozilla.net0%VirustotalBrowse
clients2.googleusercontent.com0%VirustotalBrowse
shavar.services.mozilla.com0%VirustotalBrowse

URLs

SourceDetectionScannerLabelLink
https://duckduckgo.com/chrome_newtab0%URL Reputationsafe
https://duckduckgo.com/ac/?q=0%URL Reputationsafe
https://getpocket.cdn.mozilla.net/v3/newtab/layout?version=1&consumer_key=40249-e88c401e1b1f2242d9e40%URL Reputationsafe
https://getpocket.cdn.mozilla.net/v3/firefox/trending-topics?version=2&consumer_key=$apiKey&locale_l0%URL Reputationsafe
http://detectportal.firefox.com/0%URL Reputationsafe
https://services.addons.mozilla.org/api/v5/addons/browser-mappings/?browser=%BROWSER%0%URL Reputationsafe
https://datastudio.google.com/embed/reporting/0%URL Reputationsafe
http://www.mozilla.com00%URL Reputationsafe
https://bridge.lga1.admarketplace.net/ctp?version=16.0.0&key=1696332238301000001.2&ci=1696332238417.0%URL Reputationsafe
https://merino.services.mozilla.com/api/v1/suggest0%URL Reputationsafe
https://json-schema.org/draft/2019-09/schema.0%URL Reputationsafe
https://csp.withgoogle.com/csp/report-to/apps-themes0%URL Reputationsafe
http://www.fontbureau.com/designers0%URL Reputationsafe
http://www.fontbureau.com/designers0%URL Reputationsafe
https://monitor.firefox.com/oauth/init?entrypoint=protection_report_monitor&utm_source=about-protect0%URL Reputationsafe
https://www.leboncoin.fr/0%URL Reputationsafe
https://www.leboncoin.fr/0%URL Reputationsafe
https://spocs.getpocket.com/spocs0%URL Reputationsafe
https://screenshots.firefox.com0%URL Reputationsafe
https://shavar.services.mozilla.com0%URL Reputationsafe
https://completion.amazon.com/search/complete?q=0%URL Reputationsafe
https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/social-media-tracking-report0%URL Reputationsafe
https://ads.stickyadstv.com/firefox-etp0%URL Reputationsafe
https://identity.mozilla.com/ids/ecosystem_telemetryU0%URL Reputationsafe
https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/send-tab0%URL Reputationsafe
https://monitor.firefox.com/breach-details/0%URL Reputationsafe
https://versioncheck-bg.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEM0%URL Reputationsafe
https://profiler.firefox.com/0%URL Reputationsafe
https://services.addons.mozilla.org/api/v4/addons/addon/0%URL Reputationsafe
https://tracking-protection-issues.herokuapp.com/new0%URL Reputationsafe
http://exslt.org/sets0%URL Reputationsafe
https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/password-manager-report0%URL Reputationsafe
https://content-signature-2.cdn.mozilla.net/0%URL Reputationsafe
https://json-schema.org/draft/2020-12/schema/=0%URL Reputationsafe
https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/fingerprinters-report0%URL Reputationsafe
https://api.accounts.firefox.com/v10%URL Reputationsafe
http://exslt.org/common0%URL Reputationsafe
https://drive-daily-2.corp.google.com/0%URL Reputationsafe
https://play.google.com/store/apps/details?id=org.mozilla.firefox.vpn&referrer=utm_source%3Dfirefox-0%Avira URL Cloudsafe
https://fpn.firefox.com0%URL Reputationsafe
https://shavar.services.mozilla.com/downloads?client=SAFEBROWSING_ID&appver=118.0&pver=2.20%URL Reputationsafe
https://monitor.firefox.com/?entrypoint=protection_report_monitor&utm_source=about-protections0%URL Reputationsafe
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=0%URL Reputationsafe
http://exslt.org/dates-and-times0%URL Reputationsafe
https://drive-daily-1.corp.google.com/0%URL Reputationsafe
https://drive-daily-5.corp.google.com/0%URL Reputationsafe
https://bugzilla.mozilla.org/show_bug.cgi?id=12836010%URL Reputationsafe
https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/shield0%URL Reputationsafe
https://MD8.mozilla.org/1/m0%URL Reputationsafe
https://bzib.nelreports.net/api/report?cat=bingbusiness0%URL Reputationsafe
https://getpocket.cdn.mozilla.net/v3/firefox/global-recs?version=3&consumer_key=$apiKey&locale_lang=0%URL Reputationsafe
https://bugzilla.mozilla.org/show_bug.cgi?id=12662200%URL Reputationsafe
https://bugzilla.mo0%URL Reputationsafe
https://mitmdetection.services.mozilla.com/0%URL Reputationsafe
https://shavar.services.mozilla.com/0%URL Reputationsafe
https://chromewebstore.google.com/0%URL Reputationsafe
https://drive-preprod.corp.google.com/0%URL Reputationsafe
https://docs.google.com/0%Avira URL Cloudsafe
https://www.amazon.com/exec/obidos/external-search/?field-keywords=&ie=UTF-8&mode=blended&tag=mozill0%Avira URL Cloudsafe
https://spocs.getpocket.com/0%URL Reputationsafe
https://services.addons.mozilla.org/api/v4/abuse/report/addon/0%URL Reputationsafe
https://services.addons.mozilla.org/api/v4/addons/search/?guid=%IDS%&lang=%LOCALE%0%URL Reputationsafe
https://color.firefox.com/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_content=theme-f0%URL Reputationsafe
https://monitor.firefox.com/user/breach-stats?includeResolved=true0%URL Reputationsafe
https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/cross-site-tracking-report0%URL Reputationsafe
https://merino.services.mozilla.com/api/v1/suggestabout0%URL Reputationsafe
https://bugzilla.mozilla.org/show_bug.cgi?id=15844640%URL Reputationsafe
https://www.amazon.com/exec/obidos/external-search/0%Avira URL Cloudsafe
https://services.addons.mozilla.org/api/v4/addons/search/?guid=default-theme%40mozilla.org%2Caddons-0%URL Reputationsafe
https://github.com/w3c/csswg-drafts/issues/46500%Avira URL Cloudsafe
https://safebrowsing.google.com/safebrowsing/diagnostic?site=0%URL Reputationsafe
https://monitor.firefox.com/user/dashboard0%URL Reputationsafe
https://versioncheck.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEM_ID0%URL Reputationsafe
https://monitor.firefox.com/about0%URL Reputationsafe
https://account.bellmedia.c0%URL Reputationsafe
https://www.openh264.org/0%URL Reputationsafe
https://login.microsoftonline.com0%URL Reputationsafe
https://coverage.mozilla.org0%URL Reputationsafe
http://crl.thawte.com/ThawteTimestampingCA.crl00%URL Reputationsafe
https://csp.withgoogle.com/csp/report-to/AccountsSignInUi0%URL Reputationsafe
http://x1.c.lencr.org/00%URL Reputationsafe
http://x1.i.lencr.org/00%URL Reputationsafe
https://www.msn.com0%Avira URL Cloudsafe
https://github.com/mozilla-services/screenshots0%Avira URL Cloudsafe
https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_7548d4575af019e4c148ccf1a78112802e66a0816a72fc940%Avira URL Cloudsafe
https://www.msn.com0%VirustotalBrowse
https://github.com/w3c/csswg-drafts/issues/46500%VirustotalBrowse
https://www.amazon.com/0%Avira URL Cloudsafe
https://addons.mozilla.org/%LOCALE%/%APP%/blocked-addon/%addonID%/%addonVersion%/0%Avira URL Cloudsafe
https://bridge.lga1.ap01.net/ctp?version=16.0.0&key=1696332238301000001.1&ci=1696332238417.12791&cta0%Avira URL Cloudsafe
https://github.com/mozilla-services/screenshots0%VirustotalBrowse
https://www.youtube.com/0%Avira URL Cloudsafe
https://www.amazon.com/exec/obidos/external-search/0%VirustotalBrowse
https://www.google.com/favicon.ico0%Avira URL Cloudsafe
https://addons.mozilla.org/%LOCALE%/%APP%/blocked-addon/%addonID%/%addonVersion%/0%VirustotalBrowse
https://www.bbc.co.uk/0%Avira URL Cloudsafe
https://addons.mozilla.org/firefox/addon/to-google-translate/0%Avira URL Cloudsafe
http://127.0.0.1:0%Avira URL Cloudsafe
https://docs.google.com/0%VirustotalBrowse
https://www.bbc.co.uk/0%VirustotalBrowse

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
example.org
93.184.215.14
truefalseunknown
chrome.cloudflare-dns.com
172.64.41.3
truefalseunknown
prod.classify-client.prod.webservices.mozgcp.net
35.190.72.216
truefalseunknown
prod.balrog.prod.cloudops.mozgcp.net
35.244.181.201
truefalseunknown
prod.detectportal.prod.cloudops.mozgcp.net
34.107.221.82
truefalseunknown
services.addons.mozilla.org
52.222.236.23
truefalseunknown
prod.remote-settings.prod.webservices.mozgcp.net
34.149.100.209
truefalseunknown
sni1gl.wpc.nucdn.net
152.199.21.175
truefalseunknown
contile.services.mozilla.com
34.117.188.166
truefalseunknown
prod.content-signature-chains.prod.webservices.mozgcp.net
34.160.144.191
truefalseunknown
us-west1.prod.sumo.prod.webservices.mozgcp.net
34.149.128.2
truefalseunknown
ipv4only.arpa
192.0.0.171
truefalseunknown
prod.ads.prod.webservices.mozgcp.net
34.117.188.166
truefalseunknown
push.services.mozilla.com
34.107.243.93
truefalseunknown
googlehosted.l.googleusercontent.com
216.58.206.65
truefalseunknown
s-part-0032.t-0009.t-msedge.net
13.107.246.60
truefalseunknown
telemetry-incoming.r53-2.services.mozilla.com
34.120.208.123
truefalseunknown
spocs.getpocket.com
unknown
unknownfalseunknown
detectportal.firefox.com
unknown
unknownfalseunknown
clients2.googleusercontent.com
unknown
unknownfalseunknown
bzib.nelreports.net
unknown
unknownfalseunknown
content-signature-2.cdn.mozilla.net
unknown
unknownfalseunknown
support.mozilla.org
unknown
unknownfalseunknown
firefox.settings.services.mozilla.com
unknown
unknownfalseunknown
shavar.services.mozilla.com
unknown
unknownfalseunknown

Contacted URLs

NameMaliciousAntivirus DetectionReputation
https://www.google.com/favicon.icofalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://clients2.googleusercontent.com/crx/blobs/AY4GWKBMNax_FQrZEVzNkO_0mu3UShnzR6AihR_EPjVIUOT_pwZzkWCpOk8YKIu0qnIq_YObWXuPyiJ7NA0nDjMHUEYIIEknsNvJHXuPd0MqxESzoxi9xiMyJKNwZiVV1yEAxlKa5UVe61sINARQ7fO9dE0bkfP_W4GG/GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_80_1_0.crxfalse
  • Avira URL Cloud: safe
unknown

URLs from Memory and Binaries

NameSourceMaliciousAntivirus DetectionReputation
https://duckduckgo.com/chrome_newtabWeb Data.7.drfalse
  • URL Reputation: safe
unknown
https://play.google.com/store/apps/details?id=org.mozilla.firefox.vpn&referrer=utm_source%3Dfirefox-firefox.exe, 0000000D.00000002.2914510518.0000028D05970000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2913477496.00000130C87B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2913641047.000002D8D7430000.00000002.10000000.00040000.00000000.sdmpfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://duckduckgo.com/ac/?q=Web Data.7.drfalse
  • URL Reputation: safe
unknown
https://getpocket.cdn.mozilla.net/v3/newtab/layout?version=1&consumer_key=40249-e88c401e1b1f2242d9e4firefox.exe, 00000005.00000003.1887088091.000001E9EDB05000.00000004.00000800.00020000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://getpocket.cdn.mozilla.net/v3/firefox/trending-topics?version=2&consumer_key=$apiKey&locale_lfirefox.exe, 00000019.00000002.2914464009.000002D8D76C8000.00000004.00000800.00020000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
http://detectportal.firefox.com/firefox.exe, 00000005.00000003.2075761671.000001E9EECFD000.00000004.00000800.00020000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://services.addons.mozilla.org/api/v5/addons/browser-mappings/?browser=%BROWSER%firefox.exe, 0000000D.00000002.2914510518.0000028D05970000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2913477496.00000130C87B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2913641047.000002D8D7430000.00000002.10000000.00040000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://datastudio.google.com/embed/reporting/firefox.exe, 00000005.00000003.2205834984.000001E9F26A1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2193864105.000001E9FAB7B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2195868070.000001E9FA342000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2263976392.000001E9FAB7B000.00000004.00000800.00020000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
http://www.mozilla.com0firefox.exe, 00000005.00000003.2079114380.000001E9F1900000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.5.drfalse
  • URL Reputation: safe
unknown
https://bridge.lga1.admarketplace.net/ctp?version=16.0.0&key=1696332238301000001.2&ci=1696332238417.firefox.exe, 00000005.00000003.1887088091.000001E9EDB05000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2130302315.000001E9EC4B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1843827330.000001E9EDB51000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1887817419.000001E9EC4B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.2914874948.0000028D05BCB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.2914064409.00000130C89F0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000002.2917723479.000002D8D7803000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.5.drfalse
  • URL Reputation: safe
unknown
https://merino.services.mozilla.com/api/v1/suggestfirefox.exe, 0000000D.00000002.2914874948.0000028D05B72000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.2914064409.00000130C898B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000002.2914464009.000002D8D7687000.00000004.00000800.00020000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://json-schema.org/draft/2019-09/schema.firefox.exe, 00000005.00000003.2196132695.000001E9FA305000.00000004.00000800.00020000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://csp.withgoogle.com/csp/report-to/apps-themesReporting and NEL.7.drfalse
  • URL Reputation: safe
unknown
http://www.fontbureau.com/designersfirefox.exe, 00000005.00000003.2335922500.000001E9EC176000.00000004.00000020.00020000.00000000.sdmpfalse
  • URL Reputation: safe
  • URL Reputation: safe
unknown
https://monitor.firefox.com/oauth/init?entrypoint=protection_report_monitor&utm_source=about-protectfirefox.exe, 0000000D.00000002.2914510518.0000028D05970000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2913477496.00000130C87B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2913641047.000002D8D7430000.00000002.10000000.00040000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://www.leboncoin.fr/firefox.exe, 00000005.00000003.2198784140.000001E9F9B84000.00000004.00000800.00020000.00000000.sdmpfalse
  • URL Reputation: safe
  • URL Reputation: safe
unknown
https://spocs.getpocket.com/spocsfirefox.exe, 00000005.00000003.2198992249.000001E9F9B60000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2277975151.000001E9ECBA3000.00000004.00000800.00020000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://www.amazon.com/exec/obidos/external-search/?field-keywords=&ie=UTF-8&mode=blended&tag=mozillfirefox.exe, 00000005.00000003.2277852568.000001E9ECBCC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2203804431.000001E9ECBCA000.00000004.00000800.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://docs.google.com/manifest.json.7.drfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://screenshots.firefox.comfirefox.exe, 00000005.00000003.2278517549.000001E9EC5F2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2077229833.000001E9ECDCA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1887271129.000001E9ECDCA000.00000004.00000800.00020000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://shavar.services.mozilla.comfirefox.exe, 00000005.00000003.2203804431.000001E9ECBCA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2130069450.000001E9FA7CD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2194763934.000001E9FA7C9000.00000004.00000800.00020000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://completion.amazon.com/search/complete?q=firefox.exe, 00000005.00000003.2199557352.000001E9F36D3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1745590739.000001E9EE381000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1745454157.000001E9EE36C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1743913529.000001E9EE100000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1745294173.000001E9EE357000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1745156313.000001E9EE341000.00000004.00000800.00020000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/social-media-tracking-reportfirefox.exe, 0000000D.00000002.2914510518.0000028D05970000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2913477496.00000130C87B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2913641047.000002D8D7430000.00000002.10000000.00040000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://ads.stickyadstv.com/firefox-etpfirefox.exe, 00000005.00000003.2072054023.000001E9F25AA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2072054023.000001E9F25F8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1841743049.000001E9F25F8000.00000004.00000800.00020000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://identity.mozilla.com/ids/ecosystem_telemetryUfirefox.exe, 00000005.00000003.2191951992.000001E9FAD44000.00000004.00000800.00020000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/send-tabfirefox.exe, 0000000D.00000002.2914510518.0000028D05970000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2913477496.00000130C87B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2913641047.000002D8D7430000.00000002.10000000.00040000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://monitor.firefox.com/breach-details/firefox.exe, 0000000D.00000002.2914510518.0000028D05970000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2913477496.00000130C87B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2913641047.000002D8D7430000.00000002.10000000.00040000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://github.com/w3c/csswg-drafts/issues/4650firefox.exe, 00000005.00000003.2203804431.000001E9ECB30000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2278375530.000001E9ECB36000.00000004.00000800.00020000.00000000.sdmpfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://versioncheck-bg.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEMfirefox.exe, 0000000D.00000002.2914510518.0000028D05970000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2913477496.00000130C87B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2913641047.000002D8D7430000.00000002.10000000.00040000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://www.amazon.com/exec/obidos/external-search/firefox.exe, 00000005.00000003.1744468269.000001E9EE317000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2123744943.000001E9FA9F7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1744994781.000001E9EE32C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1745590739.000001E9EE381000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1787106032.000001E9F18DD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1745454157.000001E9EE36C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1743913529.000001E9EE100000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2072369698.000001E9F18F0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1745294173.000001E9EE357000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2203804431.000001E9ECB9D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1793931753.000001E9F18DD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1745156313.000001E9EE341000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1884749515.000001E9F18F0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2277975151.000001E9ECBA3000.00000004.00000800.00020000.00000000.sdmpfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://profiler.firefox.com/firefox.exe, 00000005.00000003.1843050761.000001E9EEC59000.00000004.00000800.00020000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://www.msn.comfirefox.exe, 00000005.00000003.2203804431.000001E9ECB2C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1779508531.000001E9F36A4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1843277716.000001E9EE1A1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1837560155.000001E9F36A4000.00000004.00000800.00020000.00000000.sdmpfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://github.com/mozilla-services/screenshotsfirefox.exe, 00000005.00000003.1744468269.000001E9EE317000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1744994781.000001E9EE32C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1745454157.000001E9EE36C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1743913529.000001E9EE100000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1745294173.000001E9EE357000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1745156313.000001E9EE341000.00000004.00000800.00020000.00000000.sdmpfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://services.addons.mozilla.org/api/v4/addons/addon/firefox.exe, 0000000D.00000002.2914510518.0000028D05970000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2913477496.00000130C87B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2913641047.000002D8D7430000.00000002.10000000.00040000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://tracking-protection-issues.herokuapp.com/newfirefox.exe, 0000000D.00000002.2914510518.0000028D05970000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2913477496.00000130C87B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2913641047.000002D8D7430000.00000002.10000000.00040000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
http://exslt.org/setsfirefox.exe, 00000005.00000003.1887980483.000001E9EC48D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2130302315.000001E9EC48A000.00000004.00000800.00020000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/password-manager-reportfirefox.exe, 0000000D.00000002.2914510518.0000028D05970000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2913477496.00000130C87B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2913641047.000002D8D7430000.00000002.10000000.00040000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://content-signature-2.cdn.mozilla.net/firefox.exe, 00000005.00000003.2267566706.000001E9F9FA4000.00000004.00000800.00020000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://json-schema.org/draft/2020-12/schema/=firefox.exe, 00000005.00000003.2196132695.000001E9FA305000.00000004.00000800.00020000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_7548d4575af019e4c148ccf1a78112802e66a0816a72fc94firefox.exe, 00000005.00000003.1887088091.000001E9EDB05000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2130302315.000001E9EC4B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1843827330.000001E9EDB51000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1887817419.000001E9EC4B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.2914874948.0000028D05BCB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.2914064409.00000130C89F0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000002.2917723479.000002D8D7803000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.5.drfalse
  • Avira URL Cloud: safe
unknown
https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/fingerprinters-reportfirefox.exe, 0000000D.00000002.2914510518.0000028D05970000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2913477496.00000130C87B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2913641047.000002D8D7430000.00000002.10000000.00040000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://api.accounts.firefox.com/v1firefox.exe, 0000000D.00000002.2914510518.0000028D05970000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2913477496.00000130C87B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2913641047.000002D8D7430000.00000002.10000000.00040000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
http://exslt.org/commonfirefox.exe, 00000005.00000003.1887980483.000001E9EC48D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2130302315.000001E9EC48A000.00000004.00000800.00020000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://drive-daily-2.corp.google.com/manifest.json.7.drfalse
  • URL Reputation: safe
unknown
https://www.amazon.com/firefox.exe, 00000005.00000003.2203804431.000001E9ECBCA000.00000004.00000800.00020000.00000000.sdmpfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://addons.mozilla.org/%LOCALE%/%APP%/blocked-addon/%addonID%/%addonVersion%/firefox.exe, 0000000D.00000002.2914510518.0000028D05970000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2913477496.00000130C87B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2913641047.000002D8D7430000.00000002.10000000.00040000.00000000.sdmpfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://fpn.firefox.comfirefox.exe, 00000005.00000003.1886988630.000001E9EDB20000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2076284862.000001E9EEC48000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1843050761.000001E9EEC48000.00000004.00000800.00020000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://shavar.services.mozilla.com/downloads?client=SAFEBROWSING_ID&appver=118.0&pver=2.2firefox.exe, 00000005.00000003.2195567398.000001E9FA390000.00000004.00000800.00020000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://monitor.firefox.com/?entrypoint=protection_report_monitor&utm_source=about-protectionsfirefox.exe, 0000000D.00000002.2914510518.0000028D05970000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2913477496.00000130C87B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2913641047.000002D8D7430000.00000002.10000000.00040000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=Web Data.7.drfalse
  • URL Reputation: safe
unknown
http://exslt.org/dates-and-timesfirefox.exe, 00000005.00000003.2130302315.000001E9EC481000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1888077375.000001E9EC481000.00000004.00000800.00020000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://bridge.lga1.ap01.net/ctp?version=16.0.0&key=1696332238301000001.1&ci=1696332238417.12791&ctafirefox.exe, 00000005.00000003.1887088091.000001E9EDB05000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2130302315.000001E9EC4B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1843827330.000001E9EDB51000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1887817419.000001E9EC4B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.2914874948.0000028D05BCB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.2914064409.00000130C89F0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000002.2917723479.000002D8D7803000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.5.drfalse
  • Avira URL Cloud: safe
unknown
https://drive-daily-1.corp.google.com/manifest.json.7.drfalse
  • URL Reputation: safe
unknown
https://www.youtube.com/firefox.exe, 00000005.00000003.2277975151.000001E9ECBA3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.2914064409.00000130C8903000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000002.2914464009.000002D8D760C000.00000004.00000800.00020000.00000000.sdmpfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://drive-daily-5.corp.google.com/manifest.json.7.drfalse
  • URL Reputation: safe
unknown
https://bugzilla.mozilla.org/show_bug.cgi?id=1283601firefox.exe, 00000005.00000003.2128952615.000001E9FAEC9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2127543369.000001E9F12BE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2128998109.000001E9FAEDC000.00000004.00000800.00020000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/shieldfirefox.exe, 0000000D.00000002.2914510518.0000028D05970000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2913477496.00000130C87B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2913641047.000002D8D7430000.00000002.10000000.00040000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://MD8.mozilla.org/1/mfirefox.exe, 00000005.00000003.2196445774.000001E9FA0BA000.00000004.00000800.00020000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://www.bbc.co.uk/firefox.exe, 00000005.00000003.2198784140.000001E9F9B84000.00000004.00000800.00020000.00000000.sdmpfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://addons.mozilla.org/firefox/addon/to-google-translate/firefox.exe, 00000005.00000003.2263558365.000001E9FACD9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2191997004.000001E9FACD2000.00000004.00000800.00020000.00000000.sdmpfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://bzib.nelreports.net/api/report?cat=bingbusinessReporting and NEL.7.drfalse
  • URL Reputation: safe
unknown
https://getpocket.cdn.mozilla.net/v3/firefox/global-recs?version=3&consumer_key=$apiKey&locale_lang=firefox.exe, 00000019.00000002.2914464009.000002D8D76C8000.00000004.00000800.00020000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
http://127.0.0.1:firefox.exe, 00000005.00000003.1842661253.000001E9F0651000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2075478363.000001E9F0651000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2198555051.000001E9F9BE6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.2914510518.0000028D05970000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2913477496.00000130C87B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2913641047.000002D8D7430000.00000002.10000000.00040000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://bugzilla.mozilla.org/show_bug.cgi?id=1266220firefox.exe, 00000005.00000003.2128952615.000001E9FAEC9000.00000004.00000800.00020000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://bugzilla.mofirefox.exe, 00000005.00000003.2194918535.000001E9FA7A3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1843277716.000001E9EE1A1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2191344423.000001E9FADB5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2191120687.000001E9FADC6000.00000004.00000800.00020000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://mitmdetection.services.mozilla.com/firefox.exe, 0000000D.00000002.2914510518.0000028D05970000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2913477496.00000130C87B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2913641047.000002D8D7430000.00000002.10000000.00040000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://amazon.comfirefox.exe, 00000005.00000003.1887088091.000001E9EDB05000.00000004.00000800.00020000.00000000.sdmpfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://shavar.services.mozilla.com/firefox.exe, 00000005.00000003.2197120762.000001E9F9FE2000.00000004.00000800.00020000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://chromewebstore.google.com/manifest.json0.7.drfalse
  • URL Reputation: safe
unknown
https://drive-preprod.corp.google.com/manifest.json.7.drfalse
  • URL Reputation: safe
unknown
https://chrome.google.com/webstore/manifest.json0.7.drfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://spocs.getpocket.com/firefox.exe, 00000005.00000003.2198992249.000001E9F9B60000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.2914064409.00000130C8912000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000002.2914464009.000002D8D7613000.00000004.00000800.00020000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://services.addons.mozilla.org/api/v4/abuse/report/addon/firefox.exe, 0000000D.00000002.2914510518.0000028D05970000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2913477496.00000130C87B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2913641047.000002D8D7430000.00000002.10000000.00040000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://services.addons.mozilla.org/api/v4/addons/search/?guid=%IDS%&lang=%LOCALE%firefox.exe, 0000000D.00000002.2914510518.0000028D05970000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2913477496.00000130C87B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2913641047.000002D8D7430000.00000002.10000000.00040000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://color.firefox.com/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_content=theme-ffirefox.exe, 0000000D.00000002.2914510518.0000028D05970000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2913477496.00000130C87B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2913641047.000002D8D7430000.00000002.10000000.00040000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://www.iqiyi.com/firefox.exe, 00000005.00000003.2198784140.000001E9F9B84000.00000004.00000800.00020000.00000000.sdmpfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://play.google.com/store/apps/details?id=org.mozilla.firefox&referrer=utm_source%3Dprotection_rfirefox.exe, 0000000D.00000002.2914510518.0000028D05970000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2913477496.00000130C87B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2913641047.000002D8D7430000.00000002.10000000.00040000.00000000.sdmpfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://monitor.firefox.com/user/breach-stats?includeResolved=truefirefox.exe, 0000000D.00000002.2914510518.0000028D05970000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2913477496.00000130C87B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2913641047.000002D8D7430000.00000002.10000000.00040000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/cross-site-tracking-reportfirefox.exe, 0000000D.00000002.2914510518.0000028D05970000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2913477496.00000130C87B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2913641047.000002D8D7430000.00000002.10000000.00040000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://addons.mozilla.org/firefox.exe, 00000005.00000003.2195567398.000001E9FA387000.00000004.00000800.00020000.00000000.sdmpfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://merino.services.mozilla.com/api/v1/suggestaboutfirefox.exe, 0000000D.00000002.2914874948.0000028D05B72000.00000004.00000800.00020000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://bugzilla.mozilla.org/show_bug.cgi?id=1584464firefox.exe, 00000005.00000003.2203804431.000001E9ECB30000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2278375530.000001E9ECB36000.00000004.00000800.00020000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://services.addons.mozilla.org/api/v4/addons/search/?guid=default-theme%40mozilla.org%2Caddons-firefox.exe, 00000005.00000003.2076284862.000001E9EEC59000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2076482413.000001E9EDBD4000.00000004.00000800.00020000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://play.google.com83625de1-c8a3-43d2-8a1c-23a41273cfa4.tmp.8.drfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://safebrowsing.google.com/safebrowsing/diagnostic?site=firefox.exe, 0000000D.00000002.2914510518.0000028D05970000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2913477496.00000130C87B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2913641047.000002D8D7430000.00000002.10000000.00040000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
http://www.inbox.lv/rfc2368/?value=%sufirefox.exe, 00000005.00000003.2075919314.000001E9EECD5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1842936338.000001E9EECD5000.00000004.00000800.00020000.00000000.sdmpfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://monitor.firefox.com/user/dashboardfirefox.exe, 0000000D.00000002.2914510518.0000028D05970000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2913477496.00000130C87B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2913641047.000002D8D7430000.00000002.10000000.00040000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://versioncheck.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEM_IDfirefox.exe, 0000000D.00000002.2914510518.0000028D05970000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2913477496.00000130C87B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2913641047.000002D8D7430000.00000002.10000000.00040000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://monitor.firefox.com/aboutfirefox.exe, 0000000D.00000002.2914510518.0000028D05970000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2913477496.00000130C87B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2913641047.000002D8D7430000.00000002.10000000.00040000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
http://mozilla.org/MPL/2.0/.firefox.exe, 00000005.00000003.2202553127.000001E9F2EE7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1838948272.000001E9F2FDA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1779508531.000001E9F3666000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2278478951.000001E9ECB0A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2275444831.000001E9F2EE7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2195249405.000001E9FA659000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2079399162.000001E9EDFF8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2124394438.000001E9F11EB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2074960341.000001E9F0C87000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2068068454.000001E9F3015000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2121898739.000001E9F11D2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2195249405.000001E9FA67A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1790378725.000001E9F4027000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2117753958.000001E9F12C3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1779508531.000001E9F3624000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2274479513.000001E9F34BB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2195249405.000001E9FA68F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1841465330.000001E9EDF18000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2124394438.000001E9F11FE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2204557289.000001E9FAAC8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1883492701.000001E9F4027000.00000004.00000800.00020000.00000000.sdmpfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://account.bellmedia.cfirefox.exe, 00000005.00000003.2203804431.000001E9ECB2C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1779508531.000001E9F36A4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1837560155.000001E9F36A4000.00000004.00000800.00020000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://www.openh264.org/firefox.exe, 00000005.00000003.2278517549.000001E9EC5C0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1887670152.000001E9EC5C5000.00000004.00000800.00020000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://login.microsoftonline.comfirefox.exe, 00000005.00000003.1792251419.000001E9F30DD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1786076224.000001E9F30DD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2203804431.000001E9ECB2C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1779508531.000001E9F36A4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1837560155.000001E9F36A4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1884297754.000001E9F30DD000.00000004.00000800.00020000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://coverage.mozilla.orgfirefox.exe, 0000000D.00000002.2914510518.0000028D05970000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.2913477496.00000130C87B0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2913641047.000002D8D7430000.00000002.10000000.00040000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
http://crl.thawte.com/ThawteTimestampingCA.crl0firefox.exe, 00000005.00000003.2079114380.000001E9F1900000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.5.drfalse
  • URL Reputation: safe
unknown
https://csp.withgoogle.com/csp/report-to/AccountsSignInUiReporting and NEL.7.drfalse
  • URL Reputation: safe
unknown
http://x1.c.lencr.org/0firefox.exe, 00000005.00000003.2268018169.000001E9F9B92000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2198784140.000001E9F9B84000.00000004.00000800.00020000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
http://x1.i.lencr.org/0firefox.exe, 00000005.00000003.2268018169.000001E9F9B92000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2198784140.000001E9F9B84000.00000004.00000800.00020000.00000000.sdmpfalse
  • URL Reputation: safe
unknown

World Map of Contacted IPs

  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Public IPs

IPDomainCountryFlagASNASN NameMalicious
13.107.246.40
unknownUnited States
8068MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
152.195.19.97
unknownUnited States
15133EDGECASTUSfalse
13.107.246.60
s-part-0032.t-0009.t-msedge.netUnited States
8068MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
142.250.81.238
unknownUnited States
15169GOOGLEUSfalse
23.59.250.96
unknownUnited States
20940AKAMAI-ASN1EUfalse
162.159.61.3
unknownUnited States
13335CLOUDFLARENETUSfalse
34.117.188.166
contile.services.mozilla.comUnited States
139070GOOGLE-AS-APGoogleAsiaPacificPteLtdSGfalse
52.222.236.23
services.addons.mozilla.orgUnited States
16509AMAZON-02USfalse
23.223.209.207
unknownUnited States
16625AKAMAI-ASUSfalse
172.64.41.3
chrome.cloudflare-dns.comUnited States
13335CLOUDFLARENETUSfalse
34.120.208.123
telemetry-incoming.r53-2.services.mozilla.comUnited States
15169GOOGLEUSfalse
142.251.35.170
unknownUnited States
15169GOOGLEUSfalse
34.149.100.209
prod.remote-settings.prod.webservices.mozgcp.netUnited States
2686ATGS-MMD-ASUSfalse
216.58.206.65
googlehosted.l.googleusercontent.comUnited States
15169GOOGLEUSfalse
34.107.243.93
push.services.mozilla.comUnited States
15169GOOGLEUSfalse
34.107.221.82
prod.detectportal.prod.cloudops.mozgcp.netUnited States
15169GOOGLEUSfalse
35.244.181.201
prod.balrog.prod.cloudops.mozgcp.netUnited States
15169GOOGLEUSfalse
239.255.255.250
unknownReserved
unknownunknownfalse
35.190.72.216
prod.classify-client.prod.webservices.mozgcp.netUnited States
15169GOOGLEUSfalse
34.160.144.191
prod.content-signature-chains.prod.webservices.mozgcp.netUnited States
2686ATGS-MMD-ASUSfalse
142.251.35.164
unknownUnited States
15169GOOGLEUSfalse
172.253.115.84
unknownUnited States
15169GOOGLEUSfalse

Private

IP
192.168.2.4
127.0.0.1

General Information

Joe Sandbox version:40.0.0 Tourmaline
Analysis ID:1502481
Start date and time:2024-09-01 20:53:06 +02:00
Joe Sandbox product:CloudBasic
Overall analysis duration:0h 6m 59s
Hypervisor based Inspection enabled:false
Report type:full
Cookbook file name:default.jbs
Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:28
Number of new started drivers analysed:0
Number of existing processes analysed:0
Number of existing drivers analysed:0
Number of injected processes analysed:0
Technologies:
  • HCA enabled
  • EGA enabled
  • AMSI enabled
Analysis Mode:default
Analysis stop reason:Timeout
Sample name:file.exe
Detection:MAL
Classification:mal68.evad.winEXE@75/347@55/24
EGA Information:
  • Successful, ratio: 50%
HCA Information:
  • Successful, ratio: 96%
  • Number of executed functions: 36
  • Number of non-executed functions: 308
Cookbook Comments:
  • Found application associated with file extension: .exe

Warnings

  • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, backgroundTaskHost.exe, conhost.exe, svchost.exe
  • Excluded IPs from analysis (whitelisted): 13.107.42.16, 74.125.206.84, 13.107.21.239, 204.79.197.239, 142.250.186.142, 13.107.6.158, 2.19.126.152, 2.19.126.145, 142.250.185.227, 2.23.209.130, 2.23.209.177, 2.23.209.176, 2.23.209.140, 2.23.209.161, 2.23.209.133, 2.23.209.149, 2.23.209.150, 2.23.209.179, 172.217.18.99, 20.74.47.205, 2.19.126.137, 192.229.221.95, 2.22.61.56, 2.22.61.59, 216.58.212.142, 142.251.168.84, 52.11.251.113, 35.81.254.255, 54.244.114.242, 172.217.16.206, 216.58.206.42, 142.250.185.202, 142.250.80.99, 142.251.35.163
  • Excluded domains from analysis (whitelisted): cdp-f-ssl-tlu-net.trafficmanager.net, slscr.update.microsoft.com, a416.dscd.akamai.net, edgeassetservice.afd.azureedge.net, aus5.mozilla.org, star.sf.tlu.dl.delivery.mp.microsoft.com.delivery.microsoft.com, a19.dscg10.akamai.net, clients2.google.com, e86303.dscx.akamaiedge.net, ocsp.digicert.com, config-edge-skype.l-0007.l-msedge.net, www.gstatic.com, l-0007.l-msedge.net, www.bing.com, fs.microsoft.com, shavar.prod.mozaws.net, www-www.bing.com.trafficmanager.net, business-bing-com.b-0005.b-msedge.net, wildcardtlu-ssl.azureedge.net, edgeassetservice.azureedge.net, clients.l.google.com, location.services.mozilla.com, ciscobinary.openh264.org, config.edge.skype.com.trafficmanager.net, incoming.telemetry.mozilla.org, a17.rackcdn.com.mdc.edgesuite.net, arc.msn.com, iris-de-prod-azsc-v2-frc-b.francecentral.cloudapp.azure.com, www.bing.com.edgekey.net, redirector.gvt1.com, msedge.b.tlu.dl.delivery.mp.microsoft.com, arc.trafficmanager.net, safebrowsing.googleapis.com, con
  • Not all processes where analyzed, report is missing behavior information
  • Report size exceeded maximum capacity and may have missing behavior information.
  • Report size exceeded maximum capacity and may have missing disassembly code.
  • Report size getting too big, too many NtAllocateVirtualMemory calls found.
  • Report size getting too big, too many NtCreateFile calls found.
  • Report size getting too big, too many NtOpenFile calls found.
  • Report size getting too big, too many NtOpenKeyEx calls found.
  • Report size getting too big, too many NtProtectVirtualMemory calls found.
  • Report size getting too big, too many NtQueryValueKey calls found.
  • Report size getting too big, too many NtWriteVirtualMemory calls found.
  • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

Simulations

Behavior and APIs

TimeTypeDescription
14:54:42API Interceptor1x Sleep call for process: firefox.exe modified
19:54:08AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run MicrosoftEdgeAutoLaunch_C366A24065C39A1BE76E148DC2D0A868 "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5
19:54:16AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run MicrosoftEdgeAutoLaunch_C366A24065C39A1BE76E148DC2D0A868 "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5

Joe Sandbox View / Context

IPs

MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
13.107.246.40Payment Transfer Receipt.shtmlGet hashmaliciousHTMLPhisherBrowse
  • www.aib.gov.uk/
NEW ORDER.xlsGet hashmaliciousUnknownBrowse
  • 2s.gg/3zs
PO_OCF 408.xlsGet hashmaliciousUnknownBrowse
  • 2s.gg/42Q
06836722_218 Aluplast.docx.docGet hashmaliciousUnknownBrowse
  • 2s.gg/3zk
Quotation.xlsGet hashmaliciousUnknownBrowse
  • 2s.gg/3zM
152.195.19.97http://ustteam.com/Get hashmaliciousUnknownBrowse
  • www.ust.com/
13.107.246.60https://protect-us.mimecast.com/s/wFHoCqxrAnt7V914iZaD1vGet hashmaliciousUnknownBrowse
  • www.mimecast.com/Customers/Support/Contact-support/
http://wellsfargo.dealogic.com/clientportal/Conferences/Registration/Form/368?menuItemId=5Get hashmaliciousUnknownBrowse
  • wellsfargo.dealogic.com/clientportal/Conferences/Registration/Form/368?menuItemId=5

Domains

MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
prod.remote-settings.prod.webservices.mozgcp.netfile.exeGet hashmaliciousUnknownBrowse
  • 34.149.100.209
file.exeGet hashmaliciousUnknownBrowse
  • 34.149.100.209
file.exeGet hashmaliciousUnknownBrowse
  • 34.149.100.209
file.exeGet hashmaliciousUnknownBrowse
  • 34.149.100.209
file.exeGet hashmaliciousUnknownBrowse
  • 34.149.100.209
file.exeGet hashmaliciousUnknownBrowse
  • 34.149.100.209
MDE_File_Sample_775c04b737da218ea8e0cf00c15e7212960dd200.zipGet hashmaliciousUnknownBrowse
  • 34.149.100.209
file.exeGet hashmaliciousUnknownBrowse
  • 34.149.100.209
https://wetransfer.com/downloads/e3c914f2e6f4651b1445415756262fa620240826020905/640d590327db92754fa0159c45d4f92720240826020905/4529de?trk=TRN_TDL_01&utm_campaign=TRN_TDL_01&utm_medium=email&utm_source=sendgridGet hashmaliciousUnknownBrowse
  • 34.149.100.209
SecuriteInfo.com.Win32.Evo-gen.18513.13360.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
  • 34.149.100.209
services.addons.mozilla.orgfile.exeGet hashmaliciousUnknownBrowse
  • 18.65.39.85
file.exeGet hashmaliciousUnknownBrowse
  • 52.222.236.80
file.exeGet hashmaliciousUnknownBrowse
  • 18.65.39.31
file.exeGet hashmaliciousUnknownBrowse
  • 52.222.236.23
file.exeGet hashmaliciousUnknownBrowse
  • 52.222.236.120
file.exeGet hashmaliciousUnknownBrowse
  • 52.222.236.48
MDE_File_Sample_775c04b737da218ea8e0cf00c15e7212960dd200.zipGet hashmaliciousUnknownBrowse
  • 3.165.136.19
file.exeGet hashmaliciousUnknownBrowse
  • 18.65.39.31
https://wetransfer.com/downloads/e3c914f2e6f4651b1445415756262fa620240826020905/640d590327db92754fa0159c45d4f92720240826020905/4529de?trk=TRN_TDL_01&utm_campaign=TRN_TDL_01&utm_medium=email&utm_source=sendgridGet hashmaliciousUnknownBrowse
  • 52.222.236.120
SecuriteInfo.com.Win32.Evo-gen.18513.13360.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
  • 18.65.39.112
example.orgfile.exeGet hashmaliciousUnknownBrowse
  • 93.184.215.14
file.exeGet hashmaliciousUnknownBrowse
  • 93.184.215.14
file.exeGet hashmaliciousUnknownBrowse
  • 93.184.215.14
file.exeGet hashmaliciousUnknownBrowse
  • 93.184.215.14
file.exeGet hashmaliciousUnknownBrowse
  • 93.184.215.14
file.exeGet hashmaliciousUnknownBrowse
  • 93.184.215.14
MDE_File_Sample_775c04b737da218ea8e0cf00c15e7212960dd200.zipGet hashmaliciousUnknownBrowse
  • 93.184.215.14
file.exeGet hashmaliciousUnknownBrowse
  • 93.184.215.14
https://wetransfer.com/downloads/e3c914f2e6f4651b1445415756262fa620240826020905/640d590327db92754fa0159c45d4f92720240826020905/4529de?trk=TRN_TDL_01&utm_campaign=TRN_TDL_01&utm_medium=email&utm_source=sendgridGet hashmaliciousUnknownBrowse
  • 93.184.215.14
SecuriteInfo.com.Win32.Evo-gen.18513.13360.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
  • 93.184.215.14
chrome.cloudflare-dns.comfile.exeGet hashmaliciousAmadey, StealcBrowse
  • 162.159.61.3
file.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
  • 162.159.61.3
file.exeGet hashmaliciousAmadey, StealcBrowse
  • 162.159.61.3
file.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
  • 172.64.41.3
file.exeGet hashmaliciousAmadey, StealcBrowse
  • 162.159.61.3
file.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
  • 172.64.41.3
nitro.exeGet hashmaliciousLummaC StealerBrowse
  • 172.64.41.3
nitro.exeGet hashmaliciousLummaC StealerBrowse
  • 162.159.61.3
XarsweLoader.exeGet hashmaliciousLummaC StealerBrowse
  • 172.64.41.3
file.exeGet hashmaliciousAmadey, StealcBrowse
  • 162.159.61.3

ASNs

MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
MICROSOFT-CORP-MSN-AS-BLOCKUSfile.exeGet hashmaliciousAmadey, StealcBrowse
  • 13.107.246.60
firmware.armv7l.elfGet hashmaliciousUnknownBrowse
  • 20.136.68.40
firmware.i586.elfGet hashmaliciousUnknownBrowse
  • 40.103.228.120
firmware.i686.elfGet hashmaliciousUnknownBrowse
  • 20.222.27.101
firmware.arm-linux-gnueabihf.elfGet hashmaliciousUnknownBrowse
  • 52.108.136.144
file.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
  • 13.107.246.60
file.exeGet hashmaliciousAmadey, StealcBrowse
  • 13.107.246.60
file.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
  • 13.107.246.57
vir.zipGet hashmaliciousLummaC StealerBrowse
  • 20.42.65.92
file.exeGet hashmaliciousAmadey, StealcBrowse
  • 13.107.246.67
EDGECASTUSfile.exeGet hashmaliciousAmadey, StealcBrowse
  • 152.195.19.97
file.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
  • 152.195.19.97
file.exeGet hashmaliciousAmadey, StealcBrowse
  • 152.195.19.97
file.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
  • 152.195.19.97
file.exeGet hashmaliciousAmadey, StealcBrowse
  • 152.195.19.97
file.exeGet hashmaliciousAmadey, StealcBrowse
  • 152.195.19.97
file.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
  • 152.195.19.97
file.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
  • 152.195.19.97
file.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
  • 152.195.19.97
file.exeGet hashmaliciousAmadey, StealcBrowse
  • 152.195.19.97
MICROSOFT-CORP-MSN-AS-BLOCKUSfile.exeGet hashmaliciousAmadey, StealcBrowse
  • 13.107.246.60
firmware.armv7l.elfGet hashmaliciousUnknownBrowse
  • 20.136.68.40
firmware.i586.elfGet hashmaliciousUnknownBrowse
  • 40.103.228.120
firmware.i686.elfGet hashmaliciousUnknownBrowse
  • 20.222.27.101
firmware.arm-linux-gnueabihf.elfGet hashmaliciousUnknownBrowse
  • 52.108.136.144
file.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
  • 13.107.246.60
file.exeGet hashmaliciousAmadey, StealcBrowse
  • 13.107.246.60
file.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
  • 13.107.246.57
vir.zipGet hashmaliciousLummaC StealerBrowse
  • 20.42.65.92
file.exeGet hashmaliciousAmadey, StealcBrowse
  • 13.107.246.67

JA3 Fingerprints

MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
28a2c9bd18a11de089ef85a160da29e4file.exeGet hashmaliciousAmadey, StealcBrowse
  • 184.28.90.27
  • 20.114.59.183
file.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
  • 184.28.90.27
  • 20.114.59.183
file.exeGet hashmaliciousAmadey, StealcBrowse
  • 184.28.90.27
  • 20.114.59.183
^=L@test_PC_FilE_2024_as_P@ssKey=^.zipGet hashmaliciousGo InjectorBrowse
  • 184.28.90.27
  • 20.114.59.183
file.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
  • 184.28.90.27
  • 20.114.59.183
http://virastman.irGet hashmaliciousUnknownBrowse
  • 184.28.90.27
  • 20.114.59.183
file.exeGet hashmaliciousAmadey, StealcBrowse
  • 184.28.90.27
  • 20.114.59.183
https://pinpoint-insights.com/interx/tracker?op=click&id=1bcf8.e84f&url=https://splendo-alu.com/proposed-report22.html#skolverket@skolverket.se&id=71deGet hashmaliciousHTMLPhisherBrowse
  • 184.28.90.27
  • 20.114.59.183
file.exeGet hashmaliciousAmadey, StealcBrowse
  • 184.28.90.27
  • 20.114.59.183
https://sites.google.com/view/bzwyy/accueilGet hashmaliciousUnknownBrowse
  • 184.28.90.27
  • 20.114.59.183
fb0aa01abe9d8e4037eb3473ca6e2dcafile.exeGet hashmaliciousUnknownBrowse
  • 35.244.181.201
  • 34.149.100.209
  • 34.160.144.191
  • 52.222.236.23
  • 34.120.208.123
file.exeGet hashmaliciousUnknownBrowse
  • 35.244.181.201
  • 34.149.100.209
  • 34.160.144.191
  • 52.222.236.23
  • 34.120.208.123
file.exeGet hashmaliciousUnknownBrowse
  • 35.244.181.201
  • 34.149.100.209
  • 34.160.144.191
  • 52.222.236.23
  • 34.120.208.123
file.exeGet hashmaliciousUnknownBrowse
  • 35.244.181.201
  • 34.149.100.209
  • 34.160.144.191
  • 52.222.236.23
  • 34.120.208.123
file.exeGet hashmaliciousUnknownBrowse
  • 35.244.181.201
  • 34.149.100.209
  • 34.160.144.191
  • 52.222.236.23
  • 34.120.208.123
file.exeGet hashmaliciousUnknownBrowse
  • 35.244.181.201
  • 34.149.100.209
  • 34.160.144.191
  • 52.222.236.23
  • 34.120.208.123
MDE_File_Sample_775c04b737da218ea8e0cf00c15e7212960dd200.zipGet hashmaliciousUnknownBrowse
  • 35.244.181.201
  • 34.149.100.209
  • 34.160.144.191
  • 52.222.236.23
  • 34.120.208.123
file.exeGet hashmaliciousUnknownBrowse
  • 35.244.181.201
  • 34.149.100.209
  • 34.160.144.191
  • 52.222.236.23
  • 34.120.208.123
https://wetransfer.com/downloads/e3c914f2e6f4651b1445415756262fa620240826020905/640d590327db92754fa0159c45d4f92720240826020905/4529de?trk=TRN_TDL_01&utm_campaign=TRN_TDL_01&utm_medium=email&utm_source=sendgridGet hashmaliciousUnknownBrowse
  • 35.244.181.201
  • 34.149.100.209
  • 34.160.144.191
  • 52.222.236.23
  • 34.120.208.123
SecuriteInfo.com.Win32.Evo-gen.18513.13360.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
  • 35.244.181.201
  • 34.149.100.209
  • 34.160.144.191
  • 52.222.236.23
  • 34.120.208.123

Dropped Files

MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll.tmpfile.exeGet hashmaliciousUnknownBrowse
    file.exeGet hashmaliciousUnknownBrowse
      file.exeGet hashmaliciousUnknownBrowse
        file.exeGet hashmaliciousUnknownBrowse
          file.exeGet hashmaliciousUnknownBrowse
            file.exeGet hashmaliciousUnknownBrowse
              MDE_File_Sample_775c04b737da218ea8e0cf00c15e7212960dd200.zipGet hashmaliciousUnknownBrowse
                file.exeGet hashmaliciousUnknownBrowse
                  SecuriteInfo.com.Win32.Evo-gen.18513.13360.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
                    file.exeGet hashmaliciousUnknownBrowse
                      C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll (copy)file.exeGet hashmaliciousUnknownBrowse
                        file.exeGet hashmaliciousUnknownBrowse
                          file.exeGet hashmaliciousUnknownBrowse
                            file.exeGet hashmaliciousUnknownBrowse
                              file.exeGet hashmaliciousUnknownBrowse
                                file.exeGet hashmaliciousUnknownBrowse
                                  MDE_File_Sample_775c04b737da218ea8e0cf00c15e7212960dd200.zipGet hashmaliciousUnknownBrowse
                                    file.exeGet hashmaliciousUnknownBrowse
                                      SecuriteInfo.com.Win32.Evo-gen.18513.13360.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
                                        file.exeGet hashmaliciousUnknownBrowse

                                          Created / dropped Files

                                          C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\uninstall_ping_308046B0AF4A39CB_529ab124-c947-4aec-89b5-3f71d9fbdac3.json (copy)

                                          Download File
                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                          File Type:JSON data
                                          Category:dropped
                                          Size (bytes):7610
                                          Entropy (8bit):5.167136428487065
                                          Encrypted:false
                                          SSDEEP:192:AFjMX3D0cbhbVbTbfbRbObtbyEl7nkr9JA6WnSrDtTJd/SkDru:UYgcNhnzFSJEr4BnSrDhJd/U
                                          MD5:BBD11F7867061C6BEC17E2F170248E72
                                          SHA1:E9FBE0777B7183764F9169B177076E791E6C924B
                                          SHA-256:FB28FE8FDD8DDBC81759E62D14C5B1827DBEAF2DFC3F59F3B6F3DE2361118ABB
                                          SHA-512:E4C54145FCF1BCEB2A2EAF1F2E4C4182E1A803106F066436835289803BCF232F0ECF3A8FDF65CC88E78CE49F9C610231E5325737A25B833BA66300EB752CE8FE
                                          Malicious:false
                                          Preview:{"type":"uninstall","id":"529ab124-c947-4aec-89b5-3f71d9fbdac3","creationDate":"2024-09-01T20:42:54.818Z","version":4,"application":{"architecture":"x86-64","buildId":"20230927232528","name":"Firefox","version":"118.0.1","displayVersion":"118.0.1","vendor":"Mozilla","platformVersion":"118.0.1","xpcomAbi":"x86_64-msvc","channel":"release"},"payload":{"otherInstalls":0},"clientId":"65e71c9e-6ac3-4903-9066-b134350de32c","environment":{"build":{"applicationId":"{ec8030f7-c20a-464f-9b0e-13a3a9e97384}","applicationName":"Firefox","architecture":"x86-64","buildId":"20230927232528","version":"118.0.1","vendor":"Mozilla","displayVersion":"118.0.1","platformVersion":"118.0.1","xpcomAbi":"x86_64-msvc","updaterAvailable":true},"partner":{"distributionId":null,"distributionVersion":null,"partnerId":null,"distributor":null,"distributorChannel":null,"partnerNames":[]},"system":{"memoryMB":8191,"virtualMaxMB":134217728,"cpu":{"isWindowsSMode":false,"count":4,"cores":2,"vendor":"GenuineIntel","name":"I

                                          C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\uninstall_ping_308046B0AF4A39CB_529ab124-c947-4aec-89b5-3f71d9fbdac3.json.tmp

                                          Download File
                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                          File Type:JSON data
                                          Category:dropped
                                          Size (bytes):7610
                                          Entropy (8bit):5.167136428487065
                                          Encrypted:false
                                          SSDEEP:192:AFjMX3D0cbhbVbTbfbRbObtbyEl7nkr9JA6WnSrDtTJd/SkDru:UYgcNhnzFSJEr4BnSrDhJd/U
                                          MD5:BBD11F7867061C6BEC17E2F170248E72
                                          SHA1:E9FBE0777B7183764F9169B177076E791E6C924B
                                          SHA-256:FB28FE8FDD8DDBC81759E62D14C5B1827DBEAF2DFC3F59F3B6F3DE2361118ABB
                                          SHA-512:E4C54145FCF1BCEB2A2EAF1F2E4C4182E1A803106F066436835289803BCF232F0ECF3A8FDF65CC88E78CE49F9C610231E5325737A25B833BA66300EB752CE8FE
                                          Malicious:false
                                          Preview:{"type":"uninstall","id":"529ab124-c947-4aec-89b5-3f71d9fbdac3","creationDate":"2024-09-01T20:42:54.818Z","version":4,"application":{"architecture":"x86-64","buildId":"20230927232528","name":"Firefox","version":"118.0.1","displayVersion":"118.0.1","vendor":"Mozilla","platformVersion":"118.0.1","xpcomAbi":"x86_64-msvc","channel":"release"},"payload":{"otherInstalls":0},"clientId":"65e71c9e-6ac3-4903-9066-b134350de32c","environment":{"build":{"applicationId":"{ec8030f7-c20a-464f-9b0e-13a3a9e97384}","applicationName":"Firefox","architecture":"x86-64","buildId":"20230927232528","version":"118.0.1","vendor":"Mozilla","displayVersion":"118.0.1","platformVersion":"118.0.1","xpcomAbi":"x86_64-msvc","updaterAvailable":true},"partner":{"distributionId":null,"distributionVersion":null,"partnerId":null,"distributor":null,"distributorChannel":null,"partnerNames":[]},"system":{"memoryMB":8191,"virtualMaxMB":134217728,"cpu":{"isWindowsSMode":false,"count":4,"cores":2,"vendor":"GenuineIntel","name":"I

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\12db0a05-bb53-4865-af08-4aeec09c62ce.tmp

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:JSON data
                                          Category:dropped
                                          Size (bytes):8239
                                          Entropy (8bit):5.7959133462007495
                                          Encrypted:false
                                          SSDEEP:192:fsNAGDoh3eiRUh+j8ksO6qRAq1k8SPxVLZ7VTiQ:fsNArhraE3sO6q3QxVNZTiQ
                                          MD5:BB45683BD891312359AEDF22431020E5
                                          SHA1:D57D82B6B29A50AE16830D06B0E6BFC972183160
                                          SHA-256:EF0BAD1C86F987D999C83862053625FD38DB3C170973A6E320517D91E7BC53DF
                                          SHA-512:3F63A5DA058525F7E7E10AE615CE741558E2024F3D18C0747936ED5DBD389CEE1B9E93E4FAB1985930751A13BF7B892DDFD3C597F862136641F8344DFD62D80E
                                          Malicious:false
                                          Preview:{"browser":{"last_redirect_origin":""},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"dual_engine":{"ie_to_edge":{"redirection_mode":0}},"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false},"tab_stabs":{"closed_without_unfreeze_never_unfrozen":0,"closed_without_unfreeze_previously_unfrozen":0,"discard_without_unfreeze_never_unfrozen":0,"discard_without_unfreeze_previously_unfrozen":0},"tab_stats":{"frozen_daily":0,"unfrozen_daily":0}},"fire_local_softlanding_notification":false,"fre":{"soft_landing_bubble":{"bubble_response":0,"has_user_seen_bubble":true,"is_bubble_triggered":0}},"hardware_acceleration_mode_previous":true,"legacy":{"profile":{"name":{"migrated":true}}},"migration":{"last_edgeuwp_pin_migration_on_edge_version":"92.0.902.67","last_edgeuwp_pin_migration_on_os_version":"10 OS Ve

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\3b219e0b-5e7b-46ae-b202-05343b04f5d2.tmp

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:JSON data
                                          Category:dropped
                                          Size (bytes):23967
                                          Entropy (8bit):6.048888265260434
                                          Encrypted:false
                                          SSDEEP:384:28tMGQ7LBjuYXGIgtDAW5u0TDJ2q03XsNwhy5hST0W5Es80+Mh0lkdHd5qb:BMGQ7FCYXGIgtDAWtJ4n1c5hS0AEs8UM
                                          MD5:FF4ECE42828DC70CA9FFA800FAEF6C45
                                          SHA1:435D117DDC3C2B05E09E8A35D26AB4CDE9FC4B87
                                          SHA-256:9E99A13851E5C1613814BC131D43CC398A1B15DA4AD95C874D407823085C070A
                                          SHA-512:0AF7587095C00BC1F273CF98606F3F154D7A429C39A71C51B0153E5FDE63C3AA5C4BC284C15EB3D8CAF1C9B76A2AF62D5FE3C1461D776D41A940BB645FD6A88A
                                          Malicious:false
                                          Preview:{"abusive_adblocker_etag":"\"5E25271B8190D943537AD3FDB50874FC133E8B4A00380E2A6A888D63386F728B\"","apps_count_check_time":"13369690439983352","browser":{"browser_build_version":"117.0.2045.47","browser_version_of_last_seen_whats_new":"117.0.2045.47","last_redirect_origin":"","last_seen_whats_new_page_version":"117.0.2045.47"},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"domain_actions_config":"H4sIAAAAAAAAAL1dWZPktpH+KxP9ZDtU6GMujfykHY9txVpHyHIoYh2ODhBEkWiCAAdHVbEc/u+bCVb1dE8RqEqOdh806mbzw8VEXshM/PuKb27vha2luF9LHqKT96KVoru3G+mcquXVN/++4sOgleBBWeOvvvnn4YGs7wcLz8erb65+HMKPMVx9dVXbnisDT4wMa612TNj+6j9fUSA+xFpZPyH/9dVVQig59Wx4L5+Cwzjg799ubt/jJP48zeE9TuHwDjYBc/Ew+Ktvbv/z1ZWoe+rsjB4/7Abr5U+ajz9LXo9Px+21Mk1hoo/oX6HHjTLyKTjYyMJmCbLnO/hZMpjFAjSvxOIhbxgi5FK85m+ZCkuQu7UyKoxLO97yIFoYvbAluiw2oRoYgIQ2nG2AqJY2U+koRXQbbMm3fMsEX9JMK3GLbeAvNjhrlo5GOJiTA/oXLTdG6qXtmMBDiyS59PvY7eCklyb4QcfFi7tpdwu3VBt1XNorvM4+RiU6+CjD0kb+pHz7rRm

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\453a6db7-4669-4f77-b40a-9814f1471149.tmp

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:JSON data
                                          Category:dropped
                                          Size (bytes):6820
                                          Entropy (8bit):5.794310404295137
                                          Encrypted:false
                                          SSDEEP:96:iaqkHfO9VKRz5ih/cI9URLl8RotorMFVvlwhbe4IbONIeTC6XQS0qGqk+Z4uj+rJ:akGDoUeiRU8hd6qRAq1k8SPxVLZ7VTiq
                                          MD5:CBDDED223530DF8536C09FB60B22EA70
                                          SHA1:FE2B38310431A1AC30EBB1AF02B8AAEEF579F624
                                          SHA-256:697F5FF55A297A2B84AFA06EBE865EDCDA6DE70A5E2D47F7234F54477E0BFFFB
                                          SHA-512:A8DE0947EE7E91940BDA389B9078D72714563AAD79331229C6B52C1951A52B31C5A055E1DEC6CAFDE20815A42FF18325CF5C26B0158F348D400B94CB810BF42E
                                          Malicious:false
                                          Preview:{"browser":{"last_redirect_origin":""},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false}},"fire_local_softlanding_notification":false,"fre":{"soft_landing_bubble":{"bubble_response":0,"has_user_seen_bubble":true,"is_bubble_triggered":0}},"hardware_acceleration_mode_previous":true,"legacy":{"profile":{"name":{"migrated":true}}},"migration":{"last_edgeuwp_pin_migration_on_edge_version":"92.0.902.67","last_edgeuwp_pin_migration_on_os_version":"10 OS Version 2009 (Build 19045.2006)","last_edgeuwp_pin_migration_success":false},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAAB1fP9hVLl+TqkQ+1WEJGQfEAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAADzwvuZakL9lxd0aPBRCMV9s3+uDrDyWw3HbUh/TpGkiwAAAAA

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\67ae3a70-3fb5-43a7-9da8-c0eca4f019f9.tmp

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:JSON data
                                          Category:modified
                                          Size (bytes):8090
                                          Entropy (8bit):5.813241468607569
                                          Encrypted:false
                                          SSDEEP:192:asNAGDoh3eiRUHjQ9ks36qRAq1k8SPxVLZ7VTiq:asNArhrakOs36q3QxVNZTiq
                                          MD5:1477A1AD18AE8D0FAA16BD050F974B07
                                          SHA1:528CD7B4F097849C52E9CB943D0A770F666DF578
                                          SHA-256:F221073718E2E370A667877F8D2282BD1140F47992C634EC666ED2154D28BD7E
                                          SHA-512:6E01C64F7CF58349FAEF9D711E3553CA4A65F235CBC8B3726B790D17388E945CC5B3B72BB31A9122F253099592DD111CA46DD94BB28FB38A9E85818BAD19AEE9
                                          Malicious:false
                                          Preview:{"browser":{"last_redirect_origin":""},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false},"tab_stabs":{"closed_without_unfreeze_never_unfrozen":0,"closed_without_unfreeze_previously_unfrozen":0,"discard_without_unfreeze_never_unfrozen":0,"discard_without_unfreeze_previously_unfrozen":0},"tab_stats":{"frozen_daily":0,"unfrozen_daily":0}},"fire_local_softlanding_notification":false,"fre":{"soft_landing_bubble":{"bubble_response":0,"has_user_seen_bubble":true,"is_bubble_triggered":0}},"hardware_acceleration_mode_previous":true,"legacy":{"profile":{"name":{"migrated":true}}},"migration":{"last_edgeuwp_pin_migration_on_edge_version":"92.0.902.67","last_edgeuwp_pin_migration_on_os_version":"10 OS Version 2009 (Build 19045.2006)","last_edgeuwp_pin_mig

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\74bed03b-d041-4bd7-a5c6-b5d878ac1167.tmp

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:JSON data
                                          Category:dropped
                                          Size (bytes):25053
                                          Entropy (8bit):6.030970377028767
                                          Encrypted:false
                                          SSDEEP:768:BMGQ7FCYXGIgtDAWtJ4L1c5hSQn3sZh02td1:BMGQ5XMBQ1Y8t
                                          MD5:54EBEEBD309867DCD39327F0939AD9B4
                                          SHA1:31B2DE341DC0995DBB384F71E89DD9B89CDFE184
                                          SHA-256:EC6AE0339BE0D6423B5FB7A5C9F5BBED836E8312D419FBD88EBF2C50EB5A7DBF
                                          SHA-512:6B223E45DD88F10D5FDC062CCD9B15AD576ACA08D75122BE6224E0EC96F12F469B7017B15B13307C1163913DE22FB198F45B527A36442E37EA2AB8AEC7417764
                                          Malicious:false
                                          Preview:{"abusive_adblocker_etag":"\"5E25271B8190D943537AD3FDB50874FC133E8B4A00380E2A6A888D63386F728B\"","apps_count_check_time":"13369690439983352","browser":{"browser_build_version":"117.0.2045.47","browser_version_of_last_seen_whats_new":"117.0.2045.47","last_redirect_origin":"","last_seen_whats_new_page_version":"117.0.2045.47"},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"domain_actions_config":"H4sIAAAAAAAAAL1dWZPktpH+KxP9ZDtU6GMujfykHY9txVpHyHIoYh2ODhBEkWiCAAdHVbEc/u+bCVb1dE8RqEqOdh806mbzw8VEXshM/PuKb27vha2luF9LHqKT96KVoru3G+mcquXVN/++4sOgleBBWeOvvvnn4YGs7wcLz8erb65+HMKPMVx9dVXbnisDT4wMa612TNj+6j9fUSA+xFpZPyH/9dVVQig59Wx4L5+Cwzjg799ubt/jJP48zeE9TuHwDjYBc/Ew+Ktvbv/z1ZWoe+rsjB4/7Abr5U+ajz9LXo9Px+21Mk1hoo/oX6HHjTLyKTjYyMJmCbLnO/hZMpjFAjSvxOIhbxgi5FK85m+ZCkuQu7UyKoxLO97yIFoYvbAluiw2oRoYgIQ2nG2AqJY2U+koRXQbbMm3fMsEX9JMK3GLbeAvNjhrlo5GOJiTA/oXLTdG6qXtmMBDiyS59PvY7eCklyb4QcfFi7tpdwu3VBt1XNorvM4+RiU6+CjD0kb+pHz7rRm

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\7a2af48a-5860-4960-a588-04b0c4000679.tmp

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:JSON data
                                          Category:dropped
                                          Size (bytes):25104
                                          Entropy (8bit):6.030175605804574
                                          Encrypted:false
                                          SSDEEP:768:BMGQ7FCYXGIgtDAWtJ4Lkc5hSQn3sZh02td1:BMGQ5XMBQkY4t
                                          MD5:EAF36675EB7FEF2A3553C73DF58CB80E
                                          SHA1:5D7908E1F62E13569057F3C4CC3C018F303452BF
                                          SHA-256:987F47EFF7B5F0B8B3E1DD3AEDDC0111FFF561DBE91D9A5C964F2AAAEB884844
                                          SHA-512:97B615826B18762044FE2591F57150CC5006B50B9172B72F6C87AF5CC18DFEC8E5B78F16863E83867D44475F6CED3CB1275511A354C56E72A89E90A0EA432839
                                          Malicious:false
                                          Preview:{"abusive_adblocker_etag":"\"5E25271B8190D943537AD3FDB50874FC133E8B4A00380E2A6A888D63386F728B\"","apps_count_check_time":"13369690439983352","browser":{"browser_build_version":"117.0.2045.47","browser_version_of_last_seen_whats_new":"117.0.2045.47","last_redirect_origin":"","last_seen_whats_new_page_version":"117.0.2045.47"},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"domain_actions_config":"H4sIAAAAAAAAAL1dWZPktpH+KxP9ZDtU6GMujfykHY9txVpHyHIoYh2ODhBEkWiCAAdHVbEc/u+bCVb1dE8RqEqOdh806mbzw8VEXshM/PuKb27vha2luF9LHqKT96KVoru3G+mcquXVN/++4sOgleBBWeOvvvnn4YGs7wcLz8erb65+HMKPMVx9dVXbnisDT4wMa612TNj+6j9fUSA+xFpZPyH/9dVVQig59Wx4L5+Cwzjg799ubt/jJP48zeE9TuHwDjYBc/Ew+Ktvbv/z1ZWoe+rsjB4/7Abr5U+ajz9LXo9Px+21Mk1hoo/oX6HHjTLyKTjYyMJmCbLnO/hZMpjFAjSvxOIhbxgi5FK85m+ZCkuQu7UyKoxLO97yIFoYvbAluiw2oRoYgIQ2nG2AqJY2U+koRXQbbMm3fMsEX9JMK3GLbeAvNjhrlo5GOJiTA/oXLTdG6qXtmMBDiyS59PvY7eCklyb4QcfFi7tpdwu3VBt1XNorvM4+RiU6+CjD0kb+pHz7rRm

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Ad Blocking\blocklist (copy)

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:JSON data
                                          Category:dropped
                                          Size (bytes):107893
                                          Entropy (8bit):4.640145133154881
                                          Encrypted:false
                                          SSDEEP:1536:B/lv4EsQMNeQ9s5VwB34PsiaR+tjvYArQdW+Iuh57P7Y:fwUQC5VwBIiElEd2K57P7Y
                                          MD5:46BC3CA050C9032312C051408F8C6227
                                          SHA1:4EC92F610AC217A2AB2927A8B71AD8BF5157D72D
                                          SHA-256:CB9C9EED0F363C3193E8676B326299AED296899E17323BA2D48619BAF5249FC6
                                          SHA-512:BB3126EBAD87C08B80CF3125BCDF838CEB7012F72B142B6CE67C8DAB7E57C52478876CAF19ECAC5670D5A0C2C3505F92DFB2E3013791359BFDD7094B29FC157F
                                          Malicious:false
                                          Preview:{"sites":[{"url":"24video.be"},{"url":"7dnifutbol.bg"},{"url":"6tv.dk"},{"url":"9kefa.com"},{"url":"aculpaedoslb.blogspot.pt"},{"url":"aek-live.gr"},{"url":"arcadepunk.co.uk"},{"url":"acidimg.cc"},{"url":"aazah.com"},{"url":"allehensbeverwijk.nl"},{"url":"amateurgonewild.org"},{"url":"aindasoudotempo.blogspot.com"},{"url":"anorthosis365.com"},{"url":"autoreview.bg"},{"url":"alivefoot.us"},{"url":"arbitro10.com"},{"url":"allhard.org"},{"url":"babesnude.info"},{"url":"aysel.today"},{"url":"animepornx.com"},{"url":"bahisideal20.com"},{"url":"analyseindustrie.nl"},{"url":"bahis10line.org"},{"url":"apoel365.net"},{"url":"bahissitelerisikayetleri.com"},{"url":"bambusratte.com"},{"url":"banzaj.pl"},{"url":"barlevegas.com"},{"url":"baston.info"},{"url":"atomcurve.com"},{"url":"atascadocherba.com"},{"url":"astrologer.gr"},{"url":"adultpicz.com"},{"url":"alleporno.com"},{"url":"beaver-tube.com"},{"url":"beachbabes.info"},{"url":"bearworldmagazine.com"},{"url":"bebegimdensonra.com"},{"url":"autoy

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Ad Blocking\c35ade92-f586-4ed2-8835-97cba56db08d.tmp

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:JSON data
                                          Category:dropped
                                          Size (bytes):107893
                                          Entropy (8bit):4.640145133154881
                                          Encrypted:false
                                          SSDEEP:1536:B/lv4EsQMNeQ9s5VwB34PsiaR+tjvYArQdW+Iuh57P7Y:fwUQC5VwBIiElEd2K57P7Y
                                          MD5:46BC3CA050C9032312C051408F8C6227
                                          SHA1:4EC92F610AC217A2AB2927A8B71AD8BF5157D72D
                                          SHA-256:CB9C9EED0F363C3193E8676B326299AED296899E17323BA2D48619BAF5249FC6
                                          SHA-512:BB3126EBAD87C08B80CF3125BCDF838CEB7012F72B142B6CE67C8DAB7E57C52478876CAF19ECAC5670D5A0C2C3505F92DFB2E3013791359BFDD7094B29FC157F
                                          Malicious:false
                                          Preview:{"sites":[{"url":"24video.be"},{"url":"7dnifutbol.bg"},{"url":"6tv.dk"},{"url":"9kefa.com"},{"url":"aculpaedoslb.blogspot.pt"},{"url":"aek-live.gr"},{"url":"arcadepunk.co.uk"},{"url":"acidimg.cc"},{"url":"aazah.com"},{"url":"allehensbeverwijk.nl"},{"url":"amateurgonewild.org"},{"url":"aindasoudotempo.blogspot.com"},{"url":"anorthosis365.com"},{"url":"autoreview.bg"},{"url":"alivefoot.us"},{"url":"arbitro10.com"},{"url":"allhard.org"},{"url":"babesnude.info"},{"url":"aysel.today"},{"url":"animepornx.com"},{"url":"bahisideal20.com"},{"url":"analyseindustrie.nl"},{"url":"bahis10line.org"},{"url":"apoel365.net"},{"url":"bahissitelerisikayetleri.com"},{"url":"bambusratte.com"},{"url":"banzaj.pl"},{"url":"barlevegas.com"},{"url":"baston.info"},{"url":"atomcurve.com"},{"url":"atascadocherba.com"},{"url":"astrologer.gr"},{"url":"adultpicz.com"},{"url":"alleporno.com"},{"url":"beaver-tube.com"},{"url":"beachbabes.info"},{"url":"bearworldmagazine.com"},{"url":"bebegimdensonra.com"},{"url":"autoy

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics-spare.pma (copy)

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):4194304
                                          Entropy (8bit):0.0
                                          Encrypted:false
                                          SSDEEP:3::
                                          MD5:B5CFA9D6C8FEBD618F91AC2843D50A1C
                                          SHA1:2BCCBD2F38F15C13EB7D5A89FD9D85F595E23BC3
                                          SHA-256:BB9F8DF61474D25E71FA00722318CD387396CA1736605E1248821CC0DE3D3AF8
                                          SHA-512:BD273BF4E10ED6E305ECB7B781CB065545FCE9BE9F1E2968DF22C3A98F82D719855AAFE5FF303D14EA623A5C55E51E924E10033A92A7A6B07725D7E9692B74F5
                                          Malicious:false
                                          Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics-spare.pma.tmp

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):4194304
                                          Entropy (8bit):0.0
                                          Encrypted:false
                                          SSDEEP:3::
                                          MD5:B5CFA9D6C8FEBD618F91AC2843D50A1C
                                          SHA1:2BCCBD2F38F15C13EB7D5A89FD9D85F595E23BC3
                                          SHA-256:BB9F8DF61474D25E71FA00722318CD387396CA1736605E1248821CC0DE3D3AF8
                                          SHA-512:BD273BF4E10ED6E305ECB7B781CB065545FCE9BE9F1E2968DF22C3A98F82D719855AAFE5FF303D14EA623A5C55E51E924E10033A92A7A6B07725D7E9692B74F5
                                          Malicious:false
                                          Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-66D4B845-1168.pma

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):4194304
                                          Entropy (8bit):0.03996845801245357
                                          Encrypted:false
                                          SSDEEP:192:5q01utmqvDDKaW5JviaVRaPr3nXgXXTFOT5DhKfINEydeRQMQtLSn8y08Tcm2RGY:00EtVISQzGh/TG4LS08T2RGOD
                                          MD5:ED327B16F28E46B31369D3FB45088279
                                          SHA1:95A81992605EDBC7E4BAA930BE84A15EFC989C8D
                                          SHA-256:36C415F6C3731E5FDFC24EBEF3DCDB081F1E0BB50E8FB96F03849E1E5CAE2D81
                                          SHA-512:A32825B8856947BAF332BAF03EB4F6F7AFE0F8C47B5664C26AD528AEB40CAFAE046C2427DCA2BB6265FA6F5E2A373A2CB983A5A3F5A2EA6FC5CD622EAD9AC1C8
                                          Malicious:false
                                          Preview:...@..@...@.....C.].....@................a..HQ..............`... ...i.y.........BrowserMetrics......i.y..Yd. .......A...................v.0.....UV&K.k<................UV&K.k<................UMA.PersistentHistograms.InitResult.....8...i.y.[".................................................i.y.Pq.30....e.........117.0.2045.47-64..".en-GB*...Windows NT..10.0.190452l..x86_64..?........".edgcoy20,1(.0..8..B.......2.:.M..BU..Be...?j...GenuineIntel... .. ..........x86_64...J....k..^o..J..l.zL.^o..J....\.^o..J.....f.^o..J....?.^o..P.Z...b.INBXj....... .8.@............./......................w..U.>.........."....."...2...".*.:............B)..1.3.147.37.. .*.RegKeyNotFound2.windowsR...Z.....K7..E@..$...SF@.......Y@.......Y@.......Y@........?........?.................?.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@................Y@.......Y@.......Y@........?........?z.......................................................................................

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-66D4B845-1C24.pma

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):4194304
                                          Entropy (8bit):0.4681704317917389
                                          Encrypted:false
                                          SSDEEP:6144:ojdGKZqfkmlKaH5l3clwq/4NwNYzaHaG:otmlJPr+
                                          MD5:348348ABAFF90EA9A140D5EA65E91D77
                                          SHA1:FF85BCD6B11E0C306CCBD3FB0D0B4907ABD6656C
                                          SHA-256:076C635404EC3C237F24A9906EA7593909F6BCADA3D5B81FF9130B13FB63D584
                                          SHA-512:BDF8EB61F22775E9F7A03382C8C52FF01A45CA0C1533A3A92F59DE3A033C417D220C057FE8D5358947CE9B5C1FC6F9C7DF0CCE663090D0A04AAF4273A94B6C74
                                          Malicious:false
                                          Preview:...@..@...@.....C.].....@...............p..................`... ...i.y.........BrowserMetrics......i.y..Yd. .......A...................v.0.....UV&K.k<................UV&K.k<................UMA.PersistentHistograms.InitResult.....8...i.y.[".................................................i.y.Pq.30....i.........117.0.2045.47-64..".en-GB*...Windows NT..10.0.190452l..x86_64..?........".edgcoy20,1(.0..8..B.......2.:.M..BU..Be...?j...GenuineIntel... .. ..........x86_64...J....k..^o..J..l.zL.^o..J....\.^o..J.....f.^o..J....?.^o..P.Z...b.INBXj....... .8.@............./......................w..U?:K..>.........."....."...2...".*.:............B)..1.3.147.37.. .*.RegKeyNotFound2.windowsR...Z.....K7..E@..$...SF@.......Y@.......Y@.......Y@........?........?.................?.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@................Y@.......Y@.......Y@........?........?z............<..8...#...msNurturingAssistanceHomeDependency.....triggered....(..$...

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-66D4B859-21E8.pma

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):4194304
                                          Entropy (8bit):0.04043971407352643
                                          Encrypted:false
                                          SSDEEP:192:oC0EbtmqvDMKX2JLMo40QqpIg7XpIL0BKdjh0CLNcnI1gQMkiEtn8y08Tcm2RGOD:x0Etw4vslY7hx4ggAiK08T2RGOD
                                          MD5:5EA6982C301D5BEAA11F78E837715175
                                          SHA1:77B141553FFEB523CB14A3CBF382EA7417465FC1
                                          SHA-256:4C12DC27B6051369D98F150AA95AD7BA5D374E206B18F60651F216B91F6612AB
                                          SHA-512:69AE9C67B4FD8F9D175A7C35FF87DE0540193567EB3EBC987857F770A57382F7AC6363ED135220477EF33A1C5E83720E4F679A8A8BCF9B0DEDC4D2B9AA79D148
                                          Malicious:false
                                          Preview:...@..@...@.....C.].....@...............pa..(Q..............`... ...i.y.........BrowserMetrics......i.y..Yd. .......A...................v.0.....UV&K.k<................UV&K.k<................UMA.PersistentHistograms.InitResult.....8...i.y.[".................................................i.y.Pq.30....}.........117.0.2045.47-64..".en-GB*...Windows NT..10.0.190452l..x86_64..?........".edgcoy20,1(.0..8..B.......2.:.M..BU..Be...?j...GenuineIntel... .. ..........x86_64...J....k..^o..J..l.zL.^o..J...I.r.^o..J....\.^o..J.....f.^o..J....?.^o..P.Z...b.INBXj....... .8.@............./......................w..U].0r........>.........."....."...2...".*.:............B)..1.3.147.37.. .*.RegKeyNotFound2.windowsR...Z.....K7..E@..$...SF@.......Y@.......Y@.......Y@........?........?.................?.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@................Y@.......Y@.......Y@........?........?z...............................................................

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-66D4B861-E14.pma

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):4194304
                                          Entropy (8bit):0.03990523701798616
                                          Encrypted:false
                                          SSDEEP:192:Zm0EbtmqvD3KX74JEa3Xxx7uqZGXPtg34khtbNE3nn/1gQMp5ojnMn8y08Tcm2Rl:A0Etxe18xphlC9gF5X08T2RGOD
                                          MD5:363882EAA11A1533A6FBF2D0982C1338
                                          SHA1:4D79881369588362C6C50218AEF87768F7A1A866
                                          SHA-256:024CC8889F2DF2D82218746ADBDD27606075025CE357E8E3ECF4DE26D2CED27F
                                          SHA-512:BBB0B93926DEF5DDFE0CD826900272A816C89FB945D5B0BEC41AAE8A8FB84B8011CA0336794B40916E483A1000FAF197CCC1843CF0C256D6A63F41B0420E0FC7
                                          Malicious:false
                                          Preview:...@..@...@.....C.].....@................`...O..............`... ...i.y.........BrowserMetrics......i.y..Yd. .......A...................v.0.....UV&K.k<................UV&K.k<................UMA.PersistentHistograms.InitResult.....8...i.y.[".................................................i.y.Pq.30....}.........117.0.2045.47-64..".en-GB*...Windows NT..10.0.190452l..x86_64..?........".edgcoy20,1(.0..8..B.......2.:.M..BU..Be...?j...GenuineIntel... .. ..........x86_64...J....k..^o..J..l.zL.^o..J...I.r.^o..J....\.^o..J.....f.^o..J....?.^o..P.Z...b.INBXj....... .8.@............./......................w..U].0r........>.........."....."...2...".*.:............B)..1.3.147.37.. .*.RegKeyNotFound2.windowsR...Z.....K7..E@..$...SF@.......Y@.......Y@.......Y@........?........?.................?.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@................Y@.......Y@.......Y@........?........?z...............................................................

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\CrashpadMetrics-active.pma

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):16384
                                          Entropy (8bit):0.3553968406659012
                                          Encrypted:false
                                          SSDEEP:12:biUXhV0xosU8xCe+JKlkQuMRxCb8ZXfgYJ0IJpP0KLsyW1L7Fx6:bFRqxosU8xWMk8xVZ4YWI30otWn
                                          MD5:CFAB81B800EDABACBF6CB61AA78D5258
                                          SHA1:2730D4DA1BE7238D701DC84EB708A064B8D1CF27
                                          SHA-256:452A5479B9A2E03612576C30D30E6F51F51274CD30EF576EA1E71D20C657376F
                                          SHA-512:EC188B0EE4D3DAABC26799B34EE471BEE988BDD7CEB011ED7DF3D4CF26F98932BBBB4B70DC2B7FD4DF9A3981B3CE22F4B5BE4A0DB97514D526E521575EFB2EC6
                                          Malicious:false
                                          Preview:...@.@...@..............@...................................`... ...i.y.........CrashpadMetrics.....i.y..Yd.h.......A.......e............,.........W.......................W....................Microsoft.UMA.PersistentAllocator.CrashpadMetrics.UsedPct.......h...i.y.[".................................!...&...+...0...6...;...@...E...K...P...U...Z...`...e...........i.y..Yd.........A............................E.[4.f..................E.[4.f.................Microsoft.UMA.PersistentAllocator.CrashpadMetrics.Errors............i.y..Yd.........A..................._..-`....h-.....................h-....................Crashpad.HandlerLifetimeMilestone.......0...i.y.[".........................................i.y..Yd.@.......C...........................VM....],................WM....],................Stability.BrowserExitCodes...... ...i.y......VM....],........H...i.y.1U!S............................................................ ...i.y...0...WM....],........................................

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):280
                                          Entropy (8bit):3.060980776278344
                                          Encrypted:false
                                          SSDEEP:3:FiWWltl/9UgBVP/Sh/JzvLi2RRIxINXj1J1:o1//BVsJDG2Yq
                                          MD5:74B32A83C9311607EB525C6E23854EE0
                                          SHA1:C345A4A3BB52D7CD94EA63B75A424BE7B52CFCD2
                                          SHA-256:06509A7E418D9CCE502E897EAEEE8C6E3DCB1D0622B421DD968AF3916A5BFF90
                                          SHA-512:ADC193A89F0E476E7326B4EA0472814FE6DD0C16FC010AAF7B4CF78567D5DF6A1574C1CE99A63018AFE7E9AD68918147880621A3C00FAA7AD1014A0056B4B9C4
                                          Malicious:false
                                          Preview:sdPC......................5.y&.K.?....................................................................................................................................47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=....................48ea0ba2-e9bb-4568-92cb-0f42a5c5d505............

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\065580ab-c5f8-4d6e-8c08-76ffa057f7b2.tmp

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:ASCII text, with very long lines (1597), with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):115717
                                          Entropy (8bit):5.183660917461099
                                          Encrypted:false
                                          SSDEEP:1536:utDURN77GZqW3v6PD/469IxVBmB22q7LRks3swn0:utAaE2Jt0
                                          MD5:3D8183370B5E2A9D11D43EBEF474B305
                                          SHA1:155AB0A46E019E834FA556F3D818399BFF02162B
                                          SHA-256:6A30BADAD93601FC8987B8239D8907BCBE65E8F1993E4D045D91A77338A2A5B4
                                          SHA-512:B7AD04F10CD5DE147BDBBE2D642B18E9ECB2D39851BE1286FDC65FF83985EA30278C95263C98999B6D94683AE1DB86436877C30A40992ACA1743097A2526FE81
                                          Malicious:false
                                          Preview:{.. "current_locale": "en-GB",.. "hub_apps": [ {.. "auto_show": {.. "enabled": true,.. "fre_notification": {.. "enabled": true,.. "header": "Was opening this pane helpful to you?",.. "show_count": 2,.. "text": "Was opening this pane helpful to you?".. },.. "settings_description": "We'll automatically open Bing Chat in the sidebar to show you relevant web experiences alongside your web content",.. "settings_title": "Automatically open Bing Chat in the sidebar",.. "triggering_configs|flight:msHubAppsMsnArticleAutoShowTriggering": [ {.. "show_count_basis": "signal",.. "signal_name": "IsMsnArticleAutoOpenFromP1P2",.. "signal_threshold": 0.5.. } ],.. "triggering_configs|flight:msUndersidePersistentChat": [ {.. "signal_name": "IsUndersidePersistentChatLink",.. "signal_threshold": 0.5.. } ],.. "triggering_co

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\1193e7e8-b934-497f-a72f-43fcc3230f8f.tmp

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:JSON data
                                          Category:dropped
                                          Size (bytes):34462
                                          Entropy (8bit):5.558682880007441
                                          Encrypted:false
                                          SSDEEP:768:mHVug+YsWPWcfzc8F1+UoAYDCx9Tuqh0VfUC9xbog/OVelevfrwgPcDdKpTtuP:mH4DYsWPWcfzcu1jan8vsgP2utQ
                                          MD5:4643D7CD3259C1BEBE877B5AA526CA0F
                                          SHA1:25EB2096F49C3270C22648FB42FC30BCC5F5A2FF
                                          SHA-256:A9B3F9CEEB44A4AA26446A95970A4BFE0B4163EE29872BDAB0FA2BD474CBD6C7
                                          SHA-512:9EF7F97AE7BDC52AFF7CF27272EC5742716BE1A81788BA9F31D72A5A12C15206A8039785C5489DB67F840DE9A33684FC71609ABF6C08990E09E25CC836A2CB33
                                          Malicious:false
                                          Preview:{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13369690439063975","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13369690439063975","location":5,"ma

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\35523baf-69b4-4175-b6f1-a2cb57e7468f.tmp

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:very short file (no magic)
                                          Category:dropped
                                          Size (bytes):1
                                          Entropy (8bit):0.0
                                          Encrypted:false
                                          SSDEEP:3:L:L
                                          MD5:5058F1AF8388633F609CADB75A75DC9D
                                          SHA1:3A52CE780950D4D969792A2559CD519D7EE8C727
                                          SHA-256:CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
                                          SHA-512:0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
                                          Malicious:false
                                          Preview:.

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\41146758-f5e8-4460-8dbb-8b6df984544b.tmp

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:JSON data
                                          Category:dropped
                                          Size (bytes):12269
                                          Entropy (8bit):5.072470776687661
                                          Encrypted:false
                                          SSDEEP:192:sVYJ9pQTryZigaba4uyRJfdyaYa388Ipj+FVGQAlLA1f:sVYLA3umJfdyDpU8Q4K
                                          MD5:7A3184E2530C9511D9E8A6D74F71D85B
                                          SHA1:BF16AC23CA289810D283EB7BF9A90C742F6454AB
                                          SHA-256:CC1D5F8A1F4CB0A0F3BD42C4F56552D307C528DF6348946CAB77CF018EF0771B
                                          SHA-512:D79B3AEA7ACDD0F82BA83DD09422D5BCC7FB12B54DEB2354F9574F2A7D96B7B92153B6FD85F289DA0598EE9548EC1F35685EDD2BE8A190A495CE66CCB75E6644
                                          Malicious:false
                                          Preview:{"aadc_info":{"age_group":0},"account_id_migration_state":2,"account_tracker_service_last_update":"13369690439798544","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117794":{"last_path":""},"380c71d3-10bf-4a5d-9a06-c932e4b7d1d8":{"last_path":""},"3a2f4dee-d482-4ef8-baef-cb22b649608c":{"last_path":""},"3b5ee6f6-5322-4061-81e4-d976818

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\64ecbe40-9e7f-413b-a117-f55aa6734266.tmp

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:JSON data
                                          Category:dropped
                                          Size (bytes):12926
                                          Entropy (8bit):5.16642277980065
                                          Encrypted:false
                                          SSDEEP:192:sVYJ9pQTryZiuaba4uyRJfdyCr3bYa3g8Ipj+FVGQAlLA1f:sVYLAJumJfdywSpU8Q4K
                                          MD5:B8B00622E127A5129EE71F3BDB1EC278
                                          SHA1:2CC153E5613B69E3E2067827A67FAF4A98194F40
                                          SHA-256:C8340D2DB2D4B6781CAE0747821A7D2ADB5A25AE519EC772258F38CABDC20F48
                                          SHA-512:84DDA49B553E4D1908B1204AE453593A7E7409E7AB36E51DE9C03EAC47AB98DFF8E6DB47C3666B0C395647E1C4426C7E444BA6738E4E7625EA7084338D28C4B8
                                          Malicious:false
                                          Preview:{"aadc_info":{"age_group":0},"account_id_migration_state":2,"account_tracker_service_last_update":"13369690439798544","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117794":{"last_path":""},"380c71d3-10bf-4a5d-9a06-c932e4b7d1d8":{"last_path":""},"3a2f4dee-d482-4ef8-baef-cb22b649608c":{"last_path":""},"3b5ee6f6-5322-4061-81e4-d976818

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\73359451-9387-4199-a403-86749fa141ee.tmp

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:JSON data
                                          Category:dropped
                                          Size (bytes):37817
                                          Entropy (8bit):5.556117391217517
                                          Encrypted:false
                                          SSDEEP:768:mHVug+oR7pLGLvWsWPWcfkc8F1+UoAYDCx9Tuqh0VfUC9xbog/OVelevfrwgPUDE:mH4DoHcvWsWPWcfkcu1jan8vsgPuutj
                                          MD5:DDF26939DA8F9DBBD2B114E092B73F8E
                                          SHA1:0B17C751742C47B1F3B7BCD3B0C12DC3EE7C5D5B
                                          SHA-256:B4A83D7D71ACD0EA508EFEA30B78A8975B093A1CE72635586739EA777A5F1E89
                                          SHA-512:3D8EA89C020A4FB7F097C8F54284FED4B61904D97B06AA9F93184EE3619182C684FBA45014FC218628198E807E6E3542498EF415C3C70624BD40B89C399C33B4
                                          Malicious:false
                                          Preview:{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13369690439063975","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13369690439063975","location":5,"ma

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\8a4026ec-8955-4e1c-a041-d8719f17b93f.tmp

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:JSON data
                                          Category:dropped
                                          Size (bytes):39660
                                          Entropy (8bit):5.562501678191569
                                          Encrypted:false
                                          SSDEEP:768:mHVug+oR7pLGLvWsWPWcfkc8F1+UoAYDCx9Tuqh0VfUC9xbog/OVq9mlevfrwgP4:mH4DoHcvWsWPWcfkcu1jaf9m8vsgPxuN
                                          MD5:15829017BC24C480E43EFD150FB3E111
                                          SHA1:993074EA399BF0E5978571553F82496D92BF9258
                                          SHA-256:7A77509E16E35433DD6962C094698E31BBE4442BF33256F378B8059C341F95D7
                                          SHA-512:10621A66C4111224E80981A29CAF05F2DE18C79A96C4BE9BE1BE639C1EBC2208D98AFB10C24610933B001DA666955697F1D85C38A3C8DB9353B289EE714A7BFA
                                          Malicious:false
                                          Preview:{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13369690439063975","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13369690439063975","location":5,"ma

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\8ce15003-ac76-4731-92c1-0248f0ca31a8.tmp

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:JSON data
                                          Category:dropped
                                          Size (bytes):13581
                                          Entropy (8bit):5.238946951143499
                                          Encrypted:false
                                          SSDEEP:192:sVYJ9pQTryZiuaba4uyRJfdyCr3z+OYa3g8Ipj+FVGQA1LA1f:sVYLAJumJfdywzEpU8QMK
                                          MD5:25D3010A912FB5412D7F3D63071EEF29
                                          SHA1:BC3B84DEA9B44FE60F3AD6F284409B411E6F6CD8
                                          SHA-256:EB268DF276562C7C156E7B5B1E5943A136803F44A3596F111DD1E4633CD2E50E
                                          SHA-512:FBDA556304A54B01DB6FC3BBFF7F3ECEB838478386EA08F7DC35EC9591E2CD1325FED80D642024A106075FE564DE6C471D08F2733D0AF211373BBCFE9B343586
                                          Malicious:false
                                          Preview:{"aadc_info":{"age_group":0},"account_id_migration_state":2,"account_tracker_service_last_update":"13369690439798544","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117794":{"last_path":""},"380c71d3-10bf-4a5d-9a06-c932e4b7d1d8":{"last_path":""},"3a2f4dee-d482-4ef8-baef-cb22b649608c":{"last_path":""},"3b5ee6f6-5322-4061-81e4-d976818

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\9060a730-f3c2-4880-bbfc-33b2bcb7aa37.tmp

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:very short file (no magic)
                                          Category:dropped
                                          Size (bytes):1
                                          Entropy (8bit):0.0
                                          Encrypted:false
                                          SSDEEP:3:L:L
                                          MD5:5058F1AF8388633F609CADB75A75DC9D
                                          SHA1:3A52CE780950D4D969792A2559CD519D7EE8C727
                                          SHA-256:CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
                                          SHA-512:0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
                                          Malicious:false
                                          Preview:.

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\000001.dbtmp

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:ASCII text
                                          Category:dropped
                                          Size (bytes):16
                                          Entropy (8bit):3.2743974703476995
                                          Encrypted:false
                                          SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                          MD5:46295CAC801E5D4857D09837238A6394
                                          SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                          SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                          SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                          Malicious:false
                                          Preview:MANIFEST-000001.

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\000003.log

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:data
                                          Category:modified
                                          Size (bytes):1695826
                                          Entropy (8bit):5.041143860413311
                                          Encrypted:false
                                          SSDEEP:24576:cPfQUg6kAdRhiGzmYoAo2ENU0ifYeV3br2M:cPfZ/mS5
                                          MD5:F4CB203536C333DD79BF229259C31093
                                          SHA1:A75B6E31EE4B1F70D0AFBE157A817DAA5F0C8AE5
                                          SHA-256:D08D50FF7F5F55676CE31D7C18C7DE53674B2949C35B40E12B9AA7668A73F73A
                                          SHA-512:B380E1CA795808DB8C75F2A26267781867CBF31D7ABA8BCAA92EFD477BD45AB0A0AFDE4A3E168843280AEB2862DC199FF3E030BF136D26ED2D3EBAD36082F01B
                                          Malicious:false
                                          Preview:...m.................DB_VERSION.1.....................QUERY_TIMESTAMP:arbitration_priority_list4.*.*.13369690445696419.$QUERY:arbitration_priority_list4.*.*..[{"name":"arbitration_priority_list","url":"https://edgeassetservice.azureedge.net/assets/arbitration_priority_list/4.0.5/asset?assetgroup=ArbitrationService","version":{"major":4,"minor":0,"patch":5},"hash":"2DPW9BV28WrPpgGHdKsEvldNQvD7dA0AAxPa3B/lKN0=","size":11989}]'S...................QUERY_TIMESTAMP:edge_hub_apps_manifest_gz4.7.*.13369690445698786.$QUERY:edge_hub_apps_manifest_gz4.7.*..[{"name":"edge_hub_apps_manifest_gz","url":"https://edgeassetservice.azureedge.net/assets/edge_hub_apps_manifest_gz/4.7.107/asset?assetgroup=Shoreline","version":{"major":4,"minor":7,"patch":107},"hash":"Qoxdh2pZS19o99emYo77uFsfzxtXVDB75kV6eln53YE=","size":1682291}]=_.../..............'ASSET_VERSION:arbitration_priority_list.4.0.5..ASSET:arbitration_priority_list.]{.. "configVersion": 32,.. "PrivilegedExperiences": [.. "ShorelinePrivileged

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\CURRENT (copy)

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:ASCII text
                                          Category:dropped
                                          Size (bytes):16
                                          Entropy (8bit):3.2743974703476995
                                          Encrypted:false
                                          SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                          MD5:46295CAC801E5D4857D09837238A6394
                                          SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                          SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                          SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                          Malicious:false
                                          Preview:MANIFEST-000001.

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:ASCII text
                                          Category:dropped
                                          Size (bytes):293
                                          Entropy (8bit):5.088831489250467
                                          Encrypted:false
                                          SSDEEP:6:PVR3Kds1wkn23oH+Tcwt9Eh1ZB2KLllVR5T2N1yq2Pwkn23oH+Tcwt9Eh1tIFUv:PTQLfYeb9Eh1ZFLnRU4vYfYeb9Eh16F2
                                          MD5:4DC8F304B2D58EC2C265D0F13BB6B123
                                          SHA1:E9135C158EE71D91F4C7D22F19A95400F6FF388A
                                          SHA-256:858D78D86E17AD2439FDAE3A000B175DB2B241B032B7EE405A2956097FB5526E
                                          SHA-512:32B09EA492E6DE6839D38310A7D3538C5A22B2A53C7A34B74D98D04DD52471B21261CFB34DB1F45B011B51C9272A5FF39B03FD1B4ABCA4EC4C08279B2ED3A770
                                          Malicious:false
                                          Preview:2024/09/01-14:54:04.716 2070 Creating DB C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db since it was missing..2024/09/01-14:54:04.962 2070 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db/MANIFEST-000001.

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\MANIFEST-000001

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:OpenPGP Secret Key
                                          Category:dropped
                                          Size (bytes):41
                                          Entropy (8bit):4.704993772857998
                                          Encrypted:false
                                          SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                          MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                          SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                          SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                          SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                          Malicious:false
                                          Preview:.|.."....leveldb.BytewiseComparator......

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AssistanceHome\AssistanceHomeSQLite

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 1
                                          Category:dropped
                                          Size (bytes):12288
                                          Entropy (8bit):0.3202460253800455
                                          Encrypted:false
                                          SSDEEP:6:l9bNFlEuWk8TRH9MRumWEyE4gLueXdNOmWxFxCxmWxYgCxmW5y/mWz4ynLAtD/W4:TLiuWkMORuHEyESeXdwDQ3SOAtD/ie
                                          MD5:40B18EC43DB334E7B3F6295C7626F28D
                                          SHA1:0E46584B0E0A9703C6B2EC1D246F41E63AF2296F
                                          SHA-256:85E961767239E90A361FB6AA0A3FD9DAA57CAAF9E30599BB70124F1954B751C8
                                          SHA-512:8BDACDC4A9559E4273AD01407D5D411035EECD927385A51172F401558444AD29B5AD2DC5562D1101244665EBE86BBDDE072E75ECA050B051482005EB6A52CDBD
                                          Malicious:false
                                          Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DIPS

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 1
                                          Category:dropped
                                          Size (bytes):28672
                                          Entropy (8bit):0.465597534588093
                                          Encrypted:false
                                          SSDEEP:24:TLi5YFQq3qh7z3WMYziciNW9WkZ96UwOfBNjfG:TouQq3qh7z3bY2LNW9WMcUvBk
                                          MD5:666548C6B910D706CA28AEE9B4AF4F3A
                                          SHA1:EED32041442ABA731501853ED6E038BC57C05C60
                                          SHA-256:B08569696B65E48C5D4DFFFC9EE2CAF911677B1BA5C6F9E50D459CDEF9F04D5F
                                          SHA-512:E6C9AAE1918FD3B74D2D3124FCCDF38C725346B3E881F58169F29EDDB258AFCE863B6AE58DFDCBED86ED4E3C5E3997EACBA2064642F42A80BBE5BB799F77230B
                                          Malicious:false
                                          Preview:SQLite format 3......@ ..........................................................................j..........g.....8...n................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DawnCache\data_0

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:FoxPro FPT, blocks size 512, next free block index 3284796609, field type 0
                                          Category:dropped
                                          Size (bytes):8192
                                          Entropy (8bit):0.01057775872642915
                                          Encrypted:false
                                          SSDEEP:3:MsFl:/F
                                          MD5:CF89D16BB9107C631DAABF0C0EE58EFB
                                          SHA1:3AE5D3A7CF1F94A56E42F9A58D90A0B9616AE74B
                                          SHA-256:D6A5FE39CD672781B256E0E3102F7022635F1D4BB7CFCC90A80FFFE4D0F3877E
                                          SHA-512:8CB5B059C8105EB91E74A7D5952437AAA1ADA89763C5843E7B0F1B93D9EBE15ED40F287C652229291FAC02D712CF7FF5ECECEF276BA0D7DDC35558A3EC3F77B0
                                          Malicious:false
                                          Preview:............$...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DawnCache\data_1

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):270336
                                          Entropy (8bit):8.280239615765425E-4
                                          Encrypted:false
                                          SSDEEP:3:MsEllllkEthXllkl2:/M/xT02
                                          MD5:D0D388F3865D0523E451D6BA0BE34CC4
                                          SHA1:8571C6A52AACC2747C048E3419E5657B74612995
                                          SHA-256:902F30C1FB0597D0734BC34B979EC5D131F8F39A4B71B338083821216EC8D61B
                                          SHA-512:376011D00DE659EB6082A74E862CFAC97A9BB508E0B740761505142E2D24EC1C30AA61EFBC1C0DD08FF0F34734444DE7F77DD90A6CA42B48A4C7FAD5F0BDDD17
                                          Malicious:false
                                          Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DawnCache\data_2

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):8192
                                          Entropy (8bit):0.011852361981932763
                                          Encrypted:false
                                          SSDEEP:3:MsHlDll:/H
                                          MD5:0962291D6D367570BEE5454721C17E11
                                          SHA1:59D10A893EF321A706A9255176761366115BEDCB
                                          SHA-256:EC1702806F4CC7C42A82FC2B38E89835FDE7C64BB32060E0823C9077CA92EFB7
                                          SHA-512:F555E961B69E09628EAF9C61F465871E6984CD4D31014F954BB747351DAD9CEA6D17C1DB4BCA2C1EB7F187CB5F3C0518748C339C8B43BBD1DBD94AEAA16F58ED
                                          Malicious:false
                                          Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DawnCache\data_3

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):8192
                                          Entropy (8bit):0.012340643231932763
                                          Encrypted:false
                                          SSDEEP:3:MsGl3ll:/y
                                          MD5:41876349CB12D6DB992F1309F22DF3F0
                                          SHA1:5CF26B3420FC0302CD0A71E8D029739B8765BE27
                                          SHA-256:E09F42C398D688DCE168570291F1F92D079987DEDA3099A34ADB9E8C0522B30C
                                          SHA-512:E9A4FC1F7CB6AE2901F8E02354A92C4AAA7A53C640DCF692DB42A27A5ACC2A3BFB25A0DE0EB08AB53983132016E7D43132EA4292E439BB636AAFD53FB6EF907E
                                          Malicious:false
                                          Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DawnCache\index

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:FoxPro FPT, blocks size 768, next free block index 3284796353, field type 0
                                          Category:dropped
                                          Size (bytes):262512
                                          Entropy (8bit):9.553120663130604E-4
                                          Encrypted:false
                                          SSDEEP:3:LsNl1D9/:Ls3J
                                          MD5:E5CC476E4446F1A98A30D885BE0A50A4
                                          SHA1:BD1BE757C7613BAE92A8014CF31838507F4E22FB
                                          SHA-256:D291BFA5967698090F19D8B70AE4D9CA3AAEA5C25A1CF709EBDA28CF22670C11
                                          SHA-512:1D1729365D0E554CAE96E2AD466957BA2727A8F34316FDDDB80768F4E913B88FFDAC45DA0AE8C4BE168D7CBA59671B5E508F76DDFC11D97C3D2CBA4BF5E1E2B2
                                          Malicious:false
                                          Preview:..........................................f.../.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\000001.dbtmp

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:ASCII text
                                          Category:dropped
                                          Size (bytes):16
                                          Entropy (8bit):3.2743974703476995
                                          Encrypted:false
                                          SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                          MD5:46295CAC801E5D4857D09837238A6394
                                          SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                          SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                          SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                          Malicious:false
                                          Preview:MANIFEST-000001.

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\000003.log

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):33
                                          Entropy (8bit):3.5394429593752084
                                          Encrypted:false
                                          SSDEEP:3:iWstvhYNrkUn:iptAd
                                          MD5:F27314DD366903BBC6141EAE524B0FDE
                                          SHA1:4714D4A11C53CF4258C3A0246B98E5F5A01FBC12
                                          SHA-256:68C7AD234755B9EDB06832A084D092660970C89A7305E0C47D327B6AC50DD898
                                          SHA-512:07A0D529D9458DE5E46385F2A9D77E0987567BA908B53DDB1F83D40D99A72E6B2E3586B9F79C2264A83422C4E7FC6559CAC029A6F969F793F7407212BB3ECD51
                                          Malicious:false
                                          Preview:...m.................DB_VERSION.1

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\CURRENT (copy)

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:ASCII text
                                          Category:dropped
                                          Size (bytes):16
                                          Entropy (8bit):3.2743974703476995
                                          Encrypted:false
                                          SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                          MD5:46295CAC801E5D4857D09837238A6394
                                          SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                          SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                          SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                          Malicious:false
                                          Preview:MANIFEST-000001.

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\LOG

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:ASCII text
                                          Category:dropped
                                          Size (bytes):305
                                          Entropy (8bit):5.215217024903722
                                          Encrypted:false
                                          SSDEEP:6:PVRFxAEq1wkn23oH+TcwtnG2tbB2KLllVRFJdX9+q2Pwkn23oH+TcwtnG2tMsIF2:Ph1fYebn9VFLnzdovYfYebn9GFUv
                                          MD5:FBE3AF01611DF6D77E3B794776CC0E47
                                          SHA1:C50678CED9F64032191FA8B1A36DCEA775C217E5
                                          SHA-256:473D9CE09C6FFBBC76F1CF8A1BE0DA0AD1B16367EB3359ED3FC14F4E0019EF7E
                                          SHA-512:DB8C7F8C3EBB877DB3B123839EB86022111ADC30511CAD092A99E85B47849D17ABA0BD01B88EF9C97CCD4D7278754217821D007C2C11412E98D39A5B00EF443A
                                          Malicious:false
                                          Preview:2024/09/01-14:53:59.118 1d88 Creating DB C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons/coupons_data.db since it was missing..2024/09/01-14:53:59.151 1d88 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons/coupons_data.db/MANIFEST-000001.

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\MANIFEST-000001

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:OpenPGP Secret Key
                                          Category:dropped
                                          Size (bytes):41
                                          Entropy (8bit):4.704993772857998
                                          Encrypted:false
                                          SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                          MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                          SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                          SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                          SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                          Malicious:false
                                          Preview:.|.."....leveldb.BytewiseComparator......

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeEDrop\EdgeEDropSQLite.db

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 14, database pages 8, cookie 0xe, schema 4, UTF-8, version-valid-for 14
                                          Category:dropped
                                          Size (bytes):32768
                                          Entropy (8bit):0.494709561094235
                                          Encrypted:false
                                          SSDEEP:24:TLEC30OIcqIn2o0FUFlA2cs0US5S693Xlej2:ThLaJUnAg0UB6I
                                          MD5:CF7760533536E2AF66EA68BC3561B74D
                                          SHA1:E991DE2EA8F42AE7E0A96A3B3B8AF87A689C8CCD
                                          SHA-256:E1F183FAE5652BA52F5363A7E28BF62B53E7781314C9AB76B5708AF9918BE066
                                          SHA-512:38B15FE7503F6DFF9D39BC74AA0150A7FF038029F973BE9A37456CDE6807BCBDEAB06E624331C8DFDABE95A5973B0EE26A391DB2587E614A37ADD50046470162
                                          Malicious:false
                                          Preview:SQLite format 3......@ ..........................................................................j...i............t...c................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeHubAppUsage\EdgeHubAppUsageSQLite.db

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 5, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 5
                                          Category:dropped
                                          Size (bytes):20480
                                          Entropy (8bit):0.6138338181493509
                                          Encrypted:false
                                          SSDEEP:12:TLW4QpRSJDBJuqJSEDNvrWjJQ9Dl9np59yDLgHFUxOUDaaTXubHa7mWBIoRlMAqr:TLqpR+DDNzWjJ0npnyXKUO8+jolp/mL
                                          MD5:0D1F9EDCA9775C1E7284E32548700052
                                          SHA1:68ADAAB7B9CD22437505334BA002045E15A66A21
                                          SHA-256:24E256D8225F31C80F123A8C0573CF97E59FADCCE4E3D9A01A780DDB4D0F2BDA
                                          SHA-512:DCF6B611CB58EF2F3387571762EDFA68AB7E2F749285BAC1D5F0A42F0B84BA3265449E3DDA617EE8A2A352DA1D1CBAC013BD045D5D4EB13BC7E9F64E4F3230E2
                                          Malicious:false
                                          Preview:SQLite format 3......@ ..........................................................................j...%.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\000001.dbtmp

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:ASCII text
                                          Category:dropped
                                          Size (bytes):16
                                          Entropy (8bit):3.2743974703476995
                                          Encrypted:false
                                          SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                          MD5:46295CAC801E5D4857D09837238A6394
                                          SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                          SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                          SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                          Malicious:false
                                          Preview:MANIFEST-000001.

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\000003.log

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):375520
                                          Entropy (8bit):5.35410224735829
                                          Encrypted:false
                                          SSDEEP:6144:SA/imBpx6WdPSxKWcHu5MURacq49QxxPnyEndBuHltBfdK5WNbsVEziP/CfXtLPz:SFdMyq49tEndBuHltBfdK5WNbsVEziPU
                                          MD5:939125E436159E9BA775378897735A7C
                                          SHA1:23EE3B6D6B4ED2E90D3E2731FC5AF2F4C5DD3BD4
                                          SHA-256:81F2CDE260B156BBB25A725F10982AE23D7567415875C0092AB0E6CF6A07DF3F
                                          SHA-512:D634EFD6649EF52AC3F4D7446FA9D55B43E2F30EF95DD98E5EB343BC19D04ECA934576D0097DDE5E72645D7DED68060DBD218BC9C4456C6F1B7E12905C0272D0
                                          Malicious:false
                                          Preview:...m.................DB_VERSION.1.v.yq...............&QUERY_TIMESTAMP:domains_config_gz2.*.*.13369690445812541..QUERY:domains_config_gz2.*.*..[{"name":"domains_config_gz","url":"https://edgeassetservice.azureedge.net/assets/domains_config_gz/2.8.76/asset?assetgroup=EntityExtractionDomainsConfig","version":{"major":2,"minor":8,"patch":76},"hash":"78Xsq/1H+MXv88uuTT1Rx79Nu2ryKVXh2J6ZzLZd38w=","size":374872}]..*.`~...............ASSET_VERSION:domains_config_gz.2.8.76..ASSET:domains_config_gz...{"config": {"token_limit": 1600, "page_cutoff": 4320, "default_locale_map": {"bg": "bg-bg", "bs": "bs-ba", "el": "el-gr", "en": "en-us", "es": "es-mx", "et": "et-ee", "cs": "cs-cz", "da": "da-dk", "de": "de-de", "fa": "fa-ir", "fi": "fi-fi", "fr": "fr-fr", "he": "he-il", "hr": "hr-hr", "hu": "hu-hu", "id": "id-id", "is": "is-is", "it": "it-it", "ja": "ja-jp", "ko": "ko-kr", "lv": "lv-lv", "lt": "lt-lt", "mk": "mk-mk", "nl": "nl-nl", "nb": "nb-no", "no": "no-no", "pl": "pl-pl", "pt": "pt-pt", "ro": "

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\CURRENT (copy)

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:ASCII text
                                          Category:dropped
                                          Size (bytes):16
                                          Entropy (8bit):3.2743974703476995
                                          Encrypted:false
                                          SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                          MD5:46295CAC801E5D4857D09837238A6394
                                          SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                          SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                          SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                          Malicious:false
                                          Preview:MANIFEST-000001.

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\LOG

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:ASCII text
                                          Category:dropped
                                          Size (bytes):309
                                          Entropy (8bit):5.16592256595629
                                          Encrypted:false
                                          SSDEEP:6:PVRTeoM1wkn23oH+Tcwtk2WwnvB2KLllVRbYeOq2Pwkn23oH+Tcwtk2WwnvIFUv:PmorfYebkxwnvFLnXGvYfYebkxwnQFUv
                                          MD5:FC0F458170CE7A93F71D52CF0427F4F5
                                          SHA1:B8943229318F8C7E560296A6DF831AA333A78351
                                          SHA-256:49CF69097CE6C9CC0233CC2F3499557EAF06CE74C2CE3257E70D3ED584F3126F
                                          SHA-512:66DB93662B27D99441AD3E1E40D2E4CBE20FB0DA6C170AE7575E7FFD576120FF16DEB4D6A0C2BB93CFA1F9FB5DEFE7C8463DCA9045CA005E601C70CEA4A893E2
                                          Malicious:false
                                          Preview:2024/09/01-14:54:04.698 20a4 Creating DB C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtractionAssetStore.db since it was missing..2024/09/01-14:54:05.076 20a4 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtractionAssetStore.db/MANIFEST-000001.

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\MANIFEST-000001

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:OpenPGP Secret Key
                                          Category:dropped
                                          Size (bytes):41
                                          Entropy (8bit):4.704993772857998
                                          Encrypted:false
                                          SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                          MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                          SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                          SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                          SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                          Malicious:false
                                          Preview:.|.."....leveldb.BytewiseComparator......

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\domains_config.json

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:JSON data
                                          Category:modified
                                          Size (bytes):358860
                                          Entropy (8bit):5.324620338913552
                                          Encrypted:false
                                          SSDEEP:6144:CgimBVvUrsc6rRA81b/18jyJNjfvrfM6R8:C1gAg1zfvk
                                          MD5:32F1489DDDAA8FAAFB1D370B30E3BAD5
                                          SHA1:C6A2B392BA4311CC1DFEDD3BE3EE2A5C48C892C6
                                          SHA-256:B322F640E5F5A1DC2024D5F9E4A0E17EF95A187894F0D150D092DEC56472DEB3
                                          SHA-512:3D231939F156A3B2FDD0FEFCB9F2749C338316084A70A76DF446623E9BB73199310CCEF507D95AD36D7098216983649F74C0F1FACF8DE56EDBBD7FF7AB16DAE1
                                          Malicious:false
                                          Preview:{"aee_config":{"ar":{"price_regex":{"ae":"(((ae|aed|\\x{062F}\\x{0660}\\x{0625}\\x{0660}|\\x{062F}\\.\\x{0625}|dhs|dh)\\s*\\d{1,3})|(\\d{1,3}\\s*(ae|aed|\\x{062F}\\x{0660}\\x{0625}\\x{0660}|\\x{062F}\\.\\x{0625}|dhs|dh)))","dz":"(((dzd|da|\\x{062F}\\x{062C})\\s*\\d{1,3})|(\\d{1,3}\\s*(dzd|da|\\x{062F}\\x{062C})))","eg":"(((e\\x{00a3}|egp)\\s*\\d{1,3})|(\\d{1,3}\\s*(e\\x{00a3}|egp)))","ma":"(((mad|dhs|dh)\\s*\\d{1,3})|(\\d{1,3}\\s*(mad|dhs|dh)))","sa":"((\\d{1,3}\\s*(sar\\s*\\x{fdfc}|sar|sr|\\x{fdfc}|\\.\\x{0631}\\.\\x{0633}))|((sar\\s*\\x{fdfc}|sar|sr|\\x{fdfc}|\\.\\x{0631}\\.\\x{0633})\\s*\\d{1,3}))"},"product_terms":"((\\x{0623}\\x{0636}\\x{0641}\\s*\\x{0625}\\x{0644}\\x{0649}\\s*\\x{0627}\\x{0644}\\x{0639}\\x{0631}\\x{0628}\\x{0629})|(\\x{0623}\\x{0636}\\x{0641}\\s*\\x{0625}\\x{0644}\\x{0649}\\s*\\x{0627}\\x{0644}\\x{062D}\\x{0642}\\x{064A}\\x{0628}\\x{0629})|(\\x{0627}\\x{0634}\\x{062A}\\x{0631}\\x{064A}\\s*\\x{0627}\\x{0644}\\x{0622}\\x{0646})|(\\x{062E}\\x{064A}\\x{0627}\\x{0631}

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\000001.dbtmp

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:ASCII text
                                          Category:dropped
                                          Size (bytes):16
                                          Entropy (8bit):3.2743974703476995
                                          Encrypted:false
                                          SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                          MD5:46295CAC801E5D4857D09837238A6394
                                          SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                          SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                          SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                          Malicious:false
                                          Preview:MANIFEST-000001.

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\000003.log

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):209
                                          Entropy (8bit):1.8784775129881184
                                          Encrypted:false
                                          SSDEEP:3:FQxlXNQxlXNQxlXNQxlXNQxlXNQxlXNQxlXNQxlXNQxlXNQxlXNQxlX:qTCTCTCTCTCTCTCTCTCTCT
                                          MD5:478D49D9CCB25AC14589F834EA70FB9E
                                          SHA1:5D30E87D66E279F8815AFFE4C691AAF1D577A21E
                                          SHA-256:BB6CC6DF54CF476D95409032C79E065F4E10D512E73F7E16018E550456F753D5
                                          SHA-512:FB5431054A23D3C532568B1F150873D9130DBC4A88BE19BC2A4907D0DC2888C5B55993154EAD4A6C466E2173092B8705684A6802B850F051639E1F2457387471
                                          Malicious:false
                                          Preview:.f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5...............

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\CURRENT (copy)

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:ASCII text
                                          Category:dropped
                                          Size (bytes):16
                                          Entropy (8bit):3.2743974703476995
                                          Encrypted:false
                                          SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                          MD5:46295CAC801E5D4857D09837238A6394
                                          SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                          SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                          SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                          Malicious:false
                                          Preview:MANIFEST-000001.

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\LOG

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:ASCII text
                                          Category:dropped
                                          Size (bytes):281
                                          Entropy (8bit):5.1734398827394115
                                          Encrypted:false
                                          SSDEEP:6:PVRFFd1wkn23oH+Tcwt8aVdg2KLllVRFLfQL+q2Pwkn23oH+Tcwt8aPrqIFUv:PrgfYeb0LnW+vYfYebL3FUv
                                          MD5:3CB3D39B6ADAE066C38920DB0B06DF26
                                          SHA1:EECF3E3DD9792B48252A95ABA2AF87C7D0B3DB9E
                                          SHA-256:E8678DBD1CC7F080E485B3DD05E85147362FF2630BF51E4E3CF8C7C988883216
                                          SHA-512:0B6AA1EDC28B08701C7D03C55802E7888C8C1E2DAEADFB59EBF76CF758C1BDFD92E631AE0255806898E9A65BA96F211B3109EA790224015AF361D6FEDF8D286F
                                          Malicious:false
                                          Preview:2024/09/01-14:53:59.068 1cec Creating DB C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules since it was missing..2024/09/01-14:53:59.085 1cec Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules/MANIFEST-000001.

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\MANIFEST-000001

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:OpenPGP Secret Key
                                          Category:dropped
                                          Size (bytes):41
                                          Entropy (8bit):4.704993772857998
                                          Encrypted:false
                                          SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                          MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                          SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                          SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                          SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                          Malicious:false
                                          Preview:.|.."....leveldb.BytewiseComparator......

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\000001.dbtmp

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:ASCII text
                                          Category:dropped
                                          Size (bytes):16
                                          Entropy (8bit):3.2743974703476995
                                          Encrypted:false
                                          SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                          MD5:46295CAC801E5D4857D09837238A6394
                                          SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                          SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                          SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                          Malicious:false
                                          Preview:MANIFEST-000001.

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\000003.log

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):209
                                          Entropy (8bit):1.8784775129881184
                                          Encrypted:false
                                          SSDEEP:3:FQxlXNQxlXNQxlXNQxlXNQxlXNQxlXNQxlXNQxlXNQxlXNQxlXNQxlX:qTCTCTCTCTCTCTCTCTCTCT
                                          MD5:478D49D9CCB25AC14589F834EA70FB9E
                                          SHA1:5D30E87D66E279F8815AFFE4C691AAF1D577A21E
                                          SHA-256:BB6CC6DF54CF476D95409032C79E065F4E10D512E73F7E16018E550456F753D5
                                          SHA-512:FB5431054A23D3C532568B1F150873D9130DBC4A88BE19BC2A4907D0DC2888C5B55993154EAD4A6C466E2173092B8705684A6802B850F051639E1F2457387471
                                          Malicious:false
                                          Preview:.f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5...............

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\CURRENT (copy)

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:ASCII text
                                          Category:dropped
                                          Size (bytes):16
                                          Entropy (8bit):3.2743974703476995
                                          Encrypted:false
                                          SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                          MD5:46295CAC801E5D4857D09837238A6394
                                          SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                          SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                          SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                          Malicious:false
                                          Preview:MANIFEST-000001.

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\LOG

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:ASCII text
                                          Category:dropped
                                          Size (bytes):285
                                          Entropy (8bit):5.163840493664751
                                          Encrypted:false
                                          SSDEEP:6:PVRFL71wkn23oH+Tcwt86FB2KLllVRF+QL+q2Pwkn23oH+Tcwt865IFUv:PkfYeb/FFLn5+vYfYeb/WFUv
                                          MD5:6019F11E7C6F1968F8C184C3743DF3DE
                                          SHA1:77EB9680DF3A65AB824AAFF00D5C2B19258F36CB
                                          SHA-256:1D9508079F51AC3D64609F570C028BE41D7707C53801E0A07F4624BF20A80F31
                                          SHA-512:8C70BF846DCDD762DFD82C590439B0F9F9A61371B9318DBF314EF0E0F1C94959085AC3F4AB03E796A287E0D774EC8144ECD8B1634A90E1D65E37DEB41E76F391
                                          Malicious:false
                                          Preview:2024/09/01-14:53:59.086 1cec Creating DB C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts since it was missing..2024/09/01-14:53:59.170 1cec Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts/MANIFEST-000001.

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\MANIFEST-000001

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:OpenPGP Secret Key
                                          Category:dropped
                                          Size (bytes):41
                                          Entropy (8bit):4.704993772857998
                                          Encrypted:false
                                          SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                          MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                          SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                          SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                          SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                          Malicious:false
                                          Preview:.|.."....leveldb.BytewiseComparator......

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\000003.log

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):1197
                                          Entropy (8bit):1.8784775129881184
                                          Encrypted:false
                                          SSDEEP:12:qWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWW:
                                          MD5:A2A3B1383E3AAC2430F44FC7BF3E447E
                                          SHA1:B807210A1205126A107A5FE25F070D2879407AA4
                                          SHA-256:90685D4E050DA5B6E6F7A42A1EE21264A68F1734FD3BD4A0E044BB53791020A2
                                          SHA-512:396FAB9625A2FF396222DBC86A0E2CDE724C83F3130EE099F2872AED2F2F2ECE13B0853D635F589B70BD1B5E586C05A3231D68CAF9E46B6E2DAC105A10D0A1C8
                                          Malicious:false
                                          Preview:.f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5........

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:ASCII text
                                          Category:dropped
                                          Size (bytes):322
                                          Entropy (8bit):5.159473122078809
                                          Encrypted:false
                                          SSDEEP:6:PVRSN+q2Pwkn23oH+Tcwt8NIFUt82VR7Zmw+2VRLVkwOwkn23oH+Tcwt8+eLJ:Pe+vYfYebpFUt82v/+2vV5JfYebqJ
                                          MD5:7EAF8E3FFCC2365DAB3CB06AA5781BFE
                                          SHA1:C39B3013E9BD16540DB6C5F35881DB954A1BA1CF
                                          SHA-256:0494C0224FE1BB58C176ED8A1234D9811A2BA60D8E8AC035EC1A6D5190CD9DE6
                                          SHA-512:A5977A94DD534069ACA3B982A8E43D68FC183334F66CC3E7E7A7710591BB6DB5D0AEA1979B5B0217D33A5F1CC27EB045202C47EC685278211C65C59B95396805
                                          Malicious:false
                                          Preview:2024/09/01-14:54:00.117 1d7c Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State/MANIFEST-000001.2024/09/01-14:54:00.118 1d7c Recovering log #3.2024/09/01-14:54:00.118 1d7c Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State/000003.log .

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG.old (copy)

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:ASCII text
                                          Category:dropped
                                          Size (bytes):322
                                          Entropy (8bit):5.159473122078809
                                          Encrypted:false
                                          SSDEEP:6:PVRSN+q2Pwkn23oH+Tcwt8NIFUt82VR7Zmw+2VRLVkwOwkn23oH+Tcwt8+eLJ:Pe+vYfYebpFUt82v/+2vV5JfYebqJ
                                          MD5:7EAF8E3FFCC2365DAB3CB06AA5781BFE
                                          SHA1:C39B3013E9BD16540DB6C5F35881DB954A1BA1CF
                                          SHA-256:0494C0224FE1BB58C176ED8A1234D9811A2BA60D8E8AC035EC1A6D5190CD9DE6
                                          SHA-512:A5977A94DD534069ACA3B982A8E43D68FC183334F66CC3E7E7A7710591BB6DB5D0AEA1979B5B0217D33A5F1CC27EB045202C47EC685278211C65C59B95396805
                                          Malicious:false
                                          Preview:2024/09/01-14:54:00.117 1d7c Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State/MANIFEST-000001.2024/09/01-14:54:00.118 1d7c Recovering log #3.2024/09/01-14:54:00.118 1d7c Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State/000003.log .

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\ExtensionActivityComp

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 1, cookie 0x1, schema 4, UTF-8, version-valid-for 1
                                          Category:dropped
                                          Size (bytes):4096
                                          Entropy (8bit):0.3169096321222068
                                          Encrypted:false
                                          SSDEEP:3:lSWbNFl/sl+ltl4ltllOl83/XWEEabIDWzdWuAzTgdWj3FtFIU:l9bNFlEs1ok8fDEPDadUTgd81Z
                                          MD5:2554AD7847B0D04963FDAE908DB81074
                                          SHA1:F84ABD8D05D7B0DFB693485614ECF5204989B74A
                                          SHA-256:F6EF01E679B9096A7D8A0BD8151422543B51E65142119A9F3271F25F966E6C42
                                          SHA-512:13009172518387D77A67BBF86719527077BE9534D90CB06E7F34E1CCE7C40B49A185D892EE859A8BAFB69D5EBB6D667831A0FAFBA28AC1F44570C8B68F8C90A4
                                          Malicious:false
                                          Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\ExtensionActivityEdge

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 2, database pages 8, cookie 0x8, schema 4, UTF-8, version-valid-for 2
                                          Category:dropped
                                          Size (bytes):32768
                                          Entropy (8bit):0.40981274649195937
                                          Encrypted:false
                                          SSDEEP:24:TL1WK3iOvwxwwweePKmJIOAdQBVA/kjo/TJZwJ9OV3WOT/5eQQ:Tmm+/9ZW943WOT/
                                          MD5:1A7F642FD4F71A656BE75B26B2D9ED79
                                          SHA1:51BBF587FB0CCC2D726DDB95C96757CC2854CFAD
                                          SHA-256:B96B6DDC10C29496069E16089DB0AB6911D7C13B82791868D583897C6D317977
                                          SHA-512:FD14EADCF5F7AB271BE6D8EF682977D1A0B5199A142E4AB353614F2F96AE9B49A6F35A19CC237489F297141994A4A16B580F88FAC44486FCB22C05B2F1C3F7D1
                                          Malicious:false
                                          Preview:SQLite format 3......@ ..........................................................................j............M.....8...b..............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha\1.2.1_0\_metadata\computed_hashes.json

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:JSON data
                                          Category:dropped
                                          Size (bytes):429
                                          Entropy (8bit):5.809210454117189
                                          Encrypted:false
                                          SSDEEP:6:Y8U0vEjrAWT0VAUD9lpMXO4SrqiweVHUSENjrAWT0HQQ9/LZyVMQ3xqiweVHlrSQ:Y8U5j0pqCjJA7tNj0pHx/LZ4hcdQ
                                          MD5:5D1D9020CCEFD76CA661902E0C229087
                                          SHA1:DCF2AA4A1C626EC7FFD9ABD284D29B269D78FCB6
                                          SHA-256:B829B0DF7E3F2391BFBA70090EB4CE2BA6A978CCD665EEBF1073849BDD4B8FB9
                                          SHA-512:5F6E72720E64A7AC19F191F0179992745D5136D41DCDC13C5C3C2E35A71EB227570BD47C7B376658EF670B75929ABEEBD8EF470D1E24B595A11D320EC1479E3C
                                          Malicious:false
                                          Preview:{"file_hashes":[{"block_hashes":["OdZL4YFLwCTKbdslekC6/+U9KTtDUk+T+nnpVOeRzUc=","6RbL+qKART8FehO4s7U0u67iEI8/jaN+8Kg3kII+uy4=","CuN6+RcZAysZCfrzCZ8KdWDkQqyaIstSrcmsZ/c2MVs="],"block_size":4096,"path":"content.js"},{"block_hashes":["OdZL4YFLwCTKbdslekC6/+U9KTtDUk+T+nnpVOeRzUc=","UL53sQ5hOhAmII/Yx6muXikzahxM+k5gEmVOh7xJ3Rw=","u6MdmVNzBUfDzMwv2LEJ6pXR8k0nnvpYRwOL8aApwP8="],"block_size":4096,"path":"content_new.js"}],"version":2}

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Favicons

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 2, database pages 10, cookie 0x8, schema 4, UTF-8, version-valid-for 2
                                          Category:dropped
                                          Size (bytes):20480
                                          Entropy (8bit):2.449208864992026
                                          Encrypted:false
                                          SSDEEP:96:0BCyvkYxkGaelS9nsH4/Aztc+uuoKwxYxTlB:mNvkckGGsHXzC+Po1xcTlB
                                          MD5:E87D63FAC507665D2F9119A4CF6F5DB5
                                          SHA1:9F3EE4D2C7C846A839108202F4BF735B3CA45088
                                          SHA-256:E4C6F537317933C2B7D3859AED66D26D7AA8009F093D6ADD0E4D8A0008F4A31B
                                          SHA-512:645509E691B423415B2AB8DE0663E99DA3A69DC5048D85BD9E5FAAE3575E424C84ADE953CB078876E2451F8F09654971E1C9D23E0734AF4D0FBB8488F59F20EA
                                          Malicious:false
                                          Preview:SQLite format 3......@ ..........................................................................j..........g....._.c...~.2.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................s...;+...indexfavicon_bitmaps_icon_idfavico

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 39, 1st free page 10, free pages 4, cookie 0x45, schema 4, UTF-8, version-valid-for 4
                                          Category:dropped
                                          Size (bytes):159744
                                          Entropy (8bit):0.6470688580577816
                                          Encrypted:false
                                          SSDEEP:96:kYxbelY6U+bGzPDLjGQLBE3up+U0jBo4tgi3JMe9xJDECVjNCDlYxs:kcb+8+GPXBBE3upb0HtTTDxVjklcs
                                          MD5:C4466C1727B2192AB0D621C509D2C97A
                                          SHA1:0964C80F77FAFBFEA749CB9258648446EF6F89F8
                                          SHA-256:EBFD5D3E1D0D960CD27148A53897AFD22BD069C01185292C6263239D60BF4A4B
                                          SHA-512:92215A342C8452506FFA47854FDBCA73ED5549DC543D7987812898CA611C557943A517D4B3A9DA2E8767280D4975122F33BA676D3197C3AA0A1E43421EBC05A4
                                          Malicious:false
                                          Preview:SQLite format 3......@ .......'...........E......................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History-journal

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):8720
                                          Entropy (8bit):0.32872990409968056
                                          Encrypted:false
                                          SSDEEP:6:3A/J3+t76Y4QZZofU99pO0BY0qR4EZY4QZvGcD:QhHQws9LdKBQZGcD
                                          MD5:8E7C59FCAEAF6CC3E72509FC54C29EE4
                                          SHA1:7DA9BC18510D68EA2F8E0B2A2A49272BE8BFF70B
                                          SHA-256:514277E98A726319E2FFBD285D037A37121D048BE89B2387F19121FA13C87094
                                          SHA-512:BAD14896BA2A02F890A9270615B20C0EA48ED5006EF311C27F2D6269D847680BBC87678FCD12F7A8A34934D9CE213B1805AFA3173BED017BC91D307F6403C4D4
                                          Malicious:false
                                          Preview:...................'....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HubApps (copy)

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:ASCII text, with very long lines (1597), with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):115717
                                          Entropy (8bit):5.183660917461099
                                          Encrypted:false
                                          SSDEEP:1536:utDURN77GZqW3v6PD/469IxVBmB22q7LRks3swn0:utAaE2Jt0
                                          MD5:3D8183370B5E2A9D11D43EBEF474B305
                                          SHA1:155AB0A46E019E834FA556F3D818399BFF02162B
                                          SHA-256:6A30BADAD93601FC8987B8239D8907BCBE65E8F1993E4D045D91A77338A2A5B4
                                          SHA-512:B7AD04F10CD5DE147BDBBE2D642B18E9ECB2D39851BE1286FDC65FF83985EA30278C95263C98999B6D94683AE1DB86436877C30A40992ACA1743097A2526FE81
                                          Malicious:false
                                          Preview:{.. "current_locale": "en-GB",.. "hub_apps": [ {.. "auto_show": {.. "enabled": true,.. "fre_notification": {.. "enabled": true,.. "header": "Was opening this pane helpful to you?",.. "show_count": 2,.. "text": "Was opening this pane helpful to you?".. },.. "settings_description": "We'll automatically open Bing Chat in the sidebar to show you relevant web experiences alongside your web content",.. "settings_title": "Automatically open Bing Chat in the sidebar",.. "triggering_configs|flight:msHubAppsMsnArticleAutoShowTriggering": [ {.. "show_count_basis": "signal",.. "signal_name": "IsMsnArticleAutoOpenFromP1P2",.. "signal_threshold": 0.5.. } ],.. "triggering_configs|flight:msUndersidePersistentChat": [ {.. "signal_name": "IsUndersidePersistentChatLink",.. "signal_threshold": 0.5.. } ],.. "triggering_co

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HubApps Icons

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 5, database pages 11, cookie 0x3, schema 4, UTF-8, version-valid-for 5
                                          Category:dropped
                                          Size (bytes):45056
                                          Entropy (8bit):3.5485953180316674
                                          Encrypted:false
                                          SSDEEP:384:zj9P0VgQkQeracp773pLgP/KbtPgam6I6RKToaAQhf:zdmge2Np7WP/VKRKc09
                                          MD5:102E6F3975D085FEDE9B84506A4C869E
                                          SHA1:6A99F591027CFF0987E93F9013297682513F85BB
                                          SHA-256:813844A69F90CB04B728D8C31272DB31407D2F03C3599E9E31A9C6E06111C954
                                          SHA-512:087B6920A8993342D3D41E3202AD9433B5EA1FDEAE9797D1DD84D90AD36C6A5EB05D80BCF39DCB4E80B8AC7C73649D94C08BBA5780165F38E73F5AE1A73E71D0
                                          Malicious:false
                                          Preview:SQLite format 3......@ ..........................................................................j..........g...:.8....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold\LOG

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:ASCII text
                                          Category:dropped
                                          Size (bytes):406
                                          Entropy (8bit):5.260414744156972
                                          Encrypted:false
                                          SSDEEP:12:PTApvYfYeb8rcHEZrELFUt82TAi1/+2T25JfYeb8rcHEZrEZSJ:0VYfYeb8nZrExg8HiGJfYeb8nZrEZe
                                          MD5:234EC31BCBB7D571F0690C62B5987586
                                          SHA1:BAFF6ACB81B08501D6F3FE4948BB08ACF66D4435
                                          SHA-256:0C733BDEC6E94EA4AED15C89C35F5980994EDE8E7EE89112A87ADE31C0C2B43C
                                          SHA-512:CFB77B7E3C4EB0E104009783450A4ED23A631CA286A8D49A107FA5FDB6909705DB1E8C9C93B12057E77DA2BC54E09BEAB10B3D01563D6CE7480C320C86C06509
                                          Malicious:false
                                          Preview:2024/09/01-14:54:01.247 1ce8 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold/MANIFEST-000001.2024/09/01-14:54:01.247 1ce8 Recovering log #3.2024/09/01-14:54:01.248 1ce8 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold/000003.log .

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold\LOG.old (copy)

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:ASCII text
                                          Category:dropped
                                          Size (bytes):406
                                          Entropy (8bit):5.260414744156972
                                          Encrypted:false
                                          SSDEEP:12:PTApvYfYeb8rcHEZrELFUt82TAi1/+2T25JfYeb8rcHEZrEZSJ:0VYfYeb8nZrExg8HiGJfYeb8nZrEZe
                                          MD5:234EC31BCBB7D571F0690C62B5987586
                                          SHA1:BAFF6ACB81B08501D6F3FE4948BB08ACF66D4435
                                          SHA-256:0C733BDEC6E94EA4AED15C89C35F5980994EDE8E7EE89112A87ADE31C0C2B43C
                                          SHA-512:CFB77B7E3C4EB0E104009783450A4ED23A631CA286A8D49A107FA5FDB6909705DB1E8C9C93B12057E77DA2BC54E09BEAB10B3D01563D6CE7480C320C86C06509
                                          Malicious:false
                                          Preview:2024/09/01-14:54:01.247 1ce8 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold/MANIFEST-000001.2024/09/01-14:54:01.247 1ce8 Recovering log #3.2024/09/01-14:54:01.248 1ce8 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold/000003.log .

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:ASCII text
                                          Category:dropped
                                          Size (bytes):334
                                          Entropy (8bit):5.168007144740425
                                          Encrypted:false
                                          SSDEEP:6:PVRFV6M+q2Pwkn23oH+Tcwt8a2jMGIFUt82VRFVXMZmw+2VRFVeMVkwOwkn23oHr:Pbn+vYfYeb8EFUt82bXM/+2bTV5JfYek
                                          MD5:46475E3F8DD7CD1F9E335E331CFC0C11
                                          SHA1:ED0F8E2930A7977D09B6404F9BDE7CC63CC9435E
                                          SHA-256:8313D8117455CB7AD2EDA32E7EF3674E4B9837A7CEBF82F43E590B133C19B954
                                          SHA-512:2D52FA94E66A74FB35F80A977108E389CFFA50672A900B4C424EAF5273682FFF85BB369FF57D5E6CD2743198A50A430016FF0DC57619610071160BE089144C9D
                                          Malicious:false
                                          Preview:2024/09/01-14:53:59.602 1e1c Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb/MANIFEST-000001.2024/09/01-14:53:59.603 1e1c Recovering log #3.2024/09/01-14:53:59.606 1e1c Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb/000003.log .

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG.old (copy)

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:ASCII text
                                          Category:dropped
                                          Size (bytes):334
                                          Entropy (8bit):5.168007144740425
                                          Encrypted:false
                                          SSDEEP:6:PVRFV6M+q2Pwkn23oH+Tcwt8a2jMGIFUt82VRFVXMZmw+2VRFVeMVkwOwkn23oHr:Pbn+vYfYeb8EFUt82bXM/+2bTV5JfYek
                                          MD5:46475E3F8DD7CD1F9E335E331CFC0C11
                                          SHA1:ED0F8E2930A7977D09B6404F9BDE7CC63CC9435E
                                          SHA-256:8313D8117455CB7AD2EDA32E7EF3674E4B9837A7CEBF82F43E590B133C19B954
                                          SHA-512:2D52FA94E66A74FB35F80A977108E389CFFA50672A900B4C424EAF5273682FFF85BB369FF57D5E6CD2743198A50A430016FF0DC57619610071160BE089144C9D
                                          Malicious:false
                                          Preview:2024/09/01-14:53:59.602 1e1c Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb/MANIFEST-000001.2024/09/01-14:53:59.603 1e1c Recovering log #3.2024/09/01-14:53:59.606 1e1c Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb/000003.log .

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 2, database pages 28, cookie 0x1d, schema 4, UTF-8, version-valid-for 2
                                          Category:dropped
                                          Size (bytes):57344
                                          Entropy (8bit):0.863060653641558
                                          Encrypted:false
                                          SSDEEP:96:u7/KLPeymOT7ynlm+yKwt7izhGnvgbn8MouB6wznP:u74CnlmVizhGE7IwD
                                          MD5:C681C90B3AAD7F7E4AF8664DE16971DF
                                          SHA1:9F72588CEA6569261291B19E06043A1EFC3653BC
                                          SHA-256:ADB987BF641B2531991B8DE5B10244C3FE1ACFA7AD7A61A65D2E2D8E7AB34C1D
                                          SHA-512:4696BF334961E4C9757BAC40C41B4FBE3E0B9F821BD242CE6967B347053787BE54D1270D7166745126AFA42E8193AC2E695B0D8F11DE8F0B2876628B7C128942
                                          Malicious:false
                                          Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network Action Predictor

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 11, cookie 0x6, schema 4, UTF-8, version-valid-for 3
                                          Category:dropped
                                          Size (bytes):45056
                                          Entropy (8bit):0.40293591932113104
                                          Encrypted:false
                                          SSDEEP:24:TLVgTjDk5Yk8k+/kCkzD3zzbLGfIzLihje90xq/WMFFfeFzfXVVlYWOT/CUFSe:Tmo9n+8dv/qALihje9kqL42WOT/9F
                                          MD5:ADC0CFB8A1A20DE2C4AB738B413CBEA4
                                          SHA1:238EF489E5FDC6EBB36F09D415FB353350E7097B
                                          SHA-256:7C071E36A64FB1881258712C9880F155D9CBAC693BADCC391A1CB110C257CC37
                                          SHA-512:38C8B7293B8F7BEF03299BAFB981EEEE309945B1BDE26ACDAD6FDD63247C21CA04D493A1DDAFC3B9A1904EFED998E9C7C0C8E98506FD4AC0AB252DFF34566B66
                                          Malicious:false
                                          Preview:SQLite format 3......@ ..........................................................................j.......=......\.t.+.>...,...=........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\272e0c42-3f46-4fe7-8a85-900df68999fd.tmp

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:JSON data
                                          Category:dropped
                                          Size (bytes):355
                                          Entropy (8bit):5.479672487026934
                                          Encrypted:false
                                          SSDEEP:6:YWyWN1iL50xHA9vh8wXwlmUUAnIMp5sXQc4wbTBv31dB8wXwlmUUAnIMp54c1CVw:YWyX5Sg9vt+UAnIQc4wbTR7N+UAnIS1J
                                          MD5:8179DC0343274E958CC9AFBEE22FF327
                                          SHA1:47C66756E6172677DEBE70D7492C1192A96B5C96
                                          SHA-256:3575E908918AD9EA82D9058A7FF841A40AB80D7B59878F2BE8C16DF7718AC43D
                                          SHA-512:BA3CCFEF4C0C49BC0A5D71809A1C90A4CFD35AEAB1486DAF4A551F47889F943FB184B2336770A2F8B6487CE000C8D2BAA928FA2BD9A6381AD654162A1205C42D
                                          Malicious:false
                                          Preview:{"sts":[{"expiry":1727869700.805692,"host":"dUymlFcJcEIuWrPNRCRXYtREHxXDHdPfT47kO1IQnQ0=","mode":"force-https","sts_include_subdomains":true,"sts_observed":1696333700.805702},{"expiry":1756752849.684647,"host":"8/RrMmQlCD2Gsp14wUCE1P8r7B2C5+yE0+g79IPyRsc=","mode":"force-https","sts_include_subdomains":true,"sts_observed":1725216849.684652}],"version":2}

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\6266b573-be7f-4880-b141-4ac5b8a88fc8.tmp

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:JSON data
                                          Category:dropped
                                          Size (bytes):40
                                          Entropy (8bit):4.1275671571169275
                                          Encrypted:false
                                          SSDEEP:3:Y2ktGMxkAXWMSN:Y2xFMSN
                                          MD5:20D4B8FA017A12A108C87F540836E250
                                          SHA1:1AC617FAC131262B6D3CE1F52F5907E31D5F6F00
                                          SHA-256:6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
                                          SHA-512:507B2B8A8A168FF8F2BDAFA5D9D341C44501A5F17D9F63F3D43BD586BC9E8AE33221887869FA86F845B7D067CB7D2A7009EFD71DDA36E03A40A74FEE04B86856
                                          Malicious:false
                                          Preview:{"SDCH":{"dictionaries":{},"version":2}}

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\644a078f-d1ef-4569-a03e-8944dec91ca4.tmp

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:JSON data
                                          Category:dropped
                                          Size (bytes):2
                                          Entropy (8bit):1.0
                                          Encrypted:false
                                          SSDEEP:3:H:H
                                          MD5:D751713988987E9331980363E24189CE
                                          SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                          SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                          SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                          Malicious:false
                                          Preview:[]

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\83625de1-c8a3-43d2-8a1c-23a41273cfa4.tmp

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:JSON data
                                          Category:dropped
                                          Size (bytes):2271
                                          Entropy (8bit):5.26361170979044
                                          Encrypted:false
                                          SSDEEP:48:YXsD8stfcdsugsLrsCgnsi+HFsJYs5+Hhes+CxbZ:bRSTjG4OZ4GA1
                                          MD5:DF6EE6637834AD5C4E65DD440E383705
                                          SHA1:955A06C46EFF5F244EA35881236DEEA5353BB4EF
                                          SHA-256:3F5DC4C845E67E8EDC84C5A2C8B3455D25B76F6FBE41A014D18343B765375B64
                                          SHA-512:167AD8CD29C1CF133AA9F5EB521F86FC9C55C031D199F7CB09C89CA1351450C7F93BF7D2652EEE243AAD172C5E071910436212AF9DB6C78F7E4AB00EAE631ECF
                                          Malicious:false
                                          Preview:{"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13372282442077773","port":443,"protocol_str":"quic"}],"anonymization":["GAAAABIAAABodHRwczovL2dvb2dsZS5jb20AAA==",false],"server":"https://clients2.google.com"},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13372282443404754","port":443,"protocol_str":"quic"}],"anonymization":["JAAAAB0AAABodHRwczovL2dvb2dsZXVzZXJjb250ZW50LmNvbQAAAA==",false],"server":"https://clients2.googleusercontent.com"},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13372282445059128","port":443,"protocol_str":"quic"}],"anonymization":["GAAAABIAAABodHRwczovL2dvb2dsZS5jb20AAA==",false],"server":"https://fonts.gstatic.com"},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13372282448962103","port":443,"protocol_str":"quic"}],"anonymization":["GAAAABIAAABodHRwczovL2dvb2dsZS5jb20AAA==",false],"server":"https://www.google.com"},{"alternative_service":[{"adver

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\970a7702-a2e8-437c-bb7d-66a07ffd4b7c.tmp

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:JSON data
                                          Category:dropped
                                          Size (bytes):2
                                          Entropy (8bit):1.0
                                          Encrypted:false
                                          SSDEEP:3:H:H
                                          MD5:D751713988987E9331980363E24189CE
                                          SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                          SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                          SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                          Malicious:false
                                          Preview:[]

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 9, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 9
                                          Category:dropped
                                          Size (bytes):20480
                                          Entropy (8bit):1.0854389847352905
                                          Encrypted:false
                                          SSDEEP:48:T2dKLopF+SawLUO1Xj8BrdakkNxonoALEU/VvOFyPr:ige+AuyQnFr
                                          MD5:96FA752FB97F16424DABD8E1B114D48C
                                          SHA1:B08A753A146D0E586E16576D710F52A36BC21732
                                          SHA-256:4C4F7FCA5A12B20976C5B87E6DFAAF890E7D9B628EE37D7F15F1A1389DAA606C
                                          SHA-512:8D945A4BE1738A914DB4A5A3D7B4E3E56239C8ABCCCFF9CE27D9CB10E5A62FEEC3F09D23F457F23CDA972BCA27113FAD9A2CCA62895483EB51485B705B687D24
                                          Malicious:false
                                          Preview:SQLite format 3......@ ..........................................................................j...$......g..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:JSON data
                                          Category:dropped
                                          Size (bytes):61
                                          Entropy (8bit):3.926136109079379
                                          Encrypted:false
                                          SSDEEP:3:YLb9N+eAXRfHDH2LSL:YHpoeSL
                                          MD5:4DF4574BFBB7E0B0BC56C2C9B12B6C47
                                          SHA1:81EFCBD3E3DA8221444A21F45305AF6FA4B71907
                                          SHA-256:E1B77550222C2451772C958E44026ABE518A2C8766862F331765788DDD196377
                                          SHA-512:78B14F60F2D80400FE50360CF303A961685396B7697775D078825A29B717081442D357C2039AD0984D4B622976B0314EDE8F478CDE320DAEC118DA546CB0682A
                                          Malicious:false
                                          Preview:{"net":{"http_server_properties":{"servers":[],"version":5}}}

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State~RF2cf0e.TMP (copy)

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:JSON data
                                          Category:dropped
                                          Size (bytes):61
                                          Entropy (8bit):3.926136109079379
                                          Encrypted:false
                                          SSDEEP:3:YLb9N+eAXRfHDH2LSL:YHpoeSL
                                          MD5:4DF4574BFBB7E0B0BC56C2C9B12B6C47
                                          SHA1:81EFCBD3E3DA8221444A21F45305AF6FA4B71907
                                          SHA-256:E1B77550222C2451772C958E44026ABE518A2C8766862F331765788DDD196377
                                          SHA-512:78B14F60F2D80400FE50360CF303A961685396B7697775D078825A29B717081442D357C2039AD0984D4B622976B0314EDE8F478CDE320DAEC118DA546CB0682A
                                          Malicious:false
                                          Preview:{"net":{"http_server_properties":{"servers":[],"version":5}}}

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State~RF3b96e.TMP (copy)

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:JSON data
                                          Category:dropped
                                          Size (bytes):61
                                          Entropy (8bit):3.926136109079379
                                          Encrypted:false
                                          SSDEEP:3:YLb9N+eAXRfHDH2LSL:YHpoeSL
                                          MD5:4DF4574BFBB7E0B0BC56C2C9B12B6C47
                                          SHA1:81EFCBD3E3DA8221444A21F45305AF6FA4B71907
                                          SHA-256:E1B77550222C2451772C958E44026ABE518A2C8766862F331765788DDD196377
                                          SHA-512:78B14F60F2D80400FE50360CF303A961685396B7697775D078825A29B717081442D357C2039AD0984D4B622976B0314EDE8F478CDE320DAEC118DA546CB0682A
                                          Malicious:false
                                          Preview:{"net":{"http_server_properties":{"servers":[],"version":5}}}

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Reporting and NEL

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 6, database pages 9, cookie 0x4, schema 4, UTF-8, version-valid-for 6
                                          Category:dropped
                                          Size (bytes):36864
                                          Entropy (8bit):1.3311768035680147
                                          Encrypted:false
                                          SSDEEP:96:uIEumQv8m1ccnvS6MWDo2dQF2YQ9UZg19sRVkI:uIEumQv8m1ccnvS6a282rUZgfgd
                                          MD5:8E0F2AEE4AFA3CDDE4538502E8FDE9BB
                                          SHA1:D7F4B8F655316CC3556F30B86189B0C5AF43D050
                                          SHA-256:616BE422EDF945EBAEA3D542B8D9DFECAEE3657BAA33EFC44084ECAE556CFFF6
                                          SHA-512:76D615D48AA8034F4B1CB826C5EF1B9BBE4DF602B3893875594D43033393C59605207FA59C50572CC94995A4CC63ADE635AE2ADAF207D92142B7B2647280BE8F
                                          Malicious:false
                                          Preview:SQLite format 3......@ ..........................................................................j..........g...D.........7............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports (copy)

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:JSON data
                                          Category:dropped
                                          Size (bytes):2
                                          Entropy (8bit):1.0
                                          Encrypted:false
                                          SSDEEP:3:H:H
                                          MD5:D751713988987E9331980363E24189CE
                                          SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                          SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                          SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                          Malicious:false
                                          Preview:[]

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports~RF2a9e2.TMP (copy)

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:JSON data
                                          Category:dropped
                                          Size (bytes):2
                                          Entropy (8bit):1.0
                                          Encrypted:false
                                          SSDEEP:3:H:H
                                          MD5:D751713988987E9331980363E24189CE
                                          SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                          SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                          SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                          Malicious:false
                                          Preview:[]

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports~RF2bea3.TMP (copy)

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:JSON data
                                          Category:dropped
                                          Size (bytes):2
                                          Entropy (8bit):1.0
                                          Encrypted:false
                                          SSDEEP:3:H:H
                                          MD5:D751713988987E9331980363E24189CE
                                          SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                          SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                          SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                          Malicious:false
                                          Preview:[]

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries (copy)

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:JSON data
                                          Category:dropped
                                          Size (bytes):40
                                          Entropy (8bit):4.1275671571169275
                                          Encrypted:false
                                          SSDEEP:3:Y2ktGMxkAXWMSN:Y2xFMSN
                                          MD5:20D4B8FA017A12A108C87F540836E250
                                          SHA1:1AC617FAC131262B6D3CE1F52F5907E31D5F6F00
                                          SHA-256:6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
                                          SHA-512:507B2B8A8A168FF8F2BDAFA5D9D341C44501A5F17D9F63F3D43BD586BC9E8AE33221887869FA86F845B7D067CB7D2A7009EFD71DDA36E03A40A74FEE04B86856
                                          Malicious:false
                                          Preview:{"SDCH":{"dictionaries":{},"version":2}}

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:JSON data
                                          Category:dropped
                                          Size (bytes):203
                                          Entropy (8bit):5.4042796420747425
                                          Encrypted:false
                                          SSDEEP:6:YAQN1iL50xHA9vh8wXwlmUUAnIMp5sXX2SQ:Y45Sg9vt+UAnIXZQ
                                          MD5:24D66E5F1B8C76C76511DA68057CDE5E
                                          SHA1:70225FEC1AE3FEF8D8A767D9EA0B0E108BF8F10D
                                          SHA-256:D5CB3A4A104E2EC4F13E8B4CDF3BD469E0AB638713928BEA1EAEAF03998B794C
                                          SHA-512:1CA093B4BB4E0B3EE0B791AD0E6B39AC9640CEB6ED005BD10A10B4AF904858F4898D86D26B60B625CDA9425FF317C6B9FE0DF2E12C897A52720AF775B19491AA
                                          Malicious:false
                                          Preview:{"expect_ct":[],"sts":[{"expiry":1727869700.805692,"host":"dUymlFcJcEIuWrPNRCRXYtREHxXDHdPfT47kO1IQnQ0=","mode":"force-https","sts_include_subdomains":true,"sts_observed":1696333700.805702}],"version":2}

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity~RF2c9be.TMP (copy)

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:JSON data
                                          Category:dropped
                                          Size (bytes):203
                                          Entropy (8bit):5.4042796420747425
                                          Encrypted:false
                                          SSDEEP:6:YAQN1iL50xHA9vh8wXwlmUUAnIMp5sXX2SQ:Y45Sg9vt+UAnIXZQ
                                          MD5:24D66E5F1B8C76C76511DA68057CDE5E
                                          SHA1:70225FEC1AE3FEF8D8A767D9EA0B0E108BF8F10D
                                          SHA-256:D5CB3A4A104E2EC4F13E8B4CDF3BD469E0AB638713928BEA1EAEAF03998B794C
                                          SHA-512:1CA093B4BB4E0B3EE0B791AD0E6B39AC9640CEB6ED005BD10A10B4AF904858F4898D86D26B60B625CDA9425FF317C6B9FE0DF2E12C897A52720AF775B19491AA
                                          Malicious:false
                                          Preview:{"expect_ct":[],"sts":[{"expiry":1727869700.805692,"host":"dUymlFcJcEIuWrPNRCRXYtREHxXDHdPfT47kO1IQnQ0=","mode":"force-https","sts_include_subdomains":true,"sts_observed":1696333700.805702}],"version":2}

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity~RF3d003.TMP (copy)

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:JSON data
                                          Category:dropped
                                          Size (bytes):203
                                          Entropy (8bit):5.4042796420747425
                                          Encrypted:false
                                          SSDEEP:6:YAQN1iL50xHA9vh8wXwlmUUAnIMp5sXX2SQ:Y45Sg9vt+UAnIXZQ
                                          MD5:24D66E5F1B8C76C76511DA68057CDE5E
                                          SHA1:70225FEC1AE3FEF8D8A767D9EA0B0E108BF8F10D
                                          SHA-256:D5CB3A4A104E2EC4F13E8B4CDF3BD469E0AB638713928BEA1EAEAF03998B794C
                                          SHA-512:1CA093B4BB4E0B3EE0B791AD0E6B39AC9640CEB6ED005BD10A10B4AF904858F4898D86D26B60B625CDA9425FF317C6B9FE0DF2E12C897A52720AF775B19491AA
                                          Malicious:false
                                          Preview:{"expect_ct":[],"sts":[{"expiry":1727869700.805692,"host":"dUymlFcJcEIuWrPNRCRXYtREHxXDHdPfT47kO1IQnQ0=","mode":"force-https","sts_include_subdomains":true,"sts_observed":1696333700.805702}],"version":2}

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Trust Tokens

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 9, cookie 0x6, schema 4, UTF-8, version-valid-for 3
                                          Category:dropped
                                          Size (bytes):36864
                                          Entropy (8bit):0.36515621748816035
                                          Encrypted:false
                                          SSDEEP:24:TLH3lIIAoDJ84l5lDlnDMlRlyKDtM6UwccWfp15fBIe:Tb31DtX5nDOvyKDhU1cSB
                                          MD5:25363ADC3C9D98BAD1A33D0792405CBF
                                          SHA1:D06E343087D86EF1A06F7479D81B26C90A60B5C3
                                          SHA-256:6E019B8B9E389216D5BDF1F2FE63F41EF98E71DA101F2A6BE04F41CC5954532D
                                          SHA-512:CF7EEE35D0E00945AF221BEC531E8BF06C08880DA00BD103FA561BC069D7C6F955CBA3C1C152A4884601E5A670B7487D39B4AE9A4D554ED8C14F129A74E555F7
                                          Malicious:false
                                          Preview:SQLite format 3......@ ..........................................................................j.......X..g...}.....$.X..............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\c01d80a6-9e85-46c1-a552-82a8e7ddc5a1.tmp

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:JSON data
                                          Category:dropped
                                          Size (bytes):111
                                          Entropy (8bit):4.718418993774295
                                          Encrypted:false
                                          SSDEEP:3:YLb9N+eAXRfHDH2LS7PMVKJq0nMb1KKtiVY:YHpoeS7PMVKJTnMRK3VY
                                          MD5:285252A2F6327D41EAB203DC2F402C67
                                          SHA1:ACEDB7BA5FBC3CE914A8BF386A6F72CA7BAA33C6
                                          SHA-256:5DFC321417FC31359F23320EA68014EBFD793C5BBED55F77DAB4180BBD4A2026
                                          SHA-512:11CE7CB484FEE66894E63C31DB0D6B7EF66AD0327D4E7E2EB85F3BCC2E836A3A522C68D681E84542E471E54F765E091EFE1EE4065641B0299B15613EB32DCC0D
                                          Malicious:false
                                          Preview:{"net":{"http_server_properties":{"servers":[],"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\e2d17422-16ce-4afd-aee3-dbc5a833fa37.tmp

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:JSON data
                                          Category:dropped
                                          Size (bytes):355
                                          Entropy (8bit):5.459772443174138
                                          Encrypted:false
                                          SSDEEP:6:YWyWN1iL50xHA9vh8wXwlmUUAnIMp5sXQcDuN7TBv31dB8wXwlmUUAnIMp54QhSQ:YWyX5Sg9vt+UAnIQca1TR7N+UAnIisQ
                                          MD5:AD5D974C2C0EBF8187A4F54AC5870468
                                          SHA1:42844AC52F96D98FB185400CC96D3DE476115D3A
                                          SHA-256:0B8A547C813440B109CCF786DAC613B110902513E97BF4F81C10A8B663A11A77
                                          SHA-512:D6324EE6E34424C1947874D66C20C19C5A43221D3BB0CABA23C492271F9F6CB9C8CB8E12605CE9A3123EA317B293BA0259B671A45840FF41757081AF5613C43F
                                          Malicious:false
                                          Preview:{"sts":[{"expiry":1727869700.805692,"host":"dUymlFcJcEIuWrPNRCRXYtREHxXDHdPfT47kO1IQnQ0=","mode":"force-https","sts_include_subdomains":true,"sts_observed":1696333700.805702},{"expiry":1756752910.182675,"host":"8/RrMmQlCD2Gsp14wUCE1P8r7B2C5+yE0+g79IPyRsc=","mode":"force-https","sts_include_subdomains":true,"sts_observed":1725216910.182681}],"version":2}

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\f84f3ec3-ba11-4701-80e5-db433c200462.tmp

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:JSON data
                                          Category:dropped
                                          Size (bytes):2
                                          Entropy (8bit):1.0
                                          Encrypted:false
                                          SSDEEP:3:H:H
                                          MD5:D751713988987E9331980363E24189CE
                                          SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                          SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                          SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                          Malicious:false
                                          Preview:[]

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Nurturing\campaign_history

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 2, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 2
                                          Category:dropped
                                          Size (bytes):20480
                                          Entropy (8bit):0.5744102022039023
                                          Encrypted:false
                                          SSDEEP:12:TL1QAFUxOUDaabZXiDiIF8izX4fhhdWeci2oesJaYi3isCHIrdNG7fdjxHIXOFSY:TLiOUOq0afDdWec9sJKG7zo7J5fc
                                          MD5:8B7CCBAE5FB8F1D3FDB331AED0833FB0
                                          SHA1:7924CE8D7CF818F1132F1C8A047FBEEF13F18877
                                          SHA-256:8029C4EAA75734867C5970AB41422A7F551EBFDF65E152C09F8A4038B17080C8
                                          SHA-512:23B07F98E037ECC9BAAB37EA93264503B936CA180F4873D19944D186F3529926CBDC7A0962E7A51EADC8CEB2CA85D94BFC3C431D0068B8320C45BF24C0DDB163
                                          Malicious:false
                                          Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences (copy)

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:JSON data
                                          Category:dropped
                                          Size (bytes):12269
                                          Entropy (8bit):5.072470776687661
                                          Encrypted:false
                                          SSDEEP:192:sVYJ9pQTryZigaba4uyRJfdyaYa388Ipj+FVGQAlLA1f:sVYLA3umJfdyDpU8Q4K
                                          MD5:7A3184E2530C9511D9E8A6D74F71D85B
                                          SHA1:BF16AC23CA289810D283EB7BF9A90C742F6454AB
                                          SHA-256:CC1D5F8A1F4CB0A0F3BD42C4F56552D307C528DF6348946CAB77CF018EF0771B
                                          SHA-512:D79B3AEA7ACDD0F82BA83DD09422D5BCC7FB12B54DEB2354F9574F2A7D96B7B92153B6FD85F289DA0598EE9548EC1F35685EDD2BE8A190A495CE66CCB75E6644
                                          Malicious:false
                                          Preview:{"aadc_info":{"age_group":0},"account_id_migration_state":2,"account_tracker_service_last_update":"13369690439798544","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117794":{"last_path":""},"380c71d3-10bf-4a5d-9a06-c932e4b7d1d8":{"last_path":""},"3a2f4dee-d482-4ef8-baef-cb22b649608c":{"last_path":""},"3b5ee6f6-5322-4061-81e4-d976818

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF2e2f3.TMP (copy)

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:JSON data
                                          Category:dropped
                                          Size (bytes):12269
                                          Entropy (8bit):5.072470776687661
                                          Encrypted:false
                                          SSDEEP:192:sVYJ9pQTryZigaba4uyRJfdyaYa388Ipj+FVGQAlLA1f:sVYLA3umJfdyDpU8Q4K
                                          MD5:7A3184E2530C9511D9E8A6D74F71D85B
                                          SHA1:BF16AC23CA289810D283EB7BF9A90C742F6454AB
                                          SHA-256:CC1D5F8A1F4CB0A0F3BD42C4F56552D307C528DF6348946CAB77CF018EF0771B
                                          SHA-512:D79B3AEA7ACDD0F82BA83DD09422D5BCC7FB12B54DEB2354F9574F2A7D96B7B92153B6FD85F289DA0598EE9548EC1F35685EDD2BE8A190A495CE66CCB75E6644
                                          Malicious:false
                                          Preview:{"aadc_info":{"age_group":0},"account_id_migration_state":2,"account_tracker_service_last_update":"13369690439798544","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117794":{"last_path":""},"380c71d3-10bf-4a5d-9a06-c932e4b7d1d8":{"last_path":""},"3a2f4dee-d482-4ef8-baef-cb22b649608c":{"last_path":""},"3b5ee6f6-5322-4061-81e4-d976818

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF316f4.TMP (copy)

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:JSON data
                                          Category:dropped
                                          Size (bytes):12269
                                          Entropy (8bit):5.072470776687661
                                          Encrypted:false
                                          SSDEEP:192:sVYJ9pQTryZigaba4uyRJfdyaYa388Ipj+FVGQAlLA1f:sVYLA3umJfdyDpU8Q4K
                                          MD5:7A3184E2530C9511D9E8A6D74F71D85B
                                          SHA1:BF16AC23CA289810D283EB7BF9A90C742F6454AB
                                          SHA-256:CC1D5F8A1F4CB0A0F3BD42C4F56552D307C528DF6348946CAB77CF018EF0771B
                                          SHA-512:D79B3AEA7ACDD0F82BA83DD09422D5BCC7FB12B54DEB2354F9574F2A7D96B7B92153B6FD85F289DA0598EE9548EC1F35685EDD2BE8A190A495CE66CCB75E6644
                                          Malicious:false
                                          Preview:{"aadc_info":{"age_group":0},"account_id_migration_state":2,"account_tracker_service_last_update":"13369690439798544","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117794":{"last_path":""},"380c71d3-10bf-4a5d-9a06-c932e4b7d1d8":{"last_path":""},"3a2f4dee-d482-4ef8-baef-cb22b649608c":{"last_path":""},"3b5ee6f6-5322-4061-81e4-d976818

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF3569d.TMP (copy)

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:JSON data
                                          Category:dropped
                                          Size (bytes):12269
                                          Entropy (8bit):5.072470776687661
                                          Encrypted:false
                                          SSDEEP:192:sVYJ9pQTryZigaba4uyRJfdyaYa388Ipj+FVGQAlLA1f:sVYLA3umJfdyDpU8Q4K
                                          MD5:7A3184E2530C9511D9E8A6D74F71D85B
                                          SHA1:BF16AC23CA289810D283EB7BF9A90C742F6454AB
                                          SHA-256:CC1D5F8A1F4CB0A0F3BD42C4F56552D307C528DF6348946CAB77CF018EF0771B
                                          SHA-512:D79B3AEA7ACDD0F82BA83DD09422D5BCC7FB12B54DEB2354F9574F2A7D96B7B92153B6FD85F289DA0598EE9548EC1F35685EDD2BE8A190A495CE66CCB75E6644
                                          Malicious:false
                                          Preview:{"aadc_info":{"age_group":0},"account_id_migration_state":2,"account_tracker_service_last_update":"13369690439798544","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117794":{"last_path":""},"380c71d3-10bf-4a5d-9a06-c932e4b7d1d8":{"last_path":""},"3a2f4dee-d482-4ef8-baef-cb22b649608c":{"last_path":""},"3b5ee6f6-5322-4061-81e4-d976818

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF3a44f.TMP (copy)

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:JSON data
                                          Category:dropped
                                          Size (bytes):12269
                                          Entropy (8bit):5.072470776687661
                                          Encrypted:false
                                          SSDEEP:192:sVYJ9pQTryZigaba4uyRJfdyaYa388Ipj+FVGQAlLA1f:sVYLA3umJfdyDpU8Q4K
                                          MD5:7A3184E2530C9511D9E8A6D74F71D85B
                                          SHA1:BF16AC23CA289810D283EB7BF9A90C742F6454AB
                                          SHA-256:CC1D5F8A1F4CB0A0F3BD42C4F56552D307C528DF6348946CAB77CF018EF0771B
                                          SHA-512:D79B3AEA7ACDD0F82BA83DD09422D5BCC7FB12B54DEB2354F9574F2A7D96B7B92153B6FD85F289DA0598EE9548EC1F35685EDD2BE8A190A495CE66CCB75E6644
                                          Malicious:false
                                          Preview:{"aadc_info":{"age_group":0},"account_id_migration_state":2,"account_tracker_service_last_update":"13369690439798544","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117794":{"last_path":""},"380c71d3-10bf-4a5d-9a06-c932e4b7d1d8":{"last_path":""},"3a2f4dee-d482-4ef8-baef-cb22b649608c":{"last_path":""},"3b5ee6f6-5322-4061-81e4-d976818

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\PreferredApps

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:JSON data
                                          Category:dropped
                                          Size (bytes):33
                                          Entropy (8bit):4.051821770808046
                                          Encrypted:false
                                          SSDEEP:3:YVXADAEvTLSJ:Y9AcEvHSJ
                                          MD5:2B432FEF211C69C745ACA86DE4F8E4AB
                                          SHA1:4B92DA8D4C0188CF2409500ADCD2200444A82FCC
                                          SHA-256:42B55D126D1E640B1ED7A6BDCB9A46C81DF461FA7E131F4F8C7108C2C61C14DE
                                          SHA-512:948502DE4DC89A7E9D2E1660451FCD0F44FD3816072924A44F145D821D0363233CC92A377DBA3A0A9F849E3C17B1893070025C369C8120083A622D025FE1EACF
                                          Malicious:false
                                          Preview:{"preferred_apps":[],"version":1}

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences (copy)

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:JSON data
                                          Category:dropped
                                          Size (bytes):34462
                                          Entropy (8bit):5.558682880007441
                                          Encrypted:false
                                          SSDEEP:768:mHVug+YsWPWcfzc8F1+UoAYDCx9Tuqh0VfUC9xbog/OVelevfrwgPcDdKpTtuP:mH4DYsWPWcfzcu1jan8vsgP2utQ
                                          MD5:4643D7CD3259C1BEBE877B5AA526CA0F
                                          SHA1:25EB2096F49C3270C22648FB42FC30BCC5F5A2FF
                                          SHA-256:A9B3F9CEEB44A4AA26446A95970A4BFE0B4163EE29872BDAB0FA2BD474CBD6C7
                                          SHA-512:9EF7F97AE7BDC52AFF7CF27272EC5742716BE1A81788BA9F31D72A5A12C15206A8039785C5489DB67F840DE9A33684FC71609ABF6C08990E09E25CC836A2CB33
                                          Malicious:false
                                          Preview:{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13369690439063975","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13369690439063975","location":5,"ma

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences~RF2e68d.TMP (copy)

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:JSON data
                                          Category:dropped
                                          Size (bytes):34462
                                          Entropy (8bit):5.558682880007441
                                          Encrypted:false
                                          SSDEEP:768:mHVug+YsWPWcfzc8F1+UoAYDCx9Tuqh0VfUC9xbog/OVelevfrwgPcDdKpTtuP:mH4DYsWPWcfzcu1jan8vsgP2utQ
                                          MD5:4643D7CD3259C1BEBE877B5AA526CA0F
                                          SHA1:25EB2096F49C3270C22648FB42FC30BCC5F5A2FF
                                          SHA-256:A9B3F9CEEB44A4AA26446A95970A4BFE0B4163EE29872BDAB0FA2BD474CBD6C7
                                          SHA-512:9EF7F97AE7BDC52AFF7CF27272EC5742716BE1A81788BA9F31D72A5A12C15206A8039785C5489DB67F840DE9A33684FC71609ABF6C08990E09E25CC836A2CB33
                                          Malicious:false
                                          Preview:{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13369690439063975","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13369690439063975","location":5,"ma

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences~RF3130c.TMP (copy)

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:JSON data
                                          Category:dropped
                                          Size (bytes):34462
                                          Entropy (8bit):5.558682880007441
                                          Encrypted:false
                                          SSDEEP:768:mHVug+YsWPWcfzc8F1+UoAYDCx9Tuqh0VfUC9xbog/OVelevfrwgPcDdKpTtuP:mH4DYsWPWcfzcu1jan8vsgP2utQ
                                          MD5:4643D7CD3259C1BEBE877B5AA526CA0F
                                          SHA1:25EB2096F49C3270C22648FB42FC30BCC5F5A2FF
                                          SHA-256:A9B3F9CEEB44A4AA26446A95970A4BFE0B4163EE29872BDAB0FA2BD474CBD6C7
                                          SHA-512:9EF7F97AE7BDC52AFF7CF27272EC5742716BE1A81788BA9F31D72A5A12C15206A8039785C5489DB67F840DE9A33684FC71609ABF6C08990E09E25CC836A2CB33
                                          Malicious:false
                                          Preview:{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13369690439063975","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13369690439063975","location":5,"ma

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):364
                                          Entropy (8bit):4.044102215537306
                                          Encrypted:false
                                          SSDEEP:6:S85aEFljljljljljljl5laDxiR1HJw+CA5EEE:S+a8ljljljljljljl5UmS+CA
                                          MD5:8142FB29C1B4B4AEA0EC43FAB9FEA05C
                                          SHA1:85AD4016A3E3832B0B1852CAF92AE070B10A471C
                                          SHA-256:37E75D0A120015A70280432CC71557F50254B745B8D10AB8E2BED9633DBF5429
                                          SHA-512:68684F1C0E3558BAE823582BAE5934B5FDB086266087685D8AFCF0A4367452A8862EA14C6CFA9C7D993DC60FAF2CF609366DD6BD9F9CD43557C7AB00776D3EC5
                                          Malicious:false
                                          Preview:*...#................version.1..namespace-..&f.................&f.................&f.................&f.................&f.................&f.................&f...............|T].j................next-map-id.1.Knamespace-04ebb774_e5c2_41a9_8acc_3103545cfb6c-https://accounts.google.com/.0V.e................V.e................V.e................V.e................

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:ASCII text
                                          Category:dropped
                                          Size (bytes):322
                                          Entropy (8bit):5.078009125741538
                                          Encrypted:false
                                          SSDEEP:6:PVREASM+q2Pwkn23oH+TcwtrQMxIFUt82VRJXZmw+2VRYFqpMVkwOwkn23oH+TcM:PZ+vYfYebCFUt82Z/+2csiV5JfYebtJ
                                          MD5:171ACE644FA10B0F96D0E328F569F4E6
                                          SHA1:62E759A5232200DCFE1CBDCEC0EE1A5F0AE6C794
                                          SHA-256:876D93CF302C2BC408CEE5175E6191F235EDB3788CE7040FB87AA732928DFFC6
                                          SHA-512:411DCB3CADE10C93C13AEB50689D2C1B1C421857FF9FEF2C5F98B16E156339DFD1FC3A27851913244B4E7ED3BA66383340F650A8F731CE83CC72906FD42BD641
                                          Malicious:false
                                          Preview:2024/09/01-14:54:00.320 1e1c Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage/MANIFEST-000001.2024/09/01-14:54:00.324 1e1c Recovering log #3.2024/09/01-14:54:00.394 1e1c Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage/000003.log .

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG.old (copy)

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:ASCII text
                                          Category:dropped
                                          Size (bytes):322
                                          Entropy (8bit):5.078009125741538
                                          Encrypted:false
                                          SSDEEP:6:PVREASM+q2Pwkn23oH+TcwtrQMxIFUt82VRJXZmw+2VRYFqpMVkwOwkn23oH+TcM:PZ+vYfYebCFUt82Z/+2csiV5JfYebtJ
                                          MD5:171ACE644FA10B0F96D0E328F569F4E6
                                          SHA1:62E759A5232200DCFE1CBDCEC0EE1A5F0AE6C794
                                          SHA-256:876D93CF302C2BC408CEE5175E6191F235EDB3788CE7040FB87AA732928DFFC6
                                          SHA-512:411DCB3CADE10C93C13AEB50689D2C1B1C421857FF9FEF2C5F98B16E156339DFD1FC3A27851913244B4E7ED3BA66383340F650A8F731CE83CC72906FD42BD641
                                          Malicious:false
                                          Preview:2024/09/01-14:54:00.320 1e1c Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage/MANIFEST-000001.2024/09/01-14:54:00.324 1e1c Recovering log #3.2024/09/01-14:54:00.394 1e1c Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage/000003.log .

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Session_13369690441613360

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):9664
                                          Entropy (8bit):4.172658989553179
                                          Encrypted:false
                                          SSDEEP:192:3xQBcq3P9d6KcI3P9d2c1cf3P9d2cOek93P9d:hja9d6RI9dtyH9dta9d
                                          MD5:244599326355E76F485DE093FB78A10E
                                          SHA1:7F8AE8618DA1D88D57AB853493662AF1B815AC0D
                                          SHA-256:28EEAB425F034CCF37AB5C5871659086019DD4C3AA30D6279333F58B4EB74F4B
                                          SHA-512:DE5D2F3FF157754BCB0FF348B04C2F4996F1BBC9F50E4752EE372E5DCA9B1FF699E3F731BEB3BCC6929C02AC62CF87810C79485F6FBC239C8056F975D184BD3E
                                          Malicious:false
                                          Preview:SNSS.......c.gh...........c.gh......"c.gh...........c.gh.......c.gh.......d.gh.......d.gh....!..d.gh...............................c.ghd.gh1..,...d.gh$...04ebb774_e5c2_41a9_8acc_3103545cfb6c...c.gh.......d.gh....y..........c.gh...c.gh.......................c.gh....................5..0...c.gh&...{1A5CCF63-1000-409F-B5C1-AFEC7F75D4D9}.....c.gh..........c.gh.......................d.gh...........d.gh....>...https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Faccounts.google.com%2Fv3%2Fsignin%2Fchallenge%2Fpwd&ifkv=Ab5oB3rJHCbJV_NSp_S3-hvKTMHGAL53kIzGn2y8JthonKJ7z-IQbCxR4NSfO9WhOoMtG-NgDwHGXw&service=accountsettings&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S2097825590%3A1725216843534836&ddm=0..............!........................................................................................................f.Y.!...f.Y.!..P.......h...............`...........................................................>...h.t.t.p.s.:././.a.c.c.o.u.n.t.s...g.o.o.g.l.e...c.o.m

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Shortcuts

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 1
                                          Category:dropped
                                          Size (bytes):20480
                                          Entropy (8bit):0.44194574462308833
                                          Encrypted:false
                                          SSDEEP:12:TLiNCcUMskMVcIWGhWxBzEXx7AAQlvsdFxOUwa5qgufTJpbZ75fOS:TLisVMnYPhIY5Qlvsd6UwccNp15fB
                                          MD5:B35F740AA7FFEA282E525838EABFE0A6
                                          SHA1:A67822C17670CCE0BA72D3E9C8DA0CE755A3421A
                                          SHA-256:5D599596D116802BAD422497CF68BE59EEB7A9135E3ED1C6BEACC48F73827161
                                          SHA-512:05C0D33516B2C1AB6928FB34957AD3E03CB0A8B7EEC0FD627DD263589655A16DEA79100B6CC29095C3660C95FD2AFB2E4DD023F0597BD586DD664769CABB67F8
                                          Malicious:false
                                          Preview:SQLite format 3......@ ..........................................................................j..........g....."....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:ASCII text
                                          Category:dropped
                                          Size (bytes):350
                                          Entropy (8bit):5.145322192203902
                                          Encrypted:false
                                          SSDEEP:6:PVRFEu1L+q2Pwkn23oH+Tcwt7Uh2ghZIFUt82VRFEuj1Zmw+2VRFkLVkwOwkn23k:P6/vYfYebIhHh2FUt826M1/+2q5JfYeQ
                                          MD5:A18DFA363F8FD92486B8BC813D520AF2
                                          SHA1:F561018D656DCB0C6E8BCAE6AB32AAAAA85CBA3E
                                          SHA-256:DD87AB8E64D21C60CBAD46D1499421376DE369532A7F3B28A4737D419377B359
                                          SHA-512:04ACB4A0531857C37A480FEF3CF56294BAD143AB601904B3F5DD06A0198CCCB1FF5A8EB7CB70B20367141882A3781C4D300C45E46D1ACC83E33E32A06A6B8C08
                                          Malicious:false
                                          Preview:2024/09/01-14:53:59.104 1ce8 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database/MANIFEST-000001.2024/09/01-14:53:59.104 1ce8 Recovering log #3.2024/09/01-14:53:59.105 1ce8 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database/000003.log .

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG.old (copy)

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:ASCII text
                                          Category:dropped
                                          Size (bytes):350
                                          Entropy (8bit):5.145322192203902
                                          Encrypted:false
                                          SSDEEP:6:PVRFEu1L+q2Pwkn23oH+Tcwt7Uh2ghZIFUt82VRFEuj1Zmw+2VRFkLVkwOwkn23k:P6/vYfYebIhHh2FUt826M1/+2q5JfYeQ
                                          MD5:A18DFA363F8FD92486B8BC813D520AF2
                                          SHA1:F561018D656DCB0C6E8BCAE6AB32AAAAA85CBA3E
                                          SHA-256:DD87AB8E64D21C60CBAD46D1499421376DE369532A7F3B28A4737D419377B359
                                          SHA-512:04ACB4A0531857C37A480FEF3CF56294BAD143AB601904B3F5DD06A0198CCCB1FF5A8EB7CB70B20367141882A3781C4D300C45E46D1ACC83E33E32A06A6B8C08
                                          Malicious:false
                                          Preview:2024/09/01-14:53:59.104 1ce8 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database/MANIFEST-000001.2024/09/01-14:53:59.104 1ce8 Recovering log #3.2024/09/01-14:53:59.105 1ce8 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database/000003.log .

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Cache\Cache_Data\data_0

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:FoxPro FPT, blocks size 512, next free block index 3284796609, field type 0
                                          Category:dropped
                                          Size (bytes):8192
                                          Entropy (8bit):0.01057775872642915
                                          Encrypted:false
                                          SSDEEP:3:MsFl:/F
                                          MD5:CF89D16BB9107C631DAABF0C0EE58EFB
                                          SHA1:3AE5D3A7CF1F94A56E42F9A58D90A0B9616AE74B
                                          SHA-256:D6A5FE39CD672781B256E0E3102F7022635F1D4BB7CFCC90A80FFFE4D0F3877E
                                          SHA-512:8CB5B059C8105EB91E74A7D5952437AAA1ADA89763C5843E7B0F1B93D9EBE15ED40F287C652229291FAC02D712CF7FF5ECECEF276BA0D7DDC35558A3EC3F77B0
                                          Malicious:false
                                          Preview:............$...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Cache\Cache_Data\data_1

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):270336
                                          Entropy (8bit):8.280239615765425E-4
                                          Encrypted:false
                                          SSDEEP:3:MsEllllkEthXllkl2:/M/xT02
                                          MD5:D0D388F3865D0523E451D6BA0BE34CC4
                                          SHA1:8571C6A52AACC2747C048E3419E5657B74612995
                                          SHA-256:902F30C1FB0597D0734BC34B979EC5D131F8F39A4B71B338083821216EC8D61B
                                          SHA-512:376011D00DE659EB6082A74E862CFAC97A9BB508E0B740761505142E2D24EC1C30AA61EFBC1C0DD08FF0F34734444DE7F77DD90A6CA42B48A4C7FAD5F0BDDD17
                                          Malicious:false
                                          Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Cache\Cache_Data\data_2

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):8192
                                          Entropy (8bit):0.011852361981932763
                                          Encrypted:false
                                          SSDEEP:3:MsHlDll:/H
                                          MD5:0962291D6D367570BEE5454721C17E11
                                          SHA1:59D10A893EF321A706A9255176761366115BEDCB
                                          SHA-256:EC1702806F4CC7C42A82FC2B38E89835FDE7C64BB32060E0823C9077CA92EFB7
                                          SHA-512:F555E961B69E09628EAF9C61F465871E6984CD4D31014F954BB747351DAD9CEA6D17C1DB4BCA2C1EB7F187CB5F3C0518748C339C8B43BBD1DBD94AEAA16F58ED
                                          Malicious:false
                                          Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Cache\Cache_Data\data_3

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):8192
                                          Entropy (8bit):0.012340643231932763
                                          Encrypted:false
                                          SSDEEP:3:MsGl3ll:/y
                                          MD5:41876349CB12D6DB992F1309F22DF3F0
                                          SHA1:5CF26B3420FC0302CD0A71E8D029739B8765BE27
                                          SHA-256:E09F42C398D688DCE168570291F1F92D079987DEDA3099A34ADB9E8C0522B30C
                                          SHA-512:E9A4FC1F7CB6AE2901F8E02354A92C4AAA7A53C640DCF692DB42A27A5ACC2A3BFB25A0DE0EB08AB53983132016E7D43132EA4292E439BB636AAFD53FB6EF907E
                                          Malicious:false
                                          Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Cache\Cache_Data\index

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:FoxPro FPT, blocks size 768, next free block index 3284796353, field type 0
                                          Category:dropped
                                          Size (bytes):524656
                                          Entropy (8bit):4.989325630401085E-4
                                          Encrypted:false
                                          SSDEEP:3:Lsulrl:Ls
                                          MD5:BF1328CEED1CC87F2381DF3B9CB4DBDF
                                          SHA1:1E52E915A6787AB72092552B799E9AEC5ECD7CA1
                                          SHA-256:9B28AE5A576167DC0AA150D3B53A137986A4D5C9F734A5AB390CB08B57915BF3
                                          SHA-512:9C9EE0976246AB3D83A7B9ECEA1CFB5010EEE895525AB35742C3FC4B602798E6B94BB35DC798EE0A941E10DB4A7BEEE3B1649A44A70A7FC740D9000C40E6CA7E
                                          Malicious:false
                                          Preview:.........................................}.../.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\DawnCache\data_0

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:FoxPro FPT, blocks size 512, next free block index 3284796609, field type 0
                                          Category:dropped
                                          Size (bytes):8192
                                          Entropy (8bit):0.01057775872642915
                                          Encrypted:false
                                          SSDEEP:3:MsFl:/F
                                          MD5:CF89D16BB9107C631DAABF0C0EE58EFB
                                          SHA1:3AE5D3A7CF1F94A56E42F9A58D90A0B9616AE74B
                                          SHA-256:D6A5FE39CD672781B256E0E3102F7022635F1D4BB7CFCC90A80FFFE4D0F3877E
                                          SHA-512:8CB5B059C8105EB91E74A7D5952437AAA1ADA89763C5843E7B0F1B93D9EBE15ED40F287C652229291FAC02D712CF7FF5ECECEF276BA0D7DDC35558A3EC3F77B0
                                          Malicious:false
                                          Preview:............$...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\DawnCache\data_1

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):270336
                                          Entropy (8bit):0.0012471779557650352
                                          Encrypted:false
                                          SSDEEP:3:MsEllllkEthXllkl2zE:/M/xT02z
                                          MD5:F50F89A0A91564D0B8A211F8921AA7DE
                                          SHA1:112403A17DD69D5B9018B8CEDE023CB3B54EAB7D
                                          SHA-256:B1E963D702392FB7224786E7D56D43973E9B9EFD1B89C17814D7C558FFC0CDEC
                                          SHA-512:BF8CDA48CF1EC4E73F0DD1D4FA5562AF1836120214EDB74957430CD3E4A2783E801FA3F4ED2AFB375257CAEED4ABE958265237D6E0AACF35A9EDE7A2E8898D58
                                          Malicious:false
                                          Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\DawnCache\data_2

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):8192
                                          Entropy (8bit):0.011852361981932763
                                          Encrypted:false
                                          SSDEEP:3:MsHlDll:/H
                                          MD5:0962291D6D367570BEE5454721C17E11
                                          SHA1:59D10A893EF321A706A9255176761366115BEDCB
                                          SHA-256:EC1702806F4CC7C42A82FC2B38E89835FDE7C64BB32060E0823C9077CA92EFB7
                                          SHA-512:F555E961B69E09628EAF9C61F465871E6984CD4D31014F954BB747351DAD9CEA6D17C1DB4BCA2C1EB7F187CB5F3C0518748C339C8B43BBD1DBD94AEAA16F58ED
                                          Malicious:false
                                          Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\DawnCache\data_3

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):8192
                                          Entropy (8bit):0.012340643231932763
                                          Encrypted:false
                                          SSDEEP:3:MsGl3ll:/y
                                          MD5:41876349CB12D6DB992F1309F22DF3F0
                                          SHA1:5CF26B3420FC0302CD0A71E8D029739B8765BE27
                                          SHA-256:E09F42C398D688DCE168570291F1F92D079987DEDA3099A34ADB9E8C0522B30C
                                          SHA-512:E9A4FC1F7CB6AE2901F8E02354A92C4AAA7A53C640DCF692DB42A27A5ACC2A3BFB25A0DE0EB08AB53983132016E7D43132EA4292E439BB636AAFD53FB6EF907E
                                          Malicious:false
                                          Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\DawnCache\index

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:FoxPro FPT, blocks size 768, next free block index 3284796353, field type 0
                                          Category:dropped
                                          Size (bytes):262512
                                          Entropy (8bit):9.553120663130604E-4
                                          Encrypted:false
                                          SSDEEP:3:LsNlfel:Ls3f
                                          MD5:1E5A84F74FC46A62375B9B659B6BF8C8
                                          SHA1:27F5E217337AC73F4B27E919B5525BBFD7E40CBD
                                          SHA-256:006DA50B106D8A57C8A14DC928462289F541C1D3CC4F919EE826E58E44C741C1
                                          SHA-512:C8F5281A71C7ECB66B3ED2DF59A01DAAFD7BC502881AE03DD2EDC198B77CACAD5EE58E9324BE0C55CD0B61DD25F239E7605DA8F1BCE1D5B2DA4F8089044BD785
                                          Malicious:false
                                          Preview:........................................a.{.../.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\GPUCache\data_1

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):270336
                                          Entropy (8bit):0.0012471779557650352
                                          Encrypted:false
                                          SSDEEP:3:MsEllllkEthXllkl2zE:/M/xT02z
                                          MD5:F50F89A0A91564D0B8A211F8921AA7DE
                                          SHA1:112403A17DD69D5B9018B8CEDE023CB3B54EAB7D
                                          SHA-256:B1E963D702392FB7224786E7D56D43973E9B9EFD1B89C17814D7C558FFC0CDEC
                                          SHA-512:BF8CDA48CF1EC4E73F0DD1D4FA5562AF1836120214EDB74957430CD3E4A2783E801FA3F4ED2AFB375257CAEED4ABE958265237D6E0AACF35A9EDE7A2E8898D58
                                          Malicious:false
                                          Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb\LOG

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:ASCII text
                                          Category:dropped
                                          Size (bytes):432
                                          Entropy (8bit):5.2247746816030665
                                          Encrypted:false
                                          SSDEEP:12:PnSQ+vYfYebvqBQFUt82eg/+2tAQV5JfYebvqBvJ:0YfYebvZg8UVJfYebvk
                                          MD5:3AD49136C5AFEC6DCB50DB6323B1A8EA
                                          SHA1:852EA2E49EC91D94470900CA4E000F5AC5C4EED2
                                          SHA-256:637892DADA0A6167F9FB47930F875BC765249E6FB88B2BF5768F7F1590667459
                                          SHA-512:D9325B898CDCDF84082DD832D5E66B6783608C5933A0F22806343BB4080A0320A22E16DCD7085803CF0B30F129927186950AF2476311F690542256083C3877AF
                                          Malicious:false
                                          Preview:2024/09/01-14:54:00.327 1e4c Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb/MANIFEST-000001.2024/09/01-14:54:00.486 1e4c Recovering log #3.2024/09/01-14:54:00.491 1e4c Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb/000003.log .

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb\LOG.old (copy)

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:ASCII text
                                          Category:dropped
                                          Size (bytes):432
                                          Entropy (8bit):5.2247746816030665
                                          Encrypted:false
                                          SSDEEP:12:PnSQ+vYfYebvqBQFUt82eg/+2tAQV5JfYebvqBvJ:0YfYebvZg8UVJfYebvk
                                          MD5:3AD49136C5AFEC6DCB50DB6323B1A8EA
                                          SHA1:852EA2E49EC91D94470900CA4E000F5AC5C4EED2
                                          SHA-256:637892DADA0A6167F9FB47930F875BC765249E6FB88B2BF5768F7F1590667459
                                          SHA-512:D9325B898CDCDF84082DD832D5E66B6783608C5933A0F22806343BB4080A0320A22E16DCD7085803CF0B30F129927186950AF2476311F690542256083C3877AF
                                          Malicious:false
                                          Preview:2024/09/01-14:54:00.327 1e4c Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb/MANIFEST-000001.2024/09/01-14:54:00.486 1e4c Recovering log #3.2024/09/01-14:54:00.491 1e4c Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb/000003.log .

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\1ffccc63-ca69-4a73-afde-8184f507e6bf.tmp

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:JSON data
                                          Category:dropped
                                          Size (bytes):2
                                          Entropy (8bit):1.0
                                          Encrypted:false
                                          SSDEEP:3:H:H
                                          MD5:D751713988987E9331980363E24189CE
                                          SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                          SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                          SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                          Malicious:false
                                          Preview:[]

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\35e6f141-002f-431b-bff4-4e91ea188b00.tmp

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:JSON data
                                          Category:dropped
                                          Size (bytes):40
                                          Entropy (8bit):4.1275671571169275
                                          Encrypted:false
                                          SSDEEP:3:Y2ktGMxkAXWMSN:Y2xFMSN
                                          MD5:20D4B8FA017A12A108C87F540836E250
                                          SHA1:1AC617FAC131262B6D3CE1F52F5907E31D5F6F00
                                          SHA-256:6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
                                          SHA-512:507B2B8A8A168FF8F2BDAFA5D9D341C44501A5F17D9F63F3D43BD586BC9E8AE33221887869FA86F845B7D067CB7D2A7009EFD71DDA36E03A40A74FEE04B86856
                                          Malicious:false
                                          Preview:{"SDCH":{"dictionaries":{},"version":2}}

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Network Persistent State

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:JSON data
                                          Category:dropped
                                          Size (bytes):193
                                          Entropy (8bit):4.864047146590611
                                          Encrypted:false
                                          SSDEEP:6:YHpoueH2a9a1o3/QBR70S7PMVKJTnMRK3VY:YH/u2caq3QH7E4T3y
                                          MD5:18D8AE83268DD3A59C64AAD659CF2FD3
                                          SHA1:018C9736438D095A67B1C9953082F671C2FDB681
                                          SHA-256:D659029D35ADEBB7918AF32FFF3202C63D8047043A8BDF329B2A97751CF95056
                                          SHA-512:BB0962F930E9844E8C0E9CD209C07F46259E4C7677D5443B7AEE90DCF7B7E8F9960C5E3FCB8A83B9BB40862FBE0442C547083A9FD421D86674B88B2BEBBEB2FB
                                          Malicious:false
                                          Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Network Persistent State~RF3c0a1.TMP (copy)

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:JSON data
                                          Category:dropped
                                          Size (bytes):193
                                          Entropy (8bit):4.864047146590611
                                          Encrypted:false
                                          SSDEEP:6:YHpoueH2a9a1o3/QBR70S7PMVKJTnMRK3VY:YH/u2caq3QH7E4T3y
                                          MD5:18D8AE83268DD3A59C64AAD659CF2FD3
                                          SHA1:018C9736438D095A67B1C9953082F671C2FDB681
                                          SHA-256:D659029D35ADEBB7918AF32FFF3202C63D8047043A8BDF329B2A97751CF95056
                                          SHA-512:BB0962F930E9844E8C0E9CD209C07F46259E4C7677D5443B7AEE90DCF7B7E8F9960C5E3FCB8A83B9BB40862FBE0442C547083A9FD421D86674B88B2BEBBEB2FB
                                          Malicious:false
                                          Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Reporting and NEL

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:SQLite 3.x database, last written using SQLite version 3035005, file counter 4, database pages 9, cookie 0x4, schema 4, UTF-8, version-valid-for 4
                                          Category:dropped
                                          Size (bytes):36864
                                          Entropy (8bit):0.555790634850688
                                          Encrypted:false
                                          SSDEEP:48:TsIopKWurJNVr1GJmA8pv82pfurJNVrdHXuccaurJN2VrJ1n4n1GmzNGU1cSB:QIEumQv8m1ccnvS6
                                          MD5:0247E46DE79B6CD1BF08CAF7782F7793
                                          SHA1:B3A63ED5BE3D8EC6E3949FC5E2D21D97ACC873A6
                                          SHA-256:AAD0053186875205E014AB98AE8C18A6233CB715DD3AF44E7E8EB259AEAB5EEA
                                          SHA-512:148804598D2A9EA182BD2ADC71663D481F88683CE3D672CE12A43E53B0D34FD70458BE5AAA781B20833E963804E7F4562855F2D18F7731B7C2EAEA5D6D52FBB6
                                          Malicious:false
                                          Preview:SQLite format 3......@ ..........................................................................O}.........g...D.........7............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\SCT Auditing Pending Reports (copy)

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:JSON data
                                          Category:dropped
                                          Size (bytes):2
                                          Entropy (8bit):1.0
                                          Encrypted:false
                                          SSDEEP:3:H:H
                                          MD5:D751713988987E9331980363E24189CE
                                          SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                          SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                          SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                          Malicious:false
                                          Preview:[]

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\SCT Auditing Pending Reports~RF2bea3.TMP (copy)

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:JSON data
                                          Category:dropped
                                          Size (bytes):2
                                          Entropy (8bit):1.0
                                          Encrypted:false
                                          SSDEEP:3:H:H
                                          MD5:D751713988987E9331980363E24189CE
                                          SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                          SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                          SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                          Malicious:false
                                          Preview:[]

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Sdch Dictionaries (copy)

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:JSON data
                                          Category:dropped
                                          Size (bytes):40
                                          Entropy (8bit):4.1275671571169275
                                          Encrypted:false
                                          SSDEEP:3:Y2ktGMxkAXWMSN:Y2xFMSN
                                          MD5:20D4B8FA017A12A108C87F540836E250
                                          SHA1:1AC617FAC131262B6D3CE1F52F5907E31D5F6F00
                                          SHA-256:6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
                                          SHA-512:507B2B8A8A168FF8F2BDAFA5D9D341C44501A5F17D9F63F3D43BD586BC9E8AE33221887869FA86F845B7D067CB7D2A7009EFD71DDA36E03A40A74FEE04B86856
                                          Malicious:false
                                          Preview:{"SDCH":{"dictionaries":{},"version":2}}

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Trust Tokens

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 9, cookie 0x6, schema 4, UTF-8, version-valid-for 3
                                          Category:dropped
                                          Size (bytes):36864
                                          Entropy (8bit):0.36515621748816035
                                          Encrypted:false
                                          SSDEEP:24:TLH3lIIAoDJ84l5lDlnDMlRlyKDtM6UwccWfp15fBIe:Tb31DtX5nDOvyKDhU1cSB
                                          MD5:25363ADC3C9D98BAD1A33D0792405CBF
                                          SHA1:D06E343087D86EF1A06F7479D81B26C90A60B5C3
                                          SHA-256:6E019B8B9E389216D5BDF1F2FE63F41EF98E71DA101F2A6BE04F41CC5954532D
                                          SHA-512:CF7EEE35D0E00945AF221BEC531E8BF06C08880DA00BD103FA561BC069D7C6F955CBA3C1C152A4884601E5A670B7487D39B4AE9A4D554ED8C14F129A74E555F7
                                          Malicious:false
                                          Preview:SQLite format 3......@ ..........................................................................j.......X..g...}.....$.X..............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\e89551d9-d3ba-4529-a888-a5dbb9c803bf.tmp

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:JSON data
                                          Category:dropped
                                          Size (bytes):111
                                          Entropy (8bit):4.718418993774295
                                          Encrypted:false
                                          SSDEEP:3:YLb9N+eAXRfHDH2LS7PMVKJq0nMb1KKtiVY:YHpoeS7PMVKJTnMRK3VY
                                          MD5:285252A2F6327D41EAB203DC2F402C67
                                          SHA1:ACEDB7BA5FBC3CE914A8BF386A6F72CA7BAA33C6
                                          SHA-256:5DFC321417FC31359F23320EA68014EBFD793C5BBED55F77DAB4180BBD4A2026
                                          SHA-512:11CE7CB484FEE66894E63C31DB0D6B7EF66AD0327D4E7E2EB85F3BCC2E836A3A522C68D681E84542E471E54F765E091EFE1EE4065641B0299B15613EB32DCC0D
                                          Malicious:false
                                          Preview:{"net":{"http_server_properties":{"servers":[],"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\ea950c69-ba4e-4581-a1bb-1b213b330294.tmp

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:JSON data
                                          Category:dropped
                                          Size (bytes):2
                                          Entropy (8bit):1.0
                                          Encrypted:false
                                          SSDEEP:3:H:H
                                          MD5:D751713988987E9331980363E24189CE
                                          SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                          SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                          SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                          Malicious:false
                                          Preview:[]

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\000003.log

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):80
                                          Entropy (8bit):3.4921535629071894
                                          Encrypted:false
                                          SSDEEP:3:S8ltHlS+QUl1ASEGhTFljl:S85aEFljl
                                          MD5:69449520FD9C139C534E2970342C6BD8
                                          SHA1:230FE369A09DEF748F8CC23AD70FD19ED8D1B885
                                          SHA-256:3F2E9648DFDB2DDB8E9D607E8802FEF05AFA447E17733DD3FD6D933E7CA49277
                                          SHA-512:EA34C39AEA13B281A6067DE20AD0CDA84135E70C97DB3CDD59E25E6536B19F7781E5FC0CA4A11C3618D43FC3BD3FBC120DD5C1C47821A248B8AD351F9F4E6367
                                          Malicious:false
                                          Preview:*...#................version.1..namespace-..&f.................&f...............

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\LOG

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:ASCII text
                                          Category:dropped
                                          Size (bytes):420
                                          Entropy (8bit):5.234210329342111
                                          Encrypted:false
                                          SSDEEP:12:P6N+vYfYebvqBZFUt82S//+2olV5JfYebvqBaJ:NYfYebvyg8aJfYebvL
                                          MD5:B4CAF2A03715D4E697066E4881A89FC5
                                          SHA1:00262FA19D65EEAD2342E6A05072B8E83F5B22D3
                                          SHA-256:297387588165CB8630DBD58851925115EB39DDCA39C90CC00CD45E43D7B4D1AD
                                          SHA-512:C06E283102DCDE34A600F3F6199859C567B78CBF462A3081108B88762027D42C79635D3BE848DB7096B691F6904500C82C7CF394874591D492893981ACA94EFD
                                          Malicious:false
                                          Preview:2024/09/01-14:54:16.065 1e1c Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage/MANIFEST-000001.2024/09/01-14:54:16.067 1e1c Recovering log #3.2024/09/01-14:54:16.070 1e1c Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage/000003.log .

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\LOG.old (copy)

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:ASCII text
                                          Category:dropped
                                          Size (bytes):420
                                          Entropy (8bit):5.234210329342111
                                          Encrypted:false
                                          SSDEEP:12:P6N+vYfYebvqBZFUt82S//+2olV5JfYebvqBaJ:NYfYebvyg8aJfYebvL
                                          MD5:B4CAF2A03715D4E697066E4881A89FC5
                                          SHA1:00262FA19D65EEAD2342E6A05072B8E83F5B22D3
                                          SHA-256:297387588165CB8630DBD58851925115EB39DDCA39C90CC00CD45E43D7B4D1AD
                                          SHA-512:C06E283102DCDE34A600F3F6199859C567B78CBF462A3081108B88762027D42C79635D3BE848DB7096B691F6904500C82C7CF394874591D492893981ACA94EFD
                                          Malicious:false
                                          Preview:2024/09/01-14:54:16.065 1e1c Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage/MANIFEST-000001.2024/09/01-14:54:16.067 1e1c Recovering log #3.2024/09/01-14:54:16.070 1e1c Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage/000003.log .

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:ASCII text
                                          Category:dropped
                                          Size (bytes):326
                                          Entropy (8bit):5.22252563813912
                                          Encrypted:false
                                          SSDEEP:6:PVRFF1SQL+q2Pwkn23oH+TcwtpIFUt82VRFF1SGKWZmw+2VRFFquQLVkwOwkn23j:Pr13+vYfYebmFUt82r11KW/+2r+V5JfT
                                          MD5:4C0DAB730F40C265D9F6F16757F2A7A5
                                          SHA1:79002513E9C38A5F1FEEBB81C73B21BCD36BB0CD
                                          SHA-256:0D6C23952F047A40AF82B7EF3FEAC20F30F8106F68AF2079854B9DCD674A9D79
                                          SHA-512:50D0465B72143B719B800A2306AC9ACEEEFCC1743C72715E68045A304322ADA1E68F60796941FA776A1714D16E987D9E297F9CD04F0E2B84443859FA1478A3B0
                                          Malicious:false
                                          Preview:2024/09/01-14:53:59.066 1cec Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB/MANIFEST-000001.2024/09/01-14:53:59.066 1cec Recovering log #3.2024/09/01-14:53:59.067 1cec Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB/000003.log .

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG.old (copy)

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:ASCII text
                                          Category:dropped
                                          Size (bytes):326
                                          Entropy (8bit):5.22252563813912
                                          Encrypted:false
                                          SSDEEP:6:PVRFF1SQL+q2Pwkn23oH+TcwtpIFUt82VRFF1SGKWZmw+2VRFFquQLVkwOwkn23j:Pr13+vYfYebmFUt82r11KW/+2r+V5JfT
                                          MD5:4C0DAB730F40C265D9F6F16757F2A7A5
                                          SHA1:79002513E9C38A5F1FEEBB81C73B21BCD36BB0CD
                                          SHA-256:0D6C23952F047A40AF82B7EF3FEAC20F30F8106F68AF2079854B9DCD674A9D79
                                          SHA-512:50D0465B72143B719B800A2306AC9ACEEEFCC1743C72715E68045A304322ADA1E68F60796941FA776A1714D16E987D9E297F9CD04F0E2B84443859FA1478A3B0
                                          Malicious:false
                                          Preview:2024/09/01-14:53:59.066 1cec Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB/MANIFEST-000001.2024/09/01-14:53:59.066 1cec Recovering log #3.2024/09/01-14:53:59.067 1cec Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB/000003.log .

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Top Sites

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 2, database pages 7, 1st free page 5, free pages 2, cookie 0x5, schema 4, UTF-8, version-valid-for 2
                                          Category:dropped
                                          Size (bytes):28672
                                          Entropy (8bit):0.26707851465859517
                                          Encrypted:false
                                          SSDEEP:12:TLPp5yN8h6MvDOH+FxOUwa5qVZ7Nkl25Pe2d:TLh8Gxk+6Uwc8NlYC
                                          MD5:04F8B790DF73BD7CD01238F4681C3F44
                                          SHA1:DF12D0A21935FC01B36A24BF72AB9640FEBB2077
                                          SHA-256:96BD789329E46DD9D83002DC40676922A48A3601BF4B5D7376748B34ECE247A0
                                          SHA-512:0DD492C371D310121F7FD57D29F8CE92AA2536A74923AC27F9C4C0C1580C849D7779348FC80410DEBB5EEE14F357EBDF33BF670D1E7B6CCDF15D69AC127AB7C3
                                          Malicious:false
                                          Preview:SQLite format 3......@ ..........................................................................j..........g.......j.j................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):131072
                                          Entropy (8bit):0.005551902734588277
                                          Encrypted:false
                                          SSDEEP:3:ImtVx//l/9HgSl9yE/lYyl/:IiVt/TgZEtYy
                                          MD5:507831B98F1142C03315A82CFE1DBAA6
                                          SHA1:359E7F61C362841198235A5ECFC1A7175E582485
                                          SHA-256:14C3AA8ADE4F61DEED13F70BBE3D5DB2C8663F821403FD20B213A7F353C3E836
                                          SHA-512:589B1D6C6FEFCE083008B228499087E3C4F316B11158E395BDE0EBB8BA5951FB58A092235F067179BD2454D4EE575A652DB5DFE23D0510058D5C975ECDFB027C
                                          Malicious:false
                                          Preview:VLnk.....?.........u.6Q.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Web Data

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 5, database pages 89, cookie 0x66, schema 4, UTF-8, version-valid-for 5
                                          Category:dropped
                                          Size (bytes):184320
                                          Entropy (8bit):1.06712089877579
                                          Encrypted:false
                                          SSDEEP:192:QSqzWMMUfTlnGCTjHbRJkkqtXaWTK+hGgH+6e7EHVumYq2n6:QrzWMff5nzkkqtXnTK+hNH+5EVumQ
                                          MD5:526B3647F81F09591E9AA835A4CE91A3
                                          SHA1:55430C225F11D0591012CE3A93C7F2785C31E569
                                          SHA-256:B40A4C34B06DB80B854E35C2718FADFA243CF91F4FF9A9E58F02E359504007C6
                                          SHA-512:7B511A4A2EE2AE33D5A3BDBF481F53E3B9E6928BB1BB5394C3DE2FD5D3CCC6A0E94D0914238F3CDDD29D9DBC662A1936E0A15FE3B054F11BFE58C163629AD39E
                                          Malicious:false
                                          Preview:SQLite format 3......@ .......Y...........f......................................................j............O........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\WebAssistDatabase

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 10, database pages 7, cookie 0xb, schema 4, UTF-8, version-valid-for 10
                                          Category:dropped
                                          Size (bytes):14336
                                          Entropy (8bit):1.4208690824992949
                                          Encrypted:false
                                          SSDEEP:48:uOK3tjkSdj5IUltGhp22iSBgj2RyRx6YK32RyRx6Exj/:PtSjGhp22iS3Yx8OYxp
                                          MD5:45DF457A75667DBBD730941620C944A6
                                          SHA1:EA136B2DE6BF1FF1274A180099D08DF1A33FF878
                                          SHA-256:B4B31827EE1F2A1702B90BBFC9819187C1799E8AD62C82615CE5A0EF26EFA199
                                          SHA-512:4F8E1DFE5498BF3995E698907B80B743B78A4997B8247B817541D5EF765B803BBFA14B3A742C440E22041466A060729325C69FABA69E1D2724B7638167DDAEFC
                                          Malicious:false
                                          Preview:SQLite format 3......@ ..........................................................................j..................n..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\WebStorage\QuotaManager

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 10, cookie 0x7, schema 4, UTF-8, version-valid-for 1
                                          Category:dropped
                                          Size (bytes):40960
                                          Entropy (8bit):0.41235120905181716
                                          Encrypted:false
                                          SSDEEP:48:Tnj7dojKsKmjKZKAsjZNOjAhts3N8g1j3UcB:v7doKsKuKZKlZNmu46yjx
                                          MD5:981F351994975A68A0DD3ECE5E889FD0
                                          SHA1:080D3386290A14A68FCE07709A572AF98097C52D
                                          SHA-256:3F0C0B2460E0AA2A94E0BF79C8944F2F4835D2701249B34A13FD200F7E5316D7
                                          SHA-512:C5930797C46EEC25D356BAEB6CFE37E9F462DEE2AE8866343B2C382DBAD45C1544EF720D520C4407F56874596B31EFD6822B58A9D3DAE6F85E47FF802DBAA20B
                                          Malicious:false
                                          Preview:SQLite format 3......@ ..........................................................................j.......w..g...........M...w..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\a6c88677-fc5f-4b78-970c-c652a42d4bef.tmp

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:JSON data
                                          Category:dropped
                                          Size (bytes):13653
                                          Entropy (8bit):5.237975125674198
                                          Encrypted:false
                                          SSDEEP:192:sVYJ9pQTryZiuaba4uyRJfdyCr3z+OYa3g8Ipj+FVGQAyLA1f:sVYLAJumJfdywzEpU8QHK
                                          MD5:AD3A0EA5EF34F2D78CA3BBC3D899896D
                                          SHA1:DF197C5E5A75EFB06AD180A029845417E50880AB
                                          SHA-256:C40595135DDD3BE43B4E9C12D5C1C46032BF335B445DA0DB98AC70B225573487
                                          SHA-512:D5B53862CBDD0A62784FE260C564ACD39F7CBFFD19B2DF9DB3F8129A539C1BFF883909E5F6887BF4A0160C53A7F7E92CF7F781EF199B442BE226F9AE7C19069F
                                          Malicious:false
                                          Preview:{"aadc_info":{"age_group":0},"account_id_migration_state":2,"account_tracker_service_last_update":"13369690439798544","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117794":{"last_path":""},"380c71d3-10bf-4a5d-9a06-c932e4b7d1d8":{"last_path":""},"3a2f4dee-d482-4ef8-baef-cb22b649608c":{"last_path":""},"3b5ee6f6-5322-4061-81e4-d976818

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\arbitration_service_config.json

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:ASCII text, with very long lines (3951), with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):11755
                                          Entropy (8bit):5.190465908239046
                                          Encrypted:false
                                          SSDEEP:192:hH4vrmqRBB4W4PoiUDNaxvR5FCHFcoaSbqGEDI:hH4vrmUB6W4jR3GaSbqGEDI
                                          MD5:07301A857C41B5854E6F84CA00B81EA0
                                          SHA1:7441FC1018508FF4F3DBAA139A21634C08ED979C
                                          SHA-256:2343C541E095E1D5F202E8D2A0807113E69E1969AF8E15E3644C51DB0BF33FBF
                                          SHA-512:00ADE38E9D2F07C64648202F1D5F18A2DFB2781C0517EAEBCD567D8A77DBB7CB40A58B7C7D4EC03336A63A20D2E11DD64448F020C6FF72F06CA870AA2B4765E0
                                          Malicious:false
                                          Preview:{.. "DefaultCohort": {.. "21f3388b-c2a5-4791-8f6e-a4cad6d17f4f.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.BingHomePage.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Covid.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Finance.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Jobs.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.KnowledgeCard.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Local.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.NTP3PCLICK.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.NotifySearchPage.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Recipe.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.SearchPage.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Sports.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Travel.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Weather.Bubble": 1,.. "2cb2db96-3bd0-403e-abe2-9269b3761041.Bubble": 1,.

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\databases\Databases.db

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 7, cookie 0x4, schema 4, UTF-8, version-valid-for 1
                                          Category:dropped
                                          Size (bytes):28672
                                          Entropy (8bit):0.3410017321959524
                                          Encrypted:false
                                          SSDEEP:12:TLiqi/nGb0EiDFIlTSFbyrKZb9YwFOqAyl+FxOUwa5qgufTJpbZ75fOSG:TLiMNiD+lZk/Fj+6UwccNp15fBG
                                          MD5:98643AF1CA5C0FE03CE8C687189CE56B
                                          SHA1:ECADBA79A364D72354C658FD6EA3D5CF938F686B
                                          SHA-256:4DC3BF7A36AB5DA80C0995FAF61ED0F96C4DE572F2D6FF9F120F9BC44B69E444
                                          SHA-512:68B69FCE8EF5AB1DDA2994BA4DB111136BD441BC3EFC0251F57DC20A3095B8420669E646E2347EAB7BAF30CACA4BCF74BD88E049378D8DE57DE72E4B8A5FF74B
                                          Malicious:false
                                          Preview:SQLite format 3......@ ..........................................................................j..........g.....P....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\f4c9672a-9f15-46d4-9e2d-ff90f4ce1805.tmp

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:JSON data
                                          Category:dropped
                                          Size (bytes):13691
                                          Entropy (8bit):5.237344203967542
                                          Encrypted:false
                                          SSDEEP:192:sVYJ9pQTryZiuaba4uyRJfdyCr3z+OYa3g8Ipj+FVGQA9LA1f:sVYLAJumJfdywzEpU8Q0K
                                          MD5:9829DDA9C13E6138D94828D1BD181B44
                                          SHA1:9C16C25166EC081FA50B7F0A4D75F03A085E9386
                                          SHA-256:1312E400DF0CBB55646E0D0312EA62E6827827B563B0CAC177F077798618BA7C
                                          SHA-512:F6BDF4CA047F05F9E4599F67BF5EE9B18F78B53928ADA1F645E0B3840636407EBD765F85E2E998DE092829F29437F4ED1506FAAB697E6741CFA24A9BB58F6CD6
                                          Malicious:false
                                          Preview:{"aadc_info":{"age_group":0},"account_id_migration_state":2,"account_tracker_service_last_update":"13369690439798544","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117794":{"last_path":""},"380c71d3-10bf-4a5d-9a06-c932e4b7d1d8":{"last_path":""},"3a2f4dee-d482-4ef8-baef-cb22b649608c":{"last_path":""},"3b5ee6f6-5322-4061-81e4-d976818

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\heavy_ad_intervention_opt_out.db

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 2, database pages 4, cookie 0x2, schema 4, UTF-8, version-valid-for 2
                                          Category:dropped
                                          Size (bytes):16384
                                          Entropy (8bit):0.35226517389931394
                                          Encrypted:false
                                          SSDEEP:12:TLC+waBg9LBgVDBgQjiZBgKuFtuQkMbmgcVAzO5kMCgGUg5OR:TLPdBgtBgJBgQjiZS53uQFE27MCgGZsR
                                          MD5:D2CCDC36225684AAE8FA563AFEDB14E7
                                          SHA1:3759649035F23004A4C30A14C5F0B54191BEBF80
                                          SHA-256:080AEE864047C67CB1586A5BA5EDA007AFD18ECC2B702638287E386F159D7AEE
                                          SHA-512:1A915AF643D688CA68AEDC1FF26C407D960D18DFDE838B417C437D7ADAC7B91C906E782DCC414784E64287915BD1DE5BB6A282E59AA9FEB8C384B4D4BC5F70EC
                                          Malicious:false
                                          Preview:SQLite format 3......@ ..........................................................................j.......Q......Q......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db-shm

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):32768
                                          Entropy (8bit):0.09783018047179404
                                          Encrypted:false
                                          SSDEEP:6:G9l/Lff+UHIl/Lff+MlX9XHl/Vl/Unkl/Vl/Vl/Vl/Vl/Vl/Vl/Vl/Vl/Vl/Vl/u:CtLRHItLJHFnnnnnnnnnnnnnnpEo
                                          MD5:1089FC54ECD8008FBEEF38AAA3EFEEC4
                                          SHA1:FB064658552A5CDF21DFDD1ECDBC9A16A7F157E8
                                          SHA-256:39D5FD556550EBE162F084FE8538289C91467E1E1FDE48BBB5CC49B09F35F9B0
                                          SHA-512:3E8B11025F61913A0737A697614254157D7ECA41C2A4A3463751C2240240A6FBD673880C0D0FC1F1ED7C34A17F09EDE16B861A4C4B5E0C3AA01A328D5C534C5D
                                          Malicious:false
                                          Preview:..-.............H.......R...|....z......xd....f..-.............H.......R...|....z......xd....f........D...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db-wal

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:SQLite Write-Ahead Log, version 3007000
                                          Category:dropped
                                          Size (bytes):296672
                                          Entropy (8bit):1.0150582213198627
                                          Encrypted:false
                                          SSDEEP:384:JWZq/Z7aOIQ37MgjOTyJpgmXZJYPUiqcia:JWWaOh373S+7dpAUSd
                                          MD5:E8E92E7EE0E74813E7DDD78494D80E5F
                                          SHA1:ECDD359F1B8AD01E8E3643A17ADEB4F87DD1106F
                                          SHA-256:870886717138C39364946480782C7C2F8BFBC329340287E732E3D42DE7418381
                                          SHA-512:F0B1973BFCC5DB27C8DA6ABBFE91446BDB282B56B3B29374F8952D578D78F5AEA6DE83DF430817B9C98E69169BBF017B8814287F2B3F377C688D2BE16468DFBA
                                          Malicious:false
                                          Preview:7....-...........z.......~.V...........z.......).?2................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000001.dbtmp

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:ASCII text
                                          Category:dropped
                                          Size (bytes):16
                                          Entropy (8bit):3.2743974703476995
                                          Encrypted:false
                                          SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                          MD5:46295CAC801E5D4857D09837238A6394
                                          SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                          SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                          SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                          Malicious:false
                                          Preview:MANIFEST-000001.

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:data
                                          Category:modified
                                          Size (bytes):250
                                          Entropy (8bit):3.704891878236998
                                          Encrypted:false
                                          SSDEEP:3:VVXntjQPEnjQ5RV+S/l3seGKT9rcQ6xIYrOtlTxotlTxotlTxotlTxotlTxotlTy:/XntM+A/l3sedhOlrOuuuuuu
                                          MD5:C199DB2CCE5A7CB6B16044A862AA056A
                                          SHA1:1976E878AB1D45324B5E14EEC1FDD928DD8FD120
                                          SHA-256:50F2AAF2BD705B79999A63A0022E86EAB76353DFE0E090138ADA02EB27256DF7
                                          SHA-512:94878D19001ECDE1BF3C70FA6F465BC220BBCD969F98160C1E22E0B5E39569DAFF06961F040AE994E3BD134A6A8629CD4FB4AC437BF6AEE42CFB913C2F31C2CF
                                          Malicious:false
                                          Preview:A..r.................20_1_1...1.,U.................20_1_1...1..0................39_config..........6.....n ...1u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\CURRENT (copy)

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:ASCII text
                                          Category:dropped
                                          Size (bytes):16
                                          Entropy (8bit):3.2743974703476995
                                          Encrypted:false
                                          SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                          MD5:46295CAC801E5D4857D09837238A6394
                                          SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                          SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                          SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                          Malicious:false
                                          Preview:MANIFEST-000001.

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:ASCII text
                                          Category:dropped
                                          Size (bytes):281
                                          Entropy (8bit):5.263725883515815
                                          Encrypted:false
                                          SSDEEP:6:PVRFB1wkn23oH+Tcwtfrl2KLllVRF5XFYQL+q2Pwkn23oH+TcwtfrK+IFUv:PKfYeb1Ln3VAvYfYeb23FUv
                                          MD5:06FD48B4869B9183CD326CE486D36471
                                          SHA1:676E9CAFD35F344E1F6D1C93DA1439BE36217D2A
                                          SHA-256:9CE99F2568983632EE9B7FD40200CD18C2110911898E3A6D613D6EDCD4FED6ED
                                          SHA-512:197D12626C0AB3F8931D86E6911FC27C30A15843133A5F47B463A4A96D0E710A44DD7B6270F9231DCC3F9B65356A71E71FF9A4216556FCDDC2D5612E522D2C60
                                          Malicious:false
                                          Preview:2024/09/01-14:53:59.811 1d78 Creating DB C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db since it was missing..2024/09/01-14:53:59.822 1d78 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db/MANIFEST-000001.

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\MANIFEST-000001

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:OpenPGP Secret Key
                                          Category:dropped
                                          Size (bytes):41
                                          Entropy (8bit):4.704993772857998
                                          Encrypted:false
                                          SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                          MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                          SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                          SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                          SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                          Malicious:false
                                          Preview:.|.."....leveldb.BytewiseComparator......

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000001.dbtmp

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:ASCII text
                                          Category:dropped
                                          Size (bytes):16
                                          Entropy (8bit):3.2743974703476995
                                          Encrypted:false
                                          SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                          MD5:46295CAC801E5D4857D09837238A6394
                                          SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                          SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                          SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                          Malicious:false
                                          Preview:MANIFEST-000001.

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):617
                                          Entropy (8bit):3.9325179151892424
                                          Encrypted:false
                                          SSDEEP:12:G0nYUteza//z3p/Uz0RuWlJhC+lvBavRtin01zv0:G0nYUtezaD3RUovhC+lvBOL0
                                          MD5:AD15D72AA4792C14DDD002CED70E8245
                                          SHA1:30D0E75166FDA7126A73480EE3222C193231B579
                                          SHA-256:17A781FB31D3176491D9B277ADEEE5521972C68956A2271637BBCBFEB27D6A7D
                                          SHA-512:20B8D19B529A392FE0CBB44844926210D98C477498377B8370AA3A3A763C047EF96BE341686406522868EF848C83EF5EF4792B17CDD0462D4680EDA542C8A54F
                                          Malicious:false
                                          Preview:.h.6.................__global... .t...................__global... .9..b.................33_..........................21_.....n[.=.................33_.....vuNX.................21_.....<...................20_.....,.1..................19_.....QL.s.................18_.....<.J|.................37_...... .A.................38_..........................39_........].................20_.....Owa..................20_.....`..N.................19_.....D8.X.................18_......`...................37_..........................38_......\e..................39_.....dz.|.................9_.....'\c..................9_.....

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\CURRENT (copy)

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:ASCII text
                                          Category:dropped
                                          Size (bytes):16
                                          Entropy (8bit):3.2743974703476995
                                          Encrypted:false
                                          SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                          MD5:46295CAC801E5D4857D09837238A6394
                                          SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                          SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                          SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                          Malicious:false
                                          Preview:MANIFEST-000001.

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:ASCII text
                                          Category:dropped
                                          Size (bytes):299
                                          Entropy (8bit):5.221554168830472
                                          Encrypted:false
                                          SSDEEP:6:PVRFWR1wkn23oH+Tcwtfrzs52KLllVRF7lQL+q2Pwkn23oH+TcwtfrzAdIFUv:Pw0fYebs9LnVvYfYeb9FUv
                                          MD5:38F950081BC8C564F8D710288E299F87
                                          SHA1:E2654AF47993D50A1CF5C318FFEDA7C8E26161A3
                                          SHA-256:901A1468F45D10E4F6EA330EF41CAA1E777D367CE86EBC03C36347EFD4258C1E
                                          SHA-512:990CCB8505B94958F7E945D95E033945D9E7A704CBB6FA8B687F8F1F297E081994D867CD859E9ACBA055EEBA098FF419E791DAA36F7B03A427E7D16AB8041603
                                          Malicious:false
                                          Preview:2024/09/01-14:53:59.799 1d78 Creating DB C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata since it was missing..2024/09/01-14:53:59.809 1d78 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata/MANIFEST-000001.

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\MANIFEST-000001

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:OpenPGP Secret Key
                                          Category:dropped
                                          Size (bytes):41
                                          Entropy (8bit):4.704993772857998
                                          Encrypted:false
                                          SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                          MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                          SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                          SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                          SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                          Malicious:false
                                          Preview:.|.."....leveldb.BytewiseComparator......

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\data_0

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:FoxPro FPT, blocks size 512, next free block index 3284796609, field type 0
                                          Category:dropped
                                          Size (bytes):8192
                                          Entropy (8bit):0.01057775872642915
                                          Encrypted:false
                                          SSDEEP:3:MsFl:/F
                                          MD5:CF89D16BB9107C631DAABF0C0EE58EFB
                                          SHA1:3AE5D3A7CF1F94A56E42F9A58D90A0B9616AE74B
                                          SHA-256:D6A5FE39CD672781B256E0E3102F7022635F1D4BB7CFCC90A80FFFE4D0F3877E
                                          SHA-512:8CB5B059C8105EB91E74A7D5952437AAA1ADA89763C5843E7B0F1B93D9EBE15ED40F287C652229291FAC02D712CF7FF5ECECEF276BA0D7DDC35558A3EC3F77B0
                                          Malicious:false
                                          Preview:............$...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\data_1

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):270336
                                          Entropy (8bit):8.280239615765425E-4
                                          Encrypted:false
                                          SSDEEP:3:MsEllllkEthXllkl2:/M/xT02
                                          MD5:D0D388F3865D0523E451D6BA0BE34CC4
                                          SHA1:8571C6A52AACC2747C048E3419E5657B74612995
                                          SHA-256:902F30C1FB0597D0734BC34B979EC5D131F8F39A4B71B338083821216EC8D61B
                                          SHA-512:376011D00DE659EB6082A74E862CFAC97A9BB508E0B740761505142E2D24EC1C30AA61EFBC1C0DD08FF0F34734444DE7F77DD90A6CA42B48A4C7FAD5F0BDDD17
                                          Malicious:false
                                          Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\data_2

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):8192
                                          Entropy (8bit):0.011852361981932763
                                          Encrypted:false
                                          SSDEEP:3:MsHlDll:/H
                                          MD5:0962291D6D367570BEE5454721C17E11
                                          SHA1:59D10A893EF321A706A9255176761366115BEDCB
                                          SHA-256:EC1702806F4CC7C42A82FC2B38E89835FDE7C64BB32060E0823C9077CA92EFB7
                                          SHA-512:F555E961B69E09628EAF9C61F465871E6984CD4D31014F954BB747351DAD9CEA6D17C1DB4BCA2C1EB7F187CB5F3C0518748C339C8B43BBD1DBD94AEAA16F58ED
                                          Malicious:false
                                          Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\data_3

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):8192
                                          Entropy (8bit):0.012340643231932763
                                          Encrypted:false
                                          SSDEEP:3:MsGl3ll:/y
                                          MD5:41876349CB12D6DB992F1309F22DF3F0
                                          SHA1:5CF26B3420FC0302CD0A71E8D029739B8765BE27
                                          SHA-256:E09F42C398D688DCE168570291F1F92D079987DEDA3099A34ADB9E8C0522B30C
                                          SHA-512:E9A4FC1F7CB6AE2901F8E02354A92C4AAA7A53C640DCF692DB42A27A5ACC2A3BFB25A0DE0EB08AB53983132016E7D43132EA4292E439BB636AAFD53FB6EF907E
                                          Malicious:false
                                          Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\index

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:FoxPro FPT, blocks size 768, next free block index 3284796353, field type 0
                                          Category:dropped
                                          Size (bytes):262512
                                          Entropy (8bit):9.553120663130604E-4
                                          Encrypted:false
                                          SSDEEP:3:LsNl2UML:Ls32
                                          MD5:289AAF8F574E805FEF62F8BE0EE77515
                                          SHA1:E310B9AB149ACBE14726E0BBE4676F8A4D2D0364
                                          SHA-256:C0CDBA8857C9025B8F0B3DBC9F65E2573CBC21D2363ECE0712F5A535DBF04613
                                          SHA-512:CA4515A4EA0B2C736900DFE45DFA3B425C112561E00DD9A5E0FC395622C339D32CCC4569B4BE68D6B4D8FAEAABEF8F67CF9B4F990474CD841EFDAC6D5A1DAADF
                                          Malicious:false
                                          Preview:.........................................4r.../.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\GraphiteDawnCache\data_0

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:FoxPro FPT, blocks size 512, next free block index 3284796609, field type 0
                                          Category:dropped
                                          Size (bytes):8192
                                          Entropy (8bit):0.01057775872642915
                                          Encrypted:false
                                          SSDEEP:3:MsFl:/F
                                          MD5:CF89D16BB9107C631DAABF0C0EE58EFB
                                          SHA1:3AE5D3A7CF1F94A56E42F9A58D90A0B9616AE74B
                                          SHA-256:D6A5FE39CD672781B256E0E3102F7022635F1D4BB7CFCC90A80FFFE4D0F3877E
                                          SHA-512:8CB5B059C8105EB91E74A7D5952437AAA1ADA89763C5843E7B0F1B93D9EBE15ED40F287C652229291FAC02D712CF7FF5ECECEF276BA0D7DDC35558A3EC3F77B0
                                          Malicious:false
                                          Preview:............$...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\GraphiteDawnCache\data_1

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):270336
                                          Entropy (8bit):8.280239615765425E-4
                                          Encrypted:false
                                          SSDEEP:3:MsEllllkEthXllkl2:/M/xT02
                                          MD5:D0D388F3865D0523E451D6BA0BE34CC4
                                          SHA1:8571C6A52AACC2747C048E3419E5657B74612995
                                          SHA-256:902F30C1FB0597D0734BC34B979EC5D131F8F39A4B71B338083821216EC8D61B
                                          SHA-512:376011D00DE659EB6082A74E862CFAC97A9BB508E0B740761505142E2D24EC1C30AA61EFBC1C0DD08FF0F34734444DE7F77DD90A6CA42B48A4C7FAD5F0BDDD17
                                          Malicious:false
                                          Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\GraphiteDawnCache\data_2

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):8192
                                          Entropy (8bit):0.011852361981932763
                                          Encrypted:false
                                          SSDEEP:3:MsHlDll:/H
                                          MD5:0962291D6D367570BEE5454721C17E11
                                          SHA1:59D10A893EF321A706A9255176761366115BEDCB
                                          SHA-256:EC1702806F4CC7C42A82FC2B38E89835FDE7C64BB32060E0823C9077CA92EFB7
                                          SHA-512:F555E961B69E09628EAF9C61F465871E6984CD4D31014F954BB747351DAD9CEA6D17C1DB4BCA2C1EB7F187CB5F3C0518748C339C8B43BBD1DBD94AEAA16F58ED
                                          Malicious:false
                                          Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\GraphiteDawnCache\data_3

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):8192
                                          Entropy (8bit):0.012340643231932763
                                          Encrypted:false
                                          SSDEEP:3:MsGl3ll:/y
                                          MD5:41876349CB12D6DB992F1309F22DF3F0
                                          SHA1:5CF26B3420FC0302CD0A71E8D029739B8765BE27
                                          SHA-256:E09F42C398D688DCE168570291F1F92D079987DEDA3099A34ADB9E8C0522B30C
                                          SHA-512:E9A4FC1F7CB6AE2901F8E02354A92C4AAA7A53C640DCF692DB42A27A5ACC2A3BFB25A0DE0EB08AB53983132016E7D43132EA4292E439BB636AAFD53FB6EF907E
                                          Malicious:false
                                          Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\GraphiteDawnCache\index

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:FoxPro FPT, blocks size 768, next free block index 3284796353, field type 0
                                          Category:dropped
                                          Size (bytes):262512
                                          Entropy (8bit):9.553120663130604E-4
                                          Encrypted:false
                                          SSDEEP:3:LsNlH6:Ls3H
                                          MD5:7ED6B5D2542D605885E3796F12D9C55C
                                          SHA1:4F3CC7DAC529C95900F0D1730088400C34282D97
                                          SHA-256:BF899487D0DB01C00A2D32D571BB44A59B6B9508A5503E556CD9B5DA830BD698
                                          SHA-512:DFEC9A8E260CBC4FDA6D88BD1FA9DCA99DD020659F0DD95655937DA83BED15850284EEF1AE86A20BD3DEB7443D41696C23E9D440D86D6DF8CC10714FCFCAB403
                                          Malicious:false
                                          Preview:........................................7.s.../.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Last Browser

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):120
                                          Entropy (8bit):3.32524464792714
                                          Encrypted:false
                                          SSDEEP:3:tbloIlrJFlXnpQoWcNylRjlgbYnPdJiG6R7lZAUAl:tbdlrYoWcV0n1IGi7kBl
                                          MD5:A397E5983D4A1619E36143B4D804B870
                                          SHA1:AA135A8CC2469CFD1EF2D7955F027D95BE5DFBD4
                                          SHA-256:9C70F766D3B84FC2BB298EFA37CC9191F28BEC336329CC11468CFADBC3B137F4
                                          SHA-512:4159EA654152D2810C95648694DD71957C84EA825FCCA87B36F7E3282A72B30EF741805C610C5FA847CA186E34BDE9C289AAA7B6931C5B257F1D11255CD2A816
                                          Malicious:false
                                          Preview:C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.M.i.c.r.o.s.o.f.t.\.E.d.g.e.\.A.p.p.l.i.c.a.t.i.o.n.\.m.s.e.d.g.e...e.x.e.

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Last Version

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:ASCII text, with no line terminators
                                          Category:dropped
                                          Size (bytes):13
                                          Entropy (8bit):2.7192945256669794
                                          Encrypted:false
                                          SSDEEP:3:NYLFRQI:ap2I
                                          MD5:BF16C04B916ACE92DB941EBB1AF3CB18
                                          SHA1:FA8DAEAE881F91F61EE0EE21BE5156255429AA8A
                                          SHA-256:7FC23C9028A316EC0AC25B09B5B0D61A1D21E58DFCF84C2A5F5B529129729098
                                          SHA-512:F0B7DF5517596B38D57C57B5777E008D6229AB5B1841BBE74602C77EEA2252BF644B8650C7642BD466213F62E15CC7AB5A95B28E26D3907260ED1B96A74B65FB
                                          Malicious:false
                                          Preview:117.0.2045.47

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State (copy)

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:JSON data
                                          Category:dropped
                                          Size (bytes):6820
                                          Entropy (8bit):5.794310404295137
                                          Encrypted:false
                                          SSDEEP:96:iaqkHfO9VKRz5ih/cI9URLl8RotorMFVvlwhbe4IbONIeTC6XQS0qGqk+Z4uj+rJ:akGDoUeiRU8hd6qRAq1k8SPxVLZ7VTiq
                                          MD5:CBDDED223530DF8536C09FB60B22EA70
                                          SHA1:FE2B38310431A1AC30EBB1AF02B8AAEEF579F624
                                          SHA-256:697F5FF55A297A2B84AFA06EBE865EDCDA6DE70A5E2D47F7234F54477E0BFFFB
                                          SHA-512:A8DE0947EE7E91940BDA389B9078D72714563AAD79331229C6B52C1951A52B31C5A055E1DEC6CAFDE20815A42FF18325CF5C26B0158F348D400B94CB810BF42E
                                          Malicious:false
                                          Preview:{"browser":{"last_redirect_origin":""},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false}},"fire_local_softlanding_notification":false,"fre":{"soft_landing_bubble":{"bubble_response":0,"has_user_seen_bubble":true,"is_bubble_triggered":0}},"hardware_acceleration_mode_previous":true,"legacy":{"profile":{"name":{"migrated":true}}},"migration":{"last_edgeuwp_pin_migration_on_edge_version":"92.0.902.67","last_edgeuwp_pin_migration_on_os_version":"10 OS Version 2009 (Build 19045.2006)","last_edgeuwp_pin_migration_success":false},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAAB1fP9hVLl+TqkQ+1WEJGQfEAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAADzwvuZakL9lxd0aPBRCMV9s3+uDrDyWw3HbUh/TpGkiwAAAAA

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF28da0.TMP (copy)

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:JSON data
                                          Category:dropped
                                          Size (bytes):6820
                                          Entropy (8bit):5.794310404295137
                                          Encrypted:false
                                          SSDEEP:96:iaqkHfO9VKRz5ih/cI9URLl8RotorMFVvlwhbe4IbONIeTC6XQS0qGqk+Z4uj+rJ:akGDoUeiRU8hd6qRAq1k8SPxVLZ7VTiq
                                          MD5:CBDDED223530DF8536C09FB60B22EA70
                                          SHA1:FE2B38310431A1AC30EBB1AF02B8AAEEF579F624
                                          SHA-256:697F5FF55A297A2B84AFA06EBE865EDCDA6DE70A5E2D47F7234F54477E0BFFFB
                                          SHA-512:A8DE0947EE7E91940BDA389B9078D72714563AAD79331229C6B52C1951A52B31C5A055E1DEC6CAFDE20815A42FF18325CF5C26B0158F348D400B94CB810BF42E
                                          Malicious:false
                                          Preview:{"browser":{"last_redirect_origin":""},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false}},"fire_local_softlanding_notification":false,"fre":{"soft_landing_bubble":{"bubble_response":0,"has_user_seen_bubble":true,"is_bubble_triggered":0}},"hardware_acceleration_mode_previous":true,"legacy":{"profile":{"name":{"migrated":true}}},"migration":{"last_edgeuwp_pin_migration_on_edge_version":"92.0.902.67","last_edgeuwp_pin_migration_on_os_version":"10 OS Version 2009 (Build 19045.2006)","last_edgeuwp_pin_migration_success":false},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAAB1fP9hVLl+TqkQ+1WEJGQfEAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAADzwvuZakL9lxd0aPBRCMV9s3+uDrDyWw3HbUh/TpGkiwAAAAA

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF292ef.TMP (copy)

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:JSON data
                                          Category:dropped
                                          Size (bytes):6820
                                          Entropy (8bit):5.794310404295137
                                          Encrypted:false
                                          SSDEEP:96:iaqkHfO9VKRz5ih/cI9URLl8RotorMFVvlwhbe4IbONIeTC6XQS0qGqk+Z4uj+rJ:akGDoUeiRU8hd6qRAq1k8SPxVLZ7VTiq
                                          MD5:CBDDED223530DF8536C09FB60B22EA70
                                          SHA1:FE2B38310431A1AC30EBB1AF02B8AAEEF579F624
                                          SHA-256:697F5FF55A297A2B84AFA06EBE865EDCDA6DE70A5E2D47F7234F54477E0BFFFB
                                          SHA-512:A8DE0947EE7E91940BDA389B9078D72714563AAD79331229C6B52C1951A52B31C5A055E1DEC6CAFDE20815A42FF18325CF5C26B0158F348D400B94CB810BF42E
                                          Malicious:false
                                          Preview:{"browser":{"last_redirect_origin":""},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false}},"fire_local_softlanding_notification":false,"fre":{"soft_landing_bubble":{"bubble_response":0,"has_user_seen_bubble":true,"is_bubble_triggered":0}},"hardware_acceleration_mode_previous":true,"legacy":{"profile":{"name":{"migrated":true}}},"migration":{"last_edgeuwp_pin_migration_on_edge_version":"92.0.902.67","last_edgeuwp_pin_migration_on_os_version":"10 OS Version 2009 (Build 19045.2006)","last_edgeuwp_pin_migration_success":false},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAAB1fP9hVLl+TqkQ+1WEJGQfEAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAADzwvuZakL9lxd0aPBRCMV9s3+uDrDyWw3HbUh/TpGkiwAAAAA

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF2930e.TMP (copy)

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:JSON data
                                          Category:dropped
                                          Size (bytes):6820
                                          Entropy (8bit):5.794310404295137
                                          Encrypted:false
                                          SSDEEP:96:iaqkHfO9VKRz5ih/cI9URLl8RotorMFVvlwhbe4IbONIeTC6XQS0qGqk+Z4uj+rJ:akGDoUeiRU8hd6qRAq1k8SPxVLZ7VTiq
                                          MD5:CBDDED223530DF8536C09FB60B22EA70
                                          SHA1:FE2B38310431A1AC30EBB1AF02B8AAEEF579F624
                                          SHA-256:697F5FF55A297A2B84AFA06EBE865EDCDA6DE70A5E2D47F7234F54477E0BFFFB
                                          SHA-512:A8DE0947EE7E91940BDA389B9078D72714563AAD79331229C6B52C1951A52B31C5A055E1DEC6CAFDE20815A42FF18325CF5C26B0158F348D400B94CB810BF42E
                                          Malicious:false
                                          Preview:{"browser":{"last_redirect_origin":""},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false}},"fire_local_softlanding_notification":false,"fre":{"soft_landing_bubble":{"bubble_response":0,"has_user_seen_bubble":true,"is_bubble_triggered":0}},"hardware_acceleration_mode_previous":true,"legacy":{"profile":{"name":{"migrated":true}}},"migration":{"last_edgeuwp_pin_migration_on_edge_version":"92.0.902.67","last_edgeuwp_pin_migration_on_os_version":"10 OS Version 2009 (Build 19045.2006)","last_edgeuwp_pin_migration_success":false},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAAB1fP9hVLl+TqkQ+1WEJGQfEAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAADzwvuZakL9lxd0aPBRCMV9s3+uDrDyWw3HbUh/TpGkiwAAAAA

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF2ba0f.TMP (copy)

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:JSON data
                                          Category:dropped
                                          Size (bytes):6820
                                          Entropy (8bit):5.794310404295137
                                          Encrypted:false
                                          SSDEEP:96:iaqkHfO9VKRz5ih/cI9URLl8RotorMFVvlwhbe4IbONIeTC6XQS0qGqk+Z4uj+rJ:akGDoUeiRU8hd6qRAq1k8SPxVLZ7VTiq
                                          MD5:CBDDED223530DF8536C09FB60B22EA70
                                          SHA1:FE2B38310431A1AC30EBB1AF02B8AAEEF579F624
                                          SHA-256:697F5FF55A297A2B84AFA06EBE865EDCDA6DE70A5E2D47F7234F54477E0BFFFB
                                          SHA-512:A8DE0947EE7E91940BDA389B9078D72714563AAD79331229C6B52C1951A52B31C5A055E1DEC6CAFDE20815A42FF18325CF5C26B0158F348D400B94CB810BF42E
                                          Malicious:false
                                          Preview:{"browser":{"last_redirect_origin":""},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false}},"fire_local_softlanding_notification":false,"fre":{"soft_landing_bubble":{"bubble_response":0,"has_user_seen_bubble":true,"is_bubble_triggered":0}},"hardware_acceleration_mode_previous":true,"legacy":{"profile":{"name":{"migrated":true}}},"migration":{"last_edgeuwp_pin_migration_on_edge_version":"92.0.902.67","last_edgeuwp_pin_migration_on_os_version":"10 OS Version 2009 (Build 19045.2006)","last_edgeuwp_pin_migration_success":false},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAAB1fP9hVLl+TqkQ+1WEJGQfEAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAADzwvuZakL9lxd0aPBRCMV9s3+uDrDyWw3HbUh/TpGkiwAAAAA

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF2da29.TMP (copy)

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:JSON data
                                          Category:dropped
                                          Size (bytes):6820
                                          Entropy (8bit):5.794310404295137
                                          Encrypted:false
                                          SSDEEP:96:iaqkHfO9VKRz5ih/cI9URLl8RotorMFVvlwhbe4IbONIeTC6XQS0qGqk+Z4uj+rJ:akGDoUeiRU8hd6qRAq1k8SPxVLZ7VTiq
                                          MD5:CBDDED223530DF8536C09FB60B22EA70
                                          SHA1:FE2B38310431A1AC30EBB1AF02B8AAEEF579F624
                                          SHA-256:697F5FF55A297A2B84AFA06EBE865EDCDA6DE70A5E2D47F7234F54477E0BFFFB
                                          SHA-512:A8DE0947EE7E91940BDA389B9078D72714563AAD79331229C6B52C1951A52B31C5A055E1DEC6CAFDE20815A42FF18325CF5C26B0158F348D400B94CB810BF42E
                                          Malicious:false
                                          Preview:{"browser":{"last_redirect_origin":""},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false}},"fire_local_softlanding_notification":false,"fre":{"soft_landing_bubble":{"bubble_response":0,"has_user_seen_bubble":true,"is_bubble_triggered":0}},"hardware_acceleration_mode_previous":true,"legacy":{"profile":{"name":{"migrated":true}}},"migration":{"last_edgeuwp_pin_migration_on_edge_version":"92.0.902.67","last_edgeuwp_pin_migration_on_os_version":"10 OS Version 2009 (Build 19045.2006)","last_edgeuwp_pin_migration_success":false},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAAB1fP9hVLl+TqkQ+1WEJGQfEAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAADzwvuZakL9lxd0aPBRCMV9s3+uDrDyWw3HbUh/TpGkiwAAAAA

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF2daa6.TMP (copy)

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:JSON data
                                          Category:dropped
                                          Size (bytes):6820
                                          Entropy (8bit):5.794310404295137
                                          Encrypted:false
                                          SSDEEP:96:iaqkHfO9VKRz5ih/cI9URLl8RotorMFVvlwhbe4IbONIeTC6XQS0qGqk+Z4uj+rJ:akGDoUeiRU8hd6qRAq1k8SPxVLZ7VTiq
                                          MD5:CBDDED223530DF8536C09FB60B22EA70
                                          SHA1:FE2B38310431A1AC30EBB1AF02B8AAEEF579F624
                                          SHA-256:697F5FF55A297A2B84AFA06EBE865EDCDA6DE70A5E2D47F7234F54477E0BFFFB
                                          SHA-512:A8DE0947EE7E91940BDA389B9078D72714563AAD79331229C6B52C1951A52B31C5A055E1DEC6CAFDE20815A42FF18325CF5C26B0158F348D400B94CB810BF42E
                                          Malicious:false
                                          Preview:{"browser":{"last_redirect_origin":""},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false}},"fire_local_softlanding_notification":false,"fre":{"soft_landing_bubble":{"bubble_response":0,"has_user_seen_bubble":true,"is_bubble_triggered":0}},"hardware_acceleration_mode_previous":true,"legacy":{"profile":{"name":{"migrated":true}}},"migration":{"last_edgeuwp_pin_migration_on_edge_version":"92.0.902.67","last_edgeuwp_pin_migration_on_os_version":"10 OS Version 2009 (Build 19045.2006)","last_edgeuwp_pin_migration_success":false},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAAB1fP9hVLl+TqkQ+1WEJGQfEAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAADzwvuZakL9lxd0aPBRCMV9s3+uDrDyWw3HbUh/TpGkiwAAAAA

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF2dab6.TMP (copy)

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:JSON data
                                          Category:dropped
                                          Size (bytes):6820
                                          Entropy (8bit):5.794310404295137
                                          Encrypted:false
                                          SSDEEP:96:iaqkHfO9VKRz5ih/cI9URLl8RotorMFVvlwhbe4IbONIeTC6XQS0qGqk+Z4uj+rJ:akGDoUeiRU8hd6qRAq1k8SPxVLZ7VTiq
                                          MD5:CBDDED223530DF8536C09FB60B22EA70
                                          SHA1:FE2B38310431A1AC30EBB1AF02B8AAEEF579F624
                                          SHA-256:697F5FF55A297A2B84AFA06EBE865EDCDA6DE70A5E2D47F7234F54477E0BFFFB
                                          SHA-512:A8DE0947EE7E91940BDA389B9078D72714563AAD79331229C6B52C1951A52B31C5A055E1DEC6CAFDE20815A42FF18325CF5C26B0158F348D400B94CB810BF42E
                                          Malicious:false
                                          Preview:{"browser":{"last_redirect_origin":""},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false}},"fire_local_softlanding_notification":false,"fre":{"soft_landing_bubble":{"bubble_response":0,"has_user_seen_bubble":true,"is_bubble_triggered":0}},"hardware_acceleration_mode_previous":true,"legacy":{"profile":{"name":{"migrated":true}}},"migration":{"last_edgeuwp_pin_migration_on_edge_version":"92.0.902.67","last_edgeuwp_pin_migration_on_os_version":"10 OS Version 2009 (Build 19045.2006)","last_edgeuwp_pin_migration_success":false},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAAB1fP9hVLl+TqkQ+1WEJGQfEAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAADzwvuZakL9lxd0aPBRCMV9s3+uDrDyWw3HbUh/TpGkiwAAAAA

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF2fb0f.TMP (copy)

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:JSON data
                                          Category:dropped
                                          Size (bytes):6820
                                          Entropy (8bit):5.794310404295137
                                          Encrypted:false
                                          SSDEEP:96:iaqkHfO9VKRz5ih/cI9URLl8RotorMFVvlwhbe4IbONIeTC6XQS0qGqk+Z4uj+rJ:akGDoUeiRU8hd6qRAq1k8SPxVLZ7VTiq
                                          MD5:CBDDED223530DF8536C09FB60B22EA70
                                          SHA1:FE2B38310431A1AC30EBB1AF02B8AAEEF579F624
                                          SHA-256:697F5FF55A297A2B84AFA06EBE865EDCDA6DE70A5E2D47F7234F54477E0BFFFB
                                          SHA-512:A8DE0947EE7E91940BDA389B9078D72714563AAD79331229C6B52C1951A52B31C5A055E1DEC6CAFDE20815A42FF18325CF5C26B0158F348D400B94CB810BF42E
                                          Malicious:false
                                          Preview:{"browser":{"last_redirect_origin":""},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false}},"fire_local_softlanding_notification":false,"fre":{"soft_landing_bubble":{"bubble_response":0,"has_user_seen_bubble":true,"is_bubble_triggered":0}},"hardware_acceleration_mode_previous":true,"legacy":{"profile":{"name":{"migrated":true}}},"migration":{"last_edgeuwp_pin_migration_on_edge_version":"92.0.902.67","last_edgeuwp_pin_migration_on_os_version":"10 OS Version 2009 (Build 19045.2006)","last_edgeuwp_pin_migration_success":false},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAAB1fP9hVLl+TqkQ+1WEJGQfEAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAADzwvuZakL9lxd0aPBRCMV9s3+uDrDyWw3HbUh/TpGkiwAAAAA

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF2fb1f.TMP (copy)

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:JSON data
                                          Category:dropped
                                          Size (bytes):6820
                                          Entropy (8bit):5.794310404295137
                                          Encrypted:false
                                          SSDEEP:96:iaqkHfO9VKRz5ih/cI9URLl8RotorMFVvlwhbe4IbONIeTC6XQS0qGqk+Z4uj+rJ:akGDoUeiRU8hd6qRAq1k8SPxVLZ7VTiq
                                          MD5:CBDDED223530DF8536C09FB60B22EA70
                                          SHA1:FE2B38310431A1AC30EBB1AF02B8AAEEF579F624
                                          SHA-256:697F5FF55A297A2B84AFA06EBE865EDCDA6DE70A5E2D47F7234F54477E0BFFFB
                                          SHA-512:A8DE0947EE7E91940BDA389B9078D72714563AAD79331229C6B52C1951A52B31C5A055E1DEC6CAFDE20815A42FF18325CF5C26B0158F348D400B94CB810BF42E
                                          Malicious:false
                                          Preview:{"browser":{"last_redirect_origin":""},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false}},"fire_local_softlanding_notification":false,"fre":{"soft_landing_bubble":{"bubble_response":0,"has_user_seen_bubble":true,"is_bubble_triggered":0}},"hardware_acceleration_mode_previous":true,"legacy":{"profile":{"name":{"migrated":true}}},"migration":{"last_edgeuwp_pin_migration_on_edge_version":"92.0.902.67","last_edgeuwp_pin_migration_on_os_version":"10 OS Version 2009 (Build 19045.2006)","last_edgeuwp_pin_migration_success":false},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAAB1fP9hVLl+TqkQ+1WEJGQfEAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAADzwvuZakL9lxd0aPBRCMV9s3+uDrDyWw3HbUh/TpGkiwAAAAA

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF3a3d2.TMP (copy)

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:JSON data
                                          Category:dropped
                                          Size (bytes):6820
                                          Entropy (8bit):5.794310404295137
                                          Encrypted:false
                                          SSDEEP:96:iaqkHfO9VKRz5ih/cI9URLl8RotorMFVvlwhbe4IbONIeTC6XQS0qGqk+Z4uj+rJ:akGDoUeiRU8hd6qRAq1k8SPxVLZ7VTiq
                                          MD5:CBDDED223530DF8536C09FB60B22EA70
                                          SHA1:FE2B38310431A1AC30EBB1AF02B8AAEEF579F624
                                          SHA-256:697F5FF55A297A2B84AFA06EBE865EDCDA6DE70A5E2D47F7234F54477E0BFFFB
                                          SHA-512:A8DE0947EE7E91940BDA389B9078D72714563AAD79331229C6B52C1951A52B31C5A055E1DEC6CAFDE20815A42FF18325CF5C26B0158F348D400B94CB810BF42E
                                          Malicious:false
                                          Preview:{"browser":{"last_redirect_origin":""},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false}},"fire_local_softlanding_notification":false,"fre":{"soft_landing_bubble":{"bubble_response":0,"has_user_seen_bubble":true,"is_bubble_triggered":0}},"hardware_acceleration_mode_previous":true,"legacy":{"profile":{"name":{"migrated":true}}},"migration":{"last_edgeuwp_pin_migration_on_edge_version":"92.0.902.67","last_edgeuwp_pin_migration_on_os_version":"10 OS Version 2009 (Build 19045.2006)","last_edgeuwp_pin_migration_success":false},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAAB1fP9hVLl+TqkQ+1WEJGQfEAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAADzwvuZakL9lxd0aPBRCMV9s3+uDrDyWw3HbUh/TpGkiwAAAAA

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF3caf2.TMP (copy)

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:JSON data
                                          Category:dropped
                                          Size (bytes):6820
                                          Entropy (8bit):5.794310404295137
                                          Encrypted:false
                                          SSDEEP:96:iaqkHfO9VKRz5ih/cI9URLl8RotorMFVvlwhbe4IbONIeTC6XQS0qGqk+Z4uj+rJ:akGDoUeiRU8hd6qRAq1k8SPxVLZ7VTiq
                                          MD5:CBDDED223530DF8536C09FB60B22EA70
                                          SHA1:FE2B38310431A1AC30EBB1AF02B8AAEEF579F624
                                          SHA-256:697F5FF55A297A2B84AFA06EBE865EDCDA6DE70A5E2D47F7234F54477E0BFFFB
                                          SHA-512:A8DE0947EE7E91940BDA389B9078D72714563AAD79331229C6B52C1951A52B31C5A055E1DEC6CAFDE20815A42FF18325CF5C26B0158F348D400B94CB810BF42E
                                          Malicious:false
                                          Preview:{"browser":{"last_redirect_origin":""},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false}},"fire_local_softlanding_notification":false,"fre":{"soft_landing_bubble":{"bubble_response":0,"has_user_seen_bubble":true,"is_bubble_triggered":0}},"hardware_acceleration_mode_previous":true,"legacy":{"profile":{"name":{"migrated":true}}},"migration":{"last_edgeuwp_pin_migration_on_edge_version":"92.0.902.67","last_edgeuwp_pin_migration_on_os_version":"10 OS Version 2009 (Build 19045.2006)","last_edgeuwp_pin_migration_success":false},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAAB1fP9hVLl+TqkQ+1WEJGQfEAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAADzwvuZakL9lxd0aPBRCMV9s3+uDrDyWw3HbUh/TpGkiwAAAAA

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF400d7.TMP (copy)

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:JSON data
                                          Category:dropped
                                          Size (bytes):6820
                                          Entropy (8bit):5.794310404295137
                                          Encrypted:false
                                          SSDEEP:96:iaqkHfO9VKRz5ih/cI9URLl8RotorMFVvlwhbe4IbONIeTC6XQS0qGqk+Z4uj+rJ:akGDoUeiRU8hd6qRAq1k8SPxVLZ7VTiq
                                          MD5:CBDDED223530DF8536C09FB60B22EA70
                                          SHA1:FE2B38310431A1AC30EBB1AF02B8AAEEF579F624
                                          SHA-256:697F5FF55A297A2B84AFA06EBE865EDCDA6DE70A5E2D47F7234F54477E0BFFFB
                                          SHA-512:A8DE0947EE7E91940BDA389B9078D72714563AAD79331229C6B52C1951A52B31C5A055E1DEC6CAFDE20815A42FF18325CF5C26B0158F348D400B94CB810BF42E
                                          Malicious:false
                                          Preview:{"browser":{"last_redirect_origin":""},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false}},"fire_local_softlanding_notification":false,"fre":{"soft_landing_bubble":{"bubble_response":0,"has_user_seen_bubble":true,"is_bubble_triggered":0}},"hardware_acceleration_mode_previous":true,"legacy":{"profile":{"name":{"migrated":true}}},"migration":{"last_edgeuwp_pin_migration_on_edge_version":"92.0.902.67","last_edgeuwp_pin_migration_on_os_version":"10 OS Version 2009 (Build 19045.2006)","last_edgeuwp_pin_migration_success":false},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAAB1fP9hVLl+TqkQ+1WEJGQfEAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAADzwvuZakL9lxd0aPBRCMV9s3+uDrDyWw3HbUh/TpGkiwAAAAA

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Nurturing\campaign_history

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 4
                                          Category:dropped
                                          Size (bytes):20480
                                          Entropy (8bit):0.5963118027796015
                                          Encrypted:false
                                          SSDEEP:12:TLyeuAFUxOUDaabZXiDiIF8izX4fhhdWeci2oesJaYi3isTydBVzQd9U9ez/qS9i:TLyXOUOq0afDdWec9sJz+Z7J5fc
                                          MD5:48A6A0713B06707BC2FE9A0F381748D3
                                          SHA1:043A614CFEF749A49837F19F627B9D6B73F15039
                                          SHA-256:2F2006ADEA26E5FF95198883A080C9881D774154D073051FC69053AF912B037B
                                          SHA-512:4C04FFAE2B558EB4C05AD9DCA094700D927AFAD1E561D6358F1A77CB09FC481A6424237DFF6AB37D147E029E19D565E876CD85A2E9C0EC1B068002AA13A16DBA
                                          Malicious:false
                                          Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\ShaderCache\data_0

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:FoxPro FPT, blocks size 512, next free block index 3284796609, field type 0
                                          Category:dropped
                                          Size (bytes):8192
                                          Entropy (8bit):0.01057775872642915
                                          Encrypted:false
                                          SSDEEP:3:MsFl:/F
                                          MD5:CF89D16BB9107C631DAABF0C0EE58EFB
                                          SHA1:3AE5D3A7CF1F94A56E42F9A58D90A0B9616AE74B
                                          SHA-256:D6A5FE39CD672781B256E0E3102F7022635F1D4BB7CFCC90A80FFFE4D0F3877E
                                          SHA-512:8CB5B059C8105EB91E74A7D5952437AAA1ADA89763C5843E7B0F1B93D9EBE15ED40F287C652229291FAC02D712CF7FF5ECECEF276BA0D7DDC35558A3EC3F77B0
                                          Malicious:false
                                          Preview:............$...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\ShaderCache\data_1

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):270336
                                          Entropy (8bit):8.280239615765425E-4
                                          Encrypted:false
                                          SSDEEP:3:MsEllllkEthXllkl2:/M/xT02
                                          MD5:D0D388F3865D0523E451D6BA0BE34CC4
                                          SHA1:8571C6A52AACC2747C048E3419E5657B74612995
                                          SHA-256:902F30C1FB0597D0734BC34B979EC5D131F8F39A4B71B338083821216EC8D61B
                                          SHA-512:376011D00DE659EB6082A74E862CFAC97A9BB508E0B740761505142E2D24EC1C30AA61EFBC1C0DD08FF0F34734444DE7F77DD90A6CA42B48A4C7FAD5F0BDDD17
                                          Malicious:false
                                          Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\ShaderCache\data_2

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):8192
                                          Entropy (8bit):0.011852361981932763
                                          Encrypted:false
                                          SSDEEP:3:MsHlDll:/H
                                          MD5:0962291D6D367570BEE5454721C17E11
                                          SHA1:59D10A893EF321A706A9255176761366115BEDCB
                                          SHA-256:EC1702806F4CC7C42A82FC2B38E89835FDE7C64BB32060E0823C9077CA92EFB7
                                          SHA-512:F555E961B69E09628EAF9C61F465871E6984CD4D31014F954BB747351DAD9CEA6D17C1DB4BCA2C1EB7F187CB5F3C0518748C339C8B43BBD1DBD94AEAA16F58ED
                                          Malicious:false
                                          Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\ShaderCache\data_3

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):8192
                                          Entropy (8bit):0.012340643231932763
                                          Encrypted:false
                                          SSDEEP:3:MsGl3ll:/y
                                          MD5:41876349CB12D6DB992F1309F22DF3F0
                                          SHA1:5CF26B3420FC0302CD0A71E8D029739B8765BE27
                                          SHA-256:E09F42C398D688DCE168570291F1F92D079987DEDA3099A34ADB9E8C0522B30C
                                          SHA-512:E9A4FC1F7CB6AE2901F8E02354A92C4AAA7A53C640DCF692DB42A27A5ACC2A3BFB25A0DE0EB08AB53983132016E7D43132EA4292E439BB636AAFD53FB6EF907E
                                          Malicious:false
                                          Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\ShaderCache\index

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:FoxPro FPT, blocks size 768, next free block index 3284796353, field type 0
                                          Category:dropped
                                          Size (bytes):262512
                                          Entropy (8bit):9.553120663130604E-4
                                          Encrypted:false
                                          SSDEEP:3:LsNl/bKlll:Ls3zKl
                                          MD5:F5ECE0E2D4E773C2DC5D75F01CC8689D
                                          SHA1:7EF6847E5D821B9E1527E18F6D377DDC7011C445
                                          SHA-256:5C2CB6CDAF89036F6B95B5E1430124229BD4AF780EFCB820E72246195A31E821
                                          SHA-512:609E0CD6CBD6CD10A9D56478736A9433580D7425C12F5CFD12F66002E00C3C5904C4693C9B4EEF34412425C43111A14FC3D0F8009D13B61F1E8181352903D99A
                                          Malicious:false
                                          Preview:.........................................^I.../.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\customSettings

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:ASCII text, with no line terminators
                                          Category:dropped
                                          Size (bytes):47
                                          Entropy (8bit):4.3818353308528755
                                          Encrypted:false
                                          SSDEEP:3:2jRo6jhM6ceYcUtS2djIn:5I2uxUt5Mn
                                          MD5:48324111147DECC23AC222A361873FC5
                                          SHA1:0DF8B2267ABBDBD11C422D23338262E3131A4223
                                          SHA-256:D8D672F953E823063955BD9981532FC3453800C2E74C0CC3653D091088ABD3B3
                                          SHA-512:E3B5DB7BA5E4E3DE3741F53D91B6B61D6EB9ECC8F4C07B6AE1C2293517F331B716114BAB41D7935888A266F7EBDA6FABA90023EFFEC850A929986053853F1E02
                                          Malicious:false
                                          Preview:customSettings_F95BA787499AB4FA9EFFF472CE383A14

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\customSettings_F95BA787499AB4FA9EFFF472CE383A14

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:JSON data
                                          Category:dropped
                                          Size (bytes):35
                                          Entropy (8bit):4.014438730983427
                                          Encrypted:false
                                          SSDEEP:3:YDMGA2ADH/AYKEqsYq:YQXT/bKE1F
                                          MD5:BB57A76019EADEDC27F04EB2FB1F1841
                                          SHA1:8B41A1B995D45B7A74A365B6B1F1F21F72F86760
                                          SHA-256:2BAE8302F9BD2D87AE26ACF692663DF1639B8E2068157451DA4773BD8BD30A2B
                                          SHA-512:A455D7F8E0BE9A27CFB7BE8FE0B0E722B35B4C8F206CAD99064473F15700023D5995CC2C4FAFDB8FBB50F0BAB3EC8B241E9A512C0766AAAE1A86C3472C589FFD
                                          Malicious:false
                                          Preview:{"forceServiceDetermination":false}

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\customSynchronousLookupUris

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:ASCII text, with no line terminators
                                          Category:dropped
                                          Size (bytes):29
                                          Entropy (8bit):3.922828737239167
                                          Encrypted:false
                                          SSDEEP:3:2NGw+K+:fwZ+
                                          MD5:7BAAFE811F480ACFCCCEE0D744355C79
                                          SHA1:24B89AE82313084BB8BBEB9AD98A550F41DF7B27
                                          SHA-256:D5743766AF0312C7B7728219FC24A03A4FB1C2A54A506F337953FBC2C1B847C7
                                          SHA-512:70FE1C197AF507CC0D65E99807D245C896A40A4271BA1121F9B621980877B43019E584C48780951FC1AD2A5D7D146FC6EA4678139A5B38F9B6F7A5F1E2E86BA3
                                          Malicious:false
                                          Preview:customSynchronousLookupUris_0

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\customSynchronousLookupUris_0

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):35302
                                          Entropy (8bit):7.99333285466604
                                          Encrypted:true
                                          SSDEEP:768:rRhaFePY38QBsj61g3g01LXoDGPpgb8KbMcnjrQCckBuJyqk3x8cBBT:rLP+TBK6ZQLXSsaMcnHQQcox80
                                          MD5:0E06E28C3536360DE3486B1A9E5195E8
                                          SHA1:EB768267F34EC16A6CCD1966DCA4C3C2870268AB
                                          SHA-256:F2658B1C913A96E75B45E6ADB464C8D796B34AC43BAF1635AA32E16D1752971C
                                          SHA-512:45F1E909599E2F63372867BC359CF72FD846619DFEB5359E52D5700E0B1BCFFE5FF07606511A3BFFDDD933A0507195439457E4E29A49EB6451F26186B7240041
                                          Malicious:false
                                          Preview:.......murmur3.....IN...9.......0..X..#l....C....]......pv..E..........,..?.N?....V..B-.*.F.1....g|..._.>'.-(V... .=.7P.m....#}.r.....>.LE...G.A.h5........J..=..L^-.Zl++,..h..o.y..~j.]u...W...&s.........M..........h3b..[.5.]..V^w.........a.*...6g3..%.gy../{|Z.B..X.}5.]..t.1.H&B.[.).$Y......2....L.t...{...[WE.yy.]..e.v0..\.J3..T.`1Lnh.../..-=w...W.&N7.nz.P...z......'i..R6....../....t.[..&-.....T&l..e....$.8.."....Iq....J.v..|.6.M...zE...a9uw..'.$6.L..m$......NB).JL.G.7}8(`....J.)b.E.m...c.0I.V...|$....;.k.......*8v..l.:..@.F.........K..2...%(...kA......LJd~._A.N.....$3...5....Z"...X=.....%.........6.k.....F..1..l,ia..i.i....y.M..Cl.....*...}.I..r..-+=b.6....%...#...W..K.....=.F....~.....[.......-...../;....~.09..d.....GR..H.lR...m.Huh9.:..A H./)..D.F..Y.n7.....7D.O.a;>Z.K....w...sq..qo3N...8@.zpD.Ku......+.Z=.zNFgP._@.z.ic.......3.....+..j...an%...X..7.q..A.l.7.S2..+....1.s.b..z...@v..!.y...N.C.XQ.p.\..x8(.<.....cq.(

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\edgeSettings

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:ASCII text, with no line terminators
                                          Category:dropped
                                          Size (bytes):18
                                          Entropy (8bit):3.5724312513221195
                                          Encrypted:false
                                          SSDEEP:3:kDnaV6bVon:kDYa2
                                          MD5:5692162977B015E31D5F35F50EFAB9CF
                                          SHA1:705DC80E8B32AC8B68F7E13CF8A75DCCB251ED7D
                                          SHA-256:42CCB5159B168DBE5D5DDF026E5F7ED3DBF50873CFE47C7C3EF0677BB07B90D4
                                          SHA-512:32905A4CC5BCE0FE8502DDD32096F40106625218BEDC4E218A344225D6DF2595A7B70EEB3695DCEFDD894ECB2B66BED479654E8E07F02526648E07ACFE47838C
                                          Malicious:false
                                          Preview:edgeSettings_2.0-0

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\edgeSettings_2.0-0

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:JSON data
                                          Category:dropped
                                          Size (bytes):3581
                                          Entropy (8bit):4.459693941095613
                                          Encrypted:false
                                          SSDEEP:96:JTMhnytNaSA4BOsNQNhnUZTFGKDIWHCgL5tfHaaJzRHF+P1sYmnfHUdT+GWBH7Y/:KyMot7vjFU
                                          MD5:BDE38FAE28EC415384B8CFE052306D6C
                                          SHA1:3019740AF622B58D573C00BF5C98DD77F3FBB5CD
                                          SHA-256:1F4542614473AE103A5EE3DEEEC61D033A40271CFF891AAA6797534E4DBB4D20
                                          SHA-512:9C369D69298EBF087412EDA782EE72AFE5448FD0D69EA5141C2744EA5F6C36CDF70A51845CDC174838BAC0ADABDFA70DF6AEDBF6E7867578AE7C4B7805A8B55E
                                          Malicious:false
                                          Preview:{"models":[],"geoidMaps":{"gw_my":"https://malaysia.smartscreen.microsoft.com/","gw_tw":"https://taiwan.smartscreen.microsoft.com/","gw_at":"https://austria.smartscreen.microsoft.com/","gw_es":"https://spain.smartscreen.microsoft.com/","gw_pl":"https://poland.smartscreen.microsoft.com/","gw_se":"https://sweden.smartscreen.microsoft.com/","gw_kr":"https://southkorea.smartscreen.microsoft.com/","gw_br":"https://brazil.smartscreen.microsoft.com/","au":"https://australia.smartscreen.microsoft.com/","dk":"https://denmark.smartscreen.microsoft.com/","gw_sg":"https://singapore.smartscreen.microsoft.com/","gw_fr":"https://france.smartscreen.microsoft.com/","gw_ca":"https://canada.smartscreen.microsoft.com/","test":"https://eu-9.smartscreen.microsoft.com/","gw_il":"https://israel.smartscreen.microsoft.com/","gw_au":"https://australia.smartscreen.microsoft.com/","gw_ffl4mod":"https://unitedstates4.ss.wd.microsoft.us/","gw_ffl4":"https://unitedstates1.ss.wd.microsoft.us/","gw_eu":"https://europe.

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\synchronousLookupUris

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:ASCII text, with no line terminators
                                          Category:dropped
                                          Size (bytes):47
                                          Entropy (8bit):4.493433469104717
                                          Encrypted:false
                                          SSDEEP:3:kfKbQSQSuLA5:kyUc5
                                          MD5:3F90757B200B52DCF5FDAC696EFD3D60
                                          SHA1:569A2E1BED9ECCDF7CD03E270AEF2BD7FF9B0E77
                                          SHA-256:1EE63F0A3502CFB7DF195FABBA41A7805008AB2CCCDAEB9AF990409D163D60C8
                                          SHA-512:39252BBAA33130DF50F36178A8EAB1D09165666D8A229FBB3495DD01CBE964F87CD2E6FCD479DFCA36BE06309EF18FEDA7F14722C57545203BBA24972D4835C8
                                          Malicious:false
                                          Preview:synchronousLookupUris_636976985063396749.rel.v2

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\synchronousLookupUris_636976985063396749.rel.v2

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):35302
                                          Entropy (8bit):7.99333285466604
                                          Encrypted:true
                                          SSDEEP:768:rRhaFePY38QBsj61g3g01LXoDGPpgb8KbMcnjrQCckBuJyqk3x8cBBT:rLP+TBK6ZQLXSsaMcnHQQcox80
                                          MD5:0E06E28C3536360DE3486B1A9E5195E8
                                          SHA1:EB768267F34EC16A6CCD1966DCA4C3C2870268AB
                                          SHA-256:F2658B1C913A96E75B45E6ADB464C8D796B34AC43BAF1635AA32E16D1752971C
                                          SHA-512:45F1E909599E2F63372867BC359CF72FD846619DFEB5359E52D5700E0B1BCFFE5FF07606511A3BFFDDD933A0507195439457E4E29A49EB6451F26186B7240041
                                          Malicious:false
                                          Preview:.......murmur3.....IN...9.......0..X..#l....C....]......pv..E..........,..?.N?....V..B-.*.F.1....g|..._.>'.-(V... .=.7P.m....#}.r.....>.LE...G.A.h5........J..=..L^-.Zl++,..h..o.y..~j.]u...W...&s.........M..........h3b..[.5.]..V^w.........a.*...6g3..%.gy../{|Z.B..X.}5.]..t.1.H&B.[.).$Y......2....L.t...{...[WE.yy.]..e.v0..\.J3..T.`1Lnh.../..-=w...W.&N7.nz.P...z......'i..R6....../....t.[..&-.....T&l..e....$.8.."....Iq....J.v..|.6.M...zE...a9uw..'.$6.L..m$......NB).JL.G.7}8(`....J.)b.E.m...c.0I.V...|$....;.k.......*8v..l.:..@.F.........K..2...%(...kA......LJd~._A.N.....$3...5....Z"...X=.....%.........6.k.....F..1..l,ia..i.i....y.M..Cl.....*...}.I..r..-+=b.6....%...#...W..K.....=.F....~.....[.......-...../;....~.09..d.....GR..H.lR...m.Huh9.:..A H./)..D.F..Y.n7.....7D.O.a;>Z.K....w...sq..qo3N...8@.zpD.Ku......+.Z=.zNFgP._@.z.ic.......3.....+..j...an%...X..7.q..A.l.7.S2..+....1.s.b..z...@v..!.y...N.C.XQ.p.\..x8(.<.....cq.(

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\topTraffic

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:ASCII text, with no line terminators
                                          Category:dropped
                                          Size (bytes):50
                                          Entropy (8bit):3.9904355005135823
                                          Encrypted:false
                                          SSDEEP:3:0xXF/XctY5GUf+:0RFeUf+
                                          MD5:E144AFBFB9EE10479AE2A9437D3FC9CA
                                          SHA1:5AAAC173107C688C06944D746394C21535B0514B
                                          SHA-256:EB28E8ED7C014F211BD81308853F407DF86AEBB5F80F8E4640C608CD772544C2
                                          SHA-512:837D15B3477C95D2D71391D677463A497D8D9FFBD7EB42E412DA262C9B5C82F22CE4338A0BEAA22C81A06ECA2DF7A9A98B7D61ECACE5F087912FD9BA7914AF3F
                                          Malicious:false
                                          Preview:topTraffic_170540185939602997400506234197983529371

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\topTraffic_170540185939602997400506234197983529371

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):575056
                                          Entropy (8bit):7.999649474060713
                                          Encrypted:true
                                          SSDEEP:12288:fXdhUG0PlM/EXEBQlbk19RrH76Im4u8C1jJodha:Ji80e9Rb7Tm4u8CnR
                                          MD5:BE5D1A12C1644421F877787F8E76642D
                                          SHA1:06C46A95B4BD5E145E015FA7E358A2D1AC52C809
                                          SHA-256:C1CE928FBEF4EF5A4207ABAFD9AB6382CC29D11DDECC215314B0522749EF6A5A
                                          SHA-512:FD5B100E2F192164B77F4140ADF6DE0322F34D7B6F0CF14AED91BACAB18BB8F195F161F7CF8FB10651122A598CE474AC4DC39EDF47B6A85C90C854C2A3170960
                                          Malicious:false
                                          Preview:...._+jE.`..}....S..1....G}s..E....y".Wh.^.W.H...-...#.A...KR...9b........>k......bU.IVo...D......Y..[l.yx.......'c=..I0.....E.d...-...1 ....m../C...OQ.........qW..<:N.....38.u..X-..s....<..U.,Mi..._.......`.Y/.........^..,.E..........j@..G8..N.... ..Ea...4.+.79k.!T.-5W..!..@+..!.P..LDG.....V."....L.... .(#..$..&......C.....%A.T}....K_.S..'Q.".d....s....(j.D!......Ov..)*d0)."(..%..-..G..L.}....i.....m9;.....t.w..0....f?..-..M.c.3.....N7K.T..D>.3.x...z..u$5!..4..T.....U.O^L{.5..=E..'..;.}(|.6.:..f!.>...?M.8......P.D.J.I4.<...*.y.E....>....i%.6..Y.@..n.....M..r..C.f.;..<..0.H...F....h.......HB1]1....u..:...H..k....B.Q..J...@}j~.#...'Y.J~....I...ub.&..L[z..1.W/.Ck....M.......[.......N.F..z*.{nZ~d.V.4.u.K.V.......X.<p..cz..>*....X...W..da3(..g..Z$.L4.j=~.p.l.\.[e.&&.Y ...U)..._.^r0.,.{_......`S..[....(.\..p.bt.g..%.$+....f.....d....Im..f...W ......G..i_8a..ae..7....pS.....z-H..A.s.4.3..O.r.....u.S......a.}..v.-/..... ...a.x#./:...sS&U.().xL...pg

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Variations

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:JSON data
                                          Category:dropped
                                          Size (bytes):86
                                          Entropy (8bit):4.389669793590032
                                          Encrypted:false
                                          SSDEEP:3:YQ3JYq9xSs0dMEJAELJ25AmIpozQOn:YQ3Kq9X0dMgAEiLIMn
                                          MD5:03B6D5E81A4DC4D4E6C27BE1E932B9D9
                                          SHA1:3C5EF0615314BDB136AB57C90359F1839BDD5C93
                                          SHA-256:73B017F7C5ECD629AD41D14147D53F7D3D070C5967E1E571811A6DB39F06EACC
                                          SHA-512:0037EB23CCDBDDE93CFEB7B9A223D59D0872D4EC7F5E3CA4F7767A7301E96E1AF1175980DC4F08531D5571AFB94DF789567588DEB2D6D611C57EE4CC05376547
                                          Malicious:false
                                          Preview:{"user_experience_metrics.stability.exited_cleanly":true,"variations_crash_streak":15}

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\a360abba-ffb9-4d23-8aae-88c57703f36e.tmp

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:JSON data
                                          Category:dropped
                                          Size (bytes):25053
                                          Entropy (8bit):6.030981126206891
                                          Encrypted:false
                                          SSDEEP:768:BMGQ7FCYXGIgtDAWtJ4L1c5hSQn3sZh02td1:BMGQ5XMBQ1Y4t
                                          MD5:6A1252F1A1AE7DE1C33F068A7C4EA83C
                                          SHA1:C07B8EAE2CA4812BA9B7EF9AE3292DED77CA102F
                                          SHA-256:025E33A2303B8DFF3CAAE1C923D66F2667889C271E43636E04B263F983D50412
                                          SHA-512:D37472A67B51C2C1B57B0056095198ECCB26F11D6C175E9F689E06F1C8C3DCEE29DB965014BCAB025F89BADA68CFE98D64784FA605674A051D63F9C4B09E90A0
                                          Malicious:false
                                          Preview:{"abusive_adblocker_etag":"\"5E25271B8190D943537AD3FDB50874FC133E8B4A00380E2A6A888D63386F728B\"","apps_count_check_time":"13369690439983352","browser":{"browser_build_version":"117.0.2045.47","browser_version_of_last_seen_whats_new":"117.0.2045.47","last_redirect_origin":"","last_seen_whats_new_page_version":"117.0.2045.47"},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"domain_actions_config":"H4sIAAAAAAAAAL1dWZPktpH+KxP9ZDtU6GMujfykHY9txVpHyHIoYh2ODhBEkWiCAAdHVbEc/u+bCVb1dE8RqEqOdh806mbzw8VEXshM/PuKb27vha2luF9LHqKT96KVoru3G+mcquXVN/++4sOgleBBWeOvvvnn4YGs7wcLz8erb65+HMKPMVx9dVXbnisDT4wMa612TNj+6j9fUSA+xFpZPyH/9dVVQig59Wx4L5+Cwzjg799ubt/jJP48zeE9TuHwDjYBc/Ew+Ktvbv/z1ZWoe+rsjB4/7Abr5U+ajz9LXo9Px+21Mk1hoo/oX6HHjTLyKTjYyMJmCbLnO/hZMpjFAjSvxOIhbxgi5FK85m+ZCkuQu7UyKoxLO97yIFoYvbAluiw2oRoYgIQ2nG2AqJY2U+koRXQbbMm3fMsEX9JMK3GLbeAvNjhrlo5GOJiTA/oXLTdG6qXtmMBDiyS59PvY7eCklyb4QcfFi7tpdwu3VBt1XNorvM4+RiU6+CjD0kb+pHz7rRm

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\b14f5add-b3b9-4cf7-9493-adaef7c1f435.tmp

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:JSON data
                                          Category:dropped
                                          Size (bytes):8090
                                          Entropy (8bit):5.813241468607569
                                          Encrypted:false
                                          SSDEEP:192:asNAGDoh3eiRUHjQ9ks36qRAq1k8SPxVLZ7VTiq:asNArhrakOs36q3QxVNZTiq
                                          MD5:1477A1AD18AE8D0FAA16BD050F974B07
                                          SHA1:528CD7B4F097849C52E9CB943D0A770F666DF578
                                          SHA-256:F221073718E2E370A667877F8D2282BD1140F47992C634EC666ED2154D28BD7E
                                          SHA-512:6E01C64F7CF58349FAEF9D711E3553CA4A65F235CBC8B3726B790D17388E945CC5B3B72BB31A9122F253099592DD111CA46DD94BB28FB38A9E85818BAD19AEE9
                                          Malicious:false
                                          Preview:{"browser":{"last_redirect_origin":""},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false},"tab_stabs":{"closed_without_unfreeze_never_unfrozen":0,"closed_without_unfreeze_previously_unfrozen":0,"discard_without_unfreeze_never_unfrozen":0,"discard_without_unfreeze_previously_unfrozen":0},"tab_stats":{"frozen_daily":0,"unfrozen_daily":0}},"fire_local_softlanding_notification":false,"fre":{"soft_landing_bubble":{"bubble_response":0,"has_user_seen_bubble":true,"is_bubble_triggered":0}},"hardware_acceleration_mode_previous":true,"legacy":{"profile":{"name":{"migrated":true}}},"migration":{"last_edgeuwp_pin_migration_on_edge_version":"92.0.902.67","last_edgeuwp_pin_migration_on_os_version":"10 OS Version 2009 (Build 19045.2006)","last_edgeuwp_pin_mig

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\bd9aed54-2025-4cfc-ac37-77bc24b19715.tmp

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:JSON data
                                          Category:dropped
                                          Size (bytes):8321
                                          Entropy (8bit):5.789936381608649
                                          Encrypted:false
                                          SSDEEP:192:fsNwGDoh3eiRUU+j8ksO6qRAq1k8SPxVLZ7VTiQ:fsNwrhrFE3sO6q3QxVNZTiQ
                                          MD5:423160ED6C775A0A4B333706041F840B
                                          SHA1:8DAD032C644F1DC1A38E3B8075BC0D675EF35F6E
                                          SHA-256:270ADB18459D87FFE5A610C17395AE9F1ED787C98162A581DE7F468ECC027C54
                                          SHA-512:D55EA2E5DF09BBCF339A60E031E3A94ED6050076E83DB81EF45A64FE2CE464637D45E2391C2C400C83149BFAA35E4CB76E976E55063CEAC5D7EADB22A433A1AA
                                          Malicious:false
                                          Preview:{"browser":{"last_redirect_origin":""},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"dual_engine":{"ie_to_edge":{"redirection_mode":0}},"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false},"tab_stabs":{"closed_without_unfreeze_never_unfrozen":0,"closed_without_unfreeze_previously_unfrozen":0,"discard_without_unfreeze_never_unfrozen":0,"discard_without_unfreeze_previously_unfrozen":0},"tab_stats":{"frozen_daily":0,"unfrozen_daily":0}},"fire_local_softlanding_notification":false,"fre":{"oem_bookmarks_set":true,"soft_landing_bubble":{"bubble_response":0,"has_user_seen_bubble":true,"is_bubble_triggered":0}},"hardware_acceleration_mode_previous":true,"legacy":{"profile":{"name":{"migrated":true}}},"migration":{"last_edgeuwp_pin_migration_on_edge_version":"92.0.902.67","last_edgeuwp_pin_migration

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\c56bd8db-4fbb-4e39-8fb0-8c7c48eccf70.tmp

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:JSON data
                                          Category:modified
                                          Size (bytes):23967
                                          Entropy (8bit):6.048888265260434
                                          Encrypted:false
                                          SSDEEP:384:28tMGQ7LBjuYXGIgtDAW5u0TDJ2q03XsNwhy5hST0W5Es80+Mh0lkdHd5qb:BMGQ7FCYXGIgtDAWtJ4n1c5hS0AEs8UM
                                          MD5:FF4ECE42828DC70CA9FFA800FAEF6C45
                                          SHA1:435D117DDC3C2B05E09E8A35D26AB4CDE9FC4B87
                                          SHA-256:9E99A13851E5C1613814BC131D43CC398A1B15DA4AD95C874D407823085C070A
                                          SHA-512:0AF7587095C00BC1F273CF98606F3F154D7A429C39A71C51B0153E5FDE63C3AA5C4BC284C15EB3D8CAF1C9B76A2AF62D5FE3C1461D776D41A940BB645FD6A88A
                                          Malicious:false
                                          Preview:{"abusive_adblocker_etag":"\"5E25271B8190D943537AD3FDB50874FC133E8B4A00380E2A6A888D63386F728B\"","apps_count_check_time":"13369690439983352","browser":{"browser_build_version":"117.0.2045.47","browser_version_of_last_seen_whats_new":"117.0.2045.47","last_redirect_origin":"","last_seen_whats_new_page_version":"117.0.2045.47"},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"domain_actions_config":"H4sIAAAAAAAAAL1dWZPktpH+KxP9ZDtU6GMujfykHY9txVpHyHIoYh2ODhBEkWiCAAdHVbEc/u+bCVb1dE8RqEqOdh806mbzw8VEXshM/PuKb27vha2luF9LHqKT96KVoru3G+mcquXVN/++4sOgleBBWeOvvvnn4YGs7wcLz8erb65+HMKPMVx9dVXbnisDT4wMa612TNj+6j9fUSA+xFpZPyH/9dVVQig59Wx4L5+Cwzjg799ubt/jJP48zeE9TuHwDjYBc/Ew+Ktvbv/z1ZWoe+rsjB4/7Abr5U+ajz9LXo9Px+21Mk1hoo/oX6HHjTLyKTjYyMJmCbLnO/hZMpjFAjSvxOIhbxgi5FK85m+ZCkuQu7UyKoxLO97yIFoYvbAluiw2oRoYgIQ2nG2AqJY2U+koRXQbbMm3fMsEX9JMK3GLbeAvNjhrlo5GOJiTA/oXLTdG6qXtmMBDiyS59PvY7eCklyb4QcfFi7tpdwu3VBt1XNorvM4+RiU6+CjD0kb+pHz7rRm

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\e47e4265-ff15-4a1c-a8c6-caea56eabc1d.tmp

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:JSON data
                                          Category:dropped
                                          Size (bytes):22925
                                          Entropy (8bit):6.0462577462932625
                                          Encrypted:false
                                          SSDEEP:384:28tMGQ7LBjuYXGIgtDAW5u0TDJ2q03XsNwhy5hSTs3sF+Mh0lkdHd5qa:BMGQ7FCYXGIgtDAWtJ4n1c5hSs3sZh0S
                                          MD5:4A3778F1F572C85E4157F0E846CA127F
                                          SHA1:CB59DB0188273E36D95E756A4AB4E36271A02C36
                                          SHA-256:98FEB528F7AAD337FC0EE12E995E609FEFDEC104D9D2F14B185F532B052362D4
                                          SHA-512:40E29915FB18F25B9508A03CBCB9B630D59E66255B548101DC1A9CC47738D4A269E1CE6E343FDA78A0AE091839D2BAD955FAA8A2862CC99116EEA523BEF486B2
                                          Malicious:false
                                          Preview:{"abusive_adblocker_etag":"\"5E25271B8190D943537AD3FDB50874FC133E8B4A00380E2A6A888D63386F728B\"","apps_count_check_time":"13369690439983352","browser":{"browser_build_version":"117.0.2045.47","browser_version_of_last_seen_whats_new":"117.0.2045.47","last_redirect_origin":"","last_seen_whats_new_page_version":"117.0.2045.47"},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"domain_actions_config":"H4sIAAAAAAAAAL1dWZPktpH+KxP9ZDtU6GMujfykHY9txVpHyHIoYh2ODhBEkWiCAAdHVbEc/u+bCVb1dE8RqEqOdh806mbzw8VEXshM/PuKb27vha2luF9LHqKT96KVoru3G+mcquXVN/++4sOgleBBWeOvvvnn4YGs7wcLz8erb65+HMKPMVx9dVXbnisDT4wMa612TNj+6j9fUSA+xFpZPyH/9dVVQig59Wx4L5+Cwzjg799ubt/jJP48zeE9TuHwDjYBc/Ew+Ktvbv/z1ZWoe+rsjB4/7Abr5U+ajz9LXo9Px+21Mk1hoo/oX6HHjTLyKTjYyMJmCbLnO/hZMpjFAjSvxOIhbxgi5FK85m+ZCkuQu7UyKoxLO97yIFoYvbAluiw2oRoYgIQ2nG2AqJY2U+koRXQbbMm3fMsEX9JMK3GLbeAvNjhrlo5GOJiTA/oXLTdG6qXtmMBDiyS59PvY7eCklyb4QcfFi7tpdwu3VBt1XNorvM4+RiU6+CjD0kb+pHz7rRm

                                          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\ebefe4df-1f9a-4eb3-9a44-3a822e85be0e.tmp

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:JSON data
                                          Category:dropped
                                          Size (bytes):22925
                                          Entropy (8bit):6.0462727613880585
                                          Encrypted:false
                                          SSDEEP:384:28tMGQ7LBjuYXGIgtDAW5u0TDJ2q03XsNwhy5hST53sF+Mh0lkdHd5qa:BMGQ7FCYXGIgtDAWtJ4n1c5hS53sZh0S
                                          MD5:979109070545850279971F8A1F127DA0
                                          SHA1:E2CD6FC397C24859BB97A8BCB1E38113D8A708BA
                                          SHA-256:D00BE14740C5956B8FDFD815F6C938DF43C580B63EB221A58E62E4FBA160644E
                                          SHA-512:866A07C87684BBE17DA3D8CF3BD89E99BC7169736D04AC1D3B4A2D8DB1BFEDC911884B17614F49A9CE06CACA3ABEE74727110706599B1915917A4A0E8FD45F0A
                                          Malicious:false
                                          Preview:{"abusive_adblocker_etag":"\"5E25271B8190D943537AD3FDB50874FC133E8B4A00380E2A6A888D63386F728B\"","apps_count_check_time":"13369690439983352","browser":{"browser_build_version":"117.0.2045.47","browser_version_of_last_seen_whats_new":"117.0.2045.47","last_redirect_origin":"","last_seen_whats_new_page_version":"117.0.2045.47"},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"domain_actions_config":"H4sIAAAAAAAAAL1dWZPktpH+KxP9ZDtU6GMujfykHY9txVpHyHIoYh2ODhBEkWiCAAdHVbEc/u+bCVb1dE8RqEqOdh806mbzw8VEXshM/PuKb27vha2luF9LHqKT96KVoru3G+mcquXVN/++4sOgleBBWeOvvvnn4YGs7wcLz8erb65+HMKPMVx9dVXbnisDT4wMa612TNj+6j9fUSA+xFpZPyH/9dVVQig59Wx4L5+Cwzjg799ubt/jJP48zeE9TuHwDjYBc/Ew+Ktvbv/z1ZWoe+rsjB4/7Abr5U+ajz9LXo9Px+21Mk1hoo/oX6HHjTLyKTjYyMJmCbLnO/hZMpjFAjSvxOIhbxgi5FK85m+ZCkuQu7UyKoxLO97yIFoYvbAluiw2oRoYgIQ2nG2AqJY2U+koRXQbbMm3fMsEX9JMK3GLbeAvNjhrlo5GOJiTA/oXLTdG6qXtmMBDiyS59PvY7eCklyb4QcfFi7tpdwu3VBt1XNorvM4+RiU6+CjD0kb+pHz7rRm

                                          C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):2278
                                          Entropy (8bit):3.8340212950304
                                          Encrypted:false
                                          SSDEEP:48:uiTrlKxrgxwxl9Il8uNInO/7cUIqJh+rUxEDxcLJd1rc:m9Y7+RUoIxEDWm
                                          MD5:8A72846EE523CCEC4A989E333F15F0B1
                                          SHA1:0471DA58A6FF6159F08DFF3468C07C8D506B0FFD
                                          SHA-256:21E259CABD5F44185030ECA9691870740B68779060A2AF18D33676185D256B9E
                                          SHA-512:3686FD1B452C179AC318FB28E8DE38704D31686D872AB07A27AFA9DE2BCE9220BCE6A2883CF912DE311F723901849FAD48FE54294AF6E0080CE71E1BFB486753
                                          Malicious:false
                                          Preview:{.".T.B.D.a.t.a.S.t.o.r.e.O.b.j.e.c.t.".:.{.".H.e.a.d.e.r.".:.{.".O.b.j.e.c.t.T.y.p.e.".:.".T.o.k.e.n.R.e.s.p.o.n.s.e.".,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.a.j.o.r.".:.2.,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.i.n.o.r.".:.1.}.,.".O.b.j.e.c.t.D.a.t.a.".:.{.".S.y.s.t.e.m.D.e.f.i.n.e.d.P.r.o.p.e.r.t.i.e.s.".:.{.".R.e.q.u.e.s.t.I.n.d.e.x.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".W.i.p.w.W.M.+.N.H.l.b.C.D.m.s.Z.p.8.S.O.s.j.h.t.F.B.s.=.".}.,.".E.x.p.i.r.a.t.i.o.n.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.J.Z.7.s.q.j.8.2.g.E.=.".}.,.".S.t.a.t.u.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.A.A.A.A.A.=.=.".}.,.".R.e.s.p.o.n.s.e.B.y.t.e.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.t.r.u.e.,.".V.a.l.u.e.".:.".A.Q.A.A.A.N.C.M.n.d.8.B.F.d.E.R.j.H.o.A.w.E./.C.l.+.s.B.A.A.A.A.d.X.z./.Y.V.

                                          C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\cf7513a936f7effbb38627e56f8d1fce10eb12cc.tbres

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):4622
                                          Entropy (8bit):4.0025281071702015
                                          Encrypted:false
                                          SSDEEP:96:SY7ZfqWBsbH3TvPodS1vNNuARq5nJiochR54tV:S27BsbH3TvPYS9+j9dtV
                                          MD5:4D56F3AEAAE35677BAB527A037B97205
                                          SHA1:57210AC1ECF693EDC46EDF05F8C54439F467BFA3
                                          SHA-256:BF49146F58DB00B196A4CC36110A42F1E3E284A643FE4C7D8AC950335C827D5B
                                          SHA-512:93FEC895D3E40EF536BEEA87598BA8A1FB36AA1A404E0B75D0201F5DF4C8237A44D6A6CE3243766F61296B4CF590595E9DA58C2F2E0D24765F6D7EC1EB0DADCE
                                          Malicious:false
                                          Preview:{.".T.B.D.a.t.a.S.t.o.r.e.O.b.j.e.c.t.".:.{.".H.e.a.d.e.r.".:.{.".O.b.j.e.c.t.T.y.p.e.".:.".T.o.k.e.n.R.e.s.p.o.n.s.e.".,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.a.j.o.r.".:.2.,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.i.n.o.r.".:.1.}.,.".O.b.j.e.c.t.D.a.t.a.".:.{.".S.y.s.t.e.m.D.e.f.i.n.e.d.P.r.o.p.e.r.t.i.e.s.".:.{.".R.e.q.u.e.s.t.I.n.d.e.x.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".z.3.U.T.q.T.b.3.7./.u.z.h.i.f.l.b.4.0.f.z.h.D.r.E.s.w.=.".}.,.".E.x.p.i.r.a.t.i.o.n.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".8.X.G./.l.6.D.8.2.g.E.=.".}.,.".S.t.a.t.u.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.w.A.A.A.A.=.=.".}.,.".R.e.s.p.o.n.s.e.B.y.t.e.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.t.r.u.e.,.".V.a.l.u.e.".:.".A.Q.A.A.A.N.C.M.n.d.8.B.F.d.E.R.j.H.o.A.w.E./.C.l.+.s.B.A.A.A.A.d.X.z./.Y.V.

                                          C:\Users\user\AppData\Local\Temp\21713cf7-670c-451e-a39b-43372bada497.tmp

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:very short file (no magic)
                                          Category:dropped
                                          Size (bytes):1
                                          Entropy (8bit):0.0
                                          Encrypted:false
                                          SSDEEP:3:L:L
                                          MD5:5058F1AF8388633F609CADB75A75DC9D
                                          SHA1:3A52CE780950D4D969792A2559CD519D7EE8C727
                                          SHA-256:CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
                                          SHA-512:0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
                                          Malicious:false
                                          Preview:.

                                          C:\Users\user\AppData\Local\Temp\8b2e48a6-d6e1-4afa-a9d8-2dc0072111e0.tmp

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1366x720, components 3
                                          Category:dropped
                                          Size (bytes):206855
                                          Entropy (8bit):7.983996634657522
                                          Encrypted:false
                                          SSDEEP:3072:5WcDW3D2an0GMJGqJCj+1ZxdmdopHjHTFYPQyairiVoo4XSWrPoiXvJddppWmEI5:l81Lel7E6lEMVo/S01fDpWmEgD
                                          MD5:788DF0376CE061534448AA17288FEA95
                                          SHA1:C3B9285574587B3D1950EE4A8D64145E93842AEB
                                          SHA-256:B7FB1D3C27E04785757E013EC1AC4B1551D862ACD86F6888217AB82E642882A5
                                          SHA-512:3AA9C1AA00060753422650BBFE58EEEA308DA018605A6C5287788C3E2909BE876367F83B541E1D05FE33F284741250706339010571D2E2D153A5C5A107D35001
                                          Malicious:false
                                          Preview:......Exif..II*.................Ducky.......2......Adobe.d...........................................................#"""#''''''''''..................................................!! !!''''''''''........V.."....................................................................................!1..AQ..aq."2....R..T....Br.#S.U..b..3Cs...t6.c.$D.5uV...4d.E&....%F......................!1..AQaq....."2......BRbr3CS....#..4.............?......1f.n..T......TP....E...........P.....@.........E..@......E.P........@........E.....P.P..A@@.E..@.P.P..AP.P..AP..@....T..AP.E..P.Z .. ....."... .....7.H...w.....t.....T....M.."... P..n.n..t5..*B.P..*(.................*.....................( ..................*.. .".... .".......(.. .".....*.. ....o......E.6... ..*..."........."J......Ah......@.@@....:@{6..wCp..3...((.(......................*...@..(...."....................*......*.. ........T.......@.@@........AP.P..@.E@....E@.d.E@.@@..@.P.T..@..@..P.D...@M........EO..."...=.wCp.....R......P.@......

                                          C:\Users\user\AppData\Local\Temp\8f7775e7-b3e8-4b23-b876-70494a73f6d6.tmp

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:Google Chrome extension, version 3
                                          Category:dropped
                                          Size (bytes):11185
                                          Entropy (8bit):7.951995436832936
                                          Encrypted:false
                                          SSDEEP:192:YEKh1jNlwQbamjq6Bcykrs3kAVg55GzVQM5F+XwsxNv7/lsoltBq0WG4ZeJTmrRb:fKT/BAzA05Gn5F+XV7NNltrWG4kJTm1b
                                          MD5:78E47DDA17341BED7BE45DCCFD89AC87
                                          SHA1:1AFDE30E46997452D11E4A2ADBBF35CCE7A1404F
                                          SHA-256:67D161098BE68CD24FEBC0C7B48F515F199DDA72F20AE3BBB97FCF2542BB0550
                                          SHA-512:9574A66D3756540479DC955C4057144283E09CAE11CE11EBCE801053BB48E536E67DC823B91895A9E3EE8D3CB27C065D5E9030C39A26CBF3F201348385B418A5
                                          Malicious:false
                                          Preview:Cr24..............0.."0...*.H.............0.........N.......E#......9e.u.q...VYY..@.+.C..k.O..bK.`..6.G..%.....3Z...e _.6....F..1p..K.Z......./ .3...OT..`..0...Y...FT..43.th.y...}....p.L...2S.&i.`..o...f.oH.....N..:..ijT.3.F{.0.,.f?'f.CQt;b_"Pc.. ..~S.I.c.8Z.;.....{G.a......k...>.`.o..%.$>;.....g.............jg?.R..@.:..........&..{...x@.Py..;kT....%F".S..w...N....9...A..@X.t!i.@..1;......1E..X.....[.~$....J......;=T.;)k..Y...$......S......M.P..P..>..=..u.....2p...w.9..1qw.a\A..Vj .C.....A..Cf1.r6.A...L. _m...[..l.Wr_../.. .B..9!.!+..ZG.K.......0.."0...*.H.............0.........^SUd%Q.L].......Cl2o...\[.....'*...;R=....N.C5....d. .....J.C>u.kr..Y..syJC.XS.q..E.n?....(G.5..)2.G..!.M.SS.{..U....!.EE..M[.#qs.A.1...g)nQ.c..G....Bd..7... .O.BI..KXQ..4.d.K.0......g.....-p....Z.E{...M&.~n.TE7..{0....5.#.C+3.y)pd9.e.........@..3.9..B.....I....2nX........2.?.~..S....]G.N.....Lr.O.Ve....9..D1.G..W)...P.?=.#..7.R.lz..a.wX.e..h.h.~....v..RP.@X....d.G

                                          C:\Users\user\AppData\Local\Temp\b33b5721-7963-486a-bc72-8581a8e2c560.tmp

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:Google Chrome extension, version 3
                                          Category:dropped
                                          Size (bytes):135751
                                          Entropy (8bit):7.804610863392373
                                          Encrypted:false
                                          SSDEEP:1536:h+OX7O5AeBWdSq2Zso2iDNjF3dNUPOTy61NVo8OJXhQXXUWFMOiiBIHWI7YyjM/8:pVdSj9hjVn6Oj5fOJR+k0iiW2IPMaIul
                                          MD5:83EF25FBEE6866A64F09323BFE1536E0
                                          SHA1:24E8BD033CD15E3CF4F4FF4C8123E1868544AC65
                                          SHA-256:F421D74829F2923FD9E5A06153E4E42DB011824C33475E564B17091598996E6F
                                          SHA-512:C699D1C9649977731EEA0CB4740C4BEAACEEC82AECC43F9F2B1E5625C487C0BC45FA08A1152A35EFBDB3DB73B8AF3625206315D1F9645A24E1969316F9F5B38C
                                          Malicious:false
                                          Preview:Cr24..............0.."0...*.H.............0.........^...1"...w.g..t..2J.G1.)X4..=&.?[j,Lz..j.u.e[I.q*Ba/X...P.h..L.....2%3_o.......H.)'.=.e...?.......j..3UH.|.X.M..u..s[.*..?$....F%....I....)..,-./.e5).f..O.q.^........9..(.._.ph2..^.YBPXf_8....h[.v...S.*1`.#..5.SF.:f-.#.65.i..b.]9...y2.'....k[..........1...c@e.J.~..A...(9=...I.N.e..T......6.7..*.Kk?....]<.S(.....9}........$..6...:...9..b|B..8..I..7.8K\.KIn7.:.!^;.H........8.....,.\....b..uC...e?..E.U.........P..G..u!+......C.)Kw...............4..Qye..=$..Q.......?Oi.,O.RW6.k.+.&. .wu..tf....[0Y0...*.H.=....*.H.=....B..............r...2..+Y.I...k..bR.j5Sl..8.......H"i.-l..`.Q.{...G0E. ..r.....p..~..3.1.vD.i.]...~...!...<..4KV.~y.).`........>E.NT.%1".%............o.....J._.H.B..w..C......UU.&C..fB&..|..i..J......I.??^.Z.....Y....0^......?...o.....O.~......W.....~.......R..z.Ma...u]..*..-.n....2s<....E..6.<..W.H.qh....:j.y...N.D.]Nj....../..a...{....g.....f).~._....1q..L..#.G...Q.w...J."

                                          C:\Users\user\AppData\Local\Temp\b6ac9416-56fe-4e52-868b-ce7c878a4ad9.tmp

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 41902
                                          Category:dropped
                                          Size (bytes):76319
                                          Entropy (8bit):7.996132588300074
                                          Encrypted:true
                                          SSDEEP:1536:hS5Vvm808scZeEzFrSpzBUl4MZIGM/iys3BBrYunau6w6DLZ8:GdS8scZNzFrMa4M+lK5/nEDd8
                                          MD5:24439F0E82F6A60E541FB2697F02043F
                                          SHA1:E3FAA84B0ED8CDD2268D53A0ECC6F3134D5EBD8F
                                          SHA-256:B24DD5C374F8BB381A48605D183B6590245EE802C65F643632A3BE9BB1F313C5
                                          SHA-512:8FD794657A9F80FDBC2350DC26A2C82DFD82266B934A4472B3319FDB870841C832137D4F5CE41D518859B8B1DA63031C6B7E750D301F87D6ECA45B958B147FCD
                                          Malicious:false
                                          Preview:...........m{..(.}...7.\...N.D*.w..m..q....%XfL.*I.ql..;/.....s...E...0....`..A..[o^.^Y...F_.'.*.."L...^.......Y..W..l...E0..YY...:.&.u?....J..U<.q."...p.ib:.g.*.^.q.mr.....^&.{.E.....,EAp.q.......=.=.....z^.,d.^..J.R..zI4..2b?.-D5/.^...+.G..Y..?5..k........i.,.T#........_DV....P..d2......b\..L....o....Z.}../....CU.$.-..D9`..~......=....._.2O..?....b.{...7IY.L..q....K....T..5m.d.s.4.^... ..~<..7~6OS..b...^>.......s..n....k."..G.....L...z.U...... ... .ZY...,...kU1..N...(..V.r\$..s...X.It...x.mr..W....g........9DQR....*d......;L.S.....G... .._D.{.=.zI.g.Y~...`T..p.yO..4......8$..v.J..I.%..._.d.[..du5._._...?\..8.c.....U...fy.t....q.t....T@.......:zu..\,.!.I..AN_.....FeX..h.c.i.W.......(.....Y..F...R%.\..@.. 2(e,&.76..F+...l.t.$..`...........Wi.{.U.&(.b}...}.i..,...k....!..%...&.c..D-."..SQ.......q9....)j....7.".N....AX...).d./giR....uk.....s.....^...........:...~......(hP..K.@.&..?.E0:+D|9...U.q.cu..)t{.e...X...{.....z......LL&I6.=.

                                          C:\Users\user\AppData\Local\Temp\cv_debug.log

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:JSON data
                                          Category:dropped
                                          Size (bytes):353
                                          Entropy (8bit):5.33273306603815
                                          Encrypted:false
                                          SSDEEP:6:YEt5anQRL56s/ut5/ZWgvuPQJjDrwv/ut5+kkEGRL56s/C:YW5Fx56s/c5/E0Dkv/c5BkEGx56s/C
                                          MD5:E3AFD47637807DD2DDC4EB4ABAC695BB
                                          SHA1:509C9A898A5AC8286AC0F97AD6AA962B3F00080A
                                          SHA-256:8027B5AF7E70E8C6377D38D14CF418ACBE4E998BCF7AA4C9EE3A6BA8627116C8
                                          SHA-512:495B82629865496E57E8C0EAD96D02C392CFCD43052A9A3521FBBB50B0F1797FA5D1EE9193ED174E0A8925A19BF4D1E6168B61E3A43AED27FBA8761222739FCD
                                          Malicious:false
                                          Preview:{"logTime": "0901/185405", "correlationVector":"+1EEs/zJ0EiM6UgHiTmTa1","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "0901/185405", "correlationVector":"D8311CFAF76846F2BA9905C85E0FD8CB","action":"FETCH_UX_CONFIG", "result":""}.{"logTime": "0901/185405", "correlationVector":"dZA1zPkJKVr11mYZRBOTvW","action":"EXTENSION_UPDATER", "result":""}.

                                          C:\Users\user\AppData\Local\Temp\da195d32-5721-4763-9bad-58dd30fffab7.tmp

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 603003
                                          Category:dropped
                                          Size (bytes):530014
                                          Entropy (8bit):7.998103422568259
                                          Encrypted:true
                                          SSDEEP:12288:Ufv7zfAegwBbGHUVMf+xVmY6ChWHkLTpYZBWqYw902J3:UrvvBbAG2+xVmYbhTABEw9LF
                                          MD5:8A7C3731FE2D9A49083A84BBD5AC0905
                                          SHA1:B942280D00FE22EEAE5D12D66E89CED20C544F63
                                          SHA-256:5A6949D03280B1E280C01DB6016386079557C467CA95824790A957DA089FF128
                                          SHA-512:9B6CB22010791713C120415EA2A36BAFAA8B4F00D31B2833E87A3D76C528FB1249A8F1EBEE51B0330B0AB281828B507FFD14EDCA255EE9791D96D91E290CC0FB
                                          Malicious:false
                                          Preview:............o.6.........I....d[.z.6l.=...dIV...q..0...Iyk.C..8.R...v\7.....u..'..r...=.w..W.}..V_....W7......~..........<..f.-.O...l....a.../....l.m.e..kv.Y.n...~......}...ww..uSt.U..o.O...G..4w..|...........]]..y../..W.n...........".y..WB.2*C.7..W.4.....M...I..\&.($...."'....Y.e..o.7y.K.......oZ2.?..qW.O.$.............<.kV`2)G..%,...2.."Q..M.....}g.M`qa.x.Z_....N"......~.~.....;..4.....XEX...B0.Q=.'...z.,.|.>.5..W.6..$\RaT.&.m.%.b.2.....5#[..\...z.j.j|......~RN....@p.C.1.j.}..}..Z..Co'.i.%.TZ...O=%.`.J+............Y|.....mp.6...;v...l?...!..?"Q....a....'.8...)..)7..N...B.8...Yj.?..........V../...g....C..i.....IN...P..P.@.....N..u/...FJ.A<N<..gD. #..6....N.F.....C......4..........?R@.K../-%..P...|.././.o..?#K......%..=.8;........J..............6"..2.........jI....A..W.3......[.....$...>.%iJ..g..A...._....B.>.r...G.5.....$.P[.....J..r.y.4.KE.Lj/)i".w..Ig./.k?.....l../Z.f......"|%.-..T.....).l."Q..j*>%..E.J6...l...^.f.=`%./.l......7$D

                                          C:\Users\user\AppData\Local\Temp\ece79c27-4711-43f7-9649-f8d2597dd574.tmp

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:very short file (no magic)
                                          Category:dropped
                                          Size (bytes):1
                                          Entropy (8bit):0.0
                                          Encrypted:false
                                          SSDEEP:3:L:L
                                          MD5:5058F1AF8388633F609CADB75A75DC9D
                                          SHA1:3A52CE780950D4D969792A2559CD519D7EE8C727
                                          SHA-256:CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
                                          SHA-512:0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
                                          Malicious:false
                                          Preview:.

                                          C:\Users\user\AppData\Local\Temp\mozilla-temp-files\mozilla-temp-41

                                          Download File
                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                          File Type:ISO Media, MP4 Base Media v1 [ISO 14496-12:2003]
                                          Category:dropped
                                          Size (bytes):32768
                                          Entropy (8bit):0.4593089050301797
                                          Encrypted:false
                                          SSDEEP:48:9SP0nUgwyZXYI65yFRX2D3GNTTfyn0Mk1iA:9SDKaIjo3UzyE1L
                                          MD5:D910AD167F0217587501FDCDB33CC544
                                          SHA1:2F57441CEFDC781011B53C1C5D29AC54835AFC1D
                                          SHA-256:E3699D9404A3FFC1AFF0CA8A3972DC0EF38BDAB927741E9F627C7C55CEA42E81
                                          SHA-512:F1871BF28FF25EE52BDB99C7A80AB715C7CAC164DCD2FD87E681168EE927FD2C5E80E03C91BB638D955A4627213BF575FF4D9EECAEDA7718C128CF2CE8F7CB3D
                                          Malicious:false
                                          Preview:... ftypisom....isomiso2avc1mp41....free....mdat..........E...H..,. .#..x264 - core 152 r2851 ba24899 - H.264/MPEG-4 AVC codec - Copyleft 2003-2017 - http://www.videolan.org/x264.html - options: cabac=1 ref=3 deblock=1:0:0 analyse=0x3:0x113 me=hex subme=7 psy=1 psy_rd=1.00:0.00 mixed_ref=1 me_range=16 chroma_me=1 trellis=1 8x8dct=1 cqm=0 deadzone=21,11 fast_pskip=1 chroma_qp_offset=-2 threads=4 lookahead_threads=1 sliced_threads=0 nr=0 decimate=1 interlaced=0 bluray_compat=0 constrained_intra=0 bframes=3 b_pyramid=2 b_adapt=1 b_bias=0 direct=1 weightb=1 open_gop=0 weightp=2 keyint=250 keyint_min=25 scenecut=40 intra_refresh=0 rc_lookahead=40 rc=crf mbtree=1 crf=23.0 qcomp=0.60 qpmin=0 qpmax=69 qpstep=4 ip_ratio=1.40 aq=1:1.00......e...+...s|.kG3...'.u.."...,J.w.~.d\..(K....!.+..;....h....(.T.*...M......0..~L..8..B..A.y..R..,.zBP.';j.@.].w..........c......C=.'f....gI.$^.......m5V.L...{U..%V[....8......B..i..^,....:...,..5.m.%dA....moov...lmvhd...................(...........

                                          C:\Users\user\AppData\Local\Temp\scoped_dir7204_1878102065\CRX_INSTALL\128.png

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced
                                          Category:dropped
                                          Size (bytes):4982
                                          Entropy (8bit):7.929761711048726
                                          Encrypted:false
                                          SSDEEP:96:L7Rf7U1ylWb3KfyEfOXE+PIcvBirQFiAql1ZwKREkXCSAk:pTvWqfD+gl0sAql1u7kySAk
                                          MD5:913064ADAAA4C4FA2A9D011B66B33183
                                          SHA1:99EA751AC2597A080706C690612AEEEE43161FC1
                                          SHA-256:AFB4CE8882EF7AE80976EBA7D87F6E07FCDDC8E9E84747E8D747D1E996DEA8EB
                                          SHA-512:162BF69B1AD5122C6154C111816E4B87A8222E6994A72743ED5382D571D293E1467A2ED2FC6CC27789B644943CF617A56DA530B6A6142680C5B2497579A632B5
                                          Malicious:false
                                          Preview:.PNG........IHDR..............>a....=IDATx..]}...U..;...O.Q..QH.I(....v..E....GUb*..R[.4@%..hK..B..(.B..". ....&)U#.%...jZ...JC.8.....{.cfvgf.3;.....}ow.....{...P.B...*T.P.B...*Tx...=.Q..wv.w.....|.e.1.$.P.?..l_\.n.}...~.g.....Q...A.f....m.....{,...C2 %..X.......FE.1.N..f...Q..D.K87.....:g..Q.{............3@$.8.....{.....q....G.. .....5..y......)XK..F...D.......... ."8...J#.eM.i....H.E.....a.RIP.`......)..T.....! .[p`X.`..L.a....e. .T..2.....H..p$..02...j....\..........s{...Ymm~.a........f.$./.[.{..C.2:.0..6..]....`....NW.....0..o.T..$;k.2......_...k..{,.+........{..6...L..... .dw...l$..}...K...EV....0......P...e....k....+Go....qw.9.1...X2\..qfw0v.....N...{...l.."....f.A..I..+#.v....'..~E.N-k.........{...l.$..ga..1...$......x$X=}.N..S..B$p..`..`.ZG:c..RA.(.0......Gg.A.I..>...3u.u........_..KO.m.........C...,..c.......0...@_..m...-..7.......4LZ......j@.......\..'....u. QJ.:G..I`.w'B0..w.H..'b.0- ......|..}./.....e..,.K.1........W.u.v. ...\.o

                                          C:\Users\user\AppData\Local\Temp\scoped_dir7204_1878102065\CRX_INSTALL\_locales\af\messages.json

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:JSON data
                                          Category:dropped
                                          Size (bytes):908
                                          Entropy (8bit):4.512512697156616
                                          Encrypted:false
                                          SSDEEP:12:1HASvgMTCBxNB+kCIww3v+BBJ/wjsV8lCBxeBeRiGTCSU8biHULaBg/4srCBhUJJ:1HAkkJ+kCIwEg/wwbw0PXa22QLWmSDg
                                          MD5:12403EBCCE3AE8287A9E823C0256D205
                                          SHA1:C82D43C501FAE24BFE05DB8B8F95ED1C9AC54037
                                          SHA-256:B40BDE5B612CFFF936370B32FB0C58CC205FC89937729504C6C0B527B60E2CBA
                                          SHA-512:153401ECDB13086D2F65F9B9F20ACB3CEFE5E2AEFF1C31BA021BE35BF08AB0634812C33D1D34DA270E5693A8048FC5E2085E30974F6A703F75EA1622A0CA0FFD
                                          Malicious:false
                                          Preview:{.. "createnew": {.. "message": "SKEP NUWE".. },.. "explanationofflinedisabled": {.. "message": "Jy is vanlyn. As jy Google Dokumente sonder 'n internetverbinding wil gebruik, moet jy die volgende keer as jy aan die internet gekoppel is na instellings op die Google Dokumente-tuisblad gaan en vanlynsinkronisering aanskakel.".. },.. "explanationofflineenabled": {.. "message": "Jy is vanlyn, maar jy kan nog steeds beskikbare l.ers redigeer of nuwes skep.".. },.. "extdesc": {.. "message": "Skep, wysig en bekyk jou dokumente, sigblaaie en aanbiedings . alles sonder toegang tot die internet.".. },.. "extname": {.. "message": "Google Vanlyn Dokumente".. },.. "learnmore": {.. "message": "Kom meer te wete".. },.. "popuphelptext": {.. "message": "Skryf, redigeer en werk saam, waar jy ook al is, met of sonder 'n internetverbinding.".. }..}..

                                          C:\Users\user\AppData\Local\Temp\scoped_dir7204_1878102065\CRX_INSTALL\_locales\am\messages.json

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:JSON data
                                          Category:dropped
                                          Size (bytes):1285
                                          Entropy (8bit):4.702209356847184
                                          Encrypted:false
                                          SSDEEP:24:1HAn6bfEpxtmqMI91ivWjm/6GcCIoToCZzlgkX/Mj:W6bMt3MITFjm/Pcd4oCZhg6k
                                          MD5:9721EBCE89EC51EB2BAEB4159E2E4D8C
                                          SHA1:58979859B28513608626B563138097DC19236F1F
                                          SHA-256:3D0361A85ADFCD35D0DE74135723A75B646965E775188F7DCDD35E3E42DB788E
                                          SHA-512:FA3689E8663565D3C1C923C81A620B006EA69C99FB1EB15D07F8F45192ED9175A6A92315FA424159C1163382A3707B25B5FC23E590300C62CBE2DACE79D84871
                                          Malicious:false
                                          Preview:{.. "createnew": {.. "message": "... ...".. },.. "explanationofflinedisabled": {.. "message": "..... .. .... Google ..... ........ ..... ..... .Google .... ... .. .. .. ..... .... ....... .. ....... ... .. .. ..... .. ..... ....".. },.. "explanationofflineenabled": {.. "message": "..... .. .... ... .. .... .... ..... .... ... ..... .... .....".. },.. "extdesc": {.. "message": "...... ..... .... ... .. ..... ...... ..... .... .. ..... . .... .. ...... .....".. },.. "extname": {.. "message": "..... .. Goog

                                          C:\Users\user\AppData\Local\Temp\scoped_dir7204_1878102065\CRX_INSTALL\_locales\ar\messages.json

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:JSON data
                                          Category:dropped
                                          Size (bytes):1244
                                          Entropy (8bit):4.5533961615623735
                                          Encrypted:false
                                          SSDEEP:12:1HASvgPCBxNhieFTr9ogjIxurIyJCCBxeh6wAZKn7uCSUhStuysUm+WCBhSueW1Y:1HAgJzoaC6VEn7Css8yoXzzd
                                          MD5:3EC93EA8F8422FDA079F8E5B3F386A73
                                          SHA1:24640131CCFB21D9BC3373C0661DA02D50350C15
                                          SHA-256:ABD0919121956AB535E6A235DE67764F46CFC944071FCF2302148F5FB0E8C65A
                                          SHA-512:F40E879F85BC9B8120A9B7357ED44C22C075BF065F45BEA42BD5316AF929CBD035D5D6C35734E454AEF5B79D378E51A77A71FA23F9EBD0B3754159718FCEB95C
                                          Malicious:false
                                          Preview:{.. "createnew": {.. "message": "..... ....".. },.. "explanationofflinedisabled": {.. "message": "... ... ...... ........ ....... Google ... ..... .......... ..... ... ......... .. ...... ........ ........ Google ..... ........ ... ..... .. ..... ....... .... .... .... ..........".. },.. "explanationofflineenabled": {.. "message": "... ... ...... .... .. .... ....... ..... ....... ....... .. ..... ..... ......".. },.. "extdesc": {.. "message": "..... ......... ...... ........ ....... ......... ........ ....... .. ... ... ..... .........".. },.. "extname": {.. "message": "....... Google ... ......".. },.. "learnmore": {.. "messa

                                          C:\Users\user\AppData\Local\Temp\scoped_dir7204_1878102065\CRX_INSTALL\_locales\az\messages.json

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:JSON data
                                          Category:dropped
                                          Size (bytes):977
                                          Entropy (8bit):4.867640976960053
                                          Encrypted:false
                                          SSDEEP:24:1HAWNjbwlmyuAoW32Md+80cVLdUSERHtRo3SjX:J3wlzs42m+8TV+S4H0CjX
                                          MD5:9A798FD298008074E59ECC253E2F2933
                                          SHA1:1E93DA985E880F3D3350FC94F5CCC498EFC8C813
                                          SHA-256:628145F4281FA825D75F1E332998904466ABD050E8B0DC8BB9B6A20488D78A66
                                          SHA-512:9094480379F5AB711B3C32C55FD162290CB0031644EA09A145E2EF315DA12F2E55369D824AF218C3A7C37DD9A276AEEC127D8B3627D3AB45A14B0191ED2BBE70
                                          Malicious:false
                                          Preview:{.. "createnew": {.. "message": "YEN.S.N. YARADIN".. },.. "explanationofflinedisabled": {.. "message": "Oflayns.n.z. Google S.n.di internet ba.lant.s. olmadan istifad. etm.k ist.yirsinizs., Google S.n.din .sas s.hif.sind. ayarlara gedin v. n.vb.ti d.f. internet. qo.ulanda oflayn sinxronizasiyan. aktiv edin.".. },.. "explanationofflineenabled": {.. "message": "Oflayns.n.z, amma m.vcud fayllar. redakt. ed. v. yenil.rini yarada bil.rsiniz.".. },.. "extdesc": {.. "message": "S.n.d, c.dv.l v. t.qdimatlar.n ham.s.n. internet olmadan redakt. edin, yarad.n v. bax.n.".. },.. "extname": {.. "message": "Google S.n.d Oflayn".. },.. "learnmore": {.. "message": ".trafl. M.lumat".. },.. "popuphelptext": {.. "message": "Harda olma..n.zdan v. internet. qo.ulu olub-olmad...n.zdan as.l. olmayaraq, yaz.n, redakt. edin v. .m.kda.l.q edin.".. }..}..

                                          C:\Users\user\AppData\Local\Temp\scoped_dir7204_1878102065\CRX_INSTALL\_locales\be\messages.json

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:JSON data
                                          Category:dropped
                                          Size (bytes):3107
                                          Entropy (8bit):3.535189746470889
                                          Encrypted:false
                                          SSDEEP:48:YOWdTQ0QRk+QyJQAy6Qg4QWSe+QECTQLHQlQIfyQ0fnWQjQDrTQik+QvkZTQ+89b:GdTbyRvwgbCTEHQhyVues9oOT3rOCkV
                                          MD5:68884DFDA320B85F9FC5244C2DD00568
                                          SHA1:FD9C01E03320560CBBB91DC3D1917C96D792A549
                                          SHA-256:DDF16859A15F3EB3334D6241975CA3988AC3EAFC3D96452AC3A4AFD3644C8550
                                          SHA-512:7FF0FBD555B1F9A9A4E36B745CBFCAD47B33024664F0D99E8C080BE541420D1955D35D04B5E973C07725573E592CD0DD84FDBB867C63482BAFF6929ADA27CCDE
                                          Malicious:false
                                          Preview:{"createnew":{"message":"\u0421\u0422\u0412\u0410\u0420\u042b\u0426\u042c \u041d\u041e\u0412\u042b"},"explanationofflinedisabled":{"message":"\u0412\u044b \u045e \u043f\u0430\u0437\u0430\u0441\u0435\u0442\u043a\u0430\u0432\u044b\u043c \u0440\u044d\u0436\u044b\u043c\u0435. \u041a\u0430\u0431 \u043a\u0430\u0440\u044b\u0441\u0442\u0430\u0446\u0446\u0430 \u0414\u0430\u043a\u0443\u043c\u0435\u043d\u0442\u0430\u043c\u0456 Google \u0431\u0435\u0437 \u043f\u0430\u0434\u043a\u043b\u044e\u0447\u044d\u043d\u043d\u044f \u0434\u0430 \u0456\u043d\u0442\u044d\u0440\u043d\u044d\u0442\u0443, \u043f\u0435\u0440\u0430\u0439\u0434\u0437\u0456\u0446\u0435 \u0434\u0430 \u043d\u0430\u043b\u0430\u0434 \u043d\u0430 \u0433\u0430\u043b\u043e\u045e\u043d\u0430\u0439 \u0441\u0442\u0430\u0440\u043e\u043d\u0446\u044b \u0414\u0430\u043a\u0443\u043c\u0435\u043d\u0442\u0430\u045e Google \u0456 \u045e\u043a\u043b\u044e\u0447\u044b\u0446\u0435 \u0441\u0456\u043d\u0445\u0440\u0430\u043d\u0456\u0437\u0430\u0446\u044b\u044e

                                          C:\Users\user\AppData\Local\Temp\scoped_dir7204_1878102065\CRX_INSTALL\_locales\bg\messages.json

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:JSON data
                                          Category:dropped
                                          Size (bytes):1389
                                          Entropy (8bit):4.561317517930672
                                          Encrypted:false
                                          SSDEEP:24:1HAp1DQqUfZ+Yann08VOeadclUZbyMzZzsYvwUNn7nOyRK8/nn08V7:g1UTfZ+Ya08Uey3tflCRE08h
                                          MD5:2E6423F38E148AC5A5A041B1D5989CC0
                                          SHA1:88966FFE39510C06CD9F710DFAC8545672FFDCEB
                                          SHA-256:AC4A8B5B7C0B0DD1C07910F30DCFBDF1BCB701CFCFD182B6153FD3911D566C0E
                                          SHA-512:891FCDC6F07337970518322C69C6026896DD3588F41F1E6C8A1D91204412CAE01808F87F9F2DEA1754458D70F51C3CEF5F12A9E3FC011165A42B0844C75EC683
                                          Malicious:false
                                          Preview:{.. "createnew": {.. "message": ".........".. },.. "explanationofflinedisabled": {.. "message": "...... .... .. .. .......... Google ......... ... ........ ......, ........ ........... . ......... ........ .. Google ......... . ........ ...... .............. ......... ..., ...... ..... ...... . .........".. },.. "explanationofflineenabled": {.. "message": "...... ..., .. ... ...... .. ........... ......... ....... ... .. ......... .....".. },.. "extdesc": {.. "message": "............, .......... . ............ ...... ........., .......... ....... . ........... . ...... .... ... ...... .. .........".. },..

                                          C:\Users\user\AppData\Local\Temp\scoped_dir7204_1878102065\CRX_INSTALL\_locales\bn\messages.json

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:JSON data
                                          Category:dropped
                                          Size (bytes):1763
                                          Entropy (8bit):4.25392954144533
                                          Encrypted:false
                                          SSDEEP:24:1HABGtNOtIyHmVd+q+3X2AFl2DhrR7FAWS9+SMzI8QVAEq8yB0XtfOyvU7D:oshmm/+H2Ml2DrFPS9+S99EzBd7D
                                          MD5:651375C6AF22E2BCD228347A45E3C2C9
                                          SHA1:109AC3A912326171D77869854D7300385F6E628C
                                          SHA-256:1DBF38E425C5C7FC39E8077A837DF0443692463BA1FBE94E288AB5A93242C46E
                                          SHA-512:958AA7CF645FAB991F2ECA0937BA734861B373FB1C8BCC001599BE57C65E0917F7833A971D93A7A6423C5F54A4839D3A4D5F100C26EFA0D2A068516953989F9D
                                          Malicious:false
                                          Preview:{.. "createnew": {.. "message": ".... .... ....".. },.. "explanationofflinedisabled": {.. "message": ".... ....... ....... .... ......... ..... ..... Google ........ ....... ...., Google .......... ........ ....... ... ... .... ... .... ... ........... .... ....... .... ... ...... ..... .... .....".. },.. "explanationofflineenabled": {.. "message": ".... ....... ......, ...... .... .... ...... .......... ........ .... .. .... .... .... .... .......".. },.. "extdesc":

                                          C:\Users\user\AppData\Local\Temp\scoped_dir7204_1878102065\CRX_INSTALL\_locales\ca\messages.json

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:JSON data
                                          Category:dropped
                                          Size (bytes):930
                                          Entropy (8bit):4.569672473374877
                                          Encrypted:false
                                          SSDEEP:12:1HASvggoSCBxNFT0sXuqgEHQ2fTq9blUJYUJaw9CBxejZFPLOjCSUuE44pMiiDat:1HAtqs+BEHGpURxSp1iUPWCAXtRKe
                                          MD5:D177261FFE5F8AB4B3796D26835F8331
                                          SHA1:4BE708E2FFE0F018AC183003B74353AD646C1657
                                          SHA-256:D6E65238187A430FF29D4C10CF1C46B3F0FA4B91A5900A17C5DFD16E67FFC9BD
                                          SHA-512:E7D730304AED78C0F4A78DADBF835A22B3D8114FB41D67B2B26F4FE938B572763D3E127B7C1C81EBE7D538DA976A7A1E7ADC40F918F88AFADEA2201AE8AB47D0
                                          Malicious:false
                                          Preview:{.. "createnew": {.. "message": "CREA'N UN DE NOU".. },.. "explanationofflinedisabled": {.. "message": "No tens connexi.. Per utilitzar Documents de Google sense connexi. a Internet, ves a la configuraci. de la p.gina d'inici d'aquest servei i activa l'opci. per sincronitzar-se sense connexi. la propera vegada que estiguis connectat a la xarxa.".. },.. "explanationofflineenabled": {.. "message": "Tot i que no tens connexi., pots editar o crear fitxers.".. },.. "extdesc": {.. "message": "Edita, crea i consulta documents, fulls de c.lcul i presentacions, tot sense acc.s a Internet.".. },.. "extname": {.. "message": "Documents de Google sense connexi.".. },.. "learnmore": {.. "message": "M.s informaci.".. },.. "popuphelptext": {.. "message": "Escriu text, edita fitxers i col.labora-hi siguis on siguis, amb o sense connexi. a Internet.".. }..}..

                                          C:\Users\user\AppData\Local\Temp\scoped_dir7204_1878102065\CRX_INSTALL\_locales\cs\messages.json

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:JSON data
                                          Category:dropped
                                          Size (bytes):913
                                          Entropy (8bit):4.947221919047
                                          Encrypted:false
                                          SSDEEP:12:1HASvgdsbCBxNBmobXP15Dxoo60n40h6qCBxeBeGG/9jZCSUKFPDLZ2B2hCBhPLm:1HApJmoZ5e50nzQhwAd7dvYB2kDSGGKs
                                          MD5:CCB00C63E4814F7C46B06E4A142F2DE9
                                          SHA1:860936B2A500CE09498B07A457E0CCA6B69C5C23
                                          SHA-256:21AE66CE537095408D21670585AD12599B0F575FF2CB3EE34E3A48F8CC71CFAB
                                          SHA-512:35839DAC6C985A6CA11C1BFF5B8B5E59DB501FCB91298E2C41CB0816B6101BF322445B249EAEA0CEF38F76D73A4E198F2B6E25EEA8D8A94EA6007D386D4F1055
                                          Malicious:false
                                          Preview:{.. "createnew": {.. "message": "VYTVO.IT".. },.. "explanationofflinedisabled": {.. "message": "Jste offline. Pokud chcete Dokumenty Google pou..vat bez p.ipojen. k.internetu, a. budete p...t. online, p.ejd.te do nastaven. na domovsk. str.nce Dokument. Google a.zapn.te offline synchronizaci.".. },.. "explanationofflineenabled": {.. "message": "Jste offline, ale st.le m..ete upravovat dostupn. soubory nebo vytv..et nov..".. },.. "extdesc": {.. "message": "Upravujte, vytv..ejte a.zobrazujte sv. dokumenty, tabulky a.prezentace . v.e bez p..stupu k.internetu.".. },.. "extname": {.. "message": "Dokumenty Google offline".. },.. "learnmore": {.. "message": "Dal.. informace".. },.. "popuphelptext": {.. "message": "Pi.te, upravujte a.spolupracujte kdekoli, s.p.ipojen.m k.internetu i.bez n.j.".. }..}..

                                          C:\Users\user\AppData\Local\Temp\scoped_dir7204_1878102065\CRX_INSTALL\_locales\cy\messages.json

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:JSON data
                                          Category:dropped
                                          Size (bytes):806
                                          Entropy (8bit):4.815663786215102
                                          Encrypted:false
                                          SSDEEP:12:YGo35xMxy6gLr4Dn1eBVa1xzxyn1VFQB6FDVgdAJex9QH7uy+XJEjENK32J21j:Y735+yoeeRG54uDmdXx9Q7u3r83Xj
                                          MD5:A86407C6F20818972B80B9384ACFBBED
                                          SHA1:D1531CD0701371E95D2A6BB5EDCB79B949D65E7C
                                          SHA-256:A482663292A913B02A9CDE4635C7C92270BF3C8726FD274475DC2C490019A7C9
                                          SHA-512:D9FBF675514A890E9656F83572208830C6D977E34D5744C298A012515BC7EB5A17726ADD0D9078501393BABD65387C4F4D3AC0CC0F7C60C72E09F336DCA88DE7
                                          Malicious:false
                                          Preview:{"createnew":{"message":"CREU NEWYDD"},"explanationofflinedisabled":{"message":"Rydych chi all-lein. I ddefnyddio Dogfennau Google heb gysylltiad \u00e2'r rhyngrwyd, ewch i'r gosodiadau ar dudalen hafan Dogfennau Google a throi 'offine sync' ymlaen y tro nesaf y byddwch wedi'ch cysylltu \u00e2'r rhyngrwyd."},"explanationofflineenabled":{"message":"Rydych chi all-lein, ond gallwch barhau i olygu'r ffeiliau sydd ar gael neu greu rhai newydd."},"extdesc":{"message":"Gallwch olygu, creu a gweld eich dogfennau, taenlenni a chyflwyniadau \u2013 i gyd heb fynediad i'r rhyngrwyd."},"extname":{"message":"Dogfennau Google All-lein"},"learnmore":{"message":"DYSGU MWY"},"popuphelptext":{"message":"Ysgrifennwch, golygwch a chydweithiwch lle bynnag yr ydych, gyda chysylltiad \u00e2'r rhyngrwyd neu hebddo."}}.

                                          C:\Users\user\AppData\Local\Temp\scoped_dir7204_1878102065\CRX_INSTALL\_locales\da\messages.json

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:JSON data
                                          Category:dropped
                                          Size (bytes):883
                                          Entropy (8bit):4.5096240460083905
                                          Encrypted:false
                                          SSDEEP:24:1HA4EFkQdUULMnf1yo+9qgpukAXW9bGJTvDyqdr:zEFkegfw9qwAXWNs/yu
                                          MD5:B922F7FD0E8CCAC31B411FC26542C5BA
                                          SHA1:2D25E153983E311E44A3A348B7D97AF9AAD21A30
                                          SHA-256:48847D57C75AF51A44CBF8F7EF1A4496C2007E58ED56D340724FDA1604FF9195
                                          SHA-512:AD0954DEEB17AF04858DD5EC3D3B3DA12DFF7A666AF4061DEB6FD492992D95DB3BAF751AB6A59BEC7AB22117103A93496E07632C2FC724623BB3ACF2CA6093F3
                                          Malicious:false
                                          Preview:{.. "createnew": {.. "message": "OPRET NYT".. },.. "explanationofflinedisabled": {.. "message": "Du er offline. Hvis du vil bruge Google Docs uden en internetforbindelse, kan du g. til indstillinger p. startsiden for Google Docs og aktivere offlinesynkronisering, n.ste gang du har internetforbindelse.".. },.. "explanationofflineenabled": {.. "message": "Du er offline, men du kan stadig redigere tilg.ngelige filer eller oprette nye.".. },.. "extdesc": {.. "message": "Rediger, opret og se dine dokumenter, regneark og pr.sentationer helt uden internetadgang.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "F. flere oplysninger".. },.. "popuphelptext": {.. "message": "Skriv, rediger og samarbejd, uanset hvor du er, og uanset om du har internetforbindelse.".. }..}..

                                          C:\Users\user\AppData\Local\Temp\scoped_dir7204_1878102065\CRX_INSTALL\_locales\de\messages.json

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:JSON data
                                          Category:dropped
                                          Size (bytes):1031
                                          Entropy (8bit):4.621865814402898
                                          Encrypted:false
                                          SSDEEP:24:1HA6sZnqWd77ykJzCkhRhoe1HMNaAJPwG/p98HKpy2kX/R:WZqWxykJzthRhoQma+tpyHX2O/R
                                          MD5:D116453277CC860D196887CEC6432FFE
                                          SHA1:0AE00288FDE696795CC62FD36EABC507AB6F4EA4
                                          SHA-256:36AC525FA6E28F18572D71D75293970E0E1EAD68F358C20DA4FDC643EEA2C1C5
                                          SHA-512:C788C3202A27EC220E3232AE25E3C855F3FDB8F124848F46A3D89510C564641A2DFEA86D5014CEA20D3D2D3C1405C96DBEB7CCAD910D65C55A32FDCA8A33FDD4
                                          Malicious:false
                                          Preview:{.. "createnew": {.. "message": "NEU ERSTELLEN".. },.. "explanationofflinedisabled": {.. "message": "Sie sind offline. Um Google Docs ohne Internetverbindung zu verwenden, gehen Sie auf der Google Docs-Startseite auf \"Einstellungen\" und schalten die Offlinesynchronisierung ein, wenn Sie das n.chste Mal mit dem Internet verbunden sind.".. },.. "explanationofflineenabled": {.. "message": "Sie sind offline, aber k.nnen weiterhin verf.gbare Dateien bearbeiten oder neue Dateien erstellen.".. },.. "extdesc": {.. "message": "Mit der Erweiterung k.nnen Sie Dokumente, Tabellen und Pr.sentationen bearbeiten, erstellen und aufrufen.. ganz ohne Internetverbindung.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Weitere Informationen".. },.. "popuphelptext": {.. "message": "Mit oder ohne Internetverbindung: Sie k.nnen von .berall Dokumente erstellen, .ndern und zusammen mit anderen

                                          C:\Users\user\AppData\Local\Temp\scoped_dir7204_1878102065\CRX_INSTALL\_locales\el\messages.json

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:JSON data
                                          Category:dropped
                                          Size (bytes):1613
                                          Entropy (8bit):4.618182455684241
                                          Encrypted:false
                                          SSDEEP:24:1HAJKan4EITDZGoziRAc2Z8eEfkTJfLhGX7b0UBNoAcGpVyhxefSmuq:SKzTD0IK85JlwsGOUyaSk
                                          MD5:9ABA4337C670C6349BA38FDDC27C2106
                                          SHA1:1FC33BE9AB4AD99216629BC89FBB30E7AA42B812
                                          SHA-256:37CA6AB271D6E7C9B00B846FDB969811C9CE7864A85B5714027050795EA24F00
                                          SHA-512:8564F93AD8485C06034A89421CE74A4E719BBAC865E33A7ED0B87BAA80B7F7E54B240266F2EDB595DF4E6816144428DB8BE18A4252CBDCC1E37B9ECC9F9D7897
                                          Malicious:false
                                          Preview:{.. "createnew": {.. "message": ".......... ....".. },.. "explanationofflinedisabled": {.. "message": "..... ..... ......... ... .. ............... .. ....... Google ..... ....... ... ........., ......... .... ......... .... ...... ...... ... ........ Google ... ............. ... ........... ..... ........ ... ....... .... ... .. ..... ............ ... ..........".. },.. "explanationofflineenabled": {.. "message": "..... ..... ........ .... ........ .. .............. .. ......... ...... . .. ............. ... .......".. },.. "extdesc": {.. "message": ".............., ............ ... ..... .. ......., .

                                          C:\Users\user\AppData\Local\Temp\scoped_dir7204_1878102065\CRX_INSTALL\_locales\en\messages.json

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:JSON data
                                          Category:dropped
                                          Size (bytes):851
                                          Entropy (8bit):4.4858053753176526
                                          Encrypted:false
                                          SSDEEP:12:1HASvgg4eCBxNdN3Pj1NzXW6iFryCBxesJGceKCSUuvNn3AwCBhUufz1tHaXRdAv:1HA3dj/BNzXviFrpj4sNQXJezAa6
                                          MD5:07FFBE5F24CA348723FF8C6C488ABFB8
                                          SHA1:6DC2851E39B2EE38F88CF5C35A90171DBEA5B690
                                          SHA-256:6895648577286002F1DC9C3366F558484EB7020D52BBF64A296406E61D09599C
                                          SHA-512:7ED2C8DB851A84F614D5DAF1D5FE633BD70301FD7FF8A6723430F05F642CEB3B1AD0A40DE65B224661C782FFCEC69D996EBE3E5BB6B2F478181E9A07D8CD41F6
                                          Malicious:false
                                          Preview:{.. "createnew": {.. "message": "CREATE NEW".. },.. "explanationofflinedisabled": {.. "message": "You're offline. To use Google Docs without an internet connection, go to settings on the Google Docs homepage and turn on offline sync the next time you're connected to the internet.".. },.. "explanationofflineenabled": {.. "message": "You're offline, but you can still edit available files or create new ones.".. },.. "extdesc": {.. "message": "Edit, create, and view your documents, spreadsheets, and presentations . all without internet access.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Learn More".. },.. "popuphelptext": {.. "message": "Write, edit, and collaborate wherever you are, with or without an internet connection.".. }..}..

                                          C:\Users\user\AppData\Local\Temp\scoped_dir7204_1878102065\CRX_INSTALL\_locales\en_CA\messages.json

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:JSON data
                                          Category:dropped
                                          Size (bytes):851
                                          Entropy (8bit):4.4858053753176526
                                          Encrypted:false
                                          SSDEEP:12:1HASvgg4eCBxNdN3Pj1NzXW6iFryCBxesJGceKCSUuvNn3AwCBhUufz1tHaXRdAv:1HA3dj/BNzXviFrpj4sNQXJezAa6
                                          MD5:07FFBE5F24CA348723FF8C6C488ABFB8
                                          SHA1:6DC2851E39B2EE38F88CF5C35A90171DBEA5B690
                                          SHA-256:6895648577286002F1DC9C3366F558484EB7020D52BBF64A296406E61D09599C
                                          SHA-512:7ED2C8DB851A84F614D5DAF1D5FE633BD70301FD7FF8A6723430F05F642CEB3B1AD0A40DE65B224661C782FFCEC69D996EBE3E5BB6B2F478181E9A07D8CD41F6
                                          Malicious:false
                                          Preview:{.. "createnew": {.. "message": "CREATE NEW".. },.. "explanationofflinedisabled": {.. "message": "You're offline. To use Google Docs without an internet connection, go to settings on the Google Docs homepage and turn on offline sync the next time you're connected to the internet.".. },.. "explanationofflineenabled": {.. "message": "You're offline, but you can still edit available files or create new ones.".. },.. "extdesc": {.. "message": "Edit, create, and view your documents, spreadsheets, and presentations . all without internet access.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Learn More".. },.. "popuphelptext": {.. "message": "Write, edit, and collaborate wherever you are, with or without an internet connection.".. }..}..

                                          C:\Users\user\AppData\Local\Temp\scoped_dir7204_1878102065\CRX_INSTALL\_locales\en_GB\messages.json

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:JSON data
                                          Category:dropped
                                          Size (bytes):848
                                          Entropy (8bit):4.494568170878587
                                          Encrypted:false
                                          SSDEEP:12:1HASvgg4eCBxNdN3vRyc1NzXW6iFrSCBxesJGceKCSUuvlvOgwCBhUufz1tnaXrQ:1HA3djfR3NzXviFrJj4sJXJ+bA6RM
                                          MD5:3734D498FB377CF5E4E2508B8131C0FA
                                          SHA1:AA23E39BFE526B5E3379DE04E00EACBA89C55ADE
                                          SHA-256:AB5CDA04013DCE0195E80AF714FBF3A67675283768FFD062CF3CF16EDB49F5D4
                                          SHA-512:56D9C792954214B0DE56558983F7EB7805AC330AF00E944E734340BE41C68E5DD03EDDB17A63BC2AB99BDD9BE1F2E2DA5BE8BA7C43D938A67151082A9041C7BA
                                          Malicious:false
                                          Preview:{.. "createnew": {.. "message": "CREATE NEW".. },.. "explanationofflinedisabled": {.. "message": "You're offline. To use Google Docs without an Internet connection, go to settings on the Google Docs homepage and turn on offline sync the next time you're connected to the Internet.".. },.. "explanationofflineenabled": {.. "message": "You're offline, but you can still edit available files or create new ones.".. },.. "extdesc": {.. "message": "Edit, create and view your documents, spreadsheets and presentations . all without Internet access.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Learn more".. },.. "popuphelptext": {.. "message": "Write, edit and collaborate wherever you are, with or without an Internet connection.".. }..}..

                                          C:\Users\user\AppData\Local\Temp\scoped_dir7204_1878102065\CRX_INSTALL\_locales\en_US\messages.json

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:JSON data
                                          Category:dropped
                                          Size (bytes):1425
                                          Entropy (8bit):4.461560329690825
                                          Encrypted:false
                                          SSDEEP:24:1HA6Krbbds5Kna/BNzXviFrpsCxKU4irpNQ0+qWK5yOJAaCB7MAa6:BKrbBs5Kna/BNzXvi3sCxKZirA0jWK5m
                                          MD5:578215FBB8C12CB7E6CD73FBD16EC994
                                          SHA1:9471D71FA6D82CE1863B74E24237AD4FD9477187
                                          SHA-256:102B586B197EA7D6EDFEB874B97F95B05D229EA6A92780EA8544C4FF1E6BC5B1
                                          SHA-512:E698B1A6A6ED6963182F7D25AC12C6DE06C45D14499DDC91E81BDB35474E7EC9071CFEBD869B7D129CB2CD127BC1442C75E408E21EB8E5E6906A607A3982B212
                                          Malicious:false
                                          Preview:{.. "createNew": {.. "description": "Text shown in the extension pop up for creating a new document",.. "message": "CREATE NEW".. },.. "explanationOfflineDisabled": {.. "description": "Text shown in the extension popup when the user is offline and offline is disabled.",.. "message": "You're offline. To use Google Docs without an internet connection, go to settings on the Google Docs homepage and turn on offline sync the next time you're connected to the internet.".. },.. "explanationOfflineEnabled": {.. "description": "Text shown in the extension popup when the user is offline and offline is enabled.",.. "message": "You're offline, but you can still edit available files or create new ones.".. },.. "extDesc": {.. "description": "Extension description",.. "message": "Edit, create, and view your documents, spreadsheets, and presentations . all without internet access.".. },.. "extName": {.. "description": "Extension name",..

                                          C:\Users\user\AppData\Local\Temp\scoped_dir7204_1878102065\CRX_INSTALL\_locales\es\messages.json

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:JSON data
                                          Category:dropped
                                          Size (bytes):961
                                          Entropy (8bit):4.537633413451255
                                          Encrypted:false
                                          SSDEEP:12:1HASvggeCBxNFxcw2CVcfamedatqWCCBxeFxCF/m+rWAaFQbCSUuExqIQdO06stp:1HAqn0gcfa9dc/5mCpmIWck02USfWmk
                                          MD5:F61916A206AC0E971CDCB63B29E580E3
                                          SHA1:994B8C985DC1E161655D6E553146FB84D0030619
                                          SHA-256:2008F4FAAB71AB8C76A5D8811AD40102C380B6B929CE0BCE9C378A7CADFC05EB
                                          SHA-512:D9C63B2F99015355ACA04D74A27FD6B81170750C4B4BE7293390DC81EF4CD920EE9184B05C61DC8979B6C2783528949A4AE7180DBF460A2620DBB0D3FD7A05CF
                                          Malicious:false
                                          Preview:{.. "createnew": {.. "message": "CREAR".. },.. "explanationofflinedisabled": {.. "message": "No tienes conexi.n. Para usar Documentos de Google sin conexi.n a Internet, ve a Configuraci.n en la p.gina principal de Documentos de Google y activa la sincronizaci.n sin conexi.n la pr.xima vez que te conectes a Internet.".. },.. "explanationofflineenabled": {.. "message": "No tienes conexi.n. Aun as., puedes crear archivos o editar los que est.n disponibles.".. },.. "extdesc": {.. "message": "Edita, crea y consulta tus documentos, hojas de c.lculo y presentaciones; todo ello, sin acceso a Internet.".. },.. "extname": {.. "message": "Documentos de Google sin conexi.n".. },.. "learnmore": {.. "message": "M.s informaci.n".. },.. "popuphelptext": {.. "message": "Escribe o edita contenido y colabora con otras personas desde cualquier lugar, con o sin conexi.n a Internet.".. }..}..

                                          C:\Users\user\AppData\Local\Temp\scoped_dir7204_1878102065\CRX_INSTALL\_locales\es_419\messages.json

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:JSON data
                                          Category:dropped
                                          Size (bytes):959
                                          Entropy (8bit):4.570019855018913
                                          Encrypted:false
                                          SSDEEP:24:1HARn05cfa9dcDmQOTtSprj0zaGUSjSGZ:+n0CfMcDmQOTQprj4qpC
                                          MD5:535331F8FB98894877811B14994FEA9D
                                          SHA1:42475E6AFB6A8AE41E2FC2B9949189EF9BBE09FB
                                          SHA-256:90A560FF82605DB7EDA26C90331650FF9E42C0B596CEDB79B23598DEC1B4988F
                                          SHA-512:2CE9C69E901AB5F766E6CFC1E592E1AF5A07AA78D154CCBB7898519A12E6B42A21C5052A86783ABE3E7A05043D4BD41B28960FEDDB30169FF7F7FE7208C8CFE9
                                          Malicious:false
                                          Preview:{.. "createnew": {.. "message": "CREAR NUEVO".. },.. "explanationofflinedisabled": {.. "message": "No tienes conexi.n. Para usar Documentos de Google sin conexi.n a Internet, ve a la configuraci.n de la p.gina principal de Documentos de Google y activa la sincronizaci.n sin conexi.n la pr.xima vez que est.s conectado a Internet.".. },.. "explanationofflineenabled": {.. "message": "No tienes conexi.n, pero a.n puedes modificar los archivos disponibles o crear otros nuevos.".. },.. "extdesc": {.. "message": "Edita, crea y consulta tus documentos, hojas de c.lculo y presentaciones aunque no tengas acceso a Internet".. },.. "extname": {.. "message": "Documentos de Google sin conexi.n".. },.. "learnmore": {.. "message": "M.s informaci.n".. },.. "popuphelptext": {.. "message": "Escribe, modifica y colabora dondequiera que est.s, con conexi.n a Internet o sin ella.".. }..}..

                                          C:\Users\user\AppData\Local\Temp\scoped_dir7204_1878102065\CRX_INSTALL\_locales\et\messages.json

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:JSON data
                                          Category:dropped
                                          Size (bytes):968
                                          Entropy (8bit):4.633956349931516
                                          Encrypted:false
                                          SSDEEP:24:1HA5WG6t306+9sihHvMfdJLjUk4NJPNczGr:mWGY0cOUdJODPmzs
                                          MD5:64204786E7A7C1ED9C241F1C59B81007
                                          SHA1:586528E87CD670249A44FB9C54B1796E40CDB794
                                          SHA-256:CC31B877238DA6C1D51D9A6155FDE565727A1956572F466C387B7E41C4923A29
                                          SHA-512:44FCF93F3FB10A3DB68D74F9453995995AB2D16863EC89779DB451A4D90F19743B8F51095EEC3ECEF5BD0C5C60D1BF3DFB0D64DF288DCCFBE70C129AE350B2C6
                                          Malicious:false
                                          Preview:{.. "createnew": {.. "message": "LOO UUS".. },.. "explanationofflinedisabled": {.. "message": "Teil ei ole v.rgu.hendust. Teenuse Google.i dokumendid kasutamiseks ilma Interneti-.henduseta avage j.rgmine kord, kui olete Internetiga .hendatud, teenuse Google.i dokumendid avalehel seaded ja l.litage sisse v.rgu.henduseta s.nkroonimine.".. },.. "explanationofflineenabled": {.. "message": "Teil ei ole v.rgu.hendust, kuid saate endiselt saadaolevaid faile muuta v.i uusi luua.".. },.. "extdesc": {.. "message": "Saate luua, muuta ja vaadata oma dokumente, arvustustabeleid ning esitlusi ilma Interneti-.henduseta.".. },.. "extname": {.. "message": "V.rgu.henduseta Google.i dokumendid".. },.. "learnmore": {.. "message": "Lisateave".. },.. "popuphelptext": {.. "message": "Kirjutage, muutke ja tehke koost..d .ksk.ik kus olenemata sellest, kas teil on Interneti-.hendus.".. }..}..

                                          C:\Users\user\AppData\Local\Temp\scoped_dir7204_1878102065\CRX_INSTALL\_locales\eu\messages.json

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:JSON data
                                          Category:dropped
                                          Size (bytes):838
                                          Entropy (8bit):4.4975520913636595
                                          Encrypted:false
                                          SSDEEP:24:YnmjggqTWngosqYQqE1kjO39m7OddC0vjWQMmWgqwgQ8KLcxOb:Ynmsgqyngosq9qxTOs0vjWQMbgqchb
                                          MD5:29A1DA4ACB4C9D04F080BB101E204E93
                                          SHA1:2D0E4587DDD4BAC1C90E79A88AF3BD2C140B53B1
                                          SHA-256:A41670D52423BA69C7A65E7E153E7B9994E8DD0370C584BDA0714BD61C49C578
                                          SHA-512:B7B7A5A0AA8F6724B0FA15D65F25286D9C66873F03080CBABA037BDEEA6AADC678AC4F083BC52C2DB01BEB1B41A755ED67BBDDB9C0FE4E35A004537A3F7FC458
                                          Malicious:false
                                          Preview:{"createnew":{"message":"SORTU"},"explanationofflinedisabled":{"message":"Ez zaude konektatuta Internetera. Google Dokumentuak konexiorik gabe erabiltzeko, joan Google Dokumentuak zerbitzuaren orri nagusiko ezarpenetara eta aktibatu konexiorik gabeko sinkronizazioa Internetera konektatzen zaren hurrengoan."},"explanationofflineenabled":{"message":"Ez zaude konektatuta Internetera, baina erabilgarri dauden fitxategiak edita ditzakezu, baita beste batzuk sortu ere."},"extdesc":{"message":"Editatu, sortu eta ikusi dokumentuak, kalkulu-orriak eta aurkezpenak Interneteko konexiorik gabe."},"extname":{"message":"Google Dokumentuak konexiorik gabe"},"learnmore":{"message":"Lortu informazio gehiago"},"popuphelptext":{"message":"Edonon zaudela ere, ez duzu zertan konektatuta egon idatzi, editatu eta lankidetzan jardun ahal izateko."}}.

                                          C:\Users\user\AppData\Local\Temp\scoped_dir7204_1878102065\CRX_INSTALL\_locales\fa\messages.json

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:JSON data
                                          Category:dropped
                                          Size (bytes):1305
                                          Entropy (8bit):4.673517697192589
                                          Encrypted:false
                                          SSDEEP:24:1HAX9yM7oiI99Rwx4xyQakJbfAEJhmq/RlBu92P7FbNcgYVJ0:JM7ovex4xyQaKjAEyq/p7taX0
                                          MD5:097F3BA8DE41A0AAF436C783DCFE7EF3
                                          SHA1:986B8CABD794E08C7AD41F0F35C93E4824AC84DF
                                          SHA-256:7C4C09D19AC4DA30CC0F7F521825F44C4DFBC19482A127FBFB2B74B3468F48F1
                                          SHA-512:8114EA7422E3B20AE3F08A3A64A6FFE1517A7579A3243919B8F789EB52C68D6F5A591F7B4D16CEE4BD337FF4DAF4057D81695732E5F7D9E761D04F859359FADB
                                          Malicious:false
                                          Preview:{.. "createnew": {.. "message": "..... ... ....".. },.. "explanationofflinedisabled": {.. "message": "...... ...... .... ....... .. ....... Google .... ..... ........ .... ... .. .. ....... ... ..... .. ....... .. .... .... ....... Google ..... . .......... ...... .. .... .....".. },.. "explanationofflineenabled": {.. "message": "...... ..... ... ...... ......... ......... .. .. .. ..... ..... ...... .... .. ........ ..... ..... .....".. },.. "extdesc": {.. "message": "...... ............ . ........ .. ....... ..... . ...... .... . ... ... ..... .... ...... .. ........".. },.. "extname": {.. "message": "....... Google .

                                          C:\Users\user\AppData\Local\Temp\scoped_dir7204_1878102065\CRX_INSTALL\_locales\fi\messages.json

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:JSON data
                                          Category:dropped
                                          Size (bytes):911
                                          Entropy (8bit):4.6294343834070935
                                          Encrypted:false
                                          SSDEEP:12:1HASvguCBxNMME2BESA7gPQk36xCBxeMMcXYBt+CSU1pfazCBhUunV1tLaX5GI2N:1HAVioESAsPf36O3Xst/p3J8JeEY
                                          MD5:B38CBD6C2C5BFAA6EE252D573A0B12A1
                                          SHA1:2E490D5A4942D2455C3E751F96BD9960F93C4B60
                                          SHA-256:2D752A5DBE80E34EA9A18C958B4C754F3BC10D63279484E4DF5880B8FD1894D2
                                          SHA-512:6E65207F4D8212736059CC802C6A7104E71A9CC0935E07BD13D17EC46EA26D10BC87AD923CD84D78781E4F93231A11CB9ED8D3558877B6B0D52C07CB005F1C0C
                                          Malicious:false
                                          Preview:{.. "createnew": {.. "message": "LUO UUSI".. },.. "explanationofflinedisabled": {.. "message": "Olet offline-tilassa. Jos haluat k.ytt.. Google Docsia ilman internetyhteytt., siirry Google Docsin etusivulle ja ota asetuksissa k.ytt..n offline-synkronointi, kun seuraavan kerran olet yhteydess. internetiin.".. },.. "explanationofflineenabled": {.. "message": "Olet offline-tilassa. Voit kuitenkin muokata k.ytett.viss. olevia tiedostoja tai luoda uusia.".. },.. "extdesc": {.. "message": "Muokkaa, luo ja katso dokumentteja, laskentataulukoita ja esityksi. ilman internetyhteytt..".. },.. "extname": {.. "message": "Google Docsin offline-tila".. },.. "learnmore": {.. "message": "Lis.tietoja".. },.. "popuphelptext": {.. "message": "Kirjoita, muokkaa ja tee yhteisty.t. paikasta riippumatta, my.s ilman internetyhteytt..".. }..}..

                                          C:\Users\user\AppData\Local\Temp\scoped_dir7204_1878102065\CRX_INSTALL\_locales\fil\messages.json

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:JSON data
                                          Category:dropped
                                          Size (bytes):939
                                          Entropy (8bit):4.451724169062555
                                          Encrypted:false
                                          SSDEEP:24:1HAXbH2eZXn6sjLITdRSJpGL/gWFJ3sqixO:ubHfZqsHIT/FLL3qO
                                          MD5:FCEA43D62605860FFF41BE26BAD80169
                                          SHA1:F25C2CE893D65666CC46EA267E3D1AA080A25F5B
                                          SHA-256:F51EEB7AAF5F2103C1043D520E5A4DE0FA75E4DC375E23A2C2C4AFD4D9293A72
                                          SHA-512:F66F113A26E5BCF54B9AAFA69DAE3C02C9C59BD5B9A05F829C92AF208C06DC8CCC7A1875CBB7B7CE425899E4BA27BFE8CE2CDAF43A00A1B9F95149E855989EE0
                                          Malicious:false
                                          Preview:{.. "createnew": {.. "message": "GUMAWA NG BAGO".. },.. "explanationofflinedisabled": {.. "message": "Naka-offline ka. Upang magamit ang Google Docs nang walang koneksyon sa internet, pumunta sa mga setting sa homepage ng Google Docs at i-on ang offline na pag-sync sa susunod na nakakonekta ka sa internet.".. },.. "explanationofflineenabled": {.. "message": "Naka-offline ka, ngunit maaari mo pa ring i-edit ang mga available na file o gumawa ng mga bago.".. },.. "extdesc": {.. "message": "I-edit, gawin, at tingnan ang iyong mga dokumento, spreadsheet, at presentation . lahat ng ito nang walang access sa internet.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Matuto Pa".. },.. "popuphelptext": {.. "message": "Magsulat, mag-edit at makipag-collaborate nasaan ka man, nang mayroon o walang koneksyon sa internet.".. }..}..

                                          C:\Users\user\AppData\Local\Temp\scoped_dir7204_1878102065\CRX_INSTALL\_locales\fr\messages.json

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:JSON data
                                          Category:dropped
                                          Size (bytes):977
                                          Entropy (8bit):4.622066056638277
                                          Encrypted:false
                                          SSDEEP:24:1HAdy42ArMdsH50Jd6Z1PCBolXAJ+GgNHp0X16M1J1:EyfArMS2Jd6Z1PCBolX2+vNmX16Y1
                                          MD5:A58C0EEBD5DC6BB5D91DAF923BD3A2AA
                                          SHA1:F169870EEED333363950D0BCD5A46D712231E2AE
                                          SHA-256:0518287950A8B010FFC8D52554EB82E5D93B6C3571823B7CECA898906C11ABCC
                                          SHA-512:B04AFD61DE490BC838354E8DC6C22BE5C7AC6E55386FFF78489031ACBE2DBF1EAA2652366F7A1E62CE87CFCCB75576DA3B2645FEA1645B0ECEB38B1FA3A409E8
                                          Malicious:false
                                          Preview:{.. "createnew": {.. "message": "CR.ER".. },.. "explanationofflinedisabled": {.. "message": "Vous .tes hors connexion. Pour pouvoir utiliser Google.Docs sans connexion Internet, acc.dez aux param.tres de la page d'accueil de Google.Docs et activez la synchronisation hors connexion lors de votre prochaine connexion . Internet.".. },.. "explanationofflineenabled": {.. "message": "Vous .tes hors connexion, mais vous pouvez quand m.me modifier les fichiers disponibles ou cr.er des fichiers.".. },.. "extdesc": {.. "message": "Modifiez, cr.ez et consultez des documents, feuilles de calcul et pr.sentations, sans acc.s . Internet.".. },.. "extname": {.. "message": "Google.Docs hors connexion".. },.. "learnmore": {.. "message": "En savoir plus".. },.. "popuphelptext": {.. "message": "R.digez des documents, modifiez-les et collaborez o. que vous soyez, avec ou sans connexion Internet.".. }..}..

                                          C:\Users\user\AppData\Local\Temp\scoped_dir7204_1878102065\CRX_INSTALL\_locales\fr_CA\messages.json

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:JSON data
                                          Category:dropped
                                          Size (bytes):972
                                          Entropy (8bit):4.621319511196614
                                          Encrypted:false
                                          SSDEEP:24:1HAdyg2pwbv1V8Cd61PC/vT2fg3YHDyM1J1:EyHpwbpd61C/72Y3YOY1
                                          MD5:6CAC04BDCC09034981B4AB567B00C296
                                          SHA1:84F4D0E89E30ED7B7ACD7644E4867FFDB346D2A5
                                          SHA-256:4CAA46656ECC46A420AA98D3307731E84F5AC1A89111D2E808A228C436D83834
                                          SHA-512:160590B6EC3DCF48F3EA7A5BAA11A8F6FA4131059469623E00AD273606B468B3A6E56D199E97DAA0ECB6C526260EBAE008570223F2822811F441D1C900DC33D6
                                          Malicious:false
                                          Preview:{.. "createnew": {.. "message": "CR.ER".. },.. "explanationofflinedisabled": {.. "message": "Vous .tes hors connexion. Pour utiliser Google.Documents sans connexion Internet, acc.dez aux param.tres sur la page d'accueil Google.Documents et activez la synchronisation hors ligne la prochaine fois que vous .tes connect. . Internet.".. },.. "explanationofflineenabled": {.. "message": "Vous .tes hors connexion, mais vous pouvez toujours modifier les fichiers disponibles ou en cr.er.".. },.. "extdesc": {.. "message": "Modifiez, cr.ez et consultez vos documents, vos feuilles de calcul et vos pr.sentations, le tout sans acc.s . Internet.".. },.. "extname": {.. "message": "Google.Documents hors connexion".. },.. "learnmore": {.. "message": "En savoir plus".. },.. "popuphelptext": {.. "message": ".crivez, modifiez et collaborez o. que vous soyez, avec ou sans connexion Internet.".. }..}..

                                          C:\Users\user\AppData\Local\Temp\scoped_dir7204_1878102065\CRX_INSTALL\_locales\gl\messages.json

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:JSON data
                                          Category:dropped
                                          Size (bytes):990
                                          Entropy (8bit):4.497202347098541
                                          Encrypted:false
                                          SSDEEP:12:1HASvggECBxNbWVqMjlMgaPLqXPhTth0CBxebWbMRCSUCjAKFCSIj0tR7tCBhP1l:1HACzWsMlajIhJhHKWbFKFC0tR8oNK5
                                          MD5:6BAAFEE2F718BEFBC7CD58A04CCC6C92
                                          SHA1:CE0BDDDA2FA1F0AD222B604C13FF116CBB6D02CF
                                          SHA-256:0CF098DFE5BBB46FC0132B3CF0C54B06B4D2C8390D847EE2A65D20F9B7480F4C
                                          SHA-512:3DA23E74CD6CF9C0E2A0C4DBA60301281D362FB0A2A908F39A55ABDCA4CC69AD55638C63CC3BEFD44DC032F9CBB9E2FDC1B4C4ABE292917DF8272BA25B82AF20
                                          Malicious:false
                                          Preview:{.. "createnew": {.. "message": "CREAR NOVO".. },.. "explanationofflinedisabled": {.. "message": "Est.s sen conexi.n. Para utilizar Documentos de Google sen conexi.n a Internet, accede .s opci.ns de configuraci.n na p.xina de inicio de Documentos de Google e activa a sincronizaci.n sen conexi.n a pr.xima vez que esteas conectado a Internet.".. },.. "explanationofflineenabled": {.. "message": "Est.s sen conexi.n. A.nda podes editar os ficheiros dispo.ibles ou crear outros novos.".. },.. "extdesc": {.. "message": "Modifica, crea e consulta os teus documentos, follas de c.lculo e presentaci.ns sen necesidade de acceder a Internet.".. },.. "extname": {.. "message": "Documentos de Google sen conexi.n".. },.. "learnmore": {.. "message": "M.is informaci.n".. },.. "popuphelptext": {.. "message": "Escribe, edita e colabora esteas onde esteas, tanto se tes conexi.n a Internet como se non a tes.".. }..}..

                                          C:\Users\user\AppData\Local\Temp\scoped_dir7204_1878102065\CRX_INSTALL\_locales\gu\messages.json

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:JSON data
                                          Category:dropped
                                          Size (bytes):1658
                                          Entropy (8bit):4.294833932445159
                                          Encrypted:false
                                          SSDEEP:24:1HA3k3FzEVeXWuvLujNzAK11RiqRC2sA0O3cEiZ7dPRFFOPtZdK0A41yG3BczKT3:Q4pE4rCjNjw6/0y+5j8ZHA4PBSKr
                                          MD5:BC7E1D09028B085B74CB4E04D8A90814
                                          SHA1:E28B2919F000B41B41209E56B7BF3A4448456CFE
                                          SHA-256:FE8218DF25DB54E633927C4A1640B1A41B8E6CB3360FA386B5382F833B0B237C
                                          SHA-512:040A8267D67DB05BBAA52F1FAC3460F58D35C5B73AA76BBF17FA78ACC6D3BFB796A870DD44638F9AC3967E35217578A20D6F0B975CEEEEDBADFC9F65BE7E72C9
                                          Malicious:false
                                          Preview:{.. "createnew": {.. "message": ".... .....".. },.. "explanationofflinedisabled": {.. "message": "... ...... ... ........ ....... ... Google .......... ..... .... ...., ... .... .... ...... ........ .... ...... ... ...... Google ........ ...... .. ........ .. ... ... ...... ....... .... ....".. },.. "explanationofflineenabled": {.. "message": "... ...... .., ..... ... ... .. ...... ..... ....... ... ... .. .... ... ..... ... ...".. },.. "extdesc": {.. "message": "..... ........., ..

                                          C:\Users\user\AppData\Local\Temp\scoped_dir7204_1878102065\CRX_INSTALL\_locales\hi\messages.json

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:JSON data
                                          Category:dropped
                                          Size (bytes):1672
                                          Entropy (8bit):4.314484457325167
                                          Encrypted:false
                                          SSDEEP:48:46G2+ymELbLNzGVx/hXdDtxSRhqv7Qm6/7Lm:4GbxzGVzXdDtx+qzU/7C
                                          MD5:98A7FC3E2E05AFFFC1CFE4A029F47476
                                          SHA1:A17E077D6E6BA1D8A90C1F3FAF25D37B0FF5A6AD
                                          SHA-256:D2D1AFA224CDA388FF1DC8FAC24CDA228D7CE09DE5D375947D7207FA4A6C4F8D
                                          SHA-512:457E295C760ABFD29FC6BBBB7FC7D4959287BCA7FB0E3E99EB834087D17EED331DEF18138838D35C48C6DDC8A0134AFFFF1A5A24033F9B5607B355D3D48FDF88
                                          Malicious:false
                                          Preview:{.. "createnew": {.. "message": "... .....".. },.. "explanationofflinedisabled": {.. "message": ".. ...... .... ....... ....... .. .... Google ........ .. ..... .... .. ..., .... ... ....... .. ...... .... .. Google ........ .. ........ .. ...... ... .... .. ...... ....... .... .....".. },.. "explanationofflineenabled": {.. "message": ".. ...... ..., ..... .. .. .. ...... ...... ..... .. .... ... .. .. ...... ... .... ....".. },.. "extdesc": {.. "message": ".... .... ....... ...... ..

                                          C:\Users\user\AppData\Local\Temp\scoped_dir7204_1878102065\CRX_INSTALL\_locales\hr\messages.json

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:JSON data
                                          Category:dropped
                                          Size (bytes):935
                                          Entropy (8bit):4.6369398601609735
                                          Encrypted:false
                                          SSDEEP:24:1HA7sR5k/I+UX/hrcySxG1fIZ3tp/S/d6Gpb+D:YsE/I+UX/hVSxQ03f/Sj+D
                                          MD5:25CDFF9D60C5FC4740A48EF9804BF5C7
                                          SHA1:4FADECC52FB43AEC084DF9FF86D2D465FBEBCDC0
                                          SHA-256:73E6E246CEEAB9875625CD4889FBF931F93B7B9DEAA11288AE1A0F8A6E311E76
                                          SHA-512:EF00B08496427FEB5A6B9FB3FE2E5404525BE7C329D9DD2A417480637FD91885837D134A26980DCF9F61E463E6CB68F09A24402805807E656AF16B116A75E02C
                                          Malicious:false
                                          Preview:{.. "createnew": {.. "message": "IZRADI NOVI".. },.. "explanationofflinedisabled": {.. "message": "Vi ste izvan mre.e. Da biste koristili Google dokumente bez internetske veze, idite na postavke na po.etnoj stranici Google dokumenata i uklju.ite izvanmre.nu sinkronizaciju sljede.i put kada se pove.ete s internetom.".. },.. "explanationofflineenabled": {.. "message": "Vi ste izvan mre.e, no i dalje mo.ete ure.ivati dostupne datoteke i izra.ivati nove.".. },.. "extdesc": {.. "message": "Uredite, izradite i pregledajte dokumente, prora.unske tablice i prezentacije . sve bez pristupa internetu.".. },.. "extname": {.. "message": "Google dokumenti izvanmre.no".. },.. "learnmore": {.. "message": "Saznajte vi.e".. },.. "popuphelptext": {.. "message": "Pi.ite, ure.ujte i sura.ujte gdje god se nalazili, povezani s internetom ili izvanmre.no.".. }..}..

                                          C:\Users\user\AppData\Local\Temp\scoped_dir7204_1878102065\CRX_INSTALL\_locales\hu\messages.json

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:JSON data
                                          Category:dropped
                                          Size (bytes):1065
                                          Entropy (8bit):4.816501737523951
                                          Encrypted:false
                                          SSDEEP:24:1HA6J54gEYwFFMxv4gvyB9FzmxlsN147g/zJcYwJgrus4QY2jom:NJ54gEYwUmgKHFzmsG7izJcYOgKgYjm
                                          MD5:8930A51E3ACE3DD897C9E61A2AEA1D02
                                          SHA1:4108506500C68C054BA03310C49FA5B8EE246EA4
                                          SHA-256:958C0F664FCA20855FA84293566B2DDB7F297185619143457D6479E6AC81D240
                                          SHA-512:126B80CD3428C0BC459EEAAFCBE4B9FDE2541A57F19F3EC7346BAF449F36DC073A9CF015594A57203255941551B25F6FAA6D2C73C57C44725F563883FF902606
                                          Malicious:false
                                          Preview:{.. "createnew": {.. "message": ".J L.TREHOZ.SA".. },.. "explanationofflinedisabled": {.. "message": "Jelenleg offline .llapotban van. Ha a Google Dokumentumokat internetkapcsolat n.lk.l szeretn. haszn.lni, a legk.zelebbi internethaszn.lata sor.n nyissa meg a Google Dokumentumok kezd.oldal.n tal.lhat. be.ll.t.sokat, .s tiltsa le az offline szinkroniz.l.s be.ll.t.st.".. },.. "explanationofflineenabled": {.. "message": "Offline .llapotban van, de az el.rhet. f.jlokat .gy is szerkesztheti, valamint l.trehozhat .jakat.".. },.. "extdesc": {.. "message": "Szerkesszen, hozzon l.tre .s tekintsen meg dokumentumokat, t.bl.zatokat .s prezent.ci.kat . ak.r internetkapcsolat n.lk.l is.".. },.. "extname": {.. "message": "Google Dokumentumok Offline".. },.. "learnmore": {.. "message": "Tov.bbi inform.ci.".. },.. "popuphelptext": {.. "message": ".rjon, szerkesszen .s dolgozzon egy.tt m.sokkal

                                          C:\Users\user\AppData\Local\Temp\scoped_dir7204_1878102065\CRX_INSTALL\_locales\hy\messages.json

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:JSON data
                                          Category:dropped
                                          Size (bytes):2771
                                          Entropy (8bit):3.7629875118570055
                                          Encrypted:false
                                          SSDEEP:48:Y0Fx+eiYZBZ7K1ZZ/5QQxTuDLoFZaIZSK7lq0iC0mlMO6M3ih1oAgC:lF2BTz6N/
                                          MD5:55DE859AD778E0AA9D950EF505B29DA9
                                          SHA1:4479BE637A50C9EE8A2F7690AD362A6A8FFC59B2
                                          SHA-256:0B16E3F8BD904A767284345AE86A0A9927C47AFE89E05EA2B13AD80009BDF9E4
                                          SHA-512:EDAB2FCC14CABB6D116E9C2907B42CFBC34F1D9035F43E454F1F4D1F3774C100CBADF6B4C81B025810ED90FA91C22F1AEFE83056E4543D92527E4FE81C7889A8
                                          Malicious:false
                                          Preview:{"createnew":{"message":"\u054d\u054f\u0535\u0542\u053e\u0535\u053c \u0546\u0548\u0550"},"explanationofflinedisabled":{"message":"Google \u0553\u0561\u057d\u057f\u0561\u0569\u0572\u0569\u0565\u0580\u0568 \u0576\u0561\u0587 \u0561\u0576\u0581\u0561\u0576\u0581 \u057c\u0565\u056a\u056b\u0574\u0578\u0582\u0574 \u0585\u0563\u057f\u0561\u0563\u0578\u0580\u056e\u0565\u056c\u0578\u0582 \u0570\u0561\u0574\u0561\u0580 \u0574\u056b\u0561\u0581\u0565\u0584 \u0570\u0561\u0574\u0561\u0581\u0561\u0576\u0581\u056b\u0576, \u0562\u0561\u0581\u0565\u0584 \u056e\u0561\u057c\u0561\u0575\u0578\u0582\u0569\u0575\u0561\u0576 \u0563\u056c\u056d\u0561\u057e\u0578\u0580 \u0567\u057b\u0568, \u0561\u0576\u0581\u0565\u0584 \u056f\u0561\u0580\u0563\u0561\u057e\u0578\u0580\u0578\u0582\u0574\u0576\u0565\u0580 \u0587 \u0574\u056b\u0561\u0581\u0580\u0565\u0584 \u0561\u0576\u0581\u0561\u0576\u0581 \u0570\u0561\u0574\u0561\u056a\u0561\u0574\u0561\u0581\u0578\u0582\u0574\u0568:"},"explanationofflineenabled":{"message":"\u

                                          C:\Users\user\AppData\Local\Temp\scoped_dir7204_1878102065\CRX_INSTALL\_locales\id\messages.json

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:JSON data
                                          Category:dropped
                                          Size (bytes):858
                                          Entropy (8bit):4.474411340525479
                                          Encrypted:false
                                          SSDEEP:12:1HASvgJX4CBxNpXemNOAJRFqjRpCBxedIdjTi92OvbCSUuoi01uRwCBhUuvz1thK:1HARXzhXemNOQWGcEoeH1eXJNvT2
                                          MD5:34D6EE258AF9429465AE6A078C2FB1F5
                                          SHA1:612CAE151984449A4346A66C0A0DF4235D64D932
                                          SHA-256:E3C86DDD2EFEBE88EED8484765A9868202546149753E03A61EB7C28FD62CFCA1
                                          SHA-512:20427807B64A0F79A6349F8A923152D9647DA95C05DE19AD3A4BF7DB817E25227F3B99307C8745DD323A6591B515221BD2F1E92B6F1A1783BDFA7142E84601B1
                                          Malicious:false
                                          Preview:{.. "createnew": {.. "message": "BUAT BARU".. },.. "explanationofflinedisabled": {.. "message": "Anda sedang offline. Untuk menggunakan Google Dokumen tanpa koneksi internet, buka setelan di beranda Google Dokumen dan aktifkan sinkronisasi offline saat terhubung ke internet.".. },.. "explanationofflineenabled": {.. "message": "Anda sedang offline, namun Anda masih dapat mengedit file yang tersedia atau membuat file baru.".. },.. "extdesc": {.. "message": "Edit, buat, dan lihat dokumen, spreadsheet, dan presentasi . tanpa perlu akses internet.".. },.. "extname": {.. "message": "Google Dokumen Offline".. },.. "learnmore": {.. "message": "Pelajari Lebih Lanjut".. },.. "popuphelptext": {.. "message": "Tulis, edit, dan gabungkan di mana saja, dengan atau tanpa koneksi internet.".. }..}..

                                          C:\Users\user\AppData\Local\Temp\scoped_dir7204_1878102065\CRX_INSTALL\_locales\is\messages.json

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:JSON data
                                          Category:dropped
                                          Size (bytes):954
                                          Entropy (8bit):4.631887382471946
                                          Encrypted:false
                                          SSDEEP:12:YGXU2rOcxGe+J97f9TP2DBX9tMfxqbTMvOfWWgdraqlifVpm0Ekf95MwP9KkJ+je:YwBrD2J2DBLMfFuWvdpY94vioO+uh
                                          MD5:1F565FB1C549B18AF8BBFED8DECD5D94
                                          SHA1:B57F4BDAE06FF3DFC1EB3E56B6F2F204D6F63638
                                          SHA-256:E16325D1A641EF7421F2BAFCD6433D53543C89D498DD96419B03CBA60B9C7D60
                                          SHA-512:A60B8E042A9BCDCC136B87948E9924A0B24D67C6CA9803904B876F162A0AD82B9619F1316BE9FF107DD143B44F7E6F5DF604ABFE00818DEB40A7D62917CDA69F
                                          Malicious:false
                                          Preview:{"createnew":{"message":"B\u00daA TIL N\u00ddTT"},"explanationofflinedisabled":{"message":"\u00de\u00fa ert \u00e1n nettengingar. Til a\u00f0 nota Google skj\u00f6l \u00e1n nettengingar skaltu opna stillingarnar \u00e1 heimas\u00ed\u00f0u Google skjala og virkja samstillingu \u00e1n nettengingar n\u00e6st \u00feegar \u00fe\u00fa tengist netinu."},"explanationofflineenabled":{"message":"Engin nettenging. \u00de\u00fa getur samt sem \u00e1\u00f0ur breytt tilt\u00e6kum skr\u00e1m e\u00f0a b\u00fai\u00f0 til n\u00fdjar."},"extdesc":{"message":"Breyttu, b\u00fa\u00f0u til og sko\u00f0a\u00f0u skj\u00f6lin \u00fe\u00edn, t\u00f6flureikna og kynningar \u2014 allt \u00e1n nettengingar."},"extname":{"message":"Google skj\u00f6l \u00e1n nettengingar"},"learnmore":{"message":"Frekari uppl\u00fdsingar"},"popuphelptext":{"message":"Skrifa\u00f0u, breyttu og starfa\u00f0u me\u00f0 \u00f6\u00f0rum hvort sem nettenging er til sta\u00f0ar e\u00f0a ekki."}}.

                                          C:\Users\user\AppData\Local\Temp\scoped_dir7204_1878102065\CRX_INSTALL\_locales\it\messages.json

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:JSON data
                                          Category:dropped
                                          Size (bytes):899
                                          Entropy (8bit):4.474743599345443
                                          Encrypted:false
                                          SSDEEP:12:1HASvggrCBxNp8WJOJJrJ3WytVCBxep3bjP5CSUCjV8AgJJm2CBhr+z1tWgjqEOW:1HANXJOTBFtKa8Agju4NB3j
                                          MD5:0D82B734EF045D5FE7AA680B6A12E711
                                          SHA1:BD04F181E4EE09F02CD53161DCABCEF902423092
                                          SHA-256:F41862665B13C0B4C4F562EF1743684CCE29D4BCF7FE3EA494208DF253E33885
                                          SHA-512:01F305A280112482884485085494E871C66D40C0B03DE710B4E5F49C6A478D541C2C1FDA2CEAF4307900485946DEE9D905851E98A2EB237642C80D464D1B3ADA
                                          Malicious:false
                                          Preview:{.. "createnew": {.. "message": "CREA NUOVO".. },.. "explanationofflinedisabled": {.. "message": "Sei offline. Per utilizzare Documenti Google senza una connessione Internet, apri le impostazioni nella home page di Documenti Google e attiva la sincronizzazione offline la prossima volta che ti colleghi a Internet.".. },.. "explanationofflineenabled": {.. "message": "Sei offline, ma puoi comunque modificare i file disponibili o crearne di nuovi.".. },.. "extdesc": {.. "message": "Modifica, crea e visualizza documenti, fogli di lavoro e presentazioni, senza accesso a Internet.".. },.. "extname": {.. "message": "Documenti Google offline".. },.. "learnmore": {.. "message": "Ulteriori informazioni".. },.. "popuphelptext": {.. "message": "Scrivi, modifica e collabora ovunque ti trovi, con o senza una connessione Internet.".. }..}..

                                          C:\Users\user\AppData\Local\Temp\scoped_dir7204_1878102065\CRX_INSTALL\_locales\iw\messages.json

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:JSON data
                                          Category:dropped
                                          Size (bytes):2230
                                          Entropy (8bit):3.8239097369647634
                                          Encrypted:false
                                          SSDEEP:24:YIiTVLrLD1MEzMEH82LBLjO5YaQEqLytLLBm3dnA5LcqLWAU75yxFLcx+UxWRJLI:YfTFf589rZNgNA12Qzt4/zRz2vc
                                          MD5:26B1533C0852EE4661EC1A27BD87D6BF
                                          SHA1:18234E3ABAF702DF9330552780C2F33B83A1188A
                                          SHA-256:BBB81C32F482BA3216C9B1189C70CEF39CA8C2181AF3538FFA07B4C6AD52F06A
                                          SHA-512:450BFAF0E8159A4FAE309737EA69CA8DD91CAAFD27EF662087C4E7716B2DCAD3172555898E75814D6F11487F4F254DE8625EF0CFEA8DF0133FC49E18EC7FD5D2
                                          Malicious:false
                                          Preview:{"createnew":{"message":"\u05d9\u05e6\u05d9\u05e8\u05ea \u05d7\u05d3\u05e9"},"explanationofflinedisabled":{"message":"\u05d0\u05d9\u05df \u05dc\u05da \u05d7\u05d9\u05d1\u05d5\u05e8 \u05dc\u05d0\u05d9\u05e0\u05d8\u05e8\u05e0\u05d8. \u05db\u05d3\u05d9 \u05dc\u05d4\u05e9\u05ea\u05de\u05e9 \u05d1-Google Docs \u05dc\u05dc\u05d0 \u05d7\u05d9\u05d1\u05d5\u05e8 \u05dc\u05d0\u05d9\u05e0\u05d8\u05e8\u05e0\u05d8, \u05d1\u05d4\u05ea\u05d7\u05d1\u05e8\u05d5\u05ea \u05d4\u05d1\u05d0\u05d4 \u05dc\u05d0\u05d9\u05e0\u05d8\u05e8\u05e0\u05d8, \u05d9\u05e9 \u05dc\u05e2\u05d1\u05d5\u05e8 \u05dc\u05e7\u05d8\u05e2 \u05d4\u05d4\u05d2\u05d3\u05e8\u05d5\u05ea \u05d1\u05d3\u05e3 \u05d4\u05d1\u05d9\u05ea \u05e9\u05dc Google Docs \u05d5\u05dc\u05d4\u05e4\u05e2\u05d9\u05dc \u05e1\u05e0\u05db\u05e8\u05d5\u05df \u05d1\u05de\u05e6\u05d1 \u05d0\u05d5\u05e4\u05dc\u05d9\u05d9\u05df."},"explanationofflineenabled":{"message":"\u05d0\u05d9\u05df \u05dc\u05da \u05d7\u05d9\u05d1\u05d5\u05e8 \u05dc\u05d0\u05d9\u05e0\u05d8\u05e

                                          C:\Users\user\AppData\Local\Temp\scoped_dir7204_1878102065\CRX_INSTALL\_locales\ja\messages.json

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:JSON data
                                          Category:dropped
                                          Size (bytes):1160
                                          Entropy (8bit):5.292894989863142
                                          Encrypted:false
                                          SSDEEP:24:1HAoc3IiRF1viQ1RF3CMP3rnicCCAFrr1Oo0Y5ReXCCQkb:Dc3zF7F3CMTnOCAFVLHXCFb
                                          MD5:15EC1963FC113D4AD6E7E59AE5DE7C0A
                                          SHA1:4017FC6D8B302335469091B91D063B07C9E12109
                                          SHA-256:34AC08F3C4F2D42962A3395508818B48CA323D22F498738CC9F09E78CB197D73
                                          SHA-512:427251F471FA3B759CA1555E9600C10F755BC023701D058FF661BEC605B6AB94CFB3456C1FEA68D12B4D815FFBAFABCEB6C12311DD1199FC783ED6863AF97C0F
                                          Malicious:false
                                          Preview:{.. "createnew": {.. "message": "....".. },.. "explanationofflinedisabled": {.. "message": "....................... Google ............................... Google .............. [..] .......[.......] ...........".. },.. "explanationofflineenabled": {.. "message": ".............................................".. },.. "extdesc": {.. "message": ".........................................................".. },.. "extname": {.. "message": "Google ..... ......".. },.. "learnmore": {.. "message": "..".. },.. "popuphelp

                                          C:\Users\user\AppData\Local\Temp\scoped_dir7204_1878102065\CRX_INSTALL\_locales\ka\messages.json

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:JSON data
                                          Category:dropped
                                          Size (bytes):3264
                                          Entropy (8bit):3.586016059431306
                                          Encrypted:false
                                          SSDEEP:48:YGFbhVhVn0nM/XGbQTvxnItVJW/476CFdqaxWNlR:HFbhV/n0MfGbw875FkaANlR
                                          MD5:83F81D30913DC4344573D7A58BD20D85
                                          SHA1:5AD0E91EA18045232A8F9DF1627007FE506A70E0
                                          SHA-256:30898BBF51BDD58DB397FF780F061E33431A38EF5CFC288B5177ECF76B399F26
                                          SHA-512:85F97F12AD4482B5D9A6166BB2AE3C4458A582CF575190C71C1D8E0FB87C58482F8C0EFEAD56E3A70EDD42BED945816DB5E07732AD27B8FFC93F4093710DD58F
                                          Malicious:false
                                          Preview:{"createnew":{"message":"\u10d0\u10ee\u10da\u10d8\u10e1 \u10e8\u10d4\u10e5\u10db\u10dc\u10d0"},"explanationofflinedisabled":{"message":"\u10d7\u10e5\u10d5\u10d4\u10dc \u10ee\u10d0\u10d6\u10d2\u10d0\u10e0\u10d4\u10e8\u10d4 \u10ee\u10d0\u10e0\u10d7. Google Docs-\u10d8\u10e1 \u10d8\u10dc\u10e2\u10d4\u10e0\u10dc\u10d4\u10e2\u10d7\u10d0\u10dc \u10d9\u10d0\u10d5\u10e8\u10d8\u10e0\u10d8\u10e1 \u10d2\u10d0\u10e0\u10d4\u10e8\u10d4 \u10d2\u10d0\u10db\u10dd\u10e1\u10d0\u10e7\u10d4\u10dc\u10d4\u10d1\u10da\u10d0\u10d3 \u10d2\u10d0\u10d3\u10d0\u10d3\u10d8\u10d7 \u10de\u10d0\u10e0\u10d0\u10db\u10d4\u10e2\u10e0\u10d4\u10d1\u10d6\u10d4 Google Docs-\u10d8\u10e1 \u10db\u10d7\u10d0\u10d5\u10d0\u10e0 \u10d2\u10d5\u10d4\u10e0\u10d3\u10d6\u10d4 \u10d3\u10d0 \u10e9\u10d0\u10e0\u10d7\u10d4\u10d7 \u10ee\u10d0\u10d6\u10d2\u10d0\u10e0\u10d4\u10e8\u10d4 \u10e1\u10d8\u10dc\u10e5\u10e0\u10dd\u10dc\u10d8\u10d6\u10d0\u10ea\u10d8\u10d0, \u10e0\u10dd\u10d3\u10d4\u10e1\u10d0\u10ea \u10e8\u10d4\u10db\u10d3\u10d2\u10dd\u10

                                          C:\Users\user\AppData\Local\Temp\scoped_dir7204_1878102065\CRX_INSTALL\_locales\kk\messages.json

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:JSON data
                                          Category:dropped
                                          Size (bytes):3235
                                          Entropy (8bit):3.6081439490236464
                                          Encrypted:false
                                          SSDEEP:96:H3E+6rOEAbeHTln2EQ77Uayg45RjhCSj+OyRdM7AE9qdV:HXcR/nQXUayYV
                                          MD5:2D94A58795F7B1E6E43C9656A147AD3C
                                          SHA1:E377DB505C6924B6BFC9D73DC7C02610062F674E
                                          SHA-256:548DC6C96E31A16CE355DC55C64833B08EF3FBA8BF33149031B4A685959E3AF4
                                          SHA-512:F51CC857E4CF2D4545C76A2DCE7D837381CE59016E250319BF8D39718BE79F9F6EE74EA5A56DE0E8759E4E586D93430D51651FC902376D8A5698628E54A0F2D8
                                          Malicious:false
                                          Preview:{"createnew":{"message":"\u0416\u0410\u04a2\u0410\u0421\u042b\u041d \u0416\u0410\u0421\u0410\u0423"},"explanationofflinedisabled":{"message":"\u0421\u0456\u0437 \u043e\u0444\u043b\u0430\u0439\u043d \u0440\u0435\u0436\u0438\u043c\u0456\u043d\u0434\u0435\u0441\u0456\u0437. Google Docs \u049b\u043e\u043b\u0434\u0430\u043d\u0431\u0430\u0441\u044b\u043d \u0436\u0435\u043b\u0456 \u0431\u0430\u0439\u043b\u0430\u043d\u044b\u0441\u044b\u043d\u0441\u044b\u0437 \u049b\u043e\u043b\u0434\u0430\u043d\u0443 \u04af\u0448\u0456\u043d, \u043a\u0435\u043b\u0435\u0441\u0456 \u0436\u043e\u043b\u044b \u0436\u0435\u043b\u0456\u0433\u0435 \u049b\u043e\u0441\u044b\u043b\u0493\u0430\u043d\u0434\u0430, Google Docs \u043d\u0435\u0433\u0456\u0437\u0433\u0456 \u0431\u0435\u0442\u0456\u043d\u0435\u043d \u043f\u0430\u0440\u0430\u043c\u0435\u0442\u0440\u043b\u0435\u0440 \u0431\u04e9\u043b\u0456\u043c\u0456\u043d \u043a\u0456\u0440\u0456\u043f, \u043e\u0444\u043b\u0430\u0439\u043d \u0440\u0435\u0436\u0438\u043c\u0456\u

                                          C:\Users\user\AppData\Local\Temp\scoped_dir7204_1878102065\CRX_INSTALL\_locales\km\messages.json

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:JSON data
                                          Category:dropped
                                          Size (bytes):3122
                                          Entropy (8bit):3.891443295908904
                                          Encrypted:false
                                          SSDEEP:96:/OOrssRU6Bg7VSdL+zsCfoZiWssriWqo2gx7RRCos2sEeBkS7Zesg:H5GRZlXsGdo
                                          MD5:B3699C20A94776A5C2F90AEF6EB0DAD9
                                          SHA1:1F9B968B0679A20FA097624C9ABFA2B96C8C0BEA
                                          SHA-256:A6118F0A0DE329E07C01F53CD6FB4FED43E54C5F53DB4CD1C7F5B2B4D9FB10E6
                                          SHA-512:1E8D15B8BFF1D289434A244172F9ED42B4BB6BCB6372C1F300B01ACEA5A88167E97FEDABA0A7AE3BEB5E24763D1B09046AE8E30745B80E2E2FE785C94DF362F6
                                          Malicious:false
                                          Preview:{"createnew":{"message":"\u1794\u1784\u17d2\u1780\u17be\u178f\u200b\u1790\u17d2\u1798\u17b8"},"explanationofflinedisabled":{"message":"\u17a2\u17d2\u1793\u1780\u200b\u1782\u17d2\u1798\u17b6\u1793\u200b\u17a2\u17ca\u17b8\u1793\u1792\u17ba\u178e\u17b7\u178f\u17d4 \u178a\u17be\u1798\u17d2\u1794\u17b8\u200b\u1794\u17d2\u179a\u17be Google \u17af\u1780\u179f\u17b6\u179a\u200b\u1794\u17b6\u1793\u200b\u200b\u178a\u17c4\u1799\u200b\u200b\u1798\u17b7\u1793\u1798\u17b6\u1793\u200b\u200b\u200b\u17a2\u17ca\u17b8\u1793\u1792\u17ba\u178e\u17b7\u178f \u179f\u17bc\u1798\u200b\u200b\u1791\u17c5\u200b\u1780\u17b6\u1793\u17cb\u200b\u1780\u17b6\u179a\u200b\u1780\u17c6\u178e\u178f\u17cb\u200b\u1793\u17c5\u200b\u179b\u17be\u200b\u1782\u17c1\u17a0\u1791\u17c6\u1796\u17d0\u179a Google \u17af\u1780\u179f\u17b6\u179a \u1793\u17b7\u1784\u200b\u1794\u17be\u1780\u200b\u1780\u17b6\u179a\u1792\u17d2\u179c\u17be\u200b\u179f\u1798\u1780\u17b6\u179b\u1780\u1798\u17d2\u1798\u200b\u200b\u200b\u1782\u17d2\u1798\u17b6\u1793

                                          C:\Users\user\AppData\Local\Temp\scoped_dir7204_1878102065\CRX_INSTALL\_locales\kn\messages.json

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:JSON data
                                          Category:dropped
                                          Size (bytes):1880
                                          Entropy (8bit):4.295185867329351
                                          Encrypted:false
                                          SSDEEP:48:SHYGuEETiuF6OX5tCYFZt5GurMRRevsY4tVZIGnZRxlKT6/UGG:yYG8iuF6yTCYFH5GjLPtVZVZRxOZZ
                                          MD5:8E16966E815C3C274EEB8492B1EA6648
                                          SHA1:7482ED9F1C9FD9F6F9BA91AB15921B19F64C9687
                                          SHA-256:418FF53FCA505D54268413C796E4DF80E947A09F399AB222A90B81E93113D5B5
                                          SHA-512:85B28202E874B1CF45B37BA05B87B3D8D6FE38E89C6011C4240CF6B563EA6DA60181D712CCE20D07C364F4A266A4EC90C4934CC8B7BB2013CB3B22D755796E38
                                          Malicious:false
                                          Preview:{.. "createnew": {.. "message": "........ .....".. },.. "explanationofflinedisabled": {.. "message": ".... ..................... ......... ............. Google ...... ....., Google ...... ............ ............... .... ..... ...... .... .... ............ ............. ........ ..... ... .....".. },.. "explanationofflineenabled": {.. "message": ".... ...................., .... .... .... ......... ........... ............ .... ........ .........."..

                                          C:\Users\user\AppData\Local\Temp\scoped_dir7204_1878102065\CRX_INSTALL\_locales\ko\messages.json

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:JSON data
                                          Category:dropped
                                          Size (bytes):1042
                                          Entropy (8bit):5.3945675025513955
                                          Encrypted:false
                                          SSDEEP:24:1HAWYsF4dqNfBQH49Hk8YfIhYzTJ+6WJBtl/u4s+6:ZF4wNfvm87mX4LF6
                                          MD5:F3E59EEEB007144EA26306C20E04C292
                                          SHA1:83E7BDFA1F18F4C7534208493C3FF6B1F2F57D90
                                          SHA-256:C52D9B955D229373725A6E713334BBB31EA72EFA9B5CF4FBD76A566417B12CAC
                                          SHA-512:7808CB5FF041B002CBD78171EC5A0B4DBA3E017E21F7E8039084C2790F395B839BEE04AD6C942EED47CCB53E90F6DE818A725D1450BF81BA2990154AFD3763AF
                                          Malicious:false
                                          Preview:{.. "createnew": {.. "message": ".. ...".. },.. "explanationofflinedisabled": {.. "message": ".... ...... ... .. .. Google Docs. ..... Google Docs .... .... .... .... .... ..... . .... .... ..... ......".. },.. "explanationofflineenabled": {.. "message": ".... ...... ... .. ... ... ..... ... ... .. . .....".. },.. "extdesc": {.. "message": ".... .... ... .., ...... . ....... .., .., ......".. },.. "extname": {.. "message": "Google Docs ....".. },.. "learnmore": {.. "message": "... ....".. },.. "popuphelptext": {.. "message": "... .. ... .... ..... .... .... .....

                                          C:\Users\user\AppData\Local\Temp\scoped_dir7204_1878102065\CRX_INSTALL\_locales\lo\messages.json

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:JSON data
                                          Category:dropped
                                          Size (bytes):2535
                                          Entropy (8bit):3.8479764584971368
                                          Encrypted:false
                                          SSDEEP:48:YRcHe/4raK1EIlZt1wg62FIOg+xGaF8guI5EP9I2yC:+cs4raK1xlZtOgviOfGaF8RI5EP95b
                                          MD5:E20D6C27840B406555E2F5091B118FC5
                                          SHA1:0DCECC1A58CEB4936E255A64A2830956BFA6EC14
                                          SHA-256:89082FB05229826BC222F5D22C158235F025F0E6DF67FF135A18BD899E13BB8F
                                          SHA-512:AD53FC0B153005F47F9F4344DF6C4804049FAC94932D895FD02EEBE75222CFE77EEDD9CD3FDC4C88376D18C5972055B00190507AA896488499D64E884F84F093
                                          Malicious:false
                                          Preview:{"createnew":{"message":"\u0eaa\u0ec9\u0eb2\u0e87\u0ec3\u0edd\u0ec8"},"explanationofflinedisabled":{"message":"\u0e97\u0ec8\u0eb2\u0e99\u0ead\u0ead\u0e9a\u0ea5\u0eb2\u0e8d\u0ea2\u0eb9\u0ec8. \u0ec0\u0e9e\u0eb7\u0ec8\u0ead\u0ec3\u0e8a\u0ec9 Google Docs \u0ec2\u0e94\u0e8d\u0e9a\u0ecd\u0ec8\u0ec0\u0e8a\u0eb7\u0ec8\u0ead\u0ea1\u0e95\u0ecd\u0ec8\u0ead\u0eb4\u0e99\u0ec0\u0e95\u0eb5\u0ec0\u0e99\u0eb1\u0e94, \u0ec3\u0eab\u0ec9\u0ec4\u0e9b\u0e97\u0eb5\u0ec8\u0e81\u0eb2\u0e99\u0e95\u0eb1\u0ec9\u0e87\u0e84\u0ec8\u0eb2\u0ec3\u0e99\u0edc\u0ec9\u0eb2 Google Docs \u0ec1\u0ea5\u0ec9\u0ea7\u0ec0\u0e9b\u0eb5\u0e94\u0ec3\u0e8a\u0ec9\u0e81\u0eb2\u0e99\u0e8a\u0eb4\u0ec9\u0e87\u0ec1\u0e9a\u0e9a\u0ead\u0ead\u0e9a\u0ea5\u0eb2\u0e8d\u0ec3\u0e99\u0ec0\u0e97\u0eb7\u0ec8\u0ead\u0e95\u0ecd\u0ec8\u0ec4\u0e9b\u0e97\u0eb5\u0ec8\u0e97\u0ec8\u0eb2\u0e99\u0ec0\u0e8a\u0eb7\u0ec8\u0ead\u0ea1\u0e95\u0ecd\u0ec8\u0ead\u0eb4\u0e99\u0ec0\u0e95\u0eb5\u0ec0\u0e99\u0eb1\u0e94."},"explanationofflineenabled":{"message":"\u0e97\u0ec

                                          C:\Users\user\AppData\Local\Temp\scoped_dir7204_1878102065\CRX_INSTALL\_locales\lt\messages.json

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:JSON data
                                          Category:dropped
                                          Size (bytes):1028
                                          Entropy (8bit):4.797571191712988
                                          Encrypted:false
                                          SSDEEP:24:1HAivZZaJ3Rje394+k7IKgpAJjUpSkiQjuRBMd:fZZahBeu7IKgqeMg
                                          MD5:970544AB4622701FFDF66DC556847652
                                          SHA1:14BEE2B77EE74C5E38EBD1DB09E8D8104CF75317
                                          SHA-256:5DFCBD4DFEAEC3ABE973A78277D3BD02CD77AE635D5C8CD1F816446C61808F59
                                          SHA-512:CC12D00C10B970189E90D47390EEB142359A8D6F3A9174C2EF3AE0118F09C88AB9B689D9773028834839A7DFAF3AAC6747BC1DCB23794A9F067281E20B8DC6EA
                                          Malicious:false
                                          Preview:{.. "createnew": {.. "message": "SUKURTI NAUJ.".. },.. "explanationofflinedisabled": {.. "message": "Esate neprisijung.. Jei norite naudoti .Google. dokumentus be interneto ry.io, pagrindiniame .Google. dokument. puslapyje eikite . nustatym. skilt. ir .junkite sinchronizavim. neprisijungus, kai kit. kart. b.site prisijung. prie interneto.".. },.. "explanationofflineenabled": {.. "message": "Esate neprisijung., bet vis tiek galite redaguoti pasiekiamus failus arba sukurti nauj..".. },.. "extdesc": {.. "message": "Redaguokite, kurkite ir per.i.r.kite savo dokumentus, skai.iuokles ir pristatymus . visk. darykite be prieigos prie interneto.".. },.. "extname": {.. "message": ".Google. dokumentai neprisijungus".. },.. "learnmore": {.. "message": "Su.inoti daugiau".. },.. "popuphelptext": {.. "message": "Ra.ykite, redaguokite ir bendradarbiaukite bet kurioje vietoje naudodami interneto ry.. arba

                                          C:\Users\user\AppData\Local\Temp\scoped_dir7204_1878102065\CRX_INSTALL\_locales\lv\messages.json

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:JSON data
                                          Category:dropped
                                          Size (bytes):994
                                          Entropy (8bit):4.700308832360794
                                          Encrypted:false
                                          SSDEEP:24:1HAaJ7a/uNpoB/Y4vPnswSPkDzLKFQHpp//BpPDB:7J7a/uzQ/Y4vvswhDzDr/LDB
                                          MD5:A568A58817375590007D1B8ABCAEBF82
                                          SHA1:B0F51FE6927BB4975FC6EDA7D8A631BF0C1AB597
                                          SHA-256:0621DE9161748F45D53052ED8A430962139D7F19074C7FFE7223ECB06B0B87DB
                                          SHA-512:FCFBADEC9F73975301AB404DB6B09D31457FAC7CCAD2FA5BE348E1CAD6800F87CB5B56DE50880C55BBADB3C40423351A6B5C2D03F6A327D898E35F517B1C628C
                                          Malicious:false
                                          Preview:{.. "createnew": {.. "message": "IZVEIDOT JAUNU".. },.. "explanationofflinedisabled": {.. "message": "J.s esat bezsaist.. Lai lietotu pakalpojumu Google dokumenti bez interneta savienojuma, n.kamaj. reiz., kad ir izveidots savienojums ar internetu, atveriet Google dokumentu s.kumlapas iestat.jumu izv.lni un iesl.dziet sinhroniz.ciju bezsaist..".. },.. "explanationofflineenabled": {.. "message": "J.s esat bezsaist., ta.u varat redi..t pieejamos failus un izveidot jaunus.".. },.. "extdesc": {.. "message": "Redi..jiet, veidojiet un skatiet savus dokumentus, izkl.jlapas un prezent.cijas, neizmantojot savienojumu ar internetu.".. },.. "extname": {.. "message": "Google dokumenti bezsaist.".. },.. "learnmore": {.. "message": "Uzziniet vair.k".. },.. "popuphelptext": {.. "message": "Rakstiet, redi..jiet un sadarbojieties ar interneta savienojumu vai bez t. neatkar.gi no t., kur atrodaties.".. }..}..

                                          C:\Users\user\AppData\Local\Temp\scoped_dir7204_1878102065\CRX_INSTALL\_locales\ml\messages.json

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:JSON data
                                          Category:dropped
                                          Size (bytes):2091
                                          Entropy (8bit):4.358252286391144
                                          Encrypted:false
                                          SSDEEP:24:1HAnHdGc4LtGxVY6IuVzJkeNL5kP13a67wNcYP8j5PIaSTIjPU4ELFPCWJjMupV/:idGcyYPVtkAUl7wqziBsg9DbpN6XoN/
                                          MD5:4717EFE4651F94EFF6ACB6653E868D1A
                                          SHA1:B8A7703152767FBE1819808876D09D9CC1C44450
                                          SHA-256:22CA9415E294D9C3EC3384B9D08CDAF5164AF73B4E4C251559E09E529C843EA6
                                          SHA-512:487EAB4938F6BC47B1D77DD47A5E2A389B94E01D29849E38E96C95CABC7BD98679451F0E22D3FEA25C045558CD69FDDB6C4FEF7C581141F1C53C4AA17578D7F7
                                          Malicious:false
                                          Preview:{.. "createnew": {.. "message": "....... ............".. },.. "explanationofflinedisabled": {.. "message": "...... ........... ........... ............. ..... Google ....... ..........., Google ....... .......... ............. .... ...... ...... ... ............... .................... '.......... ................' .........".. },.. "explanationofflineenabled": {.. "message": "................., .......... ......... ....... ...... ..............

                                          C:\Users\user\AppData\Local\Temp\scoped_dir7204_1878102065\CRX_INSTALL\_locales\mn\messages.json

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:JSON data
                                          Category:dropped
                                          Size (bytes):2778
                                          Entropy (8bit):3.595196082412897
                                          Encrypted:false
                                          SSDEEP:48:Y943BFU1LQ4HwQLQ4LQhlmVQL3QUm6H6ZgFIcwn6Rs2ShpQ3IwjGLQSJ/PYoEQj8:I43BCymz8XNcfuQDXYN2sum
                                          MD5:83E7A14B7FC60D4C66BF313C8A2BEF0B
                                          SHA1:1CCF1D79CDED5D65439266DB58480089CC110B18
                                          SHA-256:613D8751F6CC9D3FA319F4B7EA8B2BD3BED37FD077482CA825929DD7C12A69A8
                                          SHA-512:3742E24FFC4B5283E6EE496813C1BDC6835630D006E8647D427C3DE8B8E7BF814201ADF9A27BFAB3ABD130B6FEC64EBB102AC0EB8DEDFE7B63D82D3E1233305D
                                          Malicious:false
                                          Preview:{"createnew":{"message":"\u0428\u0418\u041d\u0418\u0419\u0413 \u04ae\u04ae\u0421\u0413\u042d\u0425"},"explanationofflinedisabled":{"message":"\u0422\u0430 \u043e\u0444\u043b\u0430\u0439\u043d \u0431\u0430\u0439\u043d\u0430. Google \u0414\u043e\u043a\u044b\u0433 \u0438\u043d\u0442\u0435\u0440\u043d\u044d\u0442\u0433\u04af\u0439\u0433\u044d\u044d\u0440 \u0430\u0448\u0438\u0433\u043b\u0430\u0445\u044b\u043d \u0442\u0443\u043b\u0434 \u0434\u0430\u0440\u0430\u0430\u0433\u0438\u0439\u043d \u0443\u0434\u0430\u0430 \u0438\u043d\u0442\u0435\u0440\u043d\u044d\u0442\u044d\u0434 \u0445\u043e\u043b\u0431\u043e\u0433\u0434\u043e\u0445\u0434\u043e\u043e Google \u0414\u043e\u043a\u044b\u043d \u043d\u04af\u04af\u0440 \u0445\u0443\u0443\u0434\u0430\u0441\u043d\u0430\u0430\u0441 \u0442\u043e\u0445\u0438\u0440\u0433\u043e\u043e \u0434\u043e\u0442\u043e\u0440\u0445 \u043e\u0444\u043b\u0430\u0439\u043d \u0441\u0438\u043d\u043a\u0438\u0439\u0433 \u0438\u0434\u044d\u0432\u0445\u0436\u04af\u04af\u043b\u043d\u0

                                          C:\Users\user\AppData\Local\Temp\scoped_dir7204_1878102065\CRX_INSTALL\_locales\mr\messages.json

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:JSON data
                                          Category:dropped
                                          Size (bytes):1719
                                          Entropy (8bit):4.287702203591075
                                          Encrypted:false
                                          SSDEEP:48:65/5EKaDMw6pEf4I5+jSksOTJqQyrFO8C:65/5EKaAw6pEf4I5+vsOVqQyFO8C
                                          MD5:3B98C4ED8874A160C3789FEAD5553CFA
                                          SHA1:5550D0EC548335293D962AAA96B6443DD8ABB9F6
                                          SHA-256:ADEB082A9C754DFD5A9D47340A3DDCC19BF9C7EFA6E629A2F1796305F1C9A66F
                                          SHA-512:5139B6C6DF9459C7B5CDC08A98348891499408CD75B46519BA3AC29E99AAAFCC5911A1DEE6C3A57E3413DBD0FAE72D7CBC676027248DCE6364377982B5CE4151
                                          Malicious:false
                                          Preview:{.. "createnew": {.. "message": ".... .... ...".. },.. "explanationofflinedisabled": {.. "message": "...... ...... ..... ......... ....... ....... ..... Google ....... ............, Google ....... .............. .......... .. ... ..... .... ...... ......... ...... ...... ...... .... .... ....".. },.. "explanationofflineenabled": {.. "message": "...... ...... ...., ..... ...... ...... ...... .... ....... ... ..... .... .... ... .....".. },.. "extdesc": {.. "message": "..... ..

                                          C:\Users\user\AppData\Local\Temp\scoped_dir7204_1878102065\CRX_INSTALL\_locales\ms\messages.json

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:JSON data
                                          Category:dropped
                                          Size (bytes):936
                                          Entropy (8bit):4.457879437756106
                                          Encrypted:false
                                          SSDEEP:24:1HARXIqhmemNKsE27rhdfNLChtyo2JJ/YgTgin:iIqFC7lrDfNLCIBRzn
                                          MD5:7D273824B1E22426C033FF5D8D7162B7
                                          SHA1:EADBE9DBE5519BD60458B3551BDFC36A10049DD1
                                          SHA-256:2824CF97513DC3ECC261F378BFD595AE95A5997E9D1C63F5731A58B1F8CD54F9
                                          SHA-512:E5B611BBFAB24C9924D1D5E1774925433C65C322769E1F3B116254B1E9C69B6DF1BE7828141EEBBF7524DD179875D40C1D8F29C4FB86D663B8A365C6C60421A7
                                          Malicious:false
                                          Preview:{.. "createnew": {.. "message": "BUAT BAHARU".. },.. "explanationofflinedisabled": {.. "message": "Anda berada di luar talian. Untuk menggunakan Google Docs tanpa sambungan Internet, pergi ke tetapan di halaman utama Google Docs dan hidupkan penyegerakan luar talian apabila anda disambungkan ke Internet selepas ini.".. },.. "explanationofflineenabled": {.. "message": "Anda berada di luar talian, tetapi anda masih boleh mengedit fail yang tersedia atau buat fail baharu.".. },.. "extdesc": {.. "message": "Edit, buat dan lihat dokumen, hamparan dan pembentangan anda . kesemuanya tanpa akses Internet.".. },.. "extname": {.. "message": "Google Docs Luar Talian".. },.. "learnmore": {.. "message": "Ketahui Lebih Lanjut".. },.. "popuphelptext": {.. "message": "Tulis, edit dan bekerjasama di mana-mana sahaja anda berada, dengan atau tanpa sambungan Internet.".. }..}..

                                          C:\Users\user\AppData\Local\Temp\scoped_dir7204_1878102065\CRX_INSTALL\_locales\my\messages.json

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:JSON data
                                          Category:dropped
                                          Size (bytes):3830
                                          Entropy (8bit):3.5483353063347587
                                          Encrypted:false
                                          SSDEEP:48:Ya+Ivxy6ur1+j3P7Xgr5ELkpeCgygyOxONHO3pj6H57ODyOXOVp6:8Uspsj3P3ty2a66xl09
                                          MD5:342335A22F1886B8BC92008597326B24
                                          SHA1:2CB04F892E430DCD7705C02BF0A8619354515513
                                          SHA-256:243BEFBD6B67A21433DCC97DC1A728896D3A070DC20055EB04D644E1BB955FE7
                                          SHA-512:CD344D060E30242E5A4705547E807CE3CE2231EE983BB9A8AD22B3E7598A7EC87399094B04A80245AD51D039370F09D74FE54C0B0738583884A73F0C7E888AD8
                                          Malicious:false
                                          Preview:{"createnew":{"message":"\u1021\u101e\u1005\u103a \u1015\u103c\u102f\u101c\u102f\u1015\u103a\u101b\u1014\u103a"},"explanationofflinedisabled":{"message":"\u101e\u1004\u103a \u1021\u1031\u102c\u1037\u1016\u103a\u101c\u102d\u102f\u1004\u103a\u1038\u1016\u103c\u1005\u103a\u1014\u1031\u1015\u102b\u101e\u100a\u103a\u104b \u1021\u1004\u103a\u1010\u102c\u1014\u1000\u103a\u1001\u103b\u102d\u1010\u103a\u1006\u1000\u103a\u1019\u103e\u102f \u1019\u101b\u103e\u102d\u1018\u1032 Google Docs \u1000\u102d\u102f \u1021\u101e\u102f\u1036\u1038\u1015\u103c\u102f\u101b\u1014\u103a \u1014\u1031\u102c\u1000\u103a\u1010\u1005\u103a\u1000\u103c\u102d\u1019\u103a \u101e\u1004\u103a\u1021\u1004\u103a\u1010\u102c\u1014\u1000\u103a\u1001\u103b\u102d\u1010\u103a\u1006\u1000\u103a\u101e\u100a\u1037\u103a\u1021\u1001\u102b Google Docs \u1015\u1004\u103a\u1019\u1005\u102c\u1019\u103b\u1000\u103a\u1014\u103e\u102c\u101b\u103e\u102d \u1006\u1000\u103a\u1010\u1004\u103a\u1019\u103b\u102c\u1038\u101e\u102d\u102f\u1037\u1

                                          C:\Users\user\AppData\Local\Temp\scoped_dir7204_1878102065\CRX_INSTALL\_locales\ne\messages.json

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:JSON data
                                          Category:dropped
                                          Size (bytes):1898
                                          Entropy (8bit):4.187050294267571
                                          Encrypted:false
                                          SSDEEP:24:1HAmQ6ZSWfAx6fLMr48tE/cAbJtUZJScSIQoAfboFMiQ9pdvz48YgqG:TQ6W6MbkcAltUJxQdfbqQ9pp0gqG
                                          MD5:B1083DA5EC718D1F2F093BD3D1FB4F37
                                          SHA1:74B6F050D918448396642765DEF1AD5390AB5282
                                          SHA-256:E6ED0A023EF31705CCCBAF1E07F2B4B2279059296B5CA973D2070417BA16F790
                                          SHA-512:7102B90ABBE2C811E8EE2F1886A73B1298D4F3D5D05F0FFDB57CF78B9A49A25023A290B255BAA4895BB150B388BAFD9F8432650B8C70A1A9A75083FFFCD74F1A
                                          Malicious:false
                                          Preview:{.. "createnew": {.. "message": ".... ....... .........".. },.. "explanationofflinedisabled": {.. "message": "..... ...... .......... .... ........ .... .... Google ........ ...... .... ..... ..... ... .......... ....... .... Google ........ .......... ..... .......... .. ...... ..... .... ..... ......... .. ..........".. },.. "explanationofflineenabled": {.. "message": "..... ...... ........., .. ..... ... ... ...... ....... ....... .. .... ....... ....

                                          C:\Users\user\AppData\Local\Temp\scoped_dir7204_1878102065\CRX_INSTALL\_locales\nl\messages.json

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:JSON data
                                          Category:dropped
                                          Size (bytes):914
                                          Entropy (8bit):4.513485418448461
                                          Encrypted:false
                                          SSDEEP:12:1HASvgFARCBxNBv52/fXjOXl6W6ICBxeBvMzU1CSUJAO6SFAIVIbCBhZHdb1tvz+:1HABJx4X6QDwEzlm2uGvYzKU
                                          MD5:32DF72F14BE59A9BC9777113A8B21DE6
                                          SHA1:2A8D9B9A998453144307DD0B700A76E783062AD0
                                          SHA-256:F3FE1FFCB182183B76E1B46C4463168C746A38E461FD25CA91FF2A40846F1D61
                                          SHA-512:E0966F5CCA5A8A6D91C58D716E662E892D1C3441DAA5D632E5E843839BB989F620D8AC33ED3EDBAFE18D7306B40CD0C4639E5A4E04DA2C598331DACEC2112AAD
                                          Malicious:false
                                          Preview:{.. "createnew": {.. "message": "NIEUW MAKEN".. },.. "explanationofflinedisabled": {.. "message": "Je bent offline. Wil je Google Documenten zonder internetverbinding gebruiken, ga dan de volgende keer dat je verbinding met internet hebt naar 'Instellingen' op de homepage van Google Documenten en zet 'Offline synchronisatie' aan.".. },.. "explanationofflineenabled": {.. "message": "Je bent offline, maar je kunt nog wel beschikbare bestanden bewerken of nieuwe bestanden maken.".. },.. "extdesc": {.. "message": "Bewerk, maak en bekijk je documenten, spreadsheets en presentaties. Allemaal zonder internettoegang.".. },.. "extname": {.. "message": "Offline Documenten".. },.. "learnmore": {.. "message": "Meer informatie".. },.. "popuphelptext": {.. "message": "Overal schrijven, bewerken en samenwerken, met of zonder internetverbinding.".. }..}..

                                          C:\Users\user\AppData\Local\Temp\scoped_dir7204_1878102065\CRX_INSTALL\_locales\no\messages.json

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:JSON data
                                          Category:dropped
                                          Size (bytes):878
                                          Entropy (8bit):4.4541485835627475
                                          Encrypted:false
                                          SSDEEP:24:1HAqwwrJ6wky68uk+NILxRGJwBvDyrj9V:nwwQwky6W+NwswVyT
                                          MD5:A1744B0F53CCF889955B95108367F9C8
                                          SHA1:6A5A6771DFF13DCB4FD425ED839BA100B7123DE0
                                          SHA-256:21CEFF02B45A4BFD60D144879DFA9F427949A027DD49A3EB0E9E345BD0B7C9A8
                                          SHA-512:F55E43F14514EECB89F6727A0D3C234149609020A516B193542B5964D2536D192F40CC12D377E70C683C269A1BDCDE1C6A0E634AA84A164775CFFE776536A961
                                          Malicious:false
                                          Preview:{.. "createnew": {.. "message": "OPPRETT NYTT".. },.. "explanationofflinedisabled": {.. "message": "Du er uten nett. For . bruke Google Dokumenter uten internettilkobling, g. til innstillingene p. Google Dokumenter-nettsiden og sl. p. synkronisering uten nett neste gang du er koblet til Internett.".. },.. "explanationofflineenabled": {.. "message": "Du er uten nett, men du kan likevel endre tilgjengelige filer eller opprette nye.".. },.. "extdesc": {.. "message": "Rediger, opprett og se dokumentene, regnearkene og presentasjonene dine . uten nettilgang.".. },.. "extname": {.. "message": "Google Dokumenter uten nett".. },.. "learnmore": {.. "message": "Finn ut mer".. },.. "popuphelptext": {.. "message": "Skriv, rediger eller samarbeid uansett hvor du er, med eller uten internettilkobling.".. }..}..

                                          C:\Users\user\AppData\Local\Temp\scoped_dir7204_1878102065\CRX_INSTALL\_locales\pa\messages.json

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:JSON data
                                          Category:dropped
                                          Size (bytes):2766
                                          Entropy (8bit):3.839730779948262
                                          Encrypted:false
                                          SSDEEP:48:YEH6/o0iZbNCbDMUcipdkNtQjsGKIhO9aBjj/nxt9o5nDAj3:p6wbZbEbvJ8jQkIhO9aBjb/90Ab
                                          MD5:97F769F51B83D35C260D1F8CFD7990AF
                                          SHA1:0D59A76564B0AEE31D0A074305905472F740CECA
                                          SHA-256:BBD37D41B7DE6F93948FA2437A7699D4C30A3C39E736179702F212CB36A3133C
                                          SHA-512:D91F5E2D22FC2D7F73C1F1C4AF79DB98FCFD1C7804069AE9B2348CBC729A6D2DFF7FB6F44D152B0BDABA6E0D05DFF54987E8472C081C4D39315CEC2CBC593816
                                          Malicious:false
                                          Preview:{"createnew":{"message":"\u0a28\u0a35\u0a3e\u0a02 \u0a2c\u0a23\u0a3e\u0a13"},"explanationofflinedisabled":{"message":"\u0a24\u0a41\u0a38\u0a40\u0a02 \u0a06\u0a2b\u0a3c\u0a32\u0a3e\u0a08\u0a28 \u0a39\u0a4b\u0964 \u0a07\u0a70\u0a1f\u0a30\u0a28\u0a48\u0a71\u0a1f \u0a15\u0a28\u0a48\u0a15\u0a36\u0a28 \u0a26\u0a47 \u0a2c\u0a3f\u0a28\u0a3e\u0a02 Google Docs \u0a28\u0a42\u0a70 \u0a35\u0a30\u0a24\u0a23 \u0a32\u0a08, \u0a05\u0a17\u0a32\u0a40 \u0a35\u0a3e\u0a30 \u0a1c\u0a26\u0a4b\u0a02 \u0a24\u0a41\u0a38\u0a40\u0a02 \u0a07\u0a70\u0a1f\u0a30\u0a28\u0a48\u0a71\u0a1f \u0a26\u0a47 \u0a28\u0a3e\u0a32 \u0a15\u0a28\u0a48\u0a15\u0a1f \u0a39\u0a4b\u0a35\u0a4b \u0a24\u0a3e\u0a02 Google Docs \u0a2e\u0a41\u0a71\u0a16 \u0a2a\u0a70\u0a28\u0a47 '\u0a24\u0a47 \u0a38\u0a48\u0a1f\u0a3f\u0a70\u0a17\u0a3e\u0a02 \u0a35\u0a3f\u0a71\u0a1a \u0a1c\u0a3e\u0a13 \u0a05\u0a24\u0a47 \u0a06\u0a2b\u0a3c\u0a32\u0a3e\u0a08\u0a28 \u0a38\u0a3f\u0a70\u0a15 \u0a28\u0a42\u0a70 \u0a1a\u0a3e\u0a32\u0a42 \u0a15\u0a30\u0a4b\u0964"},"expla

                                          C:\Users\user\AppData\Local\Temp\scoped_dir7204_1878102065\CRX_INSTALL\_locales\pl\messages.json

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:JSON data
                                          Category:dropped
                                          Size (bytes):978
                                          Entropy (8bit):4.879137540019932
                                          Encrypted:false
                                          SSDEEP:24:1HApiJiRelvm3wi8QAYcbm24sK+tFJaSDD:FJMx3whxYcbNp
                                          MD5:B8D55E4E3B9619784AECA61BA15C9C0F
                                          SHA1:B4A9C9885FBEB78635957296FDDD12579FEFA033
                                          SHA-256:E00FF20437599A5C184CA0C79546CB6500171A95E5F24B9B5535E89A89D3EC3D
                                          SHA-512:266589116EEE223056391C65808255EDAE10EB6DC5C26655D96F8178A41E283B06360AB8E08AC3857D172023C4F616EF073D0BEA770A3B3DD3EE74F5FFB2296B
                                          Malicious:false
                                          Preview:{.. "createnew": {.. "message": "UTW.RZ NOWY".. },.. "explanationofflinedisabled": {.. "message": "Jeste. offline. Aby korzysta. z Dokument.w Google bez po..czenia internetowego, otw.rz ustawienia na stronie g..wnej Dokument.w Google i w..cz synchronizacj. offline nast.pnym razem, gdy b.dziesz mie. dost.p do internetu.".. },.. "explanationofflineenabled": {.. "message": "Jeste. offline, ale nadal mo.esz edytowa. dost.pne pliki i tworzy. nowe.".. },.. "extdesc": {.. "message": "Edytuj, tw.rz i wy.wietlaj swoje dokumenty, arkusze kalkulacyjne oraz prezentacje bez konieczno.ci ..czenia si. z internetem.".. },.. "extname": {.. "message": "Dokumenty Google offline".. },.. "learnmore": {.. "message": "Wi.cej informacji".. },.. "popuphelptext": {.. "message": "Pisz, edytuj i wsp..pracuj, gdziekolwiek jeste. . niezale.nie od tego, czy masz po..czenie z internetem.".. }..}..

                                          C:\Users\user\AppData\Local\Temp\scoped_dir7204_1878102065\CRX_INSTALL\_locales\pt_BR\messages.json

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:JSON data
                                          Category:dropped
                                          Size (bytes):907
                                          Entropy (8bit):4.599411354657937
                                          Encrypted:false
                                          SSDEEP:12:1HASvgU30CBxNd6GwXOK1styCJ02OK9+4KbCBxed6X4LBAt4rXgUCSUuYDHIIQka:1HAcXlyCJ5+Tsz4LY4rXSw/Q+ftkC
                                          MD5:608551F7026E6BA8C0CF85D9AC11F8E3
                                          SHA1:87B017B2D4DA17E322AF6384F82B57B807628617
                                          SHA-256:A73EEA087164620FA2260D3910D3FBE302ED85F454EDB1493A4F287D42FC882F
                                          SHA-512:82F52F8591DB3C0469CC16D7CBFDBF9116F6D5B5D2AD02A3D8FA39CE1378C64C0EA80AB8509519027F71A89EB8BBF38A8702D9AD26C8E6E0F499BF7DA18BF747
                                          Malicious:false
                                          Preview:{.. "createnew": {.. "message": "CRIAR NOVO".. },.. "explanationofflinedisabled": {.. "message": "Voc. est. off-line. Para usar o Documentos Google sem conex.o com a Internet, na pr.xima vez que se conectar, acesse as configura..es na p.gina inicial do Documentos Google e ative a sincroniza..o off-line.".. },.. "explanationofflineenabled": {.. "message": "Voc. est. off-line, mas mesmo assim pode editar os arquivos dispon.veis ou criar novos arquivos.".. },.. "extdesc": {.. "message": "Edite, crie e veja seus documentos, planilhas e apresenta..es sem precisar de acesso . Internet.".. },.. "extname": {.. "message": "Documentos Google off-line".. },.. "learnmore": {.. "message": "Saiba mais".. },.. "popuphelptext": {.. "message": "Escreva, edite e colabore onde voc. estiver, com ou sem conex.o com a Internet.".. }..}..

                                          C:\Users\user\AppData\Local\Temp\scoped_dir7204_1878102065\CRX_INSTALL\_locales\pt_PT\messages.json

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:JSON data
                                          Category:dropped
                                          Size (bytes):914
                                          Entropy (8bit):4.604761241355716
                                          Encrypted:false
                                          SSDEEP:24:1HAcXzw8M+N0STDIjxX+qxCjKw5BKriEQFMJXkETs:zXzw0pKXbxqKw5BKri3aNY
                                          MD5:0963F2F3641A62A78B02825F6FA3941C
                                          SHA1:7E6972BEAB3D18E49857079A24FB9336BC4D2D48
                                          SHA-256:E93B8E7FB86D2F7DFAE57416BB1FB6EE0EEA25629B972A5922940F0023C85F90
                                          SHA-512:22DD42D967124DA5A2209DD05FB6AD3F5D0D2687EA956A22BA1E31C56EC09DEB53F0711CD5B24D672405358502E9D1C502659BB36CED66CAF83923B021CA0286
                                          Malicious:false
                                          Preview:{.. "createnew": {.. "message": "CRIAR NOVO".. },.. "explanationofflinedisabled": {.. "message": "Est. offline. Para utilizar o Google Docs sem uma liga..o . Internet, aceda .s defini..es na p.gina inicial do Google Docs e ative a sincroniza..o offline da pr.xima vez que estiver ligado . Internet.".. },.. "explanationofflineenabled": {.. "message": "Est. offline, mas continua a poder editar os ficheiros dispon.veis ou criar novos ficheiros.".. },.. "extdesc": {.. "message": "Edite, crie e veja os documentos, as folhas de c.lculo e as apresenta..es, tudo sem precisar de aceder . Internet.".. },.. "extname": {.. "message": "Google Docs offline".. },.. "learnmore": {.. "message": "Saber mais".. },.. "popuphelptext": {.. "message": "Escreva edite e colabore onde quer que esteja, com ou sem uma liga..o . Internet.".. }..}..

                                          C:\Users\user\AppData\Local\Temp\scoped_dir7204_1878102065\CRX_INSTALL\_locales\ro\messages.json

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:JSON data
                                          Category:dropped
                                          Size (bytes):937
                                          Entropy (8bit):4.686555713975264
                                          Encrypted:false
                                          SSDEEP:24:1HA8dC6e6w+uFPHf2TFMMlecFpweWV4RE:pC6KvHf4plVweCx
                                          MD5:BED8332AB788098D276B448EC2B33351
                                          SHA1:6084124A2B32F386967DA980CBE79DD86742859E
                                          SHA-256:085787999D78FADFF9600C9DC5E3FF4FB4EB9BE06D6BB19DF2EEF8C284BE7B20
                                          SHA-512:22596584D10707CC1C8179ED3ABE46EF2C314CF9C3D0685921475944B8855AAB660590F8FA1CFDCE7976B4BB3BD9ABBBF053F61F1249A325FD0094E1C95692ED
                                          Malicious:false
                                          Preview:{.. "createnew": {.. "message": "CREEAZ. UN DOCUMENT".. },.. "explanationofflinedisabled": {.. "message": "E.ti offline. Pentru a utiliza Documente Google f.r. conexiune la internet, intr. .n set.rile din pagina principal. Documente Google .i activeaz. sincronizarea offline data viitoare c.nd e.ti conectat(.) la internet.".. },.. "explanationofflineenabled": {.. "message": "E.ti offline, dar po.i .nc. s. editezi fi.ierele disponibile sau s. creezi altele.".. },.. "extdesc": {.. "message": "Editeaz., creeaz. .i acceseaz. documente, foi de calcul .i prezent.ri - totul f.r. acces la internet.".. },.. "extname": {.. "message": "Documente Google Offline".. },.. "learnmore": {.. "message": "Afl. mai multe".. },.. "popuphelptext": {.. "message": "Scrie, editeaz. .i colaboreaz. oriunde ai fi, cu sau f.r. conexiune la internet.".. }..}..

                                          C:\Users\user\AppData\Local\Temp\scoped_dir7204_1878102065\CRX_INSTALL\_locales\ru\messages.json

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:JSON data
                                          Category:dropped
                                          Size (bytes):1337
                                          Entropy (8bit):4.69531415794894
                                          Encrypted:false
                                          SSDEEP:24:1HABEapHTEmxUomjsfDVs8THjqBK8/hHUg41v+Lph5eFTHQ:I/VdxUomjsre8Kh4Riph5eFU
                                          MD5:51D34FE303D0C90EE409A2397FCA437D
                                          SHA1:B4B9A7B19C62D0AA95D1F10640A5FBA628CCCA12
                                          SHA-256:BE733625ACD03158103D62BC0EEF272CA3F265AC30C87A6A03467481A177DAE3
                                          SHA-512:E8670DED44DC6EE30E5F41C8B2040CF8A463CD9A60FC31FA70EB1D4C9AC1A3558369792B5B86FA761A21F5266D5A35E5C2C39297F367DAA84159585C19EC492A
                                          Malicious:false
                                          Preview:{.. "createnew": {.. "message": ".......".. },.. "explanationofflinedisabled": {.. "message": "..... ............ Google ......... ... ........., ............ . .... . ......... ............. . ......-...... . .......... .. ......... .........".. },.. "explanationofflineenabled": {.. "message": "... ........... . .......... .. ...... ......... ..... ..... . ............. .., . ....... ........ ......-.......".. },.. "extdesc": {.. "message": ".........., .............. . ............ ........., ....... . ........... ... ....... . ..........".. },.. "extname": {.. "message": "Google.......... ......".. },.. "learnmore": {.

                                          C:\Users\user\AppData\Local\Temp\scoped_dir7204_1878102065\CRX_INSTALL\_locales\si\messages.json

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:JSON data
                                          Category:dropped
                                          Size (bytes):2846
                                          Entropy (8bit):3.7416822879702547
                                          Encrypted:false
                                          SSDEEP:48:YWi+htQTKEQb3aXQYJLSWy7sTQThQTnQtQTrEmQ6kiLsegQSJFwsQGaiPn779I+S:zhiTK5b3tUGVjTGTnQiTryOLpyaxYf/S
                                          MD5:B8A4FD612534A171A9A03C1984BB4BDD
                                          SHA1:F513F7300827FE352E8ECB5BD4BB1729F3A0E22A
                                          SHA-256:54241EBE651A8344235CC47AFD274C080ABAEBC8C3A25AFB95D8373B6A5670A2
                                          SHA-512:C03E35BFDE546AEB3245024EF721E7E606327581EFE9EAF8C5B11989D9033BDB58437041A5CB6D567BAA05466B6AAF054C47F976FD940EEEDF69FDF80D79095B
                                          Malicious:false
                                          Preview:{"createnew":{"message":"\u0db1\u0dc0 \u0dbd\u0dda\u0d9b\u0db1\u0dba\u0d9a\u0dca \u0dc3\u0dcf\u0daf\u0db1\u0dca\u0db1"},"explanationofflinedisabled":{"message":"\u0d94\u0db6 \u0db1\u0ddc\u0db6\u0dd0\u0db3\u0dd2\u0dba. \u0d85\u0db1\u0dca\u0dad\u0dbb\u0dca\u0da2\u0dcf\u0dbd \u0dc3\u0db8\u0dca\u0db6\u0db1\u0dca\u0db0\u0dad\u0dcf\u0dc0\u0d9a\u0dca \u0db1\u0ddc\u0db8\u0dd0\u0dad\u0dd2\u0dc0 Google Docs \u0db7\u0dcf\u0dc0\u0dd2\u0dad \u0d9a\u0dd2\u0dbb\u0dd3\u0db8\u0da7, Google Docs \u0db8\u0dd4\u0dbd\u0dca \u0db4\u0dd2\u0da7\u0dd4\u0dc0 \u0db8\u0dad \u0dc3\u0dd0\u0d9a\u0dc3\u0dd3\u0db8\u0dca \u0dc0\u0dd9\u0dad \u0d9c\u0ddc\u0dc3\u0dca \u0d94\u0db6 \u0d8a\u0dc5\u0d9f \u0d85\u0dc0\u0dc3\u0dca\u0dae\u0dcf\u0dc0\u0dda \u0d85\u0db1\u0dca\u0dad\u0dbb\u0dca\u0da2\u0dcf\u0dbd\u0dba\u0da7 \u0dc3\u0db6\u0dd0\u0db3\u0dd2 \u0dc0\u0dd2\u0da7 \u0db1\u0ddc\u0db6\u0dd0\u0db3\u0dd2 \u0dc3\u0db8\u0db8\u0dd4\u0dc4\u0dd4\u0dbb\u0dca\u0dad \u0d9a\u0dd2\u0dbb\u0dd3\u0db8 \u0d9a\u0dca\u200d\u0dbb\u0dd2\u0dba\u0dc

                                          C:\Users\user\AppData\Local\Temp\scoped_dir7204_1878102065\CRX_INSTALL\_locales\sk\messages.json

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:JSON data
                                          Category:dropped
                                          Size (bytes):934
                                          Entropy (8bit):4.882122893545996
                                          Encrypted:false
                                          SSDEEP:24:1HAF8pMv1RS4LXL22IUjdh8uJwpPqLDEtxKLhSS:hyv1RS4LXx38u36QsS
                                          MD5:8E55817BF7A87052F11FE554A61C52D5
                                          SHA1:9ABDC0725FE27967F6F6BE0DF5D6C46E2957F455
                                          SHA-256:903060EC9E76040B46DEB47BBB041D0B28A6816CB9B892D7342FC7DC6782F87C
                                          SHA-512:EFF9EC7E72B272DDE5F29123653BC056A4BC2C3C662AE3C448F8CB6A4D1865A0679B7E74C1B3189F3E262109ED6BC8F8D2BDE14AEFC8E87E0F785AE4837D01C7
                                          Malicious:false
                                          Preview:{.. "createnew": {.. "message": "VYTVORI. NOV.".. },.. "explanationofflinedisabled": {.. "message": "Ste offline. Ak chcete pou.i. Dokumenty Google bez pripojenia na internet, po najbli..om pripojen. na internet prejdite do nastaven. na domovskej str.nke Dokumentov Google a.zapnite offline synchroniz.ciu.".. },.. "explanationofflineenabled": {.. "message": "Ste offline, no st.le m..ete upravova. dostupn. s.bory a.vytv.ra. nov..".. },.. "extdesc": {.. "message": ".prava, tvorba a.zobrazenie dokumentov, tabuliek a.prezent.ci.. To v.etko bez pr.stupu na internet.".. },.. "extname": {.. "message": "Dokumenty Google v re.ime offline".. },.. "learnmore": {.. "message": ".al.ie inform.cie".. },.. "popuphelptext": {.. "message": "P..te, upravujte a.spolupracuje, kdeko.vek ste, a.to s.pripojen.m na internet aj bez neho.".. }..}..

                                          C:\Users\user\AppData\Local\Temp\scoped_dir7204_1878102065\CRX_INSTALL\_locales\sl\messages.json

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:JSON data
                                          Category:dropped
                                          Size (bytes):963
                                          Entropy (8bit):4.6041913416245
                                          Encrypted:false
                                          SSDEEP:12:1HASvgfECBxNFCEuKXowwJrpvPwNgEcPJJJEfWOCBxeFCJuGuU4KYXCSUXKDxX4A:1HAXMKYw8VYNLcaeDmKYLdX2zJBG5
                                          MD5:BFAEFEFF32813DF91C56B71B79EC2AF4
                                          SHA1:F8EDA2B632610972B581724D6B2F9782AC37377B
                                          SHA-256:AAB9CF9098294A46DC0F2FA468AFFF7CA7C323A1A0EFA70C9DB1E3A4DA05D1D4
                                          SHA-512:971F2BBF5E9C84DE3D31E5F2A4D1A00D891A2504F8AF6D3F75FC19056BFD059A270C4C9836AF35258ABA586A1888133FB22B484F260C1CBC2D1D17BC3B4451AA
                                          Malicious:false
                                          Preview:{.. "createnew": {.. "message": "USTVARI NOVO".. },.. "explanationofflinedisabled": {.. "message": "Nimate vzpostavljene povezave. .e .elite uporabljati Google Dokumente brez internetne povezave, odprite nastavitve na doma.i strani Google Dokumentov in vklopite sinhronizacijo brez povezave, ko naslednji. vzpostavite internetno povezavo.".. },.. "explanationofflineenabled": {.. "message": "Nimate vzpostavljene povezave, vendar lahko .e vedno urejate razpolo.ljive datoteke ali ustvarjate nove.".. },.. "extdesc": {.. "message": "Urejajte, ustvarjajte in si ogledujte dokumente, preglednice in predstavitve . vse to brez internetnega dostopa.".. },.. "extname": {.. "message": "Google Dokumenti brez povezave".. },.. "learnmore": {.. "message": "Ve. o tem".. },.. "popuphelptext": {.. "message": "Pi.ite, urejajte in sodelujte, kjer koli ste, z internetno povezavo ali brez nje.".. }..}..

                                          C:\Users\user\AppData\Local\Temp\scoped_dir7204_1878102065\CRX_INSTALL\_locales\sr\messages.json

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:JSON data
                                          Category:dropped
                                          Size (bytes):1320
                                          Entropy (8bit):4.569671329405572
                                          Encrypted:false
                                          SSDEEP:24:1HArg/fjQg2JwrfZtUWTrw1P4epMnRGi5TBmuPDRxZQ/XtiCw/Rwh/Q9EVz:ogUg2JwDZe6rwKI8VTP9xK1CwhI94
                                          MD5:7F5F8933D2D078618496C67526A2B066
                                          SHA1:B7050E3EFA4D39548577CF47CB119FA0E246B7A4
                                          SHA-256:4E8B69E864F57CDDD4DC4E4FAF2C28D496874D06016BC22E8D39E0CB69552769
                                          SHA-512:0FBAB56629368EEF87DEEF2977CA51831BEB7DEAE98E02504E564218425C751853C4FDEAA40F51ECFE75C633128B56AE105A6EB308FD5B4A2E983013197F5DBA
                                          Malicious:false
                                          Preview:{.. "createnew": {.. "message": "....... ....".. },.. "explanationofflinedisabled": {.. "message": "...... .... .. ..... ......... Google ......... ... ........ ...., ..... . .......... .. ........ ........ Google .......... . ........ ...... .............. ... ....... ... ...... ........ .. ...........".. },.. "explanationofflineenabled": {.. "message": "...... ..., ... . .... ...... .. ....... ...... . ........ ........ ... .. ....... .....".. },.. "extdesc": {.. "message": "....... . ........... ........., ...... . ............ . ....... ...... . ... . ... .. ... ........ .........".. },.. "extname": {.. "message

                                          C:\Users\user\AppData\Local\Temp\scoped_dir7204_1878102065\CRX_INSTALL\_locales\sv\messages.json

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:JSON data
                                          Category:dropped
                                          Size (bytes):884
                                          Entropy (8bit):4.627108704340797
                                          Encrypted:false
                                          SSDEEP:24:1HA0NOYT/6McbnX/yzklyOIPRQrJlvDymvBd:vNOcyHnX/yg0P4Bymn
                                          MD5:90D8FB448CE9C0B9BA3D07FB8DE6D7EE
                                          SHA1:D8688CAC0245FD7B886D0DEB51394F5DF8AE7E84
                                          SHA-256:64B1E422B346AB77C5D1C77142685B3FF7661D498767D104B0C24CB36D0EB859
                                          SHA-512:6D58F49EE3EF0D3186EA036B868B2203FE936CE30DC8E246C32E90B58D9B18C624825419346B62AF8F7D61767DBE9721957280AA3C524D3A5DFB1A3A76C00742
                                          Malicious:false
                                          Preview:{.. "createnew": {.. "message": "SKAPA NYTT".. },.. "explanationofflinedisabled": {.. "message": "Du .r offline. Om du vill anv.nda Google Dokument utan internetuppkoppling, .ppna inst.llningarna p. Google Dokuments startsida och aktivera offlinesynkronisering n.sta g.ng du .r ansluten till internet.".. },.. "explanationofflineenabled": {.. "message": "Du .r offline, men det g.r fortfarande att redigera tillg.ngliga filer eller skapa nya.".. },.. "extdesc": {.. "message": "Redigera, skapa och visa dina dokument, kalkylark och presentationer . helt utan internet.tkomst.".. },.. "extname": {.. "message": "Google Dokument Offline".. },.. "learnmore": {.. "message": "L.s mer".. },.. "popuphelptext": {.. "message": "Skriv, redigera och samarbeta .verallt, med eller utan internetanslutning.".. }..}..

                                          C:\Users\user\AppData\Local\Temp\scoped_dir7204_1878102065\CRX_INSTALL\_locales\sw\messages.json

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:JSON data
                                          Category:dropped
                                          Size (bytes):980
                                          Entropy (8bit):4.50673686618174
                                          Encrypted:false
                                          SSDEEP:12:1HASvgNHCBxNx1HMHyMhybK7QGU78oCuafIvfCBxex6EYPE5E1pOCSUJqONtCBh8:1HAGDQ3y0Q/Kjp/zhDoKMkeAT6dBaX
                                          MD5:D0579209686889E079D87C23817EDDD5
                                          SHA1:C4F99E66A5891973315D7F2BC9C1DAA524CB30DC
                                          SHA-256:0D20680B74AF10EF8C754FCDE259124A438DCE3848305B0CAF994D98E787D263
                                          SHA-512:D59911F91ED6C8FF78FD158389B4D326DAF4C031B940C399569FE210F6985E23897E7F404B7014FC7B0ACEC086C01CC5F76354F7E5D3A1E0DEDEF788C23C2978
                                          Malicious:false
                                          Preview:{.. "createnew": {.. "message": "FUNGUA MPYA".. },.. "explanationofflinedisabled": {.. "message": "Haupo mtandaoni. Ili uweze kutumia Hati za Google bila muunganisho wa intaneti, wakati utakuwa umeunganishwa kwenye intaneti, nenda kwenye sehemu ya mipangilio kwenye ukurasa wa kwanza wa Hati za Google kisha uwashe kipengele cha usawazishaji nje ya mtandao.".. },.. "explanationofflineenabled": {.. "message": "Haupo mtandaoni, lakini bado unaweza kubadilisha faili zilizopo au uunde mpya.".. },.. "extdesc": {.. "message": "Badilisha, unda na uangalie hati, malahajedwali na mawasilisho yako . yote bila kutumia muunganisho wa intaneti.".. },.. "extname": {.. "message": "Hati za Google Nje ya Mtandao".. },.. "learnmore": {.. "message": "Pata Maelezo Zaidi".. },.. "popuphelptext": {.. "message": "Andika hati, zibadilishe na ushirikiane na wengine popote ulipo, iwe una muunganisho wa intaneti au huna.".. }..}..

                                          C:\Users\user\AppData\Local\Temp\scoped_dir7204_1878102065\CRX_INSTALL\_locales\ta\messages.json

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:JSON data
                                          Category:dropped
                                          Size (bytes):1941
                                          Entropy (8bit):4.132139619026436
                                          Encrypted:false
                                          SSDEEP:24:1HAoTZwEj3YfVLiANpx96zjlXTwB4uNJDZwq3CP1B2xIZiIH1CYFIZ03SoFyxrph:JCEjWiAD0ZXkyYFyPND1L/I
                                          MD5:DCC0D1725AEAEAAF1690EF8053529601
                                          SHA1:BB9D31859469760AC93E84B70B57909DCC02EA65
                                          SHA-256:6282BF9DF12AD453858B0B531C8999D5FD6251EB855234546A1B30858462231A
                                          SHA-512:6243982D764026D342B3C47C706D822BB2B0CAFFA51F0591D8C878F981EEF2A7FC68B76D012630B1C1EB394AF90EB782E2B49329EB6538DD5608A7F0791FDCF5
                                          Malicious:false
                                          Preview:{.. "createnew": {.. "message": "..... ....... .........".. },.. "explanationofflinedisabled": {.. "message": ".......... ........... .... ....... ..... Google ......... .........., ...... .... ........... ......... ...., Google ... ................... ................ ......, ........ ......... ..........".. },.. "explanationofflineenabled": {.. "message": ".......... ..........., .......... .......... .......... ......... ........... ...... .....

                                          C:\Users\user\AppData\Local\Temp\scoped_dir7204_1878102065\CRX_INSTALL\_locales\te\messages.json

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:JSON data
                                          Category:dropped
                                          Size (bytes):1969
                                          Entropy (8bit):4.327258153043599
                                          Encrypted:false
                                          SSDEEP:48:R7jQrEONienBcFNBNieCyOBw0/kCcj+sEf24l+Q+u1LU4ljCj55ONipR41ssrNix:RjQJN1nBcFNBNlCyGcj+RXl+Q+u1LU4s
                                          MD5:385E65EF723F1C4018EEE6E4E56BC03F
                                          SHA1:0CEA195638A403FD99BAEF88A360BD746C21DF42
                                          SHA-256:026C164BAE27DBB36A564888A796AA3F188AAD9E0C37176D48910395CF772CEA
                                          SHA-512:E55167CB5638E04DF3543D57C8027B86B9483BFCAFA8E7C148EDED66454AEBF554B4C1CF3C33E93EC63D73E43800D6A6E7B9B1A1B0798B6BDB2F699D3989B052
                                          Malicious:false
                                          Preview:{.. "createnew": {.. "message": "..... ...... ........ ......".. },.. "explanationofflinedisabled": {.. "message": ".... ........... ........ ......... ........ ....... Google Docs... .............., .... ............ ....... ..... ...... .... Google Docs .... ...... ............. ......, ........ ........ ... .......".. },.. "explanationofflineenabled": {.. "message": ".... ........... ......., .... .... ........ .......... .... ....... ..... ....... .... ..

                                          C:\Users\user\AppData\Local\Temp\scoped_dir7204_1878102065\CRX_INSTALL\_locales\th\messages.json

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:JSON data
                                          Category:dropped
                                          Size (bytes):1674
                                          Entropy (8bit):4.343724179386811
                                          Encrypted:false
                                          SSDEEP:48:fcGjnU3UnGKD1GeU3pktOggV1tL2ggG7Q:f3jnDG1eUk0g6RLE
                                          MD5:64077E3D186E585A8BEA86FF415AA19D
                                          SHA1:73A861AC810DABB4CE63AD052E6E1834F8CA0E65
                                          SHA-256:D147631B2334A25B8AA4519E4A30FB3A1A85B6A0396BC688C68DC124EC387D58
                                          SHA-512:56DD389EB9DD335A6214E206B3BF5D63562584394D1DE1928B67D369E548477004146E6CB2AD19D291CB06564676E2B2AC078162356F6BC9278B04D29825EF0C
                                          Malicious:false
                                          Preview:{.. "createnew": {.. "message": ".........".. },.. "explanationofflinedisabled": {.. "message": ".............. ............. Google .................................... ............................... Google ...... .................................................................".. },.. "explanationofflineenabled": {.. "message": "................................................................".. },.. "extdesc": {.. "message": "..... ..... ........

                                          C:\Users\user\AppData\Local\Temp\scoped_dir7204_1878102065\CRX_INSTALL\_locales\tr\messages.json

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:JSON data
                                          Category:dropped
                                          Size (bytes):1063
                                          Entropy (8bit):4.853399816115876
                                          Encrypted:false
                                          SSDEEP:24:1HAowYuBPgoMC4AGehrgGm7tJ3ckwFrXnRs5m:GYsPgrCtGehkGc3cvXr
                                          MD5:76B59AAACC7B469792694CF3855D3F4C
                                          SHA1:7C04A2C1C808FA57057A4CCEEE66855251A3C231
                                          SHA-256:B9066A162BEE00FD50DC48C71B32B69DFFA362A01F84B45698B017A624F46824
                                          SHA-512:2E507CA6874DE8028DC769F3D9DFD9E5494C268432BA41B51568D56F7426F8A5F2E5B111DDD04259EB8D9A036BB4E3333863A8FC65AAB793BCEF39EDFE41403B
                                          Malicious:false
                                          Preview:{.. "createnew": {.. "message": "YEN. OLU.TUR".. },.. "explanationofflinedisabled": {.. "message": ".nternet'e ba.l. de.ilsiniz. Google Dok.manlar'. .nternet ba.lant.s. olmadan kullanmak i.in, .nternet'e ba.lanabildi.inizde Google Dok.manlar ana sayfas.nda Ayarlar'a gidin ve .evrimd... senkronizasyonu etkinle.tirin.".. },.. "explanationofflineenabled": {.. "message": ".nternet'e ba.l. de.ilsiniz. Ancak, yine de mevcut dosyalar. d.zenleyebilir veya yeni dosyalar olu.turabilirsiniz.".. },.. "extdesc": {.. "message": "Dok.man, e-tablo ve sunu olu.turun, bunlar. d.zenleyin ve g.r.nt.leyin. T.m bu i.lemleri internet eri.imi olmadan yapabilirsiniz.".. },.. "extname": {.. "message": "Google Dok.manlar .evrimd...".. },.. "learnmore": {.. "message": "Daha Fazla Bilgi".. },.. "popuphelptext": {.. "message": ".nternet ba.lant.n.z olsun veya olmas.n, nerede olursan.z olun yaz.n, d.zenl

                                          C:\Users\user\AppData\Local\Temp\scoped_dir7204_1878102065\CRX_INSTALL\_locales\uk\messages.json

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:JSON data
                                          Category:dropped
                                          Size (bytes):1333
                                          Entropy (8bit):4.686760246306605
                                          Encrypted:false
                                          SSDEEP:24:1HAk9oxkm6H4KyGGB9GeGoxPEYMQhpARezTtHUN97zlwpEH7:VKU1GB9GeBc/OARETt+9/WCb
                                          MD5:970963C25C2CEF16BB6F60952E103105
                                          SHA1:BBDDACFEEE60E22FB1C130E1EE8EFDA75EA600AA
                                          SHA-256:9FA26FF09F6ACDE2457ED366C0C4124B6CAC1435D0C4FD8A870A0C090417DA19
                                          SHA-512:1BED9FE4D4ADEED3D0BC8258D9F2FD72C6A177C713C3B03FC6F5452B6D6C2CB2236C54EA972ECE7DBFD756733805EB2352CAE44BAB93AA8EA73BB80460349504
                                          Malicious:false
                                          Preview:{.. "createnew": {.. "message": "........".. },.. "explanationofflinedisabled": {.. "message": ".. . ...... ....... ... ............. Google ........... ... ......... . .........., ......... . ............ .. ........ ........ Google .......... . ......... ......-............., .... ...... . .......".. },.. "explanationofflineenabled": {.. "message": ".. . ...... ......, ..... ... .... ...... .......... ........ ..... ... .......... .....".. },.. "extdesc": {.. "message": "........., ......... . ............ ........., .......... ....... .. ........... ... ....... .. ..........".. },.. "extname": {.. "message": "Goo

                                          C:\Users\user\AppData\Local\Temp\scoped_dir7204_1878102065\CRX_INSTALL\_locales\ur\messages.json

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:JSON data
                                          Category:dropped
                                          Size (bytes):1263
                                          Entropy (8bit):4.861856182762435
                                          Encrypted:false
                                          SSDEEP:24:1HAl3zNEUhN3mNjkSIkmdNpInuUVsqNtOJDhY8Dvp/IkLzx:e3uUhQKvkmd+s11Lp1F
                                          MD5:8B4DF6A9281333341C939C244DDB7648
                                          SHA1:382C80CAD29BCF8AAF52D9A24CA5A6ECF1941C6B
                                          SHA-256:5DA836224D0F3A96F1C5EB5063061AAD837CA9FC6FED15D19C66DA25CF56F8AC
                                          SHA-512:FA1C015D4EA349F73468C78FDB798D462EEF0F73C1A762298798E19F825E968383B0A133E0A2CE3B3DF95F24C71992235BFC872C69DC98166B44D3183BF8A9E5
                                          Malicious:false
                                          Preview:{.. "createnew": {.. "message": "... ......".. },.. "explanationofflinedisabled": {.. "message": ".. .. .... .... Google Docs .. .... ....... ..... ....... .... ..... .... ... .. .. ....... .. ..... ... .. Google Docs ... ... .. ....... .. ..... ... .. .... ...... ..... .. .. .....".. },.. "explanationofflineenabled": {.. "message": ".. .. .... ... .... .. ... ... ...... ..... ... ..... .. .... ... .. ... ..... ... .... ....".. },.. "extdesc": {.. "message": ".......... .......... ... ....... . .... ... ....... .. ..... .. .... ...... ..... .... ... ..... .......".. },.. "extname": {.. "message": "Google Docs .. ....".. },.. "learnmore": {..

                                          C:\Users\user\AppData\Local\Temp\scoped_dir7204_1878102065\CRX_INSTALL\_locales\vi\messages.json

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:JSON data
                                          Category:dropped
                                          Size (bytes):1074
                                          Entropy (8bit):5.062722522759407
                                          Encrypted:false
                                          SSDEEP:24:1HAhBBLEBOVUSUfE+eDFmj4BLErQ7e2CIer32KIxqJ/HtNiE5nIGeU+KCVT:qHCDheDFmjDQgX32/S/hI9jh
                                          MD5:773A3B9E708D052D6CBAA6D55C8A5438
                                          SHA1:5617235844595D5C73961A2C0A4AC66D8EA5F90F
                                          SHA-256:597C5F32BC999746BC5C2ED1E5115C523B7EB1D33F81B042203E1C1DF4BBCAFE
                                          SHA-512:E5F906729E38B23F64D7F146FA48F3ABF6BAED9AAFC0E5F6FA59F369DC47829DBB4BFA94448580BD61A34E844241F590B8D7AEC7091861105D8EBB2590A3BEE9
                                          Malicious:false
                                          Preview:{.. "createnew": {.. "message": "T.O M.I".. },.. "explanationofflinedisabled": {.. "message": "B.n .ang ngo.i tuy.n. .. s. d.ng Google T.i li.u m. kh.ng c.n k.t n.i Internet, .i ..n c.i ..t tr.n trang ch. c.a Google T.i li.u v. b.t ..ng b. h.a ngo.i tuy.n v.o l.n ti.p theo b.n ...c k.t n.i v.i m.ng Internet.".. },.. "explanationofflineenabled": {.. "message": "B.n .ang ngo.i tuy.n, tuy nhi.n b.n v.n c. th. ch.nh s.a c.c t.p c. s.n ho.c t.o c.c t.p m.i.".. },.. "extdesc": {.. "message": "Ch.nh s.a, t.o v. xem t.i li.u, b.ng t.nh v. b.n tr.nh b.y . t.t c. m. kh.ng c.n truy c.p Internet.".. },.. "extname": {.. "message": "Google T.i li.u ngo.i tuy.n".. },.. "learnmore": {.. "message": "Ti.m hi..u th.m".. },.. "popuphelptext": {.. "message": "Vi.t, ch.nh s.a v. c.ng t.c

                                          C:\Users\user\AppData\Local\Temp\scoped_dir7204_1878102065\CRX_INSTALL\_locales\zh_CN\messages.json

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:JSON data
                                          Category:dropped
                                          Size (bytes):879
                                          Entropy (8bit):5.7905809868505544
                                          Encrypted:false
                                          SSDEEP:12:1HASvgteHCBxNtSBXuetOrgIkA2OrWjMOCBxetSBXK01fg/SOiCSUEQ27e1CBhUj:1HAFsHtrIkA2jqldI/727eggcLk9pf
                                          MD5:3E76788E17E62FB49FB5ED5F4E7A3DCE
                                          SHA1:6904FFA0D13D45496F126E58C886C35366EFCC11
                                          SHA-256:E72D0BB08CC3005556E95A498BD737E7783BB0E56DCC202E7D27A536616F5EE0
                                          SHA-512:F431E570AB5973C54275C9EEF05E49E6FE2D6C17000F98D672DD31F9A1FAD98E0D50B5B0B9CF85D5BBD3B655B93FD69768C194C8C1688CB962AA75FF1AF9BDB6
                                          Malicious:false
                                          Preview:{.. "createnew": {.. "message": "..".. },.. "explanationofflinedisabled": {.. "message": "....................... Google ................ Google ....................".. },.. "explanationofflineenabled": {.. "message": ".............................".. },.. "extdesc": {.. "message": "...................... - ........".. },.. "extname": {.. "message": "Google .......".. },.. "learnmore": {.. "message": "....".. },.. "popuphelptext": {.. "message": "...............................".. }..}..

                                          C:\Users\user\AppData\Local\Temp\scoped_dir7204_1878102065\CRX_INSTALL\_locales\zh_HK\messages.json

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:JSON data
                                          Category:dropped
                                          Size (bytes):1205
                                          Entropy (8bit):4.50367724745418
                                          Encrypted:false
                                          SSDEEP:24:YWvqB0f7Cr591AhI9Ah8U1F4rw4wtB9G976d6BY9scKUrPoAhNehIrI/uIXS1:YWvl7Cr5JHrw7k7u6BY9trW+rHR
                                          MD5:524E1B2A370D0E71342D05DDE3D3E774
                                          SHA1:60D1F59714F9E8F90EF34138D33FBFF6DD39E85A
                                          SHA-256:30F44CFAD052D73D86D12FA20CFC111563A3B2E4523B43F7D66D934BA8DACE91
                                          SHA-512:D2225CF2FA94B01A7B0F70A933E1FDCF69CDF92F76C424CE4F9FCC86510C481C9A87A7B71F907C836CBB1CA41A8BEBBD08F68DBC90710984CA738D293F905272
                                          Malicious:false
                                          Preview:{"createnew":{"message":"\u5efa\u7acb\u65b0\u9805\u76ee"},"explanationofflinedisabled":{"message":"\u60a8\u8655\u65bc\u96e2\u7dda\u72c0\u614b\u3002\u5982\u8981\u5728\u6c92\u6709\u4e92\u806f\u7db2\u9023\u7dda\u7684\u60c5\u6cc1\u4e0b\u4f7f\u7528\u300cGoogle \u6587\u4ef6\u300d\uff0c\u8acb\u524d\u5f80\u300cGoogle \u6587\u4ef6\u300d\u9996\u9801\u7684\u8a2d\u5b9a\uff0c\u4e26\u5728\u4e0b\u6b21\u9023\u63a5\u4e92\u806f\u7db2\u6642\u958b\u555f\u96e2\u7dda\u540c\u6b65\u529f\u80fd\u3002"},"explanationofflineenabled":{"message":"\u60a8\u8655\u65bc\u96e2\u7dda\u72c0\u614b\uff0c\u4f46\u60a8\u4ecd\u53ef\u4ee5\u7de8\u8f2f\u53ef\u7528\u6a94\u6848\u6216\u5efa\u7acb\u65b0\u6a94\u6848\u3002"},"extdesc":{"message":"\u7de8\u8f2f\u3001\u5efa\u7acb\u53ca\u67e5\u770b\u60a8\u7684\u6587\u4ef6\u3001\u8a66\u7b97\u8868\u548c\u7c21\u5831\uff0c\u5b8c\u5168\u4e0d\u9700\u4f7f\u7528\u4e92\u806f\u7db2\u3002"},"extname":{"message":"\u300cGoogle \u6587\u4ef6\u300d\u96e2\u7dda\u7248"},"learnmore":{"message":"\u77ad\u89e3\u8a

                                          C:\Users\user\AppData\Local\Temp\scoped_dir7204_1878102065\CRX_INSTALL\_locales\zh_TW\messages.json

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:JSON data
                                          Category:dropped
                                          Size (bytes):843
                                          Entropy (8bit):5.76581227215314
                                          Encrypted:false
                                          SSDEEP:12:1HASvgmaCBxNtBtA24ZOuAeOEHGOCBxetBtMHQIJECSUnLRNocPNy6CBhU5OGg1O:1HAEfQkekYyLvRmcPGgzcL2kx5U
                                          MD5:0E60627ACFD18F44D4DF469D8DCE6D30
                                          SHA1:2BFCB0C3CA6B50D69AD5745FA692BAF0708DB4B5
                                          SHA-256:F94C6DDEDF067642A1AF18D629778EC65E02B6097A8532B7E794502747AEB008
                                          SHA-512:6FF517EED4381A61075AC7C8E80C73FAFAE7C0583BA4FA7F4951DD7DBE183C253702DEE44B3276EFC566F295DAC1592271BE5E0AC0C7D2C9F6062054418C7C27
                                          Malicious:false
                                          Preview:{.. "createnew": {.. "message": ".....".. },.. "explanationofflinedisabled": {.. "message": ".................. Google ................ Google .................".. },.. "explanationofflineenabled": {.. "message": ".........................".. },.. "extdesc": {.. "message": ".............................".. },.. "extname": {.. "message": "Google .....".. },.. "learnmore": {.. "message": "....".. },.. "popuphelptext": {.. "message": "................................".. }..}..

                                          C:\Users\user\AppData\Local\Temp\scoped_dir7204_1878102065\CRX_INSTALL\_locales\zu\messages.json

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:JSON data
                                          Category:dropped
                                          Size (bytes):912
                                          Entropy (8bit):4.65963951143349
                                          Encrypted:false
                                          SSDEEP:24:YlMBKqLnI7EgBLWFQbTQIF+j4h3OadMJzLWnCieqgwLeOvKrCRPE:YlMBKqjI7EQOQb0Pj4heOWqeyaBrMPE
                                          MD5:71F916A64F98B6D1B5D1F62D297FDEC1
                                          SHA1:9386E8F723C3F42DA5B3F7E0B9970D2664EA0BAA
                                          SHA-256:EC78DDD4CCF32B5D76EC701A20167C3FBD146D79A505E4FB0421FC1E5CF4AA63
                                          SHA-512:30FA4E02120AF1BE6E7CC7DBB15FAE5D50825BD6B3CF28EF21D2F2E217B14AF5B76CFCC165685C3EDC1D09536BFCB10CA07E1E2CC0DA891CEC05E19394AD7144
                                          Malicious:false
                                          Preview:{"createnew":{"message":"DALA ENTSHA"},"explanationofflinedisabled":{"message":"Awuxhunyiwe ku-inthanethi. Ukuze usebenzise i-Google Amadokhumenti ngaphandle koxhumano lwe-inthanethi, iya kokuthi izilungiselelo ekhasini lasekhaya le-Google Amadokhumenti bese uvula ukuvumelanisa okungaxhunyiwe ku-inthanethi ngesikhathi esilandelayo lapho uxhunywe ku-inthanethi."},"explanationofflineenabled":{"message":"Awuxhunyiwe ku-inthanethi, kodwa usangakwazi ukuhlela amafayela atholakalayo noma udale amasha."},"extdesc":{"message":"Hlela, dala, futhi ubuke amadokhumenti akho, amaspredishithi, namaphrezentheshini \u2014 konke ngaphandle kokufinyelela kwe-inthanethi."},"extname":{"message":"I-Google Amadokhumenti engaxhumekile ku-intanethi"},"learnmore":{"message":"Funda kabanzi"},"popuphelptext":{"message":"Bhala, hlela, futhi hlanganyela noma yikuphi lapho okhona, unalo noma ungenalo uxhumano lwe-inthanethi."}}.

                                          C:\Users\user\AppData\Local\Temp\scoped_dir7204_1878102065\CRX_INSTALL\_metadata\verified_contents.json

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:JSON data
                                          Category:dropped
                                          Size (bytes):11280
                                          Entropy (8bit):5.754230909218899
                                          Encrypted:false
                                          SSDEEP:192:RBG1G1UPkUj/86Op//Ier/2nsN9Jtwg1MK8HNnswuHEIIMuuqd7CKqv+pccW5SJ+:m8IGIEu8RfW+
                                          MD5:BE5DB35513DDEF454CE3502B6418B9B4
                                          SHA1:C82B23A82F745705AA6BCBBEFEB6CE3DBCC71CB1
                                          SHA-256:C6F623BE1112C2FDE6BE8941848A82B2292FCD2B475FBD363CC2FD4DF25049B5
                                          SHA-512:38C48E67631FAF0594D44525423C6EDC08F5A65F04288F0569B7CF8C71C359924069212462B0A2BFA38356F93708143EE1CBD42295D7317E8670D0A0CD10BAFD
                                          Malicious:false
                                          Preview:[{"description":"treehash per file","signed_content":{"payload":"eyJjb250ZW50X2hhc2hlcyI6W3siYmxvY2tfc2l6ZSI6NDA5NiwiZGlnZXN0Ijoic2hhMjU2IiwiZmlsZXMiOlt7InBhdGgiOiIxMjgucG5nIiwicm9vdF9oYXNoIjoiZ2NWZy0xWWgySktRNVFtUmtjZGNmamU1dzVIc1JNN1ZCTmJyaHJ4eGZ5ZyJ9LHsicGF0aCI6Il9sb2NhbGVzL2FmL21lc3NhZ2VzLmpzb24iLCJyb290X2hhc2giOiJxaElnV3hDSFVNLWZvSmVFWWFiWWlCNU9nTm9ncUViWUpOcEFhZG5KR0VjIn0seyJwYXRoIjoiX2xvY2FsZXMvYW0vbWVzc2FnZXMuanNvbiIsInJvb3RfaGFzaCI6IlpPQWJ3cEs2THFGcGxYYjh4RVUyY0VkU0R1aVY0cERNN2lEQ1RKTTIyTzgifSx7InBhdGgiOiJfbG9jYWxlcy9hci9tZXNzYWdlcy5qc29uIiwicm9vdF9oYXNoIjoiUjJVaEZjdTVFcEJfUUZtU19QeGstWWRrSVZqd3l6WEoxdURVZEMyRE9BSSJ9LHsicGF0aCI6Il9sb2NhbGVzL2F6L21lc3NhZ2VzLmpzb24iLCJyb290X2hhc2giOiJZVVJ3Mmp4UU5Lem1TZkY0YS1xcTBzbFBSSFc4eUlXRGtMY2g4Ry0zdjJRIn0seyJwYXRoIjoiX2xvY2FsZXMvYmUvbWVzc2FnZXMuanNvbiIsInJvb3RfaGFzaCI6IjNmRm9XYUZmUHJNelRXSkJsMXlqbUlyRDZ2dzlsa1VxdzZTdjAyUk1oVkEifSx7InBhdGgiOiJfbG9jYWxlcy9iZy9tZXNzYWdlcy5qc29uIiwicm9vdF9oYXNoIjoiSXJ3M3RIem9xREx6bHdGa0hjTllOWFoyNmI0WWVwT2t4ZFN

                                          C:\Users\user\AppData\Local\Temp\scoped_dir7204_1878102065\CRX_INSTALL\dasherSettingSchema.json

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:JSON data
                                          Category:dropped
                                          Size (bytes):854
                                          Entropy (8bit):4.284628987131403
                                          Encrypted:false
                                          SSDEEP:12:ont+QByTwnnGNcMbyWM+Q9TZldnnnGGxlF/S0WOtUL0M0r:vOrGe4dDCVGOjWJ0nr
                                          MD5:4EC1DF2DA46182103D2FFC3B92D20CA5
                                          SHA1:FB9D1BA3710CF31A87165317C6EDC110E98994CE
                                          SHA-256:6C69CE0FE6FAB14F1990A320D704FEE362C175C00EB6C9224AA6F41108918CA6
                                          SHA-512:939D81E6A82B10FF73A35C931052D8D53D42D915E526665079EEB4820DF4D70F1C6AEBAB70B59519A0014A48514833FEFD687D5A3ED1B06482223A168292105D
                                          Malicious:false
                                          Preview:{. "type": "object",. "properties": {. "allowedDocsOfflineDomains": {. "type": "array",. "items": {. "type": "string". },. "title": "Allow users to enable Docs offline for the specified managed domains.",. "description": "Users on managed devices will be able to enable docs offline if they are part of the specified managed domains.". },. "autoEnabledDocsOfflineDomains": {. "type": "array",. "items": {. "type": "string". },. "title": "Auto enable Docs offline for the specified managed domains in certain eligible situations.",. "description": "Users on managed devices, in certain eligible situations, will be able to automatically access and edit recent files offline for the managed domains set in this property. They can still disable it from Drive settings.". }. }.}.

                                          C:\Users\user\AppData\Local\Temp\scoped_dir7204_1878102065\CRX_INSTALL\manifest.json

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:JSON data
                                          Category:dropped
                                          Size (bytes):2525
                                          Entropy (8bit):5.417689528134667
                                          Encrypted:false
                                          SSDEEP:24:1HEZ4WPoolELb/KxktGw3VwELb/4iL2QDkUpvdz1xxy/Atj1e9yiVvQe:WdP5aLTKQGwlTLT4oRvvxs/APegiVb
                                          MD5:10FF8E5B674311683D27CE1879384954
                                          SHA1:9C269C14E067BB86642EB9F4816D75CF1B9B9158
                                          SHA-256:17363162A321625358255EE939F447E9363FF2284BD35AE15470FD5318132CA9
                                          SHA-512:4D3EB89D398A595FEA8B59AC6269A57CC96C4A0E5A5DB8C5FE70AB762E8144A5DF9AFC8756CA2E798E50778CD817CC9B0826FC2942DE31397E858DBFA1B06830
                                          Malicious:false
                                          Preview:{.. "author": {.. "email": "docs-hosted-app-own@google.com".. },.. "background": {.. "service_worker": "service_worker_bin_prod.js".. },.. "content_capabilities": {.. "matches": [ "https://docs.google.com/*", "https://drive.google.com/*", "https://drive-autopush.corp.google.com/*", "https://drive-daily-0.corp.google.com/*", "https://drive-daily-1.corp.google.com/*", "https://drive-daily-2.corp.google.com/*", "https://drive-daily-3.corp.google.com/*", "https://drive-daily-4.corp.google.com/*", "https://drive-daily-5.corp.google.com/*", "https://drive-daily-6.corp.google.com/*", "https://drive-preprod.corp.google.com/*", "https://drive-staging.corp.google.com/*" ],.. "permissions": [ "clipboardRead", "clipboardWrite", "unlimitedStorage" ].. },.. "content_security_policy": {.. "extension_pages": "script-src 'self'; object-src 'self'".. },.. "default_locale": "en_US",.. "description": "__MSG_extDesc__",.. "externally_connectable": {.. "ma

                                          C:\Users\user\AppData\Local\Temp\scoped_dir7204_1878102065\CRX_INSTALL\offscreendocument.html

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:HTML document, ASCII text
                                          Category:dropped
                                          Size (bytes):97
                                          Entropy (8bit):4.862433271815736
                                          Encrypted:false
                                          SSDEEP:3:PouV7uJL5XL/oGLvLAAJR90bZNGXIL0Hac4NGb:hxuJL5XsOv0EmNV4HX4Qb
                                          MD5:B747B5922A0BC74BBF0A9BC59DF7685F
                                          SHA1:7BF124B0BE8EE2CFCD2506C1C6FFC74D1650108C
                                          SHA-256:B9FA2D52A4FFABB438B56184131B893B04655B01F336066415D4FE839EFE64E7
                                          SHA-512:7567761BE4054FCB31885E16D119CD4E419A423FFB83C3B3ED80BFBF64E78A73C2E97AAE4E24AB25486CD1E43877842DB0836DB58FBFBCEF495BC53F9B2A20EC
                                          Malicious:false
                                          Preview:<!DOCTYPE html>.<html>.<body>. <script src="offscreendocument_main.js"></script>.</body>.</html>

                                          C:\Users\user\AppData\Local\Temp\scoped_dir7204_1878102065\CRX_INSTALL\offscreendocument_main.js

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:ASCII text, with very long lines (4369)
                                          Category:dropped
                                          Size (bytes):95567
                                          Entropy (8bit):5.4016395763198135
                                          Encrypted:false
                                          SSDEEP:1536:Ftd/mjDC/Hass/jCKLwPOPO2MCeYHxU2/NjAGHChg3JOzZ8:YfjCKdHm2/NbHCIJo8
                                          MD5:09AF2D8CFA8BF1078101DA78D09C4174
                                          SHA1:F2369551E2CDD86258062BEB0729EE4D93FCA050
                                          SHA-256:39D113C44D45AE3609B9509ED099680CC5FCEF182FD9745B303A76E164D8BCEC
                                          SHA-512:F791434B053FA2A5B731C60F22A4579F19FE741134EF0146E8BAC7DECAC78DE65915B3188093DBBE00F389A7F15B80172053FABB64E636DD4A945DBE3C2CF2E6
                                          Malicious:false
                                          Preview:'use strict';function aa(){return function(){}}function l(a){return function(){return this[a]}}var n;function ba(a){var b=0;return function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}}}var ca="function"==typeof Object.defineProperties?Object.defineProperty:function(a,b,c){if(a==Array.prototype||a==Object.prototype)return a;a[b]=c.value;return a};.function da(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("Cannot find global object");}var q=da(this);function r(a,b){if(b)a:{var c=q;a=a.split(".");for(var d=0;d<a.length-1;d++){var e=a[d];if(!(e in c))break a;c=c[e]}a=a[a.length-1];d=c[a];b=b(d);b!=d&&null!=b&&ca(c,a,{configurable:!0,writable:!0,value:b})}}.r("Symbol",function(a){function b(f){if(this instanceof b)throw new TypeError("Symbol is not a constructor");return new c(d+(f||"")+"_"+e++,f)}function c(f,

                                          C:\Users\user\AppData\Local\Temp\scoped_dir7204_1878102065\CRX_INSTALL\page_embed_script.js

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:ASCII text
                                          Category:dropped
                                          Size (bytes):291
                                          Entropy (8bit):4.65176400421739
                                          Encrypted:false
                                          SSDEEP:6:2LGX86tj66rU8j6D3bWq2un/XBtzHrH9Mnj63LK603:2Q8KVqb2u/Rt3Onj1
                                          MD5:3AB0CD0F493B1B185B42AD38AE2DD572
                                          SHA1:079B79C2ED6F67B5A5BD9BC8C85801F96B1B0F4B
                                          SHA-256:73E3888CCBC8E0425C3D2F8D1E6A7211F7910800EEDE7B1E23AD43D3B21173F7
                                          SHA-512:32F9DB54654F29F39D49F7A24A1FC800DBC0D4A8A1BAB2369C6F9799BC6ADE54962EFF6010EF6D6419AE51D5B53EC4B26B6E2CDD98DEF7CC0D2ADC3A865F37D3
                                          Malicious:false
                                          Preview:(function(){window._docs_chrome_extension_exists=!0;window._docs_chrome_extension_features_version=2;window._docs_chrome_extension_permissions="alarms clipboardRead clipboardWrite storage unlimitedStorage offscreen".split(" ");window._docs_chrome_extension_manifest_version=3;}).call(this);.

                                          C:\Users\user\AppData\Local\Temp\scoped_dir7204_1878102065\CRX_INSTALL\service_worker_bin_prod.js

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:ASCII text, with very long lines (4369)
                                          Category:dropped
                                          Size (bytes):103988
                                          Entropy (8bit):5.389407461078688
                                          Encrypted:false
                                          SSDEEP:1536:oXWJmOMsz9UqqRtjWLqj74SJf2VsxJ5BGOzr61SfwKmWGMJOaAFlObQ/x0BGm:yRqr6v3JnVzr6wwfMtkFSYm
                                          MD5:EA946F110850F17E637B15CF22B82837
                                          SHA1:8D27C963E76E3D2F5B8634EE66706F95F000FCAF
                                          SHA-256:029DFE87536E8907A612900B26EEAA72C63EDF28458A7227B295AE6D4E2BD94C
                                          SHA-512:5E8E61E648740FEF2E89A035A4349B2E4E5E4E88150EE1BDA9D4AD8D75827DC67C1C95A2CA41DF5B89DE8F575714E1A4D23BDE2DC3CF21D55DB3A39907B8F820
                                          Malicious:false
                                          Preview:'use strict';function k(){return function(){}}function n(a){return function(){return this[a]}}var q;function aa(a){var b=0;return function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}}}var ba="function"==typeof Object.defineProperties?Object.defineProperty:function(a,b,c){if(a==Array.prototype||a==Object.prototype)return a;a[b]=c.value;return a};.function da(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("Cannot find global object");}var r=da(this);function t(a,b){if(b)a:{var c=r;a=a.split(".");for(var d=0;d<a.length-1;d++){var e=a[d];if(!(e in c))break a;c=c[e]}a=a[a.length-1];d=c[a];b=b(d);b!=d&&null!=b&&ba(c,a,{configurable:!0,writable:!0,value:b})}}.t("Symbol",function(a){function b(f){if(this instanceof b)throw new TypeError("Symbol is not a constructor");return new c(d+(f||"")+"_"+e++,f)}function c(f,g

                                          C:\Users\user\AppData\Local\Temp\scoped_dir7204_1878102065\b33b5721-7963-486a-bc72-8581a8e2c560.tmp

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:Google Chrome extension, version 3
                                          Category:dropped
                                          Size (bytes):135751
                                          Entropy (8bit):7.804610863392373
                                          Encrypted:false
                                          SSDEEP:1536:h+OX7O5AeBWdSq2Zso2iDNjF3dNUPOTy61NVo8OJXhQXXUWFMOiiBIHWI7YyjM/8:pVdSj9hjVn6Oj5fOJR+k0iiW2IPMaIul
                                          MD5:83EF25FBEE6866A64F09323BFE1536E0
                                          SHA1:24E8BD033CD15E3CF4F4FF4C8123E1868544AC65
                                          SHA-256:F421D74829F2923FD9E5A06153E4E42DB011824C33475E564B17091598996E6F
                                          SHA-512:C699D1C9649977731EEA0CB4740C4BEAACEEC82AECC43F9F2B1E5625C487C0BC45FA08A1152A35EFBDB3DB73B8AF3625206315D1F9645A24E1969316F9F5B38C
                                          Malicious:false
                                          Preview:Cr24..............0.."0...*.H.............0.........^...1"...w.g..t..2J.G1.)X4..=&.?[j,Lz..j.u.e[I.q*Ba/X...P.h..L.....2%3_o.......H.)'.=.e...?.......j..3UH.|.X.M..u..s[.*..?$....F%....I....)..,-./.e5).f..O.q.^........9..(.._.ph2..^.YBPXf_8....h[.v...S.*1`.#..5.SF.:f-.#.65.i..b.]9...y2.'....k[..........1...c@e.J.~..A...(9=...I.N.e..T......6.7..*.Kk?....]<.S(.....9}........$..6...:...9..b|B..8..I..7.8K\.KIn7.:.!^;.H........8.....,.\....b..uC...e?..E.U.........P..G..u!+......C.)Kw...............4..Qye..=$..Q.......?Oi.,O.RW6.k.+.&. .wu..tf....[0Y0...*.H.=....*.H.=....B..............r...2..+Y.I...k..bR.j5Sl..8.......H"i.-l..`.Q.{...G0E. ..r.....p..~..3.1.vD.i.]...~...!...<..4KV.~y.).`........>E.NT.%1".%............o.....J._.H.B..w..C......UU.&C..fB&..|..i..J......I.??^.Z.....Y....0^......?...o.....O.~......W.....~.......R..z.Ma...u]..*..-.n....2s<....E..6.<..W.H.qh....:j.y...N.D.]Nj....../..a...{....g.....f).~._....1q..L..#.G...Q.w...J."

                                          C:\Users\user\AppData\Local\Temp\scoped_dir7204_516139461\8f7775e7-b3e8-4b23-b876-70494a73f6d6.tmp

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:Google Chrome extension, version 3
                                          Category:dropped
                                          Size (bytes):11185
                                          Entropy (8bit):7.951995436832936
                                          Encrypted:false
                                          SSDEEP:192:YEKh1jNlwQbamjq6Bcykrs3kAVg55GzVQM5F+XwsxNv7/lsoltBq0WG4ZeJTmrRb:fKT/BAzA05Gn5F+XV7NNltrWG4kJTm1b
                                          MD5:78E47DDA17341BED7BE45DCCFD89AC87
                                          SHA1:1AFDE30E46997452D11E4A2ADBBF35CCE7A1404F
                                          SHA-256:67D161098BE68CD24FEBC0C7B48F515F199DDA72F20AE3BBB97FCF2542BB0550
                                          SHA-512:9574A66D3756540479DC955C4057144283E09CAE11CE11EBCE801053BB48E536E67DC823B91895A9E3EE8D3CB27C065D5E9030C39A26CBF3F201348385B418A5
                                          Malicious:false
                                          Preview:Cr24..............0.."0...*.H.............0.........N.......E#......9e.u.q...VYY..@.+.C..k.O..bK.`..6.G..%.....3Z...e _.6....F..1p..K.Z......./ .3...OT..`..0...Y...FT..43.th.y...}....p.L...2S.&i.`..o...f.oH.....N..:..ijT.3.F{.0.,.f?'f.CQt;b_"Pc.. ..~S.I.c.8Z.;.....{G.a......k...>.`.o..%.$>;.....g.............jg?.R..@.:..........&..{...x@.Py..;kT....%F".S..w...N....9...A..@X.t!i.@..1;......1E..X.....[.~$....J......;=T.;)k..Y...$......S......M.P..P..>..=..u.....2p...w.9..1qw.a\A..Vj .C.....A..Cf1.r6.A...L. _m...[..l.Wr_../.. .B..9!.!+..ZG.K.......0.."0...*.H.............0.........^SUd%Q.L].......Cl2o...\[.....'*...;R=....N.C5....d. .....J.C>u.kr..Y..syJC.XS.q..E.n?....(G.5..)2.G..!.M.SS.{..U....!.EE..M[.#qs.A.1...g)nQ.c..G....Bd..7... .O.BI..KXQ..4.d.K.0......g.....-p....Z.E{...M&.~n.TE7..{0....5.#.C+3.y)pd9.e.........@..3.9..B.....I....2nX........2.?.~..S....]G.N.....Lr.O.Ve....9..D1.G..W)...P.?=.#..7.R.lz..a.wX.e..h.h.~....v..RP.@X....d.G

                                          C:\Users\user\AppData\Local\Temp\scoped_dir7204_516139461\CRX_INSTALL\_metadata\verified_contents.json

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:JSON data
                                          Category:dropped
                                          Size (bytes):1753
                                          Entropy (8bit):5.8889033066924155
                                          Encrypted:false
                                          SSDEEP:48:Pxpr7Xka2NXDpfsBJODI19Kg1JqcJW9O//JE3ZBDcpu/x:L3XgNSz9/4kIO3u3Xgpq
                                          MD5:738E757B92939B24CDBBD0EFC2601315
                                          SHA1:77058CBAFA625AAFBEA867052136C11AD3332143
                                          SHA-256:D23B2BA94BA22BBB681E6362AE5870ACD8A3280FA9E7241B86A9E12982968947
                                          SHA-512:DCA3E12DD5A9F1802DB6D11B009FCE2B787E79B9F730094367C9F26D1D87AF1EA072FF5B10888648FB1231DD83475CF45594BB0C9915B655EE363A3127A5FFC2
                                          Malicious:false
                                          Preview:[.. {.. "description": "treehash per file",.. "signed_content": {.. "payload": "eyJpdGVtX2lkIjoiam1qZmxnanBjcGVwZWFmbW1nZHBma29na2doY3BpaGEiLCJpdGVtX3ZlcnNpb24iOiIxLjIuMSIsInByb3RvY29sX3ZlcnNpb24iOjEsImNvbnRlbnRfaGFzaGVzIjpbeyJmb3JtYXQiOiJ0cmVlaGFzaCIsImRpZ2VzdCI6InNoYTI1NiIsImJsb2NrX3NpemUiOjQwOTYsImhhc2hfYmxvY2tfc2l6ZSI6NDA5NiwiZmlsZXMiOlt7InBhdGgiOiJjb250ZW50LmpzIiwicm9vdF9oYXNoIjoiQS13R1JtV0VpM1lybmxQNktneUdrVWJ5Q0FoTG9JZnRRZGtHUnBEcnp1QSJ9LHsicGF0aCI6ImNvbnRlbnRfbmV3LmpzIiwicm9vdF9oYXNoIjoiVU00WVRBMHc5NFlqSHVzVVJaVTFlU2FBSjFXVENKcHhHQUtXMGxhcDIzUSJ9LHsicGF0aCI6Im1hbmlmZXN0Lmpzb24iLCJyb290X2hhc2giOiJKNXYwVTkwRmN0ejBveWJMZmZuNm5TbHFLU0h2bHF2YkdWYW9FeWFOZU1zIn1dfV19",.. "signatures": [.. {.. "header": {.. "kid": "publisher".. },.. "protected": "eyJhbGciOiJSUzI1NiJ9",.. "signature": "UglEEilkOml5P1W0X6wc-_dB87PQB73uMir11923av57zPKujb4IUe_lbGpn7cRZsy6x-8i9eEKxAW7L2TSmYqrcp4XtiON6ppcf27FWACXOUJDax9wlMr-EOtyZhykCnB9vR

                                          C:\Users\user\AppData\Local\Temp\scoped_dir7204_516139461\CRX_INSTALL\content.js

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:Unicode text, UTF-8 text, with very long lines (8031), with no line terminators
                                          Category:dropped
                                          Size (bytes):9815
                                          Entropy (8bit):6.1716321262973315
                                          Encrypted:false
                                          SSDEEP:192:+ThBV4L3npstQp6VRtROQGZ0UyVg4jq4HWeGBnUi65Ep4HdlyKyjFN3zEScQZBMX:+ThBVq3npozftROQIyVfjRZGB365Ey97
                                          MD5:3D20584F7F6C8EAC79E17CCA4207FB79
                                          SHA1:3C16DCC27AE52431C8CDD92FBAAB0341524D3092
                                          SHA-256:0D40A5153CB66B5BDE64906CA3AE750494098F68AD0B4D091256939EEA243643
                                          SHA-512:315D1B4CC2E70C72D7EB7D51E0F304F6E64AC13AE301FD2E46D585243A6C936B2AD35A0964745D291AE9B317C316A29760B9B9782C88CC6A68599DB531F87D59
                                          Malicious:false
                                          Preview:(()=>{"use strict";var e={1:(e,o)=>{Object.defineProperty(o,"__esModule",{value:!0}),o.newCwsPromotionalButtonCta=o.chromeToEdgeCwsButtonCtaMapping=void 0,o.chromeToEdgeCwsButtonCtaMapping={"...... ... Chrome":"...... ....","........ .. Chrome":".....",........:"..........",".......... .. Chrome":"..........","Chrome . .....":"...","Chrome .... ....":"....","Afegeix a Chrome":"Obt.n","Suprimeix de Chrome":"Suprimeix","P.idat do Chromu":"Z.skat","Odstranit z Chromu":"Odebrat","F.j til Chrome":"F.","Fjern fra Chrome":"Fjerne",Hinzuf.gen:"Abrufen","Aus Chrome entfernen":"Entfernen","Add to Chrome":"Get","Remove from Chrome":"Remove","A.adir a Chrome":"Obtener",Desinstalar:"Quitar","Agregar a Chrome":"Obtener","Eliminar de Chrome":"Quitar","Lisa Chrome'i":"Hangi","Chrome'ist eemaldamine":"Eemalda",.......H:"........","......... ... .. Chr

                                          C:\Users\user\AppData\Local\Temp\scoped_dir7204_516139461\CRX_INSTALL\content_new.js

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:Unicode text, UTF-8 text, with very long lines (8604), with no line terminators
                                          Category:dropped
                                          Size (bytes):10388
                                          Entropy (8bit):6.174387413738973
                                          Encrypted:false
                                          SSDEEP:192:+ThBV4L3npstQp6VRtROQGZ0UyVg4jq4HWeGBnUi65Ep4HdlyKyjFN3EbmE1F4fn:+ThBVq3npozftROQIyVfjRZGB365Ey9+
                                          MD5:3DE1E7D989C232FC1B58F4E32DE15D64
                                          SHA1:42B152EA7E7F31A964914F344543B8BF14B5F558
                                          SHA-256:D4AA4602A1590A4B8A1BCE8B8D670264C9FB532ADC97A72BC10C43343650385A
                                          SHA-512:177E5BDF3A1149B0229B6297BAF7B122602F7BD753F96AA41CCF2D15B2BCF6AF368A39BB20336CCCE121645EC097F6BEDB94666C74ACB6174EB728FBFC43BC2A
                                          Malicious:false
                                          Preview:(()=>{"use strict";var e={1:(e,o)=>{Object.defineProperty(o,"__esModule",{value:!0}),o.newCwsPromotionalButtonCta=o.chromeToEdgeCwsButtonCtaMapping=void 0,o.chromeToEdgeCwsButtonCtaMapping={"...... ... Chrome":"...... ....","........ .. Chrome":".....",........:"..........",".......... .. Chrome":"..........","Chrome . .....":"...","Chrome .... ....":"....","Afegeix a Chrome":"Obt.n","Suprimeix de Chrome":"Suprimeix","P.idat do Chromu":"Z.skat","Odstranit z Chromu":"Odebrat","F.j til Chrome":"F.","Fjern fra Chrome":"Fjerne",Hinzuf.gen:"Abrufen","Aus Chrome entfernen":"Entfernen","Add to Chrome":"Get","Remove from Chrome":"Remove","A.adir a Chrome":"Obtener",Desinstalar:"Quitar","Agregar a Chrome":"Obtener","Eliminar de Chrome":"Quitar","Lisa Chrome'i":"Hangi","Chrome'ist eemaldamine":"Eemalda",.......H:"........","......... ... .. Chr

                                          C:\Users\user\AppData\Local\Temp\scoped_dir7204_516139461\CRX_INSTALL\manifest.json

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          File Type:JSON data
                                          Category:dropped
                                          Size (bytes):962
                                          Entropy (8bit):5.698567446030411
                                          Encrypted:false
                                          SSDEEP:24:1Hg9+D3DRnbuF2+sUrzUu+Y9VwE+Fg41T1O:NBqY+6E+F7JO
                                          MD5:E805E9E69FD6ECDCA65136957B1FB3BE
                                          SHA1:2356F60884130C86A45D4B232A26062C7830E622
                                          SHA-256:5694C91F7D165C6F25DAF0825C18B373B0A81EA122C89DA60438CD487455FD6A
                                          SHA-512:049662EF470D2B9E030A06006894041AE6F787449E4AB1FBF4959ADCB88C6BB87A957490212697815BB3627763C01B7B243CF4E3C4620173A95795884D998A75
                                          Malicious:false
                                          Preview:{.. "content_scripts": [ {.. "js": [ "content.js" ],.. "matches": [ "https://chrome.google.com/webstore/*" ].. }, {.. "js": [ "content_new.js" ],.. "matches": [ "https://chromewebstore.google.com/*" ].. } ],.. "description": "Edge relevant text changes on select websites to improve user experience and precisely surfaces the action they want to take.",.. "key": "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu06p2Mjoy6yJDUUjCe8Hnqvtmjll73XqcbylxFZZWe+MCEAEK+1D0Nxrp0+IuWJL02CU3jbuR5KrJYoezA36M1oSGY5lIF/9NhXWEx5GrosxcBjxqEsdWv/eDoOOEbIvIO0ziMv7T1SUnmAA07wwq8DXWYuwlkZU/PA0Mxx0aNZ5+QyMfYqRmMpwxkwPG8gyU7kmacxgCY1v7PmmZo1vSIEOBYrxl064w5Q6s/dpalSJM9qeRnvRMLsszGY/J2bjQ1F0O2JfIlBjCOUg/89+U8ZJ1mObOFrKO4um8QnenXtH0WGmsvb5qBNrvbWNPuFgr2+w5JYlpSQ+O8zUCb8QZwIDAQAB",.. "manifest_version": 3,.. "name": "Edge relevant text changes",.. "update_url": "https://edge.microsoft.com/extensionwebstorebase/v1/crx",.. "version": "1.2.1"..}..

                                          C:\Users\user\AppData\Local\Temp\tmpaddon

                                          Download File
                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                          File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                          Category:dropped
                                          Size (bytes):453023
                                          Entropy (8bit):7.997718157581587
                                          Encrypted:true
                                          SSDEEP:12288:tESTeqTI2r4ZbCgUKWKNeRcPMb6qlV7hVZe3:tEsed2Xh9/bdzZe3
                                          MD5:85430BAED3398695717B0263807CF97C
                                          SHA1:FFFBEE923CEA216F50FCE5D54219A188A5100F41
                                          SHA-256:A9F4281F82B3579581C389E8583DC9F477C7FD0E20C9DFC91A2E611E21E3407E
                                          SHA-512:06511F1F6C6D44D076B3C593528C26A602348D9C41689DBF5FF716B671C3CA5756B12CB2E5869F836DEDCE27B1A5CFE79B93C707FD01F8E84B620923BB61B5F1
                                          Malicious:false
                                          Preview:PK.........bN...R..........gmpopenh264.dll..|.E.0.=..I.....1....4f1q.`.........q.....'+....h*m{.z..o_.{w........$..($A!...|L...B&A2.s.{..Dd......c.U.U..9u.S...K.l`...../.d.-....|.....&....9......wn..x......i.#O.+.Y.l......+....,3.3f..\..c.SSS,............N...GG...F.'.&.:'.K.Z&.>.@.g..M...M.`...*.........ZR....^jg.G.Kb.o~va.....<Z..1.#.O.e.....D..X..i..$imBW..Q&.......P.....,M.,..:.c...-...\......*.....-i.K.I..4.a..6..*...Ov=...W..F.CH.>...a.'.x...#@f...d..u.1....OV.1o}....g.5.._.3.J.Hi.Z.ipM....b.Z....%.G..F................/..3.q..J.....o...%.g.N.*.}..).3.N%.!..q*........^I.m..~...6.#.~+.....A...I]r...x..*.<IYj....p0..`S.M@.E..f.=.;!.@.....E..E....... .0.n....Jd..d......uM.-.qI.lR..z..=}..r.D.XLZ....x.$..|c.1.cUkM.&.Qn]..a]t.h..*.!.6 7..Jd.DvKJ"Wgd*%n...w...Jni.inmr.@M.$'Z.s....#)%..Rs..:.h....R....\..t.6..'.g.........Uj+F.cr:|..!..K.W.Y...17......,....r.....>.N..3.R.Y.._\...Ir.DNJdM... .k...&V-....z.%...-...D..i..&...6....7.2T).>..0..%.&.

                                          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\ExperimentStoreData.json (copy)

                                          Download File
                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                          File Type:JSON data
                                          Category:dropped
                                          Size (bytes):3621
                                          Entropy (8bit):4.928491069830106
                                          Encrypted:false
                                          SSDEEP:48:YnSwkmrOfJNmPUFpOdwNIOdoWLEWLtkDLuuukx5FBvipA6kbbXjQthvLuhakNi9W:8S+OfJQPUFpOdwNIOdYVjvYcXaNLRV8P
                                          MD5:829B3224D99F2E5E9FE06B7ADD6A1981
                                          SHA1:AEF6F50D0A902FA3AFCBA52E4D3058B047AC29E4
                                          SHA-256:ADF6694C2438ECB6395AC7CD30FF60A6F5A2607D8F863BBC358FB37A7B3D4D4B
                                          SHA-512:18CDFC96C1251FBDD1F5EF42C457CC5079373727970939574B9F5320BCB9596442F8F3618971B6919D7E28990719318AFEBDB9C61E66D93254C4416617F24B47
                                          Malicious:false
                                          Preview:{"csv-import-release-rollout":{"slug":"csv-import-release-rollout","branch":{"slug":"enable-csv-import","ratio":1,"feature":{"value":{},"enabled":false,"featureId":"this-is-included-for-desktop-pre-95-support"},"features":[{"value":{"csvImport":true},"enabled":true,"featureId":"cm-csv-import"}]},"active":true,"enrollmentId":"c5d95379-f4ee-4629-a507-6f15a0e93cd4","experimentType":"rollout","source":"rs-loader","userFacingName":"CSV Import (Release Rollout)","userFacingDescription":"This rollout enables users to import logins from a CSV file from the about:logins page.","lastSeen":"2023-10-03T11:50:29.548Z","featureIds":["cm-csv-import"],"prefs":[{"name":"signon.management.page.fileImport.enabled","branch":"default","featureId":"cm-csv-import","variable":"csvImport","originalValue":false}],"isRollout":true},"serp-ad-telemetry-rollout":{"slug":"serp-ad-telemetry-rollout","branch":{"slug":"control","ratio":1,"feature":{"value":{},"enabled":false,"featureId":"this-is-included-for-desktop-pr

                                          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\ExperimentStoreData.json.tmp

                                          Download File
                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                          File Type:JSON data
                                          Category:dropped
                                          Size (bytes):3621
                                          Entropy (8bit):4.928491069830106
                                          Encrypted:false
                                          SSDEEP:48:YnSwkmrOfJNmPUFpOdwNIOdoWLEWLtkDLuuukx5FBvipA6kbbXjQthvLuhakNi9W:8S+OfJQPUFpOdwNIOdYVjvYcXaNLRV8P
                                          MD5:829B3224D99F2E5E9FE06B7ADD6A1981
                                          SHA1:AEF6F50D0A902FA3AFCBA52E4D3058B047AC29E4
                                          SHA-256:ADF6694C2438ECB6395AC7CD30FF60A6F5A2607D8F863BBC358FB37A7B3D4D4B
                                          SHA-512:18CDFC96C1251FBDD1F5EF42C457CC5079373727970939574B9F5320BCB9596442F8F3618971B6919D7E28990719318AFEBDB9C61E66D93254C4416617F24B47
                                          Malicious:false
                                          Preview:{"csv-import-release-rollout":{"slug":"csv-import-release-rollout","branch":{"slug":"enable-csv-import","ratio":1,"feature":{"value":{},"enabled":false,"featureId":"this-is-included-for-desktop-pre-95-support"},"features":[{"value":{"csvImport":true},"enabled":true,"featureId":"cm-csv-import"}]},"active":true,"enrollmentId":"c5d95379-f4ee-4629-a507-6f15a0e93cd4","experimentType":"rollout","source":"rs-loader","userFacingName":"CSV Import (Release Rollout)","userFacingDescription":"This rollout enables users to import logins from a CSV file from the about:logins page.","lastSeen":"2023-10-03T11:50:29.548Z","featureIds":["cm-csv-import"],"prefs":[{"name":"signon.management.page.fileImport.enabled","branch":"default","featureId":"cm-csv-import","variable":"csvImport","originalValue":false}],"isRollout":true},"serp-ad-telemetry-rollout":{"slug":"serp-ad-telemetry-rollout","branch":{"slug":"control","ratio":1,"feature":{"value":{},"enabled":false,"featureId":"this-is-included-for-desktop-pr

                                          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\addonStartup.json.lz4 (copy)

                                          Download File
                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                          File Type:Mozilla lz4 compressed data, originally 23432 bytes
                                          Category:dropped
                                          Size (bytes):5312
                                          Entropy (8bit):6.615424734763731
                                          Encrypted:false
                                          SSDEEP:96:V2YbKsKNU2xWrp327tGmD4wBON6h6cHaJVJuZMd0JGkkrw2D:VTx2x2t0FDJ4NpwZMd0EJws
                                          MD5:1B9C8056D3619CE5A8C59B0C09873F17
                                          SHA1:1015C630E1937AA63F6AB31743782ECB5D78CCD8
                                          SHA-256:A6AE5DE0733FED050AB570AD9374FF4593D554F695B5AE4E2495871D171D34A3
                                          SHA-512:B1DC9CC675D5476C270A2D5B214D3DF2B3856576ED7EFE92D9A606C2D9D34E781018902AE75CE9C1E25007BB7F8D8F7B52997E6F05B845EF44BAF22F614FE899
                                          Malicious:false
                                          Preview:mozLz40..[....{"app-system-defaults":{"addon....formautofill@mozilla.org&..Gdependencies":[],"enabled":true,"lastModifiedTime":1695865283000,"loader":null,"path":s.....xpi","recommendationStateA...rootURI":"jar:file:///C:/Program%20Files/M.......refox/browser/features/...... !/...unInSafeMode..wsignedD...telemetryKey..7%40R...:1.0.1","version":"..`},"pic..#in.....T.n..w...........S.......(.[......0....0"},"screenshots..T.r.....[.......(.V....-39.......},"webcompat-reporter...Ofals..&.z.....[.......(.]....=1.5.............<.)....p....d......1.z.!18...5.....startupData...pX.astentL..!er...webRequest%..onBefore...[[{"incognitoi.UtabId..!yp...."main_frame"],"url...."*://login.microsoftonline.com/*","..@us/*L.dwindows...},["blocking"]],...Iimag...https://smartT.".f.....etp/facebook.svg",...Aplay*....8`script...P.....-....-testbed.herokuapp\.`shims_..3.jsh.bexampl|.......Pexten{..Q../?..s...S.J/_2..@&_3U..s7.addthis . ic...officialK......-angularjs/current/dist(..t.min.js...track.adB...net/s

                                          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\addonStartup.json.lz4.tmp

                                          Download File
                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                          File Type:Mozilla lz4 compressed data, originally 23432 bytes
                                          Category:dropped
                                          Size (bytes):5312
                                          Entropy (8bit):6.615424734763731
                                          Encrypted:false
                                          SSDEEP:96:V2YbKsKNU2xWrp327tGmD4wBON6h6cHaJVJuZMd0JGkkrw2D:VTx2x2t0FDJ4NpwZMd0EJws
                                          MD5:1B9C8056D3619CE5A8C59B0C09873F17
                                          SHA1:1015C630E1937AA63F6AB31743782ECB5D78CCD8
                                          SHA-256:A6AE5DE0733FED050AB570AD9374FF4593D554F695B5AE4E2495871D171D34A3
                                          SHA-512:B1DC9CC675D5476C270A2D5B214D3DF2B3856576ED7EFE92D9A606C2D9D34E781018902AE75CE9C1E25007BB7F8D8F7B52997E6F05B845EF44BAF22F614FE899
                                          Malicious:false
                                          Preview:mozLz40..[....{"app-system-defaults":{"addon....formautofill@mozilla.org&..Gdependencies":[],"enabled":true,"lastModifiedTime":1695865283000,"loader":null,"path":s.....xpi","recommendationStateA...rootURI":"jar:file:///C:/Program%20Files/M.......refox/browser/features/...... !/...unInSafeMode..wsignedD...telemetryKey..7%40R...:1.0.1","version":"..`},"pic..#in.....T.n..w...........S.......(.[......0....0"},"screenshots..T.r.....[.......(.V....-39.......},"webcompat-reporter...Ofals..&.z.....[.......(.]....=1.5.............<.)....p....d......1.z.!18...5.....startupData...pX.astentL..!er...webRequest%..onBefore...[[{"incognitoi.UtabId..!yp...."main_frame"],"url...."*://login.microsoftonline.com/*","..@us/*L.dwindows...},["blocking"]],...Iimag...https://smartT.".f.....etp/facebook.svg",...Aplay*....8`script...P.....-....-testbed.herokuapp\.`shims_..3.jsh.bexampl|.......Pexten{..Q../?..s...S.J/_2..@&_3U..s7.addthis . ic...officialK......-angularjs/current/dist(..t.min.js...track.adB...net/s

                                          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\addons.json (copy)

                                          Download File
                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                          File Type:JSON data
                                          Category:dropped
                                          Size (bytes):24
                                          Entropy (8bit):3.91829583405449
                                          Encrypted:false
                                          SSDEEP:3:YWGifTJE6iHQ:YWGif9EE
                                          MD5:3088F0272D29FAA42ED452C5E8120B08
                                          SHA1:C72AA542EF60AFA3DF5DFE1F9FCC06C0B135BE23
                                          SHA-256:D587CEC944023447DC91BC5F71E2291711BA5ADD337464837909A26F34BC5A06
                                          SHA-512:B662414EDD6DEF8589304904263584847586ECCA0B0E6296FB3ADB2192D92FB48697C99BD27C4375D192150E3F99102702AF2391117FFF50A9763C74C193D798
                                          Malicious:false
                                          Preview:{"schema":6,"addons":[]}

                                          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\addons.json.tmp

                                          Download File
                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                          File Type:JSON data
                                          Category:dropped
                                          Size (bytes):24
                                          Entropy (8bit):3.91829583405449
                                          Encrypted:false
                                          SSDEEP:3:YWGifTJE6iHQ:YWGif9EE
                                          MD5:3088F0272D29FAA42ED452C5E8120B08
                                          SHA1:C72AA542EF60AFA3DF5DFE1F9FCC06C0B135BE23
                                          SHA-256:D587CEC944023447DC91BC5F71E2291711BA5ADD337464837909A26F34BC5A06
                                          SHA-512:B662414EDD6DEF8589304904263584847586ECCA0B0E6296FB3ADB2192D92FB48697C99BD27C4375D192150E3F99102702AF2391117FFF50A9763C74C193D798
                                          Malicious:false
                                          Preview:{"schema":6,"addons":[]}

                                          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\content-prefs.sqlite

                                          Download File
                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                          File Type:SQLite 3.x database, user version 5, last written using SQLite version 3042000, page size 32768, file counter 5, database pages 8, cookie 0x6, schema 4, largest root page 8, UTF-8, vacuum mode 1, version-valid-for 5
                                          Category:dropped
                                          Size (bytes):262144
                                          Entropy (8bit):0.04905391753567332
                                          Encrypted:false
                                          SSDEEP:24:DLivwae+Q8Uu50xj0aWe9LxYkKA25Q5tvAA:D6wae+QtMImelekKDa5
                                          MD5:DD9D28E87ED57D16E65B14501B4E54D1
                                          SHA1:793839B47326441BE2D1336BA9A61C9B948C578D
                                          SHA-256:BB4E6C58C50BD6399ED70468C02B584595C29F010B66F864CD4D6B427FA365BC
                                          SHA-512:A2626F6A3CBADE62E38DA5987729D99830D0C6AA134D4A9E615026A5F18ACBB11A2C3C80917DAD76DA90ED5BAA9B0454D4A3C2DD04436735E78C974BA1D035B1
                                          Malicious:false
                                          Preview:SQLite format 3......@ ..........................................................................j......|....~.}.}z}-|.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\crashes\store.json.mozlz4 (copy)

                                          Download File
                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                          File Type:Mozilla lz4 compressed data, originally 56 bytes
                                          Category:dropped
                                          Size (bytes):66
                                          Entropy (8bit):4.837595020998689
                                          Encrypted:false
                                          SSDEEP:3:3fX/xH8IXl/I3v0lb7iioW:vXpH1RPXt
                                          MD5:A6338865EB252D0EF8FCF11FA9AF3F0D
                                          SHA1:CECDD4C4DCAE10C2FFC8EB938121B6231DE48CD3
                                          SHA-256:078648C042B9B08483CE246B7F01371072541A2E90D1BEB0C8009A6118CBD965
                                          SHA-512:D950227AC83F4E8246D73F9F35C19E88CE65D0CA5F1EF8CCBB02ED6EFC66B1B7E683E2BA0200279D7CA4B49831FD8C3CEB0584265B10ACCFF2611EC1CA8C0C6C
                                          Malicious:false
                                          Preview:mozLz40.8.....{"v":1,"crashes":{},"countsByDay....rruptDate":null}

                                          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\crashes\store.json.mozlz4.tmp

                                          Download File
                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                          File Type:Mozilla lz4 compressed data, originally 56 bytes
                                          Category:dropped
                                          Size (bytes):66
                                          Entropy (8bit):4.837595020998689
                                          Encrypted:false
                                          SSDEEP:3:3fX/xH8IXl/I3v0lb7iioW:vXpH1RPXt
                                          MD5:A6338865EB252D0EF8FCF11FA9AF3F0D
                                          SHA1:CECDD4C4DCAE10C2FFC8EB938121B6231DE48CD3
                                          SHA-256:078648C042B9B08483CE246B7F01371072541A2E90D1BEB0C8009A6118CBD965
                                          SHA-512:D950227AC83F4E8246D73F9F35C19E88CE65D0CA5F1EF8CCBB02ED6EFC66B1B7E683E2BA0200279D7CA4B49831FD8C3CEB0584265B10ACCFF2611EC1CA8C0C6C
                                          Malicious:false
                                          Preview:mozLz40.8.....{"v":1,"crashes":{},"countsByDay....rruptDate":null}

                                          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\extensions.json (copy)

                                          Download File
                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                          File Type:JSON data
                                          Category:dropped
                                          Size (bytes):36830
                                          Entropy (8bit):5.185924656884556
                                          Encrypted:false
                                          SSDEEP:768:wI43DvfWXf4E6C4p4EC4Y4QfEWvM4B4QS4z4444XQ4U:wUfdvk
                                          MD5:5656BA69BD2966108A461AAE35F60226
                                          SHA1:9C2E5AE52D82CEA43C4A5FFF205A7700CF54D61C
                                          SHA-256:587596712960B26EAC18CB354CCD633FFDB218E374A9D59EFEA843914D7AB299
                                          SHA-512:38F715AD9156558B5D57CA2E75FB0FFE0C5C6728BD94484B8F15E090120DDD02DCE42DBC9CC7143AD6552460A5F3A40E577FAF1D76D5D40B25CDBE636F250054
                                          Malicious:false
                                          Preview:{"schemaVersion":35,"addons":[{"id":"formautofill@mozilla.org","syncGUID":"{60024e8e-cfd0-41e5-965d-7128c7dcf0e8}","version":"1.0.1","type":"extension","loader":null,"updateURL":null,"installOrigins":null,"manifestVersion":2,"optionsURL":null,"optionsType":null,"optionsBrowserStyle":true,"aboutURL":null,"defaultLocale":{"name":"Form Autofill","creator":null,"developers":null,"translators":null,"contributors":null},"visible":true,"active":true,"userDisabled":false,"appDisabled":false,"embedderDisabled":false,"installDate":1695865283000,"updateDate":1695865283000,"applyBackgroundUpdates":1,"path":"C:\\Program Files\\Mozilla Firefox\\browser\\features\\formautofill@mozilla.org.xpi","skinnable":false,"sourceURI":null,"releaseNotesURI":null,"softDisabled":false,"foreignInstall":false,"strictCompatibility":true,"locales":[],"targetApplications":[{"id":"toolkit@mozilla.org","minVersion":null,"maxVersion":null}],"targetPlatforms":[],"signedDate":null,"seen":true,"dependencies":[],"incognito":"

                                          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\extensions.json.tmp

                                          Download File
                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                          File Type:JSON data
                                          Category:dropped
                                          Size (bytes):36830
                                          Entropy (8bit):5.185924656884556
                                          Encrypted:false
                                          SSDEEP:768:wI43DvfWXf4E6C4p4EC4Y4QfEWvM4B4QS4z4444XQ4U:wUfdvk
                                          MD5:5656BA69BD2966108A461AAE35F60226
                                          SHA1:9C2E5AE52D82CEA43C4A5FFF205A7700CF54D61C
                                          SHA-256:587596712960B26EAC18CB354CCD633FFDB218E374A9D59EFEA843914D7AB299
                                          SHA-512:38F715AD9156558B5D57CA2E75FB0FFE0C5C6728BD94484B8F15E090120DDD02DCE42DBC9CC7143AD6552460A5F3A40E577FAF1D76D5D40B25CDBE636F250054
                                          Malicious:false
                                          Preview:{"schemaVersion":35,"addons":[{"id":"formautofill@mozilla.org","syncGUID":"{60024e8e-cfd0-41e5-965d-7128c7dcf0e8}","version":"1.0.1","type":"extension","loader":null,"updateURL":null,"installOrigins":null,"manifestVersion":2,"optionsURL":null,"optionsType":null,"optionsBrowserStyle":true,"aboutURL":null,"defaultLocale":{"name":"Form Autofill","creator":null,"developers":null,"translators":null,"contributors":null},"visible":true,"active":true,"userDisabled":false,"appDisabled":false,"embedderDisabled":false,"installDate":1695865283000,"updateDate":1695865283000,"applyBackgroundUpdates":1,"path":"C:\\Program Files\\Mozilla Firefox\\browser\\features\\formautofill@mozilla.org.xpi","skinnable":false,"sourceURI":null,"releaseNotesURI":null,"softDisabled":false,"foreignInstall":false,"strictCompatibility":true,"locales":[],"targetApplications":[{"id":"toolkit@mozilla.org","minVersion":null,"maxVersion":null}],"targetPlatforms":[],"signedDate":null,"seen":true,"dependencies":[],"incognito":"

                                          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\favicons.sqlite-shm

                                          Download File
                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):32768
                                          Entropy (8bit):0.017262956703125623
                                          Encrypted:false
                                          SSDEEP:3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
                                          MD5:B7C14EC6110FA820CA6B65F5AEC85911
                                          SHA1:608EEB7488042453C9CA40F7E1398FC1A270F3F4
                                          SHA-256:FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
                                          SHA-512:D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
                                          Malicious:false
                                          Preview:..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll (copy)

                                          Download File
                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                          Category:dropped
                                          Size (bytes):1021904
                                          Entropy (8bit):6.648417932394748
                                          Encrypted:false
                                          SSDEEP:12288:vYLdTfFKbNSjv92eFN+3wH+NYriA0Iq6lh6VawYIpAvwHN/Uf1h47HAfg1oet:vYLdTZ923NYrjwNpgwef1hzfg1x
                                          MD5:FE3355639648C417E8307C6D051E3E37
                                          SHA1:F54602D4B4778DA21BC97C7238FC66AA68C8EE34
                                          SHA-256:1ED7877024BE63A049DA98733FD282C16BD620530A4FB580DACEC3A78ACE914E
                                          SHA-512:8F4030BB2464B98ECCBEA6F06EB186D7216932702D94F6B84C56419E9CF65A18309711AB342D1513BF85AED402BC3535A70DB4395874828F0D35C278DD2EAC9C
                                          Malicious:false
                                          Antivirus:
                                          • Antivirus: ReversingLabs, Detection: 0%
                                          • Antivirus: Virustotal, Detection: 0%, Browse
                                          Joe Sandbox View:
                                          • Filename: file.exe, Detection: malicious, Browse
                                          • Filename: file.exe, Detection: malicious, Browse
                                          • Filename: file.exe, Detection: malicious, Browse
                                          • Filename: file.exe, Detection: malicious, Browse
                                          • Filename: file.exe, Detection: malicious, Browse
                                          • Filename: file.exe, Detection: malicious, Browse
                                          • Filename: MDE_File_Sample_775c04b737da218ea8e0cf00c15e7212960dd200.zip, Detection: malicious, Browse
                                          • Filename: file.exe, Detection: malicious, Browse
                                          • Filename: SecuriteInfo.com.Win32.Evo-gen.18513.13360.exe, Detection: malicious, Browse
                                          • Filename: file.exe, Detection: malicious, Browse
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......NH...)...)...)..eM...)..eM...)..eM..)..eM...)...)..i)..XA...)..XA..;)..XA...)...)..g)..cA...)..cA...)..Rich.)..........PE..d....z\.........." .....t................................................................`.........................................P...,...|...(............P...H...z.................T...........................0...................p............................text...$s.......t.................. ..`.rdata...~...........x..............@..@.data....3..........................@....pdata...H...P...J..................@..@.rodata..............^..............@..@.reloc...............j..............@..B........................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll.tmp

                                          Download File
                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                          Category:dropped
                                          Size (bytes):1021904
                                          Entropy (8bit):6.648417932394748
                                          Encrypted:false
                                          SSDEEP:12288:vYLdTfFKbNSjv92eFN+3wH+NYriA0Iq6lh6VawYIpAvwHN/Uf1h47HAfg1oet:vYLdTZ923NYrjwNpgwef1hzfg1x
                                          MD5:FE3355639648C417E8307C6D051E3E37
                                          SHA1:F54602D4B4778DA21BC97C7238FC66AA68C8EE34
                                          SHA-256:1ED7877024BE63A049DA98733FD282C16BD620530A4FB580DACEC3A78ACE914E
                                          SHA-512:8F4030BB2464B98ECCBEA6F06EB186D7216932702D94F6B84C56419E9CF65A18309711AB342D1513BF85AED402BC3535A70DB4395874828F0D35C278DD2EAC9C
                                          Malicious:false
                                          Antivirus:
                                          • Antivirus: ReversingLabs, Detection: 0%
                                          • Antivirus: Virustotal, Detection: 0%, Browse
                                          Joe Sandbox View:
                                          • Filename: file.exe, Detection: malicious, Browse
                                          • Filename: file.exe, Detection: malicious, Browse
                                          • Filename: file.exe, Detection: malicious, Browse
                                          • Filename: file.exe, Detection: malicious, Browse
                                          • Filename: file.exe, Detection: malicious, Browse
                                          • Filename: file.exe, Detection: malicious, Browse
                                          • Filename: MDE_File_Sample_775c04b737da218ea8e0cf00c15e7212960dd200.zip, Detection: malicious, Browse
                                          • Filename: file.exe, Detection: malicious, Browse
                                          • Filename: SecuriteInfo.com.Win32.Evo-gen.18513.13360.exe, Detection: malicious, Browse
                                          • Filename: file.exe, Detection: malicious, Browse
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......NH...)...)...)..eM...)..eM...)..eM..)..eM...)...)..i)..XA...)..XA..;)..XA...)...)..g)..cA...)..cA...)..Rich.)..........PE..d....z\.........." .....t................................................................`.........................................P...,...|...(............P...H...z.................T...........................0...................p............................text...$s.......t.................. ..`.rdata...~...........x..............@..@.data....3..........................@....pdata...H...P...J..................@..@.rodata..............^..............@..@.reloc...............j..............@..B........................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info (copy)

                                          Download File
                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                          File Type:ASCII text
                                          Category:dropped
                                          Size (bytes):116
                                          Entropy (8bit):4.968220104601006
                                          Encrypted:false
                                          SSDEEP:3:C3OuN9RAM7VDXcEzq+rEakOvTMBv+FdBAIABv+FEn:0BDUmHlvAWeWEn
                                          MD5:3D33CDC0B3D281E67DD52E14435DD04F
                                          SHA1:4DB88689282FD4F9E9E6AB95FCBB23DF6E6485DB
                                          SHA-256:F526E9F98841D987606EFEAFF7F3E017BA9FD516C4BE83890C7F9A093EA4C47B
                                          SHA-512:A4A96743332CC8EF0F86BC2E6122618BFC75ED46781DADBAC9E580CD73DF89E74738638A2CCCB4CAA4CBBF393D771D7F2C73F825737CDB247362450A0D4A4BC1
                                          Malicious:false
                                          Preview:Name: gmpopenh264.Description: GMP Plugin for OpenH264..Version: 1.8.1.APIs: encode-video[h264], decode-video[h264].

                                          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info.tmp

                                          Download File
                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                          File Type:ASCII text
                                          Category:dropped
                                          Size (bytes):116
                                          Entropy (8bit):4.968220104601006
                                          Encrypted:false
                                          SSDEEP:3:C3OuN9RAM7VDXcEzq+rEakOvTMBv+FdBAIABv+FEn:0BDUmHlvAWeWEn
                                          MD5:3D33CDC0B3D281E67DD52E14435DD04F
                                          SHA1:4DB88689282FD4F9E9E6AB95FCBB23DF6E6485DB
                                          SHA-256:F526E9F98841D987606EFEAFF7F3E017BA9FD516C4BE83890C7F9A093EA4C47B
                                          SHA-512:A4A96743332CC8EF0F86BC2E6122618BFC75ED46781DADBAC9E580CD73DF89E74738638A2CCCB4CAA4CBBF393D771D7F2C73F825737CDB247362450A0D4A4BC1
                                          Malicious:false
                                          Preview:Name: gmpopenh264.Description: GMP Plugin for OpenH264..Version: 1.8.1.APIs: encode-video[h264], decode-video[h264].

                                          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\places.sqlite-shm

                                          Download File
                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):32768
                                          Entropy (8bit):0.035577876577226504
                                          Encrypted:false
                                          SSDEEP:3:GtlstFxK7TFNM4tlstFxK7TFNUXJ89//alEl:GtWt+DM4tWt+DUZ89XuM
                                          MD5:9B10A75BD6A87B8B0CDC5B53FEB43FC5
                                          SHA1:778426CE4254346FF7984E25EE292681CC7F3F70
                                          SHA-256:3E33FF7FE2D08195581EB95882C13E6031A950926A66BD6553E5AA6DC111DD83
                                          SHA-512:14DEF6CF9BF4A452AD0F95EAB74107CAA32C36D12D98CD89FBC27A3833DF311CC34971A55BCE1986D8BBFF70FB912E42DE0A9B70C9FEEA609B341D45CCA27655
                                          Malicious:false
                                          Preview:..-.......................[...6......yo.W...?....-.......................[...6......yo.W...?..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\places.sqlite-wal

                                          Download File
                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                          File Type:SQLite Write-Ahead Log, version 3007000
                                          Category:dropped
                                          Size (bytes):32824
                                          Entropy (8bit):0.03952360599154401
                                          Encrypted:false
                                          SSDEEP:3:Ol1yGhlIDjkoPqVtl8rEXsxdwhml8XW3R2:KAMl+Yoel8dMhm93w
                                          MD5:A38181B7B93E18333DBD31B3D4C2F257
                                          SHA1:A5ED34E43447D5FB93C97FCDCE6B7F2FCBAF4970
                                          SHA-256:184ACABA26C43E68C154B5B46F628B2A81813C3F96E8786DC9D0A9F8B8373FE4
                                          SHA-512:4C7B60FCC4430A29FD30FB9698A980596C3DAAD56D352BA37A2267A632DF14A0E17BDBB9FEBE7260E8100B716477D934063D90A73C89ACFB643403F2701E6E20
                                          Malicious:false
                                          Preview:7....-................yo..1....C..............yo.[...6..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\prefs-1.js

                                          Download File
                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                          File Type:ASCII text, with very long lines (1809), with CRLF line terminators
                                          Category:modified
                                          Size (bytes):13245
                                          Entropy (8bit):5.49352586451774
                                          Encrypted:false
                                          SSDEEP:192:2ZnaRtLYbBp6vhj4qyaaXb6Ka/Nx45RfGNBw8dB/Sl:Ze5qVx1Wcw+0
                                          MD5:6AF3E5862338404AD6801FB0736CABA6
                                          SHA1:5E18D52C1468D38C4686A28E5CDCD6186C9A26B1
                                          SHA-256:1B7AC514A0A6C9D62C6F722A9E13EF54510A1E910382D020CB144D0A7CE894F0
                                          SHA-512:2D598BF1BA49CF9566CFDBE8B79AC7511CBB498C64063A129C422CF4C9AF073810B87FD6994D8CD92BAE68CB45295AE89C8CC6BFDB4773A916B92E17A426C34B
                                          Malicious:false
                                          Preview:// Mozilla User Preferences....// DO NOT EDIT THIS FILE...//..// If you make changes to this file while the application is running,..// the changes will be overwritten when the application exits...//..// To change a preference value, you can either:..// - modify it via the UI (e.g. via about:config in the browser); or..// - set it within a user.js file in your profile.....user_pref("app.normandy.first_run", false);..user_pref("app.normandy.migrationsApplied", 12);..user_pref("app.normandy.user_id", "57f16a19-e119-4073-bf01-28f88011f783");..user_pref("app.update.auto.migrated", true);..user_pref("app.update.background.rolledout", true);..user_pref("app.update.backgroundErrors", 2);..user_pref("app.update.lastUpdateTime.addon-background-update-timer", 1725223345);..user_pref("app.update.lastUpdateTime.background-update-timer", 1725223345);..user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 0);..user_pref("app.update.lastUpdateTime.recipe-client-addon-run", 1696333830);..u

                                          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\prefs.js (copy)

                                          Download File
                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                          File Type:ASCII text, with very long lines (1809), with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):13245
                                          Entropy (8bit):5.49352586451774
                                          Encrypted:false
                                          SSDEEP:192:2ZnaRtLYbBp6vhj4qyaaXb6Ka/Nx45RfGNBw8dB/Sl:Ze5qVx1Wcw+0
                                          MD5:6AF3E5862338404AD6801FB0736CABA6
                                          SHA1:5E18D52C1468D38C4686A28E5CDCD6186C9A26B1
                                          SHA-256:1B7AC514A0A6C9D62C6F722A9E13EF54510A1E910382D020CB144D0A7CE894F0
                                          SHA-512:2D598BF1BA49CF9566CFDBE8B79AC7511CBB498C64063A129C422CF4C9AF073810B87FD6994D8CD92BAE68CB45295AE89C8CC6BFDB4773A916B92E17A426C34B
                                          Malicious:false
                                          Preview:// Mozilla User Preferences....// DO NOT EDIT THIS FILE...//..// If you make changes to this file while the application is running,..// the changes will be overwritten when the application exits...//..// To change a preference value, you can either:..// - modify it via the UI (e.g. via about:config in the browser); or..// - set it within a user.js file in your profile.....user_pref("app.normandy.first_run", false);..user_pref("app.normandy.migrationsApplied", 12);..user_pref("app.normandy.user_id", "57f16a19-e119-4073-bf01-28f88011f783");..user_pref("app.update.auto.migrated", true);..user_pref("app.update.background.rolledout", true);..user_pref("app.update.backgroundErrors", 2);..user_pref("app.update.lastUpdateTime.addon-background-update-timer", 1725223345);..user_pref("app.update.lastUpdateTime.background-update-timer", 1725223345);..user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 0);..user_pref("app.update.lastUpdateTime.recipe-client-addon-run", 1696333830);..u

                                          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\protections.sqlite

                                          Download File
                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                          File Type:SQLite 3.x database, user version 1, last written using SQLite version 3042000, page size 32768, file counter 5, database pages 2, cookie 0x1, schema 4, UTF-8, version-valid-for 5
                                          Category:dropped
                                          Size (bytes):65536
                                          Entropy (8bit):0.04062825861060003
                                          Encrypted:false
                                          SSDEEP:6:ltBl/l4/WN1h4BEJYqWvLue3FMOrMZ0l:DBl/WuntfJiFxMZO
                                          MD5:18F65713B07CB441E6A98655B726D098
                                          SHA1:2CEFA32BC26B25BE81C411B60C9925CB0F1F8F88
                                          SHA-256:B6C268E48546B113551A5AF9CA86BB6A462A512DE6C9289315E125CEB0FD8621
                                          SHA-512:A6871076C7D7ED53B630F9F144ED04303AD54A2E60B94ECA2AA96964D1AB375EEFDCA86CE0D3EB0E9DBB81470C6BD159877125A080C95EB17E54A52427F805FB
                                          Malicious:false
                                          Preview:SQLite format 3......@ ..........................................................................j.......x..x..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\sessionCheckpoints.json (copy)

                                          Download File
                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                          File Type:JSON data
                                          Category:dropped
                                          Size (bytes):90
                                          Entropy (8bit):4.194538242412464
                                          Encrypted:false
                                          SSDEEP:3:YVXKQJAyiVLQwJtJDBA+AJ2LKZXJ3YFwHY:Y9KQOy6Lb1BA+m2L69Yr
                                          MD5:C4AB2EE59CA41B6D6A6EA911F35BDC00
                                          SHA1:5942CD6505FC8A9DABA403B082067E1CDEFDFBC4
                                          SHA-256:00AD9799527C3FD21F3A85012565EAE817490F3E0D417413BF9567BB5909F6A2
                                          SHA-512:71EA16900479E6AF161E0AAD08C8D1E9DED5868A8D848E7647272F3002E2F2013E16382B677ABE3C6F17792A26293B9E27EC78E16F00BD24BA3D21072BD1CAE2
                                          Malicious:false
                                          Preview:{"profile-after-change":true,"final-ui-startup":true,"sessionstore-windows-restored":true}

                                          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\sessionCheckpoints.json.tmp

                                          Download File
                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                          File Type:JSON data
                                          Category:dropped
                                          Size (bytes):90
                                          Entropy (8bit):4.194538242412464
                                          Encrypted:false
                                          SSDEEP:3:YVXKQJAyiVLQwJtJDBA+AJ2LKZXJ3YFwHY:Y9KQOy6Lb1BA+m2L69Yr
                                          MD5:C4AB2EE59CA41B6D6A6EA911F35BDC00
                                          SHA1:5942CD6505FC8A9DABA403B082067E1CDEFDFBC4
                                          SHA-256:00AD9799527C3FD21F3A85012565EAE817490F3E0D417413BF9567BB5909F6A2
                                          SHA-512:71EA16900479E6AF161E0AAD08C8D1E9DED5868A8D848E7647272F3002E2F2013E16382B677ABE3C6F17792A26293B9E27EC78E16F00BD24BA3D21072BD1CAE2
                                          Malicious:false
                                          Preview:{"profile-after-change":true,"final-ui-startup":true,"sessionstore-windows-restored":true}

                                          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\sessionstore-backups\recovery.baklz4 (copy)

                                          Download File
                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                          File Type:Mozilla lz4 compressed data, originally 5952 bytes
                                          Category:dropped
                                          Size (bytes):1596
                                          Entropy (8bit):6.328589239175807
                                          Encrypted:false
                                          SSDEEP:24:vIKSUGu5kLZ8k0LXHeU7GAu3maT5sFd/wHVQj60a2jhWyGUVHp/vRmN4r0aM64:wKpR5SD0zeU74dFH079VO5h64
                                          MD5:BE3D73287278CBE1F4ED79D4084D9443
                                          SHA1:F90209C041613B8C587A8FC4CCAD3797973861B1
                                          SHA-256:EBA544BF4759F779B5A56C12239410B4F5F28D6F900DE960ADABD9E6BB42B05C
                                          SHA-512:544B83B3947BB06C44A6268395F1B2C7182EA150478025B19A102869CE91C1661277C8E3B50B0C96BB58AF2133278F0584C9B7BBD27FB834317B04E23A3B5EBA
                                          Malicious:false
                                          Preview:mozLz40.@.....{"version":["ses....restore",1],"windows":[{"tab..bentrie...!url":"https://accounts.google.com/ServiceLogin?s...=)...ettings&continue=J....v3/signin/challenge/pwd","title..p..cacheKey":0,"ID":6,"docshellUU...D"{ef1f4f1d-4ab5-4b70-82c3-77a115716a79}","resultPrincipalURI":null,"hasUserInteract....false,"triggering9.p_base64{..\"3\":{}_..6docIdentifier":7,"persist":true}],"lastAccessed":1725223370493,"hiddey..searchMode...userContextId...attribut;..{},"index":1...questedI..p0,"imag....chrome://global/skin/icons/warning.svg"..aselect...,"_closedT..@],"_...C..`GroupC...":-1,"busy...t...Flags":2167541758....dth":1164,"height":891,"screenX":4...Y..Aizem..."maximize......BeforeMin...&..workspace:...1a5ccf63-1000-409f-b5c1-afec7f75d4d9","zD..1...W...l...........:....1":{..jUpdate...6,"startTim..P15109...centCrash..B0},".....Dcook1. hoc..."addons.mozilla.org","valu...A8bad2467092e6ddeb0dfa9e5ea54d86d26790ca7ba2ce88d10cb4604fe726755","path":"/","na..a"taarI|.Recure...,..Donly..fexpi

                                          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\sessionstore-backups\recovery.jsonlz4 (copy)

                                          Download File
                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                          File Type:Mozilla lz4 compressed data, originally 5952 bytes
                                          Category:dropped
                                          Size (bytes):1596
                                          Entropy (8bit):6.328589239175807
                                          Encrypted:false
                                          SSDEEP:24:vIKSUGu5kLZ8k0LXHeU7GAu3maT5sFd/wHVQj60a2jhWyGUVHp/vRmN4r0aM64:wKpR5SD0zeU74dFH079VO5h64
                                          MD5:BE3D73287278CBE1F4ED79D4084D9443
                                          SHA1:F90209C041613B8C587A8FC4CCAD3797973861B1
                                          SHA-256:EBA544BF4759F779B5A56C12239410B4F5F28D6F900DE960ADABD9E6BB42B05C
                                          SHA-512:544B83B3947BB06C44A6268395F1B2C7182EA150478025B19A102869CE91C1661277C8E3B50B0C96BB58AF2133278F0584C9B7BBD27FB834317B04E23A3B5EBA
                                          Malicious:false
                                          Preview:mozLz40.@.....{"version":["ses....restore",1],"windows":[{"tab..bentrie...!url":"https://accounts.google.com/ServiceLogin?s...=)...ettings&continue=J....v3/signin/challenge/pwd","title..p..cacheKey":0,"ID":6,"docshellUU...D"{ef1f4f1d-4ab5-4b70-82c3-77a115716a79}","resultPrincipalURI":null,"hasUserInteract....false,"triggering9.p_base64{..\"3\":{}_..6docIdentifier":7,"persist":true}],"lastAccessed":1725223370493,"hiddey..searchMode...userContextId...attribut;..{},"index":1...questedI..p0,"imag....chrome://global/skin/icons/warning.svg"..aselect...,"_closedT..@],"_...C..`GroupC...":-1,"busy...t...Flags":2167541758....dth":1164,"height":891,"screenX":4...Y..Aizem..."maximize......BeforeMin...&..workspace:...1a5ccf63-1000-409f-b5c1-afec7f75d4d9","zD..1...W...l...........:....1":{..jUpdate...6,"startTim..P15109...centCrash..B0},".....Dcook1. hoc..."addons.mozilla.org","valu...A8bad2467092e6ddeb0dfa9e5ea54d86d26790ca7ba2ce88d10cb4604fe726755","path":"/","na..a"taarI|.Recure...,..Donly..fexpi

                                          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\sessionstore-backups\recovery.jsonlz4.tmp

                                          Download File
                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                          File Type:Mozilla lz4 compressed data, originally 5952 bytes
                                          Category:dropped
                                          Size (bytes):1596
                                          Entropy (8bit):6.328589239175807
                                          Encrypted:false
                                          SSDEEP:24:vIKSUGu5kLZ8k0LXHeU7GAu3maT5sFd/wHVQj60a2jhWyGUVHp/vRmN4r0aM64:wKpR5SD0zeU74dFH079VO5h64
                                          MD5:BE3D73287278CBE1F4ED79D4084D9443
                                          SHA1:F90209C041613B8C587A8FC4CCAD3797973861B1
                                          SHA-256:EBA544BF4759F779B5A56C12239410B4F5F28D6F900DE960ADABD9E6BB42B05C
                                          SHA-512:544B83B3947BB06C44A6268395F1B2C7182EA150478025B19A102869CE91C1661277C8E3B50B0C96BB58AF2133278F0584C9B7BBD27FB834317B04E23A3B5EBA
                                          Malicious:false
                                          Preview:mozLz40.@.....{"version":["ses....restore",1],"windows":[{"tab..bentrie...!url":"https://accounts.google.com/ServiceLogin?s...=)...ettings&continue=J....v3/signin/challenge/pwd","title..p..cacheKey":0,"ID":6,"docshellUU...D"{ef1f4f1d-4ab5-4b70-82c3-77a115716a79}","resultPrincipalURI":null,"hasUserInteract....false,"triggering9.p_base64{..\"3\":{}_..6docIdentifier":7,"persist":true}],"lastAccessed":1725223370493,"hiddey..searchMode...userContextId...attribut;..{},"index":1...questedI..p0,"imag....chrome://global/skin/icons/warning.svg"..aselect...,"_closedT..@],"_...C..`GroupC...":-1,"busy...t...Flags":2167541758....dth":1164,"height":891,"screenX":4...Y..Aizem..."maximize......BeforeMin...&..workspace:...1a5ccf63-1000-409f-b5c1-afec7f75d4d9","zD..1...W...l...........:....1":{..jUpdate...6,"startTim..P15109...centCrash..B0},".....Dcook1. hoc..."addons.mozilla.org","valu...A8bad2467092e6ddeb0dfa9e5ea54d86d26790ca7ba2ce88d10cb4604fe726755","path":"/","na..a"taarI|.Recure...,..Donly..fexpi

                                          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage.sqlite

                                          Download File
                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                          File Type:SQLite 3.x database, user version 131075, last written using SQLite version 3042000, page size 512, file counter 6, database pages 8, cookie 0x4, schema 4, UTF-8, version-valid-for 6
                                          Category:dropped
                                          Size (bytes):4096
                                          Entropy (8bit):2.0836444556178684
                                          Encrypted:false
                                          SSDEEP:24:JBwdh/cEUcR9PzNFPFHx/GJRBdkOrDcRB1trwDeAq2gRMyxr3:jnEUo9LXtR+JdkOnohYsl
                                          MD5:8B40B1534FF0F4B533AF767EB5639A05
                                          SHA1:63EDB539EA39AD09D701A36B535C4C087AE08CC9
                                          SHA-256:AF275A19A5C2C682139266065D90C237282274D11C5619A121B7BDBDB252861B
                                          SHA-512:54AF707698CED33C206B1B193DA414D630901762E88E37E99885A50D4D5F8DDC28367C9B401DFE251CF0552B4FA446EE28F78A97C9096AFB0F2898BFBB673B53
                                          Malicious:false
                                          Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\targeting.snapshot.json (copy)

                                          Download File
                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                          File Type:JSON data
                                          Category:dropped
                                          Size (bytes):4537
                                          Entropy (8bit):5.033938137845234
                                          Encrypted:false
                                          SSDEEP:48:YrSAYF6UQZpExB1+anOsW4Vh351VxWRzzc8eYMsku7f86SLAVL7if5FtsfAcbyJW:ycFyTEr5QFRzzcMvbw6KkCrrc2Rn27
                                          MD5:3636FC1AC2268041FEE8DDA25EFB6C94
                                          SHA1:8469739CB16B1D2D891E434FA6295FDC994A8BAC
                                          SHA-256:8D533FE1C01CE4F719A953101F13C8E62F496F4049AC4CDE6B03953A474D5EC6
                                          SHA-512:5E3C9E183BCC36BBCD48E9008CF377ED4D03C0F0BFD28BF7221F486C803B63999487CC329EA4FF10BF594AFE4E142A957B507475B5408F9DF9CA3B3C7A9898F7
                                          Malicious:false
                                          Preview:{"environment":{"locale":"en-US","localeLanguageCode":"en","browserSettings":{"update":{"channel":"release","enabled":true,"autoDownload":true,"background":true}},"attributionData":{"campaign":"%2528not%2Bset%2529","content":"%2528not%2Bset%2529","dlsource":"mozorg","dltoken":"cd09ae95-e2cf-4b8b-8929-791b0dd48cdd","experiment":"%2528not%2Bset%2529","medium":"referral","source":"www.google.com","ua":"chrome","variation":"%2528not%2Bset%2529"},"currentDate":"2024-09-01T20:42:36.067Z","profileAgeCreated":1696333826043,"usesFirefoxSync":false,"isFxAEnabled":true,"isFxASignedIn":false,"sync":{"desktopDevices":0,"mobileDevices":0,"totalDevices":0},"xpinstallEnabled":true,"addonsInfo":{"addons":{"formautofill@mozilla.org":{"version":"1.0.1","type":"extension","isSystem":true,"isWebExtension":true,"name":"Form Autofill","userDisabled":false,"installDate":"2023-09-28T01:41:23.000Z"},"pictureinpicture@mozilla.org":{"version":"1.0.0","type":"extension","isSystem":true,"isWebExtension":true,"name"

                                          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\targeting.snapshot.json.tmp

                                          Download File
                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                          File Type:JSON data
                                          Category:dropped
                                          Size (bytes):4537
                                          Entropy (8bit):5.033938137845234
                                          Encrypted:false
                                          SSDEEP:48:YrSAYF6UQZpExB1+anOsW4Vh351VxWRzzc8eYMsku7f86SLAVL7if5FtsfAcbyJW:ycFyTEr5QFRzzcMvbw6KkCrrc2Rn27
                                          MD5:3636FC1AC2268041FEE8DDA25EFB6C94
                                          SHA1:8469739CB16B1D2D891E434FA6295FDC994A8BAC
                                          SHA-256:8D533FE1C01CE4F719A953101F13C8E62F496F4049AC4CDE6B03953A474D5EC6
                                          SHA-512:5E3C9E183BCC36BBCD48E9008CF377ED4D03C0F0BFD28BF7221F486C803B63999487CC329EA4FF10BF594AFE4E142A957B507475B5408F9DF9CA3B3C7A9898F7
                                          Malicious:false
                                          Preview:{"environment":{"locale":"en-US","localeLanguageCode":"en","browserSettings":{"update":{"channel":"release","enabled":true,"autoDownload":true,"background":true}},"attributionData":{"campaign":"%2528not%2Bset%2529","content":"%2528not%2Bset%2529","dlsource":"mozorg","dltoken":"cd09ae95-e2cf-4b8b-8929-791b0dd48cdd","experiment":"%2528not%2Bset%2529","medium":"referral","source":"www.google.com","ua":"chrome","variation":"%2528not%2Bset%2529"},"currentDate":"2024-09-01T20:42:36.067Z","profileAgeCreated":1696333826043,"usesFirefoxSync":false,"isFxAEnabled":true,"isFxASignedIn":false,"sync":{"desktopDevices":0,"mobileDevices":0,"totalDevices":0},"xpinstallEnabled":true,"addonsInfo":{"addons":{"formautofill@mozilla.org":{"version":"1.0.1","type":"extension","isSystem":true,"isWebExtension":true,"name":"Form Autofill","userDisabled":false,"installDate":"2023-09-28T01:41:23.000Z"},"pictureinpicture@mozilla.org":{"version":"1.0.0","type":"extension","isSystem":true,"isWebExtension":true,"name"

                                          Static File Info

                                          General

                                          File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                          Entropy (8bit):6.579628888241753
                                          TrID:
                                          • Win32 Executable (generic) a (10002005/4) 99.96%
                                          • Generic Win/DOS Executable (2004/3) 0.02%
                                          • DOS Executable Generic (2002/1) 0.02%
                                          • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                          File name:file.exe
                                          File size:917'504 bytes
                                          MD5:efb40a47d21362d07886b03a97d03e58
                                          SHA1:f99b6ce9e18ce0cb97cbb9522c4ba8adbddf63d7
                                          SHA256:32089eae1cd7e56eb8d73d38a3b26953df73d06ba80a4fd01d575f1d7f39d245
                                          SHA512:fb50ea5d0f9dfd2944b66a1421634c6fc56b4886f8efc6918fc74bef796ea81d315d368e33f62745f2122b1ddeed9aa6fe6981c199f2f5338d56cb46449c2594
                                          SSDEEP:12288:WqDEvFo+yo4DdbbMWu/jrQu4M9lBAlKhQcDGB3cuBNGE6iOrpfe4JdaDgarTn:WqDEvCTbMWu7rQYlBQcBiT6rprG8avn
                                          TLSH:C4159E0273D1C062FFAB92334B5AF6515BBC69260123E61F13981DB9BE701B1563E7A3
                                          File Content Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......................j:......j:..C...j:......@.*...............................n.......~.............{.......{.......{.........z....

                                          File Icon

                                          Icon Hash:aaf3e3e3938382a0

                                          Static PE Info

                                          General

                                          Entrypoint:0x420577
                                          Entrypoint Section:.text
                                          Digitally signed:false
                                          Imagebase:0x400000
                                          Subsystem:windows gui
                                          Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
                                          DLL Characteristics:DYNAMIC_BASE, TERMINAL_SERVER_AWARE
                                          Time Stamp:0x66D4AE37 [Sun Sep 1 18:11:03 2024 UTC]
                                          TLS Callbacks:
                                          CLR (.Net) Version:
                                          OS Version Major:5
                                          OS Version Minor:1
                                          File Version Major:5
                                          File Version Minor:1
                                          Subsystem Version Major:5
                                          Subsystem Version Minor:1
                                          Import Hash:948cc502fe9226992dce9417f952fce3

                                          Entrypoint Preview

                                          Instruction
                                          call 00007F60AD0B2943h
                                          jmp 00007F60AD0B224Fh
                                          push ebp
                                          mov ebp, esp
                                          push esi
                                          push dword ptr [ebp+08h]
                                          mov esi, ecx
                                          call 00007F60AD0B242Dh
                                          mov dword ptr [esi], 0049FDF0h
                                          mov eax, esi
                                          pop esi
                                          pop ebp
                                          retn 0004h
                                          and dword ptr [ecx+04h], 00000000h
                                          mov eax, ecx
                                          and dword ptr [ecx+08h], 00000000h
                                          mov dword ptr [ecx+04h], 0049FDF8h
                                          mov dword ptr [ecx], 0049FDF0h
                                          ret
                                          push ebp
                                          mov ebp, esp
                                          push esi
                                          push dword ptr [ebp+08h]
                                          mov esi, ecx
                                          call 00007F60AD0B23FAh
                                          mov dword ptr [esi], 0049FE0Ch
                                          mov eax, esi
                                          pop esi
                                          pop ebp
                                          retn 0004h
                                          and dword ptr [ecx+04h], 00000000h
                                          mov eax, ecx
                                          and dword ptr [ecx+08h], 00000000h
                                          mov dword ptr [ecx+04h], 0049FE14h
                                          mov dword ptr [ecx], 0049FE0Ch
                                          ret
                                          push ebp
                                          mov ebp, esp
                                          push esi
                                          mov esi, ecx
                                          lea eax, dword ptr [esi+04h]
                                          mov dword ptr [esi], 0049FDD0h
                                          and dword ptr [eax], 00000000h
                                          and dword ptr [eax+04h], 00000000h
                                          push eax
                                          mov eax, dword ptr [ebp+08h]
                                          add eax, 04h
                                          push eax
                                          call 00007F60AD0B4FEDh
                                          pop ecx
                                          pop ecx
                                          mov eax, esi
                                          pop esi
                                          pop ebp
                                          retn 0004h
                                          lea eax, dword ptr [ecx+04h]
                                          mov dword ptr [ecx], 0049FDD0h
                                          push eax
                                          call 00007F60AD0B5038h
                                          pop ecx
                                          ret
                                          push ebp
                                          mov ebp, esp
                                          push esi
                                          mov esi, ecx
                                          lea eax, dword ptr [esi+04h]
                                          mov dword ptr [esi], 0049FDD0h
                                          push eax
                                          call 00007F60AD0B5021h
                                          test byte ptr [ebp+08h], 00000001h
                                          pop ecx

                                          Rich Headers

                                          Programming Language:
                                          • [ C ] VS2008 SP1 build 30729
                                          • [IMP] VS2008 SP1 build 30729

                                          Data Directories

                                          NameVirtual AddressVirtual Size Is in Section
                                          IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                          IMAGE_DIRECTORY_ENTRY_IMPORT0xc8e640x17c.rdata
                                          IMAGE_DIRECTORY_ENTRY_RESOURCE0xd40000x9500.rsrc
                                          IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                          IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                          IMAGE_DIRECTORY_ENTRY_BASERELOC0xde0000x7594.reloc
                                          IMAGE_DIRECTORY_ENTRY_DEBUG0xb0ff00x1c.rdata
                                          IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                          IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                          IMAGE_DIRECTORY_ENTRY_TLS0xc34000x18.rdata
                                          IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0xb10100x40.rdata
                                          IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                          IMAGE_DIRECTORY_ENTRY_IAT0x9c0000x894.rdata
                                          IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                          IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                          IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                          Sections

                                          NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                          .text0x10000x9ab1d0x9ac000a1473f3064dcbc32ef93c5c8a90f3a6False0.565500681542811data6.668273581389308IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                          .rdata0x9c0000x2fb820x2fc00c9cf2468b60bf4f80f136ed54b3989fbFalse0.35289185209424084data5.691811547483722IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                          .data0xcc0000x706c0x480053b9025d545d65e23295e30afdbd16d9False0.04356553819444445DOS executable (block device driver @\273\)0.5846666986982398IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                          .rsrc0xd40000x95000x96007b7ac57fb93fbe985c6ffff1faab351bFalse0.28109375data5.161949961315975IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                          .reloc0xde0000x75940x7600c68ee8931a32d45eb82dc450ee40efc3False0.7628111758474576data6.7972128181359786IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                          Resources

                                          NameRVASizeTypeLanguageCountryZLIB Complexity
                                          RT_ICON0xd45a80x128Device independent bitmap graphic, 16 x 32 x 4, image size 192EnglishGreat Britain0.7466216216216216
                                          RT_ICON0xd46d00x128Device independent bitmap graphic, 16 x 32 x 4, image size 128, 16 important colorsEnglishGreat Britain0.3277027027027027
                                          RT_ICON0xd47f80x128Device independent bitmap graphic, 16 x 32 x 4, image size 192EnglishGreat Britain0.3885135135135135
                                          RT_ICON0xd49200x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 0EnglishGreat Britain0.3333333333333333
                                          RT_ICON0xd4c080x128Device independent bitmap graphic, 16 x 32 x 4, image size 0EnglishGreat Britain0.5
                                          RT_ICON0xd4d300xea8Device independent bitmap graphic, 48 x 96 x 8, image size 0EnglishGreat Britain0.2835820895522388
                                          RT_ICON0xd5bd80x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 0EnglishGreat Britain0.37906137184115524
                                          RT_ICON0xd64800x568Device independent bitmap graphic, 16 x 32 x 8, image size 0EnglishGreat Britain0.23699421965317918
                                          RT_ICON0xd69e80x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 0EnglishGreat Britain0.13858921161825727
                                          RT_ICON0xd8f900x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 0EnglishGreat Britain0.25070356472795496
                                          RT_ICON0xda0380x468Device independent bitmap graphic, 16 x 32 x 32, image size 0EnglishGreat Britain0.3173758865248227
                                          RT_MENU0xda4a00x50dataEnglishGreat Britain0.9
                                          RT_STRING0xda4f00x594dataEnglishGreat Britain0.3333333333333333
                                          RT_STRING0xdaa840x68adataEnglishGreat Britain0.2735961768219833
                                          RT_STRING0xdb1100x490dataEnglishGreat Britain0.3715753424657534
                                          RT_STRING0xdb5a00x5fcdataEnglishGreat Britain0.3087467362924282
                                          RT_STRING0xdbb9c0x65cdataEnglishGreat Britain0.34336609336609336
                                          RT_STRING0xdc1f80x466dataEnglishGreat Britain0.3605683836589698
                                          RT_STRING0xdc6600x158Matlab v4 mat-file (little endian) n, numeric, rows 0, columns 0EnglishGreat Britain0.502906976744186
                                          RT_RCDATA0xdc7b80x7c6data1.0055276381909548
                                          RT_GROUP_ICON0xdcf800x76dataEnglishGreat Britain0.6610169491525424
                                          RT_GROUP_ICON0xdcff80x14dataEnglishGreat Britain1.25
                                          RT_GROUP_ICON0xdd00c0x14dataEnglishGreat Britain1.15
                                          RT_GROUP_ICON0xdd0200x14dataEnglishGreat Britain1.25
                                          RT_VERSION0xdd0340xdcdataEnglishGreat Britain0.6181818181818182
                                          RT_MANIFEST0xdd1100x3efASCII text, with CRLF line terminatorsEnglishGreat Britain0.5074478649453823

                                          Imports

                                          DLLImport
                                          WSOCK32.dllgethostbyname, recv, send, socket, inet_ntoa, setsockopt, ntohs, WSACleanup, WSAStartup, sendto, htons, __WSAFDIsSet, select, accept, listen, bind, inet_addr, ioctlsocket, recvfrom, WSAGetLastError, closesocket, gethostname, connect
                                          VERSION.dllGetFileVersionInfoW, VerQueryValueW, GetFileVersionInfoSizeW
                                          WINMM.dlltimeGetTime, waveOutSetVolume, mciSendStringW
                                          COMCTL32.dllImageList_ReplaceIcon, ImageList_Destroy, ImageList_Remove, ImageList_SetDragCursorImage, ImageList_BeginDrag, ImageList_DragEnter, ImageList_DragLeave, ImageList_EndDrag, ImageList_DragMove, InitCommonControlsEx, ImageList_Create
                                          MPR.dllWNetGetConnectionW, WNetCancelConnection2W, WNetUseConnectionW, WNetAddConnection2W
                                          WININET.dllHttpOpenRequestW, InternetCloseHandle, InternetOpenW, InternetSetOptionW, InternetCrackUrlW, HttpQueryInfoW, InternetQueryOptionW, InternetConnectW, HttpSendRequestW, FtpOpenFileW, FtpGetFileSize, InternetOpenUrlW, InternetReadFile, InternetQueryDataAvailable
                                          PSAPI.DLLGetProcessMemoryInfo
                                          IPHLPAPI.DLLIcmpSendEcho, IcmpCloseHandle, IcmpCreateFile
                                          USERENV.dllDestroyEnvironmentBlock, LoadUserProfileW, CreateEnvironmentBlock, UnloadUserProfile
                                          UxTheme.dllIsThemeActive
                                          KERNEL32.dllDuplicateHandle, CreateThread, WaitForSingleObject, HeapAlloc, GetProcessHeap, HeapFree, Sleep, GetCurrentThreadId, MultiByteToWideChar, MulDiv, GetVersionExW, IsWow64Process, GetSystemInfo, FreeLibrary, LoadLibraryA, GetProcAddress, SetErrorMode, GetModuleFileNameW, WideCharToMultiByte, lstrcpyW, lstrlenW, GetModuleHandleW, QueryPerformanceCounter, VirtualFreeEx, OpenProcess, VirtualAllocEx, WriteProcessMemory, ReadProcessMemory, CreateFileW, SetFilePointerEx, SetEndOfFile, ReadFile, WriteFile, FlushFileBuffers, TerminateProcess, CreateToolhelp32Snapshot, Process32FirstW, Process32NextW, SetFileTime, GetFileAttributesW, FindFirstFileW, FindClose, GetLongPathNameW, GetShortPathNameW, DeleteFileW, IsDebuggerPresent, CopyFileExW, MoveFileW, CreateDirectoryW, RemoveDirectoryW, SetSystemPowerState, QueryPerformanceFrequency, LoadResource, LockResource, SizeofResource, OutputDebugStringW, GetTempPathW, GetTempFileNameW, DeviceIoControl, LoadLibraryW, GetLocalTime, CompareStringW, GetCurrentThread, EnterCriticalSection, LeaveCriticalSection, GetStdHandle, CreatePipe, InterlockedExchange, TerminateThread, LoadLibraryExW, FindResourceExW, CopyFileW, VirtualFree, FormatMessageW, GetExitCodeProcess, GetPrivateProfileStringW, WritePrivateProfileStringW, GetPrivateProfileSectionW, WritePrivateProfileSectionW, GetPrivateProfileSectionNamesW, FileTimeToLocalFileTime, FileTimeToSystemTime, SystemTimeToFileTime, LocalFileTimeToFileTime, GetDriveTypeW, GetDiskFreeSpaceExW, GetDiskFreeSpaceW, GetVolumeInformationW, SetVolumeLabelW, CreateHardLinkW, SetFileAttributesW, CreateEventW, SetEvent, GetEnvironmentVariableW, SetEnvironmentVariableW, GlobalLock, GlobalUnlock, GlobalAlloc, GetFileSize, GlobalFree, GlobalMemoryStatusEx, Beep, GetSystemDirectoryW, HeapReAlloc, HeapSize, GetComputerNameW, GetWindowsDirectoryW, GetCurrentProcessId, GetProcessIoCounters, CreateProcessW, GetProcessId, SetPriorityClass, VirtualAlloc, GetCurrentDirectoryW, lstrcmpiW, DecodePointer, GetLastError, RaiseException, InitializeCriticalSectionAndSpinCount, DeleteCriticalSection, InterlockedDecrement, InterlockedIncrement, ResetEvent, WaitForSingleObjectEx, IsProcessorFeaturePresent, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetCurrentProcess, CloseHandle, GetFullPathNameW, GetStartupInfoW, GetSystemTimeAsFileTime, InitializeSListHead, RtlUnwind, SetLastError, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, EncodePointer, ExitProcess, GetModuleHandleExW, ExitThread, ResumeThread, FreeLibraryAndExitThread, GetACP, GetDateFormatW, GetTimeFormatW, LCMapStringW, GetStringTypeW, GetFileType, SetStdHandle, GetConsoleCP, GetConsoleMode, ReadConsoleW, GetTimeZoneInformation, FindFirstFileExW, IsValidCodePage, GetOEMCP, GetCPInfo, GetCommandLineA, GetCommandLineW, GetEnvironmentStringsW, FreeEnvironmentStringsW, SetEnvironmentVariableA, SetCurrentDirectoryW, FindNextFileW, WriteConsoleW
                                          USER32.dllGetKeyboardLayoutNameW, IsCharAlphaW, IsCharAlphaNumericW, IsCharLowerW, IsCharUpperW, GetMenuStringW, GetSubMenu, GetCaretPos, IsZoomed, GetMonitorInfoW, SetWindowLongW, SetLayeredWindowAttributes, FlashWindow, GetClassLongW, TranslateAcceleratorW, IsDialogMessageW, GetSysColor, InflateRect, DrawFocusRect, DrawTextW, FrameRect, DrawFrameControl, FillRect, PtInRect, DestroyAcceleratorTable, CreateAcceleratorTableW, SetCursor, GetWindowDC, GetSystemMetrics, GetActiveWindow, CharNextW, wsprintfW, RedrawWindow, DrawMenuBar, DestroyMenu, SetMenu, GetWindowTextLengthW, CreateMenu, IsDlgButtonChecked, DefDlgProcW, CallWindowProcW, ReleaseCapture, SetCapture, PeekMessageW, GetInputState, UnregisterHotKey, CharLowerBuffW, MonitorFromPoint, MonitorFromRect, LoadImageW, mouse_event, ExitWindowsEx, SetActiveWindow, FindWindowExW, EnumThreadWindows, SetMenuDefaultItem, InsertMenuItemW, IsMenu, ClientToScreen, GetCursorPos, DeleteMenu, CheckMenuRadioItem, GetMenuItemID, GetMenuItemCount, SetMenuItemInfoW, GetMenuItemInfoW, SetForegroundWindow, IsIconic, FindWindowW, SystemParametersInfoW, LockWindowUpdate, SendInput, GetAsyncKeyState, SetKeyboardState, GetKeyboardState, GetKeyState, VkKeyScanW, LoadStringW, DialogBoxParamW, MessageBeep, EndDialog, SendDlgItemMessageW, GetDlgItem, SetWindowTextW, CopyRect, ReleaseDC, GetDC, EndPaint, BeginPaint, GetClientRect, GetMenu, DestroyWindow, EnumWindows, GetDesktopWindow, IsWindow, IsWindowEnabled, IsWindowVisible, EnableWindow, InvalidateRect, GetWindowLongW, GetWindowThreadProcessId, AttachThreadInput, GetFocus, GetWindowTextW, SendMessageTimeoutW, EnumChildWindows, CharUpperBuffW, GetClassNameW, GetParent, GetDlgCtrlID, SendMessageW, MapVirtualKeyW, PostMessageW, GetWindowRect, SetUserObjectSecurity, CloseDesktop, CloseWindowStation, OpenDesktopW, RegisterHotKey, GetCursorInfo, SetWindowPos, CopyImage, AdjustWindowRectEx, SetRect, SetClipboardData, EmptyClipboard, CountClipboardFormats, CloseClipboard, GetClipboardData, IsClipboardFormatAvailable, OpenClipboard, BlockInput, TrackPopupMenuEx, GetMessageW, SetProcessWindowStation, GetProcessWindowStation, OpenWindowStationW, GetUserObjectSecurity, MessageBoxW, DefWindowProcW, MoveWindow, SetFocus, PostQuitMessage, KillTimer, CreatePopupMenu, RegisterWindowMessageW, SetTimer, ShowWindow, CreateWindowExW, RegisterClassExW, LoadIconW, LoadCursorW, GetSysColorBrush, GetForegroundWindow, MessageBoxA, DestroyIcon, DispatchMessageW, keybd_event, TranslateMessage, ScreenToClient
                                          GDI32.dllEndPath, DeleteObject, GetTextExtentPoint32W, ExtCreatePen, StrokeAndFillPath, GetDeviceCaps, SetPixel, CloseFigure, LineTo, AngleArc, MoveToEx, Ellipse, CreateCompatibleBitmap, CreateCompatibleDC, PolyDraw, BeginPath, Rectangle, SetViewportOrgEx, GetObjectW, SetBkMode, RoundRect, SetBkColor, CreatePen, SelectObject, StretchBlt, CreateSolidBrush, SetTextColor, CreateFontW, GetTextFaceW, GetStockObject, CreateDCW, GetPixel, DeleteDC, GetDIBits, StrokePath
                                          COMDLG32.dllGetSaveFileNameW, GetOpenFileNameW
                                          ADVAPI32.dllGetAce, RegEnumValueW, RegDeleteValueW, RegDeleteKeyW, RegEnumKeyExW, RegSetValueExW, RegOpenKeyExW, RegCloseKey, RegQueryValueExW, RegConnectRegistryW, InitializeSecurityDescriptor, InitializeAcl, AdjustTokenPrivileges, OpenThreadToken, OpenProcessToken, LookupPrivilegeValueW, DuplicateTokenEx, CreateProcessAsUserW, CreateProcessWithLogonW, GetLengthSid, CopySid, LogonUserW, AllocateAndInitializeSid, CheckTokenMembership, FreeSid, GetTokenInformation, RegCreateKeyExW, GetSecurityDescriptorDacl, GetAclInformation, GetUserNameW, AddAce, SetSecurityDescriptorDacl, InitiateSystemShutdownExW
                                          SHELL32.dllDragFinish, DragQueryPoint, ShellExecuteExW, DragQueryFileW, SHEmptyRecycleBinW, SHGetPathFromIDListW, SHBrowseForFolderW, SHCreateShellItem, SHGetDesktopFolder, SHGetSpecialFolderLocation, SHGetFolderPathW, SHFileOperationW, ExtractIconExW, Shell_NotifyIconW, ShellExecuteW
                                          ole32.dllCoTaskMemAlloc, CoTaskMemFree, CLSIDFromString, ProgIDFromCLSID, CLSIDFromProgID, OleSetMenuDescriptor, MkParseDisplayName, OleSetContainedObject, CoCreateInstance, IIDFromString, StringFromGUID2, CreateStreamOnHGlobal, OleInitialize, OleUninitialize, CoInitialize, CoUninitialize, GetRunningObjectTable, CoGetInstanceFromFile, CoGetObject, CoInitializeSecurity, CoCreateInstanceEx, CoSetProxyBlanket
                                          OLEAUT32.dllCreateStdDispatch, CreateDispTypeInfo, UnRegisterTypeLib, UnRegisterTypeLibForUser, RegisterTypeLibForUser, RegisterTypeLib, LoadTypeLibEx, VariantCopyInd, SysReAllocString, SysFreeString, VariantChangeType, SafeArrayDestroyData, SafeArrayUnaccessData, SafeArrayAccessData, SafeArrayAllocData, SafeArrayAllocDescriptorEx, SafeArrayCreateVector, SysStringLen, QueryPathOfRegTypeLib, SysAllocString, VariantInit, VariantClear, DispCallFunc, VariantTimeToSystemTime, VarR8FromDec, SafeArrayGetVartype, SafeArrayDestroyDescriptor, VariantCopy, OleLoadPicture

                                          Possible Origin

                                          Language of compilation systemCountry where language is spokenMap
                                          EnglishGreat Britain

                                          Network Behavior

                                          Network Port Distribution

                                          TCP Packets

                                          TimestampSource PortDest PortSource IPDest IP
                                          Sep 1, 2024 20:53:53.113972902 CEST49675443192.168.2.4173.222.162.32
                                          Sep 1, 2024 20:54:02.741055965 CEST49675443192.168.2.4173.222.162.32
                                          Sep 1, 2024 20:54:02.969283104 CEST49742443192.168.2.4216.58.206.65
                                          Sep 1, 2024 20:54:02.969316959 CEST44349742216.58.206.65192.168.2.4
                                          Sep 1, 2024 20:54:02.969453096 CEST49742443192.168.2.4216.58.206.65
                                          Sep 1, 2024 20:54:02.969634056 CEST49742443192.168.2.4216.58.206.65
                                          Sep 1, 2024 20:54:02.969647884 CEST44349742216.58.206.65192.168.2.4
                                          Sep 1, 2024 20:54:03.686305046 CEST44349742216.58.206.65192.168.2.4
                                          Sep 1, 2024 20:54:03.694308043 CEST49742443192.168.2.4216.58.206.65
                                          Sep 1, 2024 20:54:03.694320917 CEST44349742216.58.206.65192.168.2.4
                                          Sep 1, 2024 20:54:03.694720030 CEST44349742216.58.206.65192.168.2.4
                                          Sep 1, 2024 20:54:03.694732904 CEST44349742216.58.206.65192.168.2.4
                                          Sep 1, 2024 20:54:03.694787979 CEST49742443192.168.2.4216.58.206.65
                                          Sep 1, 2024 20:54:03.694794893 CEST44349742216.58.206.65192.168.2.4
                                          Sep 1, 2024 20:54:03.694828033 CEST49742443192.168.2.4216.58.206.65
                                          Sep 1, 2024 20:54:03.695419073 CEST44349742216.58.206.65192.168.2.4
                                          Sep 1, 2024 20:54:03.696538925 CEST49742443192.168.2.4216.58.206.65
                                          Sep 1, 2024 20:54:03.696594954 CEST44349742216.58.206.65192.168.2.4
                                          Sep 1, 2024 20:54:03.696711063 CEST49742443192.168.2.4216.58.206.65
                                          Sep 1, 2024 20:54:03.740499020 CEST44349742216.58.206.65192.168.2.4
                                          Sep 1, 2024 20:54:03.827006102 CEST49742443192.168.2.4216.58.206.65
                                          Sep 1, 2024 20:54:03.827020884 CEST44349742216.58.206.65192.168.2.4
                                          Sep 1, 2024 20:54:03.932451963 CEST49742443192.168.2.4216.58.206.65
                                          Sep 1, 2024 20:54:03.944072008 CEST44349742216.58.206.65192.168.2.4
                                          Sep 1, 2024 20:54:03.944118023 CEST44349742216.58.206.65192.168.2.4
                                          Sep 1, 2024 20:54:03.944161892 CEST49742443192.168.2.4216.58.206.65
                                          Sep 1, 2024 20:54:03.944171906 CEST44349742216.58.206.65192.168.2.4
                                          Sep 1, 2024 20:54:03.946638107 CEST44349742216.58.206.65192.168.2.4
                                          Sep 1, 2024 20:54:03.946691036 CEST49742443192.168.2.4216.58.206.65
                                          Sep 1, 2024 20:54:03.946697950 CEST44349742216.58.206.65192.168.2.4
                                          Sep 1, 2024 20:54:03.952907085 CEST44349742216.58.206.65192.168.2.4
                                          Sep 1, 2024 20:54:03.952994108 CEST49742443192.168.2.4216.58.206.65
                                          Sep 1, 2024 20:54:03.953001976 CEST44349742216.58.206.65192.168.2.4
                                          Sep 1, 2024 20:54:03.958625078 CEST44349742216.58.206.65192.168.2.4
                                          Sep 1, 2024 20:54:03.958672047 CEST49742443192.168.2.4216.58.206.65
                                          Sep 1, 2024 20:54:03.958678007 CEST44349742216.58.206.65192.168.2.4
                                          Sep 1, 2024 20:54:03.964759111 CEST44349742216.58.206.65192.168.2.4
                                          Sep 1, 2024 20:54:03.965318918 CEST49742443192.168.2.4216.58.206.65
                                          Sep 1, 2024 20:54:03.965325117 CEST44349742216.58.206.65192.168.2.4
                                          Sep 1, 2024 20:54:03.970530987 CEST44349742216.58.206.65192.168.2.4
                                          Sep 1, 2024 20:54:03.970581055 CEST49742443192.168.2.4216.58.206.65
                                          Sep 1, 2024 20:54:03.970587969 CEST44349742216.58.206.65192.168.2.4
                                          Sep 1, 2024 20:54:03.976586103 CEST44349742216.58.206.65192.168.2.4
                                          Sep 1, 2024 20:54:03.976798058 CEST49742443192.168.2.4216.58.206.65
                                          Sep 1, 2024 20:54:03.976809978 CEST44349742216.58.206.65192.168.2.4
                                          Sep 1, 2024 20:54:03.982501030 CEST44349742216.58.206.65192.168.2.4
                                          Sep 1, 2024 20:54:03.982711077 CEST49742443192.168.2.4216.58.206.65
                                          Sep 1, 2024 20:54:03.982717037 CEST44349742216.58.206.65192.168.2.4
                                          Sep 1, 2024 20:54:04.031466007 CEST44349742216.58.206.65192.168.2.4
                                          Sep 1, 2024 20:54:04.031526089 CEST49742443192.168.2.4216.58.206.65
                                          Sep 1, 2024 20:54:04.031536102 CEST44349742216.58.206.65192.168.2.4
                                          Sep 1, 2024 20:54:04.031631947 CEST44349742216.58.206.65192.168.2.4
                                          Sep 1, 2024 20:54:04.031670094 CEST49742443192.168.2.4216.58.206.65
                                          Sep 1, 2024 20:54:04.031676054 CEST44349742216.58.206.65192.168.2.4
                                          Sep 1, 2024 20:54:04.034899950 CEST44349742216.58.206.65192.168.2.4
                                          Sep 1, 2024 20:54:04.034960032 CEST49742443192.168.2.4216.58.206.65
                                          Sep 1, 2024 20:54:04.034966946 CEST44349742216.58.206.65192.168.2.4
                                          Sep 1, 2024 20:54:04.041127920 CEST44349742216.58.206.65192.168.2.4
                                          Sep 1, 2024 20:54:04.041176081 CEST49742443192.168.2.4216.58.206.65
                                          Sep 1, 2024 20:54:04.041182041 CEST44349742216.58.206.65192.168.2.4
                                          Sep 1, 2024 20:54:04.047209978 CEST44349742216.58.206.65192.168.2.4
                                          Sep 1, 2024 20:54:04.047256947 CEST49742443192.168.2.4216.58.206.65
                                          Sep 1, 2024 20:54:04.047265053 CEST44349742216.58.206.65192.168.2.4
                                          Sep 1, 2024 20:54:04.053608894 CEST44349742216.58.206.65192.168.2.4
                                          Sep 1, 2024 20:54:04.053658009 CEST49742443192.168.2.4216.58.206.65
                                          Sep 1, 2024 20:54:04.053664923 CEST44349742216.58.206.65192.168.2.4
                                          Sep 1, 2024 20:54:04.059550047 CEST44349742216.58.206.65192.168.2.4
                                          Sep 1, 2024 20:54:04.059607029 CEST49742443192.168.2.4216.58.206.65
                                          Sep 1, 2024 20:54:04.059617043 CEST44349742216.58.206.65192.168.2.4
                                          Sep 1, 2024 20:54:04.065072060 CEST44349742216.58.206.65192.168.2.4
                                          Sep 1, 2024 20:54:04.065382957 CEST49742443192.168.2.4216.58.206.65
                                          Sep 1, 2024 20:54:04.065390110 CEST44349742216.58.206.65192.168.2.4
                                          Sep 1, 2024 20:54:04.071023941 CEST44349742216.58.206.65192.168.2.4
                                          Sep 1, 2024 20:54:04.071074009 CEST49742443192.168.2.4216.58.206.65
                                          Sep 1, 2024 20:54:04.071079969 CEST44349742216.58.206.65192.168.2.4
                                          Sep 1, 2024 20:54:04.077951908 CEST44349742216.58.206.65192.168.2.4
                                          Sep 1, 2024 20:54:04.078017950 CEST49742443192.168.2.4216.58.206.65
                                          Sep 1, 2024 20:54:04.078025103 CEST44349742216.58.206.65192.168.2.4
                                          Sep 1, 2024 20:54:04.081764936 CEST44349742216.58.206.65192.168.2.4
                                          Sep 1, 2024 20:54:04.081809998 CEST49742443192.168.2.4216.58.206.65
                                          Sep 1, 2024 20:54:04.081816912 CEST44349742216.58.206.65192.168.2.4
                                          Sep 1, 2024 20:54:04.088447094 CEST44349742216.58.206.65192.168.2.4
                                          Sep 1, 2024 20:54:04.088509083 CEST49742443192.168.2.4216.58.206.65
                                          Sep 1, 2024 20:54:04.088515997 CEST44349742216.58.206.65192.168.2.4
                                          Sep 1, 2024 20:54:04.093399048 CEST44349742216.58.206.65192.168.2.4
                                          Sep 1, 2024 20:54:04.093509912 CEST49742443192.168.2.4216.58.206.65
                                          Sep 1, 2024 20:54:04.093517065 CEST44349742216.58.206.65192.168.2.4
                                          Sep 1, 2024 20:54:04.098802090 CEST44349742216.58.206.65192.168.2.4
                                          Sep 1, 2024 20:54:04.098881960 CEST49742443192.168.2.4216.58.206.65
                                          Sep 1, 2024 20:54:04.098889112 CEST44349742216.58.206.65192.168.2.4
                                          Sep 1, 2024 20:54:04.102504015 CEST44349742216.58.206.65192.168.2.4
                                          Sep 1, 2024 20:54:04.102710009 CEST49742443192.168.2.4216.58.206.65
                                          Sep 1, 2024 20:54:04.102716923 CEST44349742216.58.206.65192.168.2.4
                                          Sep 1, 2024 20:54:04.108163118 CEST44349742216.58.206.65192.168.2.4
                                          Sep 1, 2024 20:54:04.108216047 CEST49742443192.168.2.4216.58.206.65
                                          Sep 1, 2024 20:54:04.108225107 CEST44349742216.58.206.65192.168.2.4
                                          Sep 1, 2024 20:54:04.118552923 CEST44349742216.58.206.65192.168.2.4
                                          Sep 1, 2024 20:54:04.118592978 CEST44349742216.58.206.65192.168.2.4
                                          Sep 1, 2024 20:54:04.118627071 CEST44349742216.58.206.65192.168.2.4
                                          Sep 1, 2024 20:54:04.118650913 CEST49742443192.168.2.4216.58.206.65
                                          Sep 1, 2024 20:54:04.118662119 CEST44349742216.58.206.65192.168.2.4
                                          Sep 1, 2024 20:54:04.118689060 CEST49742443192.168.2.4216.58.206.65
                                          Sep 1, 2024 20:54:04.120836020 CEST44349742216.58.206.65192.168.2.4
                                          Sep 1, 2024 20:54:04.120913029 CEST49742443192.168.2.4216.58.206.65
                                          Sep 1, 2024 20:54:04.120923996 CEST44349742216.58.206.65192.168.2.4
                                          Sep 1, 2024 20:54:04.123759985 CEST44349742216.58.206.65192.168.2.4
                                          Sep 1, 2024 20:54:04.123821974 CEST49742443192.168.2.4216.58.206.65
                                          Sep 1, 2024 20:54:04.123828888 CEST44349742216.58.206.65192.168.2.4
                                          Sep 1, 2024 20:54:04.127142906 CEST44349742216.58.206.65192.168.2.4
                                          Sep 1, 2024 20:54:04.127254009 CEST49742443192.168.2.4216.58.206.65
                                          Sep 1, 2024 20:54:04.127259970 CEST44349742216.58.206.65192.168.2.4
                                          Sep 1, 2024 20:54:04.130467892 CEST44349742216.58.206.65192.168.2.4
                                          Sep 1, 2024 20:54:04.130542040 CEST49742443192.168.2.4216.58.206.65
                                          Sep 1, 2024 20:54:04.130548954 CEST44349742216.58.206.65192.168.2.4
                                          Sep 1, 2024 20:54:04.133855104 CEST44349742216.58.206.65192.168.2.4
                                          Sep 1, 2024 20:54:04.133923054 CEST49742443192.168.2.4216.58.206.65
                                          Sep 1, 2024 20:54:04.133929968 CEST44349742216.58.206.65192.168.2.4
                                          Sep 1, 2024 20:54:04.137371063 CEST44349742216.58.206.65192.168.2.4
                                          Sep 1, 2024 20:54:04.137500048 CEST49742443192.168.2.4216.58.206.65
                                          Sep 1, 2024 20:54:04.137506008 CEST44349742216.58.206.65192.168.2.4
                                          Sep 1, 2024 20:54:04.140624046 CEST44349742216.58.206.65192.168.2.4
                                          Sep 1, 2024 20:54:04.140691042 CEST49742443192.168.2.4216.58.206.65
                                          Sep 1, 2024 20:54:04.140697002 CEST44349742216.58.206.65192.168.2.4
                                          Sep 1, 2024 20:54:04.143891096 CEST44349742216.58.206.65192.168.2.4
                                          Sep 1, 2024 20:54:04.143963099 CEST49742443192.168.2.4216.58.206.65
                                          Sep 1, 2024 20:54:04.143969059 CEST44349742216.58.206.65192.168.2.4
                                          Sep 1, 2024 20:54:04.147337914 CEST44349742216.58.206.65192.168.2.4
                                          Sep 1, 2024 20:54:04.147387028 CEST49742443192.168.2.4216.58.206.65
                                          Sep 1, 2024 20:54:04.147392988 CEST44349742216.58.206.65192.168.2.4
                                          Sep 1, 2024 20:54:04.150640965 CEST44349742216.58.206.65192.168.2.4
                                          Sep 1, 2024 20:54:04.150702000 CEST49742443192.168.2.4216.58.206.65
                                          Sep 1, 2024 20:54:04.150708914 CEST44349742216.58.206.65192.168.2.4
                                          Sep 1, 2024 20:54:04.154145002 CEST44349742216.58.206.65192.168.2.4
                                          Sep 1, 2024 20:54:04.154232025 CEST49742443192.168.2.4216.58.206.65
                                          Sep 1, 2024 20:54:04.154237032 CEST44349742216.58.206.65192.168.2.4
                                          Sep 1, 2024 20:54:04.157808065 CEST44349742216.58.206.65192.168.2.4
                                          Sep 1, 2024 20:54:04.157864094 CEST49742443192.168.2.4216.58.206.65
                                          Sep 1, 2024 20:54:04.157871008 CEST44349742216.58.206.65192.168.2.4
                                          Sep 1, 2024 20:54:04.161812067 CEST44349742216.58.206.65192.168.2.4
                                          Sep 1, 2024 20:54:04.161881924 CEST49742443192.168.2.4216.58.206.65
                                          Sep 1, 2024 20:54:04.161890030 CEST44349742216.58.206.65192.168.2.4
                                          Sep 1, 2024 20:54:04.164871931 CEST44349742216.58.206.65192.168.2.4
                                          Sep 1, 2024 20:54:04.164935112 CEST49742443192.168.2.4216.58.206.65
                                          Sep 1, 2024 20:54:04.164942980 CEST44349742216.58.206.65192.168.2.4
                                          Sep 1, 2024 20:54:04.167947054 CEST44349742216.58.206.65192.168.2.4
                                          Sep 1, 2024 20:54:04.168013096 CEST49742443192.168.2.4216.58.206.65
                                          Sep 1, 2024 20:54:04.168020964 CEST44349742216.58.206.65192.168.2.4
                                          Sep 1, 2024 20:54:04.172241926 CEST44349742216.58.206.65192.168.2.4
                                          Sep 1, 2024 20:54:04.172298908 CEST49742443192.168.2.4216.58.206.65
                                          Sep 1, 2024 20:54:04.172307968 CEST44349742216.58.206.65192.168.2.4
                                          Sep 1, 2024 20:54:04.178778887 CEST44349742216.58.206.65192.168.2.4
                                          Sep 1, 2024 20:54:04.178855896 CEST49742443192.168.2.4216.58.206.65
                                          Sep 1, 2024 20:54:04.178865910 CEST44349742216.58.206.65192.168.2.4
                                          Sep 1, 2024 20:54:04.183933020 CEST44349742216.58.206.65192.168.2.4
                                          Sep 1, 2024 20:54:04.183984041 CEST49742443192.168.2.4216.58.206.65
                                          Sep 1, 2024 20:54:04.183991909 CEST44349742216.58.206.65192.168.2.4
                                          Sep 1, 2024 20:54:04.184715033 CEST44349742216.58.206.65192.168.2.4
                                          Sep 1, 2024 20:54:04.184777975 CEST49742443192.168.2.4216.58.206.65
                                          Sep 1, 2024 20:54:04.184784889 CEST44349742216.58.206.65192.168.2.4
                                          Sep 1, 2024 20:54:04.190160990 CEST44349742216.58.206.65192.168.2.4
                                          Sep 1, 2024 20:54:04.191051960 CEST44349742216.58.206.65192.168.2.4
                                          Sep 1, 2024 20:54:04.191102028 CEST44349742216.58.206.65192.168.2.4
                                          Sep 1, 2024 20:54:04.191112995 CEST49742443192.168.2.4216.58.206.65
                                          Sep 1, 2024 20:54:04.191122055 CEST44349742216.58.206.65192.168.2.4
                                          Sep 1, 2024 20:54:04.191154957 CEST49742443192.168.2.4216.58.206.65
                                          Sep 1, 2024 20:54:04.193018913 CEST44349742216.58.206.65192.168.2.4
                                          Sep 1, 2024 20:54:04.193052053 CEST44349742216.58.206.65192.168.2.4
                                          Sep 1, 2024 20:54:04.193068027 CEST49742443192.168.2.4216.58.206.65
                                          Sep 1, 2024 20:54:04.193077087 CEST44349742216.58.206.65192.168.2.4
                                          Sep 1, 2024 20:54:04.193125010 CEST49742443192.168.2.4216.58.206.65
                                          Sep 1, 2024 20:54:04.195370913 CEST44349742216.58.206.65192.168.2.4
                                          Sep 1, 2024 20:54:04.196338892 CEST44349742216.58.206.65192.168.2.4
                                          Sep 1, 2024 20:54:04.196404934 CEST49742443192.168.2.4216.58.206.65
                                          Sep 1, 2024 20:54:04.196409941 CEST44349742216.58.206.65192.168.2.4
                                          Sep 1, 2024 20:54:04.196423054 CEST44349742216.58.206.65192.168.2.4
                                          Sep 1, 2024 20:54:04.196495056 CEST49742443192.168.2.4216.58.206.65
                                          Sep 1, 2024 20:54:04.231677055 CEST49742443192.168.2.4216.58.206.65
                                          Sep 1, 2024 20:54:04.231698990 CEST44349742216.58.206.65192.168.2.4
                                          Sep 1, 2024 20:54:06.110225916 CEST49760443192.168.2.4172.64.41.3
                                          Sep 1, 2024 20:54:06.110235929 CEST44349760172.64.41.3192.168.2.4
                                          Sep 1, 2024 20:54:06.110295057 CEST49760443192.168.2.4172.64.41.3
                                          Sep 1, 2024 20:54:06.111454010 CEST49761443192.168.2.4162.159.61.3
                                          Sep 1, 2024 20:54:06.111459970 CEST44349761162.159.61.3192.168.2.4
                                          Sep 1, 2024 20:54:06.111713886 CEST49760443192.168.2.4172.64.41.3
                                          Sep 1, 2024 20:54:06.111722946 CEST44349760172.64.41.3192.168.2.4
                                          Sep 1, 2024 20:54:06.111731052 CEST49761443192.168.2.4162.159.61.3
                                          Sep 1, 2024 20:54:06.112700939 CEST49761443192.168.2.4162.159.61.3
                                          Sep 1, 2024 20:54:06.112709999 CEST44349761162.159.61.3192.168.2.4
                                          Sep 1, 2024 20:54:06.250458956 CEST49762443192.168.2.4162.159.61.3
                                          Sep 1, 2024 20:54:06.250468969 CEST44349762162.159.61.3192.168.2.4
                                          Sep 1, 2024 20:54:06.250765085 CEST49762443192.168.2.4162.159.61.3
                                          Sep 1, 2024 20:54:06.251374960 CEST49762443192.168.2.4162.159.61.3
                                          Sep 1, 2024 20:54:06.251384020 CEST44349762162.159.61.3192.168.2.4
                                          Sep 1, 2024 20:54:06.316147089 CEST49763443192.168.2.413.107.246.60
                                          Sep 1, 2024 20:54:06.316174984 CEST4434976313.107.246.60192.168.2.4
                                          Sep 1, 2024 20:54:06.316266060 CEST49764443192.168.2.413.107.246.60
                                          Sep 1, 2024 20:54:06.316282988 CEST4434976413.107.246.60192.168.2.4
                                          Sep 1, 2024 20:54:06.316354036 CEST49763443192.168.2.413.107.246.60
                                          Sep 1, 2024 20:54:06.316616058 CEST49763443192.168.2.413.107.246.60
                                          Sep 1, 2024 20:54:06.316627979 CEST4434976313.107.246.60192.168.2.4
                                          Sep 1, 2024 20:54:06.318209887 CEST49764443192.168.2.413.107.246.60
                                          Sep 1, 2024 20:54:06.318444014 CEST49764443192.168.2.413.107.246.60
                                          Sep 1, 2024 20:54:06.318454981 CEST4434976413.107.246.60192.168.2.4
                                          Sep 1, 2024 20:54:06.371402979 CEST49765443192.168.2.413.107.246.60
                                          Sep 1, 2024 20:54:06.371412039 CEST4434976513.107.246.60192.168.2.4
                                          Sep 1, 2024 20:54:06.371520996 CEST49765443192.168.2.413.107.246.60
                                          Sep 1, 2024 20:54:06.371716976 CEST49765443192.168.2.413.107.246.60
                                          Sep 1, 2024 20:54:06.371726036 CEST4434976513.107.246.60192.168.2.4
                                          Sep 1, 2024 20:54:06.390896082 CEST49766443192.168.2.4184.28.90.27
                                          Sep 1, 2024 20:54:06.390928984 CEST44349766184.28.90.27192.168.2.4
                                          Sep 1, 2024 20:54:06.395631075 CEST49766443192.168.2.4184.28.90.27
                                          Sep 1, 2024 20:54:06.398516893 CEST49766443192.168.2.4184.28.90.27
                                          Sep 1, 2024 20:54:06.398534060 CEST44349766184.28.90.27192.168.2.4
                                          Sep 1, 2024 20:54:06.551073074 CEST44349761162.159.61.3192.168.2.4
                                          Sep 1, 2024 20:54:06.552510977 CEST49761443192.168.2.4162.159.61.3
                                          Sep 1, 2024 20:54:06.552520037 CEST44349761162.159.61.3192.168.2.4
                                          Sep 1, 2024 20:54:06.553651094 CEST44349761162.159.61.3192.168.2.4
                                          Sep 1, 2024 20:54:06.554219961 CEST49761443192.168.2.4162.159.61.3
                                          Sep 1, 2024 20:54:06.558226109 CEST49761443192.168.2.4162.159.61.3
                                          Sep 1, 2024 20:54:06.558336973 CEST44349761162.159.61.3192.168.2.4
                                          Sep 1, 2024 20:54:06.558584929 CEST49761443192.168.2.4162.159.61.3
                                          Sep 1, 2024 20:54:06.577725887 CEST44349760172.64.41.3192.168.2.4
                                          Sep 1, 2024 20:54:06.583070993 CEST49760443192.168.2.4172.64.41.3
                                          Sep 1, 2024 20:54:06.583079100 CEST44349760172.64.41.3192.168.2.4
                                          Sep 1, 2024 20:54:06.584048033 CEST44349760172.64.41.3192.168.2.4
                                          Sep 1, 2024 20:54:06.588500977 CEST44349760172.64.41.3192.168.2.4
                                          Sep 1, 2024 20:54:06.595973969 CEST49760443192.168.2.4172.64.41.3
                                          Sep 1, 2024 20:54:06.595993042 CEST49760443192.168.2.4172.64.41.3
                                          Sep 1, 2024 20:54:06.597182035 CEST49760443192.168.2.4172.64.41.3
                                          Sep 1, 2024 20:54:06.597237110 CEST44349760172.64.41.3192.168.2.4
                                          Sep 1, 2024 20:54:06.597356081 CEST49760443192.168.2.4172.64.41.3
                                          Sep 1, 2024 20:54:06.600502014 CEST44349761162.159.61.3192.168.2.4
                                          Sep 1, 2024 20:54:06.644511938 CEST44349760172.64.41.3192.168.2.4
                                          Sep 1, 2024 20:54:06.672003984 CEST44349761162.159.61.3192.168.2.4
                                          Sep 1, 2024 20:54:06.673242092 CEST49761443192.168.2.4162.159.61.3
                                          Sep 1, 2024 20:54:06.673557997 CEST49761443192.168.2.4162.159.61.3
                                          Sep 1, 2024 20:54:06.673563957 CEST44349761162.159.61.3192.168.2.4
                                          Sep 1, 2024 20:54:06.691543102 CEST49767443192.168.2.435.190.72.216
                                          Sep 1, 2024 20:54:06.691581964 CEST4434976735.190.72.216192.168.2.4
                                          Sep 1, 2024 20:54:06.691962957 CEST49767443192.168.2.435.190.72.216
                                          Sep 1, 2024 20:54:06.697454929 CEST49767443192.168.2.435.190.72.216
                                          Sep 1, 2024 20:54:06.697472095 CEST4434976735.190.72.216192.168.2.4
                                          Sep 1, 2024 20:54:06.710208893 CEST44349760172.64.41.3192.168.2.4
                                          Sep 1, 2024 20:54:06.710650921 CEST49760443192.168.2.4172.64.41.3
                                          Sep 1, 2024 20:54:06.710985899 CEST49760443192.168.2.4172.64.41.3
                                          Sep 1, 2024 20:54:06.710990906 CEST44349760172.64.41.3192.168.2.4
                                          Sep 1, 2024 20:54:06.715054035 CEST44349762162.159.61.3192.168.2.4
                                          Sep 1, 2024 20:54:06.715456009 CEST49762443192.168.2.4162.159.61.3
                                          Sep 1, 2024 20:54:06.715461016 CEST44349762162.159.61.3192.168.2.4
                                          Sep 1, 2024 20:54:06.716299057 CEST44349762162.159.61.3192.168.2.4
                                          Sep 1, 2024 20:54:06.719679117 CEST49762443192.168.2.4162.159.61.3
                                          Sep 1, 2024 20:54:06.723751068 CEST49762443192.168.2.4162.159.61.3
                                          Sep 1, 2024 20:54:06.723803043 CEST44349762162.159.61.3192.168.2.4
                                          Sep 1, 2024 20:54:06.723898888 CEST49762443192.168.2.4162.159.61.3
                                          Sep 1, 2024 20:54:06.764497995 CEST44349762162.159.61.3192.168.2.4
                                          Sep 1, 2024 20:54:06.764847040 CEST49762443192.168.2.4162.159.61.3
                                          Sep 1, 2024 20:54:06.764861107 CEST44349762162.159.61.3192.168.2.4
                                          Sep 1, 2024 20:54:06.852808952 CEST44349762162.159.61.3192.168.2.4
                                          Sep 1, 2024 20:54:06.852860928 CEST49762443192.168.2.4162.159.61.3
                                          Sep 1, 2024 20:54:06.853059053 CEST49762443192.168.2.4162.159.61.3
                                          Sep 1, 2024 20:54:06.853063107 CEST44349762162.159.61.3192.168.2.4
                                          Sep 1, 2024 20:54:06.928195953 CEST4434976413.107.246.60192.168.2.4
                                          Sep 1, 2024 20:54:06.929699898 CEST49764443192.168.2.413.107.246.60
                                          Sep 1, 2024 20:54:06.929712057 CEST4434976413.107.246.60192.168.2.4
                                          Sep 1, 2024 20:54:06.930571079 CEST4434976413.107.246.60192.168.2.4
                                          Sep 1, 2024 20:54:06.932301044 CEST49764443192.168.2.413.107.246.60
                                          Sep 1, 2024 20:54:06.933276892 CEST49764443192.168.2.413.107.246.60
                                          Sep 1, 2024 20:54:06.933327913 CEST4434976413.107.246.60192.168.2.4
                                          Sep 1, 2024 20:54:06.933439970 CEST49764443192.168.2.413.107.246.60
                                          Sep 1, 2024 20:54:06.976495981 CEST4434976413.107.246.60192.168.2.4
                                          Sep 1, 2024 20:54:06.980556965 CEST4434976513.107.246.60192.168.2.4
                                          Sep 1, 2024 20:54:06.981708050 CEST49765443192.168.2.413.107.246.60
                                          Sep 1, 2024 20:54:06.981719017 CEST4434976513.107.246.60192.168.2.4
                                          Sep 1, 2024 20:54:06.982585907 CEST4434976513.107.246.60192.168.2.4
                                          Sep 1, 2024 20:54:06.982723951 CEST49765443192.168.2.413.107.246.60
                                          Sep 1, 2024 20:54:06.983052015 CEST49765443192.168.2.413.107.246.60
                                          Sep 1, 2024 20:54:06.983102083 CEST4434976513.107.246.60192.168.2.4
                                          Sep 1, 2024 20:54:06.983186007 CEST49765443192.168.2.413.107.246.60
                                          Sep 1, 2024 20:54:06.984446049 CEST4434976313.107.246.60192.168.2.4
                                          Sep 1, 2024 20:54:06.986342907 CEST49763443192.168.2.413.107.246.60
                                          Sep 1, 2024 20:54:06.986349106 CEST4434976313.107.246.60192.168.2.4
                                          Sep 1, 2024 20:54:06.987224102 CEST4434976313.107.246.60192.168.2.4
                                          Sep 1, 2024 20:54:06.992502928 CEST4434976313.107.246.60192.168.2.4
                                          Sep 1, 2024 20:54:07.000638008 CEST49763443192.168.2.413.107.246.60
                                          Sep 1, 2024 20:54:07.000731945 CEST49763443192.168.2.413.107.246.60
                                          Sep 1, 2024 20:54:07.007679939 CEST49763443192.168.2.413.107.246.60
                                          Sep 1, 2024 20:54:07.007741928 CEST4434976313.107.246.60192.168.2.4
                                          Sep 1, 2024 20:54:07.007963896 CEST49763443192.168.2.413.107.246.60
                                          Sep 1, 2024 20:54:07.011671066 CEST44349766184.28.90.27192.168.2.4
                                          Sep 1, 2024 20:54:07.012237072 CEST49766443192.168.2.4184.28.90.27
                                          Sep 1, 2024 20:54:07.021282911 CEST49766443192.168.2.4184.28.90.27
                                          Sep 1, 2024 20:54:07.021296978 CEST44349766184.28.90.27192.168.2.4
                                          Sep 1, 2024 20:54:07.021497011 CEST44349766184.28.90.27192.168.2.4
                                          Sep 1, 2024 20:54:07.024502993 CEST4434976513.107.246.60192.168.2.4
                                          Sep 1, 2024 20:54:07.026995897 CEST4434976413.107.246.60192.168.2.4
                                          Sep 1, 2024 20:54:07.027029037 CEST4434976413.107.246.60192.168.2.4
                                          Sep 1, 2024 20:54:07.027209044 CEST4434976413.107.246.60192.168.2.4
                                          Sep 1, 2024 20:54:07.030920982 CEST49764443192.168.2.413.107.246.60
                                          Sep 1, 2024 20:54:07.048507929 CEST4434976313.107.246.60192.168.2.4
                                          Sep 1, 2024 20:54:07.066250086 CEST49764443192.168.2.413.107.246.60
                                          Sep 1, 2024 20:54:07.066257954 CEST4434976413.107.246.60192.168.2.4
                                          Sep 1, 2024 20:54:07.075948954 CEST49765443192.168.2.413.107.246.60
                                          Sep 1, 2024 20:54:07.075954914 CEST4434976513.107.246.60192.168.2.4
                                          Sep 1, 2024 20:54:07.075973988 CEST49763443192.168.2.413.107.246.60
                                          Sep 1, 2024 20:54:07.075980902 CEST4434976313.107.246.60192.168.2.4
                                          Sep 1, 2024 20:54:07.111334085 CEST4434976313.107.246.60192.168.2.4
                                          Sep 1, 2024 20:54:07.111344099 CEST4434976313.107.246.60192.168.2.4
                                          Sep 1, 2024 20:54:07.111382961 CEST4434976313.107.246.60192.168.2.4
                                          Sep 1, 2024 20:54:07.111401081 CEST4434976313.107.246.60192.168.2.4
                                          Sep 1, 2024 20:54:07.111413002 CEST4434976313.107.246.60192.168.2.4
                                          Sep 1, 2024 20:54:07.111886978 CEST49763443192.168.2.413.107.246.60
                                          Sep 1, 2024 20:54:07.111901045 CEST4434976313.107.246.60192.168.2.4
                                          Sep 1, 2024 20:54:07.111955881 CEST49763443192.168.2.413.107.246.60
                                          Sep 1, 2024 20:54:07.111960888 CEST4434976313.107.246.60192.168.2.4
                                          Sep 1, 2024 20:54:07.127609015 CEST49766443192.168.2.4184.28.90.27
                                          Sep 1, 2024 20:54:07.136902094 CEST4434976735.190.72.216192.168.2.4
                                          Sep 1, 2024 20:54:07.141710043 CEST49767443192.168.2.435.190.72.216
                                          Sep 1, 2024 20:54:07.150149107 CEST49766443192.168.2.4184.28.90.27
                                          Sep 1, 2024 20:54:07.155715942 CEST49767443192.168.2.435.190.72.216
                                          Sep 1, 2024 20:54:07.155734062 CEST4434976735.190.72.216192.168.2.4
                                          Sep 1, 2024 20:54:07.155857086 CEST4434976735.190.72.216192.168.2.4
                                          Sep 1, 2024 20:54:07.155911922 CEST49767443192.168.2.435.190.72.216
                                          Sep 1, 2024 20:54:07.155920029 CEST4434976735.190.72.216192.168.2.4
                                          Sep 1, 2024 20:54:07.156162977 CEST49767443192.168.2.435.190.72.216
                                          Sep 1, 2024 20:54:07.192507982 CEST44349766184.28.90.27192.168.2.4
                                          Sep 1, 2024 20:54:07.202372074 CEST4434976313.107.246.60192.168.2.4
                                          Sep 1, 2024 20:54:07.202379942 CEST4434976313.107.246.60192.168.2.4
                                          Sep 1, 2024 20:54:07.202394962 CEST4434976313.107.246.60192.168.2.4
                                          Sep 1, 2024 20:54:07.202435017 CEST4434976313.107.246.60192.168.2.4
                                          Sep 1, 2024 20:54:07.203777075 CEST49763443192.168.2.413.107.246.60
                                          Sep 1, 2024 20:54:07.203784943 CEST4434976313.107.246.60192.168.2.4
                                          Sep 1, 2024 20:54:07.203808069 CEST49763443192.168.2.413.107.246.60
                                          Sep 1, 2024 20:54:07.204719067 CEST4434976313.107.246.60192.168.2.4
                                          Sep 1, 2024 20:54:07.204725981 CEST4434976313.107.246.60192.168.2.4
                                          Sep 1, 2024 20:54:07.204734087 CEST4434976313.107.246.60192.168.2.4
                                          Sep 1, 2024 20:54:07.204756975 CEST4434976313.107.246.60192.168.2.4
                                          Sep 1, 2024 20:54:07.205121040 CEST49763443192.168.2.413.107.246.60
                                          Sep 1, 2024 20:54:07.205127954 CEST4434976313.107.246.60192.168.2.4
                                          Sep 1, 2024 20:54:07.205137968 CEST49763443192.168.2.413.107.246.60
                                          Sep 1, 2024 20:54:07.272109032 CEST49765443192.168.2.413.107.246.60
                                          Sep 1, 2024 20:54:07.272206068 CEST49763443192.168.2.413.107.246.60
                                          Sep 1, 2024 20:54:07.291281939 CEST4434976313.107.246.60192.168.2.4
                                          Sep 1, 2024 20:54:07.291292906 CEST4434976313.107.246.60192.168.2.4
                                          Sep 1, 2024 20:54:07.291341066 CEST4434976313.107.246.60192.168.2.4
                                          Sep 1, 2024 20:54:07.291352034 CEST4434976313.107.246.60192.168.2.4
                                          Sep 1, 2024 20:54:07.291363001 CEST4434976313.107.246.60192.168.2.4
                                          Sep 1, 2024 20:54:07.291368961 CEST4434976313.107.246.60192.168.2.4
                                          Sep 1, 2024 20:54:07.292072058 CEST4434976313.107.246.60192.168.2.4
                                          Sep 1, 2024 20:54:07.292081118 CEST4434976313.107.246.60192.168.2.4
                                          Sep 1, 2024 20:54:07.292130947 CEST4434976313.107.246.60192.168.2.4
                                          Sep 1, 2024 20:54:07.299799919 CEST49763443192.168.2.413.107.246.60
                                          Sep 1, 2024 20:54:07.300396919 CEST49763443192.168.2.413.107.246.60
                                          Sep 1, 2024 20:54:07.311212063 CEST49763443192.168.2.413.107.246.60
                                          Sep 1, 2024 20:54:07.311220884 CEST4434976313.107.246.60192.168.2.4
                                          Sep 1, 2024 20:54:07.325009108 CEST44349766184.28.90.27192.168.2.4
                                          Sep 1, 2024 20:54:07.325262070 CEST44349766184.28.90.27192.168.2.4
                                          Sep 1, 2024 20:54:07.325920105 CEST49766443192.168.2.4184.28.90.27
                                          Sep 1, 2024 20:54:07.336775064 CEST49766443192.168.2.4184.28.90.27
                                          Sep 1, 2024 20:54:07.336796045 CEST44349766184.28.90.27192.168.2.4
                                          Sep 1, 2024 20:54:07.336806059 CEST49766443192.168.2.4184.28.90.27
                                          Sep 1, 2024 20:54:07.336813927 CEST44349766184.28.90.27192.168.2.4
                                          Sep 1, 2024 20:54:07.388848066 CEST49768443192.168.2.4184.28.90.27
                                          Sep 1, 2024 20:54:07.388895035 CEST44349768184.28.90.27192.168.2.4
                                          Sep 1, 2024 20:54:07.390249968 CEST49768443192.168.2.4184.28.90.27
                                          Sep 1, 2024 20:54:07.390610933 CEST49768443192.168.2.4184.28.90.27
                                          Sep 1, 2024 20:54:07.390628099 CEST44349768184.28.90.27192.168.2.4
                                          Sep 1, 2024 20:54:07.601160049 CEST49769443192.168.2.4162.159.61.3
                                          Sep 1, 2024 20:54:07.601181030 CEST44349769162.159.61.3192.168.2.4
                                          Sep 1, 2024 20:54:07.601257086 CEST49769443192.168.2.4162.159.61.3
                                          Sep 1, 2024 20:54:07.601358891 CEST49770443192.168.2.4162.159.61.3
                                          Sep 1, 2024 20:54:07.601365089 CEST44349770162.159.61.3192.168.2.4
                                          Sep 1, 2024 20:54:07.601598978 CEST49769443192.168.2.4162.159.61.3
                                          Sep 1, 2024 20:54:07.601605892 CEST44349769162.159.61.3192.168.2.4
                                          Sep 1, 2024 20:54:07.601676941 CEST49770443192.168.2.4162.159.61.3
                                          Sep 1, 2024 20:54:07.601830006 CEST49770443192.168.2.4162.159.61.3
                                          Sep 1, 2024 20:54:07.601840019 CEST44349770162.159.61.3192.168.2.4
                                          Sep 1, 2024 20:54:07.959284067 CEST4434976513.107.246.60192.168.2.4
                                          Sep 1, 2024 20:54:07.959300995 CEST4434976513.107.246.60192.168.2.4
                                          Sep 1, 2024 20:54:07.959306955 CEST4434976513.107.246.60192.168.2.4
                                          Sep 1, 2024 20:54:07.959320068 CEST4434976513.107.246.60192.168.2.4
                                          Sep 1, 2024 20:54:07.959326029 CEST4434976513.107.246.60192.168.2.4
                                          Sep 1, 2024 20:54:07.959333897 CEST4434976513.107.246.60192.168.2.4
                                          Sep 1, 2024 20:54:07.962419987 CEST49765443192.168.2.413.107.246.60
                                          Sep 1, 2024 20:54:07.962440968 CEST4434976513.107.246.60192.168.2.4
                                          Sep 1, 2024 20:54:07.963560104 CEST49765443192.168.2.413.107.246.60
                                          Sep 1, 2024 20:54:07.964258909 CEST4434976513.107.246.60192.168.2.4
                                          Sep 1, 2024 20:54:07.964267015 CEST4434976513.107.246.60192.168.2.4
                                          Sep 1, 2024 20:54:07.964289904 CEST4434976513.107.246.60192.168.2.4
                                          Sep 1, 2024 20:54:07.964298964 CEST4434976513.107.246.60192.168.2.4
                                          Sep 1, 2024 20:54:07.964312077 CEST4434976513.107.246.60192.168.2.4
                                          Sep 1, 2024 20:54:07.964318037 CEST4434976513.107.246.60192.168.2.4
                                          Sep 1, 2024 20:54:07.964643002 CEST4977180192.168.2.434.107.221.82
                                          Sep 1, 2024 20:54:07.966463089 CEST49765443192.168.2.413.107.246.60
                                          Sep 1, 2024 20:54:07.966912985 CEST49765443192.168.2.413.107.246.60
                                          Sep 1, 2024 20:54:07.967660904 CEST4434976513.107.246.60192.168.2.4
                                          Sep 1, 2024 20:54:07.967668056 CEST4434976513.107.246.60192.168.2.4
                                          Sep 1, 2024 20:54:07.967684031 CEST4434976513.107.246.60192.168.2.4
                                          Sep 1, 2024 20:54:07.967690945 CEST4434976513.107.246.60192.168.2.4
                                          Sep 1, 2024 20:54:07.967705965 CEST4434976513.107.246.60192.168.2.4
                                          Sep 1, 2024 20:54:07.967715025 CEST4434976513.107.246.60192.168.2.4
                                          Sep 1, 2024 20:54:07.967741966 CEST49765443192.168.2.413.107.246.60
                                          Sep 1, 2024 20:54:07.967951059 CEST49765443192.168.2.413.107.246.60
                                          Sep 1, 2024 20:54:07.970303059 CEST4434976513.107.246.60192.168.2.4
                                          Sep 1, 2024 20:54:07.970309973 CEST4434976513.107.246.60192.168.2.4
                                          Sep 1, 2024 20:54:07.970335960 CEST4434976513.107.246.60192.168.2.4
                                          Sep 1, 2024 20:54:07.970344067 CEST4434976513.107.246.60192.168.2.4
                                          Sep 1, 2024 20:54:07.970487118 CEST49765443192.168.2.413.107.246.60
                                          Sep 1, 2024 20:54:07.970491886 CEST4434976513.107.246.60192.168.2.4
                                          Sep 1, 2024 20:54:07.970539093 CEST804977134.107.221.82192.168.2.4
                                          Sep 1, 2024 20:54:07.973303080 CEST4434976513.107.246.60192.168.2.4
                                          Sep 1, 2024 20:54:07.973311901 CEST4434976513.107.246.60192.168.2.4
                                          Sep 1, 2024 20:54:07.973324060 CEST4434976513.107.246.60192.168.2.4
                                          Sep 1, 2024 20:54:07.973332882 CEST49765443192.168.2.413.107.246.60
                                          Sep 1, 2024 20:54:07.973332882 CEST4434976513.107.246.60192.168.2.4
                                          Sep 1, 2024 20:54:07.973341942 CEST4434976513.107.246.60192.168.2.4
                                          Sep 1, 2024 20:54:07.973381042 CEST4977180192.168.2.434.107.221.82
                                          Sep 1, 2024 20:54:07.973726034 CEST4977180192.168.2.434.107.221.82
                                          Sep 1, 2024 20:54:07.975529909 CEST4434976513.107.246.60192.168.2.4
                                          Sep 1, 2024 20:54:07.975560904 CEST4434976513.107.246.60192.168.2.4
                                          Sep 1, 2024 20:54:07.975572109 CEST4434976513.107.246.60192.168.2.4
                                          Sep 1, 2024 20:54:07.975584030 CEST4434976513.107.246.60192.168.2.4
                                          Sep 1, 2024 20:54:07.978039026 CEST4434976513.107.246.60192.168.2.4
                                          Sep 1, 2024 20:54:07.978066921 CEST4434976513.107.246.60192.168.2.4
                                          Sep 1, 2024 20:54:07.978075981 CEST4434976513.107.246.60192.168.2.4
                                          Sep 1, 2024 20:54:07.978600025 CEST49765443192.168.2.413.107.246.60
                                          Sep 1, 2024 20:54:07.978605032 CEST4434976513.107.246.60192.168.2.4
                                          Sep 1, 2024 20:54:07.980361938 CEST804977134.107.221.82192.168.2.4
                                          Sep 1, 2024 20:54:07.983125925 CEST49765443192.168.2.413.107.246.60
                                          Sep 1, 2024 20:54:07.984318972 CEST49765443192.168.2.413.107.246.60
                                          Sep 1, 2024 20:54:07.984323978 CEST4434976513.107.246.60192.168.2.4
                                          Sep 1, 2024 20:54:07.988034010 CEST49765443192.168.2.413.107.246.60
                                          Sep 1, 2024 20:54:07.988095999 CEST49765443192.168.2.413.107.246.60
                                          Sep 1, 2024 20:54:07.999792099 CEST44349768184.28.90.27192.168.2.4
                                          Sep 1, 2024 20:54:08.001409054 CEST49768443192.168.2.4184.28.90.27
                                          Sep 1, 2024 20:54:08.031203032 CEST49768443192.168.2.4184.28.90.27
                                          Sep 1, 2024 20:54:08.031229019 CEST44349768184.28.90.27192.168.2.4
                                          Sep 1, 2024 20:54:08.031418085 CEST44349768184.28.90.27192.168.2.4
                                          Sep 1, 2024 20:54:08.045773983 CEST49768443192.168.2.4184.28.90.27
                                          Sep 1, 2024 20:54:08.052594900 CEST4434976513.107.246.60192.168.2.4
                                          Sep 1, 2024 20:54:08.052601099 CEST44349770162.159.61.3192.168.2.4
                                          Sep 1, 2024 20:54:08.052613020 CEST4434976513.107.246.60192.168.2.4
                                          Sep 1, 2024 20:54:08.053359985 CEST49765443192.168.2.413.107.246.60
                                          Sep 1, 2024 20:54:08.053365946 CEST4434976513.107.246.60192.168.2.4
                                          Sep 1, 2024 20:54:08.054927111 CEST4434976513.107.246.60192.168.2.4
                                          Sep 1, 2024 20:54:08.054949999 CEST4434976513.107.246.60192.168.2.4
                                          Sep 1, 2024 20:54:08.056785107 CEST4434976513.107.246.60192.168.2.4
                                          Sep 1, 2024 20:54:08.056797028 CEST4434976513.107.246.60192.168.2.4
                                          Sep 1, 2024 20:54:08.059627056 CEST4434976513.107.246.60192.168.2.4
                                          Sep 1, 2024 20:54:08.059655905 CEST4434976513.107.246.60192.168.2.4
                                          Sep 1, 2024 20:54:08.059719086 CEST49765443192.168.2.413.107.246.60
                                          Sep 1, 2024 20:54:08.059722900 CEST4434976513.107.246.60192.168.2.4
                                          Sep 1, 2024 20:54:08.062026024 CEST44349769162.159.61.3192.168.2.4
                                          Sep 1, 2024 20:54:08.062247038 CEST4434976513.107.246.60192.168.2.4
                                          Sep 1, 2024 20:54:08.062259912 CEST4434976513.107.246.60192.168.2.4
                                          Sep 1, 2024 20:54:08.064081907 CEST4434976513.107.246.60192.168.2.4
                                          Sep 1, 2024 20:54:08.064096928 CEST4434976513.107.246.60192.168.2.4
                                          Sep 1, 2024 20:54:08.066817999 CEST4434976513.107.246.60192.168.2.4
                                          Sep 1, 2024 20:54:08.074767113 CEST49765443192.168.2.413.107.246.60
                                          Sep 1, 2024 20:54:08.074774027 CEST4434976513.107.246.60192.168.2.4
                                          Sep 1, 2024 20:54:08.077061892 CEST49765443192.168.2.413.107.246.60
                                          Sep 1, 2024 20:54:08.077096939 CEST49765443192.168.2.413.107.246.60
                                          Sep 1, 2024 20:54:08.077145100 CEST49765443192.168.2.413.107.246.60
                                          Sep 1, 2024 20:54:08.077148914 CEST4434976513.107.246.60192.168.2.4
                                          Sep 1, 2024 20:54:08.077198029 CEST49765443192.168.2.413.107.246.60
                                          Sep 1, 2024 20:54:08.077234983 CEST49765443192.168.2.413.107.246.60
                                          Sep 1, 2024 20:54:08.077264071 CEST49765443192.168.2.413.107.246.60
                                          Sep 1, 2024 20:54:08.077296019 CEST49765443192.168.2.413.107.246.60
                                          Sep 1, 2024 20:54:08.077331066 CEST49765443192.168.2.413.107.246.60
                                          Sep 1, 2024 20:54:08.088502884 CEST44349768184.28.90.27192.168.2.4
                                          Sep 1, 2024 20:54:08.098109007 CEST49770443192.168.2.4162.159.61.3
                                          Sep 1, 2024 20:54:08.098123074 CEST44349770162.159.61.3192.168.2.4
                                          Sep 1, 2024 20:54:08.098213911 CEST49769443192.168.2.4162.159.61.3
                                          Sep 1, 2024 20:54:08.098218918 CEST44349769162.159.61.3192.168.2.4
                                          Sep 1, 2024 20:54:08.098417044 CEST44349770162.159.61.3192.168.2.4
                                          Sep 1, 2024 20:54:08.098536015 CEST44349769162.159.61.3192.168.2.4
                                          Sep 1, 2024 20:54:08.099172115 CEST49765443192.168.2.413.107.246.60
                                          Sep 1, 2024 20:54:08.099242926 CEST49765443192.168.2.413.107.246.60
                                          Sep 1, 2024 20:54:08.101186037 CEST49770443192.168.2.4162.159.61.3
                                          Sep 1, 2024 20:54:08.101244926 CEST44349770162.159.61.3192.168.2.4
                                          Sep 1, 2024 20:54:08.101449013 CEST49769443192.168.2.4162.159.61.3
                                          Sep 1, 2024 20:54:08.101491928 CEST44349769162.159.61.3192.168.2.4
                                          Sep 1, 2024 20:54:08.135077000 CEST4434976513.107.246.60192.168.2.4
                                          Sep 1, 2024 20:54:08.135093927 CEST4434976513.107.246.60192.168.2.4
                                          Sep 1, 2024 20:54:08.137020111 CEST4434976513.107.246.60192.168.2.4
                                          Sep 1, 2024 20:54:08.137046099 CEST4434976513.107.246.60192.168.2.4
                                          Sep 1, 2024 20:54:08.138830900 CEST4434976513.107.246.60192.168.2.4
                                          Sep 1, 2024 20:54:08.138844013 CEST4434976513.107.246.60192.168.2.4
                                          Sep 1, 2024 20:54:08.140381098 CEST49765443192.168.2.413.107.246.60
                                          Sep 1, 2024 20:54:08.140386105 CEST4434976513.107.246.60192.168.2.4
                                          Sep 1, 2024 20:54:08.141482115 CEST4434976513.107.246.60192.168.2.4
                                          Sep 1, 2024 20:54:08.141499043 CEST4434976513.107.246.60192.168.2.4
                                          Sep 1, 2024 20:54:08.142256975 CEST4434976513.107.246.60192.168.2.4
                                          Sep 1, 2024 20:54:08.142286062 CEST4434976513.107.246.60192.168.2.4
                                          Sep 1, 2024 20:54:08.142307997 CEST4434976513.107.246.60192.168.2.4
                                          Sep 1, 2024 20:54:08.155499935 CEST49765443192.168.2.413.107.246.60
                                          Sep 1, 2024 20:54:08.170481920 CEST49765443192.168.2.413.107.246.60
                                          Sep 1, 2024 20:54:08.185718060 CEST49765443192.168.2.413.107.246.60
                                          Sep 1, 2024 20:54:08.195719957 CEST49765443192.168.2.413.107.246.60
                                          Sep 1, 2024 20:54:08.207806110 CEST49765443192.168.2.413.107.246.60
                                          Sep 1, 2024 20:54:08.257503986 CEST44349768184.28.90.27192.168.2.4
                                          Sep 1, 2024 20:54:08.257548094 CEST44349768184.28.90.27192.168.2.4
                                          Sep 1, 2024 20:54:08.266968012 CEST49768443192.168.2.4184.28.90.27
                                          Sep 1, 2024 20:54:08.267036915 CEST49770443192.168.2.4162.159.61.3
                                          Sep 1, 2024 20:54:08.267036915 CEST49769443192.168.2.4162.159.61.3
                                          Sep 1, 2024 20:54:08.302994967 CEST49765443192.168.2.413.107.246.60
                                          Sep 1, 2024 20:54:08.381650925 CEST49765443192.168.2.413.107.246.60
                                          Sep 1, 2024 20:54:08.381660938 CEST4434976513.107.246.60192.168.2.4
                                          Sep 1, 2024 20:54:08.401715040 CEST49772443192.168.2.4142.250.81.238
                                          Sep 1, 2024 20:54:08.401731968 CEST44349772142.250.81.238192.168.2.4
                                          Sep 1, 2024 20:54:08.401849031 CEST49773443192.168.2.4142.250.81.238
                                          Sep 1, 2024 20:54:08.401863098 CEST44349773142.250.81.238192.168.2.4
                                          Sep 1, 2024 20:54:08.406948090 CEST49772443192.168.2.4142.250.81.238
                                          Sep 1, 2024 20:54:08.407078028 CEST49773443192.168.2.4142.250.81.238
                                          Sep 1, 2024 20:54:08.410265923 CEST804977134.107.221.82192.168.2.4
                                          Sep 1, 2024 20:54:08.411674976 CEST49773443192.168.2.4142.250.81.238
                                          Sep 1, 2024 20:54:08.411689997 CEST44349773142.250.81.238192.168.2.4
                                          Sep 1, 2024 20:54:08.411794901 CEST49772443192.168.2.4142.250.81.238
                                          Sep 1, 2024 20:54:08.411806107 CEST44349772142.250.81.238192.168.2.4
                                          Sep 1, 2024 20:54:08.431420088 CEST5108553192.168.2.41.1.1.1
                                          Sep 1, 2024 20:54:08.436269045 CEST53510851.1.1.1192.168.2.4
                                          Sep 1, 2024 20:54:08.442276001 CEST5108553192.168.2.41.1.1.1
                                          Sep 1, 2024 20:54:08.447520018 CEST5108553192.168.2.41.1.1.1
                                          Sep 1, 2024 20:54:08.454341888 CEST53510851.1.1.1192.168.2.4
                                          Sep 1, 2024 20:54:08.536232948 CEST4977180192.168.2.434.107.221.82
                                          Sep 1, 2024 20:54:08.537369013 CEST49768443192.168.2.4184.28.90.27
                                          Sep 1, 2024 20:54:08.537389040 CEST44349768184.28.90.27192.168.2.4
                                          Sep 1, 2024 20:54:08.537408113 CEST49768443192.168.2.4184.28.90.27
                                          Sep 1, 2024 20:54:08.537415028 CEST44349768184.28.90.27192.168.2.4
                                          Sep 1, 2024 20:54:08.540704966 CEST5108680192.168.2.434.107.221.82
                                          Sep 1, 2024 20:54:08.545845985 CEST805108634.107.221.82192.168.2.4
                                          Sep 1, 2024 20:54:08.546458960 CEST5108680192.168.2.434.107.221.82
                                          Sep 1, 2024 20:54:08.546746969 CEST5108680192.168.2.434.107.221.82
                                          Sep 1, 2024 20:54:08.551629066 CEST805108634.107.221.82192.168.2.4
                                          Sep 1, 2024 20:54:08.632544041 CEST51087443192.168.2.413.107.246.40
                                          Sep 1, 2024 20:54:08.632570028 CEST4435108713.107.246.40192.168.2.4
                                          Sep 1, 2024 20:54:08.632675886 CEST51088443192.168.2.413.107.246.40
                                          Sep 1, 2024 20:54:08.632700920 CEST4435108813.107.246.40192.168.2.4
                                          Sep 1, 2024 20:54:08.632807970 CEST51089443192.168.2.413.107.246.40
                                          Sep 1, 2024 20:54:08.632828951 CEST4435108913.107.246.40192.168.2.4
                                          Sep 1, 2024 20:54:08.632967949 CEST51090443192.168.2.413.107.246.40
                                          Sep 1, 2024 20:54:08.632977962 CEST4435109013.107.246.40192.168.2.4
                                          Sep 1, 2024 20:54:08.633270979 CEST51091443192.168.2.413.107.246.40
                                          Sep 1, 2024 20:54:08.633280039 CEST4435109113.107.246.40192.168.2.4
                                          Sep 1, 2024 20:54:08.633497953 CEST51092443192.168.2.413.107.246.40
                                          Sep 1, 2024 20:54:08.633505106 CEST4435109213.107.246.40192.168.2.4
                                          Sep 1, 2024 20:54:08.634366035 CEST51087443192.168.2.413.107.246.40
                                          Sep 1, 2024 20:54:08.634381056 CEST51088443192.168.2.413.107.246.40
                                          Sep 1, 2024 20:54:08.634381056 CEST51089443192.168.2.413.107.246.40
                                          Sep 1, 2024 20:54:08.634483099 CEST51091443192.168.2.413.107.246.40
                                          Sep 1, 2024 20:54:08.634485006 CEST51090443192.168.2.413.107.246.40
                                          Sep 1, 2024 20:54:08.634485006 CEST51092443192.168.2.413.107.246.40
                                          Sep 1, 2024 20:54:08.634850979 CEST51092443192.168.2.413.107.246.40
                                          Sep 1, 2024 20:54:08.634865046 CEST4435109213.107.246.40192.168.2.4
                                          Sep 1, 2024 20:54:08.634867907 CEST51091443192.168.2.413.107.246.40
                                          Sep 1, 2024 20:54:08.634884119 CEST4435109113.107.246.40192.168.2.4
                                          Sep 1, 2024 20:54:08.634962082 CEST51090443192.168.2.413.107.246.40
                                          Sep 1, 2024 20:54:08.634974003 CEST4435109013.107.246.40192.168.2.4
                                          Sep 1, 2024 20:54:08.635086060 CEST51089443192.168.2.413.107.246.40
                                          Sep 1, 2024 20:54:08.635097980 CEST4435108913.107.246.40192.168.2.4
                                          Sep 1, 2024 20:54:08.635179043 CEST51088443192.168.2.413.107.246.40
                                          Sep 1, 2024 20:54:08.635190964 CEST4435108813.107.246.40192.168.2.4
                                          Sep 1, 2024 20:54:08.635299921 CEST51087443192.168.2.413.107.246.40
                                          Sep 1, 2024 20:54:08.635315895 CEST4435108713.107.246.40192.168.2.4
                                          Sep 1, 2024 20:54:08.670242071 CEST51093443192.168.2.4142.251.35.164
                                          Sep 1, 2024 20:54:08.670272112 CEST44351093142.251.35.164192.168.2.4
                                          Sep 1, 2024 20:54:08.676098108 CEST51093443192.168.2.4142.251.35.164
                                          Sep 1, 2024 20:54:08.680737972 CEST51093443192.168.2.4142.251.35.164
                                          Sep 1, 2024 20:54:08.680754900 CEST44351093142.251.35.164192.168.2.4
                                          Sep 1, 2024 20:54:08.848401070 CEST44349773142.250.81.238192.168.2.4
                                          Sep 1, 2024 20:54:08.854439020 CEST44349772142.250.81.238192.168.2.4
                                          Sep 1, 2024 20:54:08.855370998 CEST49773443192.168.2.4142.250.81.238
                                          Sep 1, 2024 20:54:08.855381012 CEST44349773142.250.81.238192.168.2.4
                                          Sep 1, 2024 20:54:08.855480909 CEST49772443192.168.2.4142.250.81.238
                                          Sep 1, 2024 20:54:08.855494976 CEST44349772142.250.81.238192.168.2.4
                                          Sep 1, 2024 20:54:08.855715036 CEST44349773142.250.81.238192.168.2.4
                                          Sep 1, 2024 20:54:08.855814934 CEST44349772142.250.81.238192.168.2.4
                                          Sep 1, 2024 20:54:08.856312990 CEST44349773142.250.81.238192.168.2.4
                                          Sep 1, 2024 20:54:08.856404066 CEST44349772142.250.81.238192.168.2.4
                                          Sep 1, 2024 20:54:08.872497082 CEST44349773142.250.81.238192.168.2.4
                                          Sep 1, 2024 20:54:08.872498989 CEST44349772142.250.81.238192.168.2.4
                                          Sep 1, 2024 20:54:08.877432108 CEST49773443192.168.2.4142.250.81.238
                                          Sep 1, 2024 20:54:08.877435923 CEST49772443192.168.2.4142.250.81.238
                                          Sep 1, 2024 20:54:08.879381895 CEST49772443192.168.2.4142.250.81.238
                                          Sep 1, 2024 20:54:08.879442930 CEST44349772142.250.81.238192.168.2.4
                                          Sep 1, 2024 20:54:08.879476070 CEST49773443192.168.2.4142.250.81.238
                                          Sep 1, 2024 20:54:08.879542112 CEST44349773142.250.81.238192.168.2.4
                                          Sep 1, 2024 20:54:08.889097929 CEST49772443192.168.2.4142.250.81.238
                                          Sep 1, 2024 20:54:08.889105082 CEST44349772142.250.81.238192.168.2.4
                                          Sep 1, 2024 20:54:08.889368057 CEST49773443192.168.2.4142.250.81.238
                                          Sep 1, 2024 20:54:08.889374018 CEST44349773142.250.81.238192.168.2.4
                                          Sep 1, 2024 20:54:08.895874023 CEST53510851.1.1.1192.168.2.4
                                          Sep 1, 2024 20:54:08.901812077 CEST5108553192.168.2.41.1.1.1
                                          Sep 1, 2024 20:54:08.907067060 CEST53510851.1.1.1192.168.2.4
                                          Sep 1, 2024 20:54:08.908737898 CEST5108553192.168.2.41.1.1.1
                                          Sep 1, 2024 20:54:08.971790075 CEST49773443192.168.2.4142.250.81.238
                                          Sep 1, 2024 20:54:08.992022991 CEST44349772142.250.81.238192.168.2.4
                                          Sep 1, 2024 20:54:08.992038965 CEST44349773142.250.81.238192.168.2.4
                                          Sep 1, 2024 20:54:08.992472887 CEST805108634.107.221.82192.168.2.4
                                          Sep 1, 2024 20:54:08.992708921 CEST44349773142.250.81.238192.168.2.4
                                          Sep 1, 2024 20:54:09.003957033 CEST49772443192.168.2.4142.250.81.238
                                          Sep 1, 2024 20:54:09.004050970 CEST49773443192.168.2.4142.250.81.238
                                          Sep 1, 2024 20:54:09.008414984 CEST49773443192.168.2.4142.250.81.238
                                          Sep 1, 2024 20:54:09.008423090 CEST44349773142.250.81.238192.168.2.4
                                          Sep 1, 2024 20:54:09.008831024 CEST49772443192.168.2.4142.250.81.238
                                          Sep 1, 2024 20:54:09.008840084 CEST44349772142.250.81.238192.168.2.4
                                          Sep 1, 2024 20:54:09.143699884 CEST44351093142.251.35.164192.168.2.4
                                          Sep 1, 2024 20:54:09.202953100 CEST805108634.107.221.82192.168.2.4
                                          Sep 1, 2024 20:54:09.203052998 CEST5108680192.168.2.434.107.221.82
                                          Sep 1, 2024 20:54:09.238787889 CEST4435109113.107.246.40192.168.2.4
                                          Sep 1, 2024 20:54:09.240228891 CEST4435108713.107.246.40192.168.2.4
                                          Sep 1, 2024 20:54:09.241342068 CEST4435109013.107.246.40192.168.2.4
                                          Sep 1, 2024 20:54:09.248920918 CEST4435108813.107.246.40192.168.2.4
                                          Sep 1, 2024 20:54:09.258197069 CEST4435109213.107.246.40192.168.2.4
                                          Sep 1, 2024 20:54:09.275480032 CEST4435108913.107.246.40192.168.2.4
                                          Sep 1, 2024 20:54:09.336527109 CEST51091443192.168.2.413.107.246.40
                                          Sep 1, 2024 20:54:09.336525917 CEST51087443192.168.2.413.107.246.40
                                          Sep 1, 2024 20:54:09.336527109 CEST51088443192.168.2.413.107.246.40
                                          Sep 1, 2024 20:54:09.360497952 CEST44351093142.251.35.164192.168.2.4
                                          Sep 1, 2024 20:54:09.364979982 CEST51093443192.168.2.4142.251.35.164
                                          Sep 1, 2024 20:54:09.365068913 CEST51090443192.168.2.413.107.246.40
                                          Sep 1, 2024 20:54:09.365080118 CEST51092443192.168.2.413.107.246.40
                                          Sep 1, 2024 20:54:09.365081072 CEST51089443192.168.2.413.107.246.40
                                          Sep 1, 2024 20:54:09.387809992 CEST51093443192.168.2.4142.251.35.164
                                          Sep 1, 2024 20:54:09.387823105 CEST44351093142.251.35.164192.168.2.4
                                          Sep 1, 2024 20:54:09.387914896 CEST51090443192.168.2.413.107.246.40
                                          Sep 1, 2024 20:54:09.387928963 CEST4435109013.107.246.40192.168.2.4
                                          Sep 1, 2024 20:54:09.388015985 CEST51087443192.168.2.413.107.246.40
                                          Sep 1, 2024 20:54:09.388029099 CEST4435108713.107.246.40192.168.2.4
                                          Sep 1, 2024 20:54:09.388123035 CEST51091443192.168.2.413.107.246.40
                                          Sep 1, 2024 20:54:09.388128996 CEST4435109113.107.246.40192.168.2.4
                                          Sep 1, 2024 20:54:09.388241053 CEST51092443192.168.2.413.107.246.40
                                          Sep 1, 2024 20:54:09.388246059 CEST4435109213.107.246.40192.168.2.4
                                          Sep 1, 2024 20:54:09.388314009 CEST51088443192.168.2.413.107.246.40
                                          Sep 1, 2024 20:54:09.388318062 CEST4435108813.107.246.40192.168.2.4
                                          Sep 1, 2024 20:54:09.388407946 CEST51089443192.168.2.413.107.246.40
                                          Sep 1, 2024 20:54:09.388411999 CEST4435108913.107.246.40192.168.2.4
                                          Sep 1, 2024 20:54:09.388489962 CEST4435109113.107.246.40192.168.2.4
                                          Sep 1, 2024 20:54:09.388622046 CEST4435109213.107.246.40192.168.2.4
                                          Sep 1, 2024 20:54:09.388750076 CEST44351093142.251.35.164192.168.2.4
                                          Sep 1, 2024 20:54:09.389153957 CEST4435109013.107.246.40192.168.2.4
                                          Sep 1, 2024 20:54:09.389168024 CEST4435109013.107.246.40192.168.2.4
                                          Sep 1, 2024 20:54:09.389194012 CEST4435108813.107.246.40192.168.2.4
                                          Sep 1, 2024 20:54:09.389205933 CEST4435108813.107.246.40192.168.2.4
                                          Sep 1, 2024 20:54:09.389338017 CEST4435108913.107.246.40192.168.2.4
                                          Sep 1, 2024 20:54:09.389348030 CEST4435108913.107.246.40192.168.2.4
                                          Sep 1, 2024 20:54:09.389808893 CEST4435108713.107.246.40192.168.2.4
                                          Sep 1, 2024 20:54:09.389816046 CEST4435108713.107.246.40192.168.2.4
                                          Sep 1, 2024 20:54:09.391999006 CEST51093443192.168.2.4142.251.35.164
                                          Sep 1, 2024 20:54:09.392005920 CEST51090443192.168.2.413.107.246.40
                                          Sep 1, 2024 20:54:09.392103910 CEST51088443192.168.2.413.107.246.40
                                          Sep 1, 2024 20:54:09.392132998 CEST51089443192.168.2.413.107.246.40
                                          Sep 1, 2024 20:54:09.392297983 CEST51087443192.168.2.413.107.246.40
                                          Sep 1, 2024 20:54:09.414918900 CEST51092443192.168.2.413.107.246.40
                                          Sep 1, 2024 20:54:09.414984941 CEST4435109213.107.246.40192.168.2.4
                                          Sep 1, 2024 20:54:09.415955067 CEST51094443192.168.2.4142.250.81.238
                                          Sep 1, 2024 20:54:09.415977001 CEST44351094142.250.81.238192.168.2.4
                                          Sep 1, 2024 20:54:09.416225910 CEST51095443192.168.2.4142.250.81.238
                                          Sep 1, 2024 20:54:09.416248083 CEST44351095142.250.81.238192.168.2.4
                                          Sep 1, 2024 20:54:09.416464090 CEST51091443192.168.2.413.107.246.40
                                          Sep 1, 2024 20:54:09.416534901 CEST4435109113.107.246.40192.168.2.4
                                          Sep 1, 2024 20:54:09.416765928 CEST51090443192.168.2.413.107.246.40
                                          Sep 1, 2024 20:54:09.416851044 CEST4435109013.107.246.40192.168.2.4
                                          Sep 1, 2024 20:54:09.417606115 CEST51093443192.168.2.4142.251.35.164
                                          Sep 1, 2024 20:54:09.417669058 CEST44351093142.251.35.164192.168.2.4
                                          Sep 1, 2024 20:54:09.417859077 CEST51087443192.168.2.413.107.246.40
                                          Sep 1, 2024 20:54:09.417922020 CEST4435108713.107.246.40192.168.2.4
                                          Sep 1, 2024 20:54:09.419504881 CEST51089443192.168.2.413.107.246.40
                                          Sep 1, 2024 20:54:09.419567108 CEST4435108913.107.246.40192.168.2.4
                                          Sep 1, 2024 20:54:09.419717073 CEST51088443192.168.2.413.107.246.40
                                          Sep 1, 2024 20:54:09.419770956 CEST4435108813.107.246.40192.168.2.4
                                          Sep 1, 2024 20:54:09.423850060 CEST51092443192.168.2.413.107.246.40
                                          Sep 1, 2024 20:54:09.427068949 CEST51095443192.168.2.4142.250.81.238
                                          Sep 1, 2024 20:54:09.427071095 CEST51094443192.168.2.4142.250.81.238
                                          Sep 1, 2024 20:54:09.432562113 CEST51091443192.168.2.413.107.246.40
                                          Sep 1, 2024 20:54:09.432631969 CEST51090443192.168.2.413.107.246.40
                                          Sep 1, 2024 20:54:09.432643890 CEST4435109013.107.246.40192.168.2.4
                                          Sep 1, 2024 20:54:09.432653904 CEST51093443192.168.2.4142.251.35.164
                                          Sep 1, 2024 20:54:09.432668924 CEST44351093142.251.35.164192.168.2.4
                                          Sep 1, 2024 20:54:09.432730913 CEST51087443192.168.2.413.107.246.40
                                          Sep 1, 2024 20:54:09.432743073 CEST4435108713.107.246.40192.168.2.4
                                          Sep 1, 2024 20:54:09.432807922 CEST51089443192.168.2.413.107.246.40
                                          Sep 1, 2024 20:54:09.432815075 CEST4435108913.107.246.40192.168.2.4
                                          Sep 1, 2024 20:54:09.432826996 CEST51088443192.168.2.413.107.246.40
                                          Sep 1, 2024 20:54:09.433408976 CEST51094443192.168.2.4142.250.81.238
                                          Sep 1, 2024 20:54:09.433422089 CEST44351094142.250.81.238192.168.2.4
                                          Sep 1, 2024 20:54:09.438313961 CEST51095443192.168.2.4142.250.81.238
                                          Sep 1, 2024 20:54:09.438325882 CEST44351095142.250.81.238192.168.2.4
                                          Sep 1, 2024 20:54:09.468508005 CEST4435109213.107.246.40192.168.2.4
                                          Sep 1, 2024 20:54:09.473016977 CEST51092443192.168.2.413.107.246.40
                                          Sep 1, 2024 20:54:09.476505995 CEST4435108813.107.246.40192.168.2.4
                                          Sep 1, 2024 20:54:09.476515055 CEST4435109113.107.246.40192.168.2.4
                                          Sep 1, 2024 20:54:09.527554035 CEST44351093142.251.35.164192.168.2.4
                                          Sep 1, 2024 20:54:09.527695894 CEST51093443192.168.2.4142.251.35.164
                                          Sep 1, 2024 20:54:09.527708054 CEST44351093142.251.35.164192.168.2.4
                                          Sep 1, 2024 20:54:09.527980089 CEST44351093142.251.35.164192.168.2.4
                                          Sep 1, 2024 20:54:09.528026104 CEST44351093142.251.35.164192.168.2.4
                                          Sep 1, 2024 20:54:09.528026104 CEST51093443192.168.2.4142.251.35.164
                                          Sep 1, 2024 20:54:09.528038025 CEST44351093142.251.35.164192.168.2.4
                                          Sep 1, 2024 20:54:09.528081894 CEST44351093142.251.35.164192.168.2.4
                                          Sep 1, 2024 20:54:09.528080940 CEST51093443192.168.2.4142.251.35.164
                                          Sep 1, 2024 20:54:09.528255939 CEST51093443192.168.2.4142.251.35.164
                                          Sep 1, 2024 20:54:09.529599905 CEST51093443192.168.2.4142.251.35.164
                                          Sep 1, 2024 20:54:09.529617071 CEST44351093142.251.35.164192.168.2.4
                                          Sep 1, 2024 20:54:09.529911041 CEST4435109213.107.246.40192.168.2.4
                                          Sep 1, 2024 20:54:09.529927969 CEST4435109213.107.246.40192.168.2.4
                                          Sep 1, 2024 20:54:09.530196905 CEST4435109213.107.246.40192.168.2.4
                                          Sep 1, 2024 20:54:09.531953096 CEST51092443192.168.2.413.107.246.40
                                          Sep 1, 2024 20:54:09.534723997 CEST4435109113.107.246.40192.168.2.4
                                          Sep 1, 2024 20:54:09.534744024 CEST4435109113.107.246.40192.168.2.4
                                          Sep 1, 2024 20:54:09.534884930 CEST51092443192.168.2.413.107.246.40
                                          Sep 1, 2024 20:54:09.534903049 CEST4435109213.107.246.40192.168.2.4
                                          Sep 1, 2024 20:54:09.535088062 CEST4435109113.107.246.40192.168.2.4
                                          Sep 1, 2024 20:54:09.535191059 CEST51096443192.168.2.413.107.246.40
                                          Sep 1, 2024 20:54:09.535213947 CEST4435109613.107.246.40192.168.2.4
                                          Sep 1, 2024 20:54:09.535610914 CEST4435108713.107.246.40192.168.2.4
                                          Sep 1, 2024 20:54:09.536143064 CEST4435108713.107.246.40192.168.2.4
                                          Sep 1, 2024 20:54:09.536232948 CEST51088443192.168.2.413.107.246.40
                                          Sep 1, 2024 20:54:09.536240101 CEST4435108813.107.246.40192.168.2.4
                                          Sep 1, 2024 20:54:09.536263943 CEST51091443192.168.2.413.107.246.40
                                          Sep 1, 2024 20:54:09.536266088 CEST51087443192.168.2.413.107.246.40
                                          Sep 1, 2024 20:54:09.536343098 CEST51096443192.168.2.413.107.246.40
                                          Sep 1, 2024 20:54:09.536372900 CEST51087443192.168.2.413.107.246.40
                                          Sep 1, 2024 20:54:09.537249088 CEST51096443192.168.2.413.107.246.40
                                          Sep 1, 2024 20:54:09.537261963 CEST4435109613.107.246.40192.168.2.4
                                          Sep 1, 2024 20:54:09.540676117 CEST4435108913.107.246.40192.168.2.4
                                          Sep 1, 2024 20:54:09.540719986 CEST4435108913.107.246.40192.168.2.4
                                          Sep 1, 2024 20:54:09.540736914 CEST51089443192.168.2.413.107.246.40
                                          Sep 1, 2024 20:54:09.540935993 CEST51089443192.168.2.413.107.246.40
                                          Sep 1, 2024 20:54:09.541887999 CEST51087443192.168.2.413.107.246.40
                                          Sep 1, 2024 20:54:09.541901112 CEST4435108713.107.246.40192.168.2.4
                                          Sep 1, 2024 20:54:09.543086052 CEST51091443192.168.2.413.107.246.40
                                          Sep 1, 2024 20:54:09.543092966 CEST4435109113.107.246.40192.168.2.4
                                          Sep 1, 2024 20:54:09.544600964 CEST4435109013.107.246.40192.168.2.4
                                          Sep 1, 2024 20:54:09.544908047 CEST4435109013.107.246.40192.168.2.4
                                          Sep 1, 2024 20:54:09.546461105 CEST51089443192.168.2.413.107.246.40
                                          Sep 1, 2024 20:54:09.546467066 CEST4435108913.107.246.40192.168.2.4
                                          Sep 1, 2024 20:54:09.548567057 CEST51090443192.168.2.413.107.246.40
                                          Sep 1, 2024 20:54:09.549572945 CEST51090443192.168.2.413.107.246.40
                                          Sep 1, 2024 20:54:09.549577951 CEST4435109013.107.246.40192.168.2.4
                                          Sep 1, 2024 20:54:09.737497091 CEST51088443192.168.2.413.107.246.40
                                          Sep 1, 2024 20:54:09.842432976 CEST4435108813.107.246.40192.168.2.4
                                          Sep 1, 2024 20:54:09.842721939 CEST4435108813.107.246.40192.168.2.4
                                          Sep 1, 2024 20:54:09.847867966 CEST51088443192.168.2.413.107.246.40
                                          Sep 1, 2024 20:54:09.854341984 CEST51088443192.168.2.413.107.246.40
                                          Sep 1, 2024 20:54:09.854357004 CEST4435108813.107.246.40192.168.2.4
                                          Sep 1, 2024 20:54:09.877444983 CEST44351095142.250.81.238192.168.2.4
                                          Sep 1, 2024 20:54:09.878376961 CEST44351094142.250.81.238192.168.2.4
                                          Sep 1, 2024 20:54:09.885916948 CEST51094443192.168.2.4142.250.81.238
                                          Sep 1, 2024 20:54:09.885929108 CEST44351094142.250.81.238192.168.2.4
                                          Sep 1, 2024 20:54:09.886183977 CEST51095443192.168.2.4142.250.81.238
                                          Sep 1, 2024 20:54:09.886193991 CEST44351095142.250.81.238192.168.2.4
                                          Sep 1, 2024 20:54:09.886303902 CEST44351094142.250.81.238192.168.2.4
                                          Sep 1, 2024 20:54:09.886316061 CEST44351094142.250.81.238192.168.2.4
                                          Sep 1, 2024 20:54:09.886574030 CEST44351095142.250.81.238192.168.2.4
                                          Sep 1, 2024 20:54:09.886584044 CEST44351095142.250.81.238192.168.2.4
                                          Sep 1, 2024 20:54:09.887033939 CEST44351094142.250.81.238192.168.2.4
                                          Sep 1, 2024 20:54:09.887295008 CEST44351095142.250.81.238192.168.2.4
                                          Sep 1, 2024 20:54:09.899244070 CEST51094443192.168.2.4142.250.81.238
                                          Sep 1, 2024 20:54:09.899252892 CEST44351094142.250.81.238192.168.2.4
                                          Sep 1, 2024 20:54:09.902071953 CEST51095443192.168.2.4142.250.81.238
                                          Sep 1, 2024 20:54:09.902080059 CEST44351095142.250.81.238192.168.2.4
                                          Sep 1, 2024 20:54:09.902096033 CEST51094443192.168.2.4142.250.81.238
                                          Sep 1, 2024 20:54:09.903893948 CEST51095443192.168.2.4142.250.81.238
                                          Sep 1, 2024 20:54:09.903944969 CEST44351095142.250.81.238192.168.2.4
                                          Sep 1, 2024 20:54:09.904174089 CEST51094443192.168.2.4142.250.81.238
                                          Sep 1, 2024 20:54:09.904239893 CEST44351094142.250.81.238192.168.2.4
                                          Sep 1, 2024 20:54:09.963167906 CEST51095443192.168.2.4142.250.81.238
                                          Sep 1, 2024 20:54:09.963174105 CEST44351095142.250.81.238192.168.2.4
                                          Sep 1, 2024 20:54:10.042658091 CEST51094443192.168.2.4142.250.81.238
                                          Sep 1, 2024 20:54:10.042665958 CEST44351094142.250.81.238192.168.2.4
                                          Sep 1, 2024 20:54:10.068357944 CEST51095443192.168.2.4142.250.81.238
                                          Sep 1, 2024 20:54:10.143709898 CEST4435109613.107.246.40192.168.2.4
                                          Sep 1, 2024 20:54:10.146572113 CEST51096443192.168.2.413.107.246.40
                                          Sep 1, 2024 20:54:10.146585941 CEST4435109613.107.246.40192.168.2.4
                                          Sep 1, 2024 20:54:10.146877050 CEST4435109613.107.246.40192.168.2.4
                                          Sep 1, 2024 20:54:10.151171923 CEST51096443192.168.2.413.107.246.40
                                          Sep 1, 2024 20:54:10.151230097 CEST4435109613.107.246.40192.168.2.4
                                          Sep 1, 2024 20:54:10.151403904 CEST51096443192.168.2.413.107.246.40
                                          Sep 1, 2024 20:54:10.192501068 CEST4435109613.107.246.40192.168.2.4
                                          Sep 1, 2024 20:54:10.237571001 CEST51094443192.168.2.4142.250.81.238
                                          Sep 1, 2024 20:54:10.237715006 CEST51096443192.168.2.413.107.246.40
                                          Sep 1, 2024 20:54:10.549860001 CEST4435109613.107.246.40192.168.2.4
                                          Sep 1, 2024 20:54:10.549885035 CEST4435109613.107.246.40192.168.2.4
                                          Sep 1, 2024 20:54:10.549932957 CEST4435109613.107.246.40192.168.2.4
                                          Sep 1, 2024 20:54:10.549976110 CEST51096443192.168.2.413.107.246.40
                                          Sep 1, 2024 20:54:10.550000906 CEST51096443192.168.2.413.107.246.40
                                          Sep 1, 2024 20:54:10.552696943 CEST51096443192.168.2.413.107.246.40
                                          Sep 1, 2024 20:54:10.552716017 CEST4435109613.107.246.40192.168.2.4
                                          Sep 1, 2024 20:54:10.927140951 CEST51097443192.168.2.4142.251.35.170
                                          Sep 1, 2024 20:54:10.927172899 CEST44351097142.251.35.170192.168.2.4
                                          Sep 1, 2024 20:54:10.927252054 CEST51097443192.168.2.4142.251.35.170
                                          Sep 1, 2024 20:54:10.927460909 CEST51097443192.168.2.4142.251.35.170
                                          Sep 1, 2024 20:54:10.927470922 CEST44351097142.251.35.170192.168.2.4
                                          Sep 1, 2024 20:54:11.390296936 CEST44351097142.251.35.170192.168.2.4
                                          Sep 1, 2024 20:54:11.392333031 CEST51097443192.168.2.4142.251.35.170
                                          Sep 1, 2024 20:54:11.392348051 CEST44351097142.251.35.170192.168.2.4
                                          Sep 1, 2024 20:54:11.393218994 CEST44351097142.251.35.170192.168.2.4
                                          Sep 1, 2024 20:54:11.397636890 CEST51097443192.168.2.4142.251.35.170
                                          Sep 1, 2024 20:54:11.398921013 CEST51097443192.168.2.4142.251.35.170
                                          Sep 1, 2024 20:54:11.399033070 CEST44351097142.251.35.170192.168.2.4
                                          Sep 1, 2024 20:54:11.399147034 CEST51097443192.168.2.4142.251.35.170
                                          Sep 1, 2024 20:54:11.440506935 CEST44351097142.251.35.170192.168.2.4
                                          Sep 1, 2024 20:54:11.473365068 CEST51097443192.168.2.4142.251.35.170
                                          Sep 1, 2024 20:54:11.473372936 CEST44351097142.251.35.170192.168.2.4
                                          Sep 1, 2024 20:54:11.542495966 CEST44351097142.251.35.170192.168.2.4
                                          Sep 1, 2024 20:54:11.558068037 CEST51097443192.168.2.4142.251.35.170
                                          Sep 1, 2024 20:54:11.559403896 CEST51097443192.168.2.4142.251.35.170
                                          Sep 1, 2024 20:54:11.559415102 CEST44351097142.251.35.170192.168.2.4
                                          Sep 1, 2024 20:54:14.886158943 CEST51098443192.168.2.420.114.59.183
                                          Sep 1, 2024 20:54:14.886194944 CEST4435109820.114.59.183192.168.2.4
                                          Sep 1, 2024 20:54:14.886321068 CEST51098443192.168.2.420.114.59.183
                                          Sep 1, 2024 20:54:14.887465954 CEST51098443192.168.2.420.114.59.183
                                          Sep 1, 2024 20:54:14.887482882 CEST4435109820.114.59.183192.168.2.4
                                          Sep 1, 2024 20:54:15.642426968 CEST4435109820.114.59.183192.168.2.4
                                          Sep 1, 2024 20:54:15.642515898 CEST51098443192.168.2.420.114.59.183
                                          Sep 1, 2024 20:54:15.645864964 CEST51098443192.168.2.420.114.59.183
                                          Sep 1, 2024 20:54:15.645875931 CEST4435109820.114.59.183192.168.2.4
                                          Sep 1, 2024 20:54:15.646085978 CEST4435109820.114.59.183192.168.2.4
                                          Sep 1, 2024 20:54:15.695319891 CEST51098443192.168.2.420.114.59.183
                                          Sep 1, 2024 20:54:16.344033003 CEST51098443192.168.2.420.114.59.183
                                          Sep 1, 2024 20:54:16.384511948 CEST4435109820.114.59.183192.168.2.4
                                          Sep 1, 2024 20:54:16.594194889 CEST4435109820.114.59.183192.168.2.4
                                          Sep 1, 2024 20:54:16.594217062 CEST4435109820.114.59.183192.168.2.4
                                          Sep 1, 2024 20:54:16.594225883 CEST4435109820.114.59.183192.168.2.4
                                          Sep 1, 2024 20:54:16.594238997 CEST4435109820.114.59.183192.168.2.4
                                          Sep 1, 2024 20:54:16.594278097 CEST51098443192.168.2.420.114.59.183
                                          Sep 1, 2024 20:54:16.594278097 CEST4435109820.114.59.183192.168.2.4
                                          Sep 1, 2024 20:54:16.594300985 CEST4435109820.114.59.183192.168.2.4
                                          Sep 1, 2024 20:54:16.594333887 CEST51098443192.168.2.420.114.59.183
                                          Sep 1, 2024 20:54:16.594620943 CEST4435109820.114.59.183192.168.2.4
                                          Sep 1, 2024 20:54:16.594630957 CEST51098443192.168.2.420.114.59.183
                                          Sep 1, 2024 20:54:16.594638109 CEST4435109820.114.59.183192.168.2.4
                                          Sep 1, 2024 20:54:16.594671965 CEST51098443192.168.2.420.114.59.183
                                          Sep 1, 2024 20:54:16.594700098 CEST51098443192.168.2.420.114.59.183
                                          Sep 1, 2024 20:54:16.594703913 CEST4435109820.114.59.183192.168.2.4
                                          Sep 1, 2024 20:54:16.594923019 CEST51098443192.168.2.420.114.59.183
                                          Sep 1, 2024 20:54:17.253406048 CEST51098443192.168.2.420.114.59.183
                                          Sep 1, 2024 20:54:17.253443003 CEST4435109820.114.59.183192.168.2.4
                                          Sep 1, 2024 20:54:17.253456116 CEST51098443192.168.2.420.114.59.183
                                          Sep 1, 2024 20:54:17.253468037 CEST4435109820.114.59.183192.168.2.4
                                          Sep 1, 2024 20:54:18.429358959 CEST4977180192.168.2.434.107.221.82
                                          Sep 1, 2024 20:54:18.894411087 CEST804972384.201.210.36192.168.2.4
                                          Sep 1, 2024 20:54:18.894419909 CEST804972384.201.210.36192.168.2.4
                                          Sep 1, 2024 20:54:18.894431114 CEST804977134.107.221.82192.168.2.4
                                          Sep 1, 2024 20:54:18.894531012 CEST4972380192.168.2.484.201.210.36
                                          Sep 1, 2024 20:54:18.894566059 CEST4972380192.168.2.484.201.210.36
                                          Sep 1, 2024 20:54:18.894609928 CEST4972380192.168.2.484.201.210.36
                                          Sep 1, 2024 20:54:18.902709007 CEST804972384.201.210.36192.168.2.4
                                          Sep 1, 2024 20:54:19.004324913 CEST5108680192.168.2.434.107.221.82
                                          Sep 1, 2024 20:54:19.011167049 CEST805108634.107.221.82192.168.2.4
                                          Sep 1, 2024 20:54:21.414863110 CEST51104443192.168.2.4152.195.19.97
                                          Sep 1, 2024 20:54:21.414913893 CEST44351104152.195.19.97192.168.2.4
                                          Sep 1, 2024 20:54:21.415023088 CEST51104443192.168.2.4152.195.19.97
                                          Sep 1, 2024 20:54:21.415265083 CEST51104443192.168.2.4152.195.19.97
                                          Sep 1, 2024 20:54:21.415281057 CEST44351104152.195.19.97192.168.2.4
                                          Sep 1, 2024 20:54:21.984570026 CEST44351104152.195.19.97192.168.2.4
                                          Sep 1, 2024 20:54:21.985560894 CEST51104443192.168.2.4152.195.19.97
                                          Sep 1, 2024 20:54:21.985588074 CEST44351104152.195.19.97192.168.2.4
                                          Sep 1, 2024 20:54:21.986452103 CEST44351104152.195.19.97192.168.2.4
                                          Sep 1, 2024 20:54:21.988744974 CEST51104443192.168.2.4152.195.19.97
                                          Sep 1, 2024 20:54:21.990094900 CEST51104443192.168.2.4152.195.19.97
                                          Sep 1, 2024 20:54:21.990150928 CEST44351104152.195.19.97192.168.2.4
                                          Sep 1, 2024 20:54:21.990295887 CEST51104443192.168.2.4152.195.19.97
                                          Sep 1, 2024 20:54:22.034718990 CEST51104443192.168.2.4152.195.19.97
                                          Sep 1, 2024 20:54:22.034739971 CEST44351104152.195.19.97192.168.2.4
                                          Sep 1, 2024 20:54:22.086137056 CEST51104443192.168.2.4152.195.19.97
                                          Sep 1, 2024 20:54:22.089301109 CEST44351104152.195.19.97192.168.2.4
                                          Sep 1, 2024 20:54:22.090284109 CEST44351104152.195.19.97192.168.2.4
                                          Sep 1, 2024 20:54:22.090291977 CEST44351104152.195.19.97192.168.2.4
                                          Sep 1, 2024 20:54:22.090325117 CEST44351104152.195.19.97192.168.2.4
                                          Sep 1, 2024 20:54:22.090331078 CEST44351104152.195.19.97192.168.2.4
                                          Sep 1, 2024 20:54:22.090348959 CEST51104443192.168.2.4152.195.19.97
                                          Sep 1, 2024 20:54:22.090359926 CEST44351104152.195.19.97192.168.2.4
                                          Sep 1, 2024 20:54:22.090465069 CEST51104443192.168.2.4152.195.19.97
                                          Sep 1, 2024 20:54:22.090487003 CEST44351104152.195.19.97192.168.2.4
                                          Sep 1, 2024 20:54:22.090523958 CEST44351104152.195.19.97192.168.2.4
                                          Sep 1, 2024 20:54:22.090827942 CEST51104443192.168.2.4152.195.19.97
                                          Sep 1, 2024 20:54:22.090835094 CEST44351104152.195.19.97192.168.2.4
                                          Sep 1, 2024 20:54:22.090892076 CEST51104443192.168.2.4152.195.19.97
                                          Sep 1, 2024 20:54:22.090914011 CEST51104443192.168.2.4152.195.19.97
                                          Sep 1, 2024 20:54:22.090924025 CEST51104443192.168.2.4152.195.19.97
                                          Sep 1, 2024 20:54:22.398602009 CEST51105443192.168.2.4172.64.41.3
                                          Sep 1, 2024 20:54:22.398654938 CEST44351105172.64.41.3192.168.2.4
                                          Sep 1, 2024 20:54:22.398761988 CEST51106443192.168.2.4172.64.41.3
                                          Sep 1, 2024 20:54:22.398773909 CEST44351106172.64.41.3192.168.2.4
                                          Sep 1, 2024 20:54:22.399758101 CEST51105443192.168.2.4172.64.41.3
                                          Sep 1, 2024 20:54:22.399817944 CEST51106443192.168.2.4172.64.41.3
                                          Sep 1, 2024 20:54:22.400017977 CEST51106443192.168.2.4172.64.41.3
                                          Sep 1, 2024 20:54:22.400038958 CEST44351106172.64.41.3192.168.2.4
                                          Sep 1, 2024 20:54:22.400124073 CEST51105443192.168.2.4172.64.41.3
                                          Sep 1, 2024 20:54:22.400139093 CEST44351105172.64.41.3192.168.2.4
                                          Sep 1, 2024 20:54:22.832257032 CEST44351106172.64.41.3192.168.2.4
                                          Sep 1, 2024 20:54:22.832354069 CEST44351105172.64.41.3192.168.2.4
                                          Sep 1, 2024 20:54:22.832459927 CEST51106443192.168.2.4172.64.41.3
                                          Sep 1, 2024 20:54:22.832489967 CEST44351106172.64.41.3192.168.2.4
                                          Sep 1, 2024 20:54:22.832705975 CEST51105443192.168.2.4172.64.41.3
                                          Sep 1, 2024 20:54:22.832714081 CEST44351105172.64.41.3192.168.2.4
                                          Sep 1, 2024 20:54:22.832762957 CEST44351106172.64.41.3192.168.2.4
                                          Sep 1, 2024 20:54:22.832999945 CEST44351105172.64.41.3192.168.2.4
                                          Sep 1, 2024 20:54:22.833138943 CEST51106443192.168.2.4172.64.41.3
                                          Sep 1, 2024 20:54:22.833198071 CEST44351106172.64.41.3192.168.2.4
                                          Sep 1, 2024 20:54:22.833420038 CEST51105443192.168.2.4172.64.41.3
                                          Sep 1, 2024 20:54:22.833486080 CEST44351105172.64.41.3192.168.2.4
                                          Sep 1, 2024 20:54:22.874161959 CEST51106443192.168.2.4172.64.41.3
                                          Sep 1, 2024 20:54:22.874208927 CEST51105443192.168.2.4172.64.41.3
                                          Sep 1, 2024 20:54:23.121365070 CEST44349770162.159.61.3192.168.2.4
                                          Sep 1, 2024 20:54:23.121382952 CEST44349769162.159.61.3192.168.2.4
                                          Sep 1, 2024 20:54:23.121419907 CEST44349770162.159.61.3192.168.2.4
                                          Sep 1, 2024 20:54:23.121432066 CEST44349769162.159.61.3192.168.2.4
                                          Sep 1, 2024 20:54:23.121651888 CEST49770443192.168.2.4162.159.61.3
                                          Sep 1, 2024 20:54:23.121860981 CEST49769443192.168.2.4162.159.61.3
                                          Sep 1, 2024 20:54:28.905339003 CEST4977180192.168.2.434.107.221.82
                                          Sep 1, 2024 20:54:28.910128117 CEST804977134.107.221.82192.168.2.4
                                          Sep 1, 2024 20:54:29.026479959 CEST5108680192.168.2.434.107.221.82
                                          Sep 1, 2024 20:54:29.031327963 CEST805108634.107.221.82192.168.2.4
                                          Sep 1, 2024 20:54:35.054886103 CEST51109443192.168.2.435.244.181.201
                                          Sep 1, 2024 20:54:35.054914951 CEST4435110935.244.181.201192.168.2.4
                                          Sep 1, 2024 20:54:35.055742979 CEST51110443192.168.2.435.190.72.216
                                          Sep 1, 2024 20:54:35.055774927 CEST4435111035.190.72.216192.168.2.4
                                          Sep 1, 2024 20:54:35.056248903 CEST51109443192.168.2.435.244.181.201
                                          Sep 1, 2024 20:54:35.056330919 CEST51110443192.168.2.435.190.72.216
                                          Sep 1, 2024 20:54:35.056461096 CEST51109443192.168.2.435.244.181.201
                                          Sep 1, 2024 20:54:35.056471109 CEST4435110935.244.181.201192.168.2.4
                                          Sep 1, 2024 20:54:35.057779074 CEST51110443192.168.2.435.190.72.216
                                          Sep 1, 2024 20:54:35.057792902 CEST4435111035.190.72.216192.168.2.4
                                          Sep 1, 2024 20:54:35.063226938 CEST51111443192.168.2.434.149.100.209
                                          Sep 1, 2024 20:54:35.063240051 CEST4435111134.149.100.209192.168.2.4
                                          Sep 1, 2024 20:54:35.063318968 CEST51111443192.168.2.434.149.100.209
                                          Sep 1, 2024 20:54:35.063424110 CEST51111443192.168.2.434.149.100.209
                                          Sep 1, 2024 20:54:35.063436031 CEST4435111134.149.100.209192.168.2.4
                                          Sep 1, 2024 20:54:35.157042980 CEST51112443192.168.2.452.222.236.23
                                          Sep 1, 2024 20:54:35.157054901 CEST4435111252.222.236.23192.168.2.4
                                          Sep 1, 2024 20:54:35.157332897 CEST51112443192.168.2.452.222.236.23
                                          Sep 1, 2024 20:54:35.157449007 CEST51112443192.168.2.452.222.236.23
                                          Sep 1, 2024 20:54:35.157459021 CEST4435111252.222.236.23192.168.2.4
                                          Sep 1, 2024 20:54:35.515851021 CEST4435110935.244.181.201192.168.2.4
                                          Sep 1, 2024 20:54:35.525158882 CEST4435111035.190.72.216192.168.2.4
                                          Sep 1, 2024 20:54:35.526418924 CEST51110443192.168.2.435.190.72.216
                                          Sep 1, 2024 20:54:35.526423931 CEST51109443192.168.2.435.244.181.201
                                          Sep 1, 2024 20:54:35.529552937 CEST51109443192.168.2.435.244.181.201
                                          Sep 1, 2024 20:54:35.529561043 CEST4435110935.244.181.201192.168.2.4
                                          Sep 1, 2024 20:54:35.529812098 CEST4435110935.244.181.201192.168.2.4
                                          Sep 1, 2024 20:54:35.529963970 CEST4435111134.149.100.209192.168.2.4
                                          Sep 1, 2024 20:54:35.532728910 CEST51111443192.168.2.434.149.100.209
                                          Sep 1, 2024 20:54:35.533255100 CEST51109443192.168.2.435.244.181.201
                                          Sep 1, 2024 20:54:35.533397913 CEST4435110935.244.181.201192.168.2.4
                                          Sep 1, 2024 20:54:35.533406973 CEST51109443192.168.2.435.244.181.201
                                          Sep 1, 2024 20:54:35.533413887 CEST4435110935.244.181.201192.168.2.4
                                          Sep 1, 2024 20:54:35.533870935 CEST51109443192.168.2.435.244.181.201
                                          Sep 1, 2024 20:54:35.536442995 CEST51111443192.168.2.434.149.100.209
                                          Sep 1, 2024 20:54:35.536453009 CEST4435111134.149.100.209192.168.2.4
                                          Sep 1, 2024 20:54:35.536642075 CEST4435111134.149.100.209192.168.2.4
                                          Sep 1, 2024 20:54:35.537178040 CEST5108680192.168.2.434.107.221.82
                                          Sep 1, 2024 20:54:35.537215948 CEST4977180192.168.2.434.107.221.82
                                          Sep 1, 2024 20:54:35.539669037 CEST51110443192.168.2.435.190.72.216
                                          Sep 1, 2024 20:54:35.539683104 CEST4435111035.190.72.216192.168.2.4
                                          Sep 1, 2024 20:54:35.539757967 CEST51110443192.168.2.435.190.72.216
                                          Sep 1, 2024 20:54:35.539818048 CEST4435111035.190.72.216192.168.2.4
                                          Sep 1, 2024 20:54:35.540230036 CEST51110443192.168.2.435.190.72.216
                                          Sep 1, 2024 20:54:35.541361094 CEST51111443192.168.2.434.149.100.209
                                          Sep 1, 2024 20:54:35.541445017 CEST51111443192.168.2.434.149.100.209
                                          Sep 1, 2024 20:54:35.541488886 CEST4435111134.149.100.209192.168.2.4
                                          Sep 1, 2024 20:54:35.541713953 CEST51111443192.168.2.434.149.100.209
                                          Sep 1, 2024 20:54:35.543195009 CEST5111380192.168.2.434.107.221.82
                                          Sep 1, 2024 20:54:35.555577993 CEST805108634.107.221.82192.168.2.4
                                          Sep 1, 2024 20:54:35.555618048 CEST804977134.107.221.82192.168.2.4
                                          Sep 1, 2024 20:54:35.555645943 CEST805111334.107.221.82192.168.2.4
                                          Sep 1, 2024 20:54:35.556473970 CEST5108680192.168.2.434.107.221.82
                                          Sep 1, 2024 20:54:35.556492090 CEST4977180192.168.2.434.107.221.82
                                          Sep 1, 2024 20:54:35.556519985 CEST5111380192.168.2.434.107.221.82
                                          Sep 1, 2024 20:54:35.556683064 CEST5111380192.168.2.434.107.221.82
                                          Sep 1, 2024 20:54:35.562180042 CEST805111334.107.221.82192.168.2.4
                                          Sep 1, 2024 20:54:35.874392986 CEST4435111252.222.236.23192.168.2.4
                                          Sep 1, 2024 20:54:35.874456882 CEST51112443192.168.2.452.222.236.23
                                          Sep 1, 2024 20:54:35.878045082 CEST51112443192.168.2.452.222.236.23
                                          Sep 1, 2024 20:54:35.878052950 CEST4435111252.222.236.23192.168.2.4
                                          Sep 1, 2024 20:54:35.878272057 CEST4435111252.222.236.23192.168.2.4
                                          Sep 1, 2024 20:54:35.880961895 CEST51112443192.168.2.452.222.236.23
                                          Sep 1, 2024 20:54:35.881079912 CEST51112443192.168.2.452.222.236.23
                                          Sep 1, 2024 20:54:35.881146908 CEST4435111252.222.236.23192.168.2.4
                                          Sep 1, 2024 20:54:35.881220102 CEST51112443192.168.2.452.222.236.23
                                          Sep 1, 2024 20:54:35.889427900 CEST51114443192.168.2.435.244.181.201
                                          Sep 1, 2024 20:54:35.889450073 CEST4435111435.244.181.201192.168.2.4
                                          Sep 1, 2024 20:54:35.889743090 CEST51114443192.168.2.435.244.181.201
                                          Sep 1, 2024 20:54:35.889852047 CEST51114443192.168.2.435.244.181.201
                                          Sep 1, 2024 20:54:35.889857054 CEST4435111435.244.181.201192.168.2.4
                                          Sep 1, 2024 20:54:35.902707100 CEST51115443192.168.2.435.244.181.201
                                          Sep 1, 2024 20:54:35.902726889 CEST4435111535.244.181.201192.168.2.4
                                          Sep 1, 2024 20:54:35.902831078 CEST51116443192.168.2.435.244.181.201
                                          Sep 1, 2024 20:54:35.902847052 CEST4435111635.244.181.201192.168.2.4
                                          Sep 1, 2024 20:54:35.902890921 CEST51115443192.168.2.435.244.181.201
                                          Sep 1, 2024 20:54:35.902973890 CEST51115443192.168.2.435.244.181.201
                                          Sep 1, 2024 20:54:35.902981043 CEST4435111535.244.181.201192.168.2.4
                                          Sep 1, 2024 20:54:35.903165102 CEST51116443192.168.2.435.244.181.201
                                          Sep 1, 2024 20:54:35.903254032 CEST51116443192.168.2.435.244.181.201
                                          Sep 1, 2024 20:54:35.903264999 CEST4435111635.244.181.201192.168.2.4
                                          Sep 1, 2024 20:54:35.991028070 CEST805111334.107.221.82192.168.2.4
                                          Sep 1, 2024 20:54:35.993690014 CEST5111780192.168.2.434.107.221.82
                                          Sep 1, 2024 20:54:35.998680115 CEST805111734.107.221.82192.168.2.4
                                          Sep 1, 2024 20:54:35.998953104 CEST5111780192.168.2.434.107.221.82
                                          Sep 1, 2024 20:54:35.998953104 CEST5111780192.168.2.434.107.221.82
                                          Sep 1, 2024 20:54:36.004511118 CEST805111734.107.221.82192.168.2.4
                                          Sep 1, 2024 20:54:36.030966997 CEST5111380192.168.2.434.107.221.82
                                          Sep 1, 2024 20:54:36.332389116 CEST4435111435.244.181.201192.168.2.4
                                          Sep 1, 2024 20:54:36.332465887 CEST51114443192.168.2.435.244.181.201
                                          Sep 1, 2024 20:54:36.335412025 CEST51114443192.168.2.435.244.181.201
                                          Sep 1, 2024 20:54:36.335417986 CEST4435111435.244.181.201192.168.2.4
                                          Sep 1, 2024 20:54:36.335644960 CEST4435111435.244.181.201192.168.2.4
                                          Sep 1, 2024 20:54:36.337656975 CEST51114443192.168.2.435.244.181.201
                                          Sep 1, 2024 20:54:36.337754011 CEST51114443192.168.2.435.244.181.201
                                          Sep 1, 2024 20:54:36.337822914 CEST4435111435.244.181.201192.168.2.4
                                          Sep 1, 2024 20:54:36.338931084 CEST51114443192.168.2.435.244.181.201
                                          Sep 1, 2024 20:54:36.341370106 CEST5111380192.168.2.434.107.221.82
                                          Sep 1, 2024 20:54:36.346259117 CEST805111334.107.221.82192.168.2.4
                                          Sep 1, 2024 20:54:36.376679897 CEST4435111635.244.181.201192.168.2.4
                                          Sep 1, 2024 20:54:36.376748085 CEST51116443192.168.2.435.244.181.201
                                          Sep 1, 2024 20:54:36.379611969 CEST51116443192.168.2.435.244.181.201
                                          Sep 1, 2024 20:54:36.379618883 CEST4435111635.244.181.201192.168.2.4
                                          Sep 1, 2024 20:54:36.379786015 CEST4435111535.244.181.201192.168.2.4
                                          Sep 1, 2024 20:54:36.379853964 CEST4435111635.244.181.201192.168.2.4
                                          Sep 1, 2024 20:54:36.379911900 CEST51115443192.168.2.435.244.181.201
                                          Sep 1, 2024 20:54:36.382261992 CEST51115443192.168.2.435.244.181.201
                                          Sep 1, 2024 20:54:36.382268906 CEST4435111535.244.181.201192.168.2.4
                                          Sep 1, 2024 20:54:36.382467031 CEST4435111535.244.181.201192.168.2.4
                                          Sep 1, 2024 20:54:36.384619951 CEST51116443192.168.2.435.244.181.201
                                          Sep 1, 2024 20:54:36.384721041 CEST51116443192.168.2.435.244.181.201
                                          Sep 1, 2024 20:54:36.384747028 CEST4435111635.244.181.201192.168.2.4
                                          Sep 1, 2024 20:54:36.385559082 CEST51115443192.168.2.435.244.181.201
                                          Sep 1, 2024 20:54:36.385610104 CEST51116443192.168.2.435.244.181.201
                                          Sep 1, 2024 20:54:36.385689974 CEST4435111535.244.181.201192.168.2.4
                                          Sep 1, 2024 20:54:36.385772943 CEST51115443192.168.2.435.244.181.201
                                          Sep 1, 2024 20:54:36.385778904 CEST4435111535.244.181.201192.168.2.4
                                          Sep 1, 2024 20:54:36.429109097 CEST805111734.107.221.82192.168.2.4
                                          Sep 1, 2024 20:54:36.433123112 CEST805111334.107.221.82192.168.2.4
                                          Sep 1, 2024 20:54:36.435616016 CEST5111780192.168.2.434.107.221.82
                                          Sep 1, 2024 20:54:36.440491915 CEST805111734.107.221.82192.168.2.4
                                          Sep 1, 2024 20:54:36.478250980 CEST5111380192.168.2.434.107.221.82
                                          Sep 1, 2024 20:54:36.526493073 CEST805111734.107.221.82192.168.2.4
                                          Sep 1, 2024 20:54:36.570377111 CEST5111780192.168.2.434.107.221.82
                                          Sep 1, 2024 20:54:36.592503071 CEST4435111535.244.181.201192.168.2.4
                                          Sep 1, 2024 20:54:36.592561007 CEST51115443192.168.2.435.244.181.201
                                          Sep 1, 2024 20:54:37.746691942 CEST44351106172.64.41.3192.168.2.4
                                          Sep 1, 2024 20:54:37.746748924 CEST44351106172.64.41.3192.168.2.4
                                          Sep 1, 2024 20:54:37.746860027 CEST51106443192.168.2.4172.64.41.3
                                          Sep 1, 2024 20:54:37.747301102 CEST44351105172.64.41.3192.168.2.4
                                          Sep 1, 2024 20:54:37.747354031 CEST44351105172.64.41.3192.168.2.4
                                          Sep 1, 2024 20:54:37.747419119 CEST51105443192.168.2.4172.64.41.3
                                          Sep 1, 2024 20:54:40.538079977 CEST5111380192.168.2.434.107.221.82
                                          Sep 1, 2024 20:54:40.542860031 CEST805111334.107.221.82192.168.2.4
                                          Sep 1, 2024 20:54:40.582642078 CEST51120443192.168.2.435.244.181.201
                                          Sep 1, 2024 20:54:40.582675934 CEST4435112035.244.181.201192.168.2.4
                                          Sep 1, 2024 20:54:40.586864948 CEST51120443192.168.2.435.244.181.201
                                          Sep 1, 2024 20:54:40.586998940 CEST51120443192.168.2.435.244.181.201
                                          Sep 1, 2024 20:54:40.587011099 CEST4435112035.244.181.201192.168.2.4
                                          Sep 1, 2024 20:54:40.632366896 CEST805111334.107.221.82192.168.2.4
                                          Sep 1, 2024 20:54:40.693969965 CEST5111380192.168.2.434.107.221.82
                                          Sep 1, 2024 20:54:40.764426947 CEST51122443192.168.2.434.117.188.166
                                          Sep 1, 2024 20:54:40.764451981 CEST4435112234.117.188.166192.168.2.4
                                          Sep 1, 2024 20:54:40.764657021 CEST51122443192.168.2.434.117.188.166
                                          Sep 1, 2024 20:54:40.766002893 CEST51122443192.168.2.434.117.188.166
                                          Sep 1, 2024 20:54:40.766014099 CEST4435112234.117.188.166192.168.2.4
                                          Sep 1, 2024 20:54:40.830944061 CEST5111780192.168.2.434.107.221.82
                                          Sep 1, 2024 20:54:40.835994959 CEST805111734.107.221.82192.168.2.4
                                          Sep 1, 2024 20:54:40.838581085 CEST51123443192.168.2.434.117.188.166
                                          Sep 1, 2024 20:54:40.838601112 CEST4435112334.117.188.166192.168.2.4
                                          Sep 1, 2024 20:54:40.838835955 CEST51123443192.168.2.434.117.188.166
                                          Sep 1, 2024 20:54:40.840214014 CEST51123443192.168.2.434.117.188.166
                                          Sep 1, 2024 20:54:40.840224981 CEST4435112334.117.188.166192.168.2.4
                                          Sep 1, 2024 20:54:40.921020985 CEST805111734.107.221.82192.168.2.4
                                          Sep 1, 2024 20:54:40.956337929 CEST51124443192.168.2.434.160.144.191
                                          Sep 1, 2024 20:54:40.956372023 CEST4435112434.160.144.191192.168.2.4
                                          Sep 1, 2024 20:54:40.957084894 CEST51124443192.168.2.434.160.144.191
                                          Sep 1, 2024 20:54:40.957250118 CEST51124443192.168.2.434.160.144.191
                                          Sep 1, 2024 20:54:40.957261086 CEST4435112434.160.144.191192.168.2.4
                                          Sep 1, 2024 20:54:40.972693920 CEST5111780192.168.2.434.107.221.82
                                          Sep 1, 2024 20:54:41.033235073 CEST4435112035.244.181.201192.168.2.4
                                          Sep 1, 2024 20:54:41.033822060 CEST51120443192.168.2.435.244.181.201
                                          Sep 1, 2024 20:54:41.036520958 CEST51120443192.168.2.435.244.181.201
                                          Sep 1, 2024 20:54:41.036529064 CEST4435112035.244.181.201192.168.2.4
                                          Sep 1, 2024 20:54:41.036729097 CEST4435112035.244.181.201192.168.2.4
                                          Sep 1, 2024 20:54:41.039155960 CEST51120443192.168.2.435.244.181.201
                                          Sep 1, 2024 20:54:41.039222956 CEST51120443192.168.2.435.244.181.201
                                          Sep 1, 2024 20:54:41.039288044 CEST4435112035.244.181.201192.168.2.4
                                          Sep 1, 2024 20:54:41.039403915 CEST51120443192.168.2.435.244.181.201
                                          Sep 1, 2024 20:54:41.061491013 CEST5111380192.168.2.434.107.221.82
                                          Sep 1, 2024 20:54:41.066402912 CEST805111334.107.221.82192.168.2.4
                                          Sep 1, 2024 20:54:41.154164076 CEST805111334.107.221.82192.168.2.4
                                          Sep 1, 2024 20:54:41.195414066 CEST5111380192.168.2.434.107.221.82
                                          Sep 1, 2024 20:54:41.204864025 CEST5111780192.168.2.434.107.221.82
                                          Sep 1, 2024 20:54:41.211083889 CEST805111734.107.221.82192.168.2.4
                                          Sep 1, 2024 20:54:41.217446089 CEST4435112234.117.188.166192.168.2.4
                                          Sep 1, 2024 20:54:41.222141981 CEST51122443192.168.2.434.117.188.166
                                          Sep 1, 2024 20:54:41.230137110 CEST51122443192.168.2.434.117.188.166
                                          Sep 1, 2024 20:54:41.230149031 CEST4435112234.117.188.166192.168.2.4
                                          Sep 1, 2024 20:54:41.230252028 CEST51122443192.168.2.434.117.188.166
                                          Sep 1, 2024 20:54:41.230330944 CEST4435112234.117.188.166192.168.2.4
                                          Sep 1, 2024 20:54:41.230582952 CEST51126443192.168.2.434.117.188.166
                                          Sep 1, 2024 20:54:41.230597973 CEST4435112634.117.188.166192.168.2.4
                                          Sep 1, 2024 20:54:41.230706930 CEST51122443192.168.2.434.117.188.166
                                          Sep 1, 2024 20:54:41.230750084 CEST51126443192.168.2.434.117.188.166
                                          Sep 1, 2024 20:54:41.232245922 CEST51126443192.168.2.434.117.188.166
                                          Sep 1, 2024 20:54:41.232256889 CEST4435112634.117.188.166192.168.2.4
                                          Sep 1, 2024 20:54:41.288970947 CEST4435112334.117.188.166192.168.2.4
                                          Sep 1, 2024 20:54:41.295555115 CEST805111734.107.221.82192.168.2.4
                                          Sep 1, 2024 20:54:41.295751095 CEST51123443192.168.2.434.117.188.166
                                          Sep 1, 2024 20:54:41.299858093 CEST51123443192.168.2.434.117.188.166
                                          Sep 1, 2024 20:54:41.299870014 CEST4435112334.117.188.166192.168.2.4
                                          Sep 1, 2024 20:54:41.299972057 CEST51123443192.168.2.434.117.188.166
                                          Sep 1, 2024 20:54:41.300024986 CEST4435112334.117.188.166192.168.2.4
                                          Sep 1, 2024 20:54:41.300319910 CEST51127443192.168.2.434.117.188.166
                                          Sep 1, 2024 20:54:41.300348043 CEST4435112734.117.188.166192.168.2.4
                                          Sep 1, 2024 20:54:41.304294109 CEST51123443192.168.2.434.117.188.166
                                          Sep 1, 2024 20:54:41.304342985 CEST51127443192.168.2.434.117.188.166
                                          Sep 1, 2024 20:54:41.305660963 CEST51127443192.168.2.434.117.188.166
                                          Sep 1, 2024 20:54:41.305671930 CEST4435112734.117.188.166192.168.2.4
                                          Sep 1, 2024 20:54:41.342570066 CEST5111780192.168.2.434.107.221.82
                                          Sep 1, 2024 20:54:41.398278952 CEST4435112434.160.144.191192.168.2.4
                                          Sep 1, 2024 20:54:41.398346901 CEST51124443192.168.2.434.160.144.191
                                          Sep 1, 2024 20:54:41.401556015 CEST51124443192.168.2.434.160.144.191
                                          Sep 1, 2024 20:54:41.401563883 CEST4435112434.160.144.191192.168.2.4
                                          Sep 1, 2024 20:54:41.401792049 CEST4435112434.160.144.191192.168.2.4
                                          Sep 1, 2024 20:54:41.404370070 CEST51124443192.168.2.434.160.144.191
                                          Sep 1, 2024 20:54:41.404438972 CEST51124443192.168.2.434.160.144.191
                                          Sep 1, 2024 20:54:41.404512882 CEST4435112434.160.144.191192.168.2.4
                                          Sep 1, 2024 20:54:41.404556036 CEST51124443192.168.2.434.160.144.191
                                          Sep 1, 2024 20:54:41.695050001 CEST4435112634.117.188.166192.168.2.4
                                          Sep 1, 2024 20:54:41.696990967 CEST51126443192.168.2.434.117.188.166
                                          Sep 1, 2024 20:54:41.751985073 CEST4435112734.117.188.166192.168.2.4
                                          Sep 1, 2024 20:54:41.752587080 CEST51127443192.168.2.434.117.188.166
                                          Sep 1, 2024 20:54:41.832663059 CEST51126443192.168.2.434.117.188.166
                                          Sep 1, 2024 20:54:41.832674980 CEST4435112634.117.188.166192.168.2.4
                                          Sep 1, 2024 20:54:41.832822084 CEST4435112634.117.188.166192.168.2.4
                                          Sep 1, 2024 20:54:41.833054066 CEST51126443192.168.2.434.117.188.166
                                          Sep 1, 2024 20:54:41.833060026 CEST4435112634.117.188.166192.168.2.4
                                          Sep 1, 2024 20:54:41.833163977 CEST51127443192.168.2.434.117.188.166
                                          Sep 1, 2024 20:54:41.833179951 CEST4435112734.117.188.166192.168.2.4
                                          Sep 1, 2024 20:54:41.833260059 CEST51127443192.168.2.434.117.188.166
                                          Sep 1, 2024 20:54:41.833324909 CEST4435112734.117.188.166192.168.2.4
                                          Sep 1, 2024 20:54:41.844074011 CEST51127443192.168.2.434.117.188.166
                                          Sep 1, 2024 20:54:42.044502020 CEST4435112634.117.188.166192.168.2.4
                                          Sep 1, 2024 20:54:42.044574022 CEST51126443192.168.2.434.117.188.166
                                          Sep 1, 2024 20:54:42.523226023 CEST5111380192.168.2.434.107.221.82
                                          Sep 1, 2024 20:54:42.523485899 CEST51129443192.168.2.434.117.188.166
                                          Sep 1, 2024 20:54:42.523516893 CEST4435112934.117.188.166192.168.2.4
                                          Sep 1, 2024 20:54:42.524374008 CEST51129443192.168.2.434.117.188.166
                                          Sep 1, 2024 20:54:42.525816917 CEST51129443192.168.2.434.117.188.166
                                          Sep 1, 2024 20:54:42.525829077 CEST4435112934.117.188.166192.168.2.4
                                          Sep 1, 2024 20:54:42.529768944 CEST805111334.107.221.82192.168.2.4
                                          Sep 1, 2024 20:54:42.617374897 CEST805111334.107.221.82192.168.2.4
                                          Sep 1, 2024 20:54:42.659492016 CEST5111380192.168.2.434.107.221.82
                                          Sep 1, 2024 20:54:42.969033957 CEST4435112934.117.188.166192.168.2.4
                                          Sep 1, 2024 20:54:42.969100952 CEST51129443192.168.2.434.117.188.166
                                          Sep 1, 2024 20:54:42.976576090 CEST51129443192.168.2.434.117.188.166
                                          Sep 1, 2024 20:54:42.976583958 CEST4435112934.117.188.166192.168.2.4
                                          Sep 1, 2024 20:54:42.976685047 CEST51129443192.168.2.434.117.188.166
                                          Sep 1, 2024 20:54:42.976753950 CEST4435112934.117.188.166192.168.2.4
                                          Sep 1, 2024 20:54:42.977029085 CEST51130443192.168.2.434.117.188.166
                                          Sep 1, 2024 20:54:42.977049112 CEST4435113034.117.188.166192.168.2.4
                                          Sep 1, 2024 20:54:42.977843046 CEST51129443192.168.2.434.117.188.166
                                          Sep 1, 2024 20:54:42.977896929 CEST51130443192.168.2.434.117.188.166
                                          Sep 1, 2024 20:54:42.979279995 CEST51130443192.168.2.434.117.188.166
                                          Sep 1, 2024 20:54:42.979289055 CEST4435113034.117.188.166192.168.2.4
                                          Sep 1, 2024 20:54:43.020317078 CEST5111780192.168.2.434.107.221.82
                                          Sep 1, 2024 20:54:43.020884037 CEST5111380192.168.2.434.107.221.82
                                          Sep 1, 2024 20:54:43.026597023 CEST805111734.107.221.82192.168.2.4
                                          Sep 1, 2024 20:54:43.027564049 CEST805111334.107.221.82192.168.2.4
                                          Sep 1, 2024 20:54:43.111354113 CEST805111734.107.221.82192.168.2.4
                                          Sep 1, 2024 20:54:43.114871025 CEST805111334.107.221.82192.168.2.4
                                          Sep 1, 2024 20:54:43.161365032 CEST5111380192.168.2.434.107.221.82
                                          Sep 1, 2024 20:54:43.169186115 CEST5111780192.168.2.434.107.221.82
                                          Sep 1, 2024 20:54:43.269958019 CEST5111780192.168.2.434.107.221.82
                                          Sep 1, 2024 20:54:43.272790909 CEST51131443192.168.2.434.107.243.93
                                          Sep 1, 2024 20:54:43.272828102 CEST4435113134.107.243.93192.168.2.4
                                          Sep 1, 2024 20:54:43.273192883 CEST51131443192.168.2.434.107.243.93
                                          Sep 1, 2024 20:54:43.274549961 CEST51131443192.168.2.434.107.243.93
                                          Sep 1, 2024 20:54:43.274569035 CEST4435113134.107.243.93192.168.2.4
                                          Sep 1, 2024 20:54:43.275048971 CEST805111734.107.221.82192.168.2.4
                                          Sep 1, 2024 20:54:43.360450983 CEST805111734.107.221.82192.168.2.4
                                          Sep 1, 2024 20:54:43.408828020 CEST5111780192.168.2.434.107.221.82
                                          Sep 1, 2024 20:54:43.432593107 CEST4435113034.117.188.166192.168.2.4
                                          Sep 1, 2024 20:54:43.432667017 CEST51130443192.168.2.434.117.188.166
                                          Sep 1, 2024 20:54:43.438421011 CEST51130443192.168.2.434.117.188.166
                                          Sep 1, 2024 20:54:43.438430071 CEST4435113034.117.188.166192.168.2.4
                                          Sep 1, 2024 20:54:43.438502073 CEST51130443192.168.2.434.117.188.166
                                          Sep 1, 2024 20:54:43.438648939 CEST4435113034.117.188.166192.168.2.4
                                          Sep 1, 2024 20:54:43.439320087 CEST51130443192.168.2.434.117.188.166
                                          Sep 1, 2024 20:54:43.688410997 CEST5111380192.168.2.434.107.221.82
                                          Sep 1, 2024 20:54:43.705612898 CEST805111334.107.221.82192.168.2.4
                                          Sep 1, 2024 20:54:43.707974911 CEST51132443192.168.2.435.244.181.201
                                          Sep 1, 2024 20:54:43.708018064 CEST4435113235.244.181.201192.168.2.4
                                          Sep 1, 2024 20:54:43.709896088 CEST51132443192.168.2.435.244.181.201
                                          Sep 1, 2024 20:54:43.710192919 CEST51132443192.168.2.435.244.181.201
                                          Sep 1, 2024 20:54:43.710210085 CEST4435113235.244.181.201192.168.2.4
                                          Sep 1, 2024 20:54:43.713044882 CEST4435113134.107.243.93192.168.2.4
                                          Sep 1, 2024 20:54:43.720504045 CEST4435113134.107.243.93192.168.2.4
                                          Sep 1, 2024 20:54:43.725415945 CEST51131443192.168.2.434.107.243.93
                                          Sep 1, 2024 20:54:43.791673899 CEST805111334.107.221.82192.168.2.4
                                          Sep 1, 2024 20:54:43.841243982 CEST5111380192.168.2.434.107.221.82
                                          Sep 1, 2024 20:54:43.862656116 CEST51131443192.168.2.434.107.243.93
                                          Sep 1, 2024 20:54:43.862673044 CEST4435113134.107.243.93192.168.2.4
                                          Sep 1, 2024 20:54:43.862749100 CEST51131443192.168.2.434.107.243.93
                                          Sep 1, 2024 20:54:43.862881899 CEST4435113134.107.243.93192.168.2.4
                                          Sep 1, 2024 20:54:43.862998009 CEST51131443192.168.2.434.107.243.93
                                          Sep 1, 2024 20:54:43.953831911 CEST5111780192.168.2.434.107.221.82
                                          Sep 1, 2024 20:54:43.956715107 CEST51133443192.168.2.434.120.208.123
                                          Sep 1, 2024 20:54:43.956732988 CEST4435113334.120.208.123192.168.2.4
                                          Sep 1, 2024 20:54:43.957129955 CEST5111380192.168.2.434.107.221.82
                                          Sep 1, 2024 20:54:43.958614111 CEST51134443192.168.2.434.149.100.209
                                          Sep 1, 2024 20:54:43.958633900 CEST4435113434.149.100.209192.168.2.4
                                          Sep 1, 2024 20:54:43.958764076 CEST805111734.107.221.82192.168.2.4
                                          Sep 1, 2024 20:54:43.958909988 CEST51133443192.168.2.434.120.208.123
                                          Sep 1, 2024 20:54:43.958911896 CEST51134443192.168.2.434.149.100.209
                                          Sep 1, 2024 20:54:43.960339069 CEST51133443192.168.2.434.120.208.123
                                          Sep 1, 2024 20:54:43.960347891 CEST4435113334.120.208.123192.168.2.4
                                          Sep 1, 2024 20:54:43.961868048 CEST51134443192.168.2.434.149.100.209
                                          Sep 1, 2024 20:54:43.961882114 CEST4435113434.149.100.209192.168.2.4
                                          Sep 1, 2024 20:54:43.962707043 CEST805111334.107.221.82192.168.2.4
                                          Sep 1, 2024 20:54:44.045794964 CEST805111734.107.221.82192.168.2.4
                                          Sep 1, 2024 20:54:44.051275015 CEST805111334.107.221.82192.168.2.4
                                          Sep 1, 2024 20:54:44.074542999 CEST5111780192.168.2.434.107.221.82
                                          Sep 1, 2024 20:54:44.079598904 CEST805111734.107.221.82192.168.2.4
                                          Sep 1, 2024 20:54:44.095221043 CEST5111380192.168.2.434.107.221.82
                                          Sep 1, 2024 20:54:44.149965048 CEST4435113235.244.181.201192.168.2.4
                                          Sep 1, 2024 20:54:44.150037050 CEST51132443192.168.2.435.244.181.201
                                          Sep 1, 2024 20:54:44.152792931 CEST51132443192.168.2.435.244.181.201
                                          Sep 1, 2024 20:54:44.152802944 CEST4435113235.244.181.201192.168.2.4
                                          Sep 1, 2024 20:54:44.153002977 CEST4435113235.244.181.201192.168.2.4
                                          Sep 1, 2024 20:54:44.155416012 CEST51132443192.168.2.435.244.181.201
                                          Sep 1, 2024 20:54:44.155493021 CEST51132443192.168.2.435.244.181.201
                                          Sep 1, 2024 20:54:44.155556917 CEST4435113235.244.181.201192.168.2.4
                                          Sep 1, 2024 20:54:44.157098055 CEST51132443192.168.2.435.244.181.201
                                          Sep 1, 2024 20:54:44.165432930 CEST805111734.107.221.82192.168.2.4
                                          Sep 1, 2024 20:54:44.195350885 CEST5111380192.168.2.434.107.221.82
                                          Sep 1, 2024 20:54:44.203399897 CEST805111334.107.221.82192.168.2.4
                                          Sep 1, 2024 20:54:44.211133957 CEST5111780192.168.2.434.107.221.82
                                          Sep 1, 2024 20:54:44.290601969 CEST805111334.107.221.82192.168.2.4
                                          Sep 1, 2024 20:54:44.301134109 CEST5111780192.168.2.434.107.221.82
                                          Sep 1, 2024 20:54:44.306075096 CEST805111734.107.221.82192.168.2.4
                                          Sep 1, 2024 20:54:44.342741013 CEST5111380192.168.2.434.107.221.82
                                          Sep 1, 2024 20:54:44.390981913 CEST805111734.107.221.82192.168.2.4
                                          Sep 1, 2024 20:54:44.399476051 CEST4435113434.149.100.209192.168.2.4
                                          Sep 1, 2024 20:54:44.408502102 CEST4435113434.149.100.209192.168.2.4
                                          Sep 1, 2024 20:54:44.412301064 CEST4435113334.120.208.123192.168.2.4
                                          Sep 1, 2024 20:54:44.420527935 CEST4435113334.120.208.123192.168.2.4
                                          Sep 1, 2024 20:54:44.431361914 CEST51134443192.168.2.434.149.100.209
                                          Sep 1, 2024 20:54:44.431490898 CEST51133443192.168.2.434.120.208.123
                                          Sep 1, 2024 20:54:44.431500912 CEST51134443192.168.2.434.149.100.209
                                          Sep 1, 2024 20:54:44.440015078 CEST51133443192.168.2.434.120.208.123
                                          Sep 1, 2024 20:54:44.480262995 CEST5111780192.168.2.434.107.221.82
                                          Sep 1, 2024 20:54:44.534574032 CEST51134443192.168.2.434.149.100.209
                                          Sep 1, 2024 20:54:44.534586906 CEST4435113434.149.100.209192.168.2.4
                                          Sep 1, 2024 20:54:44.534712076 CEST51134443192.168.2.434.149.100.209
                                          Sep 1, 2024 20:54:44.534797907 CEST4435113434.149.100.209192.168.2.4
                                          Sep 1, 2024 20:54:44.538600922 CEST51135443192.168.2.434.149.100.209
                                          Sep 1, 2024 20:54:44.538630009 CEST4435113534.149.100.209192.168.2.4
                                          Sep 1, 2024 20:54:44.540666103 CEST51134443192.168.2.434.149.100.209
                                          Sep 1, 2024 20:54:44.540695906 CEST51135443192.168.2.434.149.100.209
                                          Sep 1, 2024 20:54:44.554191113 CEST51135443192.168.2.434.149.100.209
                                          Sep 1, 2024 20:54:44.554200888 CEST4435113534.149.100.209192.168.2.4
                                          Sep 1, 2024 20:54:44.557631016 CEST51133443192.168.2.434.120.208.123
                                          Sep 1, 2024 20:54:44.557638884 CEST4435113334.120.208.123192.168.2.4
                                          Sep 1, 2024 20:54:44.557776928 CEST51133443192.168.2.434.120.208.123
                                          Sep 1, 2024 20:54:44.557943106 CEST4435113334.120.208.123192.168.2.4
                                          Sep 1, 2024 20:54:44.560470104 CEST51133443192.168.2.434.120.208.123
                                          Sep 1, 2024 20:54:44.606220007 CEST5111380192.168.2.434.107.221.82
                                          Sep 1, 2024 20:54:44.611267090 CEST805111334.107.221.82192.168.2.4
                                          Sep 1, 2024 20:54:44.618992090 CEST51136443192.168.2.434.120.208.123
                                          Sep 1, 2024 20:54:44.619035959 CEST4435113634.120.208.123192.168.2.4
                                          Sep 1, 2024 20:54:44.619189024 CEST51136443192.168.2.434.120.208.123
                                          Sep 1, 2024 20:54:44.620635033 CEST51136443192.168.2.434.120.208.123
                                          Sep 1, 2024 20:54:44.620649099 CEST4435113634.120.208.123192.168.2.4
                                          Sep 1, 2024 20:54:44.698208094 CEST805111334.107.221.82192.168.2.4
                                          Sep 1, 2024 20:54:44.704334974 CEST5111780192.168.2.434.107.221.82
                                          Sep 1, 2024 20:54:44.709255934 CEST805111734.107.221.82192.168.2.4
                                          Sep 1, 2024 20:54:44.739732981 CEST5111380192.168.2.434.107.221.82
                                          Sep 1, 2024 20:54:44.795957088 CEST805111734.107.221.82192.168.2.4
                                          Sep 1, 2024 20:54:44.847481966 CEST5111780192.168.2.434.107.221.82
                                          Sep 1, 2024 20:54:44.993251085 CEST4435113534.149.100.209192.168.2.4
                                          Sep 1, 2024 20:54:44.993328094 CEST51135443192.168.2.434.149.100.209
                                          Sep 1, 2024 20:54:45.043684006 CEST51135443192.168.2.434.149.100.209
                                          Sep 1, 2024 20:54:45.043694973 CEST4435113534.149.100.209192.168.2.4
                                          Sep 1, 2024 20:54:45.043785095 CEST51135443192.168.2.434.149.100.209
                                          Sep 1, 2024 20:54:45.043827057 CEST4435113534.149.100.209192.168.2.4
                                          Sep 1, 2024 20:54:45.043956995 CEST51135443192.168.2.434.149.100.209
                                          Sep 1, 2024 20:54:45.047178030 CEST5111380192.168.2.434.107.221.82
                                          Sep 1, 2024 20:54:45.052069902 CEST805111334.107.221.82192.168.2.4
                                          Sep 1, 2024 20:54:45.077552080 CEST4435113634.120.208.123192.168.2.4
                                          Sep 1, 2024 20:54:45.081181049 CEST51137443192.168.2.434.120.208.123
                                          Sep 1, 2024 20:54:45.081235886 CEST4435113734.120.208.123192.168.2.4
                                          Sep 1, 2024 20:54:45.082783937 CEST51137443192.168.2.434.120.208.123
                                          Sep 1, 2024 20:54:45.082803965 CEST51136443192.168.2.434.120.208.123
                                          Sep 1, 2024 20:54:45.094769001 CEST51137443192.168.2.434.120.208.123
                                          Sep 1, 2024 20:54:45.094790936 CEST4435113734.120.208.123192.168.2.4
                                          Sep 1, 2024 20:54:45.100429058 CEST51138443192.168.2.434.120.208.123
                                          Sep 1, 2024 20:54:45.100446939 CEST4435113834.120.208.123192.168.2.4
                                          Sep 1, 2024 20:54:45.100788116 CEST51138443192.168.2.434.120.208.123
                                          Sep 1, 2024 20:54:45.100989103 CEST51138443192.168.2.434.120.208.123
                                          Sep 1, 2024 20:54:45.101001978 CEST4435113834.120.208.123192.168.2.4
                                          Sep 1, 2024 20:54:45.139178991 CEST805111334.107.221.82192.168.2.4
                                          Sep 1, 2024 20:54:45.142596006 CEST5111780192.168.2.434.107.221.82
                                          Sep 1, 2024 20:54:45.148309946 CEST805111734.107.221.82192.168.2.4
                                          Sep 1, 2024 20:54:45.192169905 CEST51136443192.168.2.434.120.208.123
                                          Sep 1, 2024 20:54:45.192190886 CEST4435113634.120.208.123192.168.2.4
                                          Sep 1, 2024 20:54:45.192250013 CEST51136443192.168.2.434.120.208.123
                                          Sep 1, 2024 20:54:45.192325115 CEST4435113634.120.208.123192.168.2.4
                                          Sep 1, 2024 20:54:45.193870068 CEST5111380192.168.2.434.107.221.82
                                          Sep 1, 2024 20:54:45.194968939 CEST5111380192.168.2.434.107.221.82
                                          Sep 1, 2024 20:54:45.199381113 CEST51139443192.168.2.434.120.208.123
                                          Sep 1, 2024 20:54:45.199407101 CEST4435113934.120.208.123192.168.2.4
                                          Sep 1, 2024 20:54:45.200145006 CEST805111334.107.221.82192.168.2.4
                                          Sep 1, 2024 20:54:45.204153061 CEST51136443192.168.2.434.120.208.123
                                          Sep 1, 2024 20:54:45.204299927 CEST51139443192.168.2.434.120.208.123
                                          Sep 1, 2024 20:54:45.205591917 CEST51139443192.168.2.434.120.208.123
                                          Sep 1, 2024 20:54:45.205604076 CEST4435113934.120.208.123192.168.2.4
                                          Sep 1, 2024 20:54:45.243154049 CEST805111734.107.221.82192.168.2.4
                                          Sep 1, 2024 20:54:45.285893917 CEST5111780192.168.2.434.107.221.82
                                          Sep 1, 2024 20:54:45.287657022 CEST805111334.107.221.82192.168.2.4
                                          Sep 1, 2024 20:54:45.290604115 CEST5111780192.168.2.434.107.221.82
                                          Sep 1, 2024 20:54:45.295403004 CEST805111734.107.221.82192.168.2.4
                                          Sep 1, 2024 20:54:45.331145048 CEST5111380192.168.2.434.107.221.82
                                          Sep 1, 2024 20:54:45.381357908 CEST805111734.107.221.82192.168.2.4
                                          Sep 1, 2024 20:54:45.431417942 CEST5111780192.168.2.434.107.221.82
                                          Sep 1, 2024 20:54:45.542099953 CEST4435113734.120.208.123192.168.2.4
                                          Sep 1, 2024 20:54:45.542169094 CEST51137443192.168.2.434.120.208.123
                                          Sep 1, 2024 20:54:45.563924074 CEST51137443192.168.2.434.120.208.123
                                          Sep 1, 2024 20:54:45.563941956 CEST4435113734.120.208.123192.168.2.4
                                          Sep 1, 2024 20:54:45.564126015 CEST4435113734.120.208.123192.168.2.4
                                          Sep 1, 2024 20:54:45.566834927 CEST51137443192.168.2.434.120.208.123
                                          Sep 1, 2024 20:54:45.566929102 CEST51137443192.168.2.434.120.208.123
                                          Sep 1, 2024 20:54:45.566968918 CEST4435113734.120.208.123192.168.2.4
                                          Sep 1, 2024 20:54:45.567526102 CEST51137443192.168.2.434.120.208.123
                                          Sep 1, 2024 20:54:45.569422007 CEST5111380192.168.2.434.107.221.82
                                          Sep 1, 2024 20:54:45.570112944 CEST4435113834.120.208.123192.168.2.4
                                          Sep 1, 2024 20:54:45.570281029 CEST51138443192.168.2.434.120.208.123
                                          Sep 1, 2024 20:54:45.572767019 CEST51138443192.168.2.434.120.208.123
                                          Sep 1, 2024 20:54:45.572772980 CEST4435113834.120.208.123192.168.2.4
                                          Sep 1, 2024 20:54:45.572968960 CEST4435113834.120.208.123192.168.2.4
                                          Sep 1, 2024 20:54:45.574281931 CEST805111334.107.221.82192.168.2.4
                                          Sep 1, 2024 20:54:45.575506926 CEST51138443192.168.2.434.120.208.123
                                          Sep 1, 2024 20:54:45.575578928 CEST51138443192.168.2.434.120.208.123
                                          Sep 1, 2024 20:54:45.575635910 CEST4435113834.120.208.123192.168.2.4
                                          Sep 1, 2024 20:54:45.575977087 CEST51138443192.168.2.434.120.208.123
                                          Sep 1, 2024 20:54:45.645092964 CEST4435113934.120.208.123192.168.2.4
                                          Sep 1, 2024 20:54:45.645181894 CEST51139443192.168.2.434.120.208.123
                                          Sep 1, 2024 20:54:45.649211884 CEST51139443192.168.2.434.120.208.123
                                          Sep 1, 2024 20:54:45.649221897 CEST4435113934.120.208.123192.168.2.4
                                          Sep 1, 2024 20:54:45.649302959 CEST51139443192.168.2.434.120.208.123
                                          Sep 1, 2024 20:54:45.649607897 CEST4435113934.120.208.123192.168.2.4
                                          Sep 1, 2024 20:54:45.650319099 CEST51139443192.168.2.434.120.208.123
                                          Sep 1, 2024 20:54:45.661401987 CEST805111334.107.221.82192.168.2.4
                                          Sep 1, 2024 20:54:45.664319992 CEST5111780192.168.2.434.107.221.82
                                          Sep 1, 2024 20:54:45.669426918 CEST805111734.107.221.82192.168.2.4
                                          Sep 1, 2024 20:54:45.709656954 CEST5111380192.168.2.434.107.221.82
                                          Sep 1, 2024 20:54:45.754719019 CEST805111734.107.221.82192.168.2.4
                                          Sep 1, 2024 20:54:45.798468113 CEST5111780192.168.2.434.107.221.82
                                          Sep 1, 2024 20:54:48.945929050 CEST51140443192.168.2.434.107.243.93
                                          Sep 1, 2024 20:54:48.945961952 CEST4435114034.107.243.93192.168.2.4
                                          Sep 1, 2024 20:54:48.946300030 CEST51140443192.168.2.434.107.243.93
                                          Sep 1, 2024 20:54:48.947622061 CEST51140443192.168.2.434.107.243.93
                                          Sep 1, 2024 20:54:48.947630882 CEST4435114034.107.243.93192.168.2.4
                                          Sep 1, 2024 20:54:49.389600039 CEST4435114034.107.243.93192.168.2.4
                                          Sep 1, 2024 20:54:49.389672041 CEST51140443192.168.2.434.107.243.93
                                          Sep 1, 2024 20:54:49.393944025 CEST51140443192.168.2.434.107.243.93
                                          Sep 1, 2024 20:54:49.393950939 CEST4435114034.107.243.93192.168.2.4
                                          Sep 1, 2024 20:54:49.394047022 CEST51140443192.168.2.434.107.243.93
                                          Sep 1, 2024 20:54:49.394104958 CEST4435114034.107.243.93192.168.2.4
                                          Sep 1, 2024 20:54:49.394246101 CEST51140443192.168.2.434.107.243.93
                                          Sep 1, 2024 20:54:49.396472931 CEST5111380192.168.2.434.107.221.82
                                          Sep 1, 2024 20:54:49.401566029 CEST805111334.107.221.82192.168.2.4
                                          Sep 1, 2024 20:54:49.488694906 CEST805111334.107.221.82192.168.2.4
                                          Sep 1, 2024 20:54:49.512103081 CEST5111780192.168.2.434.107.221.82
                                          Sep 1, 2024 20:54:49.517055988 CEST805111734.107.221.82192.168.2.4
                                          Sep 1, 2024 20:54:49.543056965 CEST5111380192.168.2.434.107.221.82
                                          Sep 1, 2024 20:54:49.771039009 CEST805111734.107.221.82192.168.2.4
                                          Sep 1, 2024 20:54:49.771538019 CEST805111334.107.221.82192.168.2.4
                                          Sep 1, 2024 20:54:49.772367954 CEST5111380192.168.2.434.107.221.82
                                          Sep 1, 2024 20:54:49.828288078 CEST5111780192.168.2.434.107.221.82
                                          Sep 1, 2024 20:54:54.494420052 CEST51141443192.168.2.420.114.59.183
                                          Sep 1, 2024 20:54:54.494467020 CEST4435114120.114.59.183192.168.2.4
                                          Sep 1, 2024 20:54:54.495611906 CEST51141443192.168.2.420.114.59.183
                                          Sep 1, 2024 20:54:54.495934010 CEST51141443192.168.2.420.114.59.183
                                          Sep 1, 2024 20:54:54.495949030 CEST4435114120.114.59.183192.168.2.4
                                          Sep 1, 2024 20:54:54.971906900 CEST51095443192.168.2.4142.250.81.238
                                          Sep 1, 2024 20:54:54.971918106 CEST44351095142.250.81.238192.168.2.4
                                          Sep 1, 2024 20:54:55.056570053 CEST51094443192.168.2.4142.250.81.238
                                          Sep 1, 2024 20:54:55.056591034 CEST44351094142.250.81.238192.168.2.4
                                          Sep 1, 2024 20:54:55.276163101 CEST4435114120.114.59.183192.168.2.4
                                          Sep 1, 2024 20:54:55.276252985 CEST51141443192.168.2.420.114.59.183
                                          Sep 1, 2024 20:54:55.280042887 CEST51141443192.168.2.420.114.59.183
                                          Sep 1, 2024 20:54:55.280055046 CEST4435114120.114.59.183192.168.2.4
                                          Sep 1, 2024 20:54:55.280303955 CEST4435114120.114.59.183192.168.2.4
                                          Sep 1, 2024 20:54:55.288296938 CEST51141443192.168.2.420.114.59.183
                                          Sep 1, 2024 20:54:55.328509092 CEST4435114120.114.59.183192.168.2.4
                                          Sep 1, 2024 20:54:55.609059095 CEST4435114120.114.59.183192.168.2.4
                                          Sep 1, 2024 20:54:55.609086037 CEST4435114120.114.59.183192.168.2.4
                                          Sep 1, 2024 20:54:55.609097958 CEST4435114120.114.59.183192.168.2.4
                                          Sep 1, 2024 20:54:55.609277010 CEST51141443192.168.2.420.114.59.183
                                          Sep 1, 2024 20:54:55.609308958 CEST4435114120.114.59.183192.168.2.4
                                          Sep 1, 2024 20:54:55.609370947 CEST51141443192.168.2.420.114.59.183
                                          Sep 1, 2024 20:54:55.610397100 CEST4435114120.114.59.183192.168.2.4
                                          Sep 1, 2024 20:54:55.610424042 CEST4435114120.114.59.183192.168.2.4
                                          Sep 1, 2024 20:54:55.610733032 CEST4435114120.114.59.183192.168.2.4
                                          Sep 1, 2024 20:54:55.611808062 CEST51141443192.168.2.420.114.59.183
                                          Sep 1, 2024 20:54:55.611890078 CEST51141443192.168.2.420.114.59.183
                                          Sep 1, 2024 20:54:55.613698959 CEST51141443192.168.2.420.114.59.183
                                          Sep 1, 2024 20:54:55.613717079 CEST4435114120.114.59.183192.168.2.4
                                          Sep 1, 2024 20:54:55.613728046 CEST51141443192.168.2.420.114.59.183
                                          Sep 1, 2024 20:54:55.613734007 CEST4435114120.114.59.183192.168.2.4
                                          Sep 1, 2024 20:54:59.498907089 CEST5111380192.168.2.434.107.221.82
                                          Sep 1, 2024 20:54:59.503906965 CEST805111334.107.221.82192.168.2.4
                                          Sep 1, 2024 20:54:59.784138918 CEST5111780192.168.2.434.107.221.82
                                          Sep 1, 2024 20:54:59.789124966 CEST805111734.107.221.82192.168.2.4
                                          Sep 1, 2024 20:55:00.111282110 CEST51142443192.168.2.434.107.243.93
                                          Sep 1, 2024 20:55:00.111321926 CEST4435114234.107.243.93192.168.2.4
                                          Sep 1, 2024 20:55:00.111639977 CEST51142443192.168.2.434.107.243.93
                                          Sep 1, 2024 20:55:00.113230944 CEST51142443192.168.2.434.107.243.93
                                          Sep 1, 2024 20:55:00.113244057 CEST4435114234.107.243.93192.168.2.4
                                          Sep 1, 2024 20:55:00.364439964 CEST51106443192.168.2.4172.64.41.3
                                          Sep 1, 2024 20:55:00.364496946 CEST44351106172.64.41.3192.168.2.4
                                          Sep 1, 2024 20:55:00.364520073 CEST51105443192.168.2.4172.64.41.3
                                          Sep 1, 2024 20:55:00.364526033 CEST44351105172.64.41.3192.168.2.4
                                          Sep 1, 2024 20:55:00.555793047 CEST4435114234.107.243.93192.168.2.4
                                          Sep 1, 2024 20:55:00.557936907 CEST51142443192.168.2.434.107.243.93
                                          Sep 1, 2024 20:55:00.561966896 CEST51142443192.168.2.434.107.243.93
                                          Sep 1, 2024 20:55:00.561976910 CEST4435114234.107.243.93192.168.2.4
                                          Sep 1, 2024 20:55:00.562053919 CEST51142443192.168.2.434.107.243.93
                                          Sep 1, 2024 20:55:00.562133074 CEST4435114234.107.243.93192.168.2.4
                                          Sep 1, 2024 20:55:00.564611912 CEST5111380192.168.2.434.107.221.82
                                          Sep 1, 2024 20:55:00.568826914 CEST51142443192.168.2.434.107.243.93
                                          Sep 1, 2024 20:55:00.569416046 CEST805111334.107.221.82192.168.2.4
                                          Sep 1, 2024 20:55:00.657006025 CEST805111334.107.221.82192.168.2.4
                                          Sep 1, 2024 20:55:00.659818888 CEST5111780192.168.2.434.107.221.82
                                          Sep 1, 2024 20:55:00.664573908 CEST805111734.107.221.82192.168.2.4
                                          Sep 1, 2024 20:55:00.717025042 CEST5111380192.168.2.434.107.221.82
                                          Sep 1, 2024 20:55:00.749505997 CEST805111734.107.221.82192.168.2.4
                                          Sep 1, 2024 20:55:00.795336008 CEST5111780192.168.2.434.107.221.82
                                          Sep 1, 2024 20:55:03.024440050 CEST49770443192.168.2.4162.159.61.3
                                          Sep 1, 2024 20:55:03.024457932 CEST44349770162.159.61.3192.168.2.4
                                          Sep 1, 2024 20:55:03.024501085 CEST49769443192.168.2.4162.159.61.3
                                          Sep 1, 2024 20:55:03.024507999 CEST44349769162.159.61.3192.168.2.4
                                          Sep 1, 2024 20:55:03.750082970 CEST51144443192.168.2.423.223.209.207
                                          Sep 1, 2024 20:55:03.750118971 CEST4435114423.223.209.207192.168.2.4
                                          Sep 1, 2024 20:55:03.750193119 CEST51144443192.168.2.423.223.209.207
                                          Sep 1, 2024 20:55:03.750374079 CEST51144443192.168.2.423.223.209.207
                                          Sep 1, 2024 20:55:03.750389099 CEST4435114423.223.209.207192.168.2.4
                                          Sep 1, 2024 20:55:04.208823919 CEST4435114423.223.209.207192.168.2.4
                                          Sep 1, 2024 20:55:04.209214926 CEST51144443192.168.2.423.223.209.207
                                          Sep 1, 2024 20:55:04.209230900 CEST4435114423.223.209.207192.168.2.4
                                          Sep 1, 2024 20:55:04.210088968 CEST4435114423.223.209.207192.168.2.4
                                          Sep 1, 2024 20:55:04.210155964 CEST51144443192.168.2.423.223.209.207
                                          Sep 1, 2024 20:55:04.210470915 CEST51144443192.168.2.423.223.209.207
                                          Sep 1, 2024 20:55:04.210522890 CEST4435114423.223.209.207192.168.2.4
                                          Sep 1, 2024 20:55:04.210602999 CEST51144443192.168.2.423.223.209.207
                                          Sep 1, 2024 20:55:04.210609913 CEST4435114423.223.209.207192.168.2.4
                                          Sep 1, 2024 20:55:04.269012928 CEST51144443192.168.2.423.223.209.207
                                          Sep 1, 2024 20:55:04.344719887 CEST51145443192.168.2.434.120.208.123
                                          Sep 1, 2024 20:55:04.344759941 CEST4435114534.120.208.123192.168.2.4
                                          Sep 1, 2024 20:55:04.344890118 CEST51146443192.168.2.434.120.208.123
                                          Sep 1, 2024 20:55:04.344897985 CEST4435114634.120.208.123192.168.2.4
                                          Sep 1, 2024 20:55:04.344969034 CEST51145443192.168.2.434.120.208.123
                                          Sep 1, 2024 20:55:04.345155001 CEST51145443192.168.2.434.120.208.123
                                          Sep 1, 2024 20:55:04.345169067 CEST4435114534.120.208.123192.168.2.4
                                          Sep 1, 2024 20:55:04.345383883 CEST51146443192.168.2.434.120.208.123
                                          Sep 1, 2024 20:55:04.345474958 CEST51146443192.168.2.434.120.208.123
                                          Sep 1, 2024 20:55:04.345490932 CEST4435114634.120.208.123192.168.2.4
                                          Sep 1, 2024 20:55:04.367542982 CEST51147443192.168.2.434.120.208.123
                                          Sep 1, 2024 20:55:04.367575884 CEST4435114734.120.208.123192.168.2.4
                                          Sep 1, 2024 20:55:04.367734909 CEST51147443192.168.2.434.120.208.123
                                          Sep 1, 2024 20:55:04.367856026 CEST51147443192.168.2.434.120.208.123
                                          Sep 1, 2024 20:55:04.367867947 CEST4435114734.120.208.123192.168.2.4
                                          Sep 1, 2024 20:55:04.380296946 CEST4435114423.223.209.207192.168.2.4
                                          Sep 1, 2024 20:55:04.380347013 CEST4435114423.223.209.207192.168.2.4
                                          Sep 1, 2024 20:55:04.380549908 CEST51144443192.168.2.423.223.209.207
                                          Sep 1, 2024 20:55:04.380559921 CEST4435114423.223.209.207192.168.2.4
                                          Sep 1, 2024 20:55:04.380634069 CEST51144443192.168.2.423.223.209.207
                                          Sep 1, 2024 20:55:04.380661964 CEST51144443192.168.2.423.223.209.207
                                          Sep 1, 2024 20:55:04.783447981 CEST4435114534.120.208.123192.168.2.4
                                          Sep 1, 2024 20:55:04.783533096 CEST51145443192.168.2.434.120.208.123
                                          Sep 1, 2024 20:55:04.786108971 CEST51145443192.168.2.434.120.208.123
                                          Sep 1, 2024 20:55:04.786118984 CEST4435114534.120.208.123192.168.2.4
                                          Sep 1, 2024 20:55:04.786339045 CEST4435114534.120.208.123192.168.2.4
                                          Sep 1, 2024 20:55:04.788470984 CEST51145443192.168.2.434.120.208.123
                                          Sep 1, 2024 20:55:04.788578987 CEST51145443192.168.2.434.120.208.123
                                          Sep 1, 2024 20:55:04.788621902 CEST4435114534.120.208.123192.168.2.4
                                          Sep 1, 2024 20:55:04.790452003 CEST4435114634.120.208.123192.168.2.4
                                          Sep 1, 2024 20:55:04.790977955 CEST51145443192.168.2.434.120.208.123
                                          Sep 1, 2024 20:55:04.790994883 CEST51146443192.168.2.434.120.208.123
                                          Sep 1, 2024 20:55:04.793663025 CEST51146443192.168.2.434.120.208.123
                                          Sep 1, 2024 20:55:04.793668985 CEST4435114634.120.208.123192.168.2.4
                                          Sep 1, 2024 20:55:04.793881893 CEST5111380192.168.2.434.107.221.82
                                          Sep 1, 2024 20:55:04.793890953 CEST4435114634.120.208.123192.168.2.4
                                          Sep 1, 2024 20:55:04.796127081 CEST51146443192.168.2.434.120.208.123
                                          Sep 1, 2024 20:55:04.796211958 CEST51146443192.168.2.434.120.208.123
                                          Sep 1, 2024 20:55:04.796276093 CEST4435114634.120.208.123192.168.2.4
                                          Sep 1, 2024 20:55:04.796667099 CEST51146443192.168.2.434.120.208.123
                                          Sep 1, 2024 20:55:04.798758030 CEST805111334.107.221.82192.168.2.4
                                          Sep 1, 2024 20:55:04.817198038 CEST4435114734.120.208.123192.168.2.4
                                          Sep 1, 2024 20:55:04.817287922 CEST51147443192.168.2.434.120.208.123
                                          Sep 1, 2024 20:55:04.819947004 CEST51147443192.168.2.434.120.208.123
                                          Sep 1, 2024 20:55:04.819957018 CEST4435114734.120.208.123192.168.2.4
                                          Sep 1, 2024 20:55:04.820151091 CEST4435114734.120.208.123192.168.2.4
                                          Sep 1, 2024 20:55:04.822236061 CEST51147443192.168.2.434.120.208.123
                                          Sep 1, 2024 20:55:04.822331905 CEST51147443192.168.2.434.120.208.123
                                          Sep 1, 2024 20:55:04.822361946 CEST4435114734.120.208.123192.168.2.4
                                          Sep 1, 2024 20:55:04.823281050 CEST51147443192.168.2.434.120.208.123
                                          Sep 1, 2024 20:55:04.823281050 CEST51147443192.168.2.434.120.208.123
                                          Sep 1, 2024 20:55:04.886604071 CEST805111334.107.221.82192.168.2.4
                                          Sep 1, 2024 20:55:04.888952971 CEST5111780192.168.2.434.107.221.82
                                          Sep 1, 2024 20:55:04.893904924 CEST805111734.107.221.82192.168.2.4
                                          Sep 1, 2024 20:55:04.929038048 CEST5111380192.168.2.434.107.221.82
                                          Sep 1, 2024 20:55:04.978879929 CEST805111734.107.221.82192.168.2.4
                                          Sep 1, 2024 20:55:05.029696941 CEST5111780192.168.2.434.107.221.82
                                          Sep 1, 2024 20:55:07.837407112 CEST4972480192.168.2.493.184.221.240
                                          Sep 1, 2024 20:55:07.842798948 CEST804972493.184.221.240192.168.2.4
                                          Sep 1, 2024 20:55:07.842859030 CEST4972480192.168.2.493.184.221.240
                                          Sep 1, 2024 20:55:14.888259888 CEST5111380192.168.2.434.107.221.82
                                          Sep 1, 2024 20:55:14.893161058 CEST805111334.107.221.82192.168.2.4
                                          Sep 1, 2024 20:55:14.996145964 CEST5111780192.168.2.434.107.221.82
                                          Sep 1, 2024 20:55:15.002418041 CEST805111734.107.221.82192.168.2.4
                                          Sep 1, 2024 20:55:20.792857885 CEST51148443192.168.2.434.107.243.93
                                          Sep 1, 2024 20:55:20.792895079 CEST4435114834.107.243.93192.168.2.4
                                          Sep 1, 2024 20:55:20.793385029 CEST51148443192.168.2.434.107.243.93
                                          Sep 1, 2024 20:55:20.794948101 CEST51148443192.168.2.434.107.243.93
                                          Sep 1, 2024 20:55:20.794960976 CEST4435114834.107.243.93192.168.2.4
                                          Sep 1, 2024 20:55:21.241079092 CEST4435114834.107.243.93192.168.2.4
                                          Sep 1, 2024 20:55:21.241162062 CEST51148443192.168.2.434.107.243.93
                                          Sep 1, 2024 20:55:21.245943069 CEST51148443192.168.2.434.107.243.93
                                          Sep 1, 2024 20:55:21.245950937 CEST4435114834.107.243.93192.168.2.4
                                          Sep 1, 2024 20:55:21.246048927 CEST51148443192.168.2.434.107.243.93
                                          Sep 1, 2024 20:55:21.246104002 CEST4435114834.107.243.93192.168.2.4
                                          Sep 1, 2024 20:55:21.246906996 CEST51148443192.168.2.434.107.243.93
                                          Sep 1, 2024 20:55:21.249373913 CEST5111380192.168.2.434.107.221.82
                                          Sep 1, 2024 20:55:21.254939079 CEST805111334.107.221.82192.168.2.4
                                          Sep 1, 2024 20:55:21.342461109 CEST805111334.107.221.82192.168.2.4
                                          Sep 1, 2024 20:55:21.345204115 CEST5111780192.168.2.434.107.221.82
                                          Sep 1, 2024 20:55:21.350414038 CEST805111734.107.221.82192.168.2.4
                                          Sep 1, 2024 20:55:21.392214060 CEST5111380192.168.2.434.107.221.82
                                          Sep 1, 2024 20:55:21.435033083 CEST805111734.107.221.82192.168.2.4
                                          Sep 1, 2024 20:55:21.476835012 CEST5111780192.168.2.434.107.221.82
                                          Sep 1, 2024 20:55:28.678098917 CEST5111380192.168.2.434.107.221.82
                                          Sep 1, 2024 20:55:28.683185101 CEST805111334.107.221.82192.168.2.4
                                          Sep 1, 2024 20:55:28.773292065 CEST805111334.107.221.82192.168.2.4
                                          Sep 1, 2024 20:55:28.776707888 CEST5111780192.168.2.434.107.221.82
                                          Sep 1, 2024 20:55:28.782329082 CEST805111734.107.221.82192.168.2.4
                                          Sep 1, 2024 20:55:28.822822094 CEST5111380192.168.2.434.107.221.82
                                          Sep 1, 2024 20:55:28.867634058 CEST805111734.107.221.82192.168.2.4
                                          Sep 1, 2024 20:55:28.915188074 CEST5111780192.168.2.434.107.221.82
                                          Sep 1, 2024 20:55:38.783633947 CEST5111380192.168.2.434.107.221.82
                                          Sep 1, 2024 20:55:38.788537979 CEST805111334.107.221.82192.168.2.4
                                          Sep 1, 2024 20:55:38.868284941 CEST5111780192.168.2.434.107.221.82
                                          Sep 1, 2024 20:55:38.873648882 CEST805111734.107.221.82192.168.2.4
                                          Sep 1, 2024 20:55:39.973135948 CEST51095443192.168.2.4142.250.81.238
                                          Sep 1, 2024 20:55:39.973145008 CEST44351095142.250.81.238192.168.2.4
                                          Sep 1, 2024 20:55:40.073472977 CEST51094443192.168.2.4142.250.81.238
                                          Sep 1, 2024 20:55:40.073502064 CEST44351094142.250.81.238192.168.2.4
                                          Sep 1, 2024 20:55:48.790764093 CEST5111380192.168.2.434.107.221.82
                                          Sep 1, 2024 20:55:48.795661926 CEST805111334.107.221.82192.168.2.4
                                          Sep 1, 2024 20:55:48.891148090 CEST5111780192.168.2.434.107.221.82
                                          Sep 1, 2024 20:55:48.895972967 CEST805111734.107.221.82192.168.2.4
                                          Sep 1, 2024 20:55:58.799052954 CEST5111380192.168.2.434.107.221.82
                                          Sep 1, 2024 20:55:58.804056883 CEST805111334.107.221.82192.168.2.4
                                          Sep 1, 2024 20:55:58.899517059 CEST5111780192.168.2.434.107.221.82
                                          Sep 1, 2024 20:55:58.904408932 CEST805111734.107.221.82192.168.2.4

                                          UDP Packets

                                          TimestampSource PortDest PortSource IPDest IP
                                          Sep 1, 2024 20:54:01.319156885 CEST53579751.1.1.1192.168.2.4
                                          Sep 1, 2024 20:54:02.958637953 CEST5467453192.168.2.41.1.1.1
                                          Sep 1, 2024 20:54:02.958897114 CEST6258053192.168.2.41.1.1.1
                                          Sep 1, 2024 20:54:02.965352058 CEST53546741.1.1.1192.168.2.4
                                          Sep 1, 2024 20:54:02.968728065 CEST53625801.1.1.1192.168.2.4
                                          Sep 1, 2024 20:54:03.016187906 CEST5363953192.168.2.41.1.1.1
                                          Sep 1, 2024 20:54:03.016335011 CEST5752953192.168.2.41.1.1.1
                                          Sep 1, 2024 20:54:03.997098923 CEST53583221.1.1.1192.168.2.4
                                          Sep 1, 2024 20:54:04.741664886 CEST53646231.1.1.1192.168.2.4
                                          Sep 1, 2024 20:54:06.018183947 CEST5688353192.168.2.41.1.1.1
                                          Sep 1, 2024 20:54:06.018690109 CEST5593253192.168.2.41.1.1.1
                                          Sep 1, 2024 20:54:06.019613981 CEST6395953192.168.2.41.1.1.1
                                          Sep 1, 2024 20:54:06.024975061 CEST53568831.1.1.1192.168.2.4
                                          Sep 1, 2024 20:54:06.025341988 CEST53559321.1.1.1192.168.2.4
                                          Sep 1, 2024 20:54:06.028620005 CEST53639591.1.1.1192.168.2.4
                                          Sep 1, 2024 20:54:06.074152946 CEST5779153192.168.2.41.1.1.1
                                          Sep 1, 2024 20:54:06.081125021 CEST53577911.1.1.1192.168.2.4
                                          Sep 1, 2024 20:54:06.237565994 CEST6380253192.168.2.41.1.1.1
                                          Sep 1, 2024 20:54:06.237698078 CEST5027553192.168.2.41.1.1.1
                                          Sep 1, 2024 20:54:06.245903015 CEST53638021.1.1.1192.168.2.4
                                          Sep 1, 2024 20:54:06.246119022 CEST53502751.1.1.1192.168.2.4
                                          Sep 1, 2024 20:54:06.725179911 CEST5530153192.168.2.41.1.1.1
                                          Sep 1, 2024 20:54:06.732844114 CEST53553011.1.1.1192.168.2.4
                                          Sep 1, 2024 20:54:06.788464069 CEST6427853192.168.2.41.1.1.1
                                          Sep 1, 2024 20:54:06.797193050 CEST53642781.1.1.1192.168.2.4
                                          Sep 1, 2024 20:54:07.294811010 CEST56215443192.168.2.4162.159.61.3
                                          Sep 1, 2024 20:54:07.600745916 CEST56215443192.168.2.4162.159.61.3
                                          Sep 1, 2024 20:54:07.937628984 CEST5558053192.168.2.41.1.1.1
                                          Sep 1, 2024 20:54:07.955084085 CEST44356215162.159.61.3192.168.2.4
                                          Sep 1, 2024 20:54:07.955341101 CEST44356215162.159.61.3192.168.2.4
                                          Sep 1, 2024 20:54:07.955353022 CEST44356215162.159.61.3192.168.2.4
                                          Sep 1, 2024 20:54:07.955900908 CEST44356215162.159.61.3192.168.2.4
                                          Sep 1, 2024 20:54:07.955935955 CEST44356215162.159.61.3192.168.2.4
                                          Sep 1, 2024 20:54:07.966106892 CEST6236753192.168.2.41.1.1.1
                                          Sep 1, 2024 20:54:07.974241018 CEST56215443192.168.2.4162.159.61.3
                                          Sep 1, 2024 20:54:07.974873066 CEST53623671.1.1.1192.168.2.4
                                          Sep 1, 2024 20:54:07.982167006 CEST56215443192.168.2.4162.159.61.3
                                          Sep 1, 2024 20:54:07.982501984 CEST56215443192.168.2.4162.159.61.3
                                          Sep 1, 2024 20:54:07.982606888 CEST56215443192.168.2.4162.159.61.3
                                          Sep 1, 2024 20:54:07.983398914 CEST56215443192.168.2.4162.159.61.3
                                          Sep 1, 2024 20:54:07.984909058 CEST5680653192.168.2.41.1.1.1
                                          Sep 1, 2024 20:54:07.992223024 CEST53568061.1.1.1192.168.2.4
                                          Sep 1, 2024 20:54:08.001359940 CEST56215443192.168.2.4162.159.61.3
                                          Sep 1, 2024 20:54:08.071645021 CEST44356215162.159.61.3192.168.2.4
                                          Sep 1, 2024 20:54:08.071660042 CEST44356215162.159.61.3192.168.2.4
                                          Sep 1, 2024 20:54:08.071732998 CEST44356215162.159.61.3192.168.2.4
                                          Sep 1, 2024 20:54:08.071743011 CEST44356215162.159.61.3192.168.2.4
                                          Sep 1, 2024 20:54:08.072829008 CEST44356215162.159.61.3192.168.2.4
                                          Sep 1, 2024 20:54:08.074084044 CEST44356215162.159.61.3192.168.2.4
                                          Sep 1, 2024 20:54:08.092468977 CEST44356215162.159.61.3192.168.2.4
                                          Sep 1, 2024 20:54:08.092487097 CEST44356215162.159.61.3192.168.2.4
                                          Sep 1, 2024 20:54:08.098462105 CEST56215443192.168.2.4162.159.61.3
                                          Sep 1, 2024 20:54:08.098541975 CEST56215443192.168.2.4162.159.61.3
                                          Sep 1, 2024 20:54:08.098715067 CEST56215443192.168.2.4162.159.61.3
                                          Sep 1, 2024 20:54:08.188082933 CEST44356215162.159.61.3192.168.2.4
                                          Sep 1, 2024 20:54:08.302372932 CEST56215443192.168.2.4162.159.61.3
                                          Sep 1, 2024 20:54:08.306762934 CEST56215443192.168.2.4162.159.61.3
                                          Sep 1, 2024 20:54:08.306879044 CEST56215443192.168.2.4162.159.61.3
                                          Sep 1, 2024 20:54:08.398794889 CEST44356215162.159.61.3192.168.2.4
                                          Sep 1, 2024 20:54:08.399594069 CEST44356215162.159.61.3192.168.2.4
                                          Sep 1, 2024 20:54:08.399779081 CEST44356215162.159.61.3192.168.2.4
                                          Sep 1, 2024 20:54:08.401122093 CEST56215443192.168.2.4162.159.61.3
                                          Sep 1, 2024 20:54:08.421649933 CEST5971853192.168.2.41.1.1.1
                                          Sep 1, 2024 20:54:08.430825949 CEST53597181.1.1.1192.168.2.4
                                          Sep 1, 2024 20:54:08.509217024 CEST5702853192.168.2.41.1.1.1
                                          Sep 1, 2024 20:54:08.511210918 CEST5907653192.168.2.41.1.1.1
                                          Sep 1, 2024 20:54:08.516319990 CEST53570281.1.1.1192.168.2.4
                                          Sep 1, 2024 20:54:08.535221100 CEST56215443192.168.2.4162.159.61.3
                                          Sep 1, 2024 20:54:08.535340071 CEST56215443192.168.2.4162.159.61.3
                                          Sep 1, 2024 20:54:08.571201086 CEST56215443192.168.2.4162.159.61.3
                                          Sep 1, 2024 20:54:08.571357012 CEST56215443192.168.2.4162.159.61.3
                                          Sep 1, 2024 20:54:08.626705885 CEST44356215162.159.61.3192.168.2.4
                                          Sep 1, 2024 20:54:08.628699064 CEST44356215162.159.61.3192.168.2.4
                                          Sep 1, 2024 20:54:08.628788948 CEST44356215162.159.61.3192.168.2.4
                                          Sep 1, 2024 20:54:08.631671906 CEST56215443192.168.2.4162.159.61.3
                                          Sep 1, 2024 20:54:08.661264896 CEST44356215162.159.61.3192.168.2.4
                                          Sep 1, 2024 20:54:08.662300110 CEST44356215162.159.61.3192.168.2.4
                                          Sep 1, 2024 20:54:08.662420034 CEST44356215162.159.61.3192.168.2.4
                                          Sep 1, 2024 20:54:08.669276953 CEST56215443192.168.2.4162.159.61.3
                                          Sep 1, 2024 20:54:09.010867119 CEST55144443192.168.2.4142.250.81.238
                                          Sep 1, 2024 20:54:09.414622068 CEST55144443192.168.2.4142.250.81.238
                                          Sep 1, 2024 20:54:09.444354057 CEST44355144142.250.81.238192.168.2.4
                                          Sep 1, 2024 20:54:09.450501919 CEST44355144142.250.81.238192.168.2.4
                                          Sep 1, 2024 20:54:09.450618029 CEST44355144142.250.81.238192.168.2.4
                                          Sep 1, 2024 20:54:09.461188078 CEST55144443192.168.2.4142.250.81.238
                                          Sep 1, 2024 20:54:09.508378983 CEST44355144142.250.81.238192.168.2.4
                                          Sep 1, 2024 20:54:09.508660078 CEST44355144142.250.81.238192.168.2.4
                                          Sep 1, 2024 20:54:09.508896112 CEST55144443192.168.2.4142.250.81.238
                                          Sep 1, 2024 20:54:09.509627104 CEST55144443192.168.2.4142.250.81.238
                                          Sep 1, 2024 20:54:09.510304928 CEST55144443192.168.2.4142.250.81.238
                                          Sep 1, 2024 20:54:09.510421991 CEST55144443192.168.2.4142.250.81.238
                                          Sep 1, 2024 20:54:09.510819912 CEST55144443192.168.2.4142.250.81.238
                                          Sep 1, 2024 20:54:09.510829926 CEST55144443192.168.2.4142.250.81.238
                                          Sep 1, 2024 20:54:09.510951996 CEST55144443192.168.2.4142.250.81.238
                                          Sep 1, 2024 20:54:09.600681067 CEST44355144142.250.81.238192.168.2.4
                                          Sep 1, 2024 20:54:09.600791931 CEST44355144142.250.81.238192.168.2.4
                                          Sep 1, 2024 20:54:09.600882053 CEST44355144142.250.81.238192.168.2.4
                                          Sep 1, 2024 20:54:09.601464987 CEST44355144142.250.81.238192.168.2.4
                                          Sep 1, 2024 20:54:09.601499081 CEST55144443192.168.2.4142.250.81.238
                                          Sep 1, 2024 20:54:09.601969004 CEST55144443192.168.2.4142.250.81.238
                                          Sep 1, 2024 20:54:09.615055084 CEST44355144142.250.81.238192.168.2.4
                                          Sep 1, 2024 20:54:09.615936995 CEST55144443192.168.2.4142.250.81.238
                                          Sep 1, 2024 20:54:09.617856979 CEST44355144142.250.81.238192.168.2.4
                                          Sep 1, 2024 20:54:09.618757010 CEST55144443192.168.2.4142.250.81.238
                                          Sep 1, 2024 20:54:09.708584070 CEST44355144142.250.81.238192.168.2.4
                                          Sep 1, 2024 20:54:10.833611012 CEST56215443192.168.2.4162.159.61.3
                                          Sep 1, 2024 20:54:10.833791971 CEST56215443192.168.2.4162.159.61.3
                                          Sep 1, 2024 20:54:10.924331903 CEST44356215162.159.61.3192.168.2.4
                                          Sep 1, 2024 20:54:10.924813986 CEST44356215162.159.61.3192.168.2.4
                                          Sep 1, 2024 20:54:10.925028086 CEST44356215162.159.61.3192.168.2.4
                                          Sep 1, 2024 20:54:10.926498890 CEST56215443192.168.2.4162.159.61.3
                                          Sep 1, 2024 20:54:17.058809042 CEST55144443192.168.2.4142.250.81.238
                                          Sep 1, 2024 20:54:17.058862925 CEST55144443192.168.2.4142.250.81.238
                                          Sep 1, 2024 20:54:17.167376041 CEST44355144142.250.81.238192.168.2.4
                                          Sep 1, 2024 20:54:17.193665981 CEST55144443192.168.2.4142.250.81.238
                                          Sep 1, 2024 20:54:17.199939013 CEST44355144142.250.81.238192.168.2.4
                                          Sep 1, 2024 20:54:17.200179100 CEST55144443192.168.2.4142.250.81.238
                                          Sep 1, 2024 20:54:17.200336933 CEST44355144142.250.81.238192.168.2.4
                                          Sep 1, 2024 20:54:17.228106022 CEST55144443192.168.2.4142.250.81.238
                                          Sep 1, 2024 20:54:17.317819118 CEST44355144142.250.81.238192.168.2.4
                                          Sep 1, 2024 20:54:19.396786928 CEST138138192.168.2.4192.168.2.255
                                          Sep 1, 2024 20:54:21.301049948 CEST56215443192.168.2.4162.159.61.3
                                          Sep 1, 2024 20:54:21.301155090 CEST56215443192.168.2.4162.159.61.3
                                          Sep 1, 2024 20:54:21.391508102 CEST44356215162.159.61.3192.168.2.4
                                          Sep 1, 2024 20:54:21.393409014 CEST44356215162.159.61.3192.168.2.4
                                          Sep 1, 2024 20:54:21.414113045 CEST44356215162.159.61.3192.168.2.4
                                          Sep 1, 2024 20:54:21.414321899 CEST56215443192.168.2.4162.159.61.3
                                          Sep 1, 2024 20:54:22.396620989 CEST56215443192.168.2.4162.159.61.3
                                          Sep 1, 2024 20:54:22.397022963 CEST56215443192.168.2.4162.159.61.3
                                          Sep 1, 2024 20:54:22.398086071 CEST52467443192.168.2.4172.64.41.3
                                          Sep 1, 2024 20:54:22.486869097 CEST44356215162.159.61.3192.168.2.4
                                          Sep 1, 2024 20:54:22.487844944 CEST44356215162.159.61.3192.168.2.4
                                          Sep 1, 2024 20:54:22.488111973 CEST44356215162.159.61.3192.168.2.4
                                          Sep 1, 2024 20:54:22.488949060 CEST56215443192.168.2.4162.159.61.3
                                          Sep 1, 2024 20:54:22.718027115 CEST52467443192.168.2.4172.64.41.3
                                          Sep 1, 2024 20:54:22.826878071 CEST44352467172.64.41.3192.168.2.4
                                          Sep 1, 2024 20:54:22.826901913 CEST44352467172.64.41.3192.168.2.4
                                          Sep 1, 2024 20:54:22.827254057 CEST44352467172.64.41.3192.168.2.4
                                          Sep 1, 2024 20:54:22.827526093 CEST44352467172.64.41.3192.168.2.4
                                          Sep 1, 2024 20:54:22.827615976 CEST44352467172.64.41.3192.168.2.4
                                          Sep 1, 2024 20:54:22.827790022 CEST52467443192.168.2.4172.64.41.3
                                          Sep 1, 2024 20:54:22.829536915 CEST52467443192.168.2.4172.64.41.3
                                          Sep 1, 2024 20:54:22.829623938 CEST52467443192.168.2.4172.64.41.3
                                          Sep 1, 2024 20:54:22.829933882 CEST52467443192.168.2.4172.64.41.3
                                          Sep 1, 2024 20:54:22.830015898 CEST52467443192.168.2.4172.64.41.3
                                          Sep 1, 2024 20:54:22.921251059 CEST44352467172.64.41.3192.168.2.4
                                          Sep 1, 2024 20:54:22.921389103 CEST44352467172.64.41.3192.168.2.4
                                          Sep 1, 2024 20:54:22.921679020 CEST52467443192.168.2.4172.64.41.3
                                          Sep 1, 2024 20:54:23.065783024 CEST52467443192.168.2.4172.64.41.3
                                          Sep 1, 2024 20:54:23.120964050 CEST44352467172.64.41.3192.168.2.4
                                          Sep 1, 2024 20:54:23.120975971 CEST44352467172.64.41.3192.168.2.4
                                          Sep 1, 2024 20:54:23.120985031 CEST44352467172.64.41.3192.168.2.4
                                          Sep 1, 2024 20:54:23.121046066 CEST44352467172.64.41.3192.168.2.4
                                          Sep 1, 2024 20:54:23.122123003 CEST52467443192.168.2.4172.64.41.3
                                          Sep 1, 2024 20:54:23.122208118 CEST52467443192.168.2.4172.64.41.3
                                          Sep 1, 2024 20:54:23.181567907 CEST44352467172.64.41.3192.168.2.4
                                          Sep 1, 2024 20:54:23.208348036 CEST44352467172.64.41.3192.168.2.4
                                          Sep 1, 2024 20:54:23.209716082 CEST52467443192.168.2.4172.64.41.3
                                          Sep 1, 2024 20:54:23.213334084 CEST44352467172.64.41.3192.168.2.4
                                          Sep 1, 2024 20:54:23.250740051 CEST52467443192.168.2.4172.64.41.3
                                          Sep 1, 2024 20:54:35.055437088 CEST5255153192.168.2.41.1.1.1
                                          Sep 1, 2024 20:54:35.056088924 CEST6246853192.168.2.41.1.1.1
                                          Sep 1, 2024 20:54:35.062416077 CEST53525511.1.1.1192.168.2.4
                                          Sep 1, 2024 20:54:35.063555956 CEST6181653192.168.2.41.1.1.1
                                          Sep 1, 2024 20:54:35.068104982 CEST53624681.1.1.1192.168.2.4
                                          Sep 1, 2024 20:54:35.068586111 CEST5525153192.168.2.41.1.1.1
                                          Sep 1, 2024 20:54:35.070635080 CEST53618161.1.1.1192.168.2.4
                                          Sep 1, 2024 20:54:35.071135998 CEST5528053192.168.2.41.1.1.1
                                          Sep 1, 2024 20:54:35.076308966 CEST53552511.1.1.1192.168.2.4
                                          Sep 1, 2024 20:54:35.078109980 CEST53552801.1.1.1192.168.2.4
                                          Sep 1, 2024 20:54:35.148736000 CEST6510153192.168.2.41.1.1.1
                                          Sep 1, 2024 20:54:35.156244993 CEST53651011.1.1.1192.168.2.4
                                          Sep 1, 2024 20:54:35.157331944 CEST5809353192.168.2.41.1.1.1
                                          Sep 1, 2024 20:54:35.166958094 CEST53580931.1.1.1192.168.2.4
                                          Sep 1, 2024 20:54:35.167538881 CEST5878753192.168.2.41.1.1.1
                                          Sep 1, 2024 20:54:35.174614906 CEST53587871.1.1.1192.168.2.4
                                          Sep 1, 2024 20:54:35.542730093 CEST5100953192.168.2.41.1.1.1
                                          Sep 1, 2024 20:54:38.321532011 CEST55144443192.168.2.4142.250.81.238
                                          Sep 1, 2024 20:54:38.428088903 CEST44355144142.250.81.238192.168.2.4
                                          Sep 1, 2024 20:54:38.428106070 CEST44355144142.250.81.238192.168.2.4
                                          Sep 1, 2024 20:54:38.428930044 CEST55144443192.168.2.4142.250.81.238
                                          Sep 1, 2024 20:54:38.458873034 CEST55144443192.168.2.4142.250.81.238
                                          Sep 1, 2024 20:54:38.544789076 CEST44355144142.250.81.238192.168.2.4
                                          Sep 1, 2024 20:54:38.769498110 CEST55144443192.168.2.4142.250.81.238
                                          Sep 1, 2024 20:54:38.874723911 CEST44355144142.250.81.238192.168.2.4
                                          Sep 1, 2024 20:54:38.875430107 CEST55144443192.168.2.4142.250.81.238
                                          Sep 1, 2024 20:54:38.991981030 CEST44355144142.250.81.238192.168.2.4
                                          Sep 1, 2024 20:54:40.590821028 CEST5088753192.168.2.41.1.1.1
                                          Sep 1, 2024 20:54:40.598537922 CEST53508871.1.1.1192.168.2.4
                                          Sep 1, 2024 20:54:40.756931067 CEST5173553192.168.2.41.1.1.1
                                          Sep 1, 2024 20:54:40.763698101 CEST53517351.1.1.1192.168.2.4
                                          Sep 1, 2024 20:54:40.764605999 CEST6335053192.168.2.41.1.1.1
                                          Sep 1, 2024 20:54:40.771775961 CEST53633501.1.1.1192.168.2.4
                                          Sep 1, 2024 20:54:40.772305012 CEST6114953192.168.2.41.1.1.1
                                          Sep 1, 2024 20:54:40.778894901 CEST53611491.1.1.1192.168.2.4
                                          Sep 1, 2024 20:54:40.830916882 CEST6307853192.168.2.41.1.1.1
                                          Sep 1, 2024 20:54:40.837908983 CEST53630781.1.1.1192.168.2.4
                                          Sep 1, 2024 20:54:40.838730097 CEST5708653192.168.2.41.1.1.1
                                          Sep 1, 2024 20:54:40.845850945 CEST53570861.1.1.1192.168.2.4
                                          Sep 1, 2024 20:54:40.846457005 CEST5792253192.168.2.41.1.1.1
                                          Sep 1, 2024 20:54:40.854182959 CEST53579221.1.1.1192.168.2.4
                                          Sep 1, 2024 20:54:40.945302963 CEST5635153192.168.2.41.1.1.1
                                          Sep 1, 2024 20:54:40.953474045 CEST53563511.1.1.1192.168.2.4
                                          Sep 1, 2024 20:54:40.956996918 CEST6231353192.168.2.41.1.1.1
                                          Sep 1, 2024 20:54:40.966538906 CEST53623131.1.1.1192.168.2.4
                                          Sep 1, 2024 20:54:40.967259884 CEST6210953192.168.2.41.1.1.1
                                          Sep 1, 2024 20:54:40.974724054 CEST53621091.1.1.1192.168.2.4
                                          Sep 1, 2024 20:54:41.460166931 CEST6087153192.168.2.41.1.1.1
                                          Sep 1, 2024 20:54:41.535293102 CEST53651301.1.1.1192.168.2.4
                                          Sep 1, 2024 20:54:41.798455954 CEST6437353192.168.2.41.1.1.1
                                          Sep 1, 2024 20:54:43.055234909 CEST5846253192.168.2.41.1.1.1
                                          Sep 1, 2024 20:54:43.063555002 CEST53584621.1.1.1192.168.2.4
                                          Sep 1, 2024 20:54:43.074868917 CEST5950553192.168.2.41.1.1.1
                                          Sep 1, 2024 20:54:43.081969023 CEST53595051.1.1.1192.168.2.4
                                          Sep 1, 2024 20:54:43.083199978 CEST6182753192.168.2.41.1.1.1
                                          Sep 1, 2024 20:54:43.090780973 CEST53618271.1.1.1192.168.2.4
                                          Sep 1, 2024 20:54:43.963521957 CEST5772953192.168.2.41.1.1.1
                                          Sep 1, 2024 20:54:43.972794056 CEST53577291.1.1.1192.168.2.4
                                          Sep 1, 2024 20:54:43.974987030 CEST6092953192.168.2.41.1.1.1
                                          Sep 1, 2024 20:54:43.982467890 CEST53609291.1.1.1192.168.2.4
                                          Sep 1, 2024 20:54:45.103946924 CEST5806853192.168.2.41.1.1.1
                                          Sep 1, 2024 20:54:45.111538887 CEST53580681.1.1.1192.168.2.4
                                          Sep 1, 2024 20:54:45.113377094 CEST6268453192.168.2.41.1.1.1
                                          Sep 1, 2024 20:54:45.123338938 CEST53626841.1.1.1192.168.2.4
                                          Sep 1, 2024 20:54:45.123843908 CEST5605553192.168.2.41.1.1.1
                                          Sep 1, 2024 20:54:45.132613897 CEST53560551.1.1.1192.168.2.4
                                          Sep 1, 2024 20:54:48.946238041 CEST5244253192.168.2.41.1.1.1
                                          Sep 1, 2024 20:54:48.953406096 CEST53524421.1.1.1192.168.2.4
                                          Sep 1, 2024 20:54:49.396743059 CEST5054453192.168.2.41.1.1.1
                                          Sep 1, 2024 20:55:00.111588001 CEST5017953192.168.2.41.1.1.1
                                          Sep 1, 2024 20:55:00.118463039 CEST53501791.1.1.1192.168.2.4
                                          Sep 1, 2024 20:55:03.025306940 CEST65416443192.168.2.4162.159.61.3
                                          Sep 1, 2024 20:55:03.025458097 CEST65416443192.168.2.4162.159.61.3
                                          Sep 1, 2024 20:55:03.025649071 CEST65416443192.168.2.4162.159.61.3
                                          Sep 1, 2024 20:55:03.025748968 CEST65416443192.168.2.4162.159.61.3
                                          Sep 1, 2024 20:55:03.470014095 CEST44365416162.159.61.3192.168.2.4
                                          Sep 1, 2024 20:55:03.470530033 CEST65416443192.168.2.4162.159.61.3
                                          Sep 1, 2024 20:55:03.506622076 CEST65416443192.168.2.4162.159.61.3
                                          Sep 1, 2024 20:55:03.563147068 CEST44365416162.159.61.3192.168.2.4
                                          Sep 1, 2024 20:55:03.563410997 CEST44365416162.159.61.3192.168.2.4
                                          Sep 1, 2024 20:55:03.563420057 CEST44365416162.159.61.3192.168.2.4
                                          Sep 1, 2024 20:55:03.563570023 CEST65416443192.168.2.4162.159.61.3
                                          Sep 1, 2024 20:55:03.563831091 CEST44365416162.159.61.3192.168.2.4
                                          Sep 1, 2024 20:55:03.563941002 CEST65416443192.168.2.4162.159.61.3
                                          Sep 1, 2024 20:55:03.655415058 CEST44365416162.159.61.3192.168.2.4
                                          Sep 1, 2024 20:55:03.655740023 CEST65416443192.168.2.4162.159.61.3
                                          Sep 1, 2024 20:55:03.747368097 CEST44365416162.159.61.3192.168.2.4
                                          Sep 1, 2024 20:55:03.749025106 CEST44365416162.159.61.3192.168.2.4
                                          Sep 1, 2024 20:55:03.749512911 CEST44365416162.159.61.3192.168.2.4
                                          Sep 1, 2024 20:55:03.749675989 CEST65416443192.168.2.4162.159.61.3
                                          Sep 1, 2024 20:55:04.355082035 CEST5876153192.168.2.41.1.1.1
                                          Sep 1, 2024 20:55:04.364684105 CEST53587611.1.1.1192.168.2.4
                                          Sep 1, 2024 20:55:04.660561085 CEST65416443192.168.2.4162.159.61.3
                                          Sep 1, 2024 20:55:04.660670042 CEST65416443192.168.2.4162.159.61.3
                                          Sep 1, 2024 20:55:04.754199028 CEST44365416162.159.61.3192.168.2.4
                                          Sep 1, 2024 20:55:04.755006075 CEST44365416162.159.61.3192.168.2.4
                                          Sep 1, 2024 20:55:04.755466938 CEST44365416162.159.61.3192.168.2.4
                                          Sep 1, 2024 20:55:04.759006023 CEST65416443192.168.2.4162.159.61.3
                                          Sep 1, 2024 20:55:04.760476112 CEST50666443192.168.2.423.59.250.96
                                          Sep 1, 2024 20:55:05.061444998 CEST50666443192.168.2.423.59.250.96
                                          Sep 1, 2024 20:55:05.197928905 CEST4435066623.59.250.96192.168.2.4
                                          Sep 1, 2024 20:55:05.198754072 CEST4435066623.59.250.96192.168.2.4
                                          Sep 1, 2024 20:55:05.200432062 CEST4435066623.59.250.96192.168.2.4
                                          Sep 1, 2024 20:55:05.200443983 CEST4435066623.59.250.96192.168.2.4
                                          Sep 1, 2024 20:55:05.203880072 CEST4435066623.59.250.96192.168.2.4
                                          Sep 1, 2024 20:55:05.208744049 CEST50666443192.168.2.423.59.250.96
                                          Sep 1, 2024 20:55:05.210777998 CEST50666443192.168.2.423.59.250.96
                                          Sep 1, 2024 20:55:05.210897923 CEST50666443192.168.2.423.59.250.96
                                          Sep 1, 2024 20:55:05.313461065 CEST4435066623.59.250.96192.168.2.4
                                          Sep 1, 2024 20:55:05.313580036 CEST4435066623.59.250.96192.168.2.4
                                          Sep 1, 2024 20:55:05.314121962 CEST4435066623.59.250.96192.168.2.4
                                          Sep 1, 2024 20:55:05.314131021 CEST4435066623.59.250.96192.168.2.4
                                          Sep 1, 2024 20:55:05.315148115 CEST50666443192.168.2.423.59.250.96
                                          Sep 1, 2024 20:55:05.315252066 CEST50666443192.168.2.423.59.250.96
                                          Sep 1, 2024 20:55:05.407083988 CEST4435066623.59.250.96192.168.2.4
                                          Sep 1, 2024 20:55:10.061706066 CEST65416443192.168.2.4162.159.61.3
                                          Sep 1, 2024 20:55:10.061737061 CEST65416443192.168.2.4162.159.61.3
                                          Sep 1, 2024 20:55:10.153976917 CEST44365416162.159.61.3192.168.2.4
                                          Sep 1, 2024 20:55:10.154834986 CEST44365416162.159.61.3192.168.2.4
                                          Sep 1, 2024 20:55:10.155035019 CEST44365416162.159.61.3192.168.2.4
                                          Sep 1, 2024 20:55:10.155486107 CEST65416443192.168.2.4162.159.61.3
                                          Sep 1, 2024 20:55:10.156038046 CEST64479443192.168.2.4172.253.115.84
                                          Sep 1, 2024 20:55:10.156153917 CEST64479443192.168.2.4172.253.115.84
                                          Sep 1, 2024 20:55:10.590778112 CEST44364479172.253.115.84192.168.2.4
                                          Sep 1, 2024 20:55:10.591139078 CEST44364479172.253.115.84192.168.2.4
                                          Sep 1, 2024 20:55:10.591152906 CEST44364479172.253.115.84192.168.2.4
                                          Sep 1, 2024 20:55:10.591164112 CEST44364479172.253.115.84192.168.2.4
                                          Sep 1, 2024 20:55:10.593386889 CEST44364479172.253.115.84192.168.2.4
                                          Sep 1, 2024 20:55:10.597510099 CEST64479443192.168.2.4172.253.115.84
                                          Sep 1, 2024 20:55:10.598134041 CEST64479443192.168.2.4172.253.115.84
                                          Sep 1, 2024 20:55:10.598407984 CEST64479443192.168.2.4172.253.115.84
                                          Sep 1, 2024 20:55:10.695808887 CEST44364479172.253.115.84192.168.2.4
                                          Sep 1, 2024 20:55:10.696402073 CEST44364479172.253.115.84192.168.2.4
                                          Sep 1, 2024 20:55:10.696410894 CEST44364479172.253.115.84192.168.2.4
                                          Sep 1, 2024 20:55:10.696584940 CEST64479443192.168.2.4172.253.115.84
                                          Sep 1, 2024 20:55:10.743043900 CEST64479443192.168.2.4172.253.115.84
                                          Sep 1, 2024 20:55:10.752757072 CEST44364479172.253.115.84192.168.2.4
                                          Sep 1, 2024 20:55:10.753034115 CEST64479443192.168.2.4172.253.115.84
                                          Sep 1, 2024 20:55:10.753047943 CEST44364479172.253.115.84192.168.2.4
                                          Sep 1, 2024 20:55:10.753057957 CEST44364479172.253.115.84192.168.2.4
                                          Sep 1, 2024 20:55:10.754300117 CEST64479443192.168.2.4172.253.115.84
                                          Sep 1, 2024 20:55:10.876347065 CEST44364479172.253.115.84192.168.2.4
                                          Sep 1, 2024 20:55:13.150139093 CEST6362153192.168.2.41.1.1.1
                                          Sep 1, 2024 20:55:20.777152061 CEST6053353192.168.2.41.1.1.1
                                          Sep 1, 2024 20:55:20.784151077 CEST53605331.1.1.1192.168.2.4
                                          Sep 1, 2024 20:55:20.792188883 CEST5083453192.168.2.41.1.1.1
                                          Sep 1, 2024 20:55:20.799576998 CEST53508341.1.1.1192.168.2.4
                                          Sep 1, 2024 20:55:25.318259001 CEST4435066623.59.250.96192.168.2.4
                                          Sep 1, 2024 20:55:25.349412918 CEST50666443192.168.2.423.59.250.96
                                          Sep 1, 2024 20:55:25.839589119 CEST4435066623.59.250.96192.168.2.4
                                          Sep 1, 2024 20:55:25.866750956 CEST50666443192.168.2.423.59.250.96
                                          Sep 1, 2024 20:55:35.318685055 CEST4435066623.59.250.96192.168.2.4

                                          DNS Queries

                                          TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                          Sep 1, 2024 20:54:02.958637953 CEST192.168.2.41.1.1.10x2415Standard query (0)clients2.googleusercontent.comA (IP address)IN (0x0001)false
                                          Sep 1, 2024 20:54:02.958897114 CEST192.168.2.41.1.1.10x1523Standard query (0)clients2.googleusercontent.com65IN (0x0001)false
                                          Sep 1, 2024 20:54:03.016187906 CEST192.168.2.41.1.1.10x9dadStandard query (0)bzib.nelreports.netA (IP address)IN (0x0001)false
                                          Sep 1, 2024 20:54:03.016335011 CEST192.168.2.41.1.1.10xa30eStandard query (0)bzib.nelreports.net65IN (0x0001)false
                                          Sep 1, 2024 20:54:06.018183947 CEST192.168.2.41.1.1.10x5fddStandard query (0)chrome.cloudflare-dns.comA (IP address)IN (0x0001)false
                                          Sep 1, 2024 20:54:06.018690109 CEST192.168.2.41.1.1.10x3196Standard query (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                          Sep 1, 2024 20:54:06.019613981 CEST192.168.2.41.1.1.10x4f6dStandard query (0)chrome.cloudflare-dns.comA (IP address)IN (0x0001)false
                                          Sep 1, 2024 20:54:06.074152946 CEST192.168.2.41.1.1.10x6ec0Standard query (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                          Sep 1, 2024 20:54:06.237565994 CEST192.168.2.41.1.1.10x4d3fStandard query (0)chrome.cloudflare-dns.comA (IP address)IN (0x0001)false
                                          Sep 1, 2024 20:54:06.237698078 CEST192.168.2.41.1.1.10x1e41Standard query (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                          Sep 1, 2024 20:54:06.725179911 CEST192.168.2.41.1.1.10x30feStandard query (0)prod.classify-client.prod.webservices.mozgcp.netA (IP address)IN (0x0001)false
                                          Sep 1, 2024 20:54:06.788464069 CEST192.168.2.41.1.1.10x3bc5Standard query (0)prod.classify-client.prod.webservices.mozgcp.net28IN (0x0001)false
                                          Sep 1, 2024 20:54:07.937628984 CEST192.168.2.41.1.1.10x9a49Standard query (0)detectportal.firefox.comA (IP address)IN (0x0001)false
                                          Sep 1, 2024 20:54:07.966106892 CEST192.168.2.41.1.1.10x988aStandard query (0)prod.detectportal.prod.cloudops.mozgcp.netA (IP address)IN (0x0001)false
                                          Sep 1, 2024 20:54:07.984909058 CEST192.168.2.41.1.1.10xab9Standard query (0)prod.detectportal.prod.cloudops.mozgcp.net28IN (0x0001)false
                                          Sep 1, 2024 20:54:08.421649933 CEST192.168.2.41.1.1.10x16d7Standard query (0)example.orgA (IP address)IN (0x0001)false
                                          Sep 1, 2024 20:54:08.447520018 CEST192.168.2.41.1.1.10x1Standard query (0)example.orgA (IP address)IN (0x0001)false
                                          Sep 1, 2024 20:54:08.509217024 CEST192.168.2.41.1.1.10x7cd5Standard query (0)ipv4only.arpaA (IP address)IN (0x0001)false
                                          Sep 1, 2024 20:54:08.511210918 CEST192.168.2.41.1.1.10x3e25Standard query (0)detectportal.firefox.comA (IP address)IN (0x0001)false
                                          Sep 1, 2024 20:54:35.055437088 CEST192.168.2.41.1.1.10x4692Standard query (0)firefox.settings.services.mozilla.comA (IP address)IN (0x0001)false
                                          Sep 1, 2024 20:54:35.056088924 CEST192.168.2.41.1.1.10xd6d3Standard query (0)prod.balrog.prod.cloudops.mozgcp.netA (IP address)IN (0x0001)false
                                          Sep 1, 2024 20:54:35.063555956 CEST192.168.2.41.1.1.10xdb1dStandard query (0)prod.remote-settings.prod.webservices.mozgcp.netA (IP address)IN (0x0001)false
                                          Sep 1, 2024 20:54:35.068586111 CEST192.168.2.41.1.1.10x9b26Standard query (0)prod.balrog.prod.cloudops.mozgcp.net28IN (0x0001)false
                                          Sep 1, 2024 20:54:35.071135998 CEST192.168.2.41.1.1.10x2414Standard query (0)prod.remote-settings.prod.webservices.mozgcp.net28IN (0x0001)false
                                          Sep 1, 2024 20:54:35.148736000 CEST192.168.2.41.1.1.10x2d21Standard query (0)services.addons.mozilla.orgA (IP address)IN (0x0001)false
                                          Sep 1, 2024 20:54:35.157331944 CEST192.168.2.41.1.1.10x4ebaStandard query (0)services.addons.mozilla.orgA (IP address)IN (0x0001)false
                                          Sep 1, 2024 20:54:35.167538881 CEST192.168.2.41.1.1.10xa097Standard query (0)services.addons.mozilla.org28IN (0x0001)false
                                          Sep 1, 2024 20:54:35.542730093 CEST192.168.2.41.1.1.10xfcb5Standard query (0)detectportal.firefox.comA (IP address)IN (0x0001)false
                                          Sep 1, 2024 20:54:40.590821028 CEST192.168.2.41.1.1.10xce20Standard query (0)prod.balrog.prod.cloudops.mozgcp.net28IN (0x0001)false
                                          Sep 1, 2024 20:54:40.756931067 CEST192.168.2.41.1.1.10xa13bStandard query (0)contile.services.mozilla.comA (IP address)IN (0x0001)false
                                          Sep 1, 2024 20:54:40.764605999 CEST192.168.2.41.1.1.10xe72fStandard query (0)contile.services.mozilla.comA (IP address)IN (0x0001)false
                                          Sep 1, 2024 20:54:40.772305012 CEST192.168.2.41.1.1.10xef13Standard query (0)contile.services.mozilla.com28IN (0x0001)false
                                          Sep 1, 2024 20:54:40.830916882 CEST192.168.2.41.1.1.10x10c3Standard query (0)spocs.getpocket.comA (IP address)IN (0x0001)false
                                          Sep 1, 2024 20:54:40.838730097 CEST192.168.2.41.1.1.10x93aaStandard query (0)prod.ads.prod.webservices.mozgcp.netA (IP address)IN (0x0001)false
                                          Sep 1, 2024 20:54:40.846457005 CEST192.168.2.41.1.1.10x4245Standard query (0)prod.ads.prod.webservices.mozgcp.net28IN (0x0001)false
                                          Sep 1, 2024 20:54:40.945302963 CEST192.168.2.41.1.1.10x3e24Standard query (0)content-signature-2.cdn.mozilla.netA (IP address)IN (0x0001)false
                                          Sep 1, 2024 20:54:40.956996918 CEST192.168.2.41.1.1.10x3b09Standard query (0)prod.content-signature-chains.prod.webservices.mozgcp.netA (IP address)IN (0x0001)false
                                          Sep 1, 2024 20:54:40.967259884 CEST192.168.2.41.1.1.10xd622Standard query (0)prod.content-signature-chains.prod.webservices.mozgcp.net28IN (0x0001)false
                                          Sep 1, 2024 20:54:41.460166931 CEST192.168.2.41.1.1.10x9a84Standard query (0)shavar.services.mozilla.comA (IP address)IN (0x0001)false
                                          Sep 1, 2024 20:54:41.798455954 CEST192.168.2.41.1.1.10x91deStandard query (0)shavar.services.mozilla.comA (IP address)IN (0x0001)false
                                          Sep 1, 2024 20:54:43.055234909 CEST192.168.2.41.1.1.10xb659Standard query (0)push.services.mozilla.comA (IP address)IN (0x0001)false
                                          Sep 1, 2024 20:54:43.074868917 CEST192.168.2.41.1.1.10xbcc5Standard query (0)push.services.mozilla.comA (IP address)IN (0x0001)false
                                          Sep 1, 2024 20:54:43.083199978 CEST192.168.2.41.1.1.10xfe45Standard query (0)push.services.mozilla.com28IN (0x0001)false
                                          Sep 1, 2024 20:54:43.963521957 CEST192.168.2.41.1.1.10x1cc6Standard query (0)telemetry-incoming.r53-2.services.mozilla.comA (IP address)IN (0x0001)false
                                          Sep 1, 2024 20:54:43.974987030 CEST192.168.2.41.1.1.10x5730Standard query (0)telemetry-incoming.r53-2.services.mozilla.com28IN (0x0001)false
                                          Sep 1, 2024 20:54:45.103946924 CEST192.168.2.41.1.1.10x32a2Standard query (0)support.mozilla.orgA (IP address)IN (0x0001)false
                                          Sep 1, 2024 20:54:45.113377094 CEST192.168.2.41.1.1.10xe119Standard query (0)us-west1.prod.sumo.prod.webservices.mozgcp.netA (IP address)IN (0x0001)false
                                          Sep 1, 2024 20:54:45.123843908 CEST192.168.2.41.1.1.10x25ddStandard query (0)us-west1.prod.sumo.prod.webservices.mozgcp.net28IN (0x0001)false
                                          Sep 1, 2024 20:54:48.946238041 CEST192.168.2.41.1.1.10xdeb0Standard query (0)push.services.mozilla.com28IN (0x0001)false
                                          Sep 1, 2024 20:54:49.396743059 CEST192.168.2.41.1.1.10x5dbdStandard query (0)detectportal.firefox.comA (IP address)IN (0x0001)false
                                          Sep 1, 2024 20:55:00.111588001 CEST192.168.2.41.1.1.10xd145Standard query (0)push.services.mozilla.com28IN (0x0001)false
                                          Sep 1, 2024 20:55:04.355082035 CEST192.168.2.41.1.1.10x6bd7Standard query (0)telemetry-incoming.r53-2.services.mozilla.com28IN (0x0001)false
                                          Sep 1, 2024 20:55:13.150139093 CEST192.168.2.41.1.1.10x2a1fStandard query (0)detectportal.firefox.comA (IP address)IN (0x0001)false
                                          Sep 1, 2024 20:55:20.777152061 CEST192.168.2.41.1.1.10x1a7bStandard query (0)push.services.mozilla.comA (IP address)IN (0x0001)false
                                          Sep 1, 2024 20:55:20.792188883 CEST192.168.2.41.1.1.10x95dbStandard query (0)push.services.mozilla.com28IN (0x0001)false

                                          DNS Answers

                                          TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                          Sep 1, 2024 20:54:02.965352058 CEST1.1.1.1192.168.2.40x2415No error (0)clients2.googleusercontent.comgooglehosted.l.googleusercontent.comCNAME (Canonical name)IN (0x0001)false
                                          Sep 1, 2024 20:54:02.965352058 CEST1.1.1.1192.168.2.40x2415No error (0)googlehosted.l.googleusercontent.com216.58.206.65A (IP address)IN (0x0001)false
                                          Sep 1, 2024 20:54:02.968728065 CEST1.1.1.1192.168.2.40x1523No error (0)clients2.googleusercontent.comgooglehosted.l.googleusercontent.comCNAME (Canonical name)IN (0x0001)false
                                          Sep 1, 2024 20:54:03.024904966 CEST1.1.1.1192.168.2.40xa30eNo error (0)bzib.nelreports.netbzib.nelreports.net.akamaized.netCNAME (Canonical name)IN (0x0001)false
                                          Sep 1, 2024 20:54:03.026416063 CEST1.1.1.1192.168.2.40x9dadNo error (0)bzib.nelreports.netbzib.nelreports.net.akamaized.netCNAME (Canonical name)IN (0x0001)false
                                          Sep 1, 2024 20:54:04.319525003 CEST1.1.1.1192.168.2.40xcab5No error (0)scdn1f005.wpc.ad629.nucdn.netsni1gl.wpc.nucdn.netCNAME (Canonical name)IN (0x0001)false
                                          Sep 1, 2024 20:54:04.319525003 CEST1.1.1.1192.168.2.40xcab5No error (0)sni1gl.wpc.nucdn.net152.199.21.175A (IP address)IN (0x0001)false
                                          Sep 1, 2024 20:54:04.320036888 CEST1.1.1.1192.168.2.40xd9f7No error (0)scdn1f005.wpc.ad629.nucdn.netsni1gl.wpc.nucdn.netCNAME (Canonical name)IN (0x0001)false
                                          Sep 1, 2024 20:54:05.331939936 CEST1.1.1.1192.168.2.40x1254No error (0)scdn1f005.wpc.ad629.nucdn.netsni1gl.wpc.nucdn.netCNAME (Canonical name)IN (0x0001)false
                                          Sep 1, 2024 20:54:05.331939936 CEST1.1.1.1192.168.2.40x1254No error (0)sni1gl.wpc.nucdn.net152.199.21.175A (IP address)IN (0x0001)false
                                          Sep 1, 2024 20:54:05.336218119 CEST1.1.1.1192.168.2.40x6f0bNo error (0)scdn1f005.wpc.ad629.nucdn.netsni1gl.wpc.nucdn.netCNAME (Canonical name)IN (0x0001)false
                                          Sep 1, 2024 20:54:06.024975061 CEST1.1.1.1192.168.2.40x5fddNo error (0)chrome.cloudflare-dns.com172.64.41.3A (IP address)IN (0x0001)false
                                          Sep 1, 2024 20:54:06.024975061 CEST1.1.1.1192.168.2.40x5fddNo error (0)chrome.cloudflare-dns.com162.159.61.3A (IP address)IN (0x0001)false
                                          Sep 1, 2024 20:54:06.025341988 CEST1.1.1.1192.168.2.40x3196No error (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                          Sep 1, 2024 20:54:06.028620005 CEST1.1.1.1192.168.2.40x4f6dNo error (0)chrome.cloudflare-dns.com162.159.61.3A (IP address)IN (0x0001)false
                                          Sep 1, 2024 20:54:06.028620005 CEST1.1.1.1192.168.2.40x4f6dNo error (0)chrome.cloudflare-dns.com172.64.41.3A (IP address)IN (0x0001)false
                                          Sep 1, 2024 20:54:06.081125021 CEST1.1.1.1192.168.2.40x6ec0No error (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                          Sep 1, 2024 20:54:06.245903015 CEST1.1.1.1192.168.2.40x4d3fNo error (0)chrome.cloudflare-dns.com162.159.61.3A (IP address)IN (0x0001)false
                                          Sep 1, 2024 20:54:06.245903015 CEST1.1.1.1192.168.2.40x4d3fNo error (0)chrome.cloudflare-dns.com172.64.41.3A (IP address)IN (0x0001)false
                                          Sep 1, 2024 20:54:06.246119022 CEST1.1.1.1192.168.2.40x1e41No error (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                          Sep 1, 2024 20:54:06.314913034 CEST1.1.1.1192.168.2.40x957eNo error (0)shed.dual-low.s-part-0032.t-0009.t-msedge.nets-part-0032.t-0009.t-msedge.netCNAME (Canonical name)IN (0x0001)false
                                          Sep 1, 2024 20:54:06.314913034 CEST1.1.1.1192.168.2.40x957eNo error (0)s-part-0032.t-0009.t-msedge.net13.107.246.60A (IP address)IN (0x0001)false
                                          Sep 1, 2024 20:54:06.656770945 CEST1.1.1.1192.168.2.40xe3a7No error (0)prod.classify-client.prod.webservices.mozgcp.net35.190.72.216A (IP address)IN (0x0001)false
                                          Sep 1, 2024 20:54:06.732844114 CEST1.1.1.1192.168.2.40x30feNo error (0)prod.classify-client.prod.webservices.mozgcp.net35.190.72.216A (IP address)IN (0x0001)false
                                          Sep 1, 2024 20:54:07.363347054 CEST1.1.1.1192.168.2.40x2cf4No error (0)scdn1f005.wpc.ad629.nucdn.netsni1gl.wpc.nucdn.netCNAME (Canonical name)IN (0x0001)false
                                          Sep 1, 2024 20:54:07.363347054 CEST1.1.1.1192.168.2.40x2cf4No error (0)sni1gl.wpc.nucdn.net152.199.21.175A (IP address)IN (0x0001)false
                                          Sep 1, 2024 20:54:07.959912062 CEST1.1.1.1192.168.2.40x9a49No error (0)detectportal.firefox.comdetectportal.prod.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                          Sep 1, 2024 20:54:07.959912062 CEST1.1.1.1192.168.2.40x9a49No error (0)prod.detectportal.prod.cloudops.mozgcp.net34.107.221.82A (IP address)IN (0x0001)false
                                          Sep 1, 2024 20:54:07.974873066 CEST1.1.1.1192.168.2.40x988aNo error (0)prod.detectportal.prod.cloudops.mozgcp.net34.107.221.82A (IP address)IN (0x0001)false
                                          Sep 1, 2024 20:54:07.992223024 CEST1.1.1.1192.168.2.40xab9No error (0)prod.detectportal.prod.cloudops.mozgcp.net28IN (0x0001)false
                                          Sep 1, 2024 20:54:08.467017889 CEST1.1.1.1192.168.2.40x2cf4No error (0)scdn1f005.wpc.ad629.nucdn.netsni1gl.wpc.nucdn.netCNAME (Canonical name)IN (0x0001)false
                                          Sep 1, 2024 20:54:08.467017889 CEST1.1.1.1192.168.2.40x2cf4No error (0)sni1gl.wpc.nucdn.net152.199.21.175A (IP address)IN (0x0001)false
                                          Sep 1, 2024 20:54:08.516319990 CEST1.1.1.1192.168.2.40x7cd5No error (0)ipv4only.arpa192.0.0.171A (IP address)IN (0x0001)false
                                          Sep 1, 2024 20:54:08.516319990 CEST1.1.1.1192.168.2.40x7cd5No error (0)ipv4only.arpa192.0.0.170A (IP address)IN (0x0001)false
                                          Sep 1, 2024 20:54:08.518088102 CEST1.1.1.1192.168.2.40x3e25No error (0)detectportal.firefox.comdetectportal.prod.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                          Sep 1, 2024 20:54:08.518088102 CEST1.1.1.1192.168.2.40x3e25No error (0)prod.detectportal.prod.cloudops.mozgcp.net34.107.221.82A (IP address)IN (0x0001)false
                                          Sep 1, 2024 20:54:08.895874023 CEST1.1.1.1192.168.2.40x1No error (0)example.org93.184.215.14A (IP address)IN (0x0001)false
                                          Sep 1, 2024 20:54:09.473400116 CEST1.1.1.1192.168.2.40x2cf4No error (0)scdn1f005.wpc.ad629.nucdn.netsni1gl.wpc.nucdn.netCNAME (Canonical name)IN (0x0001)false
                                          Sep 1, 2024 20:54:09.473400116 CEST1.1.1.1192.168.2.40x2cf4No error (0)sni1gl.wpc.nucdn.net152.199.21.175A (IP address)IN (0x0001)false
                                          Sep 1, 2024 20:54:11.484302998 CEST1.1.1.1192.168.2.40x2cf4No error (0)scdn1f005.wpc.ad629.nucdn.netsni1gl.wpc.nucdn.netCNAME (Canonical name)IN (0x0001)false
                                          Sep 1, 2024 20:54:11.484302998 CEST1.1.1.1192.168.2.40x2cf4No error (0)sni1gl.wpc.nucdn.net152.199.21.175A (IP address)IN (0x0001)false
                                          Sep 1, 2024 20:54:15.502151966 CEST1.1.1.1192.168.2.40x2cf4No error (0)scdn1f005.wpc.ad629.nucdn.netsni1gl.wpc.nucdn.netCNAME (Canonical name)IN (0x0001)false
                                          Sep 1, 2024 20:54:15.502151966 CEST1.1.1.1192.168.2.40x2cf4No error (0)sni1gl.wpc.nucdn.net152.199.21.175A (IP address)IN (0x0001)false
                                          Sep 1, 2024 20:54:35.045145988 CEST1.1.1.1192.168.2.40xbbe3No error (0)balrog-aus5.r53-2.services.mozilla.comprod.balrog.prod.cloudops.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                          Sep 1, 2024 20:54:35.045145988 CEST1.1.1.1192.168.2.40xbbe3No error (0)prod.balrog.prod.cloudops.mozgcp.net35.244.181.201A (IP address)IN (0x0001)false
                                          Sep 1, 2024 20:54:35.062416077 CEST1.1.1.1192.168.2.40x4692No error (0)firefox.settings.services.mozilla.comprod.remote-settings.prod.webservices.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                          Sep 1, 2024 20:54:35.062416077 CEST1.1.1.1192.168.2.40x4692No error (0)prod.remote-settings.prod.webservices.mozgcp.net34.149.100.209A (IP address)IN (0x0001)false
                                          Sep 1, 2024 20:54:35.068104982 CEST1.1.1.1192.168.2.40xd6d3No error (0)prod.balrog.prod.cloudops.mozgcp.net35.244.181.201A (IP address)IN (0x0001)false
                                          Sep 1, 2024 20:54:35.070635080 CEST1.1.1.1192.168.2.40xdb1dNo error (0)prod.remote-settings.prod.webservices.mozgcp.net34.149.100.209A (IP address)IN (0x0001)false
                                          Sep 1, 2024 20:54:35.156244993 CEST1.1.1.1192.168.2.40x2d21No error (0)services.addons.mozilla.org52.222.236.23A (IP address)IN (0x0001)false
                                          Sep 1, 2024 20:54:35.156244993 CEST1.1.1.1192.168.2.40x2d21No error (0)services.addons.mozilla.org52.222.236.120A (IP address)IN (0x0001)false
                                          Sep 1, 2024 20:54:35.156244993 CEST1.1.1.1192.168.2.40x2d21No error (0)services.addons.mozilla.org52.222.236.80A (IP address)IN (0x0001)false
                                          Sep 1, 2024 20:54:35.156244993 CEST1.1.1.1192.168.2.40x2d21No error (0)services.addons.mozilla.org52.222.236.48A (IP address)IN (0x0001)false
                                          Sep 1, 2024 20:54:35.166958094 CEST1.1.1.1192.168.2.40x4ebaNo error (0)services.addons.mozilla.org18.65.39.31A (IP address)IN (0x0001)false
                                          Sep 1, 2024 20:54:35.166958094 CEST1.1.1.1192.168.2.40x4ebaNo error (0)services.addons.mozilla.org18.65.39.85A (IP address)IN (0x0001)false
                                          Sep 1, 2024 20:54:35.166958094 CEST1.1.1.1192.168.2.40x4ebaNo error (0)services.addons.mozilla.org18.65.39.112A (IP address)IN (0x0001)false
                                          Sep 1, 2024 20:54:35.166958094 CEST1.1.1.1192.168.2.40x4ebaNo error (0)services.addons.mozilla.org18.65.39.4A (IP address)IN (0x0001)false
                                          Sep 1, 2024 20:54:35.561896086 CEST1.1.1.1192.168.2.40xfcb5No error (0)detectportal.firefox.comdetectportal.prod.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                          Sep 1, 2024 20:54:35.561896086 CEST1.1.1.1192.168.2.40xfcb5No error (0)prod.detectportal.prod.cloudops.mozgcp.net34.107.221.82A (IP address)IN (0x0001)false
                                          Sep 1, 2024 20:54:35.902036905 CEST1.1.1.1192.168.2.40x9320No error (0)balrog-aus5.r53-2.services.mozilla.comprod.balrog.prod.cloudops.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                          Sep 1, 2024 20:54:35.902036905 CEST1.1.1.1192.168.2.40x9320No error (0)prod.balrog.prod.cloudops.mozgcp.net35.244.181.201A (IP address)IN (0x0001)false
                                          Sep 1, 2024 20:54:36.352468967 CEST1.1.1.1192.168.2.40x9683No error (0)a21ed24aedde648804e7-228765c84088fef4ff5e70f2710398e9.r17.cf1.rackcdn.coma17.rackcdn.comCNAME (Canonical name)IN (0x0001)false
                                          Sep 1, 2024 20:54:36.352468967 CEST1.1.1.1192.168.2.40x9683No error (0)a17.rackcdn.coma17.rackcdn.com.mdc.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                          Sep 1, 2024 20:54:40.763698101 CEST1.1.1.1192.168.2.40xa13bNo error (0)contile.services.mozilla.com34.117.188.166A (IP address)IN (0x0001)false
                                          Sep 1, 2024 20:54:40.771775961 CEST1.1.1.1192.168.2.40xe72fNo error (0)contile.services.mozilla.com34.117.188.166A (IP address)IN (0x0001)false
                                          Sep 1, 2024 20:54:40.837908983 CEST1.1.1.1192.168.2.40x10c3No error (0)spocs.getpocket.comprod.ads.prod.webservices.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                          Sep 1, 2024 20:54:40.837908983 CEST1.1.1.1192.168.2.40x10c3No error (0)prod.ads.prod.webservices.mozgcp.net34.117.188.166A (IP address)IN (0x0001)false
                                          Sep 1, 2024 20:54:40.845850945 CEST1.1.1.1192.168.2.40x93aaNo error (0)prod.ads.prod.webservices.mozgcp.net34.117.188.166A (IP address)IN (0x0001)false
                                          Sep 1, 2024 20:54:40.953474045 CEST1.1.1.1192.168.2.40x3e24No error (0)content-signature-2.cdn.mozilla.netcontent-signature-chains.prod.autograph.services.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                          Sep 1, 2024 20:54:40.953474045 CEST1.1.1.1192.168.2.40x3e24No error (0)content-signature-chains.prod.autograph.services.mozaws.netprod.content-signature-chains.prod.webservices.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                          Sep 1, 2024 20:54:40.953474045 CEST1.1.1.1192.168.2.40x3e24No error (0)prod.content-signature-chains.prod.webservices.mozgcp.net34.160.144.191A (IP address)IN (0x0001)false
                                          Sep 1, 2024 20:54:40.966538906 CEST1.1.1.1192.168.2.40x3b09No error (0)prod.content-signature-chains.prod.webservices.mozgcp.net34.160.144.191A (IP address)IN (0x0001)false
                                          Sep 1, 2024 20:54:40.974724054 CEST1.1.1.1192.168.2.40xd622No error (0)prod.content-signature-chains.prod.webservices.mozgcp.net28IN (0x0001)false
                                          Sep 1, 2024 20:54:41.467958927 CEST1.1.1.1192.168.2.40x9a84No error (0)shavar.services.mozilla.comshavar.prod.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                          Sep 1, 2024 20:54:41.806181908 CEST1.1.1.1192.168.2.40x91deNo error (0)shavar.services.mozilla.comshavar.prod.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                          Sep 1, 2024 20:54:43.063555002 CEST1.1.1.1192.168.2.40xb659No error (0)push.services.mozilla.com34.107.243.93A (IP address)IN (0x0001)false
                                          Sep 1, 2024 20:54:43.081969023 CEST1.1.1.1192.168.2.40xbcc5No error (0)push.services.mozilla.com34.107.243.93A (IP address)IN (0x0001)false
                                          Sep 1, 2024 20:54:43.706701994 CEST1.1.1.1192.168.2.40x5f20No error (0)balrog-aus5.r53-2.services.mozilla.comprod.balrog.prod.cloudops.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                          Sep 1, 2024 20:54:43.706701994 CEST1.1.1.1192.168.2.40x5f20No error (0)prod.balrog.prod.cloudops.mozgcp.net35.244.181.201A (IP address)IN (0x0001)false
                                          Sep 1, 2024 20:54:43.930861950 CEST1.1.1.1192.168.2.40xd9b4No error (0)telemetry-incoming.r53-2.services.mozilla.com34.120.208.123A (IP address)IN (0x0001)false
                                          Sep 1, 2024 20:54:43.972794056 CEST1.1.1.1192.168.2.40x1cc6No error (0)telemetry-incoming.r53-2.services.mozilla.com34.120.208.123A (IP address)IN (0x0001)false
                                          Sep 1, 2024 20:54:44.616158962 CEST1.1.1.1192.168.2.40x902aNo error (0)telemetry-incoming.r53-2.services.mozilla.com34.120.208.123A (IP address)IN (0x0001)false
                                          Sep 1, 2024 20:54:45.111538887 CEST1.1.1.1192.168.2.40x32a2No error (0)support.mozilla.orgprod.sumo.prod.webservices.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                          Sep 1, 2024 20:54:45.111538887 CEST1.1.1.1192.168.2.40x32a2No error (0)prod.sumo.prod.webservices.mozgcp.netus-west1.prod.sumo.prod.webservices.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                          Sep 1, 2024 20:54:45.111538887 CEST1.1.1.1192.168.2.40x32a2No error (0)us-west1.prod.sumo.prod.webservices.mozgcp.net34.149.128.2A (IP address)IN (0x0001)false
                                          Sep 1, 2024 20:54:45.123338938 CEST1.1.1.1192.168.2.40xe119No error (0)us-west1.prod.sumo.prod.webservices.mozgcp.net34.149.128.2A (IP address)IN (0x0001)false
                                          Sep 1, 2024 20:54:49.404603004 CEST1.1.1.1192.168.2.40x5dbdNo error (0)detectportal.firefox.comdetectportal.prod.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                          Sep 1, 2024 20:54:49.404603004 CEST1.1.1.1192.168.2.40x5dbdNo error (0)prod.detectportal.prod.cloudops.mozgcp.net34.107.221.82A (IP address)IN (0x0001)false
                                          Sep 1, 2024 20:55:13.509397984 CEST1.1.1.1192.168.2.40x2a1fNo error (0)detectportal.firefox.comdetectportal.prod.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                          Sep 1, 2024 20:55:13.509397984 CEST1.1.1.1192.168.2.40x2a1fNo error (0)prod.detectportal.prod.cloudops.mozgcp.net34.107.221.82A (IP address)IN (0x0001)false
                                          Sep 1, 2024 20:55:20.784151077 CEST1.1.1.1192.168.2.40x1a7bNo error (0)push.services.mozilla.com34.107.243.93A (IP address)IN (0x0001)false

                                          HTTP Request Dependency Graph

                                          • clients2.googleusercontent.com
                                          • chrome.cloudflare-dns.com
                                          • edgeassetservice.azureedge.net
                                          • fs.microsoft.com
                                          • https:
                                            • www.google.com
                                          • www.googleapis.com
                                          • slscr.update.microsoft.com
                                          • msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.com
                                          • detectportal.firefox.com

                                          HTTP Packets

                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          0192.168.2.44977134.107.221.82807172C:\Program Files\Mozilla Firefox\firefox.exe
                                          TimestampBytes transferredDirectionData
                                          Sep 1, 2024 20:54:07.973726034 CEST303OUTGET /canonical.html HTTP/1.1
                                          Host: detectportal.firefox.com
                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                          Accept: */*
                                          Accept-Language: en-US,en;q=0.5
                                          Accept-Encoding: gzip, deflate
                                          Cache-Control: no-cache
                                          Pragma: no-cache
                                          Connection: keep-alive
                                          Sep 1, 2024 20:54:08.410265923 CEST298INHTTP/1.1 200 OK
                                          Server: nginx
                                          Content-Length: 90
                                          Via: 1.1 google
                                          Date: Sun, 01 Sep 2024 01:51:44 GMT
                                          Age: 61344
                                          Content-Type: text/html
                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                          Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                          Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                          Sep 1, 2024 20:54:18.429358959 CEST6OUTData Raw: 00
                                          Data Ascii:
                                          Sep 1, 2024 20:54:28.905339003 CEST6OUTData Raw: 00
                                          Data Ascii:


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          1192.168.2.45108634.107.221.82807172C:\Program Files\Mozilla Firefox\firefox.exe
                                          TimestampBytes transferredDirectionData
                                          Sep 1, 2024 20:54:08.546746969 CEST305OUTGET /success.txt?ipv4 HTTP/1.1
                                          Host: detectportal.firefox.com
                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                          Accept: */*
                                          Accept-Language: en-US,en;q=0.5
                                          Accept-Encoding: gzip, deflate
                                          Connection: keep-alive
                                          Pragma: no-cache
                                          Cache-Control: no-cache
                                          Sep 1, 2024 20:54:08.992472887 CEST216INHTTP/1.1 200 OK
                                          Server: nginx
                                          Content-Length: 8
                                          Via: 1.1 google
                                          Date: Sun, 01 Sep 2024 02:15:18 GMT
                                          Age: 59930
                                          Content-Type: text/plain
                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                          Data Raw: 73 75 63 63 65 73 73 0a
                                          Data Ascii: success
                                          Sep 1, 2024 20:54:09.202953100 CEST216INHTTP/1.1 200 OK
                                          Server: nginx
                                          Content-Length: 8
                                          Via: 1.1 google
                                          Date: Sun, 01 Sep 2024 02:15:18 GMT
                                          Age: 59930
                                          Content-Type: text/plain
                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                          Data Raw: 73 75 63 63 65 73 73 0a
                                          Data Ascii: success
                                          Sep 1, 2024 20:54:19.004324913 CEST6OUTData Raw: 00
                                          Data Ascii:
                                          Sep 1, 2024 20:54:29.026479959 CEST6OUTData Raw: 00
                                          Data Ascii:


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          2192.168.2.45111334.107.221.82807172C:\Program Files\Mozilla Firefox\firefox.exe
                                          TimestampBytes transferredDirectionData
                                          Sep 1, 2024 20:54:35.556683064 CEST303OUTGET /canonical.html HTTP/1.1
                                          Host: detectportal.firefox.com
                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                          Accept: */*
                                          Accept-Language: en-US,en;q=0.5
                                          Accept-Encoding: gzip, deflate
                                          Cache-Control: no-cache
                                          Pragma: no-cache
                                          Connection: keep-alive
                                          Sep 1, 2024 20:54:35.991028070 CEST298INHTTP/1.1 200 OK
                                          Server: nginx
                                          Content-Length: 90
                                          Via: 1.1 google
                                          Date: Sun, 01 Sep 2024 01:51:44 GMT
                                          Age: 61371
                                          Content-Type: text/html
                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                          Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                          Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                          Sep 1, 2024 20:54:36.341370106 CEST303OUTGET /canonical.html HTTP/1.1
                                          Host: detectportal.firefox.com
                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                          Accept: */*
                                          Accept-Language: en-US,en;q=0.5
                                          Accept-Encoding: gzip, deflate
                                          Cache-Control: no-cache
                                          Pragma: no-cache
                                          Connection: keep-alive
                                          Sep 1, 2024 20:54:36.433123112 CEST298INHTTP/1.1 200 OK
                                          Server: nginx
                                          Content-Length: 90
                                          Via: 1.1 google
                                          Date: Sun, 01 Sep 2024 01:51:44 GMT
                                          Age: 61372
                                          Content-Type: text/html
                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                          Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                          Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                          Sep 1, 2024 20:54:40.538079977 CEST303OUTGET /canonical.html HTTP/1.1
                                          Host: detectportal.firefox.com
                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                          Accept: */*
                                          Accept-Language: en-US,en;q=0.5
                                          Accept-Encoding: gzip, deflate
                                          Cache-Control: no-cache
                                          Pragma: no-cache
                                          Connection: keep-alive
                                          Sep 1, 2024 20:54:40.632366896 CEST298INHTTP/1.1 200 OK
                                          Server: nginx
                                          Content-Length: 90
                                          Via: 1.1 google
                                          Date: Sun, 01 Sep 2024 01:51:44 GMT
                                          Age: 61376
                                          Content-Type: text/html
                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                          Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                          Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                          Sep 1, 2024 20:54:41.061491013 CEST303OUTGET /canonical.html HTTP/1.1
                                          Host: detectportal.firefox.com
                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                          Accept: */*
                                          Accept-Language: en-US,en;q=0.5
                                          Accept-Encoding: gzip, deflate
                                          Cache-Control: no-cache
                                          Pragma: no-cache
                                          Connection: keep-alive
                                          Sep 1, 2024 20:54:41.154164076 CEST298INHTTP/1.1 200 OK
                                          Server: nginx
                                          Content-Length: 90
                                          Via: 1.1 google
                                          Date: Sun, 01 Sep 2024 01:51:44 GMT
                                          Age: 61377
                                          Content-Type: text/html
                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                          Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                          Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                          Sep 1, 2024 20:54:42.523226023 CEST303OUTGET /canonical.html HTTP/1.1
                                          Host: detectportal.firefox.com
                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                          Accept: */*
                                          Accept-Language: en-US,en;q=0.5
                                          Accept-Encoding: gzip, deflate
                                          Cache-Control: no-cache
                                          Pragma: no-cache
                                          Connection: keep-alive
                                          Sep 1, 2024 20:54:42.617374897 CEST298INHTTP/1.1 200 OK
                                          Server: nginx
                                          Content-Length: 90
                                          Via: 1.1 google
                                          Date: Sun, 01 Sep 2024 01:51:44 GMT
                                          Age: 61378
                                          Content-Type: text/html
                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                          Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                          Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                          Sep 1, 2024 20:54:43.020884037 CEST303OUTGET /canonical.html HTTP/1.1
                                          Host: detectportal.firefox.com
                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                          Accept: */*
                                          Accept-Language: en-US,en;q=0.5
                                          Accept-Encoding: gzip, deflate
                                          Cache-Control: no-cache
                                          Pragma: no-cache
                                          Connection: keep-alive
                                          Sep 1, 2024 20:54:43.114871025 CEST298INHTTP/1.1 200 OK
                                          Server: nginx
                                          Content-Length: 90
                                          Via: 1.1 google
                                          Date: Sun, 01 Sep 2024 01:51:44 GMT
                                          Age: 61379
                                          Content-Type: text/html
                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                          Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                          Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                          Sep 1, 2024 20:54:43.688410997 CEST303OUTGET /canonical.html HTTP/1.1
                                          Host: detectportal.firefox.com
                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                          Accept: */*
                                          Accept-Language: en-US,en;q=0.5
                                          Accept-Encoding: gzip, deflate
                                          Cache-Control: no-cache
                                          Pragma: no-cache
                                          Connection: keep-alive
                                          Sep 1, 2024 20:54:43.791673899 CEST298INHTTP/1.1 200 OK
                                          Server: nginx
                                          Content-Length: 90
                                          Via: 1.1 google
                                          Date: Sun, 01 Sep 2024 01:51:44 GMT
                                          Age: 61379
                                          Content-Type: text/html
                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                          Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                          Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                          Sep 1, 2024 20:54:43.957129955 CEST303OUTGET /canonical.html HTTP/1.1
                                          Host: detectportal.firefox.com
                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                          Accept: */*
                                          Accept-Language: en-US,en;q=0.5
                                          Accept-Encoding: gzip, deflate
                                          Cache-Control: no-cache
                                          Pragma: no-cache
                                          Connection: keep-alive
                                          Sep 1, 2024 20:54:44.051275015 CEST298INHTTP/1.1 200 OK
                                          Server: nginx
                                          Content-Length: 90
                                          Via: 1.1 google
                                          Date: Sun, 01 Sep 2024 01:51:44 GMT
                                          Age: 61380
                                          Content-Type: text/html
                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                          Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                          Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                          Sep 1, 2024 20:54:44.195350885 CEST303OUTGET /canonical.html HTTP/1.1
                                          Host: detectportal.firefox.com
                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                          Accept: */*
                                          Accept-Language: en-US,en;q=0.5
                                          Accept-Encoding: gzip, deflate
                                          Cache-Control: no-cache
                                          Pragma: no-cache
                                          Connection: keep-alive
                                          Sep 1, 2024 20:54:44.290601969 CEST298INHTTP/1.1 200 OK
                                          Server: nginx
                                          Content-Length: 90
                                          Via: 1.1 google
                                          Date: Sun, 01 Sep 2024 01:51:44 GMT
                                          Age: 61380
                                          Content-Type: text/html
                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                          Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                          Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                          Sep 1, 2024 20:54:44.606220007 CEST303OUTGET /canonical.html HTTP/1.1
                                          Host: detectportal.firefox.com
                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                          Accept: */*
                                          Accept-Language: en-US,en;q=0.5
                                          Accept-Encoding: gzip, deflate
                                          Cache-Control: no-cache
                                          Pragma: no-cache
                                          Connection: keep-alive
                                          Sep 1, 2024 20:54:44.698208094 CEST298INHTTP/1.1 200 OK
                                          Server: nginx
                                          Content-Length: 90
                                          Via: 1.1 google
                                          Date: Sun, 01 Sep 2024 01:51:44 GMT
                                          Age: 61380
                                          Content-Type: text/html
                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                          Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                          Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                          Sep 1, 2024 20:54:45.047178030 CEST303OUTGET /canonical.html HTTP/1.1
                                          Host: detectportal.firefox.com
                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                          Accept: */*
                                          Accept-Language: en-US,en;q=0.5
                                          Accept-Encoding: gzip, deflate
                                          Cache-Control: no-cache
                                          Pragma: no-cache
                                          Connection: keep-alive
                                          Sep 1, 2024 20:54:45.139178991 CEST298INHTTP/1.1 200 OK
                                          Server: nginx
                                          Content-Length: 90
                                          Via: 1.1 google
                                          Date: Sun, 01 Sep 2024 01:51:44 GMT
                                          Age: 61381
                                          Content-Type: text/html
                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                          Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                          Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                          Sep 1, 2024 20:54:45.194968939 CEST303OUTGET /canonical.html HTTP/1.1
                                          Host: detectportal.firefox.com
                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                          Accept: */*
                                          Accept-Language: en-US,en;q=0.5
                                          Accept-Encoding: gzip, deflate
                                          Cache-Control: no-cache
                                          Pragma: no-cache
                                          Connection: keep-alive
                                          Sep 1, 2024 20:54:45.287657022 CEST298INHTTP/1.1 200 OK
                                          Server: nginx
                                          Content-Length: 90
                                          Via: 1.1 google
                                          Date: Sun, 01 Sep 2024 01:51:44 GMT
                                          Age: 61381
                                          Content-Type: text/html
                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                          Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                          Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                          Sep 1, 2024 20:54:45.569422007 CEST303OUTGET /canonical.html HTTP/1.1
                                          Host: detectportal.firefox.com
                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                          Accept: */*
                                          Accept-Language: en-US,en;q=0.5
                                          Accept-Encoding: gzip, deflate
                                          Cache-Control: no-cache
                                          Pragma: no-cache
                                          Connection: keep-alive
                                          Sep 1, 2024 20:54:45.661401987 CEST298INHTTP/1.1 200 OK
                                          Server: nginx
                                          Content-Length: 90
                                          Via: 1.1 google
                                          Date: Sun, 01 Sep 2024 01:51:44 GMT
                                          Age: 61381
                                          Content-Type: text/html
                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                          Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                          Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                          Sep 1, 2024 20:54:49.396472931 CEST303OUTGET /canonical.html HTTP/1.1
                                          Host: detectportal.firefox.com
                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                          Accept: */*
                                          Accept-Language: en-US,en;q=0.5
                                          Accept-Encoding: gzip, deflate
                                          Cache-Control: no-cache
                                          Pragma: no-cache
                                          Connection: keep-alive
                                          Sep 1, 2024 20:54:49.488694906 CEST298INHTTP/1.1 200 OK
                                          Server: nginx
                                          Content-Length: 90
                                          Via: 1.1 google
                                          Date: Sun, 01 Sep 2024 01:51:44 GMT
                                          Age: 61385
                                          Content-Type: text/html
                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                          Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                          Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                          Sep 1, 2024 20:54:49.771538019 CEST298INHTTP/1.1 200 OK
                                          Server: nginx
                                          Content-Length: 90
                                          Via: 1.1 google
                                          Date: Sun, 01 Sep 2024 01:51:44 GMT
                                          Age: 61385
                                          Content-Type: text/html
                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                          Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                          Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                          Sep 1, 2024 20:54:59.498907089 CEST6OUTData Raw: 00
                                          Data Ascii:
                                          Sep 1, 2024 20:55:00.564611912 CEST303OUTGET /canonical.html HTTP/1.1
                                          Host: detectportal.firefox.com
                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                          Accept: */*
                                          Accept-Language: en-US,en;q=0.5
                                          Accept-Encoding: gzip, deflate
                                          Cache-Control: no-cache
                                          Pragma: no-cache
                                          Connection: keep-alive
                                          Sep 1, 2024 20:55:00.657006025 CEST298INHTTP/1.1 200 OK
                                          Server: nginx
                                          Content-Length: 90
                                          Via: 1.1 google
                                          Date: Sun, 01 Sep 2024 01:51:44 GMT
                                          Age: 61396
                                          Content-Type: text/html
                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                          Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                          Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                          Sep 1, 2024 20:55:04.793881893 CEST303OUTGET /canonical.html HTTP/1.1
                                          Host: detectportal.firefox.com
                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                          Accept: */*
                                          Accept-Language: en-US,en;q=0.5
                                          Accept-Encoding: gzip, deflate
                                          Cache-Control: no-cache
                                          Pragma: no-cache
                                          Connection: keep-alive
                                          Sep 1, 2024 20:55:04.886604071 CEST298INHTTP/1.1 200 OK
                                          Server: nginx
                                          Content-Length: 90
                                          Via: 1.1 google
                                          Date: Sun, 01 Sep 2024 01:51:44 GMT
                                          Age: 61400
                                          Content-Type: text/html
                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                          Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                          Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                          Sep 1, 2024 20:55:14.888259888 CEST6OUTData Raw: 00
                                          Data Ascii:
                                          Sep 1, 2024 20:55:21.249373913 CEST303OUTGET /canonical.html HTTP/1.1
                                          Host: detectportal.firefox.com
                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                          Accept: */*
                                          Accept-Language: en-US,en;q=0.5
                                          Accept-Encoding: gzip, deflate
                                          Cache-Control: no-cache
                                          Pragma: no-cache
                                          Connection: keep-alive
                                          Sep 1, 2024 20:55:21.342461109 CEST298INHTTP/1.1 200 OK
                                          Server: nginx
                                          Content-Length: 90
                                          Via: 1.1 google
                                          Date: Sun, 01 Sep 2024 01:51:44 GMT
                                          Age: 61417
                                          Content-Type: text/html
                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                          Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                          Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                          Sep 1, 2024 20:55:28.678098917 CEST303OUTGET /canonical.html HTTP/1.1
                                          Host: detectportal.firefox.com
                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                          Accept: */*
                                          Accept-Language: en-US,en;q=0.5
                                          Accept-Encoding: gzip, deflate
                                          Cache-Control: no-cache
                                          Pragma: no-cache
                                          Connection: keep-alive
                                          Sep 1, 2024 20:55:28.773292065 CEST298INHTTP/1.1 200 OK
                                          Server: nginx
                                          Content-Length: 90
                                          Via: 1.1 google
                                          Date: Sun, 01 Sep 2024 01:51:44 GMT
                                          Age: 61424
                                          Content-Type: text/html
                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                          Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                          Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                          Sep 1, 2024 20:55:38.783633947 CEST6OUTData Raw: 00
                                          Data Ascii:
                                          Sep 1, 2024 20:55:48.790764093 CEST6OUTData Raw: 00
                                          Data Ascii:
                                          Sep 1, 2024 20:55:58.799052954 CEST6OUTData Raw: 00
                                          Data Ascii:


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          3192.168.2.45111734.107.221.82807172C:\Program Files\Mozilla Firefox\firefox.exe
                                          TimestampBytes transferredDirectionData
                                          Sep 1, 2024 20:54:35.998953104 CEST305OUTGET /success.txt?ipv4 HTTP/1.1
                                          Host: detectportal.firefox.com
                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                          Accept: */*
                                          Accept-Language: en-US,en;q=0.5
                                          Accept-Encoding: gzip, deflate
                                          Connection: keep-alive
                                          Pragma: no-cache
                                          Cache-Control: no-cache
                                          Sep 1, 2024 20:54:36.429109097 CEST216INHTTP/1.1 200 OK
                                          Server: nginx
                                          Content-Length: 8
                                          Via: 1.1 google
                                          Date: Sun, 01 Sep 2024 02:15:18 GMT
                                          Age: 59958
                                          Content-Type: text/plain
                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                          Data Raw: 73 75 63 63 65 73 73 0a
                                          Data Ascii: success
                                          Sep 1, 2024 20:54:36.435616016 CEST305OUTGET /success.txt?ipv4 HTTP/1.1
                                          Host: detectportal.firefox.com
                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                          Accept: */*
                                          Accept-Language: en-US,en;q=0.5
                                          Accept-Encoding: gzip, deflate
                                          Connection: keep-alive
                                          Pragma: no-cache
                                          Cache-Control: no-cache
                                          Sep 1, 2024 20:54:36.526493073 CEST216INHTTP/1.1 200 OK
                                          Server: nginx
                                          Content-Length: 8
                                          Via: 1.1 google
                                          Date: Sun, 01 Sep 2024 02:15:18 GMT
                                          Age: 59958
                                          Content-Type: text/plain
                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                          Data Raw: 73 75 63 63 65 73 73 0a
                                          Data Ascii: success
                                          Sep 1, 2024 20:54:40.830944061 CEST305OUTGET /success.txt?ipv4 HTTP/1.1
                                          Host: detectportal.firefox.com
                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                          Accept: */*
                                          Accept-Language: en-US,en;q=0.5
                                          Accept-Encoding: gzip, deflate
                                          Connection: keep-alive
                                          Pragma: no-cache
                                          Cache-Control: no-cache
                                          Sep 1, 2024 20:54:40.921020985 CEST216INHTTP/1.1 200 OK
                                          Server: nginx
                                          Content-Length: 8
                                          Via: 1.1 google
                                          Date: Sun, 01 Sep 2024 02:15:18 GMT
                                          Age: 59962
                                          Content-Type: text/plain
                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                          Data Raw: 73 75 63 63 65 73 73 0a
                                          Data Ascii: success
                                          Sep 1, 2024 20:54:41.204864025 CEST305OUTGET /success.txt?ipv4 HTTP/1.1
                                          Host: detectportal.firefox.com
                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                          Accept: */*
                                          Accept-Language: en-US,en;q=0.5
                                          Accept-Encoding: gzip, deflate
                                          Connection: keep-alive
                                          Pragma: no-cache
                                          Cache-Control: no-cache
                                          Sep 1, 2024 20:54:41.295555115 CEST216INHTTP/1.1 200 OK
                                          Server: nginx
                                          Content-Length: 8
                                          Via: 1.1 google
                                          Date: Sun, 01 Sep 2024 02:15:18 GMT
                                          Age: 59963
                                          Content-Type: text/plain
                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                          Data Raw: 73 75 63 63 65 73 73 0a
                                          Data Ascii: success
                                          Sep 1, 2024 20:54:43.020317078 CEST305OUTGET /success.txt?ipv4 HTTP/1.1
                                          Host: detectportal.firefox.com
                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                          Accept: */*
                                          Accept-Language: en-US,en;q=0.5
                                          Accept-Encoding: gzip, deflate
                                          Connection: keep-alive
                                          Pragma: no-cache
                                          Cache-Control: no-cache
                                          Sep 1, 2024 20:54:43.111354113 CEST216INHTTP/1.1 200 OK
                                          Server: nginx
                                          Content-Length: 8
                                          Via: 1.1 google
                                          Date: Sun, 01 Sep 2024 02:15:18 GMT
                                          Age: 59965
                                          Content-Type: text/plain
                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                          Data Raw: 73 75 63 63 65 73 73 0a
                                          Data Ascii: success
                                          Sep 1, 2024 20:54:43.269958019 CEST305OUTGET /success.txt?ipv4 HTTP/1.1
                                          Host: detectportal.firefox.com
                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                          Accept: */*
                                          Accept-Language: en-US,en;q=0.5
                                          Accept-Encoding: gzip, deflate
                                          Connection: keep-alive
                                          Pragma: no-cache
                                          Cache-Control: no-cache
                                          Sep 1, 2024 20:54:43.360450983 CEST216INHTTP/1.1 200 OK
                                          Server: nginx
                                          Content-Length: 8
                                          Via: 1.1 google
                                          Date: Sun, 01 Sep 2024 02:15:18 GMT
                                          Age: 59965
                                          Content-Type: text/plain
                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                          Data Raw: 73 75 63 63 65 73 73 0a
                                          Data Ascii: success
                                          Sep 1, 2024 20:54:43.953831911 CEST305OUTGET /success.txt?ipv4 HTTP/1.1
                                          Host: detectportal.firefox.com
                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                          Accept: */*
                                          Accept-Language: en-US,en;q=0.5
                                          Accept-Encoding: gzip, deflate
                                          Connection: keep-alive
                                          Pragma: no-cache
                                          Cache-Control: no-cache
                                          Sep 1, 2024 20:54:44.045794964 CEST216INHTTP/1.1 200 OK
                                          Server: nginx
                                          Content-Length: 8
                                          Via: 1.1 google
                                          Date: Sun, 01 Sep 2024 02:15:18 GMT
                                          Age: 59966
                                          Content-Type: text/plain
                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                          Data Raw: 73 75 63 63 65 73 73 0a
                                          Data Ascii: success
                                          Sep 1, 2024 20:54:44.074542999 CEST305OUTGET /success.txt?ipv4 HTTP/1.1
                                          Host: detectportal.firefox.com
                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                          Accept: */*
                                          Accept-Language: en-US,en;q=0.5
                                          Accept-Encoding: gzip, deflate
                                          Connection: keep-alive
                                          Pragma: no-cache
                                          Cache-Control: no-cache
                                          Sep 1, 2024 20:54:44.165432930 CEST216INHTTP/1.1 200 OK
                                          Server: nginx
                                          Content-Length: 8
                                          Via: 1.1 google
                                          Date: Sun, 01 Sep 2024 02:15:18 GMT
                                          Age: 59966
                                          Content-Type: text/plain
                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                          Data Raw: 73 75 63 63 65 73 73 0a
                                          Data Ascii: success
                                          Sep 1, 2024 20:54:44.301134109 CEST305OUTGET /success.txt?ipv4 HTTP/1.1
                                          Host: detectportal.firefox.com
                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                          Accept: */*
                                          Accept-Language: en-US,en;q=0.5
                                          Accept-Encoding: gzip, deflate
                                          Connection: keep-alive
                                          Pragma: no-cache
                                          Cache-Control: no-cache
                                          Sep 1, 2024 20:54:44.390981913 CEST216INHTTP/1.1 200 OK
                                          Server: nginx
                                          Content-Length: 8
                                          Via: 1.1 google
                                          Date: Sun, 01 Sep 2024 02:15:18 GMT
                                          Age: 59966
                                          Content-Type: text/plain
                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                          Data Raw: 73 75 63 63 65 73 73 0a
                                          Data Ascii: success
                                          Sep 1, 2024 20:54:44.704334974 CEST305OUTGET /success.txt?ipv4 HTTP/1.1
                                          Host: detectportal.firefox.com
                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                          Accept: */*
                                          Accept-Language: en-US,en;q=0.5
                                          Accept-Encoding: gzip, deflate
                                          Connection: keep-alive
                                          Pragma: no-cache
                                          Cache-Control: no-cache
                                          Sep 1, 2024 20:54:44.795957088 CEST216INHTTP/1.1 200 OK
                                          Server: nginx
                                          Content-Length: 8
                                          Via: 1.1 google
                                          Date: Sun, 01 Sep 2024 02:15:18 GMT
                                          Age: 59966
                                          Content-Type: text/plain
                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                          Data Raw: 73 75 63 63 65 73 73 0a
                                          Data Ascii: success
                                          Sep 1, 2024 20:54:45.142596006 CEST305OUTGET /success.txt?ipv4 HTTP/1.1
                                          Host: detectportal.firefox.com
                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                          Accept: */*
                                          Accept-Language: en-US,en;q=0.5
                                          Accept-Encoding: gzip, deflate
                                          Connection: keep-alive
                                          Pragma: no-cache
                                          Cache-Control: no-cache
                                          Sep 1, 2024 20:54:45.243154049 CEST216INHTTP/1.1 200 OK
                                          Server: nginx
                                          Content-Length: 8
                                          Via: 1.1 google
                                          Date: Sun, 01 Sep 2024 02:15:18 GMT
                                          Age: 59967
                                          Content-Type: text/plain
                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                          Data Raw: 73 75 63 63 65 73 73 0a
                                          Data Ascii: success
                                          Sep 1, 2024 20:54:45.290604115 CEST305OUTGET /success.txt?ipv4 HTTP/1.1
                                          Host: detectportal.firefox.com
                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                          Accept: */*
                                          Accept-Language: en-US,en;q=0.5
                                          Accept-Encoding: gzip, deflate
                                          Connection: keep-alive
                                          Pragma: no-cache
                                          Cache-Control: no-cache
                                          Sep 1, 2024 20:54:45.381357908 CEST216INHTTP/1.1 200 OK
                                          Server: nginx
                                          Content-Length: 8
                                          Via: 1.1 google
                                          Date: Sun, 01 Sep 2024 02:15:18 GMT
                                          Age: 59967
                                          Content-Type: text/plain
                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                          Data Raw: 73 75 63 63 65 73 73 0a
                                          Data Ascii: success
                                          Sep 1, 2024 20:54:45.664319992 CEST305OUTGET /success.txt?ipv4 HTTP/1.1
                                          Host: detectportal.firefox.com
                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                          Accept: */*
                                          Accept-Language: en-US,en;q=0.5
                                          Accept-Encoding: gzip, deflate
                                          Connection: keep-alive
                                          Pragma: no-cache
                                          Cache-Control: no-cache
                                          Sep 1, 2024 20:54:45.754719019 CEST216INHTTP/1.1 200 OK
                                          Server: nginx
                                          Content-Length: 8
                                          Via: 1.1 google
                                          Date: Sun, 01 Sep 2024 02:15:18 GMT
                                          Age: 59967
                                          Content-Type: text/plain
                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                          Data Raw: 73 75 63 63 65 73 73 0a
                                          Data Ascii: success
                                          Sep 1, 2024 20:54:49.512103081 CEST305OUTGET /success.txt?ipv4 HTTP/1.1
                                          Host: detectportal.firefox.com
                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                          Accept: */*
                                          Accept-Language: en-US,en;q=0.5
                                          Accept-Encoding: gzip, deflate
                                          Connection: keep-alive
                                          Pragma: no-cache
                                          Cache-Control: no-cache
                                          Sep 1, 2024 20:54:49.771039009 CEST216INHTTP/1.1 200 OK
                                          Server: nginx
                                          Content-Length: 8
                                          Via: 1.1 google
                                          Date: Sun, 01 Sep 2024 02:15:18 GMT
                                          Age: 59971
                                          Content-Type: text/plain
                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                          Data Raw: 73 75 63 63 65 73 73 0a
                                          Data Ascii: success
                                          Sep 1, 2024 20:54:59.784138918 CEST6OUTData Raw: 00
                                          Data Ascii:
                                          Sep 1, 2024 20:55:00.659818888 CEST305OUTGET /success.txt?ipv4 HTTP/1.1
                                          Host: detectportal.firefox.com
                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                          Accept: */*
                                          Accept-Language: en-US,en;q=0.5
                                          Accept-Encoding: gzip, deflate
                                          Connection: keep-alive
                                          Pragma: no-cache
                                          Cache-Control: no-cache
                                          Sep 1, 2024 20:55:00.749505997 CEST216INHTTP/1.1 200 OK
                                          Server: nginx
                                          Content-Length: 8
                                          Via: 1.1 google
                                          Date: Sun, 01 Sep 2024 02:15:18 GMT
                                          Age: 59982
                                          Content-Type: text/plain
                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                          Data Raw: 73 75 63 63 65 73 73 0a
                                          Data Ascii: success
                                          Sep 1, 2024 20:55:04.888952971 CEST305OUTGET /success.txt?ipv4 HTTP/1.1
                                          Host: detectportal.firefox.com
                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                          Accept: */*
                                          Accept-Language: en-US,en;q=0.5
                                          Accept-Encoding: gzip, deflate
                                          Connection: keep-alive
                                          Pragma: no-cache
                                          Cache-Control: no-cache
                                          Sep 1, 2024 20:55:04.978879929 CEST216INHTTP/1.1 200 OK
                                          Server: nginx
                                          Content-Length: 8
                                          Via: 1.1 google
                                          Date: Sun, 01 Sep 2024 02:15:18 GMT
                                          Age: 59986
                                          Content-Type: text/plain
                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                          Data Raw: 73 75 63 63 65 73 73 0a
                                          Data Ascii: success
                                          Sep 1, 2024 20:55:14.996145964 CEST6OUTData Raw: 00
                                          Data Ascii:
                                          Sep 1, 2024 20:55:21.345204115 CEST305OUTGET /success.txt?ipv4 HTTP/1.1
                                          Host: detectportal.firefox.com
                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                          Accept: */*
                                          Accept-Language: en-US,en;q=0.5
                                          Accept-Encoding: gzip, deflate
                                          Connection: keep-alive
                                          Pragma: no-cache
                                          Cache-Control: no-cache
                                          Sep 1, 2024 20:55:21.435033083 CEST216INHTTP/1.1 200 OK
                                          Server: nginx
                                          Content-Length: 8
                                          Via: 1.1 google
                                          Date: Sun, 01 Sep 2024 02:15:18 GMT
                                          Age: 60003
                                          Content-Type: text/plain
                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                          Data Raw: 73 75 63 63 65 73 73 0a
                                          Data Ascii: success
                                          Sep 1, 2024 20:55:28.776707888 CEST305OUTGET /success.txt?ipv4 HTTP/1.1
                                          Host: detectportal.firefox.com
                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                          Accept: */*
                                          Accept-Language: en-US,en;q=0.5
                                          Accept-Encoding: gzip, deflate
                                          Connection: keep-alive
                                          Pragma: no-cache
                                          Cache-Control: no-cache
                                          Sep 1, 2024 20:55:28.867634058 CEST216INHTTP/1.1 200 OK
                                          Server: nginx
                                          Content-Length: 8
                                          Via: 1.1 google
                                          Date: Sun, 01 Sep 2024 02:15:18 GMT
                                          Age: 60010
                                          Content-Type: text/plain
                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                          Data Raw: 73 75 63 63 65 73 73 0a
                                          Data Ascii: success
                                          Sep 1, 2024 20:55:38.868284941 CEST6OUTData Raw: 00
                                          Data Ascii:
                                          Sep 1, 2024 20:55:48.891148090 CEST6OUTData Raw: 00
                                          Data Ascii:
                                          Sep 1, 2024 20:55:58.899517059 CEST6OUTData Raw: 00
                                          Data Ascii:


                                          HTTPS Proxied Packets

                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          0192.168.2.449742216.58.206.654437608C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          TimestampBytes transferredDirectionData
                                          2024-09-01 18:54:03 UTC594OUTGET /crx/blobs/AY4GWKBMNax_FQrZEVzNkO_0mu3UShnzR6AihR_EPjVIUOT_pwZzkWCpOk8YKIu0qnIq_YObWXuPyiJ7NA0nDjMHUEYIIEknsNvJHXuPd0MqxESzoxi9xiMyJKNwZiVV1yEAxlKa5UVe61sINARQ7fO9dE0bkfP_W4GG/GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_80_1_0.crx HTTP/1.1
                                          Host: clients2.googleusercontent.com
                                          Connection: keep-alive
                                          Sec-Fetch-Site: none
                                          Sec-Fetch-Mode: no-cors
                                          Sec-Fetch-Dest: empty
                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                          Accept-Encoding: gzip, deflate, br
                                          Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                          2024-09-01 18:54:03 UTC566INHTTP/1.1 200 OK
                                          Accept-Ranges: bytes
                                          Content-Length: 135751
                                          X-GUploader-UploadID: AD-8ljtshJJq4XgzdPlipWc9Q2qQueSSC0i22OaAOPbfphaLIaXL8i64mipNWME9W5aJ7mFnN9c
                                          X-Goog-Hash: crc32c=IDdmTg==
                                          Server: UploadServer
                                          Date: Sat, 31 Aug 2024 19:15:10 GMT
                                          Expires: Sun, 31 Aug 2025 19:15:10 GMT
                                          Cache-Control: public, max-age=31536000
                                          Age: 85133
                                          Last-Modified: Tue, 23 Jul 2024 15:56:28 GMT
                                          ETag: 1d368626_ddaec042_86665b6c_28d780a0_b2065016
                                          Content-Type: application/x-chrome-extension
                                          Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                          Connection: close
                                          2024-09-01 18:54:03 UTC824INData Raw: 43 72 32 34 03 00 00 00 e8 15 00 00 12 ac 04 0a a6 02 30 82 01 22 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 82 01 0f 00 30 82 01 0a 02 82 01 01 00 9c 5e d1 18 b0 31 22 89 f4 fd 77 8d 67 83 0b 74 fd c3 32 4a 0e 47 31 00 29 58 34 b1 bf 3d 26 90 3f 5b 6a 2c 4c 7a fd d5 6a b0 75 cf 65 5b 49 85 71 2a 42 61 2f 58 dd ee dc 50 c1 68 fc cd 84 4c 04 88 b9 99 dc 32 25 33 5f 6f f4 ae b5 ad 19 0d d4 b8 48 f7 29 27 b9 3d d6 95 65 f8 ac c8 9c 3f 15 e6 ef 1f 08 ab 11 6a e1 a9 c8 33 55 48 fd 7c bf 58 8c 4d 06 e3 97 75 cc c2 9c 73 5b a6 2a f2 ea 3f 24 f3 9c db 8a 05 9f 46 25 11 1d 18 b4 49 08 19 94 80 29 08 f2 2c 2d c0 2f 90 65 35 29 a6 66 83 e7 4f e4 b2 71 14 5e ff 90 92 01 8d d3 bf ca a0 d0 39 a0 08 28 e3 d2 5f d5 70 68 32 fe 10 5e d5 59 42 50 58 66 5f 38 cc 0b 08
                                          Data Ascii: Cr240"0*H0^1"wgt2JG1)X4=&?[j,Lzjue[Iq*Ba/XPhL2%3_oH)'=e?j3UH|XMus[*?$F%I),-/e5)fOq^9(_ph2^YBPXf_8
                                          2024-09-01 18:54:03 UTC1390INData Raw: cb 30 5e ae fd 8f bf fc 18 3f ab aa ce 6f f5 9f 86 ea f3 4f e7 8b aa 7e fc f9 c7 ed f2 de 57 f2 ef e5 b5 1f ab 7e fc f1 97 7f fc 18 f2 a7 ba e6 52 7f be 7a 86 4d 61 da 86 e0 b6 91 9a 75 5d 9a b5 2a 9f 87 2d b7 6e 97 ac 9b be 32 73 3c 97 a6 da 8a e4 b0 45 fb 9f 36 ba 3c 2e c2 57 bd 48 91 71 68 ae 17 fd f9 3a 6a a8 79 f8 fe f7 4e dd 44 1a 5d 4e 6a fc f5 d0 bb b5 f4 df 2f a7 cb 61 8a 9a f7 7b e9 db fd f7 67 ca ce f9 92 d0 b9 66 29 ba 7e 7f 5f 98 88 8b a7 31 71 fe fe 4c da 11 23 06 47 da 8d 8d f0 51 97 77 14 c8 99 1d 4a 10 22 04 c4 8e 74 e1 33 0f c2 4d e5 0b 5b 3c 43 e7 18 dc 2e a5 0f 8d 7c 77 d8 1e 94 73 2b 4c 54 17 3e 9b 8f 26 ec 8e 26 50 a5 85 6a 61 ea eb 6e 98 0b 73 73 39 ee c2 67 61 3a ff 1e e7 f7 b3 85 53 ee a9 9e 59 f5 3e 81 0c 1d b9 f8 4a 3a 06 39 87
                                          Data Ascii: 0^?oO~W~RzMau]*-n2s<E6<.WHqh:jyND]Nj/a{gf)~_1qL#GQwJ"t3M[<C.|ws+LT>&&Pjanss9ga:SY>J:9
                                          2024-09-01 18:54:03 UTC1390INData Raw: fb 44 b0 b4 75 cd a2 45 f6 da fb af bc 3f ce 66 36 89 54 f7 7b 85 4d 64 18 16 65 30 97 1e f2 8b 3d 8c f3 00 e1 48 79 96 ec ea 1d f6 a0 d6 80 10 97 4f 10 60 43 7e 2d de bf 3f ac f5 dc 1b 32 87 63 d4 2b 25 8c c9 3d 52 f4 88 e8 d8 51 25 77 c5 5e 7a c9 5e 86 25 15 31 06 d8 2d 7b ad d1 54 eb 11 a3 53 14 2c cf 7d f9 ff d0 e0 b2 c1 43 66 d4 4a 06 e2 33 37 55 9a 78 d1 48 02 d7 8b 1b d1 0b 33 cc 70 a7 4b c1 72 2f c2 13 19 ed c4 5b a9 a0 8b 4d b9 59 5e 7b 72 2d ff 51 fb dc 0d f6 85 87 e6 ba 95 5e 68 12 00 3b 14 08 91 1b c3 91 cc 5a 03 7c cc a3 e0 a7 19 9b 8f 07 0b 70 9c 51 bc af ba f7 c7 22 7f 6b ed da 1b 3c a4 60 9b 5a c3 ab 54 de 7c 82 75 4b 00 a2 d8 aa 43 9d 31 12 d1 82 59 67 1d aa fb 81 1f 1b e0 15 11 e5 97 16 34 8b 65 ef 77 cd 57 b2 c7 ad ba 65 8d f2 aa de 35
                                          Data Ascii: DuE?f6T{Mde0=HyO`C~-?2c+%=RQ%w^z^%1-{TS,}CfJ37UxH3pKr/[MY^{r-Q^h;Z|pQ"k<`ZT|uKC1Yg4ewWe5
                                          2024-09-01 18:54:03 UTC1390INData Raw: a3 3a 66 63 2b dc 55 dd f4 76 4a 8c 67 19 c8 cf dc c0 a9 f6 5c fb 04 0e 30 9f 45 2b 3a 9d 3b 96 d8 5b 6e bd d6 e7 9c e8 c6 a6 3c ec 04 3f 00 02 d8 07 6a 07 4f 70 bb e6 0d 44 84 8e 31 f6 ed 3b e9 6a c5 3d 68 26 0c d9 55 07 3f b0 ae cd 25 f6 a5 bf 92 bd 1a 68 de 40 51 36 ee a5 e4 ce 91 50 6c c6 16 de 88 4e bc 66 c4 fd 22 da f5 e3 d6 a9 11 77 9e cc c8 00 69 5f 40 62 95 20 df ff 5c 62 ff d0 7c 77 74 a5 ee 94 81 37 09 f8 6e 89 76 d0 cc c3 9e ed f1 98 74 e8 44 3c ad 43 b4 7d 7c ef 37 12 7f b8 65 96 f8 5e 7f 6d d6 87 cf c8 3f 3c ff 0f fe 46 0a 5c ba b6 fe 19 70 0e 32 75 0d ee 8d af b1 e1 04 85 42 3c 9e 59 9b c0 78 a6 b0 b5 39 1f b7 d1 de cd 12 22 41 49 d1 15 ab a1 11 33 5c d4 fd b2 5b d9 73 15 d6 f9 35 bc c7 cd bb 1d 79 b6 97 eb f1 e5 7e 9d 14 50 5d 28 7c 07 9c
                                          Data Ascii: :fc+UvJg\0E+:;[n<?jOpD1;j=h&U?%h@Q6PlNf"wi_@b \b|wt7nvtD<C}|7e^m?<F\p2uB<Yx9"AI3\[s5y~P](|
                                          2024-09-01 18:54:03 UTC1390INData Raw: f4 82 39 aa e0 7a ec d0 f9 66 30 94 41 fc df ee db 1c a9 13 e6 2d 30 13 82 a1 ce 12 31 7d 82 53 e2 83 47 45 59 27 58 b8 8f 29 06 91 69 cf 5a f8 cc 88 c6 0f 64 a8 24 03 ce ef 34 a6 34 d9 53 76 aa d1 f7 b6 0a 2b fc d4 75 76 ce 3a 75 4f 2d 57 df f3 bf de ff fb dd 66 83 81 23 92 f4 b0 c9 4d 75 c1 14 7c 9e f8 b8 ab 3c 75 20 0d 34 51 a3 0e b9 57 8f 5c c9 54 10 9d 35 cc 9b 85 ba 8d ce d3 40 ea df eb f4 bd c6 2c 8d bf 7f cb f8 66 fe ef 5a ba 1d ba 7f 9e b7 3c ff e1 39 cb 7f 7d 77 90 3e 1b 53 53 b5 ff 3a 2b 59 eb 1a b5 ef 9a f3 97 e0 e3 a3 e0 8e ca 4c fb 5e 74 ea 56 74 b6 f6 9f d3 57 e1 d7 9f b9 df 5e fe f7 bb 96 ae e7 1e 0d df 6b e7 fb 2c e6 b1 79 7f 1c 1b ef fb ff 1f ba be 0c 5d 77 5f 05 74 4c cd 62 ce b9 d6 b7 e6 3a 9d e3 7f 1f 1a cd c7 fb 67 75 fb f1 97 bf fe
                                          Data Ascii: 9zf0A-01}SGEY'X)iZd$44Sv+uv:uO-Wf#Mu|<u 4QW\T5@,fZ<9}w>SS:+YL^tVtW^k,y]w_tLb:gu
                                          2024-09-01 18:54:03 UTC1390INData Raw: ad 33 4d c7 0c 67 6e 81 d6 1e 0c 0b 79 e1 e5 4a 9e 81 e8 0e 6d e9 ca e1 60 fa 07 7f fa d2 b1 1f f7 7b ac 3f 4a 13 55 ac f1 4c 7f 94 cf f0 fa f1 b6 7e 2d 9f 5f f6 86 cc fe f1 ec 09 fd 70 24 26 57 1c cf 8f 61 96 f1 4e 24 37 5b 2c f1 37 09 ff 3e 8d 4e e3 76 3b 30 89 99 dc ba 80 99 fa f5 86 7a ab 17 00 10 99 70 d6 78 75 3f ec 5d 26 c0 29 73 23 b1 4d 01 b1 bd 85 22 65 c6 ae 4d 05 29 bb 19 a4 97 d3 26 50 39 76 5a 02 7b 3b 5c cd 19 16 9a 34 6a ca 98 31 83 a3 30 c0 8d 8b 90 69 14 2e 18 a7 11 fc 43 a4 1b 50 25 a6 9a b3 38 b3 01 a7 ed 89 86 13 1f da e6 66 69 88 9b 9b cb a3 0e 88 10 49 34 ac c5 ac 87 cc 0e df 3a 83 59 3f 4a c7 9a 9c 4a 52 22 4a 73 50 10 93 5b 04 26 5d e4 1b 03 5e 57 1d b5 9f 07 15 ea 11 56 a2 32 1c 57 08 4b 8e 3a dd 14 09 a5 9a 54 87 09 2c df 70 99
                                          Data Ascii: 3MgnyJm`{?JUL~-_p$&WaN$7[,7>Nv;0zpxu?]&)s#M"eM)&P9vZ{;\4j10i.CP%8fiI4:Y?JJR"JsP[&]^WV2WK:T,p
                                          2024-09-01 18:54:03 UTC1390INData Raw: 34 3d 97 d3 d8 25 32 96 b3 f5 13 f7 6e 04 c3 e8 d7 24 af 68 00 67 eb c3 66 e7 0c 80 f3 86 ed 66 61 be 93 2c c1 a2 81 5f 40 75 19 01 ec 81 b2 11 59 6b 02 01 7c 80 cd 06 9c b7 f6 39 2e 1b a2 d1 59 0b 31 ae 2b a8 f9 19 97 78 ba 9e 92 04 eb 38 0f b1 da 61 42 cf b8 b8 ab 80 50 16 da 7c e0 2a 5d 2e b6 61 3d 16 a7 f7 ad 25 37 09 0c 17 4a fa a3 b0 2f 74 b2 60 63 c4 b5 32 fd ca 4b dc 91 50 cd 08 cf a1 3e ef 10 50 75 05 0f a4 06 bb 61 21 1b 94 db 98 9a 6d 25 ee 69 db 2b 4b 9f 80 46 c6 7a 5d 13 fe 95 45 1a 44 be bd d3 f7 20 9f 7f 88 83 9f 5b 5b 41 3d 0c 7f 6e 6e 02 8a 0a a9 66 0f 64 38 ff 27 1a e0 86 95 3d 0e 65 8e 2a 9e ff b3 5a f5 13 b7 6b 4c e2 da dd 53 96 36 98 be 35 e0 8b a2 03 ec 6d 83 0f 98 a6 6a 9a 7d d4 30 cf b9 22 24 be 95 ed ae b5 82 4d 0c 6d 44 68 ea 50
                                          Data Ascii: 4=%2n$hgffa,_@uYk|9.Y1+x8aBP|*].a=%7J/t`c2KP>Pua!m%i+KFz]ED [[A=nnfd8'=e*ZkLS65mj}0"$MmDhP
                                          2024-09-01 18:54:03 UTC1390INData Raw: 87 c6 bc 81 e5 c6 01 f8 80 6e be 68 ae 8d 1a 92 d9 22 7c fb 47 cd 55 a8 b9 72 2b d4 f6 c4 b2 bb dd a3 21 3e c1 52 53 40 cc 0f 98 69 56 28 ab c0 b8 20 06 f5 02 9a 6f 68 bf 82 e6 8f 24 99 81 79 93 8e d4 f5 47 b4 3f 91 f0 93 e1 db ea 74 d9 df bc 02 e8 81 b4 53 49 59 03 c4 1b 90 6e de 93 27 17 a4 fa 97 68 50 4b ef a1 19 2a b3 8e 70 02 6b db 66 44 24 b0 33 79 cf de 43 b1 cd cd c3 41 86 8d 22 07 8e 36 37 b7 cc 9f 0b de bb 60 25 1c fe f7 ea 9b 07 c5 80 f6 9d 10 df 4c b8 27 ef 1c 14 d6 c4 c3 c8 1c ee dd 3d 4d da 8a 0c c4 52 71 54 0a cc 3d d5 5f 29 07 02 fd 8d 5b 75 1c 35 30 b0 47 f8 b3 f1 28 6e 46 7c 56 31 fc 89 c5 6c ca aa 76 67 10 f7 66 c9 bd 26 86 fd fd 33 5d db d6 b3 31 ae 67 3e af 13 4c ea cf 63 28 1c 73 d5 b7 cf 2e dd b8 9a fa 75 a8 12 83 1e ae 82 2c 32 d0
                                          Data Ascii: nh"|GUr+!>RS@iV( oh$yG?tSIYn'hPK*pkfD$3yCA"67`%L'=MRqT=_)[u50G(nF|V1lvgf&3]1g>Lc(s.u,2
                                          2024-09-01 18:54:03 UTC1390INData Raw: 1a 0c 27 c9 15 33 8e 4d 6d 30 cb db c6 1d 95 4b 44 47 2a fe 65 6d 62 82 56 4a e1 cb 97 55 fc 6d 2d fc d8 a1 69 e9 bd ea 7b 41 b9 d4 6c 30 29 3a d9 54 cc 2c 05 5e a2 02 b3 c5 bb 08 19 d8 62 b9 d7 a5 62 06 3c 34 40 2e 25 3c 2e c3 97 e2 9d d1 3b c2 71 73 13 d5 e3 35 1f 0d 77 bd 52 9b 9d 01 9b 76 ce d3 0a 52 52 c7 6b 5d b2 e6 95 0a ae bf 14 a3 21 ab aa 31 20 bd b4 d7 42 bf e6 ac e0 5e 40 6f ac 03 3a 6a 01 54 03 d6 36 21 06 2c ba 37 91 a3 0c 4f d2 f8 12 13 46 bb 84 e9 6e dd 4f 81 45 78 78 68 42 e3 13 1f ac 1d 5f 60 04 f8 9a c2 4f 39 8e dc 8c 8d 17 91 02 eb a3 e5 59 ed 20 d2 12 4f e2 a7 7e 66 86 b7 89 8d 5e 42 dd ad 6d cf 2f c2 ed a0 58 e6 a4 e8 94 cb 4f a1 44 3b d4 2c b4 50 44 ce 14 d0 d2 b6 82 1a 45 be 6a b8 a8 f3 70 b4 81 60 59 46 50 39 3d 99 b2 b8 fb 19 23
                                          Data Ascii: '3Mm0KDG*embVJUm-i{Al0):T,^bb<4@.%<.;qs5wRvRRk]!1 B^@o:jT6!,7OFnOExxhB_`O9Y O~f^Bm/XOD;,PDEjp`YFP9=#
                                          2024-09-01 18:54:03 UTC1390INData Raw: 5e 4e 7f fd fa f3 8f 27 8f ff d8 06 aa 7b 8f 52 b0 a4 78 a6 f8 ce 72 c4 5f 39 36 74 23 3d a2 5e 64 ed 29 3c 87 d5 63 57 ef 41 05 40 38 0f e8 2f d0 e8 ee 60 78 31 a8 e0 aa 56 f0 9d a3 17 ab 1f c9 83 ee a5 c0 0c d4 43 84 42 20 54 19 07 77 89 e3 f9 04 05 67 92 9e a7 b0 83 ae 1c df b9 60 e3 01 68 2e f0 49 a9 c5 b0 3d 74 1f 03 d9 07 37 09 19 27 70 29 60 8f d4 1e 13 eb a4 2d 83 17 0b 58 58 65 0b 2b 09 80 2e 29 5a 5a 1e 7b 0b 46 a0 a2 7f e9 a8 77 64 98 5b 0e e4 3a 8a 11 91 76 32 04 ed 6a 28 4f 01 04 c6 70 85 84 f6 e7 b3 20 6e 41 39 10 d0 00 a9 42 a0 f8 c0 6e f0 6c 6d 44 a1 12 09 6c f4 67 bf 3f ab ff f1 f8 f1 1c 10 16 b7 35 9a 93 9f 70 5f e2 ca bd 60 c7 46 0f d8 18 13 66 58 1b 01 f9 88 5d 2a e3 a5 e8 eb b3 27 1a 94 30 a2 67 4f 44 be 18 97 0f cf c7 58 11 76 5a 6f
                                          Data Ascii: ^N'{Rxr_96t#=^d)<cWA@8/`x1VCB Twg`h.I=t7'p)`-XXe+.)ZZ{Fwd[:v2j(Op nA9BnlmDlg?5p_`FfX]*'0gODXvZo


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          1192.168.2.449761162.159.61.34437608C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          TimestampBytes transferredDirectionData
                                          2024-09-01 18:54:06 UTC245OUTPOST /dns-query HTTP/1.1
                                          Host: chrome.cloudflare-dns.com
                                          Connection: keep-alive
                                          Content-Length: 128
                                          Accept: application/dns-message
                                          Accept-Language: *
                                          User-Agent: Chrome
                                          Accept-Encoding: identity
                                          Content-Type: application/dns-message
                                          2024-09-01 18:54:06 UTC128OUTData Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                          Data Ascii: wwwgstaticcom)TP
                                          2024-09-01 18:54:06 UTC247INHTTP/1.1 200 OK
                                          Server: cloudflare
                                          Date: Sun, 01 Sep 2024 18:54:06 GMT
                                          Content-Type: application/dns-message
                                          Connection: close
                                          Access-Control-Allow-Origin: *
                                          Content-Length: 468
                                          CF-RAY: 8bc7778b6f39426b-EWR
                                          alt-svc: h3=":443"; ma=86400
                                          2024-09-01 18:54:06 UTC468INData Raw: 00 00 81 80 00 01 00 01 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 c0 0c 00 01 00 01 00 00 00 8a 00 04 8e fa 50 63 00 00 29 04 d0 00 00 00 00 01 98 00 0c 01 94 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                          Data Ascii: wwwgstaticcomPc)


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          2192.168.2.449760172.64.41.34437608C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          TimestampBytes transferredDirectionData
                                          2024-09-01 18:54:06 UTC245OUTPOST /dns-query HTTP/1.1
                                          Host: chrome.cloudflare-dns.com
                                          Connection: keep-alive
                                          Content-Length: 128
                                          Accept: application/dns-message
                                          Accept-Language: *
                                          User-Agent: Chrome
                                          Accept-Encoding: identity
                                          Content-Type: application/dns-message
                                          2024-09-01 18:54:06 UTC128OUTData Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                          Data Ascii: wwwgstaticcom)TP
                                          2024-09-01 18:54:06 UTC247INHTTP/1.1 200 OK
                                          Server: cloudflare
                                          Date: Sun, 01 Sep 2024 18:54:06 GMT
                                          Content-Type: application/dns-message
                                          Connection: close
                                          Access-Control-Allow-Origin: *
                                          Content-Length: 468
                                          CF-RAY: 8bc7778b9bac0f97-EWR
                                          alt-svc: h3=":443"; ma=86400
                                          2024-09-01 18:54:06 UTC468INData Raw: 00 00 81 80 00 01 00 01 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 c0 0c 00 01 00 01 00 00 01 1f 00 04 8e fb 23 a3 00 00 29 04 d0 00 00 00 00 01 98 00 0c 01 94 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                          Data Ascii: wwwgstaticcom#)


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          3192.168.2.449762162.159.61.34437608C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          TimestampBytes transferredDirectionData
                                          2024-09-01 18:54:06 UTC245OUTPOST /dns-query HTTP/1.1
                                          Host: chrome.cloudflare-dns.com
                                          Connection: keep-alive
                                          Content-Length: 128
                                          Accept: application/dns-message
                                          Accept-Language: *
                                          User-Agent: Chrome
                                          Accept-Encoding: identity
                                          Content-Type: application/dns-message
                                          2024-09-01 18:54:06 UTC128OUTData Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                          Data Ascii: wwwgstaticcom)TP
                                          2024-09-01 18:54:06 UTC247INHTTP/1.1 200 OK
                                          Server: cloudflare
                                          Date: Sun, 01 Sep 2024 18:54:06 GMT
                                          Content-Type: application/dns-message
                                          Connection: close
                                          Access-Control-Allow-Origin: *
                                          Content-Length: 468
                                          CF-RAY: 8bc7778c89fa0c94-EWR
                                          alt-svc: h3=":443"; ma=86400
                                          2024-09-01 18:54:06 UTC468INData Raw: 00 00 81 80 00 01 00 01 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 c0 0c 00 01 00 01 00 00 01 17 00 04 8e fb 23 a3 00 00 29 04 d0 00 00 00 00 01 98 00 0c 01 94 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                          Data Ascii: wwwgstaticcom#)


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          4192.168.2.44976413.107.246.604437608C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          TimestampBytes transferredDirectionData
                                          2024-09-01 18:54:06 UTC486OUTGET /assets/arbitration_priority_list/4.0.5/asset?assetgroup=ArbitrationService HTTP/1.1
                                          Host: edgeassetservice.azureedge.net
                                          Connection: keep-alive
                                          Edge-Asset-Group: ArbitrationService
                                          Sec-Fetch-Site: none
                                          Sec-Fetch-Mode: no-cors
                                          Sec-Fetch-Dest: empty
                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                          Accept-Encoding: gzip, deflate, br
                                          Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                          2024-09-01 18:54:07 UTC538INHTTP/1.1 200 OK
                                          Date: Sun, 01 Sep 2024 18:54:06 GMT
                                          Content-Type: application/octet-stream
                                          Content-Length: 11989
                                          Connection: close
                                          Last-Modified: Fri, 23 Aug 2024 00:10:35 GMT
                                          ETag: 0x8DCC30802EF150E
                                          x-ms-request-id: 903262f1-801e-001b-4826-f94695000000
                                          x-ms-version: 2009-09-19
                                          x-ms-lease-status: unlocked
                                          x-ms-blob-type: BlockBlob
                                          x-azure-ref: 20240901T185406Z-16579567576kv75wmks9m65qec00000006vg00000000gy8w
                                          Cache-Control: public, max-age=604800
                                          x-fd-int-roxy-purgeid: 69316365
                                          X-Cache: TCP_HIT
                                          Accept-Ranges: bytes
                                          2024-09-01 18:54:07 UTC11989INData Raw: 7b 0d 0a 20 20 22 63 6f 6e 66 69 67 56 65 72 73 69 6f 6e 22 3a 20 33 32 2c 0d 0a 20 20 22 50 72 69 76 69 6c 65 67 65 64 45 78 70 65 72 69 65 6e 63 65 73 22 3a 20 5b 0d 0a 20 20 20 20 22 53 68 6f 72 65 6c 69 6e 65 50 72 69 76 69 6c 65 67 65 64 45 78 70 65 72 69 65 6e 63 65 49 44 22 2c 0d 0a 20 20 20 20 22 53 48 4f 50 50 49 4e 47 5f 41 55 54 4f 5f 53 48 4f 57 5f 43 4f 55 50 4f 4e 53 5f 43 48 45 43 4b 4f 55 54 22 2c 0d 0a 20 20 20 20 22 53 48 4f 50 50 49 4e 47 5f 41 55 54 4f 5f 53 48 4f 57 5f 4c 4f 57 45 52 5f 50 52 49 43 45 5f 46 4f 55 4e 44 22 2c 0d 0a 20 20 20 20 22 53 48 4f 50 50 49 4e 47 5f 41 55 54 4f 5f 53 48 4f 57 5f 42 49 4e 47 5f 53 45 41 52 43 48 22 2c 0d 0a 20 20 20 20 22 53 48 4f 50 50 49 4e 47 5f 41 55 54 4f 5f 53 48 4f 57 5f 52 45 42 41 54 45
                                          Data Ascii: { "configVersion": 32, "PrivilegedExperiences": [ "ShorelinePrivilegedExperienceID", "SHOPPING_AUTO_SHOW_COUPONS_CHECKOUT", "SHOPPING_AUTO_SHOW_LOWER_PRICE_FOUND", "SHOPPING_AUTO_SHOW_BING_SEARCH", "SHOPPING_AUTO_SHOW_REBATE


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          5192.168.2.44976513.107.246.604437608C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          TimestampBytes transferredDirectionData
                                          2024-09-01 18:54:06 UTC470OUTGET /assets/edge_hub_apps_manifest_gz/4.7.107/asset?assetgroup=Shoreline HTTP/1.1
                                          Host: edgeassetservice.azureedge.net
                                          Connection: keep-alive
                                          Edge-Asset-Group: Shoreline
                                          Sec-Fetch-Site: none
                                          Sec-Fetch-Mode: no-cors
                                          Sec-Fetch-Dest: empty
                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                          Accept-Encoding: gzip, deflate, br
                                          Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                          2024-09-01 18:54:07 UTC557INHTTP/1.1 200 OK
                                          Date: Sun, 01 Sep 2024 18:54:07 GMT
                                          Content-Type: application/octet-stream
                                          Content-Length: 306698
                                          Connection: close
                                          Content-Encoding: gzip
                                          Last-Modified: Tue, 10 Oct 2023 17:24:31 GMT
                                          ETag: 0x8DBC9B5C40EBFF4
                                          x-ms-request-id: c3ea0861-301e-0002-54a0-fc6afd000000
                                          x-ms-version: 2009-09-19
                                          x-ms-lease-status: unlocked
                                          x-ms-blob-type: BlockBlob
                                          x-azure-ref: 20240901T185406Z-16579567576txfkctmnqv2e9c400000006h0000000006aut
                                          Cache-Control: public, max-age=604800
                                          x-fd-int-roxy-purgeid: 0
                                          X-Cache: TCP_MISS
                                          Accept-Ranges: bytes
                                          2024-09-01 18:54:07 UTC15827INData Raw: 1f 8b 08 08 cf 88 25 65 02 ff 61 73 73 65 74 00 ec 7d 69 93 db 46 92 e8 5f a9 f0 97 fd e0 96 05 10 00 09 4c c4 8b 17 2d f9 92 6d f9 92 6d 8d fd 66 43 51 00 0a 24 9a 20 40 e1 60 ab 7b 76 fe fb ab cc 2c 10 09 82 07 c8 a6 bc 9e 8d 0d 5b 68 b0 8e bc eb 44 55 e6 3f 3f 59 c9 3c 4d 54 55 bf db a8 b2 4a 8b fc 93 bf 89 4f dc cf ac cf ac 4f 6e c4 27 8b 26 7c 27 d7 eb 4a 27 fe bf 7f 7e 92 c6 90 19 c5 ee d4 f7 65 f0 4c f9 be ff cc f5 95 7c 26 63 df 7e 36 9b da 81 13 7b d3 d0 0e 15 d4 cd e5 4a 41 f9 77 ef 5e bf f9 ea 1d fc 7a f7 0e d2 19 1e fb 33 fd df 0c 12 63 55 45 65 ba ae 4d 06 d5 61 89 54 75 a9 1e 20 f7 f5 ab 57 2f 5e dd dd 7e ff 62 be 7c bf 58 a6 5f 05 f7 d6 8b db 9f be f8 f2 f6 f6 87 97 b7 3f f9 b7 90 ff 72 fe ad 7e ff e2 76 9d 58 77 ee 57 8b 1f de ff 14 f9 fe
                                          Data Ascii: %easset}iF_L-mmfCQ$ @`{v,[hDU??Y<MTUJOOn'&|'J'~eL|&c~6{JAw^z3cUEeMaTu W/^~b|X_?r~vXwW
                                          2024-09-01 18:54:07 UTC16384INData Raw: ee 07 cf ac 5b ca 81 54 5b 25 f6 36 51 93 15 e8 c2 2b 22 50 fc 52 36 6d 55 35 59 19 67 e4 56 be d8 2d df fd 8c 1c b1 48 e9 85 d8 d5 6f a1 88 16 05 b8 ea d5 42 20 2f c6 fa c5 ab 21 ae b4 7e 71 4c 7c 69 3b da be 2c c4 3c 45 31 58 f6 5a d0 75 29 2d 10 91 2f b6 81 a8 f1 77 27 4d cb 46 c3 d1 f2 cb e7 17 7d 3c d0 6a 30 b1 ed 19 11 24 85 30 ed b3 77 98 0a a3 d3 4d 8a a4 58 a6 1a 92 6f 39 a0 66 5b a9 58 c4 f8 d7 db 13 a4 38 9f 53 18 72 e3 d6 58 c9 9c 2a 85 f1 21 3d 9d 12 35 51 d6 f4 74 9e 6e f9 3a 6f 4c fc e5 2c 53 f9 7a 94 a9 7c 50 ab 8e d8 56 01 86 95 11 92 ce 4d 82 a9 12 26 c6 7f 9c 55 b4 0d eb a8 c4 4f 75 f1 df 12 7e 7b 85 2d 18 bd 99 6f 4d 95 18 8d 35 7f b9 51 da bc b3 17 f2 61 66 41 16 70 9d 0a 0c 87 07 e7 d4 da 16 34 27 65 eb d7 87 be 44 96 29 71 b2 3a d6
                                          Data Ascii: [T[%6Q+"PR6mU5YgV-HoB /!~qL|i;,<E1XZu)-/w'MF}<j0$0wMXo9f[X8SrX*!=5Qtn:oL,Sz|PVM&UOu~{-oM5QafAp4'eD)q:
                                          2024-09-01 18:54:07 UTC16384INData Raw: 9d 6b d1 e4 03 44 91 0f c7 24 3e 9c a5 f8 80 ce e1 c3 bd 55 1f 7c 0d 7d f0 d6 f4 e1 f6 6d f9 6c 42 78 a7 7a 8f cf 80 2a 42 b1 ca af 46 95 01 06 85 53 be 7a 50 c8 12 ce 7e 7c 44 29 29 63 83 14 66 50 e5 69 9e ba 94 a2 14 a9 44 53 56 22 78 06 d0 d3 7d 25 3d 51 7e fc 63 e8 77 69 11 9c 24 cb 92 42 e9 e0 d4 ac cc c6 c2 0a 92 55 72 f4 61 88 91 31 1f 4c 69 b4 9b 0f a5 64 32 91 6a 99 5a 87 05 9b b8 18 4d b6 69 0c 05 60 46 80 c2 34 75 85 d5 88 cf a4 31 10 78 28 99 44 01 7e 6d 51 37 26 3d f1 aa c8 64 77 98 90 c3 4a 88 b9 d5 8c 73 bc 9b 5c 69 65 23 a6 fb 16 9b 26 25 05 ac fc cc 1e 87 56 e3 bd 7f 86 8d d9 de 4d 93 29 aa 7c fe d1 06 5b da c5 90 55 b0 c9 33 35 1b d9 51 ad b2 ea c6 9a c4 a2 90 04 54 de 86 42 2d d9 e8 78 24 ab 24 51 69 66 82 d7 44 e8 1d cf c8 e2 16 60 37
                                          Data Ascii: kD$>U|}mlBxz*BFSzP~|D))cfPiDSV"x}%=Q~cwi$BUra1Lid2jZMi`F4u1x(D~mQ7&=dwJs\ie#&%VM)|[U35QTB-x$$QifD`7
                                          2024-09-01 18:54:07 UTC16384INData Raw: 73 b5 e6 a0 67 39 bd 50 cf ce e5 f5 33 b4 5b f6 96 18 f6 1d 3d 5b 1c 62 ee 08 9c b4 27 31 5c bf 95 0d 07 a0 cf bc bf ec e9 f3 e3 25 7d d1 cd 7e e8 fe 69 3f 94 32 74 6d 41 40 30 f4 9d 21 ef 18 ab 09 e0 e5 30 bf 56 97 43 99 8d fb 5c b1 3a 15 2a 0c 9d 5f c9 d3 47 70 60 b0 6e 17 9c 16 bc 33 94 8f dc 87 1c 2e 65 5f 80 b0 c7 e2 bb 6a f4 3b c8 60 00 83 b2 83 02 16 e1 3f 69 68 e4 62 45 17 99 ba 9d 9d b7 00 7d 2a 5a 5f 88 af 8b 22 5d 84 79 61 b8 38 c9 2f d4 62 3c 2f ee 0a 38 04 98 69 d8 af 45 cf 43 a8 9b 3e 6e dd 69 b8 01 0b 4d c5 2a d4 d8 5d 7a b1 5f 94 d0 5d 79 e7 c9 87 c6 d5 b9 5d 89 1b 44 f3 5a 14 67 85 e9 1a ef c2 74 b9 63 86 3e c2 71 a7 08 94 eb 44 58 ad 1a 5c 09 02 5c 4d 1b c8 2c 53 c1 71 b8 50 80 6e 30 91 49 05 4e 42 60 22 53 9e 67 6f 08 ac 30 cf 05 cd b5
                                          Data Ascii: sg9P3[=[b'1\%}~i?2tmA@0!0VC\:*_Gp`n3.e_j;`?ihbE}*Z_"]ya8/b</8iEC>niM*]z_]y]DZgtc>qDX\\M,SqPn0INB`"Sgo0
                                          2024-09-01 18:54:07 UTC16384INData Raw: 7f 7f fe e2 4d 8e 52 97 9f 5c d2 a4 d2 9b 7f 21 19 ca ff db 31 e3 e4 f2 51 b8 7c 74 b3 4c aa e5 59 09 49 a3 cf 51 d6 87 a5 4c 6d 23 e7 30 3b 3e ce a2 ff dd d2 a2 4d 1f 0e 14 fd d7 52 7f fd 1c ea cf 13 55 dc a3 6d 85 4b 4e 63 b4 12 03 65 33 26 36 bd 72 f4 19 04 1a d9 86 f6 84 1c dd 9e ee 21 e8 65 4d aa 2f f0 f8 0a fb d1 85 1e 53 4d 3f 5f a5 fc d4 0d f8 28 79 f7 b1 c1 a5 fc 51 df bc 30 df bf cb 6f cb 2a 09 d7 1f 99 f4 19 6a 7e d9 a5 f8 7e 7b c5 59 31 55 b2 99 9f 7d 02 06 e8 6e c6 98 ec a9 7c 3f 2a 1d 34 e5 bd 0a 8f e7 88 3e 74 c3 0b e7 6b 10 2c 4f 53 5d 7c 86 e2 09 77 99 7d ee 02 3a 9d f3 a7 29 a2 13 79 ee 15 d2 a7 37 fd 67 b6 f7 67 33 72 df b2 23 59 ef 55 5d e5 6f cb 55 7e 43 6c b7 99 fc 2e 56 9e 6f 2b 5e 74 f2 ea 6e 17 ed 6d 37 04 2d f5 5a 8e f8 43 2b c3
                                          Data Ascii: MR\!1Q|tLYIQLm#0;>MRUmKNce3&6r!eM/SM?_(yQ0o*j~~{Y1U}n|?*4>tk,OS]|w}:)y7gg3r#YU]oU~Cl.Vo+^tnm7-ZC+
                                          2024-09-01 18:54:07 UTC16384INData Raw: c3 9c 0b 06 79 cd 66 e0 72 84 3b 54 b9 74 ef 35 53 7d 3b 8c b0 a9 fd 1b 50 a9 de 74 45 72 7e 1b f0 2a c4 ee 75 56 a9 f1 4f 0b e2 ef 4c 0e 04 e6 c1 13 43 d1 a3 91 83 19 d3 3d c4 08 0f b5 d5 e1 f0 41 7b 02 cf 94 80 35 8c 5f 5f 02 90 85 fa 86 bb ab e1 02 93 a8 c3 01 b8 10 ce 1a 84 70 ba 2a 74 48 e2 74 7c 83 87 f5 42 38 70 15 c2 ce 65 08 08 86 a0 47 21 98 5b b8 58 62 21 c8 96 0d 6c 09 61 e7 32 c4 b3 5e a1 8d a0 20 7d 39 b0 28 5c c6 6d 21 84 b7 80 4c dc 70 c4 2e c4 f3 19 21 9c 8e d6 1f 96 d8 f4 9d 32 40 37 a4 47 84 1e d1 c7 65 89 5f 63 82 1d d4 5a 86 2d e5 f8 15 59 45 61 ea 67 ab 2d d9 61 85 e3 91 0f 94 e7 67 25 02 3d 4f 28 55 ad 17 c6 a0 29 6a 5d 21 2a cd 7e af 45 5e 0b 01 e5 6c bb ed 07 fa bc 5c f7 4e 60 6b e1 20 c2 ba 99 b8 6d 1e 51 d5 3c d5 da e1 b5 2c a1
                                          Data Ascii: yfr;Tt5S};PtEr~*uVOLC=A{5__p*tHt|B8peG![Xb!la2^ }9(\m!Lp.!2@7Ge_cZ-YEag-ag%=O(U)j]!*~E^l\N`k mQ<,
                                          2024-09-01 18:54:07 UTC16384INData Raw: 62 01 a8 b8 2e 41 68 d5 3e af 78 77 09 5e a1 a8 7e 3d bf 65 90 da ff 6d 58 c3 e3 86 29 f6 22 00 98 2a 9c 68 97 65 63 ac 5c ad 09 2b 23 82 8f 3f 2b 34 4c 1f 01 76 0d 06 ed 44 0f a9 a0 b1 63 30 c2 0d f2 ad 15 f9 9d a6 73 4a 64 c6 38 b2 91 d1 0a 38 ec f1 61 a5 51 a1 65 d6 96 da 34 5b b9 be df 70 92 06 98 c1 37 67 b8 7a fd 34 cd 5e 44 c0 aa b0 27 6e 0c f2 e2 f9 5e 7c 0a 17 b4 b4 16 73 66 52 b2 05 40 56 84 20 c3 90 88 0a 5a 8e f1 3d 96 59 b7 5f a7 63 31 3c 17 3a a9 04 30 4b 80 0e 09 8b 60 e1 5d df da 55 e1 6d 20 56 de 3a 5a 4e 4e 36 25 71 5c 12 7e f1 93 97 31 94 a1 29 89 f2 0a 40 a9 02 bf 55 03 2f 98 74 5f 78 73 cb c5 29 4c e9 ad ef d3 e0 e9 ec 15 b9 9a 03 cf 91 db 7e f5 f0 08 3e bd 4a a1 b3 a7 63 d1 45 bf 50 93 bc bc 7d c3 e9 75 22 5d 68 d9 1e 50 8f 5c 23 a1
                                          Data Ascii: b.Ah>xw^~=emX)"*hec\+#?+4LvDc0sJd88aQe4[p7gz4^D'n^|sfR@V Z=Y_c1<:0K`]Um V:ZNN6%q\~1)@U/t_xs)L~>JcEP}u"]hP\#
                                          2024-09-01 18:54:08 UTC16384INData Raw: 75 5c b5 f2 6d d4 e3 16 ed 7d 0a 76 94 c1 8e a7 30 9e 08 64 07 27 9d 18 c0 52 7d e4 67 ff 5d dd ba 83 b1 dc 5d 98 95 9f fd f7 4f 5a 26 c7 8a 7a a4 2b 67 ea ac d1 ee 4b f3 ee 5b 7c 55 87 5f ce 64 5a d1 d6 85 f4 9d 84 43 1d a5 d1 4e 33 c2 52 b6 ac ef d9 7f de 15 61 44 a2 b6 4f fe 03 39 27 95 29 d1 71 16 47 ff 7e 40 2f ff 09 6e 49 c5 ba 2c 58 72 fd b4 fc 2b 2f d4 a3 80 7f e2 4e fd ca 3b f8 f4 09 87 9a 38 33 24 7f 45 a2 7e d3 4f 4e 87 8c cb 8b 02 7f df 7f ff 57 75 a1 22 3d 51 a9 78 41 7d 1b c5 f8 9b d0 7f 72 fc 7d ff 85 6a 70 ab 5e dc aa 41 ca 56 bd b0 55 00 76 02 c7 a0 ea 57 7d b2 c3 fb 0a b5 58 bd 1f ab f6 63 d5 ec bd 82 b3 c7 5f d5 89 ed 15 3f f6 0a e5 7d 86 bf 7b f2 4f 82 f3 1a ea 09 06 a9 c9 03 c6 95 ea 57 bd 73 50 18 1d 54 fb 07 d5 da 41 bd 99 aa 6f 53
                                          Data Ascii: u\m}v0d'R}g]]OZ&z+gK[|U_dZCN3RaDO9')qG~@/nI,Xr+/N;83$E~ONWu"=QxA}r}jp^AVUvW}Xc_?}{OWsPTAoS
                                          2024-09-01 18:54:08 UTC16384INData Raw: f9 9e 4a 6a 38 c3 9d 71 93 60 68 53 6d 70 93 f4 d8 cb 92 d6 1c 64 0c 55 29 d1 f7 86 61 3a 23 da d5 06 e4 b2 85 18 31 bb 0e 46 71 38 52 33 8f 24 f5 9e 43 1a 6d 32 5a be 90 91 0a d3 47 69 32 eb 74 ec 30 03 b3 0a 2f 45 60 14 c3 56 8c 9b d3 2c f6 4c cc 87 6e 54 d0 da 28 ed 5d 8d 3a 4d 4a aa f1 2e 74 2f 9f 56 e9 a4 49 86 4c 15 33 4f 70 79 ad 9c 27 57 fe 5f f1 b5 af dc 2b a5 7e 6a ff d6 06 bc 0c 5d f6 df fe e1 b9 f2 44 21 e0 ef 42 ef 50 c9 9d 6d c4 b7 e0 a2 c1 1c b4 2f 36 29 c7 0d cd c5 5f 01 b2 80 f3 b0 10 3b 89 01 c5 9d d8 7c 07 2e 18 db 27 d6 4f f2 63 9c b0 f6 f2 ae c9 8b 6c b2 c4 37 76 c1 ad 55 68 26 ab 9f 6e 0d f6 97 8b d0 7b ae f0 47 ed 5d 9f e5 af 8e d0 8d 25 c1 76 f1 dc 48 82 c0 c8 4e c8 12 40 65 5d 3f 2f 1b ab ff 79 9a 2b b3 79 5d 62 4f 7c d5 ff 34 22
                                          Data Ascii: Jj8q`hSmpdU)a:#1Fq8R3$Cm2ZGi2t0/E`V,LnT(]:MJ.t/VIL3Opy'W_+~j]D!BPm/6)_;|.'Ocl7vUh&n{G]%vHN@e]?/y+y]bO|4"
                                          2024-09-01 18:54:08 UTC16384INData Raw: 49 98 d9 64 0e 08 ef 71 ff 50 b9 f3 86 37 4a 22 88 52 55 4a 91 92 53 0e 3c c2 3f 65 33 a3 28 fd 5a 9a 2e 91 76 ec f5 34 94 dc 1a 84 a2 be c1 0e 7a 8b 67 39 3e 58 c7 23 2c 7e 30 2a a9 04 8f 00 e5 ea b9 90 8e 19 22 31 4f 88 ac 1a 1f 76 bd 44 ab b4 23 ff 6a 0e 16 d3 4b 19 b1 5f 46 1a 8c 28 02 0b 82 4d 75 9f bc a7 ab d3 c0 ac 12 2c 1a e1 ca 61 62 a5 73 bf 90 ea 26 30 cc b6 60 ae a5 03 4b 60 ea 7c b9 bf 27 e4 0d 14 35 5a 3a 2d d3 09 b2 1d da a4 23 ee 1b c6 42 eb 6f 46 58 98 31 2d 33 81 d2 c7 b9 ea 4a e4 45 53 f8 1b 85 d6 9a f9 1c dd e5 4a cf 08 96 59 af e8 ce 28 b3 02 0e 0d ee 14 62 4a 58 2a 40 44 d3 12 5b 39 93 33 26 50 17 82 cc e2 88 1a 71 ab dd fe 3c 12 6a 79 40 5e 32 8d a6 25 53 15 5e 3f 60 3e a6 cb e9 d4 75 42 52 43 29 e8 e5 94 bf 82 e4 a6 c8 40 37 67 5f
                                          Data Ascii: IdqP7J"RUJS<?e3(Z.v4zg9>X#,~0*"1OvD#jK_F(Mu,abs&0`K`|'5Z:-#BoFX1-3JESJY(bJX*@D[93&Pq<jy@^2%S^?`>uBRC)@7g_


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          6192.168.2.44976313.107.246.604437608C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          TimestampBytes transferredDirectionData
                                          2024-09-01 18:54:07 UTC711OUTGET /assets/domains_config_gz/2.8.76/asset?assetgroup=EntityExtractionDomainsConfig HTTP/1.1
                                          Host: edgeassetservice.azureedge.net
                                          Connection: keep-alive
                                          Edge-Asset-Group: EntityExtractionDomainsConfig
                                          Sec-Mesh-Client-Edge-Version: 117.0.2045.47
                                          Sec-Mesh-Client-Edge-Channel: stable
                                          Sec-Mesh-Client-OS: Windows
                                          Sec-Mesh-Client-OS-Version: 10.0.19045
                                          Sec-Mesh-Client-Arch: x86_64
                                          Sec-Mesh-Client-WebView: 0
                                          Sec-Fetch-Site: none
                                          Sec-Fetch-Mode: no-cors
                                          Sec-Fetch-Dest: empty
                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                          Accept-Encoding: gzip, deflate, br
                                          Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                          2024-09-01 18:54:07 UTC562INHTTP/1.1 200 OK
                                          Date: Sun, 01 Sep 2024 18:54:07 GMT
                                          Content-Type: application/octet-stream
                                          Content-Length: 70207
                                          Connection: close
                                          Content-Encoding: gzip
                                          Last-Modified: Fri, 02 Aug 2024 18:10:35 GMT
                                          ETag: 0x8DCB31E67C22927
                                          x-ms-request-id: 66f87118-601e-001a-2116-f94768000000
                                          x-ms-version: 2009-09-19
                                          x-ms-lease-status: unlocked
                                          x-ms-blob-type: BlockBlob
                                          x-azure-ref: 20240901T185407Z-16579567576l4p9bs8an1npq1n00000006k000000000aus1
                                          Cache-Control: public, max-age=604800
                                          x-fd-int-roxy-purgeid: 69316365
                                          X-Cache: TCP_HIT
                                          Accept-Ranges: bytes
                                          2024-09-01 18:54:07 UTC15822INData Raw: 1f 8b 08 08 1a 21 ad 66 02 ff 61 73 73 65 74 00 ec bd 0b 97 db 36 b2 30 f8 57 b2 b9 33 b3 dd 89 d5 d6 5b dd d9 cd fa f4 d3 f1 f8 39 6d 3b 19 db f1 d5 01 49 48 a2 45 91 0c 1f 6a ab c3 be bf 7d 0b 05 80 00 08 50 52 db ce 77 ef b7 67 67 9c 16 09 14 0a 40 a1 50 a8 2a 14 c0 3f bf f7 93 78 16 ce bf ff e9 bb 3f bf 2f 92 25 8d a7 51 b8 0a 0b 78 ef 8d bb dd 07 df 7d 9f 92 39 9d fa 65 91 cc 66 90 38 1c f4 59 62 40 67 a4 8c 8a 69 94 f8 24 a2 d3 15 49 11 81 c7 f0 c0 df 0e 3c 00 94 97 e3 6b de f1 08 7b a5 11 7b a5 51 67 9e e1 6b 8c af 71 a7 cc f1 15 81 69 de 59 7d c6 d7 02 5f 8b 0e a5 ec d5 c7 5c 3f ef f8 b7 ec 35 20 ec 35 20 9d 60 89 af 14 5f 69 27 40 e0 19 e6 ce 48 27 c4 8a 66 21 be 86 1d 78 60 af 19 be 66 9d 19 e6 2e b0 ec 82 76 c2 08 5f 31 77 91 75 16 3c b7 c4 d7
                                          Data Ascii: !fasset60W3[9m;IHEj}PRwgg@P*?x?/%Qx}9ef8Yb@gi$I<k{{QgkqiY}_\?5 5 `_i'@H'f!x`f.v_1wu<
                                          2024-09-01 18:54:07 UTC16384INData Raw: 30 96 c2 52 09 74 65 c0 2a 8a c3 88 95 9c 7c 3e a9 79 09 d4 fa 9a 9f 30 4a 49 28 2b d7 97 ff 7a 7b f9 fa cd f4 c9 05 68 2b 37 9c c1 08 01 cb 2f 28 f3 02 34 de 08 0c a6 34 da 38 c6 ec 48 27 33 28 96 9f 45 d9 4f 9f 12 f7 54 d2 47 a6 39 87 08 81 e9 6d 4f c1 43 97 10 bf ad 59 55 67 39 13 fe 1e 05 67 65 16 87 6c 9b f5 cb 90 60 eb 3d ea 25 09 33 8b f9 4a fb 10 ef 11 3b 7c e8 61 60 14 a0 60 b9 7c 16 e7 69 54 b1 c3 22 c0 e0 29 df c2 05 4c 8f bc f0 67 5e 04 75 33 51 9a b7 e1 61 1a 61 48 f5 c3 30 f7 62 91 d5 a8 34 39 2a 97 ff 2d f5 aa c1 c2 6c 78 e0 35 33 d1 42 b3 75 c4 be 3b f4 d0 68 83 51 a7 81 2d a0 ff 0d 5d 10 62 ed 7f 55 a5 99 9f 25 2b 2f a4 4d 09 21 65 43 c7 04 cf 93 19 f3 c1 d0 b6 e9 14 38 59 31 29 8b 4d 52 3a c4 97 c1 d0 1d 5d d0 58 b3 51 22 09 e8 37 c0 b1
                                          Data Ascii: 0Rte*|>y0JI(+z{h+7/(448H'3(EOTG9mOCYUg9gel`=%3J;|a``|iT")Lg^u3QaaH0b49*-lx53Bu;hQ-]bU%+/M!eC8Y1)MR:]XQ"7
                                          2024-09-01 18:54:07 UTC16384INData Raw: 4d 9a a5 bf dc f0 20 15 b1 bc 1f 82 9a 8d 98 a7 af db 80 6b 74 e7 ab 7c e6 18 7d 9a 2b 3e 34 2d 1a e7 c0 d5 e8 b4 a0 0e d4 7d 19 bb 69 52 58 a2 33 32 78 db 4b 2d cd 54 dd d2 2b 9c a0 29 69 1a ba 4a ee 0a 4d 33 5a 7b a7 1a 83 5f f3 f7 fe 2c 2f 84 3b 39 d0 56 82 ef 75 a4 f3 69 57 af 58 09 8c 2a 1d 24 b9 4e 6b cf 63 d0 74 99 e3 02 0f 26 7f 1a 86 a9 a8 69 fa 5a d8 25 83 c1 ea f8 fd 12 62 16 86 38 17 5a 19 6f 13 03 00 e6 6a 07 a4 40 be bb 20 de a6 de bf d1 06 75 32 1f c3 4f 67 41 ad 31 bd b0 9c ee 44 47 33 2a 92 9c d3 f6 35 64 a9 b1 d3 f6 b1 c7 a7 b4 80 af ea c1 2a 6c dd 81 a0 0b 67 ca d2 b2 11 7c 8d dc 39 47 56 d1 bd 08 e8 ec 3e 4f c9 56 d6 7a d3 9a 56 4d 17 50 41 9b 17 9b 37 36 da 2e 7c a4 ba 63 f5 72 cd 6b 58 b5 9b 70 5a 19 73 3e 85 d2 c6 f8 80 22 71 cd f5
                                          Data Ascii: M kt|}+>4-}iRX32xK-T+)iJM3Z{_,/;9VuiWX*$Nkct&iZ%b8Zoj@ u2OgA1DG3*5d*lg|9GV>OVzVMPA76.|crkXpZs>"q
                                          2024-09-01 18:54:07 UTC16384INData Raw: d1 b5 2e 37 a4 97 5f 43 54 c9 8d d7 76 7a 14 e4 6f 3b 80 f7 6a 61 e8 6f 47 e9 2d cb 60 84 66 2b c0 b9 77 09 1b c0 32 5c aa 6c 0e 25 81 ed a0 5e 61 25 37 6f 3c a5 bc 1f 04 1a dd b1 04 1d c9 73 16 3a 58 a8 69 4d 12 c1 5e e9 66 5f 14 6c e4 9e d4 61 25 e1 2f c3 fc b8 ed df 80 5d 2b 3a 5b 4c 56 c9 72 1f 59 1d 6a 72 0b d2 b0 4c 8e d5 67 db 16 79 41 90 65 4f 4b 68 63 f6 d1 e5 db b6 6a 18 e6 ca 5f 04 79 2e 71 69 5d 0e 19 cc d9 f6 58 27 58 af 1c 18 04 f1 98 d2 bf 15 1e 37 ce e0 1e 88 54 83 3c 82 f8 a8 05 5f b0 1b 3f 2f 02 8f 31 a4 e9 1d ed 45 e6 e4 85 e6 b9 66 4c fd cd 8d e4 58 f7 79 73 8b 47 40 25 b6 0d 7f 78 ff a8 fe e7 7d 69 4a fc 00 c7 b0 37 a9 44 f0 40 1e e8 bd 41 8a b4 0a 5d 5a 2c 0e 60 f7 fb 81 3b 35 42 38 50 3b bc 9c d4 76 22 35 66 3f 5d d9 fb 8e 7d 65 84
                                          Data Ascii: .7_CTvzo;jaoG-`f+w2\l%^a%7o<s:XiM^f_la%/]+:[LVrYjrLgyAeOKhcj_y.qi]X'X7T<_?/1EfLXysG@%x}iJ7D@A]Z,`;5B8P;v"5f?]}e
                                          2024-09-01 18:54:07 UTC5233INData Raw: 0f 79 ac a9 56 57 20 b1 61 ca d2 f5 ed 38 df 10 b9 60 88 4c 48 ac b1 cd 10 b5 8f 76 49 19 f2 b6 d5 54 1d d1 9c b1 20 7a d3 64 f7 91 a2 0c 4d 73 6d e0 da be ee e6 87 03 9f 5e f7 4f 98 9c 12 cd 88 68 4c 2e b1 48 00 60 c3 31 74 31 8d 87 b4 32 56 02 4f bf e1 a9 3b c0 40 d6 24 8e 10 55 c7 c3 e7 8c f3 78 28 78 d3 94 de b0 5a 4d 22 eb 28 5c 22 00 98 8e 15 1a f8 ab ac 54 f4 5d 80 d0 a5 aa 6e 87 83 fd d6 f1 b0 c0 82 f7 f4 5e ef 2f 2b b8 62 a2 13 a1 4d ae 60 cf 59 3c b1 b1 f4 40 4d 41 74 7c ac 2c 5a 9e ef f4 d2 81 6d 69 e1 d3 8b 73 2c 84 2c 06 37 fd 72 38 10 a5 b2 13 51 f1 a0 a2 06 7d 3f 89 8f 72 35 a0 58 a0 46 79 2f b7 1f cc 57 92 ec c8 b4 b5 f2 5c 65 e7 30 5a 93 e3 b1 8e 5f f5 91 44 87 44 19 1d 59 83 cf 54 85 de 92 34 2e 26 d2 d8 ca 80 2c 56 f9 34 27 86 21 28 e6
                                          Data Ascii: yVW a8`LHvIT zdMsm^OhL.H`1t12VO;@$Ux(xZM"(\"T]n^/+bM`Y<@MAt|,Zmis,,7r8Q}?r5XFy/W\e0Z_DDYT4.&,V4'!(


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          7192.168.2.449766184.28.90.27443
                                          TimestampBytes transferredDirectionData
                                          2024-09-01 18:54:07 UTC161OUTHEAD /fs/windows/config.json HTTP/1.1
                                          Connection: Keep-Alive
                                          Accept: */*
                                          Accept-Encoding: identity
                                          User-Agent: Microsoft BITS/7.8
                                          Host: fs.microsoft.com
                                          2024-09-01 18:54:07 UTC467INHTTP/1.1 200 OK
                                          Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json
                                          Content-Type: application/octet-stream
                                          ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7"
                                          Last-Modified: Tue, 16 May 2017 22:58:00 GMT
                                          Server: ECAcc (lpl/EF70)
                                          X-CID: 11
                                          X-Ms-ApiVersion: Distribute 1.2
                                          X-Ms-Region: prod-neu-z1
                                          Cache-Control: public, max-age=165093
                                          Date: Sun, 01 Sep 2024 18:54:07 GMT
                                          Connection: close
                                          X-CID: 2


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          8192.168.2.449768184.28.90.27443
                                          TimestampBytes transferredDirectionData
                                          2024-09-01 18:54:08 UTC239OUTGET /fs/windows/config.json HTTP/1.1
                                          Connection: Keep-Alive
                                          Accept: */*
                                          Accept-Encoding: identity
                                          If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT
                                          Range: bytes=0-2147483646
                                          User-Agent: Microsoft BITS/7.8
                                          Host: fs.microsoft.com
                                          2024-09-01 18:54:08 UTC515INHTTP/1.1 200 OK
                                          ApiVersion: Distribute 1.1
                                          Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json
                                          Content-Type: application/octet-stream
                                          ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7"
                                          Last-Modified: Tue, 16 May 2017 22:58:00 GMT
                                          Server: ECAcc (lpl/EF06)
                                          X-CID: 11
                                          X-Ms-ApiVersion: Distribute 1.2
                                          X-Ms-Region: prod-weu-z1
                                          Cache-Control: public, max-age=165092
                                          Date: Sun, 01 Sep 2024 18:54:08 GMT
                                          Content-Length: 55
                                          Connection: close
                                          X-CID: 2
                                          2024-09-01 18:54:08 UTC55INData Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d
                                          Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          9192.168.2.449772142.250.81.2384437608C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          TimestampBytes transferredDirectionData
                                          2024-09-01 18:54:08 UTC579OUTOPTIONS /log?format=json&hasfast=true&authuser=0 HTTP/1.1
                                          Host: play.google.com
                                          Connection: keep-alive
                                          Accept: */*
                                          Access-Control-Request-Method: POST
                                          Access-Control-Request-Headers: x-goog-authuser
                                          Origin: https://accounts.google.com
                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                          Sec-Fetch-Mode: cors
                                          Sec-Fetch-Site: same-site
                                          Sec-Fetch-Dest: empty
                                          Referer: https://accounts.google.com/
                                          Accept-Encoding: gzip, deflate, br
                                          Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                          2024-09-01 18:54:08 UTC520INHTTP/1.1 200 OK
                                          Access-Control-Allow-Origin: https://accounts.google.com
                                          Access-Control-Allow-Methods: GET, POST, OPTIONS
                                          Access-Control-Max-Age: 86400
                                          Access-Control-Allow-Credentials: true
                                          Access-Control-Allow-Headers: X-Playlog-Web,authorization,origin,x-goog-authuser
                                          Content-Type: text/plain; charset=UTF-8
                                          Date: Sun, 01 Sep 2024 18:54:08 GMT
                                          Server: Playlog
                                          Content-Length: 0
                                          X-XSS-Protection: 0
                                          X-Frame-Options: SAMEORIGIN
                                          Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                          Connection: close


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          10192.168.2.449773142.250.81.2384437608C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          TimestampBytes transferredDirectionData
                                          2024-09-01 18:54:08 UTC579OUTOPTIONS /log?format=json&hasfast=true&authuser=0 HTTP/1.1
                                          Host: play.google.com
                                          Connection: keep-alive
                                          Accept: */*
                                          Access-Control-Request-Method: POST
                                          Access-Control-Request-Headers: x-goog-authuser
                                          Origin: https://accounts.google.com
                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                          Sec-Fetch-Mode: cors
                                          Sec-Fetch-Site: same-site
                                          Sec-Fetch-Dest: empty
                                          Referer: https://accounts.google.com/
                                          Accept-Encoding: gzip, deflate, br
                                          Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                          2024-09-01 18:54:08 UTC520INHTTP/1.1 200 OK
                                          Access-Control-Allow-Origin: https://accounts.google.com
                                          Access-Control-Allow-Methods: GET, POST, OPTIONS
                                          Access-Control-Max-Age: 86400
                                          Access-Control-Allow-Credentials: true
                                          Access-Control-Allow-Headers: X-Playlog-Web,authorization,origin,x-goog-authuser
                                          Content-Type: text/plain; charset=UTF-8
                                          Date: Sun, 01 Sep 2024 18:54:08 GMT
                                          Server: Playlog
                                          Content-Length: 0
                                          X-XSS-Protection: 0
                                          X-Frame-Options: SAMEORIGIN
                                          Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                          Connection: close


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          11192.168.2.45109213.107.246.404437608C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          TimestampBytes transferredDirectionData
                                          2024-09-01 18:54:09 UTC431OUTGET /assets/edge_hub_apps_search_maximal_light.png/1.3.6/asset HTTP/1.1
                                          Host: edgeassetservice.azureedge.net
                                          Connection: keep-alive
                                          Sec-Fetch-Site: none
                                          Sec-Fetch-Mode: no-cors
                                          Sec-Fetch-Dest: empty
                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                          Accept-Encoding: gzip, deflate, br
                                          Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                          2024-09-01 18:54:09 UTC543INHTTP/1.1 200 OK
                                          Date: Sun, 01 Sep 2024 18:54:09 GMT
                                          Content-Type: image/png
                                          Content-Length: 1966
                                          Connection: close
                                          Last-Modified: Fri, 03 Nov 2023 21:43:31 GMT
                                          ETag: 0x8DBDCB5EC122A94
                                          x-ms-request-id: 25350ece-301e-002b-08d4-fa1cbf000000
                                          x-ms-version: 2009-09-19
                                          x-ms-lease-status: unlocked
                                          x-ms-blob-type: BlockBlob
                                          x-azure-ref: 20240901T185409Z-16579567576h266g9d6dee9ff8000000070g000000004yd6
                                          Cache-Control: public, max-age=604800
                                          x-fd-int-roxy-purgeid: 0
                                          X-Cache-Info: L2_T2
                                          X-Cache: TCP_REMOTE_HIT
                                          Accept-Ranges: bytes
                                          2024-09-01 18:54:09 UTC1966INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 28 00 00 00 28 08 06 00 00 00 8c fe b8 6d 00 00 00 09 70 48 59 73 00 00 16 25 00 00 16 25 01 49 52 24 f0 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 07 43 49 44 41 54 78 01 ed 97 5b 68 5c 75 1e c7 7f ff 73 f9 9f 49 d2 49 4f da 98 b4 6a d7 d9 c5 16 bc b0 4e c1 bd c8 6e d8 99 07 1f 74 1f 9a e0 2a 15 77 d7 06 0b 82 0f d5 3c 54 10 1f 3a 41 d0 2a 8a 2d 55 29 68 4d 14 1f 6a d3 92 3c 28 58 45 92 fa d0 0a 82 8e 48 14 6a 6b 53 d0 b4 21 4d e7 cc 64 6e 67 ce cd ef ef 64 4e 48 ed c5 74 d2 e8 4b 7f c3 9f ff b9 cd 39 9f f3 fd ff 6e 87 e8 ba 2d cd c4 62 2f 1c 1a 1a 4a 29 8a b2 c9 f3 bc 44 10 04 3c c8 71 1c 0b fb 59 8c af 71 6e a4 b7 b7 d7 a2 6b 6c bf 0a 38 3c 3c fc
                                          Data Ascii: PNGIHDR((mpHYs%%IR$sRGBgAMAaCIDATx[h\usIIOjNnt*w<T:A*-U)hMj<(XEHjkS!MdngdNHtK9n-b/J)D<qYqnkl8<<


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          12192.168.2.45109113.107.246.404437608C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          TimestampBytes transferredDirectionData
                                          2024-09-01 18:54:09 UTC433OUTGET /assets/edge_hub_apps_shopping_maximal_light.png/1.4.0/asset HTTP/1.1
                                          Host: edgeassetservice.azureedge.net
                                          Connection: keep-alive
                                          Sec-Fetch-Site: none
                                          Sec-Fetch-Mode: no-cors
                                          Sec-Fetch-Dest: empty
                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                          Accept-Encoding: gzip, deflate, br
                                          Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                          2024-09-01 18:54:09 UTC543INHTTP/1.1 200 OK
                                          Date: Sun, 01 Sep 2024 18:54:09 GMT
                                          Content-Type: image/png
                                          Content-Length: 1751
                                          Connection: close
                                          Last-Modified: Tue, 17 Oct 2023 00:34:33 GMT
                                          ETag: 0x8DBCEA8D5AACC85
                                          x-ms-request-id: dea807c8-f01e-005b-3b60-fa6f7b000000
                                          x-ms-version: 2009-09-19
                                          x-ms-lease-status: unlocked
                                          x-ms-blob-type: BlockBlob
                                          x-azure-ref: 20240901T185409Z-16579567576w5bqfyu10zdac7g00000006pg000000000vug
                                          Cache-Control: public, max-age=604800
                                          x-fd-int-roxy-purgeid: 0
                                          X-Cache-Info: L2_T2
                                          X-Cache: TCP_REMOTE_HIT
                                          Accept-Ranges: bytes
                                          2024-09-01 18:54:09 UTC1751INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 28 00 00 00 28 08 06 00 00 00 8c fe b8 6d 00 00 00 09 70 48 59 73 00 00 16 25 00 00 16 25 01 49 52 24 f0 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 06 6c 49 44 41 54 78 01 ed 98 4d 6c 54 55 14 c7 cf 9d ce b4 52 09 42 85 b8 40 ed f3 23 44 37 0a b8 32 71 01 71 a1 89 1b dc 08 3b ab 0b 64 87 b8 30 84 10 3a c3 c2 a5 1a 57 b8 52 16 26 6e 8c 10 3f 91 c5 a0 a2 21 0d d1 c6 18 63 34 9a 91 b8 c0 40 6c a1 ed cc 7b ef 7e 1c ff e7 de fb e6 4d 3f a0 1f d4 e8 a2 17 5e de eb ed 9b f7 7e f7 7f ce f9 9f 3b 25 5a 1b 6b e3 bf 1d 8a 56 71 d4 cf f2 2e 36 34 ca 44 bb d8 11 15 07 71 cf 19 ff 71 ad 08 3f 3b 4b 13 4e bb 3f 74 27 1f cf 3a d4 38 71 68 5d eb 5f 03 3c 76 86 9f c7
                                          Data Ascii: PNGIHDR((mpHYs%%IR$sRGBgAMAalIDATxMlTURB@#D72qq;d0:WR&n?!c4@l{~M?^~;%ZkVq.64Dqq?;KN?t':8qh]_<v


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          13192.168.2.451093142.251.35.1644437608C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          TimestampBytes transferredDirectionData
                                          2024-09-01 18:54:09 UTC899OUTGET /favicon.ico HTTP/1.1
                                          Host: www.google.com
                                          Connection: keep-alive
                                          sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                          sec-ch-ua-mobile: ?0
                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                          sec-ch-ua-arch: "x86"
                                          sec-ch-ua-full-version: "117.0.2045.47"
                                          sec-ch-ua-platform-version: "10.0.0"
                                          sec-ch-ua-full-version-list: "Microsoft Edge";v="117.0.2045.47", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"
                                          sec-ch-ua-bitness: "64"
                                          sec-ch-ua-model: ""
                                          sec-ch-ua-wow64: ?0
                                          sec-ch-ua-platform: "Windows"
                                          Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                          Sec-Fetch-Site: same-site
                                          Sec-Fetch-Mode: no-cors
                                          Sec-Fetch-Dest: image
                                          Referer: https://accounts.google.com/
                                          Accept-Encoding: gzip, deflate, br
                                          Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                          2024-09-01 18:54:09 UTC704INHTTP/1.1 200 OK
                                          Accept-Ranges: bytes
                                          Cross-Origin-Resource-Policy: cross-origin
                                          Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="static-on-bigtable"
                                          Report-To: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
                                          Content-Length: 5430
                                          X-Content-Type-Options: nosniff
                                          Server: sffe
                                          X-XSS-Protection: 0
                                          Date: Sun, 01 Sep 2024 18:45:26 GMT
                                          Expires: Mon, 09 Sep 2024 18:45:26 GMT
                                          Cache-Control: public, max-age=691200
                                          Last-Modified: Tue, 22 Oct 2019 18:30:00 GMT
                                          Content-Type: image/x-icon
                                          Vary: Accept-Encoding
                                          Age: 523
                                          Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                          Connection: close
                                          2024-09-01 18:54:09 UTC686INData Raw: 00 00 01 00 02 00 10 10 00 00 01 00 20 00 68 04 00 00 26 00 00 00 20 20 00 00 01 00 20 00 a8 10 00 00 8e 04 00 00 28 00 00 00 10 00 00 00 20 00 00 00 01 00 20 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff 30 fd fd fd 96 fd fd fd d8 fd fd fd f9 fd fd fd f9 fd fd fd d7 fd fd fd 94 fe fe fe 2e 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fe fe fe 09 fd fd fd 99 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd 95 ff ff ff 08 00 00 00 00 00 00 00 00 00 00 00 00 fe fe fe 09 fd fd fd c1 ff ff ff ff fa fd f9 ff b4 d9 a7 ff 76 ba 5d ff 58 ab 3a ff 58 aa 3a ff 72 b8 59 ff ac d5 9d ff f8 fb f6 ff ff
                                          Data Ascii: h& ( 0.v]X:X:rY
                                          2024-09-01 18:54:09 UTC1390INData Raw: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd d8 fd fd fd 99 ff ff ff ff 92 cf fb ff 37 52 ec ff 38 46 ea ff d0 d4 fa ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd 96 fe fe fe 32 ff ff ff ff f9 f9 fe ff 56 62 ed ff 35 43 ea ff 3b 49 eb ff 95 9c f4 ff cf d2 fa ff d1 d4 fa ff 96 9d f4 ff 52 5e ed ff e1 e3 fc ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff 30 00 00 00 00 fd fd fd 9d ff ff ff ff e8 ea fd ff 58 63 ee ff 35 43 ea ff 35 43 ea ff 35 43 ea ff 35 43 ea ff 35 43 ea ff 35 43 ea ff 6c 76 f0 ff ff ff ff ff ff ff ff ff fd fd fd 98 00 00 00 00 00 00 00 00 ff ff ff 0a fd fd fd c3 ff ff ff ff f9 f9 fe ff a5 ac f6 ff 5d 69 ee ff 3c 4a eb
                                          Data Ascii: 7R8F2Vb5C;IR^0Xc5C5C5C5C5C5Clv]i<J
                                          2024-09-01 18:54:09 UTC1390INData Raw: ff ff ff ff ff ff ff ff ff ff fd fd fd d0 ff ff ff 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fd fd fd 8b ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff b1 d8 a3 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 60 a5 35 ff ca 8e 3e ff f9 c1 9f ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd 87 00 00 00 00 00 00 00 00 00 00 00 00 fe fe fe 25 fd fd fd fb ff ff ff ff ff ff ff ff ff ff ff ff c2 e0 b7 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 6e b6 54 ff 9f ce 8d ff b7 da aa ff b8 db ab ff a5 d2 95 ff 7b bc 64 ff 54 a8 35 ff 53 a8 34 ff 77 a0 37 ff e3 89 41 ff f4 85 42 ff f4 85 42 ff fc
                                          Data Ascii: S4S4S4S4S4S4S4S4S4S4S4S4S4S4`5>%S4S4S4S4S4S4nT{dT5S4w7ABB
                                          2024-09-01 18:54:09 UTC1390INData Raw: f4 85 42 ff f4 85 42 ff f4 85 42 ff f4 85 42 ff f4 85 42 ff f4 85 42 ff fb d5 bf ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd ea fd fd fd cb ff ff ff ff ff ff ff ff ff ff ff ff 46 cd fc ff 05 bc fb ff 05 bc fb ff 05 bc fb ff 21 ae f9 ff fb fb ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd c8 fd fd fd 9c ff ff ff ff ff ff ff ff ff ff ff ff 86 df fd ff 05 bc fb ff 05 bc fb ff 15 93 f5 ff 34 49 eb ff b3 b8 f7 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
                                          Data Ascii: BBBBBBF!4I
                                          2024-09-01 18:54:09 UTC574INData Raw: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd d2 fe fe fe 24 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff 0a fd fd fd 8d fd fd fd fc ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd fb fd fd fd 8b fe fe fe 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fe fe fe 27 fd fd fd 9f fd fd fd f7 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
                                          Data Ascii: $'


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          14192.168.2.45109013.107.246.404437608C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          TimestampBytes transferredDirectionData
                                          2024-09-01 18:54:09 UTC433OUTGET /assets/edge_hub_apps_toolbox_maximal_light.png/1.5.13/asset HTTP/1.1
                                          Host: edgeassetservice.azureedge.net
                                          Connection: keep-alive
                                          Sec-Fetch-Site: none
                                          Sec-Fetch-Mode: no-cors
                                          Sec-Fetch-Dest: empty
                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                          Accept-Encoding: gzip, deflate, br
                                          Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                          2024-09-01 18:54:09 UTC543INHTTP/1.1 200 OK
                                          Date: Sun, 01 Sep 2024 18:54:09 GMT
                                          Content-Type: image/png
                                          Content-Length: 1427
                                          Connection: close
                                          Last-Modified: Fri, 03 Nov 2023 21:43:36 GMT
                                          ETag: 0x8DBDCB5EF021F8E
                                          x-ms-request-id: 27316467-401e-0006-7b60-fa9f7f000000
                                          x-ms-version: 2009-09-19
                                          x-ms-lease-status: unlocked
                                          x-ms-blob-type: BlockBlob
                                          x-azure-ref: 20240901T185409Z-16579567576qxwrndb60my3nes00000006pg00000000gyfc
                                          Cache-Control: public, max-age=604800
                                          x-fd-int-roxy-purgeid: 0
                                          X-Cache-Info: L2_T2
                                          X-Cache: TCP_REMOTE_HIT
                                          Accept-Ranges: bytes
                                          2024-09-01 18:54:09 UTC1427INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 28 00 00 00 28 08 06 00 00 00 8c fe b8 6d 00 00 00 09 70 48 59 73 00 00 16 25 00 00 16 25 01 49 52 24 f0 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 05 28 49 44 41 54 78 01 ed 57 cd 6b 24 45 14 7f af 67 86 c4 5d cd 8e 9b 05 d1 3d ec e8 1f 20 5e 3d 28 eb 41 04 41 44 10 3c 66 d1 53 92 d3 42 40 72 da 11 84 5c b3 7f 80 24 39 48 40 d4 8b 17 2f b2 e2 1f a0 1e 25 a7 01 11 16 17 35 1f f3 d1 dd d5 55 cf 57 df d5 d3 eb 4e 5a f0 22 53 a1 52 9d 57 5d ef fd de ef 7d 74 05 60 39 96 63 39 96 e3 3f 1d 08 ff 62 1c 1f 1f df e6 e5 9e 52 ea 15 5e fb bc 02 11 99 a9 9f f5 e4 41 52 4a 74 7b df f3 7a 77 7b 7b fb 67 68 39 5a 03 3c 3a 3a da 40 c4 43 0f ea 1f 56 3d 34 38 e2 89
                                          Data Ascii: PNGIHDR((mpHYs%%IR$sRGBgAMAa(IDATxWk$Eg]= ^=(AAD<fSB@r\$9H@/%5UWNZ"SRW]}t`9c9?bR^ARJt{zw{{gh9Z<::@CV=48


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          15192.168.2.45108713.107.246.404437608C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          TimestampBytes transferredDirectionData
                                          2024-09-01 18:54:09 UTC430OUTGET /assets/edge_hub_apps_games_maximal_light.png/1.7.1/asset HTTP/1.1
                                          Host: edgeassetservice.azureedge.net
                                          Connection: keep-alive
                                          Sec-Fetch-Site: none
                                          Sec-Fetch-Mode: no-cors
                                          Sec-Fetch-Dest: empty
                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                          Accept-Encoding: gzip, deflate, br
                                          Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                          2024-09-01 18:54:09 UTC543INHTTP/1.1 200 OK
                                          Date: Sun, 01 Sep 2024 18:54:09 GMT
                                          Content-Type: image/png
                                          Content-Length: 2008
                                          Connection: close
                                          Last-Modified: Tue, 10 Oct 2023 17:24:26 GMT
                                          ETag: 0x8DBC9B5C0C17219
                                          x-ms-request-id: 32a19201-701e-002c-2560-faea3a000000
                                          x-ms-version: 2009-09-19
                                          x-ms-lease-status: unlocked
                                          x-ms-blob-type: BlockBlob
                                          x-azure-ref: 20240901T185409Z-165795675767jvm9z21nmtw4wn00000006kg00000000afv3
                                          Cache-Control: public, max-age=604800
                                          x-fd-int-roxy-purgeid: 0
                                          X-Cache-Info: L2_T2
                                          X-Cache: TCP_REMOTE_HIT
                                          Accept-Ranges: bytes
                                          2024-09-01 18:54:09 UTC2008INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 28 00 00 00 28 08 06 00 00 00 8c fe b8 6d 00 00 00 09 70 48 59 73 00 00 16 25 00 00 16 25 01 49 52 24 f0 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 07 6d 49 44 41 54 78 01 ed 98 bf 6f 14 47 14 c7 df ec 9d 11 48 48 5c aa 94 de 74 74 18 45 a9 59 24 0a d2 24 54 91 a0 f1 39 44 24 45 24 ec 32 0d be 28 05 44 14 98 2a e9 7c 96 50 e4 26 32 11 2d 02 47 91 02 4d 64 a3 08 25 92 a5 70 fc 05 18 ff 38 df ed af 97 ef 77 76 66 bd 36 07 67 9b 58 69 18 69 34 b3 b3 bb b3 9f fb ce 7b 6f de 9c c8 bb f2 76 c5 c8 21 95 bf 66 35 4c 33 59 8a 33 6d e0 33 53 1f 7e 69 66 38 fe 74 56 c7 b2 54 1e 26 a9 34 f2 4c a6 3e fa ba 18 ff e3 96 36 7b 89 cc 6e f5 45 92 2c 9b f8 b8 55 6f 73
                                          Data Ascii: PNGIHDR((mpHYs%%IR$sRGBgAMAamIDATxoGHH\ttEY$$T9D$E$2(D*|P&2-GMd%p8wvf6gXii4{ov!f5L3Y3m3S~if8tVT&4L>6{nE,Uos


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          16192.168.2.45108813.107.246.404437608C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          TimestampBytes transferredDirectionData
                                          2024-09-01 18:54:09 UTC425OUTGET /assets/edge_hub_apps_outlook_light.png/1.9.10/asset HTTP/1.1
                                          Host: edgeassetservice.azureedge.net
                                          Connection: keep-alive
                                          Sec-Fetch-Site: none
                                          Sec-Fetch-Mode: no-cors
                                          Sec-Fetch-Dest: empty
                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                          Accept-Encoding: gzip, deflate, br
                                          Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                          2024-09-01 18:54:09 UTC523INHTTP/1.1 200 OK
                                          Date: Sun, 01 Sep 2024 18:54:09 GMT
                                          Content-Type: image/png
                                          Content-Length: 1154
                                          Connection: close
                                          Last-Modified: Wed, 25 Oct 2023 19:48:30 GMT
                                          ETag: 0x8DBD5935D5B3965
                                          x-ms-request-id: d224f29e-c01e-003e-65a0-fcde26000000
                                          x-ms-version: 2009-09-19
                                          x-ms-lease-status: unlocked
                                          x-ms-blob-type: BlockBlob
                                          x-azure-ref: 20240901T185409Z-16579567576rhxz5kgqdm3tfq000000006z0000000000qw1
                                          Cache-Control: public, max-age=604800
                                          x-fd-int-roxy-purgeid: 69316365
                                          X-Cache: TCP_MISS
                                          Accept-Ranges: bytes
                                          2024-09-01 18:54:09 UTC1154INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 28 00 00 00 28 08 06 00 00 00 8c fe b8 6d 00 00 00 09 70 48 59 73 00 00 16 25 00 00 16 25 01 49 52 24 f0 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 04 17 49 44 41 54 78 01 ed 97 cf 6f db 64 18 c7 bf 76 6a ea 34 69 e3 26 4b d4 b4 30 d2 f1 ab 4c 9a 96 c1 6e ed a1 30 0e 5c 10 4c b0 d3 0e ed 05 c1 05 35 3d ec 00 97 66 ff 41 72 43 02 a9 1a bb 70 03 c4 0d 6d 62 48 4c e2 f7 3a 0a 62 17 56 6b ab d6 aa cd 1a 37 4d 66 c7 89 fd ee 7d 9d 25 6b 1b 27 b1 1b 57 bd e4 23 39 f1 ef 7e fa 3c ef f3 bc 6f 80 1e 3d 8e 16 ce e9 8d c2 87 3f 24 4d 42 7e 04 88 04 2f e1 20 13 82 ac f9 e5 db 19 bb cb 3c 1c 62 10 73 d1 73 39 06 41 82 03 b7 80 d9 6f 6c df ed 38 82 13 5f 6f 10 b8
                                          Data Ascii: PNGIHDR((mpHYs%%IR$sRGBgAMAaIDATxodvj4i&K0Ln0\L5=fArCpmbHL:bVk7Mf}%k'W#9~<o=?$MB~/ <bss9Aol8_o


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          17192.168.2.45108913.107.246.404437608C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          TimestampBytes transferredDirectionData
                                          2024-09-01 18:54:09 UTC422OUTGET /assets/edge_hub_apps_M365_light.png/1.7.32/asset HTTP/1.1
                                          Host: edgeassetservice.azureedge.net
                                          Connection: keep-alive
                                          Sec-Fetch-Site: none
                                          Sec-Fetch-Mode: no-cors
                                          Sec-Fetch-Dest: empty
                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                          Accept-Encoding: gzip, deflate, br
                                          Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                          2024-09-01 18:54:09 UTC543INHTTP/1.1 200 OK
                                          Date: Sun, 01 Sep 2024 18:54:09 GMT
                                          Content-Type: image/png
                                          Content-Length: 2229
                                          Connection: close
                                          Last-Modified: Wed, 25 Oct 2023 19:48:24 GMT
                                          ETag: 0x8DBD59359A9E77B
                                          x-ms-request-id: 453f1ddb-801e-005f-6ffe-fa9af9000000
                                          x-ms-version: 2009-09-19
                                          x-ms-lease-status: unlocked
                                          x-ms-blob-type: BlockBlob
                                          x-azure-ref: 20240901T185409Z-16579567576kv75wmks9m65qec00000006yg00000000b3a6
                                          Cache-Control: public, max-age=604800
                                          x-fd-int-roxy-purgeid: 0
                                          X-Cache-Info: L2_T2
                                          X-Cache: TCP_REMOTE_HIT
                                          Accept-Ranges: bytes
                                          2024-09-01 18:54:09 UTC2229INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 28 00 00 00 28 08 06 00 00 00 8c fe b8 6d 00 00 00 09 70 48 59 73 00 00 16 25 00 00 16 25 01 49 52 24 f0 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 08 4a 49 44 41 54 78 01 ed 98 6d 88 5c 57 19 c7 9f e7 dc 7b 37 89 49 9a dd 6c 5e d6 96 c0 c4 36 a1 d5 2f 49 a1 92 22 ea 06 ac a4 41 21 05 41 2a e8 ee 16 a4 82 e0 26 62 a5 b5 92 99 f1 8b 2f 68 b3 fd 92 16 ad 64 fb 29 16 62 53 6d 68 17 15 b2 a2 ed 07 b1 6c a8 95 d6 97 74 36 a9 35 69 d2 90 dd 6d bb 9b 99 7b ce 79 fc 3f e7 dc d9 8d 99 24 b3 2f f9 d8 03 77 9e 7b ce dc b9 e7 77 ff cf cb 39 77 88 3e 6c 4b 6b 4c 37 a8 f5 ee 1d 2b a5 44 25 c2 47 9a d2 f8 c8 8f b6 8f d3 0d 68 4b 06 dc f1 8d df f7 ae cc ba cb 6c a8
                                          Data Ascii: PNGIHDR((mpHYs%%IR$sRGBgAMAaJIDATxm\W{7Il^6/I"A!A*&b/hd)bSmhlt65im{y?$/w{w9w>lKkL7+D%GhKl


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          18192.168.2.45109613.107.246.404437608C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          TimestampBytes transferredDirectionData
                                          2024-09-01 18:54:10 UTC431OUTGET /assets/edge_hub_apps_edrop_maximal_light.png/1.1.12/asset HTTP/1.1
                                          Host: edgeassetservice.azureedge.net
                                          Connection: keep-alive
                                          Sec-Fetch-Site: none
                                          Sec-Fetch-Mode: no-cors
                                          Sec-Fetch-Dest: empty
                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                          Accept-Encoding: gzip, deflate, br
                                          Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                          2024-09-01 18:54:10 UTC523INHTTP/1.1 200 OK
                                          Date: Sun, 01 Sep 2024 18:54:10 GMT
                                          Content-Type: image/png
                                          Content-Length: 1468
                                          Connection: close
                                          Last-Modified: Fri, 03 Nov 2023 21:43:14 GMT
                                          ETag: 0x8DBDCB5E23DFC43
                                          x-ms-request-id: 7e487c98-101e-0051-6ba0-fc76f2000000
                                          x-ms-version: 2009-09-19
                                          x-ms-lease-status: unlocked
                                          x-ms-blob-type: BlockBlob
                                          x-azure-ref: 20240901T185410Z-16579567576qxwrndb60my3nes00000006n000000000n5br
                                          Cache-Control: public, max-age=604800
                                          x-fd-int-roxy-purgeid: 69316365
                                          X-Cache: TCP_MISS
                                          Accept-Ranges: bytes
                                          2024-09-01 18:54:10 UTC1468INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 28 00 00 00 28 08 06 00 00 00 8c fe b8 6d 00 00 00 09 70 48 59 73 00 00 16 25 00 00 16 25 01 49 52 24 f0 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 05 51 49 44 41 54 78 01 ed 97 4b 6c 54 55 18 c7 ff e7 4e 19 62 da e0 b0 a1 01 03 5c 82 51 7c 52 16 1a 6d 6b 42 57 c4 c7 c2 2e 8c 26 24 46 62 44 17 26 b4 04 62 5c a0 ad 1a 63 dc c8 82 85 89 26 b4 09 68 89 1a a7 18 79 24 1a c6 05 75 41 02 17 19 23 46 03 13 10 4a 35 c8 50 fa 9a b9 f7 9c cf ef 3c ee 74 a6 96 76 da a6 2b e6 4b 4f ef cc b9 e7 9e ef 77 ff df e3 de 01 6a 56 b3 9a d5 ec ce 36 81 45 b6 cd 67 28 85 89 89 14 22 f8 20 e9 4b 0f 29 41 22 25 3c ac 85 42 8a a4 f2 a9 a8 52 8d e1 c5 d4 d5 70 75 3e 49 de a6
                                          Data Ascii: PNGIHDR((mpHYs%%IR$sRGBgAMAaQIDATxKlTUNb\Q|RmkBW.&$FbD&b\c&hy$uA#FJ5P<tv+KOwjV6Eg(" K)A"%<BRpu>I


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          19192.168.2.451097142.251.35.1704437608C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          TimestampBytes transferredDirectionData
                                          2024-09-01 18:54:11 UTC448OUTPOST /chromewebstore/v1.1/items/verify HTTP/1.1
                                          Host: www.googleapis.com
                                          Connection: keep-alive
                                          Content-Length: 119
                                          Content-Type: application/json
                                          Sec-Fetch-Site: none
                                          Sec-Fetch-Mode: no-cors
                                          Sec-Fetch-Dest: empty
                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                          Accept-Encoding: gzip, deflate, br
                                          Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                          2024-09-01 18:54:11 UTC119OUTData Raw: 7b 22 68 61 73 68 22 3a 22 59 79 57 42 41 68 4f 4a 6e 49 47 56 35 6e 38 72 39 67 6b 32 71 73 72 65 4b 57 59 6b 39 67 68 54 43 39 45 47 30 7a 4b 56 4f 36 6b 3d 22 2c 22 69 64 73 22 3a 5b 22 67 68 62 6d 6e 6e 6a 6f 6f 65 6b 70 6d 6f 65 63 6e 6e 6e 69 6c 6e 6e 62 64 6c 6f 6c 68 6b 68 69 22 5d 2c 22 70 72 6f 74 6f 63 6f 6c 5f 76 65 72 73 69 6f 6e 22 3a 31 7d
                                          Data Ascii: {"hash":"YyWBAhOJnIGV5n8r9gk2qsreKWYk9ghTC9EG0zKVO6k=","ids":["ghbmnnjooekpmoecnnnilnnbdlolhkhi"],"protocol_version":1}
                                          2024-09-01 18:54:11 UTC341INHTTP/1.1 200 OK
                                          Content-Type: application/json; charset=UTF-8
                                          Vary: Origin
                                          Vary: X-Origin
                                          Vary: Referer
                                          Date: Sun, 01 Sep 2024 18:54:11 GMT
                                          Server: ESF
                                          Content-Length: 483
                                          X-XSS-Protection: 0
                                          X-Frame-Options: SAMEORIGIN
                                          X-Content-Type-Options: nosniff
                                          Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                          Connection: close
                                          2024-09-01 18:54:11 UTC483INData Raw: 7b 0a 20 20 22 70 72 6f 74 6f 63 6f 6c 5f 76 65 72 73 69 6f 6e 22 3a 20 31 2c 0a 20 20 22 73 69 67 6e 61 74 75 72 65 22 3a 20 22 57 4b 2b 47 45 2f 7a 5a 37 55 4a 77 52 5a 53 31 41 66 35 53 7a 7a 68 2b 70 51 4c 62 71 74 58 47 2b 62 47 73 7a 42 49 67 66 65 61 42 6c 6a 77 6e 30 70 59 71 46 4a 74 32 59 76 65 62 75 74 35 45 6d 35 66 64 41 61 50 45 54 38 72 52 63 71 55 4d 6d 73 36 4c 75 68 74 52 42 52 31 4d 67 34 6f 4e 6f 6b 35 6a 58 54 39 78 52 55 34 7a 33 79 4a 56 68 67 6c 55 69 45 72 68 31 6d 63 43 36 6c 4c 4a 7a 51 46 67 36 44 34 67 61 59 47 6b 64 56 61 6d 2b 56 31 6e 78 37 45 76 75 78 68 2f 46 41 4c 69 2b 77 77 44 52 4b 4f 59 6d 38 59 44 59 53 32 2b 41 73 36 50 33 4c 73 56 58 68 56 70 56 35 58 48 7a 76 36 4a 47 30 34 63 48 2f 4b 38 2b 47 4f 2b 4e 39 61 73
                                          Data Ascii: { "protocol_version": 1, "signature": "WK+GE/zZ7UJwRZS1Af5Szzh+pQLbqtXG+bGszBIgfeaBljwn0pYqFJt2Yvebut5Em5fdAaPET8rRcqUMms6LuhtRBR1Mg4oNok5jXT9xRU4z3yJVhglUiErh1mcC6lLJzQFg6D4gaYGkdVam+V1nx7Evuxh/FALi+wwDRKOYm8YDYS2+As6P3LsVXhVpV5XHzv6JG04cH/K8+GO+N9as


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          20192.168.2.45109820.114.59.183443
                                          TimestampBytes transferredDirectionData
                                          2024-09-01 18:54:16 UTC306OUTGET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=KHPLYolBWPWnMA7&MD=vcr4pCUC HTTP/1.1
                                          Connection: Keep-Alive
                                          Accept: */*
                                          User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33
                                          Host: slscr.update.microsoft.com
                                          2024-09-01 18:54:16 UTC560INHTTP/1.1 200 OK
                                          Cache-Control: no-cache
                                          Pragma: no-cache
                                          Content-Type: application/octet-stream
                                          Expires: -1
                                          Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT
                                          ETag: "XAopazV00XDWnJCwkmEWRv6JkbjRA9QSSZ2+e/3MzEk=_2880"
                                          MS-CorrelationId: 3ff5c69c-f0a9-4971-a933-d3604f66d1f2
                                          MS-RequestId: f667ae72-723d-40b3-8af1-6baf1ad08da2
                                          MS-CV: +zif2RBJrkGIYuDb.0
                                          X-Microsoft-SLSClientCache: 2880
                                          Content-Disposition: attachment; filename=environment.cab
                                          X-Content-Type-Options: nosniff
                                          Date: Sun, 01 Sep 2024 18:54:15 GMT
                                          Connection: close
                                          Content-Length: 24490
                                          2024-09-01 18:54:16 UTC15824INData Raw: 4d 53 43 46 00 00 00 00 92 1e 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 23 d0 00 00 14 00 00 00 00 00 10 00 92 1e 00 00 18 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 e6 42 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 78 cf 8d 5c 26 1e e6 42 43 4b ed 5c 07 54 13 db d6 4e a3 f7 2e d5 d0 3b 4c 42 af 4a 57 10 e9 20 bd 77 21 94 80 88 08 24 2a 02 02 d2 55 10 a4 a8 88 97 22 8a 0a d2 11 04 95 ae d2 8b 20 28 0a 88 20 45 05 f4 9f 80 05 bd ed dd f7 ff 77 dd f7 bf 65 d6 4a 66 ce 99 33 67 4e d9 7b 7f fb db 7b 56 f4 4d 34 b4 21 e0 a7 03 0a d9 fc 68 6e 1d 20 70 28 14 02 85 20 20 ad 61 10 08 e3 66 0d ed 66 9b 1d 6a 90 af 1f 17 f0 4b 68 35 01 83 6c fb 44 42 5c 7d 83 3d 03 30 be 3e ae be 58
                                          Data Ascii: MSCFD#AdBenvironment.cabx\&BCK\TN.;LBJW w!$*U" ( EweJf3gN{{VM4!hn p( affjKh5lDB\}=0>X
                                          2024-09-01 18:54:16 UTC8666INData Raw: 04 01 31 2f 30 2d 30 0a 02 05 00 e1 2b 8a 50 02 01 00 30 0a 02 01 00 02 02 12 fe 02 01 ff 30 07 02 01 00 02 02 11 e6 30 0a 02 05 00 e1 2c db d0 02 01 00 30 36 06 0a 2b 06 01 04 01 84 59 0a 04 02 31 28 30 26 30 0c 06 0a 2b 06 01 04 01 84 59 0a 03 02 a0 0a 30 08 02 01 00 02 03 07 a1 20 a1 0a 30 08 02 01 00 02 03 01 86 a0 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 03 81 81 00 0c d9 08 df 48 94 57 65 3e ad e7 f2 17 9c 1f ca 3d 4d 6c cd 51 e1 ed 9c 17 a5 52 35 0f fd de 4b bd 22 92 c5 69 e5 d7 9f 29 23 72 40 7a ca 55 9d 8d 11 ad d5 54 00 bb 53 b4 87 7b 72 84 da 2d f6 e3 2c 4f 7e ba 1a 58 88 6e d6 b9 6d 16 ae 85 5b b5 c2 81 a8 e0 ee 0a 9c 60 51 3a 7b e4 61 f8 c3 e4 38 bd 7d 28 17 d6 79 f0 c8 58 c6 ef 1f f7 88 65 b1 ea 0a c0 df f7 ee 5c 23 c2 27 fd 98 63 08 31
                                          Data Ascii: 1/0-0+P000,06+Y1(0&0+Y0 00*HHWe>=MlQR5K"i)#r@zUTS{r-,O~Xnm[`Q:{a8}(yXe\#'c1


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          21192.168.2.451104152.195.19.974437608C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          TimestampBytes transferredDirectionData
                                          2024-09-01 18:54:21 UTC612OUTGET /filestreamingservice/files/bdc392b9-6b81-4aaa-b3ee-2fffd9562edb?P1=1725821643&P2=404&P3=2&P4=UgdAS0p3fKzmiKJeonq8vdafyxQCI5w4Uwc7PUpxjA5abxnr4EyUkiM5dWKUPGPBm58PYDxdcJjKtbxH2EHlqQ%3d%3d HTTP/1.1
                                          Host: msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.com
                                          Connection: keep-alive
                                          MS-CV: dZA1zPkJKVr11mYZRBOTvW
                                          Sec-Fetch-Site: none
                                          Sec-Fetch-Mode: no-cors
                                          Sec-Fetch-Dest: empty
                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                          Accept-Encoding: gzip, deflate, br
                                          Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                          2024-09-01 18:54:22 UTC632INHTTP/1.1 200 OK
                                          Accept-Ranges: bytes
                                          Age: 5143393
                                          Cache-Control: public, max-age=17280000
                                          Content-Type: application/x-chrome-extension
                                          Date: Sun, 01 Sep 2024 18:54:22 GMT
                                          Etag: "Gv3jDkaZdFLRHkoq2781zOehQE8="
                                          Last-Modified: Wed, 24 Jan 2024 00:25:37 GMT
                                          MS-CorrelationId: b4b4aabf-4d02-4629-96b1-a382405b6a31
                                          MS-CV: 642I+iNy0Qp5KFcIV/sUKh.0
                                          MS-RequestId: 5245ac9e-0afd-43ce-8780-5c7d0bedf1d4
                                          Server: ECAcc (nyd/D11E)
                                          X-AspNet-Version: 4.0.30319
                                          X-AspNetMvc-Version: 5.3
                                          X-Cache: HIT
                                          X-CCC: US
                                          X-CID: 11
                                          X-Powered-By: ASP.NET
                                          X-Powered-By: ARR/3.0
                                          X-Powered-By: ASP.NET
                                          Content-Length: 11185
                                          Connection: close
                                          2024-09-01 18:54:22 UTC11185INData Raw: 43 72 32 34 03 00 00 00 1d 05 00 00 12 ac 04 0a a6 02 30 82 01 22 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 82 01 0f 00 30 82 01 0a 02 82 01 01 00 bb 4e a9 d8 c8 e8 cb ac 89 0d 45 23 09 ef 07 9e ab ed 9a 39 65 ef 75 ea 71 bc a5 c4 56 59 59 ef 8c 08 40 04 2b ed 43 d0 dc 6b a7 4f 88 b9 62 4b d3 60 94 de 36 ee 47 92 ab 25 8a 1e cc 0d fa 33 5a 12 19 8e 65 20 5f fd 36 15 d6 13 1e 46 ae 8b 31 70 18 f1 a8 4b 1d 5a ff de 0e 83 8e 11 b2 2f 20 ed 33 88 cb fb 4f 54 94 9e 60 00 d3 bc 30 ab c0 d7 59 8b b0 96 46 54 fc f0 34 33 1c 74 68 d6 79 f9 0c 8c 7d 8a 91 98 ca 70 c6 4c 0f 1b c8 32 53 b9 26 69 cc 60 09 8d 6f ec f9 a6 66 8d 6f 48 81 0e 05 8a f1 97 4e b8 c3 94 3a b3 f7 69 6a 54 89 33 da 9e 46 7b d1 30 bb 2c cc 66 3f 27 66 e3 43 51 74 3b 62 5f 22 50 63 08 e5 20
                                          Data Ascii: Cr240"0*H0NE#9euqVYY@+CkObK`6G%3Ze _6F1pKZ/ 3OT`0YFT43thy}pL2S&i`ofoHN:ijT3F{0,f?'fCQt;b_"Pc


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          22192.168.2.45114120.114.59.183443
                                          TimestampBytes transferredDirectionData
                                          2024-09-01 18:54:55 UTC306OUTGET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=KHPLYolBWPWnMA7&MD=vcr4pCUC HTTP/1.1
                                          Connection: Keep-Alive
                                          Accept: */*
                                          User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33
                                          Host: slscr.update.microsoft.com
                                          2024-09-01 18:54:55 UTC560INHTTP/1.1 200 OK
                                          Cache-Control: no-cache
                                          Pragma: no-cache
                                          Content-Type: application/octet-stream
                                          Expires: -1
                                          Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT
                                          ETag: "vic+p1MiJJ+/WMnK08jaWnCBGDfvkGRzPk9f8ZadQHg=_1440"
                                          MS-CorrelationId: d706cb41-c8e9-4e63-a0a1-364da9e73a9b
                                          MS-RequestId: 56f96c6c-bce5-4e41-b615-5163aa7e1672
                                          MS-CV: VpO8SkHxRUyGEAzF.0
                                          X-Microsoft-SLSClientCache: 1440
                                          Content-Disposition: attachment; filename=environment.cab
                                          X-Content-Type-Options: nosniff
                                          Date: Sun, 01 Sep 2024 18:54:54 GMT
                                          Connection: close
                                          Content-Length: 30005
                                          2024-09-01 18:54:55 UTC15824INData Raw: 4d 53 43 46 00 00 00 00 8d 2b 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 5b 49 00 00 14 00 00 00 00 00 10 00 8d 2b 00 00 a8 49 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 72 4d 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 fe f6 51 be 21 2b 72 4d 43 4b ed 7c 05 58 54 eb da f6 14 43 49 37 0a 02 d2 b9 86 0e 41 52 a4 1b 24 a5 bb 43 24 44 18 94 90 92 52 41 3a 05 09 95 ee 54 b0 00 91 2e e9 12 10 04 11 c9 6f 10 b7 a2 67 9f bd cf 3e ff b7 ff b3 bf 73 ed e1 9a 99 f5 c6 7a d7 bb de f5 3e cf fd 3c f7 dc 17 4a 1a 52 e7 41 a8 97 1e 14 f4 e5 25 7d f4 05 82 82 c1 20 30 08 06 ba c3 05 02 11 7f a9 c1 ff d2 87 5c 1e f4 ed 65 8e 7a 1f f6 0a 40 03 1d 7b f9 83 2c 1c 2f db b8 3a 39 3a 58 38 ba 73 5e
                                          Data Ascii: MSCF+D[I+IdrMenvironment.cabQ!+rMCK|XTCI7AR$C$DRA:T.og>sz><JRA%} 0\ez@{,/:9:X8s^
                                          2024-09-01 18:54:55 UTC14181INData Raw: 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 26 30 24 06 03 55 04 03 13 1d 4d 69 63 72 6f 73 6f 66 74 20 54 69 6d 65 2d 53 74 61 6d 70 20 50 43 41 20 32 30 31 30 30 1e 17 0d 32 33 31 30 31 32 31 39 30 37 32 35 5a 17 0d 32 35 30 31 31 30 31 39 30 37 32 35 5a 30 81 d2 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 2d 30 2b 06 03 55 04 0b 13 24 4d 69 63 72 6f
                                          Data Ascii: UUS10UWashington10URedmond10UMicrosoft Corporation1&0$UMicrosoft Time-Stamp PCA 20100231012190725Z250110190725Z010UUS10UWashington10URedmond10UMicrosoft Corporation1-0+U$Micro


                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          23192.168.2.45114423.223.209.2074437608C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          TimestampBytes transferredDirectionData
                                          2024-09-01 18:55:04 UTC442OUTOPTIONS /api/report?cat=bingbusiness HTTP/1.1
                                          Host: bzib.nelreports.net
                                          Connection: keep-alive
                                          Origin: https://business.bing.com
                                          Access-Control-Request-Method: POST
                                          Access-Control-Request-Headers: content-type
                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                          Accept-Encoding: gzip, deflate, br
                                          Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                          2024-09-01 18:55:04 UTC378INHTTP/1.1 503 Service Unavailable
                                          Content-Length: 326
                                          Content-Type: text/html; charset=us-ascii
                                          Date: Sun, 01 Sep 2024 18:55:04 GMT
                                          Connection: close
                                          PMUSER_FORMAT_QS:
                                          X-CDN-TraceId: 0.cfbbd717.1725216904.df1e51c
                                          Access-Control-Allow-Credentials: false
                                          Access-Control-Allow-Methods: *
                                          Access-Control-Allow-Methods: GET, OPTIONS, POST
                                          Access-Control-Allow-Origin: *
                                          2024-09-01 18:55:04 UTC326INData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 53 65 72 76 69 63 65 20 55 6e 61 76 61 69 6c 61 62 6c 65 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 53 65 72 76 69 63 65 20 55 6e 61 76 61 69 6c 61 62 6c 65 3c 2f 68 32 3e 0d 0a 3c
                                          Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Service Unavailable</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Service Unavailable</h2><


                                          Statistics

                                          CPU Usage

                                          Click to jump to process

                                          Memory Usage

                                          Click to jump to process

                                          High Level Behavior Distribution

                                          Click to dive into process behavior distribution

                                          Behavior

                                          Click to jump to process

                                          System Behavior

                                          General

                                          Target ID:0
                                          Start time:14:53:56
                                          Start date:01/09/2024
                                          Path:C:\Users\user\Desktop\file.exe
                                          Wow64 process (32bit):true
                                          Commandline:"C:\Users\user\Desktop\file.exe"
                                          Imagebase:0xd20000
                                          File size:917'504 bytes
                                          MD5 hash:EFB40A47D21362D07886B03A97D03E58
                                          Has elevated privileges:true
                                          Has administrator privileges:true
                                          Programmed in:C, C++ or other language
                                          Reputation:low
                                          Has exited:true

                                          General

                                          Target ID:1
                                          Start time:14:53:57
                                          Start date:01/09/2024
                                          Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          Wow64 process (32bit):false
                                          Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd
                                          Imagebase:0x7ff67dcd0000
                                          File size:4'210'216 bytes
                                          MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                          Has elevated privileges:true
                                          Has administrator privileges:true
                                          Programmed in:C, C++ or other language
                                          Reputation:moderate
                                          Has exited:true

                                          General

                                          Target ID:2
                                          Start time:14:53:57
                                          Start date:01/09/2024
                                          Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                          Wow64 process (32bit):false
                                          Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd
                                          Imagebase:0x7ff6bf500000
                                          File size:676'768 bytes
                                          MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                          Has elevated privileges:true
                                          Has administrator privileges:true
                                          Programmed in:C, C++ or other language
                                          Reputation:high
                                          Has exited:true

                                          General

                                          Target ID:4
                                          Start time:14:53:57
                                          Start date:01/09/2024
                                          Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                          Wow64 process (32bit):false
                                          Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd --attempting-deelevation
                                          Imagebase:0x7ff6bf500000
                                          File size:676'768 bytes
                                          MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                          Has elevated privileges:false
                                          Has administrator privileges:false
                                          Programmed in:C, C++ or other language
                                          Reputation:high
                                          Has exited:true

                                          General

                                          Target ID:5
                                          Start time:14:53:57
                                          Start date:01/09/2024
                                          Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                          Wow64 process (32bit):false
                                          Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd
                                          Imagebase:0x7ff6bf500000
                                          File size:676'768 bytes
                                          MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                          Has elevated privileges:false
                                          Has administrator privileges:false
                                          Programmed in:C, C++ or other language
                                          Reputation:high
                                          Has exited:false

                                          General

                                          Target ID:6
                                          Start time:14:53:57
                                          Start date:01/09/2024
                                          Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          Wow64 process (32bit):false
                                          Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2220 --field-trial-handle=2176,i,7983970190078579778,15414779449484211005,262144 /prefetch:3
                                          Imagebase:0x7ff67dcd0000
                                          File size:4'210'216 bytes
                                          MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                          Has elevated privileges:true
                                          Has administrator privileges:true
                                          Programmed in:C, C++ or other language
                                          Reputation:moderate
                                          Has exited:true

                                          General

                                          Target ID:7
                                          Start time:14:53:57
                                          Start date:01/09/2024
                                          Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          Wow64 process (32bit):false
                                          Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd
                                          Imagebase:0x7ff67dcd0000
                                          File size:4'210'216 bytes
                                          MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                          Has elevated privileges:false
                                          Has administrator privileges:false
                                          Programmed in:C, C++ or other language
                                          Reputation:moderate
                                          Has exited:false

                                          General

                                          Target ID:8
                                          Start time:14:53:59
                                          Start date:01/09/2024
                                          Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          Wow64 process (32bit):false
                                          Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2452 --field-trial-handle=2108,i,175679224649341972,9737569458968521055,262144 /prefetch:3
                                          Imagebase:0x7ff67dcd0000
                                          File size:4'210'216 bytes
                                          MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                          Has elevated privileges:false
                                          Has administrator privileges:false
                                          Programmed in:C, C++ or other language
                                          Reputation:moderate
                                          Has exited:false

                                          General

                                          Target ID:10
                                          Start time:14:54:02
                                          Start date:01/09/2024
                                          Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          Wow64 process (32bit):false
                                          Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=6428 --field-trial-handle=2108,i,175679224649341972,9737569458968521055,262144 /prefetch:8
                                          Imagebase:0x7ff67dcd0000
                                          File size:4'210'216 bytes
                                          MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                          Has elevated privileges:false
                                          Has administrator privileges:false
                                          Programmed in:C, C++ or other language
                                          Reputation:moderate
                                          Has exited:true

                                          General

                                          Target ID:11
                                          Start time:14:54:02
                                          Start date:01/09/2024
                                          Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          Wow64 process (32bit):false
                                          Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=6688 --field-trial-handle=2108,i,175679224649341972,9737569458968521055,262144 /prefetch:8
                                          Imagebase:0x7ff67dcd0000
                                          File size:4'210'216 bytes
                                          MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                          Has elevated privileges:false
                                          Has administrator privileges:false
                                          Programmed in:C, C++ or other language
                                          Reputation:moderate
                                          Has exited:true

                                          General

                                          Target ID:13
                                          Start time:14:54:03
                                          Start date:01/09/2024
                                          Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                          Wow64 process (32bit):false
                                          Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2324 -parentBuildID 20230927232528 -prefsHandle 2264 -prefMapHandle 2260 -prefsLen 25359 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b2c51076-e2ba-496a-8a5d-bad7f0b747df} 7172 "\\.\pipe\gecko-crash-server-pipe.7172" 1e9e0c6d310 socket
                                          Imagebase:0x7ff6bf500000
                                          File size:676'768 bytes
                                          MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                          Has elevated privileges:false
                                          Has administrator privileges:false
                                          Programmed in:C, C++ or other language
                                          Reputation:high
                                          Has exited:false

                                          General

                                          Target ID:15
                                          Start time:14:54:05
                                          Start date:01/09/2024
                                          Path:C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe
                                          Wow64 process (32bit):false
                                          Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=6984 --field-trial-handle=2108,i,175679224649341972,9737569458968521055,262144 /prefetch:8
                                          Imagebase:0x7ff67f860000
                                          File size:1'255'976 bytes
                                          MD5 hash:76C58E5BABFE4ACF0308AA646FC0F416
                                          Has elevated privileges:false
                                          Has administrator privileges:false
                                          Programmed in:C, C++ or other language
                                          Reputation:moderate
                                          Has exited:true

                                          General

                                          Target ID:16
                                          Start time:14:54:05
                                          Start date:01/09/2024
                                          Path:C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe
                                          Wow64 process (32bit):false
                                          Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=6984 --field-trial-handle=2108,i,175679224649341972,9737569458968521055,262144 /prefetch:8
                                          Imagebase:0x7ff67f860000
                                          File size:1'255'976 bytes
                                          MD5 hash:76C58E5BABFE4ACF0308AA646FC0F416
                                          Has elevated privileges:false
                                          Has administrator privileges:false
                                          Programmed in:C, C++ or other language
                                          Has exited:true

                                          General

                                          Target ID:17
                                          Start time:14:54:07
                                          Start date:01/09/2024
                                          Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                          Wow64 process (32bit):false
                                          Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3504 -parentBuildID 20230927232528 -prefsHandle 2852 -prefMapHandle 3480 -prefsLen 26374 -prefMapSize 237879 -appDir "C:\Program Files\Mozilla Firefox\browser" - {df1c462e-2999-4128-a5ee-18d3d60123b5} 7172 "\\.\pipe\gecko-crash-server-pipe.7172" 1e9f2c64d10 rdd
                                          Imagebase:0x7ff6bf500000
                                          File size:676'768 bytes
                                          MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                          Has elevated privileges:false
                                          Has administrator privileges:false
                                          Programmed in:C, C++ or other language
                                          Has exited:false

                                          General

                                          Target ID:19
                                          Start time:14:54:16
                                          Start date:01/09/2024
                                          Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          Wow64 process (32bit):false
                                          Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5
                                          Imagebase:0x7ff67dcd0000
                                          File size:4'210'216 bytes
                                          MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                          Has elevated privileges:false
                                          Has administrator privileges:false
                                          Programmed in:C, C++ or other language
                                          Has exited:true

                                          General

                                          Target ID:20
                                          Start time:14:54:17
                                          Start date:01/09/2024
                                          Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          Wow64 process (32bit):false
                                          Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2280 --field-trial-handle=2068,i,13160541813465607293,2712023220913971906,262144 /prefetch:3
                                          Imagebase:0x7ff67dcd0000
                                          File size:4'210'216 bytes
                                          MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                          Has elevated privileges:false
                                          Has administrator privileges:false
                                          Programmed in:C, C++ or other language
                                          Has exited:true

                                          General

                                          Target ID:23
                                          Start time:14:54:25
                                          Start date:01/09/2024
                                          Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          Wow64 process (32bit):false
                                          Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5
                                          Imagebase:0x7ff67dcd0000
                                          File size:4'210'216 bytes
                                          MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                          Has elevated privileges:false
                                          Has administrator privileges:false
                                          Programmed in:C, C++ or other language
                                          Has exited:true

                                          General

                                          Target ID:24
                                          Start time:14:54:25
                                          Start date:01/09/2024
                                          Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          Wow64 process (32bit):false
                                          Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2144 --field-trial-handle=2020,i,12803728955632511086,9893143217689161617,262144 /prefetch:3
                                          Imagebase:0x7ff67dcd0000
                                          File size:4'210'216 bytes
                                          MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                          Has elevated privileges:false
                                          Has administrator privileges:false
                                          Programmed in:C, C++ or other language
                                          Has exited:true

                                          General

                                          Target ID:25
                                          Start time:14:54:43
                                          Start date:01/09/2024
                                          Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                          Wow64 process (32bit):false
                                          Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5660 -parentBuildID 20230927232528 -sandboxingKind 0 -prefsHandle 5652 -prefMapHandle 5592 -prefsLen 33976 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e87c3b9e-4be0-4f77-84ea-de9f8ccec19d} 7172 "\\.\pipe\gecko-crash-server-pipe.7172" 1e9f2c92110 utility
                                          Imagebase:0x7ff6bf500000
                                          File size:676'768 bytes
                                          MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                          Has elevated privileges:false
                                          Has administrator privileges:false
                                          Programmed in:C, C++ or other language
                                          Has exited:false

                                          General

                                          Target ID:26
                                          Start time:14:54:59
                                          Start date:01/09/2024
                                          Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          Wow64 process (32bit):false
                                          Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-GB --service-sandbox-type=search_indexer --message-loop-type-ui --mojo-platform-channel-handle=7080 --field-trial-handle=2108,i,175679224649341972,9737569458968521055,262144 /prefetch:8
                                          Imagebase:0x7ff67dcd0000
                                          File size:4'210'216 bytes
                                          MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                          Has elevated privileges:false
                                          Has administrator privileges:false
                                          Programmed in:C, C++ or other language
                                          Has exited:false

                                          Disassembly

                                          Reset < >

                                            Execution Graph

                                            Execution Coverage:1.9%
                                            Dynamic/Decrypted Code Coverage:0%
                                            Signature Coverage:5%
                                            Total number of Nodes:1406
                                            Total number of Limit Nodes:42
                                            execution_graph 95178 d21033 95183 d24c91 95178->95183 95182 d21042 95191 d2a961 95183->95191 95188 d24d9c 95189 d21038 95188->95189 95199 d251f7 22 API calls __fread_nolock 95188->95199 95190 d400a3 29 API calls __onexit 95189->95190 95190->95182 95200 d3fe0b 95191->95200 95193 d2a976 95210 d3fddb 95193->95210 95195 d24cff 95196 d23af0 95195->95196 95235 d23b1c 95196->95235 95199->95188 95202 d3fddb 95200->95202 95203 d3fdfa 95202->95203 95206 d3fdfc 95202->95206 95220 d4ea0c 95202->95220 95227 d44ead 7 API calls 2 library calls 95202->95227 95203->95193 95205 d4066d 95229 d432a4 RaiseException 95205->95229 95206->95205 95228 d432a4 RaiseException 95206->95228 95209 d4068a 95209->95193 95212 d3fde0 95210->95212 95211 d4ea0c ___std_exception_copy 21 API calls 95211->95212 95212->95211 95213 d3fdfa 95212->95213 95216 d3fdfc 95212->95216 95232 d44ead 7 API calls 2 library calls 95212->95232 95213->95195 95215 d4066d 95234 d432a4 RaiseException 95215->95234 95216->95215 95233 d432a4 RaiseException 95216->95233 95219 d4068a 95219->95195 95222 d53820 __dosmaperr 95220->95222 95221 d5385e 95231 d4f2d9 20 API calls __dosmaperr 95221->95231 95222->95221 95224 d53849 RtlAllocateHeap 95222->95224 95230 d44ead 7 API calls 2 library calls 95222->95230 95224->95222 95225 d5385c 95224->95225 95225->95202 95227->95202 95228->95205 95229->95209 95230->95222 95231->95225 95232->95212 95233->95215 95234->95219 95236 d23b0f 95235->95236 95237 d23b29 95235->95237 95236->95188 95237->95236 95238 d23b30 RegOpenKeyExW 95237->95238 95238->95236 95239 d23b4a RegQueryValueExW 95238->95239 95240 d23b80 RegCloseKey 95239->95240 95241 d23b6b 95239->95241 95240->95236 95241->95240 95242 d73f75 95253 d3ceb1 95242->95253 95244 d73f8b 95245 d74006 95244->95245 95320 d3e300 23 API calls 95244->95320 95262 d2bf40 95245->95262 95247 d73fe6 95251 d74052 95247->95251 95321 d91abf 22 API calls 95247->95321 95250 d74a88 95251->95250 95322 d9359c 82 API calls __wsopen_s 95251->95322 95254 d3ced2 95253->95254 95255 d3cebf 95253->95255 95257 d3ced7 95254->95257 95258 d3cf05 95254->95258 95323 d2aceb 23 API calls messages 95255->95323 95260 d3fddb 22 API calls 95257->95260 95324 d2aceb 23 API calls messages 95258->95324 95261 d3cec9 95260->95261 95261->95244 95325 d2adf0 95262->95325 95264 d2bf9d 95265 d704b6 95264->95265 95266 d2bfa9 95264->95266 95344 d9359c 82 API calls __wsopen_s 95265->95344 95268 d704c6 95266->95268 95269 d2c01e 95266->95269 95345 d9359c 82 API calls __wsopen_s 95268->95345 95330 d2ac91 95269->95330 95272 d87120 22 API calls 95306 d2c039 __fread_nolock messages 95272->95306 95273 d2c7da 95277 d3fe0b 22 API calls 95273->95277 95282 d2c808 __fread_nolock 95277->95282 95279 d704f5 95283 d7055a 95279->95283 95346 d3d217 185 API calls 95279->95346 95287 d3fe0b 22 API calls 95282->95287 95319 d2c603 95283->95319 95347 d9359c 82 API calls __wsopen_s 95283->95347 95284 d3fddb 22 API calls 95284->95306 95285 d2af8a 22 API calls 95285->95306 95286 d7091a 95381 d93209 23 API calls 95286->95381 95305 d2c350 __fread_nolock messages 95287->95305 95290 d2ec40 185 API calls 95290->95306 95291 d708a5 95355 d2ec40 95291->95355 95294 d708cf 95294->95319 95379 d2a81b 41 API calls 95294->95379 95295 d70591 95348 d9359c 82 API calls __wsopen_s 95295->95348 95298 d708f6 95380 d9359c 82 API calls __wsopen_s 95298->95380 95300 d2bbe0 40 API calls 95300->95306 95302 d2c3ac 95302->95251 95303 d2c237 95307 d2c253 95303->95307 95382 d2a8c7 22 API calls __fread_nolock 95303->95382 95305->95302 95343 d3ce17 22 API calls messages 95305->95343 95306->95272 95306->95273 95306->95279 95306->95282 95306->95283 95306->95284 95306->95285 95306->95286 95306->95290 95306->95291 95306->95295 95306->95298 95306->95300 95306->95303 95314 d709bf 95306->95314 95318 d3fe0b 22 API calls 95306->95318 95306->95319 95334 d2ad81 95306->95334 95349 d87099 22 API calls __fread_nolock 95306->95349 95350 da5745 54 API calls _wcslen 95306->95350 95351 d3aa42 22 API calls messages 95306->95351 95352 d8f05c 40 API calls 95306->95352 95353 d2a993 41 API calls 95306->95353 95354 d2aceb 23 API calls messages 95306->95354 95309 d70976 95307->95309 95312 d2c297 messages 95307->95312 95383 d2aceb 23 API calls messages 95309->95383 95312->95314 95341 d2aceb 23 API calls messages 95312->95341 95314->95319 95384 d9359c 82 API calls __wsopen_s 95314->95384 95315 d2c335 95315->95314 95316 d2c342 95315->95316 95342 d2a704 22 API calls messages 95316->95342 95318->95306 95319->95251 95320->95247 95321->95245 95322->95250 95323->95261 95324->95261 95326 d2ae01 95325->95326 95329 d2ae1c messages 95325->95329 95385 d2aec9 95326->95385 95328 d2ae09 CharUpperBuffW 95328->95329 95329->95264 95331 d2acae 95330->95331 95332 d2acd1 95331->95332 95391 d9359c 82 API calls __wsopen_s 95331->95391 95332->95306 95335 d2ad92 95334->95335 95336 d6fadb 95334->95336 95337 d3fddb 22 API calls 95335->95337 95338 d2ad99 95337->95338 95392 d2adcd 95338->95392 95341->95315 95342->95305 95343->95305 95344->95268 95345->95319 95346->95283 95347->95319 95348->95319 95349->95306 95350->95306 95351->95306 95352->95306 95353->95306 95354->95306 95376 d2ec76 messages 95355->95376 95356 d400a3 29 API calls pre_c_initialization 95356->95376 95357 d401f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent __Init_thread_footer 95357->95376 95358 d2fef7 95373 d2ed9d messages 95358->95373 95403 d2a8c7 22 API calls __fread_nolock 95358->95403 95361 d3fddb 22 API calls 95361->95376 95362 d74b0b 95405 d9359c 82 API calls __wsopen_s 95362->95405 95363 d2a8c7 22 API calls 95363->95376 95364 d74600 95364->95373 95402 d2a8c7 22 API calls __fread_nolock 95364->95402 95369 d40242 EnterCriticalSection LeaveCriticalSection LeaveCriticalSection WaitForSingleObjectEx EnterCriticalSection 95369->95376 95371 d2fbe3 95371->95373 95374 d74bdc 95371->95374 95378 d2f3ae messages 95371->95378 95372 d2a961 22 API calls 95372->95376 95373->95294 95406 d9359c 82 API calls __wsopen_s 95374->95406 95376->95356 95376->95357 95376->95358 95376->95361 95376->95362 95376->95363 95376->95364 95376->95369 95376->95371 95376->95372 95376->95373 95377 d74beb 95376->95377 95376->95378 95400 d301e0 185 API calls 2 library calls 95376->95400 95401 d306a0 41 API calls messages 95376->95401 95407 d9359c 82 API calls __wsopen_s 95377->95407 95378->95373 95404 d9359c 82 API calls __wsopen_s 95378->95404 95379->95298 95380->95319 95381->95303 95382->95307 95383->95314 95384->95319 95386 d2aedc 95385->95386 95390 d2aed9 __fread_nolock 95385->95390 95387 d3fddb 22 API calls 95386->95387 95388 d2aee7 95387->95388 95389 d3fe0b 22 API calls 95388->95389 95389->95390 95390->95328 95391->95332 95398 d2addd 95392->95398 95393 d2adb6 95393->95306 95394 d3fddb 22 API calls 95394->95398 95395 d2a961 22 API calls 95395->95398 95396 d2adcd 22 API calls 95396->95398 95398->95393 95398->95394 95398->95395 95398->95396 95399 d2a8c7 22 API calls __fread_nolock 95398->95399 95399->95398 95400->95376 95401->95376 95402->95373 95403->95373 95404->95373 95405->95373 95406->95377 95407->95373 95408 d23156 95411 d23170 95408->95411 95412 d23187 95411->95412 95413 d231eb 95412->95413 95414 d2318c 95412->95414 95452 d231e9 95412->95452 95416 d231f1 95413->95416 95417 d62dfb 95413->95417 95418 d23265 PostQuitMessage 95414->95418 95419 d23199 95414->95419 95415 d231d0 DefWindowProcW 95420 d2316a 95415->95420 95421 d231f8 95416->95421 95422 d2321d SetTimer RegisterWindowMessageW 95416->95422 95463 d218e2 10 API calls 95417->95463 95418->95420 95424 d231a4 95419->95424 95425 d62e7c 95419->95425 95426 d23201 KillTimer 95421->95426 95427 d62d9c 95421->95427 95422->95420 95429 d23246 CreatePopupMenu 95422->95429 95430 d231ae 95424->95430 95431 d62e68 95424->95431 95477 d8bf30 34 API calls ___scrt_fastfail 95425->95477 95456 d230f2 95426->95456 95433 d62dd7 MoveWindow 95427->95433 95434 d62da1 95427->95434 95428 d62e1c 95464 d3e499 42 API calls 95428->95464 95429->95420 95438 d62e4d 95430->95438 95439 d231b9 95430->95439 95476 d8c161 27 API calls ___scrt_fastfail 95431->95476 95433->95420 95441 d62dc6 SetFocus 95434->95441 95442 d62da7 95434->95442 95438->95415 95475 d80ad7 22 API calls 95438->95475 95445 d231c4 95439->95445 95446 d23253 95439->95446 95440 d62e8e 95440->95415 95440->95420 95441->95420 95442->95445 95447 d62db0 95442->95447 95444 d23263 95444->95420 95445->95415 95453 d230f2 Shell_NotifyIconW 95445->95453 95461 d2326f 44 API calls ___scrt_fastfail 95446->95461 95462 d218e2 10 API calls 95447->95462 95452->95415 95454 d62e41 95453->95454 95465 d23837 95454->95465 95457 d23154 95456->95457 95458 d23104 ___scrt_fastfail 95456->95458 95460 d23c50 DeleteObject DestroyWindow 95457->95460 95459 d23123 Shell_NotifyIconW 95458->95459 95459->95457 95460->95420 95461->95444 95462->95420 95463->95428 95464->95445 95466 d23862 ___scrt_fastfail 95465->95466 95478 d24212 95466->95478 95469 d238e8 95471 d63386 Shell_NotifyIconW 95469->95471 95472 d23906 Shell_NotifyIconW 95469->95472 95482 d23923 95472->95482 95474 d2391c 95474->95452 95475->95452 95476->95444 95477->95440 95479 d635a4 95478->95479 95480 d238b7 95478->95480 95479->95480 95481 d635ad DestroyIcon 95479->95481 95480->95469 95504 d8c874 42 API calls _strftime 95480->95504 95481->95480 95483 d2393f 95482->95483 95501 d23a13 95482->95501 95505 d26270 95483->95505 95486 d63393 LoadStringW 95489 d633ad 95486->95489 95487 d2395a 95510 d26b57 95487->95510 95503 d23994 ___scrt_fastfail 95489->95503 95523 d2a8c7 22 API calls __fread_nolock 95489->95523 95490 d2396f 95491 d2397c 95490->95491 95492 d633c9 95490->95492 95491->95489 95494 d23986 95491->95494 95524 d26350 22 API calls 95492->95524 95522 d26350 22 API calls 95494->95522 95497 d633d7 95497->95503 95525 d233c6 95497->95525 95499 d239f9 Shell_NotifyIconW 95499->95501 95500 d633f9 95502 d233c6 22 API calls 95500->95502 95501->95474 95502->95503 95503->95499 95504->95469 95506 d3fe0b 22 API calls 95505->95506 95507 d26295 95506->95507 95508 d3fddb 22 API calls 95507->95508 95509 d2394d 95508->95509 95509->95486 95509->95487 95511 d64ba1 95510->95511 95512 d26b67 _wcslen 95510->95512 95535 d293b2 95511->95535 95515 d26ba2 95512->95515 95516 d26b7d 95512->95516 95514 d64baa 95514->95514 95518 d3fddb 22 API calls 95515->95518 95534 d26f34 22 API calls 95516->95534 95520 d26bae 95518->95520 95519 d26b85 __fread_nolock 95519->95490 95521 d3fe0b 22 API calls 95520->95521 95521->95519 95522->95503 95523->95503 95524->95497 95526 d630bb 95525->95526 95527 d233dd 95525->95527 95529 d3fddb 22 API calls 95526->95529 95539 d233ee 95527->95539 95531 d630c5 _wcslen 95529->95531 95530 d233e8 95530->95500 95532 d3fe0b 22 API calls 95531->95532 95533 d630fe __fread_nolock 95532->95533 95534->95519 95536 d293c0 95535->95536 95538 d293c9 __fread_nolock 95535->95538 95537 d2aec9 22 API calls 95536->95537 95536->95538 95537->95538 95538->95514 95540 d233fe _wcslen 95539->95540 95541 d23411 95540->95541 95542 d6311d 95540->95542 95549 d2a587 95541->95549 95544 d3fddb 22 API calls 95542->95544 95546 d63127 95544->95546 95545 d2341e __fread_nolock 95545->95530 95547 d3fe0b 22 API calls 95546->95547 95548 d63157 __fread_nolock 95547->95548 95550 d2a59d 95549->95550 95553 d2a598 __fread_nolock 95549->95553 95551 d3fe0b 22 API calls 95550->95551 95552 d6f80f 95550->95552 95551->95553 95553->95545 95554 d22e37 95555 d2a961 22 API calls 95554->95555 95556 d22e4d 95555->95556 95633 d24ae3 95556->95633 95558 d22e6b 95647 d23a5a 95558->95647 95560 d22e7f 95654 d29cb3 95560->95654 95565 d62cb0 95700 d92cf9 95565->95700 95566 d22ead 95682 d2a8c7 22 API calls __fread_nolock 95566->95682 95568 d62cc3 95570 d62ccf 95568->95570 95726 d24f39 95568->95726 95574 d24f39 68 API calls 95570->95574 95571 d22ec3 95683 d26f88 22 API calls 95571->95683 95576 d62ce5 95574->95576 95575 d22ecf 95577 d29cb3 22 API calls 95575->95577 95732 d23084 22 API calls 95576->95732 95578 d22edc 95577->95578 95684 d2a81b 41 API calls 95578->95684 95581 d62d02 95733 d23084 22 API calls 95581->95733 95582 d22eec 95583 d29cb3 22 API calls 95582->95583 95584 d22f12 95583->95584 95685 d2a81b 41 API calls 95584->95685 95587 d62d1e 95588 d23a5a 24 API calls 95587->95588 95589 d62d44 95588->95589 95734 d23084 22 API calls 95589->95734 95590 d22f21 95593 d2a961 22 API calls 95590->95593 95592 d62d50 95735 d2a8c7 22 API calls __fread_nolock 95592->95735 95595 d22f3f 95593->95595 95686 d23084 22 API calls 95595->95686 95596 d62d5e 95736 d23084 22 API calls 95596->95736 95599 d22f4b 95687 d44a28 40 API calls 3 library calls 95599->95687 95600 d62d6d 95737 d2a8c7 22 API calls __fread_nolock 95600->95737 95602 d22f59 95602->95576 95603 d22f63 95602->95603 95688 d44a28 40 API calls 3 library calls 95603->95688 95606 d22f6e 95606->95581 95608 d22f78 95606->95608 95607 d62d83 95738 d23084 22 API calls 95607->95738 95689 d44a28 40 API calls 3 library calls 95608->95689 95611 d62d90 95612 d22f83 95612->95587 95613 d22f8d 95612->95613 95690 d44a28 40 API calls 3 library calls 95613->95690 95615 d22f98 95616 d22fdc 95615->95616 95691 d23084 22 API calls 95615->95691 95616->95600 95617 d22fe8 95616->95617 95617->95611 95694 d263eb 22 API calls 95617->95694 95620 d22fbf 95692 d2a8c7 22 API calls __fread_nolock 95620->95692 95621 d22ff8 95695 d26a50 22 API calls 95621->95695 95624 d22fcd 95693 d23084 22 API calls 95624->95693 95625 d23006 95696 d270b0 23 API calls 95625->95696 95630 d23021 95631 d23065 95630->95631 95697 d26f88 22 API calls 95630->95697 95698 d270b0 23 API calls 95630->95698 95699 d23084 22 API calls 95630->95699 95634 d24af0 __wsopen_s 95633->95634 95635 d26b57 22 API calls 95634->95635 95636 d24b22 95634->95636 95635->95636 95646 d24b58 95636->95646 95739 d24c6d 95636->95739 95638 d29cb3 22 API calls 95640 d24c52 95638->95640 95639 d29cb3 22 API calls 95639->95646 95642 d2515f 22 API calls 95640->95642 95641 d24c6d 22 API calls 95641->95646 95644 d24c5e 95642->95644 95644->95558 95645 d24c29 95645->95638 95645->95644 95646->95639 95646->95641 95646->95645 95742 d2515f 95646->95742 95748 d61f50 95647->95748 95650 d29cb3 22 API calls 95651 d23a8d 95650->95651 95750 d23aa2 95651->95750 95653 d23a97 95653->95560 95655 d29cc2 _wcslen 95654->95655 95656 d3fe0b 22 API calls 95655->95656 95657 d29cea __fread_nolock 95656->95657 95658 d3fddb 22 API calls 95657->95658 95659 d22e8c 95658->95659 95660 d24ecb 95659->95660 95770 d24e90 LoadLibraryA 95660->95770 95665 d24ef6 LoadLibraryExW 95778 d24e59 LoadLibraryA 95665->95778 95666 d63ccf 95667 d24f39 68 API calls 95666->95667 95669 d63cd6 95667->95669 95671 d24e59 3 API calls 95669->95671 95673 d63cde 95671->95673 95800 d250f5 95673->95800 95674 d24f20 95674->95673 95675 d24f2c 95674->95675 95676 d24f39 68 API calls 95675->95676 95678 d22ea5 95676->95678 95678->95565 95678->95566 95681 d63d05 95682->95571 95683->95575 95684->95582 95685->95590 95686->95599 95687->95602 95688->95606 95689->95612 95690->95615 95691->95620 95692->95624 95693->95616 95694->95621 95695->95625 95696->95630 95697->95630 95698->95630 95699->95630 95701 d92d15 95700->95701 95702 d2511f 64 API calls 95701->95702 95703 d92d29 95702->95703 95950 d92e66 95703->95950 95706 d92d3f 95706->95568 95707 d250f5 40 API calls 95708 d92d56 95707->95708 95709 d250f5 40 API calls 95708->95709 95710 d92d66 95709->95710 95711 d250f5 40 API calls 95710->95711 95712 d92d81 95711->95712 95713 d250f5 40 API calls 95712->95713 95714 d92d9c 95713->95714 95715 d2511f 64 API calls 95714->95715 95716 d92db3 95715->95716 95717 d4ea0c ___std_exception_copy 21 API calls 95716->95717 95718 d92dba 95717->95718 95719 d4ea0c ___std_exception_copy 21 API calls 95718->95719 95720 d92dc4 95719->95720 95721 d250f5 40 API calls 95720->95721 95722 d92dd8 95721->95722 95723 d928fe 27 API calls 95722->95723 95724 d92dee 95723->95724 95724->95706 95956 d922ce 79 API calls 95724->95956 95727 d24f43 95726->95727 95728 d24f4a 95726->95728 95957 d4e678 95727->95957 95730 d24f6a FreeLibrary 95728->95730 95731 d24f59 95728->95731 95730->95731 95731->95570 95732->95581 95733->95587 95734->95592 95735->95596 95736->95600 95737->95607 95738->95611 95740 d2aec9 22 API calls 95739->95740 95741 d24c78 95740->95741 95741->95636 95743 d2516e 95742->95743 95747 d2518f __fread_nolock 95742->95747 95746 d3fe0b 22 API calls 95743->95746 95744 d3fddb 22 API calls 95745 d251a2 95744->95745 95745->95646 95746->95747 95747->95744 95749 d23a67 GetModuleFileNameW 95748->95749 95749->95650 95751 d61f50 __wsopen_s 95750->95751 95752 d23aaf GetFullPathNameW 95751->95752 95753 d23ae9 95752->95753 95754 d23ace 95752->95754 95764 d2a6c3 95753->95764 95756 d26b57 22 API calls 95754->95756 95757 d23ada 95756->95757 95760 d237a0 95757->95760 95761 d237ae 95760->95761 95762 d293b2 22 API calls 95761->95762 95763 d237c2 95762->95763 95763->95653 95765 d2a6d0 95764->95765 95766 d2a6dd 95764->95766 95765->95757 95767 d3fddb 22 API calls 95766->95767 95768 d2a6e7 95767->95768 95769 d3fe0b 22 API calls 95768->95769 95769->95765 95771 d24ec6 95770->95771 95772 d24ea8 GetProcAddress 95770->95772 95775 d4e5eb 95771->95775 95773 d24eb8 95772->95773 95773->95771 95774 d24ebf FreeLibrary 95773->95774 95774->95771 95808 d4e52a 95775->95808 95777 d24eea 95777->95665 95777->95666 95779 d24e6e GetProcAddress 95778->95779 95780 d24e8d 95778->95780 95781 d24e7e 95779->95781 95783 d24f80 95780->95783 95781->95780 95782 d24e86 FreeLibrary 95781->95782 95782->95780 95784 d3fe0b 22 API calls 95783->95784 95785 d24f95 95784->95785 95876 d25722 95785->95876 95787 d24fa1 __fread_nolock 95788 d250a5 95787->95788 95789 d63d1d 95787->95789 95799 d24fdc 95787->95799 95879 d242a2 CreateStreamOnHGlobal 95788->95879 95890 d9304d 74 API calls 95789->95890 95792 d250f5 40 API calls 95792->95799 95793 d63d22 95794 d2511f 64 API calls 95793->95794 95795 d63d45 95794->95795 95796 d250f5 40 API calls 95795->95796 95797 d2506e messages 95796->95797 95797->95674 95799->95792 95799->95793 95799->95797 95885 d2511f 95799->95885 95801 d25107 95800->95801 95802 d63d70 95800->95802 95912 d4e8c4 95801->95912 95805 d928fe 95933 d9274e 95805->95933 95807 d92919 95807->95681 95811 d4e536 __FrameHandler3::FrameUnwindToState 95808->95811 95809 d4e544 95833 d4f2d9 20 API calls __dosmaperr 95809->95833 95811->95809 95813 d4e574 95811->95813 95812 d4e549 95834 d527ec 26 API calls __fread_nolock 95812->95834 95815 d4e586 95813->95815 95816 d4e579 95813->95816 95825 d58061 95815->95825 95835 d4f2d9 20 API calls __dosmaperr 95816->95835 95819 d4e58f 95821 d4e595 95819->95821 95822 d4e5a2 95819->95822 95820 d4e554 __fread_nolock 95820->95777 95836 d4f2d9 20 API calls __dosmaperr 95821->95836 95837 d4e5d4 LeaveCriticalSection __fread_nolock 95822->95837 95826 d5806d __FrameHandler3::FrameUnwindToState 95825->95826 95838 d52f5e EnterCriticalSection 95826->95838 95828 d5807b 95839 d580fb 95828->95839 95832 d580ac __fread_nolock 95832->95819 95833->95812 95834->95820 95835->95820 95836->95820 95837->95820 95838->95828 95840 d5811e 95839->95840 95841 d58177 95840->95841 95848 d58088 95840->95848 95855 d4918d EnterCriticalSection 95840->95855 95856 d491a1 LeaveCriticalSection 95840->95856 95857 d54c7d 95841->95857 95846 d58189 95846->95848 95870 d53405 11 API calls 2 library calls 95846->95870 95852 d580b7 95848->95852 95849 d581a8 95871 d4918d EnterCriticalSection 95849->95871 95875 d52fa6 LeaveCriticalSection 95852->95875 95854 d580be 95854->95832 95855->95840 95856->95840 95862 d54c8a __dosmaperr 95857->95862 95858 d54cca 95873 d4f2d9 20 API calls __dosmaperr 95858->95873 95859 d54cb5 RtlAllocateHeap 95860 d54cc8 95859->95860 95859->95862 95864 d529c8 95860->95864 95862->95858 95862->95859 95872 d44ead 7 API calls 2 library calls 95862->95872 95865 d529fc _free 95864->95865 95866 d529d3 RtlFreeHeap 95864->95866 95865->95846 95866->95865 95867 d529e8 95866->95867 95874 d4f2d9 20 API calls __dosmaperr 95867->95874 95869 d529ee GetLastError 95869->95865 95870->95849 95871->95848 95872->95862 95873->95860 95874->95869 95875->95854 95877 d3fddb 22 API calls 95876->95877 95878 d25734 95877->95878 95878->95787 95880 d242bc FindResourceExW 95879->95880 95884 d242d9 95879->95884 95881 d635ba LoadResource 95880->95881 95880->95884 95882 d635cf SizeofResource 95881->95882 95881->95884 95883 d635e3 LockResource 95882->95883 95882->95884 95883->95884 95884->95799 95886 d63d90 95885->95886 95887 d2512e 95885->95887 95891 d4ece3 95887->95891 95890->95793 95894 d4eaaa 95891->95894 95893 d2513c 95893->95799 95897 d4eab6 __FrameHandler3::FrameUnwindToState 95894->95897 95895 d4eac2 95907 d4f2d9 20 API calls __dosmaperr 95895->95907 95897->95895 95898 d4eae8 95897->95898 95909 d4918d EnterCriticalSection 95898->95909 95900 d4eac7 95908 d527ec 26 API calls __fread_nolock 95900->95908 95901 d4eaf4 95910 d4ec0a 62 API calls 2 library calls 95901->95910 95904 d4eb08 95911 d4eb27 LeaveCriticalSection __fread_nolock 95904->95911 95905 d4ead2 __fread_nolock 95905->95893 95907->95900 95908->95905 95909->95901 95910->95904 95911->95905 95915 d4e8e1 95912->95915 95914 d25118 95914->95805 95916 d4e8ed __FrameHandler3::FrameUnwindToState 95915->95916 95917 d4e92d 95916->95917 95918 d4e925 __fread_nolock 95916->95918 95921 d4e900 ___scrt_fastfail 95916->95921 95930 d4918d EnterCriticalSection 95917->95930 95918->95914 95920 d4e937 95931 d4e6f8 38 API calls 3 library calls 95920->95931 95928 d4f2d9 20 API calls __dosmaperr 95921->95928 95924 d4e91a 95929 d527ec 26 API calls __fread_nolock 95924->95929 95925 d4e94e 95932 d4e96c LeaveCriticalSection __fread_nolock 95925->95932 95928->95924 95929->95918 95930->95920 95931->95925 95932->95918 95936 d4e4e8 95933->95936 95935 d9275d 95935->95807 95939 d4e469 95936->95939 95938 d4e505 95938->95935 95940 d4e48c 95939->95940 95941 d4e478 95939->95941 95945 d4e488 __alldvrm 95940->95945 95949 d5333f 11 API calls 2 library calls 95940->95949 95947 d4f2d9 20 API calls __dosmaperr 95941->95947 95944 d4e47d 95948 d527ec 26 API calls __fread_nolock 95944->95948 95945->95938 95947->95944 95948->95945 95949->95945 95953 d92e7a 95950->95953 95951 d250f5 40 API calls 95951->95953 95952 d928fe 27 API calls 95952->95953 95953->95951 95953->95952 95954 d92d3b 95953->95954 95955 d2511f 64 API calls 95953->95955 95954->95706 95954->95707 95955->95953 95956->95706 95958 d4e684 __FrameHandler3::FrameUnwindToState 95957->95958 95959 d4e695 95958->95959 95960 d4e6aa 95958->95960 95987 d4f2d9 20 API calls __dosmaperr 95959->95987 95969 d4e6a5 __fread_nolock 95960->95969 95970 d4918d EnterCriticalSection 95960->95970 95962 d4e69a 95988 d527ec 26 API calls __fread_nolock 95962->95988 95965 d4e6c6 95971 d4e602 95965->95971 95967 d4e6d1 95989 d4e6ee LeaveCriticalSection __fread_nolock 95967->95989 95969->95728 95970->95965 95972 d4e624 95971->95972 95973 d4e60f 95971->95973 95979 d4e61f 95972->95979 95990 d4dc0b 95972->95990 96022 d4f2d9 20 API calls __dosmaperr 95973->96022 95975 d4e614 96023 d527ec 26 API calls __fread_nolock 95975->96023 95979->95967 95983 d4e646 96007 d5862f 95983->96007 95986 d529c8 _free 20 API calls 95986->95979 95987->95962 95988->95969 95989->95969 95991 d4dc23 95990->95991 95993 d4dc1f 95990->95993 95992 d4d955 __fread_nolock 26 API calls 95991->95992 95991->95993 95994 d4dc43 95992->95994 95996 d54d7a 95993->95996 96024 d559be 62 API calls 5 library calls 95994->96024 95997 d4e640 95996->95997 95998 d54d90 95996->95998 96000 d4d955 95997->96000 95998->95997 95999 d529c8 _free 20 API calls 95998->95999 95999->95997 96001 d4d976 96000->96001 96002 d4d961 96000->96002 96001->95983 96025 d4f2d9 20 API calls __dosmaperr 96002->96025 96004 d4d966 96026 d527ec 26 API calls __fread_nolock 96004->96026 96006 d4d971 96006->95983 96008 d58653 96007->96008 96009 d5863e 96007->96009 96011 d5868e 96008->96011 96016 d5867a 96008->96016 96030 d4f2c6 20 API calls __dosmaperr 96009->96030 96032 d4f2c6 20 API calls __dosmaperr 96011->96032 96013 d58643 96031 d4f2d9 20 API calls __dosmaperr 96013->96031 96014 d58693 96033 d4f2d9 20 API calls __dosmaperr 96014->96033 96027 d58607 96016->96027 96019 d5869b 96034 d527ec 26 API calls __fread_nolock 96019->96034 96020 d4e64c 96020->95979 96020->95986 96022->95975 96023->95979 96024->95993 96025->96004 96026->96006 96035 d58585 96027->96035 96029 d5862b 96029->96020 96030->96013 96031->96020 96032->96014 96033->96019 96034->96020 96036 d58591 __FrameHandler3::FrameUnwindToState 96035->96036 96046 d55147 EnterCriticalSection 96036->96046 96038 d5859f 96039 d585c6 96038->96039 96040 d585d1 96038->96040 96047 d586ae 96039->96047 96062 d4f2d9 20 API calls __dosmaperr 96040->96062 96043 d585cc 96063 d585fb LeaveCriticalSection __wsopen_s 96043->96063 96045 d585ee __fread_nolock 96045->96029 96046->96038 96064 d553c4 96047->96064 96049 d586c4 96077 d55333 21 API calls 3 library calls 96049->96077 96050 d586be 96050->96049 96052 d553c4 __wsopen_s 26 API calls 96050->96052 96061 d586f6 96050->96061 96055 d586ed 96052->96055 96053 d553c4 __wsopen_s 26 API calls 96056 d58702 FindCloseChangeNotification 96053->96056 96054 d5871c 96058 d5873e 96054->96058 96078 d4f2a3 20 API calls 2 library calls 96054->96078 96059 d553c4 __wsopen_s 26 API calls 96055->96059 96056->96049 96060 d5870e GetLastError 96056->96060 96058->96043 96059->96061 96060->96049 96061->96049 96061->96053 96062->96043 96063->96045 96065 d553e6 96064->96065 96066 d553d1 96064->96066 96071 d5540b 96065->96071 96081 d4f2c6 20 API calls __dosmaperr 96065->96081 96079 d4f2c6 20 API calls __dosmaperr 96066->96079 96068 d553d6 96080 d4f2d9 20 API calls __dosmaperr 96068->96080 96071->96050 96072 d55416 96082 d4f2d9 20 API calls __dosmaperr 96072->96082 96073 d553de 96073->96050 96075 d5541e 96083 d527ec 26 API calls __fread_nolock 96075->96083 96077->96054 96078->96058 96079->96068 96080->96073 96081->96072 96082->96075 96083->96073 96084 d2105b 96089 d2344d 96084->96089 96086 d2106a 96120 d400a3 29 API calls __onexit 96086->96120 96088 d21074 96090 d2345d __wsopen_s 96089->96090 96091 d2a961 22 API calls 96090->96091 96092 d23513 96091->96092 96093 d23a5a 24 API calls 96092->96093 96094 d2351c 96093->96094 96121 d23357 96094->96121 96097 d233c6 22 API calls 96098 d23535 96097->96098 96099 d2515f 22 API calls 96098->96099 96100 d23544 96099->96100 96101 d2a961 22 API calls 96100->96101 96102 d2354d 96101->96102 96103 d2a6c3 22 API calls 96102->96103 96104 d23556 RegOpenKeyExW 96103->96104 96105 d63176 RegQueryValueExW 96104->96105 96109 d23578 96104->96109 96106 d63193 96105->96106 96107 d6320c RegCloseKey 96105->96107 96108 d3fe0b 22 API calls 96106->96108 96107->96109 96119 d6321e _wcslen 96107->96119 96110 d631ac 96108->96110 96109->96086 96112 d25722 22 API calls 96110->96112 96111 d24c6d 22 API calls 96111->96119 96113 d631b7 RegQueryValueExW 96112->96113 96114 d631d4 96113->96114 96116 d631ee messages 96113->96116 96115 d26b57 22 API calls 96114->96115 96115->96116 96116->96107 96117 d29cb3 22 API calls 96117->96119 96118 d2515f 22 API calls 96118->96119 96119->96109 96119->96111 96119->96117 96119->96118 96120->96088 96122 d61f50 __wsopen_s 96121->96122 96123 d23364 GetFullPathNameW 96122->96123 96124 d23386 96123->96124 96125 d26b57 22 API calls 96124->96125 96126 d233a4 96125->96126 96126->96097 96127 d21098 96132 d242de 96127->96132 96131 d210a7 96133 d2a961 22 API calls 96132->96133 96134 d242f5 GetVersionExW 96133->96134 96135 d26b57 22 API calls 96134->96135 96136 d24342 96135->96136 96137 d293b2 22 API calls 96136->96137 96149 d24378 96136->96149 96138 d2436c 96137->96138 96140 d237a0 22 API calls 96138->96140 96139 d2441b GetCurrentProcess IsWow64Process 96141 d24437 96139->96141 96140->96149 96142 d63824 GetSystemInfo 96141->96142 96143 d2444f LoadLibraryA 96141->96143 96144 d24460 GetProcAddress 96143->96144 96145 d2449c GetSystemInfo 96143->96145 96144->96145 96148 d24470 GetNativeSystemInfo 96144->96148 96146 d24476 96145->96146 96150 d2109d 96146->96150 96151 d2447a FreeLibrary 96146->96151 96147 d637df 96148->96146 96149->96139 96149->96147 96152 d400a3 29 API calls __onexit 96150->96152 96151->96150 96152->96131 96153 d2f7bf 96154 d2f7d3 96153->96154 96155 d2fcb6 96153->96155 96157 d2fcc2 96154->96157 96158 d3fddb 22 API calls 96154->96158 96244 d2aceb 23 API calls messages 96155->96244 96245 d2aceb 23 API calls messages 96157->96245 96160 d2f7e5 96158->96160 96160->96157 96161 d2f83e 96160->96161 96162 d2fd3d 96160->96162 96179 d2ed9d messages 96161->96179 96188 d31310 96161->96188 96246 d91155 22 API calls 96162->96246 96165 d2fef7 96165->96179 96248 d2a8c7 22 API calls __fread_nolock 96165->96248 96168 d74b0b 96250 d9359c 82 API calls __wsopen_s 96168->96250 96169 d2a8c7 22 API calls 96186 d2ec76 messages 96169->96186 96170 d74600 96170->96179 96247 d2a8c7 22 API calls __fread_nolock 96170->96247 96175 d40242 EnterCriticalSection LeaveCriticalSection LeaveCriticalSection WaitForSingleObjectEx EnterCriticalSection 96175->96186 96177 d2fbe3 96177->96179 96180 d74bdc 96177->96180 96187 d2f3ae messages 96177->96187 96178 d2a961 22 API calls 96178->96186 96251 d9359c 82 API calls __wsopen_s 96180->96251 96181 d400a3 29 API calls pre_c_initialization 96181->96186 96183 d401f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent __Init_thread_footer 96183->96186 96184 d74beb 96252 d9359c 82 API calls __wsopen_s 96184->96252 96185 d3fddb 22 API calls 96185->96186 96186->96165 96186->96168 96186->96169 96186->96170 96186->96175 96186->96177 96186->96178 96186->96179 96186->96181 96186->96183 96186->96184 96186->96185 96186->96187 96242 d301e0 185 API calls 2 library calls 96186->96242 96243 d306a0 41 API calls messages 96186->96243 96187->96179 96249 d9359c 82 API calls __wsopen_s 96187->96249 96189 d317b0 96188->96189 96190 d31376 96188->96190 96277 d40242 5 API calls __Init_thread_wait 96189->96277 96191 d31390 96190->96191 96192 d76331 96190->96192 96253 d31940 96191->96253 96282 da709c 185 API calls 96192->96282 96196 d317ba 96199 d317fb 96196->96199 96201 d29cb3 22 API calls 96196->96201 96198 d7633d 96198->96186 96203 d76346 96199->96203 96205 d3182c 96199->96205 96200 d31940 9 API calls 96202 d313b6 96200->96202 96209 d317d4 96201->96209 96202->96199 96204 d313ec 96202->96204 96283 d9359c 82 API calls __wsopen_s 96203->96283 96204->96203 96228 d31408 __fread_nolock 96204->96228 96279 d2aceb 23 API calls messages 96205->96279 96208 d31839 96280 d3d217 185 API calls 96208->96280 96278 d401f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 96209->96278 96212 d7636e 96284 d9359c 82 API calls __wsopen_s 96212->96284 96214 d3152f 96215 d763d1 96214->96215 96216 d3153c 96214->96216 96286 da5745 54 API calls _wcslen 96215->96286 96217 d31940 9 API calls 96216->96217 96219 d31549 96217->96219 96222 d764fa 96219->96222 96225 d31940 9 API calls 96219->96225 96220 d3fddb 22 API calls 96220->96228 96221 d3fe0b 22 API calls 96221->96228 96232 d76369 96222->96232 96288 d9359c 82 API calls __wsopen_s 96222->96288 96223 d31872 96281 d3faeb 23 API calls 96223->96281 96230 d31563 96225->96230 96227 d2ec40 185 API calls 96227->96228 96228->96208 96228->96212 96228->96214 96228->96220 96228->96221 96228->96227 96229 d763b2 96228->96229 96228->96232 96285 d9359c 82 API calls __wsopen_s 96229->96285 96230->96222 96236 d315c7 messages 96230->96236 96287 d2a8c7 22 API calls __fread_nolock 96230->96287 96232->96186 96234 d31940 9 API calls 96234->96236 96235 d3167b messages 96237 d3171d 96235->96237 96276 d3ce17 22 API calls messages 96235->96276 96236->96222 96236->96223 96236->96232 96236->96234 96236->96235 96263 daa2ea 96236->96263 96268 d95c5a 96236->96268 96273 daac5b 96236->96273 96237->96186 96242->96186 96243->96186 96244->96157 96245->96162 96246->96179 96247->96179 96248->96179 96249->96179 96250->96179 96251->96184 96252->96179 96254 d31981 96253->96254 96258 d3195d 96253->96258 96289 d40242 5 API calls __Init_thread_wait 96254->96289 96256 d3198b 96256->96258 96290 d401f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 96256->96290 96262 d313a0 96258->96262 96291 d40242 5 API calls __Init_thread_wait 96258->96291 96259 d38727 96259->96262 96292 d401f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 96259->96292 96262->96200 96293 d27510 96263->96293 96267 daa315 96267->96236 96269 d27510 53 API calls 96268->96269 96270 d95c6d 96269->96270 96341 d8dbbe lstrlenW 96270->96341 96272 d95c77 96272->96236 96346 daad64 96273->96346 96275 daac6f 96275->96236 96276->96235 96277->96196 96278->96199 96279->96208 96280->96223 96281->96223 96282->96198 96283->96232 96284->96232 96285->96232 96286->96230 96287->96236 96288->96232 96289->96256 96290->96258 96291->96259 96292->96262 96294 d27522 96293->96294 96295 d27525 96293->96295 96316 d8d4dc CreateToolhelp32Snapshot Process32FirstW 96294->96316 96296 d2755b 96295->96296 96297 d2752d 96295->96297 96299 d650f6 96296->96299 96302 d2756d 96296->96302 96307 d6500f 96296->96307 96326 d451c6 26 API calls 96297->96326 96329 d45183 26 API calls 96299->96329 96300 d2753d 96306 d3fddb 22 API calls 96300->96306 96327 d3fb21 51 API calls 96302->96327 96303 d6510e 96303->96303 96308 d27547 96306->96308 96310 d3fe0b 22 API calls 96307->96310 96315 d65088 96307->96315 96309 d29cb3 22 API calls 96308->96309 96309->96294 96311 d65058 96310->96311 96312 d3fddb 22 API calls 96311->96312 96313 d6507f 96312->96313 96314 d29cb3 22 API calls 96313->96314 96314->96315 96328 d3fb21 51 API calls 96315->96328 96330 d8def7 96316->96330 96318 d8d529 Process32NextW 96319 d8d5db FindCloseChangeNotification 96318->96319 96325 d8d522 96318->96325 96319->96267 96320 d2a961 22 API calls 96320->96325 96321 d29cb3 22 API calls 96321->96325 96325->96318 96325->96319 96325->96320 96325->96321 96336 d2525f 22 API calls 96325->96336 96337 d26350 22 API calls 96325->96337 96338 d3ce60 41 API calls 96325->96338 96326->96300 96327->96300 96328->96299 96329->96303 96334 d8df02 96330->96334 96331 d8df19 96340 d462fb 39 API calls 96331->96340 96334->96331 96335 d8df1f 96334->96335 96339 d463b2 GetStringTypeW _strftime 96334->96339 96335->96325 96336->96325 96337->96325 96338->96325 96339->96334 96340->96335 96342 d8dbdc GetFileAttributesW 96341->96342 96343 d8dc06 96341->96343 96342->96343 96344 d8dbe8 FindFirstFileW 96342->96344 96343->96272 96344->96343 96345 d8dbf9 FindClose 96344->96345 96345->96343 96347 d2a961 22 API calls 96346->96347 96348 daad77 ___scrt_fastfail 96347->96348 96349 daadce 96348->96349 96350 d27510 53 API calls 96348->96350 96351 daadee 96349->96351 96353 d27510 53 API calls 96349->96353 96352 daadab 96350->96352 96354 daae3a 96351->96354 96355 d27510 53 API calls 96351->96355 96352->96349 96357 d27510 53 API calls 96352->96357 96356 daade4 96353->96356 96359 daae4d ___scrt_fastfail 96354->96359 96377 d2b567 39 API calls 96354->96377 96365 daae04 96355->96365 96375 d27620 22 API calls _wcslen 96356->96375 96360 daadc4 96357->96360 96363 d27510 53 API calls 96359->96363 96374 d27620 22 API calls _wcslen 96360->96374 96364 daae85 ShellExecuteExW 96363->96364 96370 daaeb0 96364->96370 96365->96354 96366 d27510 53 API calls 96365->96366 96367 daae28 96366->96367 96367->96354 96376 d2a8c7 22 API calls __fread_nolock 96367->96376 96369 daaec8 96369->96275 96370->96369 96371 daaf35 GetProcessId 96370->96371 96372 daaf48 96371->96372 96373 daaf58 CloseHandle 96372->96373 96373->96369 96374->96349 96375->96351 96376->96354 96377->96359 96378 d403fb 96379 d40407 __FrameHandler3::FrameUnwindToState 96378->96379 96407 d3feb1 96379->96407 96381 d4040e 96382 d40561 96381->96382 96385 d40438 96381->96385 96437 d4083f IsProcessorFeaturePresent IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter ___scrt_fastfail 96382->96437 96384 d40568 96430 d44e52 96384->96430 96396 d40477 ___scrt_is_nonwritable_in_current_image ___scrt_release_startup_lock 96385->96396 96418 d5247d 96385->96418 96392 d40457 96394 d404d8 96426 d40959 96394->96426 96396->96394 96433 d44e1a 38 API calls 2 library calls 96396->96433 96398 d404de 96399 d404f3 96398->96399 96434 d40992 GetModuleHandleW 96399->96434 96401 d404fa 96401->96384 96402 d404fe 96401->96402 96403 d40507 96402->96403 96435 d44df5 28 API calls _abort 96402->96435 96436 d40040 13 API calls 2 library calls 96403->96436 96406 d4050f 96406->96392 96408 d3feba 96407->96408 96439 d40698 IsProcessorFeaturePresent 96408->96439 96410 d3fec6 96440 d42c94 10 API calls 3 library calls 96410->96440 96412 d3fecb 96413 d3fecf 96412->96413 96441 d52317 96412->96441 96413->96381 96416 d3fee6 96416->96381 96419 d52494 96418->96419 96420 d40a8c _ValidateLocalCookies 5 API calls 96419->96420 96421 d40451 96420->96421 96421->96392 96422 d52421 96421->96422 96423 d52450 96422->96423 96424 d40a8c _ValidateLocalCookies 5 API calls 96423->96424 96425 d52479 96424->96425 96425->96396 96500 d42340 96426->96500 96429 d4097f 96429->96398 96502 d44bcf 96430->96502 96433->96394 96434->96401 96435->96403 96436->96406 96437->96384 96439->96410 96440->96412 96445 d5d1f6 96441->96445 96444 d42cbd 8 API calls 3 library calls 96444->96413 96446 d5d213 96445->96446 96449 d5d20f 96445->96449 96446->96449 96451 d54bfb 96446->96451 96448 d3fed8 96448->96416 96448->96444 96463 d40a8c 96449->96463 96452 d54c07 __FrameHandler3::FrameUnwindToState 96451->96452 96470 d52f5e EnterCriticalSection 96452->96470 96454 d54c0e 96471 d550af 96454->96471 96456 d54c1d 96457 d54c2c 96456->96457 96484 d54a8f 29 API calls 96456->96484 96486 d54c48 LeaveCriticalSection _abort 96457->96486 96460 d54c27 96485 d54b45 GetStdHandle GetFileType 96460->96485 96462 d54c3d __fread_nolock 96462->96446 96464 d40a95 96463->96464 96465 d40a97 IsProcessorFeaturePresent 96463->96465 96464->96448 96467 d40c5d 96465->96467 96499 d40c21 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 96467->96499 96469 d40d40 96469->96448 96470->96454 96472 d550bb __FrameHandler3::FrameUnwindToState 96471->96472 96473 d550df 96472->96473 96474 d550c8 96472->96474 96487 d52f5e EnterCriticalSection 96473->96487 96495 d4f2d9 20 API calls __dosmaperr 96474->96495 96477 d550cd 96496 d527ec 26 API calls __fread_nolock 96477->96496 96479 d550d7 __fread_nolock 96479->96456 96482 d55117 96497 d5513e LeaveCriticalSection _abort 96482->96497 96483 d550eb 96483->96482 96488 d55000 96483->96488 96484->96460 96485->96457 96486->96462 96487->96483 96489 d54c7d __dosmaperr 20 API calls 96488->96489 96490 d55012 96489->96490 96494 d5501f 96490->96494 96498 d53405 11 API calls 2 library calls 96490->96498 96491 d529c8 _free 20 API calls 96492 d55071 96491->96492 96492->96483 96494->96491 96495->96477 96496->96479 96497->96479 96498->96490 96499->96469 96501 d4096c GetStartupInfoW 96500->96501 96501->96429 96503 d44bdb _abort 96502->96503 96504 d44bf4 96503->96504 96505 d44be2 96503->96505 96526 d52f5e EnterCriticalSection 96504->96526 96541 d44d29 GetModuleHandleW 96505->96541 96508 d44be7 96508->96504 96542 d44d6d GetModuleHandleExW 96508->96542 96509 d44c99 96530 d44cd9 96509->96530 96513 d44c70 96517 d44c88 96513->96517 96521 d52421 _abort 5 API calls 96513->96521 96515 d44cb6 96533 d44ce8 96515->96533 96516 d44ce2 96550 d61d29 5 API calls _ValidateLocalCookies 96516->96550 96522 d52421 _abort 5 API calls 96517->96522 96521->96517 96522->96509 96523 d44bfb 96523->96509 96523->96513 96527 d521a8 96523->96527 96526->96523 96551 d51ee1 96527->96551 96570 d52fa6 LeaveCriticalSection 96530->96570 96532 d44cb2 96532->96515 96532->96516 96571 d5360c 96533->96571 96536 d44d16 96539 d44d6d _abort 8 API calls 96536->96539 96537 d44cf6 GetPEB 96537->96536 96538 d44d06 GetCurrentProcess TerminateProcess 96537->96538 96538->96536 96540 d44d1e ExitProcess 96539->96540 96541->96508 96543 d44d97 GetProcAddress 96542->96543 96544 d44dba 96542->96544 96545 d44dac 96543->96545 96546 d44dc0 FreeLibrary 96544->96546 96547 d44dc9 96544->96547 96545->96544 96546->96547 96548 d40a8c _ValidateLocalCookies 5 API calls 96547->96548 96549 d44bf3 96548->96549 96549->96504 96554 d51e90 96551->96554 96553 d51f05 96553->96513 96555 d51e9c __FrameHandler3::FrameUnwindToState 96554->96555 96562 d52f5e EnterCriticalSection 96555->96562 96557 d51eaa 96563 d51f31 96557->96563 96561 d51ec8 __fread_nolock 96561->96553 96562->96557 96564 d51f51 96563->96564 96567 d51f59 96563->96567 96565 d40a8c _ValidateLocalCookies 5 API calls 96564->96565 96566 d51eb7 96565->96566 96569 d51ed5 LeaveCriticalSection _abort 96566->96569 96567->96564 96568 d529c8 _free 20 API calls 96567->96568 96568->96564 96569->96561 96570->96532 96572 d53627 96571->96572 96573 d53631 96571->96573 96575 d40a8c _ValidateLocalCookies 5 API calls 96572->96575 96578 d52fd7 5 API calls 2 library calls 96573->96578 96576 d44cf2 96575->96576 96576->96536 96576->96537 96577 d53648 96577->96572 96578->96577 96579 d22de3 96580 d22df0 __wsopen_s 96579->96580 96581 d22e09 96580->96581 96582 d62c2b ___scrt_fastfail 96580->96582 96583 d23aa2 23 API calls 96581->96583 96584 d62c47 GetOpenFileNameW 96582->96584 96585 d22e12 96583->96585 96586 d62c96 96584->96586 96595 d22da5 96585->96595 96589 d26b57 22 API calls 96586->96589 96591 d62cab 96589->96591 96591->96591 96592 d22e27 96613 d244a8 96592->96613 96596 d61f50 __wsopen_s 96595->96596 96597 d22db2 GetLongPathNameW 96596->96597 96598 d26b57 22 API calls 96597->96598 96599 d22dda 96598->96599 96600 d23598 96599->96600 96601 d2a961 22 API calls 96600->96601 96602 d235aa 96601->96602 96603 d23aa2 23 API calls 96602->96603 96604 d235b5 96603->96604 96605 d235c0 96604->96605 96610 d632eb 96604->96610 96607 d2515f 22 API calls 96605->96607 96608 d235cc 96607->96608 96642 d235f3 96608->96642 96611 d6330d 96610->96611 96648 d3ce60 41 API calls 96610->96648 96612 d235df 96612->96592 96614 d24ecb 94 API calls 96613->96614 96615 d244cd 96614->96615 96616 d63833 96615->96616 96618 d24ecb 94 API calls 96615->96618 96617 d92cf9 80 API calls 96616->96617 96619 d63848 96617->96619 96620 d244e1 96618->96620 96621 d6384c 96619->96621 96622 d63869 96619->96622 96620->96616 96623 d244e9 96620->96623 96624 d24f39 68 API calls 96621->96624 96625 d3fe0b 22 API calls 96622->96625 96626 d63854 96623->96626 96627 d244f5 96623->96627 96624->96626 96632 d638ae 96625->96632 96650 d8da5a 82 API calls 96626->96650 96649 d2940c 136 API calls 2 library calls 96627->96649 96630 d22e31 96631 d63862 96631->96622 96634 d63a5f 96632->96634 96639 d29cb3 22 API calls 96632->96639 96651 d8967e 22 API calls __fread_nolock 96632->96651 96652 d895ad 42 API calls _wcslen 96632->96652 96653 d90b5a 22 API calls 96632->96653 96654 d2a4a1 22 API calls __fread_nolock 96632->96654 96655 d23ff7 22 API calls 96632->96655 96633 d24f39 68 API calls 96633->96634 96634->96633 96656 d8989b 82 API calls __wsopen_s 96634->96656 96639->96632 96643 d23605 96642->96643 96647 d23624 __fread_nolock 96642->96647 96645 d3fe0b 22 API calls 96643->96645 96644 d3fddb 22 API calls 96646 d2363b 96644->96646 96645->96647 96646->96612 96647->96644 96648->96610 96649->96630 96650->96631 96651->96632 96652->96632 96653->96632 96654->96632 96655->96632 96656->96634 96657 d62ba5 96658 d22b25 96657->96658 96659 d62baf 96657->96659 96685 d22b83 7 API calls 96658->96685 96661 d23a5a 24 API calls 96659->96661 96662 d62bb8 96661->96662 96664 d29cb3 22 API calls 96662->96664 96667 d62bc6 96664->96667 96666 d22b2f 96670 d23837 49 API calls 96666->96670 96673 d22b44 96666->96673 96668 d62bf5 96667->96668 96669 d62bce 96667->96669 96672 d233c6 22 API calls 96668->96672 96671 d233c6 22 API calls 96669->96671 96670->96673 96674 d62bd9 96671->96674 96675 d62bf1 GetForegroundWindow ShellExecuteW 96672->96675 96676 d22b5f 96673->96676 96679 d230f2 Shell_NotifyIconW 96673->96679 96689 d26350 22 API calls 96674->96689 96681 d62c26 96675->96681 96683 d22b66 SetCurrentDirectoryW 96676->96683 96679->96676 96680 d62be7 96682 d233c6 22 API calls 96680->96682 96681->96676 96682->96675 96684 d22b7a 96683->96684 96690 d22cd4 7 API calls 96685->96690 96687 d22b2a 96688 d22c63 CreateWindowExW CreateWindowExW ShowWindow ShowWindow 96687->96688 96688->96666 96689->96680 96690->96687 96691 d62402 96694 d21410 96691->96694 96695 d2144f mciSendStringW 96694->96695 96696 d624b8 DestroyWindow 96694->96696 96697 d216c6 96695->96697 96698 d2146b 96695->96698 96709 d624c4 96696->96709 96697->96698 96700 d216d5 UnregisterHotKey 96697->96700 96699 d21479 96698->96699 96698->96709 96727 d2182e 96699->96727 96700->96697 96702 d624e2 FindClose 96702->96709 96703 d624d8 96703->96709 96733 d26246 CloseHandle 96703->96733 96705 d62509 96708 d6251c FreeLibrary 96705->96708 96710 d6252d 96705->96710 96707 d2148e 96707->96710 96713 d2149c 96707->96713 96708->96705 96709->96702 96709->96703 96709->96705 96711 d62541 VirtualFree 96710->96711 96718 d21509 96710->96718 96711->96710 96712 d214f8 OleUninitialize 96712->96718 96713->96712 96714 d21514 96717 d21524 96714->96717 96715 d62589 96720 d62598 messages 96715->96720 96734 d932eb 6 API calls messages 96715->96734 96731 d21944 VirtualFreeEx CloseHandle 96717->96731 96718->96714 96718->96715 96723 d62627 96720->96723 96735 d864d4 22 API calls messages 96720->96735 96722 d2153a 96722->96720 96724 d2161f 96722->96724 96723->96723 96724->96723 96732 d21876 CloseHandle InternetCloseHandle InternetCloseHandle WaitForSingleObject 96724->96732 96726 d216c1 96729 d2183b 96727->96729 96728 d21480 96728->96705 96728->96707 96729->96728 96736 d8702a 22 API calls 96729->96736 96731->96722 96732->96726 96733->96703 96734->96715 96735->96720 96736->96729 96737 d21044 96742 d210f3 96737->96742 96739 d2104a 96778 d400a3 29 API calls __onexit 96739->96778 96741 d21054 96779 d21398 96742->96779 96746 d2116a 96747 d2a961 22 API calls 96746->96747 96748 d21174 96747->96748 96749 d2a961 22 API calls 96748->96749 96750 d2117e 96749->96750 96751 d2a961 22 API calls 96750->96751 96752 d21188 96751->96752 96753 d2a961 22 API calls 96752->96753 96754 d211c6 96753->96754 96755 d2a961 22 API calls 96754->96755 96756 d21292 96755->96756 96789 d2171c 96756->96789 96760 d212c4 96761 d2a961 22 API calls 96760->96761 96762 d212ce 96761->96762 96763 d31940 9 API calls 96762->96763 96764 d212f9 96763->96764 96810 d21aab 96764->96810 96766 d21315 96767 d21325 GetStdHandle 96766->96767 96768 d62485 96767->96768 96769 d2137a 96767->96769 96768->96769 96770 d6248e 96768->96770 96772 d21387 OleInitialize 96769->96772 96771 d3fddb 22 API calls 96770->96771 96773 d62495 96771->96773 96772->96739 96817 d9011d InitializeCriticalSectionAndSpinCount InterlockedExchange GetCurrentProcess GetCurrentProcess DuplicateHandle 96773->96817 96775 d6249e 96818 d90944 CreateThread 96775->96818 96777 d624aa CloseHandle 96777->96769 96778->96741 96819 d213f1 96779->96819 96782 d213f1 22 API calls 96783 d213d0 96782->96783 96784 d2a961 22 API calls 96783->96784 96785 d213dc 96784->96785 96786 d26b57 22 API calls 96785->96786 96787 d21129 96786->96787 96788 d21bc3 6 API calls 96787->96788 96788->96746 96790 d2a961 22 API calls 96789->96790 96791 d2172c 96790->96791 96792 d2a961 22 API calls 96791->96792 96793 d21734 96792->96793 96794 d2a961 22 API calls 96793->96794 96795 d2174f 96794->96795 96796 d3fddb 22 API calls 96795->96796 96797 d2129c 96796->96797 96798 d21b4a 96797->96798 96799 d21b58 96798->96799 96800 d2a961 22 API calls 96799->96800 96801 d21b63 96800->96801 96802 d2a961 22 API calls 96801->96802 96803 d21b6e 96802->96803 96804 d2a961 22 API calls 96803->96804 96805 d21b79 96804->96805 96806 d2a961 22 API calls 96805->96806 96807 d21b84 96806->96807 96808 d3fddb 22 API calls 96807->96808 96809 d21b96 RegisterWindowMessageW 96808->96809 96809->96760 96811 d21abb 96810->96811 96812 d6272d 96810->96812 96813 d3fddb 22 API calls 96811->96813 96826 d93209 23 API calls 96812->96826 96816 d21ac3 96813->96816 96815 d62738 96816->96766 96817->96775 96818->96777 96827 d9092a 28 API calls 96818->96827 96820 d2a961 22 API calls 96819->96820 96821 d213fc 96820->96821 96822 d2a961 22 API calls 96821->96822 96823 d21404 96822->96823 96824 d2a961 22 API calls 96823->96824 96825 d213c6 96824->96825 96825->96782 96826->96815 96828 d72a00 96843 d2d7b0 messages 96828->96843 96829 d2db11 PeekMessageW 96829->96843 96830 d2d807 GetInputState 96830->96829 96830->96843 96832 d71cbe TranslateAcceleratorW 96832->96843 96833 d2da04 timeGetTime 96833->96843 96834 d2db73 TranslateMessage DispatchMessageW 96835 d2db8f PeekMessageW 96834->96835 96835->96843 96836 d2dbaf Sleep 96847 d2dbc0 96836->96847 96837 d72b74 Sleep 96837->96847 96838 d3e551 timeGetTime 96838->96847 96839 d71dda timeGetTime 96869 d3e300 23 API calls 96839->96869 96841 d8d4dc 47 API calls 96841->96847 96842 d72c0b GetExitCodeProcess 96844 d72c37 CloseHandle 96842->96844 96845 d72c21 WaitForSingleObject 96842->96845 96843->96829 96843->96830 96843->96832 96843->96833 96843->96834 96843->96835 96843->96836 96843->96837 96843->96839 96850 d2d9d5 96843->96850 96856 d2ec40 185 API calls 96843->96856 96857 d31310 185 API calls 96843->96857 96858 d2bf40 185 API calls 96843->96858 96860 d2dd50 96843->96860 96867 d2dfd0 185 API calls 3 library calls 96843->96867 96868 d3edf6 IsDialogMessageW GetClassLongW 96843->96868 96870 d93a2a 23 API calls 96843->96870 96871 d9359c 82 API calls __wsopen_s 96843->96871 96844->96847 96845->96843 96845->96844 96846 d72a31 96846->96850 96847->96838 96847->96841 96847->96842 96847->96843 96847->96846 96848 db29bf GetForegroundWindow 96847->96848 96847->96850 96851 d72ca9 Sleep 96847->96851 96872 da5658 23 API calls 96847->96872 96873 d8e97b QueryPerformanceCounter QueryPerformanceFrequency Sleep QueryPerformanceCounter Sleep 96847->96873 96848->96847 96851->96843 96856->96843 96857->96843 96858->96843 96861 d2dd83 96860->96861 96862 d2dd6f 96860->96862 96906 d9359c 82 API calls __wsopen_s 96861->96906 96874 d2d260 96862->96874 96864 d2dd7a 96864->96843 96866 d72f75 96866->96866 96867->96843 96868->96843 96869->96843 96870->96843 96871->96843 96872->96847 96873->96847 96875 d2ec40 185 API calls 96874->96875 96891 d2d29d 96875->96891 96876 d71bc4 96913 d9359c 82 API calls __wsopen_s 96876->96913 96878 d2d30b messages 96878->96864 96879 d2d6d5 96879->96878 96889 d3fe0b 22 API calls 96879->96889 96880 d2d3c3 96880->96879 96882 d2d3ce 96880->96882 96881 d2d5ff 96885 d71bb5 96881->96885 96886 d2d614 96881->96886 96884 d3fddb 22 API calls 96882->96884 96883 d2d4b8 96890 d3fe0b 22 API calls 96883->96890 96893 d2d3d5 __fread_nolock 96884->96893 96912 da5705 23 API calls 96885->96912 96888 d3fddb 22 API calls 96886->96888 96898 d2d46a 96888->96898 96889->96893 96897 d2d429 __fread_nolock messages 96890->96897 96891->96876 96891->96878 96891->96879 96891->96880 96891->96883 96894 d3fddb 22 API calls 96891->96894 96891->96897 96892 d3fddb 22 API calls 96895 d2d3f6 96892->96895 96893->96892 96893->96895 96894->96891 96895->96897 96907 d2bec0 185 API calls 96895->96907 96897->96881 96897->96898 96899 d71ba4 96897->96899 96902 d71b7f 96897->96902 96904 d71b5d 96897->96904 96908 d21f6f 185 API calls 96897->96908 96898->96864 96911 d9359c 82 API calls __wsopen_s 96899->96911 96910 d9359c 82 API calls __wsopen_s 96902->96910 96909 d9359c 82 API calls __wsopen_s 96904->96909 96906->96866 96907->96897 96908->96897 96909->96898 96910->96898 96911->96898 96912->96876 96913->96878 96914 d58402 96919 d581be 96914->96919 96917 d5842a 96922 d581ef try_get_first_available_module 96919->96922 96921 d583ee 96938 d527ec 26 API calls __fread_nolock 96921->96938 96930 d58338 96922->96930 96934 d48e0b 40 API calls 2 library calls 96922->96934 96924 d58343 96924->96917 96931 d60984 96924->96931 96926 d5838c 96926->96930 96935 d48e0b 40 API calls 2 library calls 96926->96935 96928 d583ab 96928->96930 96936 d48e0b 40 API calls 2 library calls 96928->96936 96930->96924 96937 d4f2d9 20 API calls __dosmaperr 96930->96937 96939 d60081 96931->96939 96933 d6099f 96933->96917 96934->96926 96935->96928 96936->96930 96937->96921 96938->96924 96942 d6008d __FrameHandler3::FrameUnwindToState 96939->96942 96940 d6009b 96996 d4f2d9 20 API calls __dosmaperr 96940->96996 96942->96940 96944 d600d4 96942->96944 96943 d600a0 96997 d527ec 26 API calls __fread_nolock 96943->96997 96950 d6065b 96944->96950 96948 d600aa __fread_nolock 96948->96933 96951 d60678 96950->96951 96952 d606a6 96951->96952 96953 d6068d 96951->96953 96999 d55221 96952->96999 97013 d4f2c6 20 API calls __dosmaperr 96953->97013 96956 d60692 97014 d4f2d9 20 API calls __dosmaperr 96956->97014 96957 d606ab 96958 d606b4 96957->96958 96959 d606cb 96957->96959 97015 d4f2c6 20 API calls __dosmaperr 96958->97015 97012 d6039a CreateFileW 96959->97012 96963 d606b9 97016 d4f2d9 20 API calls __dosmaperr 96963->97016 96964 d600f8 96998 d60121 LeaveCriticalSection __wsopen_s 96964->96998 96966 d60781 GetFileType 96967 d607d3 96966->96967 96968 d6078c GetLastError 96966->96968 97021 d5516a 21 API calls 3 library calls 96967->97021 97019 d4f2a3 20 API calls 2 library calls 96968->97019 96969 d60756 GetLastError 97018 d4f2a3 20 API calls 2 library calls 96969->97018 96971 d60704 96971->96966 96971->96969 97017 d6039a CreateFileW 96971->97017 96973 d6079a CloseHandle 96973->96956 96975 d607c3 96973->96975 97020 d4f2d9 20 API calls __dosmaperr 96975->97020 96977 d60749 96977->96966 96977->96969 96979 d607f4 96981 d60840 96979->96981 97022 d605ab 72 API calls 4 library calls 96979->97022 96980 d607c8 96980->96956 96985 d6086d 96981->96985 97023 d6014d 72 API calls 4 library calls 96981->97023 96984 d60866 96984->96985 96986 d6087e 96984->96986 96987 d586ae __wsopen_s 29 API calls 96985->96987 96986->96964 96988 d608fc CloseHandle 96986->96988 96987->96964 97024 d6039a CreateFileW 96988->97024 96990 d60927 96991 d6095d 96990->96991 96992 d60931 GetLastError 96990->96992 96991->96964 97025 d4f2a3 20 API calls 2 library calls 96992->97025 96994 d6093d 97026 d55333 21 API calls 3 library calls 96994->97026 96996->96943 96997->96948 96998->96948 97000 d5522d __FrameHandler3::FrameUnwindToState 96999->97000 97027 d52f5e EnterCriticalSection 97000->97027 97002 d5527b 97028 d5532a 97002->97028 97003 d55234 97003->97002 97004 d55259 97003->97004 97009 d552c7 EnterCriticalSection 97003->97009 97006 d55000 __wsopen_s 21 API calls 97004->97006 97008 d5525e 97006->97008 97007 d552a4 __fread_nolock 97007->96957 97008->97002 97031 d55147 EnterCriticalSection 97008->97031 97009->97002 97010 d552d4 LeaveCriticalSection 97009->97010 97010->97003 97012->96971 97013->96956 97014->96964 97015->96963 97016->96956 97017->96977 97018->96956 97019->96973 97020->96980 97021->96979 97022->96981 97023->96984 97024->96990 97025->96994 97026->96991 97027->97003 97032 d52fa6 LeaveCriticalSection 97028->97032 97030 d55331 97030->97007 97031->97002 97032->97030 97033 d21cad SystemParametersInfoW

                                            Executed Functions

                                            Function 00D242DE Relevance: 21.2, APIs: 9, Strings: 3, Instructions: 235libraryloaderCOMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 234 d242de-d2434d call d2a961 GetVersionExW call d26b57 239 d63617-d6362a 234->239 240 d24353 234->240 241 d6362b-d6362f 239->241 242 d24355-d24357 240->242 243 d63632-d6363e 241->243 244 d63631 241->244 245 d63656 242->245 246 d2435d-d243bc call d293b2 call d237a0 242->246 243->241 247 d63640-d63642 243->247 244->243 250 d6365d-d63660 245->250 261 d243c2-d243c4 246->261 262 d637df-d637e6 246->262 247->242 249 d63648-d6364f 247->249 249->239 252 d63651 249->252 253 d63666-d636a8 250->253 254 d2441b-d24435 GetCurrentProcess IsWow64Process 250->254 252->245 253->254 258 d636ae-d636b1 253->258 256 d24437 254->256 257 d24494-d2449a 254->257 260 d2443d-d24449 256->260 257->260 263 d636b3-d636bd 258->263 264 d636db-d636e5 258->264 270 d63824-d63828 GetSystemInfo 260->270 271 d2444f-d2445e LoadLibraryA 260->271 261->250 265 d243ca-d243dd 261->265 266 d63806-d63809 262->266 267 d637e8 262->267 272 d636bf-d636c5 263->272 273 d636ca-d636d6 263->273 268 d636e7-d636f3 264->268 269 d636f8-d63702 264->269 274 d63726-d6372f 265->274 275 d243e3-d243e5 265->275 279 d637f4-d637fc 266->279 280 d6380b-d6381a 266->280 276 d637ee 267->276 268->254 277 d63704-d63710 269->277 278 d63715-d63721 269->278 281 d24460-d2446e GetProcAddress 271->281 282 d2449c-d244a6 GetSystemInfo 271->282 272->254 273->254 286 d63731-d63737 274->286 287 d6373c-d63748 274->287 284 d243eb-d243ee 275->284 285 d6374d-d63762 275->285 276->279 277->254 278->254 279->266 280->276 288 d6381c-d63822 280->288 281->282 289 d24470-d24474 GetNativeSystemInfo 281->289 283 d24476-d24478 282->283 294 d24481-d24493 283->294 295 d2447a-d2447b FreeLibrary 283->295 290 d243f4-d2440f 284->290 291 d63791-d63794 284->291 292 d63764-d6376a 285->292 293 d6376f-d6377b 285->293 286->254 287->254 288->279 289->283 296 d63780-d6378c 290->296 297 d24415 290->297 291->254 298 d6379a-d637c1 291->298 292->254 293->254 295->294 296->254 297->254 299 d637c3-d637c9 298->299 300 d637ce-d637da 298->300 299->254 300->254
                                            APIs
                                            • GetVersionExW.KERNEL32(?), ref: 00D2430D
                                              • Part of subcall function 00D26B57: _wcslen.LIBCMT ref: 00D26B6A
                                            • GetCurrentProcess.KERNEL32(?,00DBCB64,00000000,?,?), ref: 00D24422
                                            • IsWow64Process.KERNEL32(00000000,?,?), ref: 00D24429
                                            • LoadLibraryA.KERNEL32(kernel32.dll,?,?), ref: 00D24454
                                            • GetProcAddress.KERNEL32(00000000,GetNativeSystemInfo), ref: 00D24466
                                            • GetNativeSystemInfo.KERNEL32(?,?,?), ref: 00D24474
                                            • FreeLibrary.KERNEL32(00000000,?,?), ref: 00D2447B
                                            • GetSystemInfo.KERNEL32(?,?,?), ref: 00D244A0
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1670591504.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                            • Associated: 00000000.00000002.1670566303.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DBC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670670449.0000000000DEC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670683312.0000000000DF4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                            Similarity
                                            • API ID: InfoLibraryProcessSystem$AddressCurrentFreeLoadNativeProcVersionWow64_wcslen
                                            • String ID: GetNativeSystemInfo$kernel32.dll$|O
                                            • API String ID: 3290436268-3101561225
                                            • Opcode ID: 19e17f5bc0857b775552ab4a73ce444e7610c71a61dbe98b5db862ddfbdbc6e1
                                            • Instruction ID: b857e0b0a24734cd7741af1dbd28d50cbb284ed716943c4dde2838f98797ddb7
                                            • Opcode Fuzzy Hash: 19e17f5bc0857b775552ab4a73ce444e7610c71a61dbe98b5db862ddfbdbc6e1
                                            • Instruction Fuzzy Hash: 61A1BE6E91A3D4DFCB12DB6DBC401B97FE47B36344B08D8A9E485D7B22D2614A09CB31
                                            Function 00D242A2 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 61COMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 638 d242a2-d242ba CreateStreamOnHGlobal 639 d242da-d242dd 638->639 640 d242bc-d242d3 FindResourceExW 638->640 641 d242d9 640->641 642 d635ba-d635c9 LoadResource 640->642 641->639 642->641 643 d635cf-d635dd SizeofResource 642->643 643->641 644 d635e3-d635ee LockResource 643->644 644->641 645 d635f4-d63612 644->645 645->641
                                            APIs
                                            • CreateStreamOnHGlobal.OLE32(00000000,00000001,?,?,?,?,?,00D250AA,?,?,00000000,00000000), ref: 00D242B2
                                            • FindResourceExW.KERNEL32(?,0000000A,SCRIPT,00000000,?,?,00D250AA,?,?,00000000,00000000), ref: 00D242C9
                                            • LoadResource.KERNEL32(?,00000000,?,?,00D250AA,?,?,00000000,00000000,?,?,?,?,?,?,00D24F20), ref: 00D635BE
                                            • SizeofResource.KERNEL32(?,00000000,?,?,00D250AA,?,?,00000000,00000000,?,?,?,?,?,?,00D24F20), ref: 00D635D3
                                            • LockResource.KERNEL32(00D250AA,?,?,00D250AA,?,?,00000000,00000000,?,?,?,?,?,?,00D24F20,?), ref: 00D635E6
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1670591504.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                            • Associated: 00000000.00000002.1670566303.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DBC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670670449.0000000000DEC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670683312.0000000000DF4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                            Similarity
                                            • API ID: Resource$CreateFindGlobalLoadLockSizeofStream
                                            • String ID: SCRIPT
                                            • API String ID: 3051347437-3967369404
                                            • Opcode ID: 9a8e32da7732c5979e9d10cdb8f1b81124572971a6a0d64e91bea37f9af47347
                                            • Instruction ID: 7e3f1ce641b9c5457a0be1a3fa6bf5fddf239741730ec7d81f013f30bf8248ac
                                            • Opcode Fuzzy Hash: 9a8e32da7732c5979e9d10cdb8f1b81124572971a6a0d64e91bea37f9af47347
                                            • Instruction Fuzzy Hash: 4E115A70201700EFDB218B66EC48F677BB9EFD5B55F144269B802DA250DB72D8008634
                                            Function 00D62BA5 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 62COMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            APIs
                                            • SetCurrentDirectoryW.KERNEL32(?), ref: 00D22B6B
                                              • Part of subcall function 00D23A5A: GetModuleFileNameW.KERNEL32(00000000,?,00007FFF,00DF1418,?,00D22E7F,?,?,?,00000000), ref: 00D23A78
                                              • Part of subcall function 00D29CB3: _wcslen.LIBCMT ref: 00D29CBD
                                            • GetForegroundWindow.USER32(runas,?,?,?,?,?,00DE2224), ref: 00D62C10
                                            • ShellExecuteW.SHELL32(00000000,?,?,00DE2224), ref: 00D62C17
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1670591504.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                            • Associated: 00000000.00000002.1670566303.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DBC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670670449.0000000000DEC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670683312.0000000000DF4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                            Similarity
                                            • API ID: CurrentDirectoryExecuteFileForegroundModuleNameShellWindow_wcslen
                                            • String ID: runas
                                            • API String ID: 448630720-4000483414
                                            • Opcode ID: a6c9ab38b64dd13040e4fb3a37821b8a80709d35dde10268ad6d1e359bd44d26
                                            • Instruction ID: fbf3dc98e3f94dc939736846f110b7ed2e0e865ef2eefdb6b548ce937d3dbf51
                                            • Opcode Fuzzy Hash: a6c9ab38b64dd13040e4fb3a37821b8a80709d35dde10268ad6d1e359bd44d26
                                            • Instruction Fuzzy Hash: 07110331208355EAC704FF24F8619BEB7A4EBF0348F48582CF182531A2CF258A09C732
                                            Function 00D8D4DC Relevance: 6.1, APIs: 4, Instructions: 86processCOMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            APIs
                                            • CreateToolhelp32Snapshot.KERNEL32 ref: 00D8D501
                                            • Process32FirstW.KERNEL32(00000000,?), ref: 00D8D50F
                                            • Process32NextW.KERNEL32(00000000,?), ref: 00D8D52F
                                            • FindCloseChangeNotification.KERNEL32(00000000), ref: 00D8D5DC
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1670591504.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                            • Associated: 00000000.00000002.1670566303.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DBC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670670449.0000000000DEC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670683312.0000000000DF4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                            Similarity
                                            • API ID: Process32$ChangeCloseCreateFindFirstNextNotificationSnapshotToolhelp32
                                            • String ID:
                                            • API String ID: 3243318325-0
                                            • Opcode ID: fd300cfac6a3e0ce0d9c98c33b32e09d51bcfbdd775845d188a4a6f639d2a67d
                                            • Instruction ID: 7a465c862b3cbdc0946bf0635f69ebd96444470314fa731531890394edcd5410
                                            • Opcode Fuzzy Hash: fd300cfac6a3e0ce0d9c98c33b32e09d51bcfbdd775845d188a4a6f639d2a67d
                                            • Instruction Fuzzy Hash: 6A319F711083009FD301EF54D891AAFBBE8FFA9358F54092DF581962E1EB719948CBB2
                                            Function 00D8DBBE Relevance: 6.0, APIs: 4, Instructions: 29filestringCOMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 907 d8dbbe-d8dbda lstrlenW 908 d8dbdc-d8dbe6 GetFileAttributesW 907->908 909 d8dc06 907->909 910 d8dbe8-d8dbf7 FindFirstFileW 908->910 911 d8dc09-d8dc0d 908->911 909->911 910->909 912 d8dbf9-d8dc04 FindClose 910->912 912->911
                                            APIs
                                            • lstrlenW.KERNEL32(?,00D65222), ref: 00D8DBCE
                                            • GetFileAttributesW.KERNEL32(?), ref: 00D8DBDD
                                            • FindFirstFileW.KERNEL32(?,?), ref: 00D8DBEE
                                            • FindClose.KERNEL32(00000000), ref: 00D8DBFA
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1670591504.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                            • Associated: 00000000.00000002.1670566303.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DBC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670670449.0000000000DEC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670683312.0000000000DF4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                            Similarity
                                            • API ID: FileFind$AttributesCloseFirstlstrlen
                                            • String ID:
                                            • API String ID: 2695905019-0
                                            • Opcode ID: ed8e01978f08383c18792d0d41f3dc58008ae4b7bf8a5cafb9170800fb6f798f
                                            • Instruction ID: e010530477fc2d1b9122b2d3aef4dbc2c2c653f2d3c2b046a89b6c8f2b45283f
                                            • Opcode Fuzzy Hash: ed8e01978f08383c18792d0d41f3dc58008ae4b7bf8a5cafb9170800fb6f798f
                                            • Instruction Fuzzy Hash: 38F0E530820A10D78220BB7CAC0D8AA377DAE05334B144706F876C22F0EBB09D54C7F9
                                            Function 00D44CE8 Relevance: 4.5, APIs: 3, Instructions: 20COMMONLIBRARYCODE
                                            Download Yara Rule
                                            APIs
                                            • GetCurrentProcess.KERNEL32(00D528E9,?,00D44CBE,00D528E9,00DE88B8,0000000C,00D44E15,00D528E9,00000002,00000000,?,00D528E9), ref: 00D44D09
                                            • TerminateProcess.KERNEL32(00000000,?,00D44CBE,00D528E9,00DE88B8,0000000C,00D44E15,00D528E9,00000002,00000000,?,00D528E9), ref: 00D44D10
                                            • ExitProcess.KERNEL32 ref: 00D44D22
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1670591504.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                            • Associated: 00000000.00000002.1670566303.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DBC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670670449.0000000000DEC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670683312.0000000000DF4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                            Similarity
                                            • API ID: Process$CurrentExitTerminate
                                            • String ID:
                                            • API String ID: 1703294689-0
                                            • Opcode ID: 16f890784aa1f60c884be1f5a501191cb30f8e98dd112d0212cf90a737166865
                                            • Instruction ID: e5d2201c762fc4d2f6e0b9c23fb8988d230695a78796c66816cf48967d8a0028
                                            • Opcode Fuzzy Hash: 16f890784aa1f60c884be1f5a501191cb30f8e98dd112d0212cf90a737166865
                                            • Instruction Fuzzy Hash: F4E0B631410248EBCF11AF54DD09A583BA9FB41792B544118FC05DA222CB35DD82CAB0
                                            Function 00D2D730 Relevance: 21.6, APIs: 14, Instructions: 625windowsleeptimeCOMMON
                                            Download Yara Rule
                                            APIs
                                            • GetInputState.USER32 ref: 00D2D807
                                            • timeGetTime.WINMM ref: 00D2DA07
                                            • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00D2DB28
                                            • TranslateMessage.USER32(?), ref: 00D2DB7B
                                            • DispatchMessageW.USER32(?), ref: 00D2DB89
                                            • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00D2DB9F
                                            • Sleep.KERNEL32(0000000A), ref: 00D2DBB1
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1670591504.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                            • Associated: 00000000.00000002.1670566303.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DBC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670670449.0000000000DEC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670683312.0000000000DF4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                            Similarity
                                            • API ID: Message$Peek$DispatchInputSleepStateTimeTranslatetime
                                            • String ID:
                                            • API String ID: 2189390790-0
                                            • Opcode ID: 2cc27813ed4a74e2e9173203720666b6f88b224da65fcd62fda4d14637aef340
                                            • Instruction ID: 6ec68a41cd75ce5f09e7521fbc928296e9b2449fe39634b2a6996e6ecd8b22de
                                            • Opcode Fuzzy Hash: 2cc27813ed4a74e2e9173203720666b6f88b224da65fcd62fda4d14637aef340
                                            • Instruction Fuzzy Hash: 3342BF30608351DFD729CB24D854BBAB7E2FFA5308F188659F49987291D771E884CBB2
                                            Function 00D22CD4 Relevance: 19.3, APIs: 7, Strings: 4, Instructions: 53windowregistryCOMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            APIs
                                            • GetSysColorBrush.USER32(0000000F), ref: 00D22D07
                                            • RegisterClassExW.USER32(00000030), ref: 00D22D31
                                            • RegisterWindowMessageW.USER32(TaskbarCreated), ref: 00D22D42
                                            • InitCommonControlsEx.COMCTL32(?), ref: 00D22D5F
                                            • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000001,00000001), ref: 00D22D6F
                                            • LoadIconW.USER32(000000A9), ref: 00D22D85
                                            • ImageList_ReplaceIcon.COMCTL32(000000FF,00000000), ref: 00D22D94
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1670591504.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                            • Associated: 00000000.00000002.1670566303.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DBC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670670449.0000000000DEC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670683312.0000000000DF4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                            Similarity
                                            • API ID: IconImageList_Register$BrushClassColorCommonControlsCreateInitLoadMessageReplaceWindow
                                            • String ID: +$0$AutoIt v3 GUI$TaskbarCreated
                                            • API String ID: 2914291525-1005189915
                                            • Opcode ID: 8313a68a666638142f351af7497750adfeccaea5d53b0b4822ff978f09803ee9
                                            • Instruction ID: efb4ca250a816a0311fe66b8be42bda2cb0ade7cb4733e1924f2ac974ade067f
                                            • Opcode Fuzzy Hash: 8313a68a666638142f351af7497750adfeccaea5d53b0b4822ff978f09803ee9
                                            • Instruction Fuzzy Hash: EF21A3B9911319EFDB009FA4E849BEDBBB4FB08701F10921AF551E63A0D7B15544CFA1
                                            Function 00D6065B Relevance: 17.8, APIs: 9, Strings: 1, Instructions: 272COMMONLIBRARYCODE
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 302 d6065b-d6068b call d6042f 305 d606a6-d606b2 call d55221 302->305 306 d6068d-d60698 call d4f2c6 302->306 312 d606b4-d606c9 call d4f2c6 call d4f2d9 305->312 313 d606cb-d60714 call d6039a 305->313 311 d6069a-d606a1 call d4f2d9 306->311 323 d6097d-d60983 311->323 312->311 321 d60716-d6071f 313->321 322 d60781-d6078a GetFileType 313->322 327 d60756-d6077c GetLastError call d4f2a3 321->327 328 d60721-d60725 321->328 324 d607d3-d607d6 322->324 325 d6078c-d607bd GetLastError call d4f2a3 CloseHandle 322->325 330 d607df-d607e5 324->330 331 d607d8-d607dd 324->331 325->311 339 d607c3-d607ce call d4f2d9 325->339 327->311 328->327 332 d60727-d60754 call d6039a 328->332 335 d607e9-d60837 call d5516a 330->335 336 d607e7 330->336 331->335 332->322 332->327 345 d60847-d6086b call d6014d 335->345 346 d60839-d60845 call d605ab 335->346 336->335 339->311 352 d6087e-d608c1 345->352 353 d6086d 345->353 346->345 351 d6086f-d60879 call d586ae 346->351 351->323 355 d608e2-d608f0 352->355 356 d608c3-d608c7 352->356 353->351 359 d608f6-d608fa 355->359 360 d6097b 355->360 356->355 358 d608c9-d608dd 356->358 358->355 359->360 361 d608fc-d6092f CloseHandle call d6039a 359->361 360->323 364 d60963-d60977 361->364 365 d60931-d6095d GetLastError call d4f2a3 call d55333 361->365 364->360 365->364
                                            APIs
                                              • Part of subcall function 00D6039A: CreateFileW.KERNEL32(00000000,00000000,?,00D60704,?,?,00000000,?,00D60704,00000000,0000000C), ref: 00D603B7
                                            • GetLastError.KERNEL32 ref: 00D6076F
                                            • __dosmaperr.LIBCMT ref: 00D60776
                                            • GetFileType.KERNEL32(00000000), ref: 00D60782
                                            • GetLastError.KERNEL32 ref: 00D6078C
                                            • __dosmaperr.LIBCMT ref: 00D60795
                                            • CloseHandle.KERNEL32(00000000), ref: 00D607B5
                                            • CloseHandle.KERNEL32(?), ref: 00D608FF
                                            • GetLastError.KERNEL32 ref: 00D60931
                                            • __dosmaperr.LIBCMT ref: 00D60938
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1670591504.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                            • Associated: 00000000.00000002.1670566303.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DBC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670670449.0000000000DEC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670683312.0000000000DF4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                            Similarity
                                            • API ID: ErrorLast__dosmaperr$CloseFileHandle$CreateType
                                            • String ID: H
                                            • API String ID: 4237864984-2852464175
                                            • Opcode ID: a4b271e8ca231b4aade591492749279ca0cf774c077d8cbb5a212600302c6e94
                                            • Instruction ID: dda5becf2a4841c3d6f4206907a071ce13c856f91f563c726a7706fbe7575387
                                            • Opcode Fuzzy Hash: a4b271e8ca231b4aade591492749279ca0cf774c077d8cbb5a212600302c6e94
                                            • Instruction Fuzzy Hash: 17A10432A142048FDF19EF68D891BAE7FA1EF46320F184159F815DB3A2D7319912CBB1
                                            Function 00D2344D Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 201registryCOMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            APIs
                                              • Part of subcall function 00D23A5A: GetModuleFileNameW.KERNEL32(00000000,?,00007FFF,00DF1418,?,00D22E7F,?,?,?,00000000), ref: 00D23A78
                                              • Part of subcall function 00D23357: GetFullPathNameW.KERNEL32(?,00007FFF,?,?), ref: 00D23379
                                            • RegOpenKeyExW.KERNEL32(80000001,Software\AutoIt v3\AutoIt,00000000,00000001,?,?,\Include\), ref: 00D2356A
                                            • RegQueryValueExW.ADVAPI32(?,Include,00000000,00000000,00000000,?), ref: 00D6318D
                                            • RegQueryValueExW.ADVAPI32(?,Include,00000000,00000000,?,?,00000000), ref: 00D631CE
                                            • RegCloseKey.ADVAPI32(?), ref: 00D63210
                                            • _wcslen.LIBCMT ref: 00D63277
                                            • _wcslen.LIBCMT ref: 00D63286
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1670591504.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                            • Associated: 00000000.00000002.1670566303.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DBC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670670449.0000000000DEC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670683312.0000000000DF4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                            Similarity
                                            • API ID: NameQueryValue_wcslen$CloseFileFullModuleOpenPath
                                            • String ID: Include$Software\AutoIt v3\AutoIt$\$\Include\
                                            • API String ID: 98802146-2727554177
                                            • Opcode ID: 821ff9230825c1da1b34c30359196d30c8aff3a3fe6c918047ddee6cfc138f55
                                            • Instruction ID: 36fa0555614edd763baf62605d445787948f349671bd043226a745e46493f284
                                            • Opcode Fuzzy Hash: 821ff9230825c1da1b34c30359196d30c8aff3a3fe6c918047ddee6cfc138f55
                                            • Instruction Fuzzy Hash: 477158B14043159FC314EF29EC919BABBE8FF99754B44442EF545C7260EB349A48CB72
                                            Function 00D22B83 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 63windowregistryCOMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            APIs
                                            • GetSysColorBrush.USER32(0000000F), ref: 00D22B8E
                                            • LoadCursorW.USER32(00000000,00007F00), ref: 00D22B9D
                                            • LoadIconW.USER32(00000063), ref: 00D22BB3
                                            • LoadIconW.USER32(000000A4), ref: 00D22BC5
                                            • LoadIconW.USER32(000000A2), ref: 00D22BD7
                                            • LoadImageW.USER32(00000063,00000001,00000010,00000010,00000000), ref: 00D22BEF
                                            • RegisterClassExW.USER32(?), ref: 00D22C40
                                              • Part of subcall function 00D22CD4: GetSysColorBrush.USER32(0000000F), ref: 00D22D07
                                              • Part of subcall function 00D22CD4: RegisterClassExW.USER32(00000030), ref: 00D22D31
                                              • Part of subcall function 00D22CD4: RegisterWindowMessageW.USER32(TaskbarCreated), ref: 00D22D42
                                              • Part of subcall function 00D22CD4: InitCommonControlsEx.COMCTL32(?), ref: 00D22D5F
                                              • Part of subcall function 00D22CD4: ImageList_Create.COMCTL32(00000010,00000010,00000021,00000001,00000001), ref: 00D22D6F
                                              • Part of subcall function 00D22CD4: LoadIconW.USER32(000000A9), ref: 00D22D85
                                              • Part of subcall function 00D22CD4: ImageList_ReplaceIcon.COMCTL32(000000FF,00000000), ref: 00D22D94
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1670591504.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                            • Associated: 00000000.00000002.1670566303.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DBC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670670449.0000000000DEC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670683312.0000000000DF4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                            Similarity
                                            • API ID: Load$Icon$ImageRegister$BrushClassColorList_$CommonControlsCreateCursorInitMessageReplaceWindow
                                            • String ID: #$0$AutoIt v3
                                            • API String ID: 423443420-4155596026
                                            • Opcode ID: 4b53d673f90ac84264259d91fb9cc5a5d1fd7eb58f4606872d156809eb5d5378
                                            • Instruction ID: 47ee16c13b0597db14f7fee86cbb203d7c3726cc91b11f668e468e930eeb3164
                                            • Opcode Fuzzy Hash: 4b53d673f90ac84264259d91fb9cc5a5d1fd7eb58f4606872d156809eb5d5378
                                            • Instruction Fuzzy Hash: 4B210778E10319EBDB109FA6EC59AAA7FF4FB48B50F10811AE500E67A0D7B11544CFA0
                                            Function 00D23170 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 145windowtimeregistryCOMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 443 d23170-d23185 444 d23187-d2318a 443->444 445 d231e5-d231e7 443->445 447 d231eb 444->447 448 d2318c-d23193 444->448 445->444 446 d231e9 445->446 449 d231d0-d231d8 DefWindowProcW 446->449 450 d231f1-d231f6 447->450 451 d62dfb-d62e23 call d218e2 call d3e499 447->451 452 d23265-d2326d PostQuitMessage 448->452 453 d23199-d2319e 448->453 454 d231de-d231e4 449->454 456 d231f8-d231fb 450->456 457 d2321d-d23244 SetTimer RegisterWindowMessageW 450->457 485 d62e28-d62e2f 451->485 455 d23219-d2321b 452->455 459 d231a4-d231a8 453->459 460 d62e7c-d62e90 call d8bf30 453->460 455->454 461 d23201-d2320f KillTimer call d230f2 456->461 462 d62d9c-d62d9f 456->462 457->455 464 d23246-d23251 CreatePopupMenu 457->464 465 d231ae-d231b3 459->465 466 d62e68-d62e77 call d8c161 459->466 460->455 476 d62e96 460->476 480 d23214 call d23c50 461->480 468 d62dd7-d62df6 MoveWindow 462->468 469 d62da1-d62da5 462->469 464->455 473 d62e4d-d62e54 465->473 474 d231b9-d231be 465->474 466->455 468->455 477 d62dc6-d62dd2 SetFocus 469->477 478 d62da7-d62daa 469->478 473->449 479 d62e5a-d62e63 call d80ad7 473->479 483 d23253-d23263 call d2326f 474->483 484 d231c4-d231ca 474->484 476->449 477->455 478->484 486 d62db0-d62dc1 call d218e2 478->486 479->449 480->455 483->455 484->449 484->485 485->449 491 d62e35-d62e48 call d230f2 call d23837 485->491 486->455 491->449
                                            APIs
                                            • DefWindowProcW.USER32(?,?,?,?,?,?,?,?,?,00D2316A,?,?), ref: 00D231D8
                                            • KillTimer.USER32(?,00000001,?,?,?,?,?,00D2316A,?,?), ref: 00D23204
                                            • SetTimer.USER32(?,00000001,000002EE,00000000), ref: 00D23227
                                            • RegisterWindowMessageW.USER32(TaskbarCreated,?,?,?,?,?,00D2316A,?,?), ref: 00D23232
                                            • CreatePopupMenu.USER32 ref: 00D23246
                                            • PostQuitMessage.USER32(00000000), ref: 00D23267
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1670591504.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                            • Associated: 00000000.00000002.1670566303.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DBC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670670449.0000000000DEC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670683312.0000000000DF4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                            Similarity
                                            • API ID: MessageTimerWindow$CreateKillMenuPopupPostProcQuitRegister
                                            • String ID: TaskbarCreated
                                            • API String ID: 129472671-2362178303
                                            • Opcode ID: 1bd353c07c5121799a40cb8ea4eeb5bb5b68b3ab221c81f2f5e93e4d34cb932e
                                            • Instruction ID: 3b1e4c737f7b08807de5d0bbba26a07fe26f8b7f6e0e6a544836d4c34260edb9
                                            • Opcode Fuzzy Hash: 1bd353c07c5121799a40cb8ea4eeb5bb5b68b3ab221c81f2f5e93e4d34cb932e
                                            • Instruction Fuzzy Hash: 34416B39210328E7DB151B78BC0DB793668FB6530CF088125F591D53A2CB7ACA40DBB5
                                            Function 00D21410 Relevance: 14.3, APIs: 7, Strings: 1, Instructions: 332comCOMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 499 d21410-d21449 500 d2144f-d21465 mciSendStringW 499->500 501 d624b8-d624b9 DestroyWindow 499->501 502 d216c6-d216d3 500->502 503 d2146b-d21473 500->503 504 d624c4-d624d1 501->504 506 d216d5-d216f0 UnregisterHotKey 502->506 507 d216f8-d216ff 502->507 503->504 505 d21479-d21488 call d2182e 503->505 508 d624d3-d624d6 504->508 509 d62500-d62507 504->509 520 d6250e-d6251a 505->520 521 d2148e-d21496 505->521 506->507 511 d216f2-d216f3 call d210d0 506->511 507->503 512 d21705 507->512 513 d624e2-d624e5 FindClose 508->513 514 d624d8-d624e0 call d26246 508->514 509->504 517 d62509 509->517 511->507 512->502 519 d624eb-d624f8 513->519 514->519 517->520 519->509 525 d624fa-d624fb call d932b1 519->525 522 d62524-d6252b 520->522 523 d6251c-d6251e FreeLibrary 520->523 526 d62532-d6253f 521->526 527 d2149c-d214c1 call d2cfa0 521->527 522->520 528 d6252d 522->528 523->522 525->509 529 d62566-d6256d 526->529 530 d62541-d6255e VirtualFree 526->530 537 d214c3 527->537 538 d214f8-d21503 OleUninitialize 527->538 528->526 529->526 534 d6256f 529->534 530->529 533 d62560-d62561 call d93317 530->533 533->529 540 d62574-d62578 534->540 539 d214c6-d214f6 call d21a05 call d219ae 537->539 538->540 541 d21509-d2150e 538->541 539->538 540->541 545 d6257e-d62584 540->545 543 d21514-d2151e 541->543 544 d62589-d62596 call d932eb 541->544 548 d21707-d21714 call d3f80e 543->548 549 d21524-d215a5 call d2988f call d21944 call d217d5 call d3fe14 call d2177c call d2988f call d2cfa0 call d217fe call d3fe14 543->549 557 d62598 544->557 545->541 548->549 559 d2171a 548->559 561 d6259d-d625bf call d3fdcd 549->561 589 d215ab-d215cf call d3fe14 549->589 557->561 559->548 567 d625c1 561->567 571 d625c6-d625e8 call d3fdcd 567->571 577 d625ea 571->577 579 d625ef-d62611 call d3fdcd 577->579 585 d62613 579->585 588 d62618-d62625 call d864d4 585->588 594 d62627 588->594 589->571 595 d215d5-d215f9 call d3fe14 589->595 598 d6262c-d62639 call d3ac64 594->598 595->579 599 d215ff-d21619 call d3fe14 595->599 604 d6263b 598->604 599->588 605 d2161f-d21643 call d217d5 call d3fe14 599->605 607 d62640-d6264d call d93245 604->607 605->598 614 d21649-d21651 605->614 612 d6264f 607->612 615 d62654-d62661 call d932cc 612->615 614->607 616 d21657-d21675 call d2988f call d2190a 614->616 621 d62663 615->621 616->615 625 d2167b-d21689 616->625 624 d62668-d62675 call d932cc 621->624 631 d62677 624->631 625->624 626 d2168f-d216c5 call d2988f * 3 call d21876 625->626 631->631
                                            APIs
                                            • mciSendStringW.WINMM(close all,00000000,00000000,00000000), ref: 00D21459
                                            • OleUninitialize.OLE32(?,00000000), ref: 00D214F8
                                            • UnregisterHotKey.USER32(?), ref: 00D216DD
                                            • DestroyWindow.USER32(?), ref: 00D624B9
                                            • FreeLibrary.KERNEL32(?), ref: 00D6251E
                                            • VirtualFree.KERNEL32(?,00000000,00008000), ref: 00D6254B
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1670591504.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                            • Associated: 00000000.00000002.1670566303.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DBC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670670449.0000000000DEC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670683312.0000000000DF4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                            Similarity
                                            • API ID: Free$DestroyLibrarySendStringUninitializeUnregisterVirtualWindow
                                            • String ID: close all
                                            • API String ID: 469580280-3243417748
                                            • Opcode ID: 6e582e14f2f9f9232f20f4c0898dee1a094f3b32c16622c8fa0e93f5ce7a4905
                                            • Instruction ID: 5011f9003874395c8e494ac7a9d16e13f5e0c2bffd3453f3f6f1b134041990af
                                            • Opcode Fuzzy Hash: 6e582e14f2f9f9232f20f4c0898dee1a094f3b32c16622c8fa0e93f5ce7a4905
                                            • Instruction Fuzzy Hash: 7CD13935601622CFDB29EF54D499A29F7A0FF25704F1482ADE44AAB261DB30ED12CF70
                                            Function 00D22C63 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 44COMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 648 d22c63-d22cd3 CreateWindowExW * 2 ShowWindow * 2
                                            APIs
                                            • CreateWindowExW.USER32(00000000,AutoIt v3,AutoIt v3,00CF0000,80000000,80000000,0000012C,00000064,00000000,00000000,00000000,00000001), ref: 00D22C91
                                            • CreateWindowExW.USER32(00000000,edit,00000000,50B008C4,00000000,00000000,00000000,00000000,00000000,00000001,00000000), ref: 00D22CB2
                                            • ShowWindow.USER32(00000000,?,?,?,?,?,?,00D21CAD,?), ref: 00D22CC6
                                            • ShowWindow.USER32(00000000,?,?,?,?,?,?,00D21CAD,?), ref: 00D22CCF
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1670591504.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                            • Associated: 00000000.00000002.1670566303.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DBC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670670449.0000000000DEC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670683312.0000000000DF4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                            Similarity
                                            • API ID: Window$CreateShow
                                            • String ID: AutoIt v3$edit
                                            • API String ID: 1584632944-3779509399
                                            • Opcode ID: 536de0b6bb8d3da035542e9f32225a4da35040c9c6fab2e4ef6a0729fbc100bb
                                            • Instruction ID: 086e222f906a1b8490d1a32497025590bdcdf0064ed8067564d21d7096080855
                                            • Opcode Fuzzy Hash: 536de0b6bb8d3da035542e9f32225a4da35040c9c6fab2e4ef6a0729fbc100bb
                                            • Instruction Fuzzy Hash: 8EF0DA7A550390FAEB311757AC08EB72EBDE7C7F60B00905AF900E67A0C6611850DEB0
                                            Function 00DAAD64 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 176COMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 763 daad64-daad9c call d2a961 call d42340 768 daad9e-daadb5 call d27510 763->768 769 daadd1-daadd5 763->769 768->769 778 daadb7-daadce call d27510 call d27620 768->778 771 daadf1-daadf5 769->771 772 daadd7-daadee call d27510 call d27620 769->772 775 daae3a 771->775 776 daadf7-daae0e call d27510 771->776 772->771 780 daae3c-daae40 775->780 776->780 787 daae10-daae21 call d29b47 776->787 778->769 784 daae42-daae50 call d2b567 780->784 785 daae53-daaeae call d42340 call d27510 ShellExecuteExW 780->785 784->785 800 daaeb0-daaeb6 call d3fe14 785->800 801 daaeb7-daaeb9 785->801 787->775 799 daae23-daae2e call d27510 787->799 799->775 808 daae30-daae35 call d2a8c7 799->808 800->801 805 daaebb-daaec1 call d3fe14 801->805 806 daaec2-daaec6 801->806 805->806 810 daaf0a-daaf0e 806->810 811 daaec8-daaed6 806->811 808->775 812 daaf1b-daaf33 call d2cfa0 810->812 813 daaf10-daaf19 810->813 816 daaedb-daaeeb 811->816 817 daaed8 811->817 818 daaf6d-daaf7b call d2988f 812->818 826 daaf35-daaf46 GetProcessId 812->826 813->818 820 daaeed 816->820 821 daaef0-daaf08 call d2cfa0 816->821 817->816 820->821 821->818 828 daaf48 826->828 829 daaf4e-daaf67 call d2cfa0 CloseHandle 826->829 828->829 829->818
                                            APIs
                                            • ShellExecuteExW.SHELL32(0000003C), ref: 00DAAEA3
                                              • Part of subcall function 00D27620: _wcslen.LIBCMT ref: 00D27625
                                            • GetProcessId.KERNEL32(00000000), ref: 00DAAF38
                                            • CloseHandle.KERNEL32(00000000), ref: 00DAAF67
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1670591504.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                            • Associated: 00000000.00000002.1670566303.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DBC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670670449.0000000000DEC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670683312.0000000000DF4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                            Similarity
                                            • API ID: CloseExecuteHandleProcessShell_wcslen
                                            • String ID: <$@
                                            • API String ID: 146682121-1426351568
                                            • Opcode ID: 5b0f507baebeff45320a2f01d49254a4d17dcad815d890d07305edf4ca7253ab
                                            • Instruction ID: 07c3e3d3f74bb3d9b9e798c17b847f2811248a9eceb8e1309de742ced48d0664
                                            • Opcode Fuzzy Hash: 5b0f507baebeff45320a2f01d49254a4d17dcad815d890d07305edf4ca7253ab
                                            • Instruction Fuzzy Hash: 62713571A00229DFCB14DF58D484A9EBBF0EF09314F048599E856AB392C774EE45CBB1
                                            Function 00D23B1C Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 58registryCOMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 868 d23b1c-d23b27 869 d23b99-d23b9b 868->869 870 d23b29-d23b2e 868->870 871 d23b8c-d23b8f 869->871 870->869 872 d23b30-d23b48 RegOpenKeyExW 870->872 872->869 873 d23b4a-d23b69 RegQueryValueExW 872->873 874 d23b80-d23b8b RegCloseKey 873->874 875 d23b6b-d23b76 873->875 874->871 876 d23b90-d23b97 875->876 877 d23b78-d23b7a 875->877 878 d23b7e 876->878 877->878 878->874
                                            APIs
                                            • RegOpenKeyExW.KERNEL32(80000001,Control Panel\Mouse,00000000,00000001,00000000,?,?,80000001,80000001,?,00D23B0F,SwapMouseButtons,00000004,?), ref: 00D23B40
                                            • RegQueryValueExW.KERNEL32(00000000,00000000,00000000,00000000,?,?,?,?,?,80000001,80000001,?,00D23B0F,SwapMouseButtons,00000004,?), ref: 00D23B61
                                            • RegCloseKey.KERNEL32(00000000,?,?,?,80000001,80000001,?,00D23B0F,SwapMouseButtons,00000004,?), ref: 00D23B83
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1670591504.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                            • Associated: 00000000.00000002.1670566303.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DBC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670670449.0000000000DEC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670683312.0000000000DF4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                            Similarity
                                            • API ID: CloseOpenQueryValue
                                            • String ID: Control Panel\Mouse
                                            • API String ID: 3677997916-824357125
                                            • Opcode ID: 50baafa8de727b1c7b3890e5907eb82d76c3046159dc8d4287d0afe14cc0cfee
                                            • Instruction ID: 53c66c1efbd155600d295d2c0416c362e75f030c981ccbb783f606e2e9a9ddbb
                                            • Opcode Fuzzy Hash: 50baafa8de727b1c7b3890e5907eb82d76c3046159dc8d4287d0afe14cc0cfee
                                            • Instruction Fuzzy Hash: 03112AB5521218FFDB208FA5EC44AAEB7B8EF14748B144559B805D7210D2359E409B70
                                            Function 00D23923 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 94windowCOMMON
                                            Download Yara Rule
                                            APIs
                                            • LoadStringW.USER32(00000065,?,0000007F,00000104), ref: 00D633A2
                                              • Part of subcall function 00D26B57: _wcslen.LIBCMT ref: 00D26B6A
                                            • Shell_NotifyIconW.SHELL32(00000001,?), ref: 00D23A04
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1670591504.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                            • Associated: 00000000.00000002.1670566303.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DBC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670670449.0000000000DEC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670683312.0000000000DF4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                            Similarity
                                            • API ID: IconLoadNotifyShell_String_wcslen
                                            • String ID: Line:
                                            • API String ID: 2289894680-1585850449
                                            • Opcode ID: fb0abfd11c26d50611697ea3a96615eacffe99781ab44e4d1299be2fd160dcfc
                                            • Instruction ID: b6a678efde924432c08bcb645d3997b7746625d3cfd2e8d41a7e7c35851c0e5e
                                            • Opcode Fuzzy Hash: fb0abfd11c26d50611697ea3a96615eacffe99781ab44e4d1299be2fd160dcfc
                                            • Instruction Fuzzy Hash: 6931E571508324ABC325EB14EC45FEBB3D8EF61318F04492AF59982191EB749648CBF2
                                            Function 00D3FDDB Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 43COMMON
                                            Download Yara Rule
                                            APIs
                                            • __CxxThrowException@8.LIBVCRUNTIME ref: 00D40668
                                              • Part of subcall function 00D432A4: RaiseException.KERNEL32(?,?,?,00D4068A,?,00DF1444,?,?,?,?,?,?,00D4068A,00D21129,00DE8738,00D21129), ref: 00D43304
                                            • __CxxThrowException@8.LIBVCRUNTIME ref: 00D40685
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1670591504.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                            • Associated: 00000000.00000002.1670566303.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DBC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670670449.0000000000DEC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670683312.0000000000DF4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                            Similarity
                                            • API ID: Exception@8Throw$ExceptionRaise
                                            • String ID: Unknown exception
                                            • API String ID: 3476068407-410509341
                                            • Opcode ID: bed604d8ce655c56621f887d3687bfd00eb3cc6c06a744d4fc5c7753509312c0
                                            • Instruction ID: b0b7f1d2dc0b08c8784c4cb078c01825666067f24b975f2fc4751727c0f52828
                                            • Opcode Fuzzy Hash: bed604d8ce655c56621f887d3687bfd00eb3cc6c06a744d4fc5c7753509312c0
                                            • Instruction Fuzzy Hash: 10F0C23490030DB78B00BB69E84AC9E7B6CDE40310B644531BA1996591EF71DA69C9B0
                                            Function 00D210F3 Relevance: 4.7, APIs: 3, Instructions: 153comCOMMON
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 00D21BC3: MapVirtualKeyW.USER32(0000005B,00000000), ref: 00D21BF4
                                              • Part of subcall function 00D21BC3: MapVirtualKeyW.USER32(00000010,00000000), ref: 00D21BFC
                                              • Part of subcall function 00D21BC3: MapVirtualKeyW.USER32(000000A0,00000000), ref: 00D21C07
                                              • Part of subcall function 00D21BC3: MapVirtualKeyW.USER32(000000A1,00000000), ref: 00D21C12
                                              • Part of subcall function 00D21BC3: MapVirtualKeyW.USER32(00000011,00000000), ref: 00D21C1A
                                              • Part of subcall function 00D21BC3: MapVirtualKeyW.USER32(00000012,00000000), ref: 00D21C22
                                              • Part of subcall function 00D21B4A: RegisterWindowMessageW.USER32(00000004,?,00D212C4), ref: 00D21BA2
                                            • GetStdHandle.KERNEL32(000000F6,00000000,00000000), ref: 00D2136A
                                            • OleInitialize.OLE32 ref: 00D21388
                                            • CloseHandle.KERNEL32(00000000,00000000), ref: 00D624AB
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1670591504.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                            • Associated: 00000000.00000002.1670566303.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DBC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670670449.0000000000DEC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670683312.0000000000DF4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                            Similarity
                                            • API ID: Virtual$Handle$CloseInitializeMessageRegisterWindow
                                            • String ID:
                                            • API String ID: 1986988660-0
                                            • Opcode ID: ffb41ce28711273c084f2f684ec719b7256a97972a6eb9b0bf2a55cbef05b401
                                            • Instruction ID: f231bc7582720f4e250a5c8e4f69e21af440a6bd03fa26cd2b0eaf25686d1e7e
                                            • Opcode Fuzzy Hash: ffb41ce28711273c084f2f684ec719b7256a97972a6eb9b0bf2a55cbef05b401
                                            • Instruction Fuzzy Hash: A67195BC911355DEC784EF7AA9456B93AF0FBA8388754C22AD40ACB361EB314448CF70
                                            Function 00D586AE Relevance: 4.6, APIs: 3, Instructions: 61COMMONLIBRARYCODE
                                            Download Yara Rule
                                            APIs
                                            • FindCloseChangeNotification.KERNEL32(00000000,00000000,?,?,00D585CC,?,00DE8CC8,0000000C), ref: 00D58704
                                            • GetLastError.KERNEL32(?,00D585CC,?,00DE8CC8,0000000C), ref: 00D5870E
                                            • __dosmaperr.LIBCMT ref: 00D58739
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1670591504.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                            • Associated: 00000000.00000002.1670566303.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DBC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670670449.0000000000DEC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670683312.0000000000DF4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                            Similarity
                                            • API ID: ChangeCloseErrorFindLastNotification__dosmaperr
                                            • String ID:
                                            • API String ID: 490808831-0
                                            • Opcode ID: 847f509cae56225518e2a00f333bbc29b1c83fb7ac6f13cca0847517552cdaf1
                                            • Instruction ID: 81f7809aa6885a217ea045edc8d6e346264c2868690adb7e5625e49bc47d62ae
                                            • Opcode Fuzzy Hash: 847f509cae56225518e2a00f333bbc29b1c83fb7ac6f13cca0847517552cdaf1
                                            • Instruction Fuzzy Hash: D9012F3261562057DF656334A84577E67458F81777F3D0119FC18EB1E2DDA0CC89D170
                                            Function 00D31310 Relevance: 4.0, APIs: 1, Strings: 1, Instructions: 531COMMON
                                            Download Yara Rule
                                            APIs
                                            • __Init_thread_footer.LIBCMT ref: 00D317F6
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1670591504.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                            • Associated: 00000000.00000002.1670566303.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DBC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670670449.0000000000DEC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670683312.0000000000DF4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                            Similarity
                                            • API ID: Init_thread_footer
                                            • String ID: CALL
                                            • API String ID: 1385522511-4196123274
                                            • Opcode ID: c97860ae31344fab53d42f8dcedc9a1807f81a50736ec54d9e32c1e89c86530d
                                            • Instruction ID: e873600d2e707fdcdcc82f379c9dc3915045a9cc70220dc7cb75558bc2fad346
                                            • Opcode Fuzzy Hash: c97860ae31344fab53d42f8dcedc9a1807f81a50736ec54d9e32c1e89c86530d
                                            • Instruction Fuzzy Hash: 9C2269746082429FC714DF14C895A2ABBF1FF89314F18896DF49A8B361E771E845CBB2
                                            Function 00D22DE3 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 64COMMON
                                            Download Yara Rule
                                            APIs
                                            • GetOpenFileNameW.COMDLG32(?), ref: 00D62C8C
                                              • Part of subcall function 00D23AA2: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00D23A97,?,?,00D22E7F,?,?,?,00000000), ref: 00D23AC2
                                              • Part of subcall function 00D22DA5: GetLongPathNameW.KERNEL32(?,?,00007FFF), ref: 00D22DC4
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1670591504.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                            • Associated: 00000000.00000002.1670566303.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DBC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670670449.0000000000DEC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670683312.0000000000DF4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                            Similarity
                                            • API ID: Name$Path$FileFullLongOpen
                                            • String ID: X
                                            • API String ID: 779396738-3081909835
                                            • Opcode ID: e0c1d9a4c577a692ac3f2b43a886e781149e5ab2cd73bffb08a35d429961ca0f
                                            • Instruction ID: 54df668535332e7bd218da0f56b76018bbaed266981093a737e60c613273f1a8
                                            • Opcode Fuzzy Hash: e0c1d9a4c577a692ac3f2b43a886e781149e5ab2cd73bffb08a35d429961ca0f
                                            • Instruction Fuzzy Hash: 36219671A102989BCB01EF94D845BEE7BF8EF68318F004059F445F7341DBB896498BB1
                                            Function 00D23837 Relevance: 3.1, APIs: 2, Instructions: 77windowCOMMON
                                            Download Yara Rule
                                            APIs
                                            • Shell_NotifyIconW.SHELL32(00000000,?), ref: 00D23908
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1670591504.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                            • Associated: 00000000.00000002.1670566303.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DBC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670670449.0000000000DEC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670683312.0000000000DF4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                            Similarity
                                            • API ID: IconNotifyShell_
                                            • String ID:
                                            • API String ID: 1144537725-0
                                            • Opcode ID: d3c49f0c0ae0e2051214ec905ec27b901074f55fe9f49660e525ca02d601e37e
                                            • Instruction ID: 104400e6237dd94dcd09e916fb1e43dfa7a0841f2ffd39eecebcef720e2441ad
                                            • Opcode Fuzzy Hash: d3c49f0c0ae0e2051214ec905ec27b901074f55fe9f49660e525ca02d601e37e
                                            • Instruction Fuzzy Hash: C4315AB4604311DFD720DF65E8847A6BBE8FB59708F04092EF99987340E775AA44CB62
                                            Function 00D24ECB Relevance: 1.6, APIs: 1, Instructions: 65libraryCOMMON
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 00D24E90: LoadLibraryA.KERNEL32(kernel32.dll,?,?,00D24EDD,?,00DF1418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00D24E9C
                                              • Part of subcall function 00D24E90: GetProcAddress.KERNEL32(00000000,Wow64DisableWow64FsRedirection), ref: 00D24EAE
                                              • Part of subcall function 00D24E90: FreeLibrary.KERNEL32(00000000,?,?,00D24EDD,?,00DF1418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00D24EC0
                                            • LoadLibraryExW.KERNEL32(?,00000000,00000002,?,00DF1418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00D24EFD
                                              • Part of subcall function 00D24E59: LoadLibraryA.KERNEL32(kernel32.dll,?,?,00D63CDE,?,00DF1418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00D24E62
                                              • Part of subcall function 00D24E59: GetProcAddress.KERNEL32(00000000,Wow64RevertWow64FsRedirection), ref: 00D24E74
                                              • Part of subcall function 00D24E59: FreeLibrary.KERNEL32(00000000,?,?,00D63CDE,?,00DF1418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00D24E87
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1670591504.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                            • Associated: 00000000.00000002.1670566303.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DBC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670670449.0000000000DEC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670683312.0000000000DF4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                            Similarity
                                            • API ID: Library$Load$AddressFreeProc
                                            • String ID:
                                            • API String ID: 2632591731-0
                                            • Opcode ID: 0e5b3fcb4d993d24965c54306b5c7d2d5496c916624ab10648989d0a491b5d93
                                            • Instruction ID: 43d3e8b46aa352bd3ef75ca0f79fea8bb64ebc4e18b53d09bb7948b3f447e150
                                            • Opcode Fuzzy Hash: 0e5b3fcb4d993d24965c54306b5c7d2d5496c916624ab10648989d0a491b5d93
                                            • Instruction Fuzzy Hash: 1D11E731610315ABDF14EB64FD12FAD77A5EFA0714F10442DF942A61C1DE709E459B70
                                            Function 00D58402 Relevance: 1.6, APIs: 1, Instructions: 54COMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1670591504.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                            • Associated: 00000000.00000002.1670566303.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DBC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670670449.0000000000DEC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670683312.0000000000DF4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                            Similarity
                                            • API ID: __wsopen_s
                                            • String ID:
                                            • API String ID: 3347428461-0
                                            • Opcode ID: 0f6246dfaa43055c3ad549938d69b0640537a115b81fd03681a5cb34be106cf1
                                            • Instruction ID: 700927b0b3ab534a1e22daaaa99a0e2fac1f1bdd0e18dc3a95b060ab8fee5de7
                                            • Opcode Fuzzy Hash: 0f6246dfaa43055c3ad549938d69b0640537a115b81fd03681a5cb34be106cf1
                                            • Instruction Fuzzy Hash: E111487190420AAFCF05DF58E94099A7BF9EF48300F144059FC09AB312DA30DA15DBB4
                                            Function 00D55000 Relevance: 1.6, APIs: 1, Instructions: 52COMMONLIBRARYCODE
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 00D54C7D: RtlAllocateHeap.NTDLL(00000008,00D21129,00000000,?,00D52E29,00000001,00000364,?,?,?,00D4F2DE,00D53863,00DF1444,?,00D3FDF5,?), ref: 00D54CBE
                                            • _free.LIBCMT ref: 00D5506C
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1670591504.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                            • Associated: 00000000.00000002.1670566303.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DBC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670670449.0000000000DEC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670683312.0000000000DF4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                            Similarity
                                            • API ID: AllocateHeap_free
                                            • String ID:
                                            • API String ID: 614378929-0
                                            • Opcode ID: 9ba45ce058d1080761d5af908226540236078fd1fc19e2e0238d0ad147f07c6e
                                            • Instruction ID: adda1dad9f907025ecaf5d40e18cf62653390c3004d791456fa81d9ac3df8549
                                            • Opcode Fuzzy Hash: 9ba45ce058d1080761d5af908226540236078fd1fc19e2e0238d0ad147f07c6e
                                            • Instruction Fuzzy Hash: 94014E722047045BE7328F59D84195AFBECFB85371F25051DED94932C0EB30A809C774
                                            Function 00D4E602 Relevance: 1.5, APIs: 1, Instructions: 46COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1670591504.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                            • Associated: 00000000.00000002.1670566303.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DBC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670670449.0000000000DEC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670683312.0000000000DF4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: d6c69ec2a70ac845cc05b5f137181c3f07394ab8b33ef369e8c7ef627d5c9574
                                            • Instruction ID: e3ea8e11790266afc08b25e58954aaa6d3e0fa904797c4bc3d0e59197d55fa44
                                            • Opcode Fuzzy Hash: d6c69ec2a70ac845cc05b5f137181c3f07394ab8b33ef369e8c7ef627d5c9574
                                            • Instruction Fuzzy Hash: 6BF0F432511A10A7CB313B799C05B5A339DEF52336F190B15FC25A22D2CB74D80A8AB5
                                            Function 00D54C7D Relevance: 1.5, APIs: 1, Instructions: 39memoryCOMMONLIBRARYCODE
                                            Download Yara Rule
                                            APIs
                                            • RtlAllocateHeap.NTDLL(00000008,00D21129,00000000,?,00D52E29,00000001,00000364,?,?,?,00D4F2DE,00D53863,00DF1444,?,00D3FDF5,?), ref: 00D54CBE
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1670591504.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                            • Associated: 00000000.00000002.1670566303.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DBC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670670449.0000000000DEC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670683312.0000000000DF4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                            Similarity
                                            • API ID: AllocateHeap
                                            • String ID:
                                            • API String ID: 1279760036-0
                                            • Opcode ID: c866eca3255f28454ce7c4cb225e5eab2ebc45671ad588aefb65897b05d5e276
                                            • Instruction ID: fe9343fcc79a1e5b86278f8fb60947a073d3fbb146bc5bba459032b3ecbb2f20
                                            • Opcode Fuzzy Hash: c866eca3255f28454ce7c4cb225e5eab2ebc45671ad588aefb65897b05d5e276
                                            • Instruction Fuzzy Hash: D1F0B431613224A7DF215F669D05B7A3788BFD17AAB184121BC15E6294CE70D88886F2
                                            Function 00D53820 Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMONLIBRARYCODE
                                            Download Yara Rule
                                            APIs
                                            • RtlAllocateHeap.NTDLL(00000000,?,00DF1444,?,00D3FDF5,?,?,00D2A976,00000010,00DF1440,00D213FC,?,00D213C6,?,00D21129), ref: 00D53852
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1670591504.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                            • Associated: 00000000.00000002.1670566303.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DBC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670670449.0000000000DEC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670683312.0000000000DF4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                            Similarity
                                            • API ID: AllocateHeap
                                            • String ID:
                                            • API String ID: 1279760036-0
                                            • Opcode ID: 31a9f8408da0e6bc44e6cca9683b57e9fa304ef94f93e9c565c415582519b875
                                            • Instruction ID: ccdff5cf95c7fddc2c9fe423c56448a2f7170e83372702603f9f0d40eb6be08f
                                            • Opcode Fuzzy Hash: 31a9f8408da0e6bc44e6cca9683b57e9fa304ef94f93e9c565c415582519b875
                                            • Instruction Fuzzy Hash: 0BE0E531101324A7DE3926669C00B9A3E48EF427F2F0D0121BC54E3590CB51DD0581F0
                                            Function 00D24F39 Relevance: 1.5, APIs: 1, Instructions: 28COMMON
                                            Download Yara Rule
                                            APIs
                                            • FreeLibrary.KERNEL32(?,?,00DF1418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00D24F6D
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1670591504.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                            • Associated: 00000000.00000002.1670566303.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DBC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670670449.0000000000DEC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670683312.0000000000DF4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                            Similarity
                                            • API ID: FreeLibrary
                                            • String ID:
                                            • API String ID: 3664257935-0
                                            • Opcode ID: 3b50bd54418f0d7d1f05dab711595c1897956be0e4bff22d59c7d2c64cdb82fd
                                            • Instruction ID: c123ef1a854a8075c2ef54917ba2b6572a05a3593e7fd7516d9547bea730203a
                                            • Opcode Fuzzy Hash: 3b50bd54418f0d7d1f05dab711595c1897956be0e4bff22d59c7d2c64cdb82fd
                                            • Instruction Fuzzy Hash: E0F03071109761CFDB349F64E590812B7E4FF6432D314897EE9EA82611C7319844DF30
                                            Function 00D230F2 Relevance: 1.5, APIs: 1, Instructions: 24windowCOMMON
                                            Download Yara Rule
                                            APIs
                                            • Shell_NotifyIconW.SHELL32(00000002,?), ref: 00D2314E
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1670591504.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                            • Associated: 00000000.00000002.1670566303.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DBC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670670449.0000000000DEC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670683312.0000000000DF4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                            Similarity
                                            • API ID: IconNotifyShell_
                                            • String ID:
                                            • API String ID: 1144537725-0
                                            • Opcode ID: 51246f05efd29b8eaf12e6f808346959e18893f519bfe6ed965fc2c3e412a93d
                                            • Instruction ID: 0d8990da26b134b4d810c321f60d6fa64c8f7c3cfd3c2e3ae3fba86113c9f0d3
                                            • Opcode Fuzzy Hash: 51246f05efd29b8eaf12e6f808346959e18893f519bfe6ed965fc2c3e412a93d
                                            • Instruction Fuzzy Hash: 65F0A770910318DFE7529F24DC4ABE57BFCA70170CF0040E9A188E6282D7745B88CF61
                                            Function 00D22DA5 Relevance: 1.5, APIs: 1, Instructions: 23COMMON
                                            Download Yara Rule
                                            APIs
                                            • GetLongPathNameW.KERNEL32(?,?,00007FFF), ref: 00D22DC4
                                              • Part of subcall function 00D26B57: _wcslen.LIBCMT ref: 00D26B6A
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1670591504.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                            • Associated: 00000000.00000002.1670566303.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DBC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670670449.0000000000DEC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670683312.0000000000DF4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                            Similarity
                                            • API ID: LongNamePath_wcslen
                                            • String ID:
                                            • API String ID: 541455249-0
                                            • Opcode ID: e676c98ae5825924af02a3c6a1f18bc78b634fcf822374090e5ddb16439a9968
                                            • Instruction ID: 196c4ddb8c3660c0bd9b12ea9e825c6f96be70cf07c3c676d2b702f814f07f7d
                                            • Opcode Fuzzy Hash: e676c98ae5825924af02a3c6a1f18bc78b634fcf822374090e5ddb16439a9968
                                            • Instruction Fuzzy Hash: 40E0CD766042245BC72092589C05FDA77DDDFC8794F040175FD09D7348D960ED808570
                                            Function 00D22B3D Relevance: 1.5, APIs: 1, Instructions: 22COMMON
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 00D23837: Shell_NotifyIconW.SHELL32(00000000,?), ref: 00D23908
                                              • Part of subcall function 00D2D730: GetInputState.USER32 ref: 00D2D807
                                            • SetCurrentDirectoryW.KERNEL32(?), ref: 00D22B6B
                                              • Part of subcall function 00D230F2: Shell_NotifyIconW.SHELL32(00000002,?), ref: 00D2314E
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1670591504.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                            • Associated: 00000000.00000002.1670566303.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DBC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670670449.0000000000DEC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670683312.0000000000DF4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                            Similarity
                                            • API ID: IconNotifyShell_$CurrentDirectoryInputState
                                            • String ID:
                                            • API String ID: 3667716007-0
                                            • Opcode ID: 3891937f4cd36644b26c3a789168c54bc4b7bf830aca1d4fbefc6a1a0402f036
                                            • Instruction ID: c3f5012b4b4ef94ac2b3dffd31ee7c97c36db1e5442485d472f7d3c84198d34c
                                            • Opcode Fuzzy Hash: 3891937f4cd36644b26c3a789168c54bc4b7bf830aca1d4fbefc6a1a0402f036
                                            • Instruction Fuzzy Hash: 42E0262130022842C608BB34B81247DF349DBF1319F44153EF14283362CE2845458271
                                            Function 00D6039A Relevance: 1.5, APIs: 1, Instructions: 15fileCOMMONLIBRARYCODE
                                            Download Yara Rule
                                            APIs
                                            • CreateFileW.KERNEL32(00000000,00000000,?,00D60704,?,?,00000000,?,00D60704,00000000,0000000C), ref: 00D603B7
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1670591504.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                            • Associated: 00000000.00000002.1670566303.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DBC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670670449.0000000000DEC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670683312.0000000000DF4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                            Similarity
                                            • API ID: CreateFile
                                            • String ID:
                                            • API String ID: 823142352-0
                                            • Opcode ID: 6ad07be47ccc85851f02fd7bb210b048a7c995c47aaac86147c0f26892d140ca
                                            • Instruction ID: e73c1d3ef541a3383cdbf8f23079baf1c81b73174ba026bd7a1ba1411f103bd4
                                            • Opcode Fuzzy Hash: 6ad07be47ccc85851f02fd7bb210b048a7c995c47aaac86147c0f26892d140ca
                                            • Instruction Fuzzy Hash: 58D06C3205020DFBDF028F85DD06EDA3BAAFB48754F014100BE18A6120C732E821AB90
                                            Function 00D21CAD Relevance: 1.5, APIs: 1, Instructions: 8COMMON
                                            Download Yara Rule
                                            APIs
                                            • SystemParametersInfoW.USER32(00002001,00000000,00000002), ref: 00D21CBC
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1670591504.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                            • Associated: 00000000.00000002.1670566303.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DBC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670670449.0000000000DEC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670683312.0000000000DF4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                            Similarity
                                            • API ID: InfoParametersSystem
                                            • String ID:
                                            • API String ID: 3098949447-0
                                            • Opcode ID: e8dcc6f416df88d75668725c6e229d1df96563d4836c0b4ec1820d2e5fca5e9c
                                            • Instruction ID: b9846e19d274501bc47e96ab4b50a329602a91b1589bbce6323499df02461868
                                            • Opcode Fuzzy Hash: e8dcc6f416df88d75668725c6e229d1df96563d4836c0b4ec1820d2e5fca5e9c
                                            • Instruction Fuzzy Hash: 74C0923A280305EFF2248B80BC4AF3077A4B348B04F04C001F609E9BE3C3A22820EA70

                                            Non-executed Functions

                                            Function 00DB9576 Relevance: 72.4, APIs: 39, Strings: 2, Instructions: 625windowkeyboardCOMMON
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 00D39BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00D39BB2
                                            • DefDlgProcW.USER32(?,0000004E,?,?,?,?,?,?), ref: 00DB961A
                                            • SendMessageW.USER32(?,0000130B,00000000,00000000), ref: 00DB965B
                                            • GetWindowLongW.USER32(FFFFFDD9,000000F0), ref: 00DB969F
                                            • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 00DB96C9
                                            • SendMessageW.USER32 ref: 00DB96F2
                                            • GetKeyState.USER32(00000011), ref: 00DB978B
                                            • GetKeyState.USER32(00000009), ref: 00DB9798
                                            • SendMessageW.USER32(?,0000130B,00000000,00000000), ref: 00DB97AE
                                            • GetKeyState.USER32(00000010), ref: 00DB97B8
                                            • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 00DB97E9
                                            • SendMessageW.USER32 ref: 00DB9810
                                            • SendMessageW.USER32(?,00001030,?,00DB7E95), ref: 00DB9918
                                            • ImageList_SetDragCursorImage.COMCTL32(00000000,00000000,00000000,?,?,?), ref: 00DB992E
                                            • ImageList_BeginDrag.COMCTL32(00000000,000000F8,000000F0), ref: 00DB9941
                                            • SetCapture.USER32(?), ref: 00DB994A
                                            • ClientToScreen.USER32(?,?), ref: 00DB99AF
                                            • ImageList_DragEnter.COMCTL32(00000000,?,?), ref: 00DB99BC
                                            • InvalidateRect.USER32(?,00000000,00000001,?,?,?), ref: 00DB99D6
                                            • ReleaseCapture.USER32 ref: 00DB99E1
                                            • GetCursorPos.USER32(?), ref: 00DB9A19
                                            • ScreenToClient.USER32(?,?), ref: 00DB9A26
                                            • SendMessageW.USER32(?,00001012,00000000,?), ref: 00DB9A80
                                            • SendMessageW.USER32 ref: 00DB9AAE
                                            • SendMessageW.USER32(?,00001111,00000000,?), ref: 00DB9AEB
                                            • SendMessageW.USER32 ref: 00DB9B1A
                                            • SendMessageW.USER32(?,0000110B,00000009,00000000), ref: 00DB9B3B
                                            • SendMessageW.USER32(?,0000110B,00000009,?), ref: 00DB9B4A
                                            • GetCursorPos.USER32(?), ref: 00DB9B68
                                            • ScreenToClient.USER32(?,?), ref: 00DB9B75
                                            • GetParent.USER32(?), ref: 00DB9B93
                                            • SendMessageW.USER32(?,00001012,00000000,?), ref: 00DB9BFA
                                            • SendMessageW.USER32 ref: 00DB9C2B
                                            • ClientToScreen.USER32(?,?), ref: 00DB9C84
                                            • TrackPopupMenuEx.USER32(?,00000000,?,?,?,00000000), ref: 00DB9CB4
                                            • SendMessageW.USER32(?,00001111,00000000,?), ref: 00DB9CDE
                                            • SendMessageW.USER32 ref: 00DB9D01
                                            • ClientToScreen.USER32(?,?), ref: 00DB9D4E
                                            • TrackPopupMenuEx.USER32(?,00000080,?,?,?,00000000), ref: 00DB9D82
                                              • Part of subcall function 00D39944: GetWindowLongW.USER32(?,000000EB), ref: 00D39952
                                            • GetWindowLongW.USER32(?,000000F0), ref: 00DB9E05
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1670591504.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                            • Associated: 00000000.00000002.1670566303.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DBC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670670449.0000000000DEC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670683312.0000000000DF4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                            Similarity
                                            • API ID: MessageSend$ClientScreen$ImageLongWindow$CursorDragList_State$CaptureMenuPopupTrack$BeginEnterInvalidateParentProcRectRelease
                                            • String ID: @GUI_DRAGID$F
                                            • API String ID: 3429851547-4164748364
                                            • Opcode ID: 7e64417ce282e40aeaa88d1c887bd15b41be122372dccde2f3773ea104b9584a
                                            • Instruction ID: 45e8a345ecb847fa63ed68017853b8d97a4044c1579708055289718be8ddb8a3
                                            • Opcode Fuzzy Hash: 7e64417ce282e40aeaa88d1c887bd15b41be122372dccde2f3773ea104b9584a
                                            • Instruction Fuzzy Hash: 66425934604391EFDB24CF24C864EAABBE5FF49310F185619F69A872A1D771E850CFA1
                                            Function 00DB4873 Relevance: 60.1, APIs: 33, Strings: 1, Instructions: 566windowCOMMON
                                            Download Yara Rule
                                            APIs
                                            • SendMessageW.USER32(00000000,00000408,00000000,00000000), ref: 00DB48F3
                                            • SendMessageW.USER32(00000000,00000188,00000000,00000000), ref: 00DB4908
                                            • SendMessageW.USER32(00000000,0000018A,00000000,00000000), ref: 00DB4927
                                            • SendMessageW.USER32(?,00000148,00000000,00000000), ref: 00DB494B
                                            • SendMessageW.USER32(00000000,00000147,00000000,00000000), ref: 00DB495C
                                            • SendMessageW.USER32(00000000,00000149,00000000,00000000), ref: 00DB497B
                                            • SendMessageW.USER32(00000000,0000130B,00000000,00000000), ref: 00DB49AE
                                            • SendMessageW.USER32(00000000,0000133C,00000000,?), ref: 00DB49D4
                                            • SendMessageW.USER32(00000000,0000110A,00000009,00000000), ref: 00DB4A0F
                                            • SendMessageW.USER32(00000000,0000113E,00000000,00000004), ref: 00DB4A56
                                            • SendMessageW.USER32(00000000,0000113E,00000000,00000004), ref: 00DB4A7E
                                            • IsMenu.USER32(?), ref: 00DB4A97
                                            • GetMenuItemInfoW.USER32(?,?,00000000,?), ref: 00DB4AF2
                                            • GetMenuItemInfoW.USER32(?,?,00000000,?), ref: 00DB4B20
                                            • GetWindowLongW.USER32(?,000000F0), ref: 00DB4B94
                                            • SendMessageW.USER32(?,0000113E,00000000,00000008), ref: 00DB4BE3
                                            • SendMessageW.USER32(00000000,00001001,00000000,?), ref: 00DB4C82
                                            • wsprintfW.USER32 ref: 00DB4CAE
                                            • SendMessageW.USER32(00000000,0000000E,00000000,00000000), ref: 00DB4CC9
                                            • GetWindowTextW.USER32(?,00000000,00000001), ref: 00DB4CF1
                                            • SendMessageW.USER32(00000000,000000F0,00000000,00000000), ref: 00DB4D13
                                            • SendMessageW.USER32(00000000,0000000E,00000000,00000000), ref: 00DB4D33
                                            • GetWindowTextW.USER32(?,00000000,00000001), ref: 00DB4D5A
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1670591504.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                            • Associated: 00000000.00000002.1670566303.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DBC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670670449.0000000000DEC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670683312.0000000000DF4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                            Similarity
                                            • API ID: MessageSend$MenuWindow$InfoItemText$Longwsprintf
                                            • String ID: %d/%02d/%02d
                                            • API String ID: 4054740463-328681919
                                            • Opcode ID: d0f42d83f08af79e28ff146a7e4cf0222b9905ddd560e52c19805a5f715a8425
                                            • Instruction ID: 07b95034a68dac17aa3b52e4efd50a262eb31b359f5e7fdf050c2a057e8112dc
                                            • Opcode Fuzzy Hash: d0f42d83f08af79e28ff146a7e4cf0222b9905ddd560e52c19805a5f715a8425
                                            • Instruction Fuzzy Hash: FD129C71600218EBEB258F24CC49FEE7BA8EF49714F144229F556EB2A2DB74D941CB70
                                            Function 00D3F98E Relevance: 43.9, APIs: 24, Strings: 1, Instructions: 130keyboardthreadwindowCOMMON
                                            Download Yara Rule
                                            APIs
                                            • GetForegroundWindow.USER32(00000000,00000000,00000000), ref: 00D3F998
                                            • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 00D7F474
                                            • IsIconic.USER32(00000000), ref: 00D7F47D
                                            • ShowWindow.USER32(00000000,00000009), ref: 00D7F48A
                                            • SetForegroundWindow.USER32(00000000), ref: 00D7F494
                                            • GetWindowThreadProcessId.USER32(00000000,00000000), ref: 00D7F4AA
                                            • GetCurrentThreadId.KERNEL32 ref: 00D7F4B1
                                            • GetWindowThreadProcessId.USER32(00000000,00000000), ref: 00D7F4BD
                                            • AttachThreadInput.USER32(?,00000000,00000001), ref: 00D7F4CE
                                            • AttachThreadInput.USER32(?,00000000,00000001), ref: 00D7F4D6
                                            • AttachThreadInput.USER32(00000000,000000FF,00000001), ref: 00D7F4DE
                                            • SetForegroundWindow.USER32(00000000), ref: 00D7F4E1
                                            • MapVirtualKeyW.USER32(00000012,00000000), ref: 00D7F4F6
                                            • keybd_event.USER32(00000012,00000000), ref: 00D7F501
                                            • MapVirtualKeyW.USER32(00000012,00000000), ref: 00D7F50B
                                            • keybd_event.USER32(00000012,00000000), ref: 00D7F510
                                            • MapVirtualKeyW.USER32(00000012,00000000), ref: 00D7F519
                                            • keybd_event.USER32(00000012,00000000), ref: 00D7F51E
                                            • MapVirtualKeyW.USER32(00000012,00000000), ref: 00D7F528
                                            • keybd_event.USER32(00000012,00000000), ref: 00D7F52D
                                            • SetForegroundWindow.USER32(00000000), ref: 00D7F530
                                            • AttachThreadInput.USER32(?,000000FF,00000000), ref: 00D7F557
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1670591504.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                            • Associated: 00000000.00000002.1670566303.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DBC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670670449.0000000000DEC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670683312.0000000000DF4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                            Similarity
                                            • API ID: Window$Thread$AttachForegroundInputVirtualkeybd_event$Process$CurrentFindIconicShow
                                            • String ID: Shell_TrayWnd
                                            • API String ID: 4125248594-2988720461
                                            • Opcode ID: 9735a783ac89065d289d16bc16d8a8a887af9b9aef87c3082d7f0837f492a821
                                            • Instruction ID: 144009dd40fff375bc6f69ad0f3efab53cee5d653cf09a1a278983ecb4802ee0
                                            • Opcode Fuzzy Hash: 9735a783ac89065d289d16bc16d8a8a887af9b9aef87c3082d7f0837f492a821
                                            • Instruction Fuzzy Hash: B0316E71A50318FBEB306BB58C4AFBF7E6CFB44B50F145126FA04E62D1D6B09900AA70
                                            Function 00D81201 Relevance: 38.7, APIs: 19, Strings: 3, Instructions: 241COMMON
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 00D816C3: LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 00D8170D
                                              • Part of subcall function 00D816C3: AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 00D8173A
                                              • Part of subcall function 00D816C3: GetLastError.KERNEL32 ref: 00D8174A
                                            • LogonUserW.ADVAPI32(?,?,?,00000000,00000000,?), ref: 00D81286
                                            • DuplicateTokenEx.ADVAPI32(?,00000000,00000000,00000002,00000001,?), ref: 00D812A8
                                            • CloseHandle.KERNEL32(?), ref: 00D812B9
                                            • OpenWindowStationW.USER32(winsta0,00000000,00060000), ref: 00D812D1
                                            • GetProcessWindowStation.USER32 ref: 00D812EA
                                            • SetProcessWindowStation.USER32(00000000), ref: 00D812F4
                                            • OpenDesktopW.USER32(default,00000000,00000000,00060081), ref: 00D81310
                                              • Part of subcall function 00D810BF: AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000,?,00D811FC), ref: 00D810D4
                                              • Part of subcall function 00D810BF: CloseHandle.KERNEL32(?,?,00D811FC), ref: 00D810E9
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1670591504.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                            • Associated: 00000000.00000002.1670566303.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DBC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670670449.0000000000DEC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670683312.0000000000DF4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                            Similarity
                                            • API ID: StationTokenWindow$AdjustCloseHandleOpenPrivilegesProcess$DesktopDuplicateErrorLastLogonLookupPrivilegeUserValue
                                            • String ID: $default$winsta0
                                            • API String ID: 22674027-1027155976
                                            • Opcode ID: e3a71be9d45773e847e3130308698f92fd2d48585817f5687ba2876ba9ec73e4
                                            • Instruction ID: 18dd2d49290d7acbd9850236cea94b663e0047299aa68c976099d68287e0c482
                                            • Opcode Fuzzy Hash: e3a71be9d45773e847e3130308698f92fd2d48585817f5687ba2876ba9ec73e4
                                            • Instruction Fuzzy Hash: 13814875900209EBDF21AFA8DC49FAE7BBDEF04704F184129F911E62A0D771994ACB70
                                            Function 00D80B62 Relevance: 31.7, APIs: 21, Instructions: 202memoryCOMMON
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 00D810F9: GetUserObjectSecurity.USER32(?,00000004,?,00000000,?), ref: 00D81114
                                              • Part of subcall function 00D810F9: GetLastError.KERNEL32(?,00000000,00000000,?,?,00D80B9B,?,?,?), ref: 00D81120
                                              • Part of subcall function 00D810F9: GetProcessHeap.KERNEL32(00000008,?,?,00000000,00000000,?,?,00D80B9B,?,?,?), ref: 00D8112F
                                              • Part of subcall function 00D810F9: HeapAlloc.KERNEL32(00000000,?,00000000,00000000,?,?,00D80B9B,?,?,?), ref: 00D81136
                                              • Part of subcall function 00D810F9: GetUserObjectSecurity.USER32(?,00000004,00000000,?,?), ref: 00D8114D
                                            • GetSecurityDescriptorDacl.ADVAPI32(?,?,?,?), ref: 00D80BCC
                                            • GetAclInformation.ADVAPI32(?,?,0000000C,00000002), ref: 00D80C00
                                            • GetLengthSid.ADVAPI32(?), ref: 00D80C17
                                            • GetAce.ADVAPI32(?,00000000,?), ref: 00D80C51
                                            • AddAce.ADVAPI32(?,00000002,000000FF,?,?), ref: 00D80C6D
                                            • GetLengthSid.ADVAPI32(?), ref: 00D80C84
                                            • GetProcessHeap.KERNEL32(00000008,00000008), ref: 00D80C8C
                                            • HeapAlloc.KERNEL32(00000000), ref: 00D80C93
                                            • GetLengthSid.ADVAPI32(?,00000008,?), ref: 00D80CB4
                                            • CopySid.ADVAPI32(00000000), ref: 00D80CBB
                                            • AddAce.ADVAPI32(?,00000002,000000FF,00000000,?), ref: 00D80CEA
                                            • SetSecurityDescriptorDacl.ADVAPI32(?,00000001,?,00000000), ref: 00D80D0C
                                            • SetUserObjectSecurity.USER32(?,00000004,?), ref: 00D80D1E
                                            • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00D80D45
                                            • HeapFree.KERNEL32(00000000), ref: 00D80D4C
                                            • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00D80D55
                                            • HeapFree.KERNEL32(00000000), ref: 00D80D5C
                                            • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00D80D65
                                            • HeapFree.KERNEL32(00000000), ref: 00D80D6C
                                            • GetProcessHeap.KERNEL32(00000000,?), ref: 00D80D78
                                            • HeapFree.KERNEL32(00000000), ref: 00D80D7F
                                              • Part of subcall function 00D81193: GetProcessHeap.KERNEL32(00000008,00D80BB1,?,00000000,?,00D80BB1,?), ref: 00D811A1
                                              • Part of subcall function 00D81193: HeapAlloc.KERNEL32(00000000,?,00000000,?,00D80BB1,?), ref: 00D811A8
                                              • Part of subcall function 00D81193: InitializeSecurityDescriptor.ADVAPI32(00000000,00000001,?,00000000,?,00D80BB1,?), ref: 00D811B7
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1670591504.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                            • Associated: 00000000.00000002.1670566303.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DBC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670670449.0000000000DEC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670683312.0000000000DF4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                            Similarity
                                            • API ID: Heap$Process$Security$Free$AllocDescriptorLengthObjectUser$Dacl$CopyErrorInformationInitializeLast
                                            • String ID:
                                            • API String ID: 4175595110-0
                                            • Opcode ID: ff8a9f4e6619334a42c627846ec6dec50fe9187c0241a4d871ecb36fe4880eee
                                            • Instruction ID: f3a8c43ef291e5721113f68bc5b4831208780b0d0309392a8f1a8dc21dde9f94
                                            • Opcode Fuzzy Hash: ff8a9f4e6619334a42c627846ec6dec50fe9187c0241a4d871ecb36fe4880eee
                                            • Instruction Fuzzy Hash: 99714976A0020AEFDF50AFA4DC48BEEBBBCBF04740F084615E914E6291D771A909CB70
                                            Function 00D9EAFF Relevance: 30.2, APIs: 20, Instructions: 191clipboardfileCOMMON
                                            Download Yara Rule
                                            APIs
                                            • OpenClipboard.USER32(00DBCC08), ref: 00D9EB29
                                            • IsClipboardFormatAvailable.USER32(0000000D), ref: 00D9EB37
                                            • GetClipboardData.USER32(0000000D), ref: 00D9EB43
                                            • CloseClipboard.USER32 ref: 00D9EB4F
                                            • GlobalLock.KERNEL32(00000000), ref: 00D9EB87
                                            • CloseClipboard.USER32 ref: 00D9EB91
                                            • GlobalUnlock.KERNEL32(00000000,00000000), ref: 00D9EBBC
                                            • IsClipboardFormatAvailable.USER32(00000001), ref: 00D9EBC9
                                            • GetClipboardData.USER32(00000001), ref: 00D9EBD1
                                            • GlobalLock.KERNEL32(00000000), ref: 00D9EBE2
                                            • GlobalUnlock.KERNEL32(00000000,?), ref: 00D9EC22
                                            • IsClipboardFormatAvailable.USER32(0000000F), ref: 00D9EC38
                                            • GetClipboardData.USER32(0000000F), ref: 00D9EC44
                                            • GlobalLock.KERNEL32(00000000), ref: 00D9EC55
                                            • DragQueryFileW.SHELL32(00000000,000000FF,00000000,00000000), ref: 00D9EC77
                                            • DragQueryFileW.SHELL32(00000000,?,?,00000104), ref: 00D9EC94
                                            • DragQueryFileW.SHELL32(00000000,?,?,00000104), ref: 00D9ECD2
                                            • GlobalUnlock.KERNEL32(00000000,?,?), ref: 00D9ECF3
                                            • CountClipboardFormats.USER32 ref: 00D9ED14
                                            • CloseClipboard.USER32 ref: 00D9ED59
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1670591504.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                            • Associated: 00000000.00000002.1670566303.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DBC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670670449.0000000000DEC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670683312.0000000000DF4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                            Similarity
                                            • API ID: Clipboard$Global$AvailableCloseDataDragFileFormatLockQueryUnlock$CountFormatsOpen
                                            • String ID:
                                            • API String ID: 420908878-0
                                            • Opcode ID: 1335d2e910d2ffc70607a660961fd1bc27d97cde7c2ba7a179d3d126852a1dcf
                                            • Instruction ID: 39b4c482d1e475f6839ae45d23869747c42884fc1312bedac0f86c96a9e1b465
                                            • Opcode Fuzzy Hash: 1335d2e910d2ffc70607a660961fd1bc27d97cde7c2ba7a179d3d126852a1dcf
                                            • Instruction Fuzzy Hash: D4618634204302EFD700EF64D899F6AB7A4FB84718F485619F496D72A2DB71E905CBB2
                                            Function 00D9698F Relevance: 21.4, APIs: 7, Strings: 5, Instructions: 363timefileCOMMON
                                            Download Yara Rule
                                            APIs
                                            • FindFirstFileW.KERNEL32(?,?), ref: 00D969BE
                                            • FindClose.KERNEL32(00000000), ref: 00D96A12
                                            • FileTimeToLocalFileTime.KERNEL32(?,?), ref: 00D96A4E
                                            • FileTimeToLocalFileTime.KERNEL32(?,?), ref: 00D96A75
                                              • Part of subcall function 00D29CB3: _wcslen.LIBCMT ref: 00D29CBD
                                            • FileTimeToSystemTime.KERNEL32(?,?), ref: 00D96AB2
                                            • FileTimeToSystemTime.KERNEL32(?,?), ref: 00D96ADF
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1670591504.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                            • Associated: 00000000.00000002.1670566303.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DBC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670670449.0000000000DEC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670683312.0000000000DF4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                            Similarity
                                            • API ID: Time$File$FindLocalSystem$CloseFirst_wcslen
                                            • String ID: %02d$%03d$%4d$%4d%02d%02d%02d%02d%02d$%4d%02d%02d%02d%02d%02d%03d
                                            • API String ID: 3830820486-3289030164
                                            • Opcode ID: be5248bb589b46ebe87d8f84e0b89f90f0704f1c52f6adce68d314c48754c388
                                            • Instruction ID: d1f073011a1c1bf8567c5e4e37b0d606ae70ef76887fc80627e74a29e4606018
                                            • Opcode Fuzzy Hash: be5248bb589b46ebe87d8f84e0b89f90f0704f1c52f6adce68d314c48754c388
                                            • Instruction Fuzzy Hash: BED15CB2508314AEC710EBA4D991EABB7ECFF98708F44491DF585C6191EB74DA08CB72
                                            Function 00D99642 Relevance: 21.1, APIs: 11, Strings: 1, Instructions: 118fileCOMMON
                                            Download Yara Rule
                                            APIs
                                            • FindFirstFileW.KERNEL32(?,?,74DE8FB0,?,00000000), ref: 00D99663
                                            • GetFileAttributesW.KERNEL32(?), ref: 00D996A1
                                            • SetFileAttributesW.KERNEL32(?,?), ref: 00D996BB
                                            • FindNextFileW.KERNEL32(00000000,?), ref: 00D996D3
                                            • FindClose.KERNEL32(00000000), ref: 00D996DE
                                            • FindFirstFileW.KERNEL32(*.*,?), ref: 00D996FA
                                            • SetCurrentDirectoryW.KERNEL32(?), ref: 00D9974A
                                            • SetCurrentDirectoryW.KERNEL32(00DE6B7C), ref: 00D99768
                                            • FindNextFileW.KERNEL32(00000000,00000010), ref: 00D99772
                                            • FindClose.KERNEL32(00000000), ref: 00D9977F
                                            • FindClose.KERNEL32(00000000), ref: 00D9978F
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1670591504.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                            • Associated: 00000000.00000002.1670566303.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DBC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670670449.0000000000DEC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670683312.0000000000DF4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                            Similarity
                                            • API ID: Find$File$Close$AttributesCurrentDirectoryFirstNext
                                            • String ID: *.*
                                            • API String ID: 1409584000-438819550
                                            • Opcode ID: df5fccf264f8e628fc72195e82493322d740cdfdbcbf7826737e4ba8af42ab30
                                            • Instruction ID: 96c68575e2b4e1b3f33aa79085331c23bad57983c4b9fa2c912120430ed47b7d
                                            • Opcode Fuzzy Hash: df5fccf264f8e628fc72195e82493322d740cdfdbcbf7826737e4ba8af42ab30
                                            • Instruction Fuzzy Hash: 4331D532500219AFDF14EFF9EC58ADEB7ACAF49321F18425AF805E2190DB70DD448A34
                                            Function 00D9979D Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 111fileCOMMON
                                            Download Yara Rule
                                            APIs
                                            • FindFirstFileW.KERNEL32(?,?,74DE8FB0,?,00000000), ref: 00D997BE
                                            • FindNextFileW.KERNEL32(00000000,?), ref: 00D99819
                                            • FindClose.KERNEL32(00000000), ref: 00D99824
                                            • FindFirstFileW.KERNEL32(*.*,?), ref: 00D99840
                                            • SetCurrentDirectoryW.KERNEL32(?), ref: 00D99890
                                            • SetCurrentDirectoryW.KERNEL32(00DE6B7C), ref: 00D998AE
                                            • FindNextFileW.KERNEL32(00000000,00000010), ref: 00D998B8
                                            • FindClose.KERNEL32(00000000), ref: 00D998C5
                                            • FindClose.KERNEL32(00000000), ref: 00D998D5
                                              • Part of subcall function 00D8DAE5: CreateFileW.KERNEL32(?,40000000,00000001,00000000,00000003,02000080,00000000), ref: 00D8DB00
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1670591504.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                            • Associated: 00000000.00000002.1670566303.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DBC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670670449.0000000000DEC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670683312.0000000000DF4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                            Similarity
                                            • API ID: Find$File$Close$CurrentDirectoryFirstNext$Create
                                            • String ID: *.*
                                            • API String ID: 2640511053-438819550
                                            • Opcode ID: ba22a048a7bbe140633f4b68e8b261ba97fd077c23313a46b2964e16a21d181b
                                            • Instruction ID: 5a15f5469bdad43c5e973c436bf0df772ec676a7b561cfd70001bc14bdfc32e9
                                            • Opcode Fuzzy Hash: ba22a048a7bbe140633f4b68e8b261ba97fd077c23313a46b2964e16a21d181b
                                            • Instruction Fuzzy Hash: 3A31B431500619AFDF10EFB9EC58ADEB7ACEF06320F18425EE854E2191DB71D985CA74
                                            Function 00DABE44 Relevance: 17.0, APIs: 11, Instructions: 456registryCOMMON
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 00DAC998: CharUpperBuffW.USER32(?,?,?,?,?,?,?,00DAB6AE,?,?), ref: 00DAC9B5
                                              • Part of subcall function 00DAC998: _wcslen.LIBCMT ref: 00DAC9F1
                                              • Part of subcall function 00DAC998: _wcslen.LIBCMT ref: 00DACA68
                                              • Part of subcall function 00DAC998: _wcslen.LIBCMT ref: 00DACA9E
                                            • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 00DABF3E
                                            • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?,?,?), ref: 00DABFA9
                                            • RegCloseKey.ADVAPI32(00000000), ref: 00DABFCD
                                            • RegQueryValueExW.ADVAPI32(?,?,00000000,?,00000000,?), ref: 00DAC02C
                                            • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,00000008), ref: 00DAC0E7
                                            • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,?,?,00000000), ref: 00DAC154
                                            • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,?,?,00000000), ref: 00DAC1E9
                                            • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,00000000,?,?,?,00000000), ref: 00DAC23A
                                            • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,?,?,00000000), ref: 00DAC2E3
                                            • RegCloseKey.ADVAPI32(?,?,00000000), ref: 00DAC382
                                            • RegCloseKey.ADVAPI32(00000000), ref: 00DAC38F
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1670591504.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                            • Associated: 00000000.00000002.1670566303.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DBC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670670449.0000000000DEC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670683312.0000000000DF4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                            Similarity
                                            • API ID: QueryValue$Close_wcslen$BuffCharConnectOpenRegistryUpper
                                            • String ID:
                                            • API String ID: 3102970594-0
                                            • Opcode ID: 6cc6d133330c04285288989601b557ab17b1550da2a25f05d61f52a0e69c5037
                                            • Instruction ID: 81d0df3dd820575f98ac2223a6bb467c2993885f3b2d688c159677f05fdf0426
                                            • Opcode Fuzzy Hash: 6cc6d133330c04285288989601b557ab17b1550da2a25f05d61f52a0e69c5037
                                            • Instruction Fuzzy Hash: D3023C71614200DFD714DF28C895E2ABBE5EF89318F18849DF84ADB2A2D731ED46CB61
                                            Function 00D98195 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 186timeCOMMON
                                            Download Yara Rule
                                            APIs
                                            • GetLocalTime.KERNEL32(?), ref: 00D98257
                                            • SystemTimeToFileTime.KERNEL32(?,?), ref: 00D98267
                                            • LocalFileTimeToFileTime.KERNEL32(?,?), ref: 00D98273
                                            • GetCurrentDirectoryW.KERNEL32(00007FFF,?), ref: 00D98310
                                            • SetCurrentDirectoryW.KERNEL32(?), ref: 00D98324
                                            • SetCurrentDirectoryW.KERNEL32(?), ref: 00D98356
                                            • SetCurrentDirectoryW.KERNEL32(?,?,?,?,?), ref: 00D9838C
                                            • SetCurrentDirectoryW.KERNEL32(?), ref: 00D98395
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1670591504.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                            • Associated: 00000000.00000002.1670566303.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DBC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670670449.0000000000DEC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670683312.0000000000DF4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                            Similarity
                                            • API ID: CurrentDirectoryTime$File$Local$System
                                            • String ID: *.*
                                            • API String ID: 1464919966-438819550
                                            • Opcode ID: ef0b1f12263a64de4955a76ca08afad446b6692836eab445b03472710ce24cb3
                                            • Instruction ID: b6610c2e583e80869a3bb89a6dbcf7138cb19941b5c18ee2d4b331bae453053c
                                            • Opcode Fuzzy Hash: ef0b1f12263a64de4955a76ca08afad446b6692836eab445b03472710ce24cb3
                                            • Instruction Fuzzy Hash: 286147725043459FCB10EF64D8409AEB3E8FF99714F04892AF989D7251DB31E945CBB2
                                            Function 00D8D076 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 172fileCOMMON
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 00D23AA2: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00D23A97,?,?,00D22E7F,?,?,?,00000000), ref: 00D23AC2
                                              • Part of subcall function 00D8E199: GetFileAttributesW.KERNEL32(?,00D8CF95), ref: 00D8E19A
                                            • FindFirstFileW.KERNEL32(?,?), ref: 00D8D122
                                            • DeleteFileW.KERNEL32(?,?,?,?,?,00000000,?,?,?), ref: 00D8D1DD
                                            • MoveFileW.KERNEL32(?,?), ref: 00D8D1F0
                                            • DeleteFileW.KERNEL32(?,?,?,?), ref: 00D8D20D
                                            • FindNextFileW.KERNEL32(00000000,00000010), ref: 00D8D237
                                              • Part of subcall function 00D8D29C: CopyFileExW.KERNEL32(?,?,00000000,00000000,00000000,00000008,?,?,00D8D21C,?,?), ref: 00D8D2B2
                                            • FindClose.KERNEL32(00000000,?,?,?), ref: 00D8D253
                                            • FindClose.KERNEL32(00000000), ref: 00D8D264
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1670591504.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                            • Associated: 00000000.00000002.1670566303.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DBC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670670449.0000000000DEC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670683312.0000000000DF4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                            Similarity
                                            • API ID: File$Find$CloseDelete$AttributesCopyFirstFullMoveNameNextPath
                                            • String ID: \*.*
                                            • API String ID: 1946585618-1173974218
                                            • Opcode ID: 4767e634027a8ef38e8257d9bd39cae859cabf0082fdc44c134e19659fb84a58
                                            • Instruction ID: 8556b13446ce2d73b440cea53a0a0082a570fc4f978d46e54f3a6cea5566f8ef
                                            • Opcode Fuzzy Hash: 4767e634027a8ef38e8257d9bd39cae859cabf0082fdc44c134e19659fb84a58
                                            • Instruction Fuzzy Hash: D461293180125DAACF05FBA4E992AEDB7B6EF65304F644165E402B71D1EB30AF09CB70
                                            Function 00D9ED6A Relevance: 13.6, APIs: 9, Instructions: 102clipboardmemoryCOMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1670591504.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                            • Associated: 00000000.00000002.1670566303.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DBC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670670449.0000000000DEC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670683312.0000000000DF4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                            Similarity
                                            • API ID: Clipboard$AllocCloseEmptyGlobalOpen
                                            • String ID:
                                            • API String ID: 1737998785-0
                                            • Opcode ID: 98d3276ddc9f365c8185bcc0e47c83f1982683990474ee7fcd572bc08ca50ce3
                                            • Instruction ID: cf3789c7acc14ef9086a3d30e8e13adcbbe55609c4713609727f018ca57d1c41
                                            • Opcode Fuzzy Hash: 98d3276ddc9f365c8185bcc0e47c83f1982683990474ee7fcd572bc08ca50ce3
                                            • Instruction Fuzzy Hash: F4416935614611EFEB20DF15E888F19BBA5FF44328F18D199E4558B762C735EC41CBA0
                                            Function 00D8E8F6 Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 57shutdownCOMMON
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 00D816C3: LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 00D8170D
                                              • Part of subcall function 00D816C3: AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 00D8173A
                                              • Part of subcall function 00D816C3: GetLastError.KERNEL32 ref: 00D8174A
                                            • ExitWindowsEx.USER32(?,00000000), ref: 00D8E932
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1670591504.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                            • Associated: 00000000.00000002.1670566303.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DBC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670670449.0000000000DEC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670683312.0000000000DF4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                            Similarity
                                            • API ID: AdjustErrorExitLastLookupPrivilegePrivilegesTokenValueWindows
                                            • String ID: $ $@$SeShutdownPrivilege
                                            • API String ID: 2234035333-3163812486
                                            • Opcode ID: a3612d8c759c8d4602e5557cdf5c0d8d390e856951a21c7a93e26893dc49b517
                                            • Instruction ID: 404fa84923e412ae6533badcf2fb87dcc09bc48b5a670941a23ea30c91273c42
                                            • Opcode Fuzzy Hash: a3612d8c759c8d4602e5557cdf5c0d8d390e856951a21c7a93e26893dc49b517
                                            • Instruction Fuzzy Hash: D601D672620311EBEB6437B49C86FBF735CA714750F194521F852E22E2D6E09C448FB4
                                            Function 00DA1204 Relevance: 12.1, APIs: 8, Instructions: 113networkCOMMON
                                            Download Yara Rule
                                            APIs
                                            • socket.WSOCK32(00000002,00000001,00000006,?,00000002,00000000), ref: 00DA1276
                                            • WSAGetLastError.WSOCK32 ref: 00DA1283
                                            • bind.WSOCK32(00000000,?,00000010), ref: 00DA12BA
                                            • WSAGetLastError.WSOCK32 ref: 00DA12C5
                                            • closesocket.WSOCK32(00000000), ref: 00DA12F4
                                            • listen.WSOCK32(00000000,00000005), ref: 00DA1303
                                            • WSAGetLastError.WSOCK32 ref: 00DA130D
                                            • closesocket.WSOCK32(00000000), ref: 00DA133C
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1670591504.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                            • Associated: 00000000.00000002.1670566303.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DBC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670670449.0000000000DEC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670683312.0000000000DF4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                            Similarity
                                            • API ID: ErrorLast$closesocket$bindlistensocket
                                            • String ID:
                                            • API String ID: 540024437-0
                                            • Opcode ID: 32a5e7be2789e9f21d47d6d370a942d93ec0900b6a648a4f4e272f9a3328c142
                                            • Instruction ID: dfedf1013105cb92688deee28bece6f2540f9677c446bafe77cae2538efd8fcf
                                            • Opcode Fuzzy Hash: 32a5e7be2789e9f21d47d6d370a942d93ec0900b6a648a4f4e272f9a3328c142
                                            • Instruction Fuzzy Hash: FE416D39600210DFD710DF64D589B29BBE5BF86328F188198E8569F392C771ED81CBB1
                                            Function 00D8D3A9 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 91fileCOMMON
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 00D23AA2: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00D23A97,?,?,00D22E7F,?,?,?,00000000), ref: 00D23AC2
                                              • Part of subcall function 00D8E199: GetFileAttributesW.KERNEL32(?,00D8CF95), ref: 00D8E19A
                                            • FindFirstFileW.KERNEL32(?,?), ref: 00D8D420
                                            • DeleteFileW.KERNEL32(?,?,?,?), ref: 00D8D470
                                            • FindNextFileW.KERNEL32(00000000,00000010), ref: 00D8D481
                                            • FindClose.KERNEL32(00000000), ref: 00D8D498
                                            • FindClose.KERNEL32(00000000), ref: 00D8D4A1
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1670591504.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                            • Associated: 00000000.00000002.1670566303.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DBC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670670449.0000000000DEC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670683312.0000000000DF4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                            Similarity
                                            • API ID: FileFind$Close$AttributesDeleteFirstFullNameNextPath
                                            • String ID: \*.*
                                            • API String ID: 2649000838-1173974218
                                            • Opcode ID: 58f5e3bf694e1d6131b75ce6040bf48ab35b1c6b2d25c1da2eb8b1aa6f2e84da
                                            • Instruction ID: 60013faef8b06b97fee96bfe618ca3e7b5fd0b11d49db567e9e50b55a9e2da27
                                            • Opcode Fuzzy Hash: 58f5e3bf694e1d6131b75ce6040bf48ab35b1c6b2d25c1da2eb8b1aa6f2e84da
                                            • Instruction Fuzzy Hash: 53314F710183559BC204FF68D8919AFB7A9FEA5314F444A1DF4D1921D1EB30EA098B76
                                            Function 00D5E4FF Relevance: 10.1, APIs: 1, Strings: 4, Instructions: 1381COMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1670591504.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                            • Associated: 00000000.00000002.1670566303.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DBC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670670449.0000000000DEC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670683312.0000000000DF4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                            Similarity
                                            • API ID: __floor_pentium4
                                            • String ID: 1#IND$1#INF$1#QNAN$1#SNAN
                                            • API String ID: 4168288129-2761157908
                                            • Opcode ID: 8cda73712afebfce4d14206b0f6d7051123e170f4f8ba5519efc8c5c7ef9e389
                                            • Instruction ID: 447257457c7fe01852ea615a10d7b41d9e18eda6a913fba1845497c6a0758e11
                                            • Opcode Fuzzy Hash: 8cda73712afebfce4d14206b0f6d7051123e170f4f8ba5519efc8c5c7ef9e389
                                            • Instruction Fuzzy Hash: 47C23B71E046288BDF29DF28DD407A9B7B5EB48306F1841EADC4DE7241E774AE858F60
                                            Function 00D9648E Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 367comCOMMON
                                            Download Yara Rule
                                            APIs
                                            • _wcslen.LIBCMT ref: 00D964DC
                                            • CoInitialize.OLE32(00000000), ref: 00D96639
                                            • CoCreateInstance.OLE32(00DBFCF8,00000000,00000001,00DBFB68,?), ref: 00D96650
                                            • CoUninitialize.OLE32 ref: 00D968D4
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1670591504.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                            • Associated: 00000000.00000002.1670566303.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DBC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670670449.0000000000DEC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670683312.0000000000DF4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                            Similarity
                                            • API ID: CreateInitializeInstanceUninitialize_wcslen
                                            • String ID: .lnk
                                            • API String ID: 886957087-24824748
                                            • Opcode ID: e1980fd8c2041023c2ff1f5f0a24c89a1a8d35488be471076812df837c3d0d5e
                                            • Instruction ID: 6d5fb6934b9e54e392e06c8d4d887fcb56a7285db185c4678a6667a961785883
                                            • Opcode Fuzzy Hash: e1980fd8c2041023c2ff1f5f0a24c89a1a8d35488be471076812df837c3d0d5e
                                            • Instruction Fuzzy Hash: 08D13771508211AFC714EF24D89196BB7E8FF98708F04496DF5958B291EB30ED09CBB2
                                            Function 00DA22DA Relevance: 9.1, APIs: 6, Instructions: 103COMMON
                                            Download Yara Rule
                                            APIs
                                            • GetForegroundWindow.USER32(?,?,00000000), ref: 00DA22E8
                                              • Part of subcall function 00D9E4EC: GetWindowRect.USER32(?,?), ref: 00D9E504
                                            • GetDesktopWindow.USER32 ref: 00DA2312
                                            • GetWindowRect.USER32(00000000), ref: 00DA2319
                                            • mouse_event.USER32(00008001,?,?,00000002,00000002), ref: 00DA2355
                                            • GetCursorPos.USER32(?), ref: 00DA2381
                                            • mouse_event.USER32(00008001,?,?,00000000,00000000), ref: 00DA23DF
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1670591504.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                            • Associated: 00000000.00000002.1670566303.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DBC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670670449.0000000000DEC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670683312.0000000000DF4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                            Similarity
                                            • API ID: Window$Rectmouse_event$CursorDesktopForeground
                                            • String ID:
                                            • API String ID: 2387181109-0
                                            • Opcode ID: 074e20d5a0d9b26701b1e0118100d289eb72d6170a5168c0383b25e87aed4bc1
                                            • Instruction ID: b9f528f726725bfbf4b7e9e8940c4a55fdc9810da44b778626b79c4c1275b6cf
                                            • Opcode Fuzzy Hash: 074e20d5a0d9b26701b1e0118100d289eb72d6170a5168c0383b25e87aed4bc1
                                            • Instruction Fuzzy Hash: 1E31CF72504315AFCB20DF19C845A6BB7A9FF86310F000A1DF985D7291DB34E908CBA2
                                            Function 00D99B2B Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 119filesleepCOMMON
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 00D29CB3: _wcslen.LIBCMT ref: 00D29CBD
                                            • FindFirstFileW.KERNEL32(00000001,?,*.*,?,?,00000000,00000000), ref: 00D99B78
                                            • FindClose.KERNEL32(00000000,?,00000000,00000000), ref: 00D99C8B
                                              • Part of subcall function 00D93874: GetInputState.USER32 ref: 00D938CB
                                              • Part of subcall function 00D93874: PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00D93966
                                            • Sleep.KERNEL32(0000000A,?,00000000,00000000), ref: 00D99BA8
                                            • FindNextFileW.KERNEL32(?,?,?,00000000,00000000), ref: 00D99C75
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1670591504.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                            • Associated: 00000000.00000002.1670566303.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DBC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670670449.0000000000DEC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670683312.0000000000DF4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                            Similarity
                                            • API ID: Find$File$CloseFirstInputMessageNextPeekSleepState_wcslen
                                            • String ID: *.*
                                            • API String ID: 1972594611-438819550
                                            • Opcode ID: c25060b8c81ced15b66d82fc6851bed875bef9f3cf2929408bcf162a8ebedfd6
                                            • Instruction ID: 03db7b1d53177095d79e25d324913792fa8ed45746f6d7f57f2bb4ae47da6395
                                            • Opcode Fuzzy Hash: c25060b8c81ced15b66d82fc6851bed875bef9f3cf2929408bcf162a8ebedfd6
                                            • Instruction Fuzzy Hash: 57414C7190421A9FCF14DF68DC95AEEBBB8FF15314F28415AE805A2291EB309E44CB70
                                            Function 00D3997D Relevance: 7.9, APIs: 5, Instructions: 375COMMON
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 00D39BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00D39BB2
                                            • DefDlgProcW.USER32(?,?,?,?,?), ref: 00D39A4E
                                            • GetSysColor.USER32(0000000F), ref: 00D39B23
                                            • SetBkColor.GDI32(?,00000000), ref: 00D39B36
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1670591504.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                            • Associated: 00000000.00000002.1670566303.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DBC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670670449.0000000000DEC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670683312.0000000000DF4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                            Similarity
                                            • API ID: Color$LongProcWindow
                                            • String ID:
                                            • API String ID: 3131106179-0
                                            • Opcode ID: 10fa2fecdae62e75431f7fe2a079ef4bc5cc3951c58687667af89d48a666884f
                                            • Instruction ID: 31b7e0b31e627efdff4552829b0f826631987ff5d9656a13f959e35549486ddd
                                            • Opcode Fuzzy Hash: 10fa2fecdae62e75431f7fe2a079ef4bc5cc3951c58687667af89d48a666884f
                                            • Instruction Fuzzy Hash: 65A16A71209544FEE728AB3C8CB8EBFB69DEB42350F198709F142C6695DAA5DD01C271
                                            Function 00DA1806 Relevance: 7.7, APIs: 5, Instructions: 153networkCOMMON
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 00DA304E: inet_addr.WSOCK32(?,?,?,?,?,00000000), ref: 00DA307A
                                              • Part of subcall function 00DA304E: _wcslen.LIBCMT ref: 00DA309B
                                            • socket.WSOCK32(00000002,00000002,00000011,?,?,00000000), ref: 00DA185D
                                            • WSAGetLastError.WSOCK32 ref: 00DA1884
                                            • bind.WSOCK32(00000000,?,00000010), ref: 00DA18DB
                                            • WSAGetLastError.WSOCK32 ref: 00DA18E6
                                            • closesocket.WSOCK32(00000000), ref: 00DA1915
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1670591504.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                            • Associated: 00000000.00000002.1670566303.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DBC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670670449.0000000000DEC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670683312.0000000000DF4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                            Similarity
                                            • API ID: ErrorLast$_wcslenbindclosesocketinet_addrsocket
                                            • String ID:
                                            • API String ID: 1601658205-0
                                            • Opcode ID: 4e29c71231b5a0cdf1645d36754d8ce0f70559c9a05cac47feb6bfaaeb7bcecb
                                            • Instruction ID: 248da71349a6c7d6fa04b9761972014c5c103eaf34ea80ec10e72bdd3e7ef917
                                            • Opcode Fuzzy Hash: 4e29c71231b5a0cdf1645d36754d8ce0f70559c9a05cac47feb6bfaaeb7bcecb
                                            • Instruction Fuzzy Hash: 3751A075A00210AFDB10AF24D886F2A77E5EF89718F088498F955AF3C3C675ED418BB1
                                            Function 00DB1C41 Relevance: 7.6, APIs: 5, Instructions: 83windowCOMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1670591504.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                            • Associated: 00000000.00000002.1670566303.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DBC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670670449.0000000000DEC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670683312.0000000000DF4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                            Similarity
                                            • API ID: Window$EnabledForegroundIconicVisibleZoomed
                                            • String ID:
                                            • API String ID: 292994002-0
                                            • Opcode ID: ecee67dda6be6b1f886eab1c711af976a365547a1f9ff1049aa74caff7147ddb
                                            • Instruction ID: 02e82ce5f9e31537d2ec87913fefee1b2235bcbc6f1a21fdd869ce0a929761e1
                                            • Opcode Fuzzy Hash: ecee67dda6be6b1f886eab1c711af976a365547a1f9ff1049aa74caff7147ddb
                                            • Instruction Fuzzy Hash: 9F218035740211DFD7208F1AD864BAABBA5FF95314B9D9058E84ACB351CB71ED42CBB0
                                            Function 00D28060 Relevance: 7.4, Strings: 5, Instructions: 1151COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1670591504.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                            • Associated: 00000000.00000002.1670566303.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DBC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670670449.0000000000DEC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670683312.0000000000DF4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: ERCP$VUUU$VUUU$VUUU$VUUU
                                            • API String ID: 0-1546025612
                                            • Opcode ID: f7866b262f2bbb3ea3da186456066acb7717d9c061f07205f50e50468048538e
                                            • Instruction ID: 565ed905bf9bcd81b7f41439f79fab8a9dd2d9ef7976404d6f238a59675897cb
                                            • Opcode Fuzzy Hash: f7866b262f2bbb3ea3da186456066acb7717d9c061f07205f50e50468048538e
                                            • Instruction Fuzzy Hash: EDA28F70E0122ACBDF24CF58D8407ADB7B1BF64314F2881AAE855A7285DB34DD81DFA0
                                            Function 00D8AA57 Relevance: 6.1, APIs: 4, Instructions: 107keyboardwindowCOMMON
                                            Download Yara Rule
                                            APIs
                                            • GetKeyboardState.USER32(?,00000001,00000040,00000000), ref: 00D8AAAC
                                            • SetKeyboardState.USER32(00000080), ref: 00D8AAC8
                                            • PostMessageW.USER32(?,00000102,00000001,00000001), ref: 00D8AB36
                                            • SendInput.USER32(00000001,?,0000001C,00000001,00000040,00000000), ref: 00D8AB88
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1670591504.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                            • Associated: 00000000.00000002.1670566303.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DBC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670670449.0000000000DEC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670683312.0000000000DF4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                            Similarity
                                            • API ID: KeyboardState$InputMessagePostSend
                                            • String ID:
                                            • API String ID: 432972143-0
                                            • Opcode ID: 8dc3dbc7d1e2fcbd3749f06a96d70332fd9d84f4cba69677c7b710c8dc68a8c5
                                            • Instruction ID: f8a26542137b461bf103185b4d19fd1a6a6a5b05ba51c2aff6b280061bd78f87
                                            • Opcode Fuzzy Hash: 8dc3dbc7d1e2fcbd3749f06a96d70332fd9d84f4cba69677c7b710c8dc68a8c5
                                            • Instruction Fuzzy Hash: 12311830A40208AEFB35AB6D8C05BFA7BA6AB44710F08421BF0D1965D0D375A981C772
                                            Function 00D5BB6F Relevance: 6.1, APIs: 4, Instructions: 90timeCOMMON
                                            Download Yara Rule
                                            APIs
                                            • _free.LIBCMT ref: 00D5BB7F
                                              • Part of subcall function 00D529C8: RtlFreeHeap.NTDLL(00000000,00000000,?,00D5D7D1,00000000,00000000,00000000,00000000,?,00D5D7F8,00000000,00000007,00000000,?,00D5DBF5,00000000), ref: 00D529DE
                                              • Part of subcall function 00D529C8: GetLastError.KERNEL32(00000000,?,00D5D7D1,00000000,00000000,00000000,00000000,?,00D5D7F8,00000000,00000007,00000000,?,00D5DBF5,00000000,00000000), ref: 00D529F0
                                            • GetTimeZoneInformation.KERNEL32 ref: 00D5BB91
                                            • WideCharToMultiByte.KERNEL32(00000000,?,00DF121C,000000FF,?,0000003F,?,?), ref: 00D5BC09
                                            • WideCharToMultiByte.KERNEL32(00000000,?,00DF1270,000000FF,?,0000003F,?,?,?,00DF121C,000000FF,?,0000003F,?,?), ref: 00D5BC36
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1670591504.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                            • Associated: 00000000.00000002.1670566303.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DBC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670670449.0000000000DEC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670683312.0000000000DF4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                            Similarity
                                            • API ID: ByteCharMultiWide$ErrorFreeHeapInformationLastTimeZone_free
                                            • String ID:
                                            • API String ID: 806657224-0
                                            • Opcode ID: 45d31501968ce194f974d2e72b57d3e7f49accc4ad59c4abfdbe005980ed2a1d
                                            • Instruction ID: 2a660cbb38f95221e4c65408fa60cbfa2ef6d28f227236144adf10dd0358bc90
                                            • Opcode Fuzzy Hash: 45d31501968ce194f974d2e72b57d3e7f49accc4ad59c4abfdbe005980ed2a1d
                                            • Instruction Fuzzy Hash: 1A31AE70904205EFCF11DFA9DC81979BBB8FF4636171882AAE860E73A1D7309908CB74
                                            Function 00D9CE44 Relevance: 6.1, APIs: 4, Instructions: 75filenetworkCOMMON
                                            Download Yara Rule
                                            APIs
                                            • InternetReadFile.WININET(?,?,00000400,?), ref: 00D9CE89
                                            • GetLastError.KERNEL32(?,00000000), ref: 00D9CEEA
                                            • SetEvent.KERNEL32(?,?,00000000), ref: 00D9CEFE
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1670591504.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                            • Associated: 00000000.00000002.1670566303.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DBC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670670449.0000000000DEC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670683312.0000000000DF4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                            Similarity
                                            • API ID: ErrorEventFileInternetLastRead
                                            • String ID:
                                            • API String ID: 234945975-0
                                            • Opcode ID: 56ab48fb8f5c6181775c487d8df7cdc2f30ebb96e1645b8392df4d2e0a67b185
                                            • Instruction ID: b6db7aedcc909e7ade2ee32e0db2928ae09ce5146e73ac6e800f64f3021fa598
                                            • Opcode Fuzzy Hash: 56ab48fb8f5c6181775c487d8df7cdc2f30ebb96e1645b8392df4d2e0a67b185
                                            • Instruction Fuzzy Hash: E72189B1510705EBEB20DFA5C948BA6B7F8EF50354F14542EE546D2251E770EE048B74
                                            Function 00D88298 Relevance: 5.1, APIs: 1, Strings: 2, Instructions: 568stringCOMMON
                                            Download Yara Rule
                                            APIs
                                            • lstrlenW.KERNEL32(?,?,?,00000000), ref: 00D882AA
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1670591504.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                            • Associated: 00000000.00000002.1670566303.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DBC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670670449.0000000000DEC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670683312.0000000000DF4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                            Similarity
                                            • API ID: lstrlen
                                            • String ID: ($|
                                            • API String ID: 1659193697-1631851259
                                            • Opcode ID: 5da7c1a47e4dffc8af6d2c2c8d3cf3dc79a049acc8a3b5c8c0ce7cbc4891b6f6
                                            • Instruction ID: 510dd9a3a5c6d57845f3a391e94171d46b35c64ce3df6612dcc45589d537fc89
                                            • Opcode Fuzzy Hash: 5da7c1a47e4dffc8af6d2c2c8d3cf3dc79a049acc8a3b5c8c0ce7cbc4891b6f6
                                            • Instruction Fuzzy Hash: D2323474A00705DFCB28DF59C481A6AB7F0FF48710B55846EE49ADB3A1EB70E981CB64
                                            Function 00D95C97 Relevance: 4.6, APIs: 3, Instructions: 138fileCOMMON
                                            Download Yara Rule
                                            APIs
                                            • FindFirstFileW.KERNEL32(?,?), ref: 00D95CC1
                                            • FindNextFileW.KERNEL32(00000000,?), ref: 00D95D17
                                            • FindClose.KERNEL32(?), ref: 00D95D5F
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1670591504.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                            • Associated: 00000000.00000002.1670566303.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DBC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670670449.0000000000DEC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670683312.0000000000DF4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                            Similarity
                                            • API ID: Find$File$CloseFirstNext
                                            • String ID:
                                            • API String ID: 3541575487-0
                                            • Opcode ID: 0cee7ce451d34b4622b4cd064d7291198b3c6f0f8bb2116d572b94129ae0afe0
                                            • Instruction ID: c84511662db0581c44c8a8d7b1a6332fa0be1692ee3063349cf4221c02e182ba
                                            • Opcode Fuzzy Hash: 0cee7ce451d34b4622b4cd064d7291198b3c6f0f8bb2116d572b94129ae0afe0
                                            • Instruction Fuzzy Hash: 5A518B746047019FCB14DF28E494A9AB7E4FF49314F14856DE99A8B3A1CB30ED44CBB1
                                            Function 00D52622 Relevance: 4.6, APIs: 3, Instructions: 78COMMONLIBRARYCODE
                                            Download Yara Rule
                                            APIs
                                            • IsDebuggerPresent.KERNEL32 ref: 00D5271A
                                            • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 00D52724
                                            • UnhandledExceptionFilter.KERNEL32(?), ref: 00D52731
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1670591504.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                            • Associated: 00000000.00000002.1670566303.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DBC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670670449.0000000000DEC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670683312.0000000000DF4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                            Similarity
                                            • API ID: ExceptionFilterUnhandled$DebuggerPresent
                                            • String ID:
                                            • API String ID: 3906539128-0
                                            • Opcode ID: ba4a0d4b55982cce7eb06fa48eb54c53314367548d66da8d9dbba4f2aaee0fed
                                            • Instruction ID: 91371bd5fdbb76a636672c5437f3cafae792011264329837b5fc4c31777109d1
                                            • Opcode Fuzzy Hash: ba4a0d4b55982cce7eb06fa48eb54c53314367548d66da8d9dbba4f2aaee0fed
                                            • Instruction Fuzzy Hash: A631B4759513189BCB21DF64DC89B99BBB8FF08310F5042EAE81CA6261E7309F858F65
                                            Function 00D951CD Relevance: 4.6, APIs: 3, Instructions: 76COMMON
                                            Download Yara Rule
                                            APIs
                                            • SetErrorMode.KERNEL32(00000001), ref: 00D951DA
                                            • GetDiskFreeSpaceExW.KERNEL32(?,?,?,?), ref: 00D95238
                                            • SetErrorMode.KERNEL32(00000000), ref: 00D952A1
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1670591504.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                            • Associated: 00000000.00000002.1670566303.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DBC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670670449.0000000000DEC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670683312.0000000000DF4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                            Similarity
                                            • API ID: ErrorMode$DiskFreeSpace
                                            • String ID:
                                            • API String ID: 1682464887-0
                                            • Opcode ID: 26a48c76adf5bf4e458c83fa5d967a729d6f8ccf0e669c844217659e5b4055f4
                                            • Instruction ID: 46c75e51300f076a6d320aeef69e015580e22b16677a6ce9cc0ce0242d3949a9
                                            • Opcode Fuzzy Hash: 26a48c76adf5bf4e458c83fa5d967a729d6f8ccf0e669c844217659e5b4055f4
                                            • Instruction Fuzzy Hash: BB312F75A10618DFDB00DF54D894EADBBB5FF49318F088099E805AB396DB31E855CBA0
                                            Function 00D816C3 Relevance: 4.6, APIs: 3, Instructions: 68COMMON
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 00D3FDDB: __CxxThrowException@8.LIBVCRUNTIME ref: 00D40668
                                              • Part of subcall function 00D3FDDB: __CxxThrowException@8.LIBVCRUNTIME ref: 00D40685
                                            • LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 00D8170D
                                            • AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 00D8173A
                                            • GetLastError.KERNEL32 ref: 00D8174A
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1670591504.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                            • Associated: 00000000.00000002.1670566303.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DBC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670670449.0000000000DEC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670683312.0000000000DF4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                            Similarity
                                            • API ID: Exception@8Throw$AdjustErrorLastLookupPrivilegePrivilegesTokenValue
                                            • String ID:
                                            • API String ID: 577356006-0
                                            • Opcode ID: f95bb5bbbd90fc4ed54cd0e46125f7bfbfb91ef8f5011d730460659e8213f873
                                            • Instruction ID: 3fb5692e7e4aff2fa67cbc85705b78603885a3b3cded51eea8af034fb586a3ef
                                            • Opcode Fuzzy Hash: f95bb5bbbd90fc4ed54cd0e46125f7bfbfb91ef8f5011d730460659e8213f873
                                            • Instruction Fuzzy Hash: F7118FB2814308EFD718AF54EC86D6AB7BDFB44714B24852EF05696241EB70BC468B30
                                            Function 00D8D5EB Relevance: 4.6, APIs: 3, Instructions: 58fileCOMMON
                                            Download Yara Rule
                                            APIs
                                            • CreateFileW.KERNEL32(?,00000080,00000003,00000000,00000003,00000080,00000000), ref: 00D8D608
                                            • DeviceIoControl.KERNEL32(00000000,002D1400,?,0000000C,?,00000028,?,00000000), ref: 00D8D645
                                            • CloseHandle.KERNEL32(?,?,00000080,00000003,00000000,00000003,00000080,00000000), ref: 00D8D650
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1670591504.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                            • Associated: 00000000.00000002.1670566303.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DBC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670670449.0000000000DEC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670683312.0000000000DF4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                            Similarity
                                            • API ID: CloseControlCreateDeviceFileHandle
                                            • String ID:
                                            • API String ID: 33631002-0
                                            • Opcode ID: fe17f09b407bdc72d9788409588b0ba4e730d7f2208527fea4ab544254504617
                                            • Instruction ID: d8fc2b69d72e31657a6a6a621d056cef07a0515f3ce626bcd22a4843b2c81f5f
                                            • Opcode Fuzzy Hash: fe17f09b407bdc72d9788409588b0ba4e730d7f2208527fea4ab544254504617
                                            • Instruction Fuzzy Hash: FB113C75E05328BBDB109F99AC45FAFBBBCEB45B50F108125F904E7290D6704A058BA1
                                            Function 00D81663 Relevance: 4.5, APIs: 3, Instructions: 40memoryCOMMON
                                            Download Yara Rule
                                            APIs
                                            • AllocateAndInitializeSid.ADVAPI32(?,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?,?), ref: 00D8168C
                                            • CheckTokenMembership.ADVAPI32(00000000,?,?), ref: 00D816A1
                                            • FreeSid.ADVAPI32(?), ref: 00D816B1
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1670591504.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                            • Associated: 00000000.00000002.1670566303.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DBC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670670449.0000000000DEC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670683312.0000000000DF4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                            Similarity
                                            • API ID: AllocateCheckFreeInitializeMembershipToken
                                            • String ID:
                                            • API String ID: 3429775523-0
                                            • Opcode ID: e321436a16020a48c68eacfe9269ac5051da669a58e9ea45cacafc9902603688
                                            • Instruction ID: e05981a14e8988701ea15d1d6c7e70f7a9a58769d521dd40a502c733db500751
                                            • Opcode Fuzzy Hash: e321436a16020a48c68eacfe9269ac5051da669a58e9ea45cacafc9902603688
                                            • Instruction Fuzzy Hash: 2DF0F475950309FBDB00EFE49C8AAAEBBBCFB08604F504565E501E2281E774AA448B60
                                            Function 00D7D27A Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                            Download Yara Rule
                                            APIs
                                            • GetUserNameW.ADVAPI32(?,?), ref: 00D7D28C
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1670591504.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                            • Associated: 00000000.00000002.1670566303.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DBC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670670449.0000000000DEC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670683312.0000000000DF4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                            Similarity
                                            • API ID: NameUser
                                            • String ID: X64
                                            • API String ID: 2645101109-893830106
                                            • Opcode ID: 6f75031aab19e1bc25fba5d593181acd4e316966156f0c01818e256a0653d459
                                            • Instruction ID: 8981dc53e03b1c7da1163a88b8eb5f4ca98a0553983414fe7d74e03bf80c12d6
                                            • Opcode Fuzzy Hash: 6f75031aab19e1bc25fba5d593181acd4e316966156f0c01818e256a0653d459
                                            • Instruction Fuzzy Hash: 2AD0CAB481122DEBCBA4DBA0EC88DDEB3BCBB04305F104292F54AE2100EB3096498F20
                                            Function 00D4CAA0 Relevance: 3.5, APIs: 2, Instructions: 464COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1670591504.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                            • Associated: 00000000.00000002.1670566303.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DBC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670670449.0000000000DEC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670683312.0000000000DF4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 2fbdbeface8d474e65e3d830227d731b015bc4fe83c76ff0107a9da6199ccf29
                                            • Instruction ID: 77f6d18895ff4dc62130afa8c9dbe2e8df361183c58a84b411f13eda1aa8fa42
                                            • Opcode Fuzzy Hash: 2fbdbeface8d474e65e3d830227d731b015bc4fe83c76ff0107a9da6199ccf29
                                            • Instruction Fuzzy Hash: 36023D71E112199FDF54CFA9C8806ADFBF1EF48314F298169E919E7380D731AA41CBA4
                                            Function 00D968EE Relevance: 3.1, APIs: 2, Instructions: 57fileCOMMON
                                            Download Yara Rule
                                            APIs
                                            • FindFirstFileW.KERNEL32(?,?), ref: 00D96918
                                            • FindClose.KERNEL32(00000000), ref: 00D96961
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1670591504.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                            • Associated: 00000000.00000002.1670566303.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DBC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670670449.0000000000DEC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670683312.0000000000DF4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                            Similarity
                                            • API ID: Find$CloseFileFirst
                                            • String ID:
                                            • API String ID: 2295610775-0
                                            • Opcode ID: 67d808719cffd3af6eb622579536ff2ae1595b5ace945f1cc447022b4c11ca0d
                                            • Instruction ID: 386a9e83404e52df680057c803cf1ae87af3aa35d738928616a795e681ac47e4
                                            • Opcode Fuzzy Hash: 67d808719cffd3af6eb622579536ff2ae1595b5ace945f1cc447022b4c11ca0d
                                            • Instruction Fuzzy Hash: C91181316142109FCB10DF69D484A16BBE5FF89328F14C699E4698F7A2C730EC05CBA1
                                            Function 00D937B5 Relevance: 3.0, APIs: 2, Instructions: 33windowCOMMON
                                            Download Yara Rule
                                            APIs
                                            • GetLastError.KERNEL32(00000000,?,00000FFF,00000000,?,?,?,00DA4891,?,?,00000035,?), ref: 00D937E4
                                            • FormatMessageW.KERNEL32(00001000,00000000,?,00000000,?,00000FFF,00000000,?,?,?,00DA4891,?,?,00000035,?), ref: 00D937F4
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1670591504.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                            • Associated: 00000000.00000002.1670566303.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DBC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670670449.0000000000DEC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670683312.0000000000DF4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                            Similarity
                                            • API ID: ErrorFormatLastMessage
                                            • String ID:
                                            • API String ID: 3479602957-0
                                            • Opcode ID: 57869a720eb5335ece6bb766c253d02dcbd7b5e54a16ac2f7e37a38c36b071ad
                                            • Instruction ID: 6417b1650cc7e155985beff327a7c067bcb8787700803797cc07ddde4512ed7d
                                            • Opcode Fuzzy Hash: 57869a720eb5335ece6bb766c253d02dcbd7b5e54a16ac2f7e37a38c36b071ad
                                            • Instruction Fuzzy Hash: 4BF0E5B1604328ABEB2017A69C4DFEB7AAEEFC4765F000265F509D2291D9609904C7B0
                                            Function 00D8B226 Relevance: 3.0, APIs: 2, Instructions: 29keyboardCOMMON
                                            Download Yara Rule
                                            APIs
                                            • SendInput.USER32(00000001,?,0000001C,?,?,00000002), ref: 00D8B25D
                                            • keybd_event.USER32(?,75C0C0D0,?,00000000), ref: 00D8B270
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1670591504.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                            • Associated: 00000000.00000002.1670566303.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DBC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670670449.0000000000DEC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670683312.0000000000DF4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                            Similarity
                                            • API ID: InputSendkeybd_event
                                            • String ID:
                                            • API String ID: 3536248340-0
                                            • Opcode ID: 25424a57bdede47f92273ded27ec0c8d268b50b6a36e3676d80935a81afda602
                                            • Instruction ID: b4229bad7cb47b7bca12ad95808982498743763262bfc6b26842a30e68196169
                                            • Opcode Fuzzy Hash: 25424a57bdede47f92273ded27ec0c8d268b50b6a36e3676d80935a81afda602
                                            • Instruction Fuzzy Hash: 7CF06D7080424DEBDB059FA0C805BEE7BB0FF04315F00800AF951A5191C379C2019FA8
                                            Function 00D810BF Relevance: 3.0, APIs: 2, Instructions: 24COMMON
                                            Download Yara Rule
                                            APIs
                                            • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000,?,00D811FC), ref: 00D810D4
                                            • CloseHandle.KERNEL32(?,?,00D811FC), ref: 00D810E9
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1670591504.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                            • Associated: 00000000.00000002.1670566303.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DBC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670670449.0000000000DEC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670683312.0000000000DF4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                            Similarity
                                            • API ID: AdjustCloseHandlePrivilegesToken
                                            • String ID:
                                            • API String ID: 81990902-0
                                            • Opcode ID: 9ef5f432697a4f5e4f3870873c1bc3052c35031ef9ca62d988f9cbba13939c2e
                                            • Instruction ID: 9e8b6a1132a22298c4d719b232b674316af816391a8b3e52497abeb129e48bb1
                                            • Opcode Fuzzy Hash: 9ef5f432697a4f5e4f3870873c1bc3052c35031ef9ca62d988f9cbba13939c2e
                                            • Instruction Fuzzy Hash: 1EE09A72418610EEE7252B51FC09E7777A9FB04310F14892DB5A5805B5DA626C90DB70
                                            Function 00D2CAF0 Relevance: 1.9, Strings: 1, Instructions: 659COMMON
                                            Download Yara Rule
                                            Strings
                                            • Variable is not of type 'Object'., xrefs: 00D70C40
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1670591504.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                            • Associated: 00000000.00000002.1670566303.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DBC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670670449.0000000000DEC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670683312.0000000000DF4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: Variable is not of type 'Object'.
                                            • API String ID: 0-1840281001
                                            • Opcode ID: 66d9c86cc1e160589e9d64983f93103d75c8ee30b1751164388c1eae60f7bf79
                                            • Instruction ID: 05dc50d2e4d6e8b40c9f7ec259820028876735fb8682e7b42714e274d2eb577d
                                            • Opcode Fuzzy Hash: 66d9c86cc1e160589e9d64983f93103d75c8ee30b1751164388c1eae60f7bf79
                                            • Instruction Fuzzy Hash: 5E32A070910228DBCF14DF94E981BEDBBB5FF25308F189059E84AAB281D775AE45CB70
                                            Function 00D5676B Relevance: 1.8, APIs: 1, Instructions: 269COMMONLIBRARYCODE
                                            Download Yara Rule
                                            APIs
                                            • RaiseException.KERNEL32(C000000D,00000000,00000001,?,?,00000008,?,?,00D56766,?,?,00000008,?,?,00D5FEFE,00000000), ref: 00D56998
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1670591504.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                            • Associated: 00000000.00000002.1670566303.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DBC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670670449.0000000000DEC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670683312.0000000000DF4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                            Similarity
                                            • API ID: ExceptionRaise
                                            • String ID:
                                            • API String ID: 3997070919-0
                                            • Opcode ID: 361209bea2819391d2d4b2c3fa047c2b7ae21744eb59c9270e62cfb72273f6b3
                                            • Instruction ID: 4a971cad2c7cf5814c0639729ea0843b6cdd7d2275f8ded783080765388d21e5
                                            • Opcode Fuzzy Hash: 361209bea2819391d2d4b2c3fa047c2b7ae21744eb59c9270e62cfb72273f6b3
                                            • Instruction Fuzzy Hash: 42B159316106089FDB15CF28C48AB647BA0FF05366F698658ECD9CF2A2C735E989CB50
                                            Function 00D3B119 Relevance: 1.8, Strings: 1, Instructions: 511COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1670591504.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                            • Associated: 00000000.00000002.1670566303.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DBC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670670449.0000000000DEC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670683312.0000000000DF4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID: 0-3916222277
                                            • Opcode ID: 980b2a3c9e33e48a73a4e67ce1339f84069e3332ca71401583799786585e36ec
                                            • Instruction ID: 959dcfba31b8d72c6f16e1f87a67b7146acf38b8ed16adb9dc4a8ffff8edd8b3
                                            • Opcode Fuzzy Hash: 980b2a3c9e33e48a73a4e67ce1339f84069e3332ca71401583799786585e36ec
                                            • Instruction Fuzzy Hash: 0D125E71E002299FCB14CF58C8816EEB7F5FF48710F14819AE949EB251EB709A81DFA4
                                            Function 00D9EAA2 Relevance: 1.5, APIs: 1, Instructions: 25keyboardCOMMON
                                            Download Yara Rule
                                            APIs
                                            • BlockInput.USER32(00000001), ref: 00D9EABD
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1670591504.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                            • Associated: 00000000.00000002.1670566303.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DBC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670670449.0000000000DEC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670683312.0000000000DF4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                            Similarity
                                            • API ID: BlockInput
                                            • String ID:
                                            • API String ID: 3456056419-0
                                            • Opcode ID: 1c92e72477b18740a8759f543dce55d62c2866b985c4c9dd008d843b7aa069b2
                                            • Instruction ID: 246ef95d2ae08ecb81c312db0c3b62393bf926d563a52615950fe958b038309c
                                            • Opcode Fuzzy Hash: 1c92e72477b18740a8759f543dce55d62c2866b985c4c9dd008d843b7aa069b2
                                            • Instruction Fuzzy Hash: 74E01A312102149FD710EF59E804E9AB7E9EFA8764F048426FC49CB361DAB0E8418BB0
                                            Function 00D409D5 Relevance: 1.5, APIs: 1, Instructions: 3COMMON
                                            Download Yara Rule
                                            APIs
                                            • SetUnhandledExceptionFilter.KERNEL32(Function_000209E1,00D403EE), ref: 00D409DA
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1670591504.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                            • Associated: 00000000.00000002.1670566303.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DBC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670670449.0000000000DEC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670683312.0000000000DF4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                            Similarity
                                            • API ID: ExceptionFilterUnhandled
                                            • String ID:
                                            • API String ID: 3192549508-0
                                            • Opcode ID: 5c1a8f24cf541dd853b535b914de92a4c55d576c5f192b91161400483b3879a8
                                            • Instruction ID: e9b37f7871c098e9255fa63ea396dd9aea2b909ae8dc2d66ed5d71420d0c9c8b
                                            • Opcode Fuzzy Hash: 5c1a8f24cf541dd853b535b914de92a4c55d576c5f192b91161400483b3879a8
                                            • Instruction Fuzzy Hash:
                                            Function 00D4781B Relevance: 1.5, Strings: 1, Instructions: 214COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1670591504.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                            • Associated: 00000000.00000002.1670566303.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DBC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670670449.0000000000DEC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670683312.0000000000DF4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: 0
                                            • API String ID: 0-4108050209
                                            • Opcode ID: 9084b4e029052128895840c3c28e948f6724b1d83b91d22a18243ac96ad56844
                                            • Instruction ID: 7b5b7f9cc0242836cae3003d938b0b55626016a83cc576988531a4872f619dd0
                                            • Opcode Fuzzy Hash: 9084b4e029052128895840c3c28e948f6724b1d83b91d22a18243ac96ad56844
                                            • Instruction Fuzzy Hash: 3551787160C7495BDF388678885EBBE6389EB12340F1C090AD8C6D7282CB15DE05E776
                                            Function 00D56DD9 Relevance: .6, Instructions: 637COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1670591504.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                            • Associated: 00000000.00000002.1670566303.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DBC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670670449.0000000000DEC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670683312.0000000000DF4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 67ade63d18f1123e59b61db70f9a675da887675f4aa74eb4f854ccebd2574e12
                                            • Instruction ID: 37973b6645a5b0057775a632bf6aaeef91caa462f58f81cbc31dbe48f5fad878
                                            • Opcode Fuzzy Hash: 67ade63d18f1123e59b61db70f9a675da887675f4aa74eb4f854ccebd2574e12
                                            • Instruction Fuzzy Hash: 4C32F321D29F024DDB239634E8223356689AFB73D6F25D737FC1AB5AA5EF29C4834110
                                            Function 00D3CC39 Relevance: .6, Instructions: 635COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1670591504.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                            • Associated: 00000000.00000002.1670566303.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DBC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670670449.0000000000DEC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670683312.0000000000DF4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: b98ad3f8f168e68094b26a3b435d66a1a854575fbb2825e20c31fb370e7a5295
                                            • Instruction ID: a664901bcf2303c055a381e65fb5142bc87f66963a365998bf8e28ba5aa47964
                                            • Opcode Fuzzy Hash: b98ad3f8f168e68094b26a3b435d66a1a854575fbb2825e20c31fb370e7a5295
                                            • Instruction Fuzzy Hash: 1632E231A201558FDF28CE29C49467D77A1EB85300F2CE56ED88EAB291F631DD82DB71
                                            Function 00D27920 Relevance: .6, Instructions: 563COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1670591504.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                            • Associated: 00000000.00000002.1670566303.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DBC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670670449.0000000000DEC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670683312.0000000000DF4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: fc7d02cb70f6f0975e4960768c5dc53da2790c0581ff97f33a84ddb437610cbc
                                            • Instruction ID: 74568669d8d31496b6fe357472049c3e753262586856251dfa5c6dcf00961449
                                            • Opcode Fuzzy Hash: fc7d02cb70f6f0975e4960768c5dc53da2790c0581ff97f33a84ddb437610cbc
                                            • Instruction Fuzzy Hash: D922CF70A0061ADFDF14CFA8E881AAEB7F1FF54304F144529E856A7295EB36E950CB70
                                            Function 00D291C0 Relevance: .5, Instructions: 475COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1670591504.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                            • Associated: 00000000.00000002.1670566303.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DBC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670670449.0000000000DEC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670683312.0000000000DF4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 89d9cea16bcec3507916c9935dd3e1cd54ceefc191b5de98f86c48dca8f6ff39
                                            • Instruction ID: 788671a6a734c1b6d654e85d801ac983b8243b0fcf605e6c0f7470d1121e7875
                                            • Opcode Fuzzy Hash: 89d9cea16bcec3507916c9935dd3e1cd54ceefc191b5de98f86c48dca8f6ff39
                                            • Instruction Fuzzy Hash: B902A3B0E00219EBDB04DF54D881AAEB7B1FF54304F558169E856DB391EB31EA20CBB5
                                            Function 00D59EEE Relevance: .3, Instructions: 294COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1670591504.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                            • Associated: 00000000.00000002.1670566303.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DBC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670670449.0000000000DEC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670683312.0000000000DF4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 33671ffc9e02638255a27cf3944b4da50a5aebbc461e36929f933de63dc5d5e5
                                            • Instruction ID: 741ce8f4b29937ab46c376f8c51bd516dc543463e038d2ffd5fb6c5606d1a1f3
                                            • Opcode Fuzzy Hash: 33671ffc9e02638255a27cf3944b4da50a5aebbc461e36929f933de63dc5d5e5
                                            • Instruction Fuzzy Hash: B4B11620D2AF924DD72396398831336B75CAFBB6D5F51D71BFC16B4E22EB2285834140
                                            Function 00D41C77 Relevance: .3, Instructions: 254COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1670591504.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                            • Associated: 00000000.00000002.1670566303.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DBC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670670449.0000000000DEC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670683312.0000000000DF4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 93657a121f16255c59120ad0d08fdbba6372c273009ad596b4ecdf6e8f3c6909
                                            • Instruction ID: fbddb2d28b1ab2bf2090cbf87e4506473118e3bb7984683789261301c4998d6e
                                            • Opcode Fuzzy Hash: 93657a121f16255c59120ad0d08fdbba6372c273009ad596b4ecdf6e8f3c6909
                                            • Instruction Fuzzy Hash: AB91587A6080E34BDB29463A857407DFFE15A523A171E079DE4F2CA1C5FE24D998D630
                                            Function 00D41F32 Relevance: .2, Instructions: 244COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1670591504.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                            • Associated: 00000000.00000002.1670566303.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DBC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670670449.0000000000DEC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670683312.0000000000DF4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 05e0b846b00456d0f1e87463b9d189974beed2fe63262d4392584e128a114ea2
                                            • Instruction ID: a73b42b1e337b7f77be60047db16813ffffd45f2c811ae932347cb275e7a9468
                                            • Opcode Fuzzy Hash: 05e0b846b00456d0f1e87463b9d189974beed2fe63262d4392584e128a114ea2
                                            • Instruction Fuzzy Hash: CA9164776091E34BDB294239857403EFFE15A923A135E079DE4F2CB1C5EE24C998E630
                                            Function 00D419B0 Relevance: .2, Instructions: 240COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1670591504.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                            • Associated: 00000000.00000002.1670566303.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DBC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670670449.0000000000DEC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670683312.0000000000DF4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 40101273f58913c3cb3bc7eb54df01d47b4121c3e67d19f11ec2cb23d33ea445
                                            • Instruction ID: c8cead34077e76c9870044fb412bf8f4d51037162d5c02ddbbeba3ce81856086
                                            • Opcode Fuzzy Hash: 40101273f58913c3cb3bc7eb54df01d47b4121c3e67d19f11ec2cb23d33ea445
                                            • Instruction Fuzzy Hash: FF91337A2090E34BDB6D467A857503EFFE19A923A131E079DD4F2CA1C1FE24C599DA30
                                            Function 00D47A4A Relevance: .2, Instructions: 237COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1670591504.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                            • Associated: 00000000.00000002.1670566303.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DBC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670670449.0000000000DEC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670683312.0000000000DF4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: a70dd82c81a390e13b4ecf97db13c71e0eef24d7838e244697e23e01a02ef649
                                            • Instruction ID: d2a53b691172b14f816638ba0c6ebf912b406fd5ab6c1735e9bb9da47ac579f7
                                            • Opcode Fuzzy Hash: a70dd82c81a390e13b4ecf97db13c71e0eef24d7838e244697e23e01a02ef649
                                            • Instruction Fuzzy Hash: 70617871A0874997EE349A288D96BBF2398DF41740F1C091EE987DB281DB11DE42C776
                                            Function 00D47CA7 Relevance: .2, Instructions: 237COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1670591504.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                            • Associated: 00000000.00000002.1670566303.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DBC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670670449.0000000000DEC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670683312.0000000000DF4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 8ed83c179c4a5fc65f47a03f1726970243f0f560080b78eae89023519f735517
                                            • Instruction ID: b4705a0f680079f70477af130c4d6a1cc909fad069647dc53af6b957a5a3e805
                                            • Opcode Fuzzy Hash: 8ed83c179c4a5fc65f47a03f1726970243f0f560080b78eae89023519f735517
                                            • Instruction Fuzzy Hash: 05617B31E2874AE7DE385A284955BBF2384EF42744F1C0A69F983DB281D712DD429275
                                            Function 00D41706 Relevance: .2, Instructions: 232COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1670591504.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                            • Associated: 00000000.00000002.1670566303.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DBC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670670449.0000000000DEC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670683312.0000000000DF4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 70da388f96bbbf26b230a155b4728740b34f0d100ea60ab2bbadb9d7d0befbf0
                                            • Instruction ID: 756a01f66d0467f92f35e5511aaeadd68b76081cdda332ca520bbdb0d0abadb3
                                            • Opcode Fuzzy Hash: 70da388f96bbbf26b230a155b4728740b34f0d100ea60ab2bbadb9d7d0befbf0
                                            • Instruction Fuzzy Hash: 0781753A6090E34BDB6D467A857443EFFE15A923A131E079DD4F2CB1C1EE24C598EA30
                                            Function 00D92046 Relevance: .1, Instructions: 72COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1670591504.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                            • Associated: 00000000.00000002.1670566303.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DBC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670670449.0000000000DEC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670683312.0000000000DF4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 0bfd3b49cbf4515a6806252d0053277cad93d894b66335bd7426ac253dfc5e3b
                                            • Instruction ID: 880ed2870634f9dd4cbdc0b9a3040af102e19a4c7fab2c0818f876cacfe394ba
                                            • Opcode Fuzzy Hash: 0bfd3b49cbf4515a6806252d0053277cad93d894b66335bd7426ac253dfc5e3b
                                            • Instruction Fuzzy Hash: 4D21BB326206158BDB28CF79C81367E73E5AB54310F19862EE4A7C37D1DE35A904C7A0
                                            Function 00DA2ADE Relevance: 77.5, APIs: 40, Strings: 4, Instructions: 486filecommemoryCOMMON
                                            Download Yara Rule
                                            APIs
                                            • DeleteObject.GDI32(00000000), ref: 00DA2B30
                                            • DeleteObject.GDI32(00000000), ref: 00DA2B43
                                            • DestroyWindow.USER32 ref: 00DA2B52
                                            • GetDesktopWindow.USER32 ref: 00DA2B6D
                                            • GetWindowRect.USER32(00000000), ref: 00DA2B74
                                            • SetRect.USER32(?,00000000,00000000,00000007,00000002), ref: 00DA2CA3
                                            • AdjustWindowRectEx.USER32(?,88C00000,00000000,?), ref: 00DA2CB1
                                            • CreateWindowExW.USER32(?,AutoIt v3,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00DA2CF8
                                            • GetClientRect.USER32(00000000,?), ref: 00DA2D04
                                            • CreateWindowExW.USER32(00000000,static,00000000,5000000E,00000000,00000000,?,?,00000000,00000000,00000000), ref: 00DA2D40
                                            • CreateFileW.KERNEL32(?,80000000,00000000,00000000,00000003,00000000,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00DA2D62
                                            • GetFileSize.KERNEL32(00000000,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00DA2D75
                                            • GlobalAlloc.KERNEL32(00000002,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00DA2D80
                                            • GlobalLock.KERNEL32(00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00DA2D89
                                            • ReadFile.KERNEL32(00000000,00000000,00000000,?,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00DA2D98
                                            • GlobalUnlock.KERNEL32(00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00DA2DA1
                                            • CloseHandle.KERNEL32(00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00DA2DA8
                                            • GlobalFree.KERNEL32(00000000), ref: 00DA2DB3
                                            • CreateStreamOnHGlobal.OLE32(00000000,00000001,?,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00DA2DC5
                                            • OleLoadPicture.OLEAUT32(?,00000000,00000000,00DBFC38,00000000), ref: 00DA2DDB
                                            • GlobalFree.KERNEL32(00000000), ref: 00DA2DEB
                                            • CopyImage.USER32(00000007,00000000,00000000,00000000,00002000), ref: 00DA2E11
                                            • SendMessageW.USER32(00000000,00000172,00000000,00000007), ref: 00DA2E30
                                            • SetWindowPos.USER32(00000000,00000000,00000000,00000000,?,?,00000020,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00DA2E52
                                            • ShowWindow.USER32(00000004,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00DA303F
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1670591504.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                            • Associated: 00000000.00000002.1670566303.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DBC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670670449.0000000000DEC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670683312.0000000000DF4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                            Similarity
                                            • API ID: Window$Global$CreateRect$File$DeleteFreeObject$AdjustAllocClientCloseCopyDesktopDestroyHandleImageLoadLockMessagePictureReadSendShowSizeStreamUnlock
                                            • String ID: $AutoIt v3$DISPLAY$static
                                            • API String ID: 2211948467-2373415609
                                            • Opcode ID: 15b157b4ae459b91ae6aaf0b9a6b53ff6b89057e7b9514a2feca8be89908dec0
                                            • Instruction ID: b0225c22977f06bbb943485551fe67ee9d47d6e1a728ab0baeb7b82d1872d485
                                            • Opcode Fuzzy Hash: 15b157b4ae459b91ae6aaf0b9a6b53ff6b89057e7b9514a2feca8be89908dec0
                                            • Instruction Fuzzy Hash: C3025A75910215EFDB14DF69CC89EAE7BB9FB49724F048218F915EB2A1CB70A901CB70
                                            Function 00DB70D5 Relevance: 49.8, APIs: 33, Instructions: 273COMMON
                                            Download Yara Rule
                                            APIs
                                            • SetTextColor.GDI32(?,00000000), ref: 00DB712F
                                            • GetSysColorBrush.USER32(0000000F), ref: 00DB7160
                                            • GetSysColor.USER32(0000000F), ref: 00DB716C
                                            • SetBkColor.GDI32(?,000000FF), ref: 00DB7186
                                            • SelectObject.GDI32(?,?), ref: 00DB7195
                                            • InflateRect.USER32(?,000000FF,000000FF), ref: 00DB71C0
                                            • GetSysColor.USER32(00000010), ref: 00DB71C8
                                            • CreateSolidBrush.GDI32(00000000), ref: 00DB71CF
                                            • FrameRect.USER32(?,?,00000000), ref: 00DB71DE
                                            • DeleteObject.GDI32(00000000), ref: 00DB71E5
                                            • InflateRect.USER32(?,000000FE,000000FE), ref: 00DB7230
                                            • FillRect.USER32(?,?,?), ref: 00DB7262
                                            • GetWindowLongW.USER32(?,000000F0), ref: 00DB7284
                                              • Part of subcall function 00DB73E8: GetSysColor.USER32(00000012), ref: 00DB7421
                                              • Part of subcall function 00DB73E8: SetTextColor.GDI32(?,?), ref: 00DB7425
                                              • Part of subcall function 00DB73E8: GetSysColorBrush.USER32(0000000F), ref: 00DB743B
                                              • Part of subcall function 00DB73E8: GetSysColor.USER32(0000000F), ref: 00DB7446
                                              • Part of subcall function 00DB73E8: GetSysColor.USER32(00000011), ref: 00DB7463
                                              • Part of subcall function 00DB73E8: CreatePen.GDI32(00000000,00000001,00743C00), ref: 00DB7471
                                              • Part of subcall function 00DB73E8: SelectObject.GDI32(?,00000000), ref: 00DB7482
                                              • Part of subcall function 00DB73E8: SetBkColor.GDI32(?,00000000), ref: 00DB748B
                                              • Part of subcall function 00DB73E8: SelectObject.GDI32(?,?), ref: 00DB7498
                                              • Part of subcall function 00DB73E8: InflateRect.USER32(?,000000FF,000000FF), ref: 00DB74B7
                                              • Part of subcall function 00DB73E8: RoundRect.GDI32(?,?,?,?,?,00000005,00000005), ref: 00DB74CE
                                              • Part of subcall function 00DB73E8: GetWindowLongW.USER32(00000000,000000F0), ref: 00DB74DB
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1670591504.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                            • Associated: 00000000.00000002.1670566303.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DBC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670670449.0000000000DEC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670683312.0000000000DF4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                            Similarity
                                            • API ID: Color$Rect$Object$BrushInflateSelect$CreateLongTextWindow$DeleteFillFrameRoundSolid
                                            • String ID:
                                            • API String ID: 4124339563-0
                                            • Opcode ID: a9a00e729e8a0ddfa0ea9680339e77e9280dd9fee1db6e3bb9adae08bbfbc304
                                            • Instruction ID: 886ca96c048148c4fa3d35988139aa0dd1c623e4887bb3dc8914ee8a1949158f
                                            • Opcode Fuzzy Hash: a9a00e729e8a0ddfa0ea9680339e77e9280dd9fee1db6e3bb9adae08bbfbc304
                                            • Instruction Fuzzy Hash: 92A17D72018301EFDB109F64DC48E9A7BE9FB89360F141B19F9A2E62A1D771E9448B71
                                            Function 00D38D85 Relevance: 47.7, APIs: 26, Strings: 1, Instructions: 480windowCOMMON
                                            Download Yara Rule
                                            APIs
                                            • DestroyWindow.USER32(?,?), ref: 00D38E14
                                            • SendMessageW.USER32(?,00001308,?,00000000), ref: 00D76AC5
                                            • ImageList_Remove.COMCTL32(?,000000FF,?), ref: 00D76AFE
                                            • MoveWindow.USER32(?,?,?,?,?,00000000), ref: 00D76F43
                                              • Part of subcall function 00D38F62: InvalidateRect.USER32(?,00000000,00000001,?,?,?,00D38BE8,?,00000000,?,?,?,?,00D38BBA,00000000,?), ref: 00D38FC5
                                            • SendMessageW.USER32(?,00001053), ref: 00D76F7F
                                            • SendMessageW.USER32(?,00001008,000000FF,00000000), ref: 00D76F96
                                            • ImageList_Destroy.COMCTL32(00000000,?), ref: 00D76FAC
                                            • ImageList_Destroy.COMCTL32(00000000,?), ref: 00D76FB7
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1670591504.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                            • Associated: 00000000.00000002.1670566303.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DBC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670670449.0000000000DEC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670683312.0000000000DF4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                            Similarity
                                            • API ID: DestroyImageList_MessageSend$Window$InvalidateMoveRectRemove
                                            • String ID: 0
                                            • API String ID: 2760611726-4108050209
                                            • Opcode ID: fe43c505f2df429dff8f7508862436f3a1f13ca2dc68483497573bcc9af80330
                                            • Instruction ID: 43388a1fcbaca8800ace388ff1035b5fff4fbe17b542cd415013984643457063
                                            • Opcode Fuzzy Hash: fe43c505f2df429dff8f7508862436f3a1f13ca2dc68483497573bcc9af80330
                                            • Instruction Fuzzy Hash: F5127934200701EFDB25CF24C844BAABBA5FB45301F188569F499DB261EB72E891DFB1
                                            Function 00DA2711 Relevance: 45.8, APIs: 22, Strings: 4, Instructions: 330windowCOMMON
                                            Download Yara Rule
                                            APIs
                                            • DestroyWindow.USER32(00000000), ref: 00DA273E
                                            • SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 00DA286A
                                            • SetRect.USER32(?,00000000,00000000,0000012C,?), ref: 00DA28A9
                                            • AdjustWindowRectEx.USER32(?,88C00000,00000000,00000008), ref: 00DA28B9
                                            • CreateWindowExW.USER32(00000008,AutoIt v3,?,88C00000,000000FF,?,?,?,00000000,00000000,00000000), ref: 00DA2900
                                            • GetClientRect.USER32(00000000,?), ref: 00DA290C
                                            • CreateWindowExW.USER32(00000000,static,?,50000000,?,00000004,00000500,-00000017,00000000,00000000,00000000), ref: 00DA2955
                                            • CreateDCW.GDI32(DISPLAY,00000000,00000000,00000000), ref: 00DA2964
                                            • GetStockObject.GDI32(00000011), ref: 00DA2974
                                            • SelectObject.GDI32(00000000,00000000), ref: 00DA2978
                                            • GetTextFaceW.GDI32(00000000,00000040,?,?,50000000,?,00000004,00000500,-00000017,00000000,00000000,00000000,?,88C00000,000000FF,?), ref: 00DA2988
                                            • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00DA2991
                                            • DeleteDC.GDI32(00000000), ref: 00DA299A
                                            • CreateFontW.GDI32(00000000,00000000,00000000,00000000,00000258,00000000,00000000,00000000,00000001,00000004,00000000,00000002,00000000,?), ref: 00DA29C6
                                            • SendMessageW.USER32(00000030,00000000,00000001), ref: 00DA29DD
                                            • CreateWindowExW.USER32(00000200,msctls_progress32,00000000,50000001,?,-0000001D,00000104,00000014,00000000,00000000,00000000), ref: 00DA2A1D
                                            • SendMessageW.USER32(00000000,00000401,00000000,00640000), ref: 00DA2A31
                                            • SendMessageW.USER32(00000404,00000001,00000000), ref: 00DA2A42
                                            • CreateWindowExW.USER32(00000000,static,?,50000000,?,00000041,00000500,-00000027,00000000,00000000,00000000), ref: 00DA2A77
                                            • GetStockObject.GDI32(00000011), ref: 00DA2A82
                                            • SendMessageW.USER32(00000030,00000000,?,50000000), ref: 00DA2A8D
                                            • ShowWindow.USER32(00000004,?,50000000,?,00000004,00000500,-00000017,00000000,00000000,00000000,?,88C00000,000000FF,?,?,?), ref: 00DA2A97
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1670591504.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                            • Associated: 00000000.00000002.1670566303.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DBC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670670449.0000000000DEC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670683312.0000000000DF4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                            Similarity
                                            • API ID: Window$Create$MessageSend$ObjectRect$Stock$AdjustCapsClientDeleteDestroyDeviceFaceFontInfoParametersSelectShowSystemText
                                            • String ID: AutoIt v3$DISPLAY$msctls_progress32$static
                                            • API String ID: 2910397461-517079104
                                            • Opcode ID: e51e941e1a32b84529020bf58cb175f55dfb1598cadab336007df9e19e85cb37
                                            • Instruction ID: 1ecf96d9f9450bc224a9e99fee9fd5e3005c983ec2cf4a30471a9cfd5a07dbe9
                                            • Opcode Fuzzy Hash: e51e941e1a32b84529020bf58cb175f55dfb1598cadab336007df9e19e85cb37
                                            • Instruction Fuzzy Hash: 0DB15975A10215EFEB14DF69DC49FAABBA9FB49710F008214F915EB2A0D774E900CBB0
                                            Function 00D94ADF Relevance: 45.7, APIs: 3, Strings: 23, Instructions: 191COMMON
                                            Download Yara Rule
                                            APIs
                                            • SetErrorMode.KERNEL32(00000001), ref: 00D94AED
                                            • GetDriveTypeW.KERNEL32(?,00DBCB68,?,\\.\,00DBCC08), ref: 00D94BCA
                                            • SetErrorMode.KERNEL32(00000000,00DBCB68,?,\\.\,00DBCC08), ref: 00D94D36
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1670591504.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                            • Associated: 00000000.00000002.1670566303.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DBC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670670449.0000000000DEC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670683312.0000000000DF4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                            Similarity
                                            • API ID: ErrorMode$DriveType
                                            • String ID: 1394$ATA$ATAPI$CDROM$Fibre$FileBackedVirtual$Fixed$MMC$Network$PhysicalDrive$RAID$RAMDisk$Removable$SAS$SATA$SCSI$SSA$SSD$USB$Unknown$Virtual$\\.\$iSCSI
                                            • API String ID: 2907320926-4222207086
                                            • Opcode ID: 0b3c9967551e87e87572c9ef75d0c398a3c536f6bc758faee8e9620620ac9e95
                                            • Instruction ID: 49be9fcc6723719d69c8cfc3de73c4bc586c2384634ae590bdda36a1a940b80a
                                            • Opcode Fuzzy Hash: 0b3c9967551e87e87572c9ef75d0c398a3c536f6bc758faee8e9620620ac9e95
                                            • Instruction Fuzzy Hash: 8E61BD30705249DFCF04EF25CA82D6DB7A1EF58388B288055F846AB293DA31ED46DB71
                                            Function 00DB73E8 Relevance: 39.2, APIs: 26, Instructions: 201windowCOMMON
                                            Download Yara Rule
                                            APIs
                                            • GetSysColor.USER32(00000012), ref: 00DB7421
                                            • SetTextColor.GDI32(?,?), ref: 00DB7425
                                            • GetSysColorBrush.USER32(0000000F), ref: 00DB743B
                                            • GetSysColor.USER32(0000000F), ref: 00DB7446
                                            • CreateSolidBrush.GDI32(?), ref: 00DB744B
                                            • GetSysColor.USER32(00000011), ref: 00DB7463
                                            • CreatePen.GDI32(00000000,00000001,00743C00), ref: 00DB7471
                                            • SelectObject.GDI32(?,00000000), ref: 00DB7482
                                            • SetBkColor.GDI32(?,00000000), ref: 00DB748B
                                            • SelectObject.GDI32(?,?), ref: 00DB7498
                                            • InflateRect.USER32(?,000000FF,000000FF), ref: 00DB74B7
                                            • RoundRect.GDI32(?,?,?,?,?,00000005,00000005), ref: 00DB74CE
                                            • GetWindowLongW.USER32(00000000,000000F0), ref: 00DB74DB
                                            • SendMessageW.USER32(00000000,0000000E,00000000,00000000), ref: 00DB752A
                                            • GetWindowTextW.USER32(00000000,00000000,00000001), ref: 00DB7554
                                            • InflateRect.USER32(?,000000FD,000000FD), ref: 00DB7572
                                            • DrawFocusRect.USER32(?,?), ref: 00DB757D
                                            • GetSysColor.USER32(00000011), ref: 00DB758E
                                            • SetTextColor.GDI32(?,00000000), ref: 00DB7596
                                            • DrawTextW.USER32(?,00DB70F5,000000FF,?,00000000), ref: 00DB75A8
                                            • SelectObject.GDI32(?,?), ref: 00DB75BF
                                            • DeleteObject.GDI32(?), ref: 00DB75CA
                                            • SelectObject.GDI32(?,?), ref: 00DB75D0
                                            • DeleteObject.GDI32(?), ref: 00DB75D5
                                            • SetTextColor.GDI32(?,?), ref: 00DB75DB
                                            • SetBkColor.GDI32(?,?), ref: 00DB75E5
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1670591504.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                            • Associated: 00000000.00000002.1670566303.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DBC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670670449.0000000000DEC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670683312.0000000000DF4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                            Similarity
                                            • API ID: Color$Object$Text$RectSelect$BrushCreateDeleteDrawInflateWindow$FocusLongMessageRoundSendSolid
                                            • String ID:
                                            • API String ID: 1996641542-0
                                            • Opcode ID: 6ad257989cb3797cddddbb9efba8115dee6520cd2631c013de1091eef3d2408e
                                            • Instruction ID: 4f2ddacb04b8eaf46713c8062413b40453e279c87d2f7410c54d5382ea588621
                                            • Opcode Fuzzy Hash: 6ad257989cb3797cddddbb9efba8115dee6520cd2631c013de1091eef3d2408e
                                            • Instruction Fuzzy Hash: 92616C72904218EFDB119FA8DC49EEE7FB9FB48320F145215F911BB2A1D7709940CBA0
                                            Function 00DB0FF3 Relevance: 37.0, APIs: 18, Strings: 3, Instructions: 284windowCOMMON
                                            Download Yara Rule
                                            APIs
                                            • GetCursorPos.USER32(?), ref: 00DB1128
                                            • GetDesktopWindow.USER32 ref: 00DB113D
                                            • GetWindowRect.USER32(00000000), ref: 00DB1144
                                            • GetWindowLongW.USER32(?,000000F0), ref: 00DB1199
                                            • DestroyWindow.USER32(?), ref: 00DB11B9
                                            • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,7FFFFFFD,80000000,80000000,80000000,80000000,00000000,00000000,00000000,00000000), ref: 00DB11ED
                                            • SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 00DB120B
                                            • SendMessageW.USER32(00000000,00000418,00000000,?), ref: 00DB121D
                                            • SendMessageW.USER32(00000000,00000421,?,?), ref: 00DB1232
                                            • SendMessageW.USER32(00000000,0000041D,00000000,00000000), ref: 00DB1245
                                            • IsWindowVisible.USER32(00000000), ref: 00DB12A1
                                            • SendMessageW.USER32(00000000,00000412,00000000,D8F0D8F0), ref: 00DB12BC
                                            • SendMessageW.USER32(00000000,00000411,00000001,00000030), ref: 00DB12D0
                                            • GetWindowRect.USER32(00000000,?), ref: 00DB12E8
                                            • MonitorFromPoint.USER32(?,?,00000002), ref: 00DB130E
                                            • GetMonitorInfoW.USER32(00000000,?), ref: 00DB1328
                                            • CopyRect.USER32(?,?), ref: 00DB133F
                                            • SendMessageW.USER32(00000000,00000412,00000000), ref: 00DB13AA
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1670591504.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                            • Associated: 00000000.00000002.1670566303.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DBC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670670449.0000000000DEC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670683312.0000000000DF4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                            Similarity
                                            • API ID: MessageSendWindow$Rect$Monitor$CopyCreateCursorDesktopDestroyFromInfoLongPointVisible
                                            • String ID: ($0$tooltips_class32
                                            • API String ID: 698492251-4156429822
                                            • Opcode ID: 7e10b764fc92527a695d51cab9ce1f89eddee0b15b894027f036b4e028b1286f
                                            • Instruction ID: 725d9aa48d7f067adab0e5b62db9743ee5cf8fc2b5915c292326a40408416301
                                            • Opcode Fuzzy Hash: 7e10b764fc92527a695d51cab9ce1f89eddee0b15b894027f036b4e028b1286f
                                            • Instruction Fuzzy Hash: F1B1AC71604350EFD700DF24C895BAABBE4FF84354F408918F99A9B2A1D770E844CBB1
                                            Function 00D38891 Relevance: 33.5, APIs: 18, Strings: 1, Instructions: 282windowtimeCOMMON
                                            Download Yara Rule
                                            APIs
                                            • SystemParametersInfoW.USER32(00000030,00000000,000000FF,00000000), ref: 00D38968
                                            • GetSystemMetrics.USER32(00000007), ref: 00D38970
                                            • SystemParametersInfoW.USER32(00000030,00000000,000000FF,00000000), ref: 00D3899B
                                            • GetSystemMetrics.USER32(00000008), ref: 00D389A3
                                            • GetSystemMetrics.USER32(00000004), ref: 00D389C8
                                            • SetRect.USER32(000000FF,00000000,00000000,000000FF,000000FF), ref: 00D389E5
                                            • AdjustWindowRectEx.USER32(000000FF,?,00000000,?), ref: 00D389F5
                                            • CreateWindowExW.USER32(?,AutoIt v3 GUI,?,?,?,000000FF,000000FF,000000FF,?,00000000,00000000), ref: 00D38A28
                                            • SetWindowLongW.USER32(00000000,000000EB,00000000), ref: 00D38A3C
                                            • GetClientRect.USER32(00000000,000000FF), ref: 00D38A5A
                                            • GetStockObject.GDI32(00000011), ref: 00D38A76
                                            • SendMessageW.USER32(00000000,00000030,00000000), ref: 00D38A81
                                              • Part of subcall function 00D3912D: GetCursorPos.USER32(?), ref: 00D39141
                                              • Part of subcall function 00D3912D: ScreenToClient.USER32(00000000,?), ref: 00D3915E
                                              • Part of subcall function 00D3912D: GetAsyncKeyState.USER32(00000001), ref: 00D39183
                                              • Part of subcall function 00D3912D: GetAsyncKeyState.USER32(00000002), ref: 00D3919D
                                            • SetTimer.USER32(00000000,00000000,00000028,00D390FC), ref: 00D38AA8
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1670591504.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                            • Associated: 00000000.00000002.1670566303.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DBC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670670449.0000000000DEC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670683312.0000000000DF4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                            Similarity
                                            • API ID: System$MetricsRectWindow$AsyncClientInfoParametersState$AdjustCreateCursorLongMessageObjectScreenSendStockTimer
                                            • String ID: AutoIt v3 GUI
                                            • API String ID: 1458621304-248962490
                                            • Opcode ID: e40082afadc320acf83ed1c70b7fd4e9a172686a9a635698f968c15057e76192
                                            • Instruction ID: 22d1122ff91b3b8e835d15746b5c458c910c21baf6922b1d3cab9c6e3911c8a3
                                            • Opcode Fuzzy Hash: e40082afadc320acf83ed1c70b7fd4e9a172686a9a635698f968c15057e76192
                                            • Instruction Fuzzy Hash: DFB15875A00309EFDB14DFA8D845BAA7BA5FB48754F148229FA15E7290EB70E840CF71
                                            Function 00D80D8B Relevance: 31.7, APIs: 21, Instructions: 202memoryCOMMON
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 00D810F9: GetUserObjectSecurity.USER32(?,00000004,?,00000000,?), ref: 00D81114
                                              • Part of subcall function 00D810F9: GetLastError.KERNEL32(?,00000000,00000000,?,?,00D80B9B,?,?,?), ref: 00D81120
                                              • Part of subcall function 00D810F9: GetProcessHeap.KERNEL32(00000008,?,?,00000000,00000000,?,?,00D80B9B,?,?,?), ref: 00D8112F
                                              • Part of subcall function 00D810F9: HeapAlloc.KERNEL32(00000000,?,00000000,00000000,?,?,00D80B9B,?,?,?), ref: 00D81136
                                              • Part of subcall function 00D810F9: GetUserObjectSecurity.USER32(?,00000004,00000000,?,?), ref: 00D8114D
                                            • GetSecurityDescriptorDacl.ADVAPI32(?,?,?,?), ref: 00D80DF5
                                            • GetAclInformation.ADVAPI32(?,?,0000000C,00000002), ref: 00D80E29
                                            • GetLengthSid.ADVAPI32(?), ref: 00D80E40
                                            • GetAce.ADVAPI32(?,00000000,?), ref: 00D80E7A
                                            • AddAce.ADVAPI32(?,00000002,000000FF,?,?), ref: 00D80E96
                                            • GetLengthSid.ADVAPI32(?), ref: 00D80EAD
                                            • GetProcessHeap.KERNEL32(00000008,00000008), ref: 00D80EB5
                                            • HeapAlloc.KERNEL32(00000000), ref: 00D80EBC
                                            • GetLengthSid.ADVAPI32(?,00000008,?), ref: 00D80EDD
                                            • CopySid.ADVAPI32(00000000), ref: 00D80EE4
                                            • AddAce.ADVAPI32(?,00000002,000000FF,00000000,?), ref: 00D80F13
                                            • SetSecurityDescriptorDacl.ADVAPI32(?,00000001,?,00000000), ref: 00D80F35
                                            • SetUserObjectSecurity.USER32(?,00000004,?), ref: 00D80F47
                                            • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00D80F6E
                                            • HeapFree.KERNEL32(00000000), ref: 00D80F75
                                            • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00D80F7E
                                            • HeapFree.KERNEL32(00000000), ref: 00D80F85
                                            • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00D80F8E
                                            • HeapFree.KERNEL32(00000000), ref: 00D80F95
                                            • GetProcessHeap.KERNEL32(00000000,?), ref: 00D80FA1
                                            • HeapFree.KERNEL32(00000000), ref: 00D80FA8
                                              • Part of subcall function 00D81193: GetProcessHeap.KERNEL32(00000008,00D80BB1,?,00000000,?,00D80BB1,?), ref: 00D811A1
                                              • Part of subcall function 00D81193: HeapAlloc.KERNEL32(00000000,?,00000000,?,00D80BB1,?), ref: 00D811A8
                                              • Part of subcall function 00D81193: InitializeSecurityDescriptor.ADVAPI32(00000000,00000001,?,00000000,?,00D80BB1,?), ref: 00D811B7
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1670591504.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                            • Associated: 00000000.00000002.1670566303.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DBC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670670449.0000000000DEC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670683312.0000000000DF4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                            Similarity
                                            • API ID: Heap$Process$Security$Free$AllocDescriptorLengthObjectUser$Dacl$CopyErrorInformationInitializeLast
                                            • String ID:
                                            • API String ID: 4175595110-0
                                            • Opcode ID: c4e96656771e2d89766bfa0bae61b653068d859229d7a28a0b659c5e449c0d43
                                            • Instruction ID: 0818745ad303419ff461ac6879f5d69c08cebabd9d1adb3cd6727a626be7df71
                                            • Opcode Fuzzy Hash: c4e96656771e2d89766bfa0bae61b653068d859229d7a28a0b659c5e449c0d43
                                            • Instruction Fuzzy Hash: 50715F7190430AEBDB60AFA4DC44FAEBBB8FF04740F088215FA59E6251D7319909CB70
                                            Function 00DAC3B7 Relevance: 30.2, APIs: 11, Strings: 6, Instructions: 495registryCOMMON
                                            Download Yara Rule
                                            APIs
                                            • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 00DAC4BD
                                            • RegCreateKeyExW.ADVAPI32(?,?,00000000,00DBCC08,00000000,?,00000000,?,?), ref: 00DAC544
                                            • RegCloseKey.ADVAPI32(00000000,00000000,00000000), ref: 00DAC5A4
                                            • _wcslen.LIBCMT ref: 00DAC5F4
                                            • _wcslen.LIBCMT ref: 00DAC66F
                                            • RegSetValueExW.ADVAPI32(00000001,?,00000000,00000001,?,?), ref: 00DAC6B2
                                            • RegSetValueExW.ADVAPI32(00000001,?,00000000,00000007,?,?), ref: 00DAC7C1
                                            • RegSetValueExW.ADVAPI32(00000001,?,00000000,0000000B,?,00000008), ref: 00DAC84D
                                            • RegCloseKey.ADVAPI32(?), ref: 00DAC881
                                            • RegCloseKey.ADVAPI32(00000000), ref: 00DAC88E
                                            • RegSetValueExW.ADVAPI32(00000001,?,00000000,00000003,00000000,00000000), ref: 00DAC960
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1670591504.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                            • Associated: 00000000.00000002.1670566303.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DBC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670670449.0000000000DEC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670683312.0000000000DF4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                            Similarity
                                            • API ID: Value$Close$_wcslen$ConnectCreateRegistry
                                            • String ID: REG_BINARY$REG_DWORD$REG_EXPAND_SZ$REG_MULTI_SZ$REG_QWORD$REG_SZ
                                            • API String ID: 9721498-966354055
                                            • Opcode ID: c9117132bb907578801a5e78cdc38f76143b3ad9d041ec0028f72496d5e20e5d
                                            • Instruction ID: d25e1f168ba43d756eb94f0a06a5361c91cff772d397f61f71545da1a773c0a3
                                            • Opcode Fuzzy Hash: c9117132bb907578801a5e78cdc38f76143b3ad9d041ec0028f72496d5e20e5d
                                            • Instruction Fuzzy Hash: D3125B35614211DFD714DF24D881A2AB7E5FF89724F08885CF88A9B3A2DB31ED45CBA1
                                            Function 00DB091E Relevance: 30.1, APIs: 6, Strings: 11, Instructions: 372windowCOMMON
                                            Download Yara Rule
                                            APIs
                                            • CharUpperBuffW.USER32(?,?), ref: 00DB09C6
                                            • _wcslen.LIBCMT ref: 00DB0A01
                                            • SendMessageW.USER32(?,00001105,00000000,00000000), ref: 00DB0A54
                                            • _wcslen.LIBCMT ref: 00DB0A8A
                                            • _wcslen.LIBCMT ref: 00DB0B06
                                            • _wcslen.LIBCMT ref: 00DB0B81
                                              • Part of subcall function 00D3F9F2: _wcslen.LIBCMT ref: 00D3F9FD
                                              • Part of subcall function 00D82BE8: SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 00D82BFA
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1670591504.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                            • Associated: 00000000.00000002.1670566303.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DBC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670670449.0000000000DEC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670683312.0000000000DF4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                            Similarity
                                            • API ID: _wcslen$MessageSend$BuffCharUpper
                                            • String ID: CHECK$COLLAPSE$EXISTS$EXPAND$GETITEMCOUNT$GETSELECTED$GETTEXT$GETTOTALCOUNT$ISCHECKED$SELECT$UNCHECK
                                            • API String ID: 1103490817-4258414348
                                            • Opcode ID: dda982baa0b7dade2aecef146226550ebee8be7737aefa5d373c381ebcc7b935
                                            • Instruction ID: 31cd14c0af09c23a80a7a3a2e27ec5402dd351c4e0045f23a1e86441a79f4f94
                                            • Opcode Fuzzy Hash: dda982baa0b7dade2aecef146226550ebee8be7737aefa5d373c381ebcc7b935
                                            • Instruction Fuzzy Hash: B6E15831208351CFC714EF25C45096ABBE1FF98318B18895DE896AB7A2DB31ED45CBB1
                                            Function 00DAC998 Relevance: 30.0, APIs: 7, Strings: 10, Instructions: 242COMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1670591504.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                            • Associated: 00000000.00000002.1670566303.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DBC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670670449.0000000000DEC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670683312.0000000000DF4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                            Similarity
                                            • API ID: _wcslen$BuffCharUpper
                                            • String ID: HKCC$HKCR$HKCU$HKEY_CLASSES_ROOT$HKEY_CURRENT_CONFIG$HKEY_CURRENT_USER$HKEY_LOCAL_MACHINE$HKEY_USERS$HKLM$HKU
                                            • API String ID: 1256254125-909552448
                                            • Opcode ID: c54f14e02c54d7a4daebe421fba9ec0cd398cae5aee9053ef1cf7191da214613
                                            • Instruction ID: 56abb8e436d424ebf7523ccba9fc1b199432a8a482e787906e32f6c18a219ec7
                                            • Opcode Fuzzy Hash: c54f14e02c54d7a4daebe421fba9ec0cd398cae5aee9053ef1cf7191da214613
                                            • Instruction Fuzzy Hash: 0671E73362416A8BCB20EF7DC9516BF3391AB62774F191528F8569B284EA31CD85C7B0
                                            Function 00DB833C Relevance: 29.9, APIs: 14, Strings: 3, Instructions: 196windowlibraryCOMMON
                                            Download Yara Rule
                                            APIs
                                            • _wcslen.LIBCMT ref: 00DB835A
                                            • _wcslen.LIBCMT ref: 00DB836E
                                            • _wcslen.LIBCMT ref: 00DB8391
                                            • _wcslen.LIBCMT ref: 00DB83B4
                                            • LoadImageW.USER32(00000000,?,00000001,?,?,00002010), ref: 00DB83F2
                                            • LoadLibraryExW.KERNEL32(?,00000000,00000032,?,?,00000001,?,?,?,00DB361A,?), ref: 00DB844E
                                            • LoadImageW.USER32(?,?,00000001,?,?,00000000), ref: 00DB8487
                                            • LoadImageW.USER32(00000000,?,00000001,?,?,00000000), ref: 00DB84CA
                                            • LoadImageW.USER32(?,?,00000001,?,?,00000000), ref: 00DB8501
                                            • FreeLibrary.KERNEL32(?), ref: 00DB850D
                                            • ExtractIconExW.SHELL32(?,00000000,00000000,00000000,00000001), ref: 00DB851D
                                            • DestroyIcon.USER32(?), ref: 00DB852C
                                            • SendMessageW.USER32(?,00000170,00000000,00000000), ref: 00DB8549
                                            • SendMessageW.USER32(?,00000064,00000172,00000001), ref: 00DB8555
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1670591504.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                            • Associated: 00000000.00000002.1670566303.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DBC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670670449.0000000000DEC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670683312.0000000000DF4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                            Similarity
                                            • API ID: Load$Image_wcslen$IconLibraryMessageSend$DestroyExtractFree
                                            • String ID: .dll$.exe$.icl
                                            • API String ID: 799131459-1154884017
                                            • Opcode ID: de02f0e150295a806a136ab0199b864e69d18cff5a9640847626c29170464d53
                                            • Instruction ID: 158dc579ba92c0262bdf25699dc5da281ca4c7b414e4d88ed799fe95779d7d33
                                            • Opcode Fuzzy Hash: de02f0e150295a806a136ab0199b864e69d18cff5a9640847626c29170464d53
                                            • Instruction Fuzzy Hash: 28619D71950215FAEB249F64DC81BFE77ACFB08B21F144609F816D61D1DB74A980EBB0
                                            Function 00D27778 Relevance: 28.3, APIs: 1, Strings: 15, Instructions: 273COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1670591504.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                            • Associated: 00000000.00000002.1670566303.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DBC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670670449.0000000000DEC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670683312.0000000000DF4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: "$#OnAutoItStartRegister$#ce$#comments-end$#comments-start$#cs$#include$#include-once$#notrayicon$#pragma compile$#requireadmin$'$Bad directive syntax error$Cannot parse #include$Unterminated group of comments
                                            • API String ID: 0-1645009161
                                            • Opcode ID: 65642116a78d29ac8a1c7e42718c58929b09b5ff599175941231a02714caf80a
                                            • Instruction ID: c5bee80c7ae6710c802d863b30751c47aca16844891239f478da92e7252790a6
                                            • Opcode Fuzzy Hash: 65642116a78d29ac8a1c7e42718c58929b09b5ff599175941231a02714caf80a
                                            • Instruction Fuzzy Hash: BC811771A04225BFDB20AF60EC42FAE77A8EF26344F084064F805AB196EB71D955D7B1
                                            Function 00D93E79 Relevance: 28.2, APIs: 8, Strings: 8, Instructions: 205COMMON
                                            Download Yara Rule
                                            APIs
                                            • CharLowerBuffW.USER32(?,?), ref: 00D93EF8
                                            • _wcslen.LIBCMT ref: 00D93F03
                                            • _wcslen.LIBCMT ref: 00D93F5A
                                            • _wcslen.LIBCMT ref: 00D93F98
                                            • GetDriveTypeW.KERNEL32(?), ref: 00D93FD6
                                            • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 00D9401E
                                            • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 00D94059
                                            • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 00D94087
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1670591504.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                            • Associated: 00000000.00000002.1670566303.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DBC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670670449.0000000000DEC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670683312.0000000000DF4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                            Similarity
                                            • API ID: SendString_wcslen$BuffCharDriveLowerType
                                            • String ID: type cdaudio alias cd wait$ wait$close$close cd wait$closed$open$open $set cd door
                                            • API String ID: 1839972693-4113822522
                                            • Opcode ID: ae1ad70686b5983ecfef17f80daed56660473a941095ec0747014a02a1456420
                                            • Instruction ID: 4dd4fb2d4e1a87df1ea34797cc24d903f091c154179dea4fbad75eed45ce9cd5
                                            • Opcode Fuzzy Hash: ae1ad70686b5983ecfef17f80daed56660473a941095ec0747014a02a1456420
                                            • Instruction Fuzzy Hash: 7B71C2726043119FCB10EF24C88196AB7F4EFA4768F14492DF89597251EB31ED4ACBB1
                                            Function 00D85A1B Relevance: 27.2, APIs: 18, Instructions: 198windowtimeCOMMON
                                            Download Yara Rule
                                            APIs
                                            • LoadIconW.USER32(00000063), ref: 00D85A2E
                                            • SendMessageW.USER32(?,00000080,00000000,00000000), ref: 00D85A40
                                            • SetWindowTextW.USER32(?,?), ref: 00D85A57
                                            • GetDlgItem.USER32(?,000003EA), ref: 00D85A6C
                                            • SetWindowTextW.USER32(00000000,?), ref: 00D85A72
                                            • GetDlgItem.USER32(?,000003E9), ref: 00D85A82
                                            • SetWindowTextW.USER32(00000000,?), ref: 00D85A88
                                            • SendDlgItemMessageW.USER32(?,000003E9,000000CC,?,00000000), ref: 00D85AA9
                                            • SendDlgItemMessageW.USER32(?,000003E9,000000C5,00000000,00000000), ref: 00D85AC3
                                            • GetWindowRect.USER32(?,?), ref: 00D85ACC
                                            • _wcslen.LIBCMT ref: 00D85B33
                                            • SetWindowTextW.USER32(?,?), ref: 00D85B6F
                                            • GetDesktopWindow.USER32 ref: 00D85B75
                                            • GetWindowRect.USER32(00000000), ref: 00D85B7C
                                            • MoveWindow.USER32(?,?,00000080,00000000,?,00000000), ref: 00D85BD3
                                            • GetClientRect.USER32(?,?), ref: 00D85BE0
                                            • PostMessageW.USER32(?,00000005,00000000,?), ref: 00D85C05
                                            • SetTimer.USER32(?,0000040A,00000000,00000000), ref: 00D85C2F
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1670591504.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                            • Associated: 00000000.00000002.1670566303.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DBC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670670449.0000000000DEC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670683312.0000000000DF4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                            Similarity
                                            • API ID: Window$ItemMessageText$RectSend$ClientDesktopIconLoadMovePostTimer_wcslen
                                            • String ID:
                                            • API String ID: 895679908-0
                                            • Opcode ID: a4c7c80f680b170b474d856a34ddaa84bb2ce977a678ab76c0db6ace978180cf
                                            • Instruction ID: 481eb21bc7f8c9ccdee66da5da366439577182d3240963a4aa25c86aabdda1ea
                                            • Opcode Fuzzy Hash: a4c7c80f680b170b474d856a34ddaa84bb2ce977a678ab76c0db6ace978180cf
                                            • Instruction Fuzzy Hash: AF714C31900B05EFDB20EFA8DD85B6EBBF5FB48704F144618E582A26A4D775F944CB60
                                            Function 00D9FE0E Relevance: 27.1, APIs: 18, Instructions: 128COMMON
                                            Download Yara Rule
                                            APIs
                                            • LoadCursorW.USER32(00000000,00007F89), ref: 00D9FE27
                                            • LoadCursorW.USER32(00000000,00007F8A), ref: 00D9FE32
                                            • LoadCursorW.USER32(00000000,00007F00), ref: 00D9FE3D
                                            • LoadCursorW.USER32(00000000,00007F03), ref: 00D9FE48
                                            • LoadCursorW.USER32(00000000,00007F8B), ref: 00D9FE53
                                            • LoadCursorW.USER32(00000000,00007F01), ref: 00D9FE5E
                                            • LoadCursorW.USER32(00000000,00007F81), ref: 00D9FE69
                                            • LoadCursorW.USER32(00000000,00007F88), ref: 00D9FE74
                                            • LoadCursorW.USER32(00000000,00007F80), ref: 00D9FE7F
                                            • LoadCursorW.USER32(00000000,00007F86), ref: 00D9FE8A
                                            • LoadCursorW.USER32(00000000,00007F83), ref: 00D9FE95
                                            • LoadCursorW.USER32(00000000,00007F85), ref: 00D9FEA0
                                            • LoadCursorW.USER32(00000000,00007F82), ref: 00D9FEAB
                                            • LoadCursorW.USER32(00000000,00007F84), ref: 00D9FEB6
                                            • LoadCursorW.USER32(00000000,00007F04), ref: 00D9FEC1
                                            • LoadCursorW.USER32(00000000,00007F02), ref: 00D9FECC
                                            • GetCursorInfo.USER32(?), ref: 00D9FEDC
                                            • GetLastError.KERNEL32 ref: 00D9FF1E
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1670591504.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                            • Associated: 00000000.00000002.1670566303.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DBC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670670449.0000000000DEC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670683312.0000000000DF4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                            Similarity
                                            • API ID: Cursor$Load$ErrorInfoLast
                                            • String ID:
                                            • API String ID: 3215588206-0
                                            • Opcode ID: 2290d711b9a093cafab3beb4c5aae15d8a78e6b6a2f7fa2004d64cd29c9ce9fa
                                            • Instruction ID: ec77c27504a338a5db834540f4a4c5b600f1cae35ac5c18b4d36582c0d73e1b7
                                            • Opcode Fuzzy Hash: 2290d711b9a093cafab3beb4c5aae15d8a78e6b6a2f7fa2004d64cd29c9ce9fa
                                            • Instruction Fuzzy Hash: EA4154B0D08319AADB10DFBA8C89C5EBFE8FF04354B54456AE11DE7281DB78D901CEA1
                                            Function 00D400C6 Relevance: 26.3, APIs: 10, Strings: 5, Instructions: 81COMMON
                                            Download Yara Rule
                                            APIs
                                            • __scrt_initialize_thread_safe_statics_platform_specific.LIBCMT ref: 00D400C6
                                              • Part of subcall function 00D400ED: InitializeCriticalSectionAndSpinCount.KERNEL32(00DF070C,00000FA0,19FC0804,?,?,?,?,00D623B3,000000FF), ref: 00D4011C
                                              • Part of subcall function 00D400ED: GetModuleHandleW.KERNEL32(api-ms-win-core-synch-l1-2-0.dll,?,?,?,?,00D623B3,000000FF), ref: 00D40127
                                              • Part of subcall function 00D400ED: GetModuleHandleW.KERNEL32(kernel32.dll,?,?,?,?,00D623B3,000000FF), ref: 00D40138
                                              • Part of subcall function 00D400ED: GetProcAddress.KERNEL32(00000000,InitializeConditionVariable), ref: 00D4014E
                                              • Part of subcall function 00D400ED: GetProcAddress.KERNEL32(00000000,SleepConditionVariableCS), ref: 00D4015C
                                              • Part of subcall function 00D400ED: GetProcAddress.KERNEL32(00000000,WakeAllConditionVariable), ref: 00D4016A
                                              • Part of subcall function 00D400ED: __crt_fast_encode_pointer.LIBVCRUNTIME ref: 00D40195
                                              • Part of subcall function 00D400ED: __crt_fast_encode_pointer.LIBVCRUNTIME ref: 00D401A0
                                            • ___scrt_fastfail.LIBCMT ref: 00D400E7
                                              • Part of subcall function 00D400A3: __onexit.LIBCMT ref: 00D400A9
                                            Strings
                                            • kernel32.dll, xrefs: 00D40133
                                            • InitializeConditionVariable, xrefs: 00D40148
                                            • api-ms-win-core-synch-l1-2-0.dll, xrefs: 00D40122
                                            • WakeAllConditionVariable, xrefs: 00D40162
                                            • SleepConditionVariableCS, xrefs: 00D40154
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1670591504.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                            • Associated: 00000000.00000002.1670566303.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DBC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670670449.0000000000DEC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670683312.0000000000DF4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                            Similarity
                                            • API ID: AddressProc$HandleModule__crt_fast_encode_pointer$CountCriticalInitializeSectionSpin___scrt_fastfail__onexit__scrt_initialize_thread_safe_statics_platform_specific
                                            • String ID: InitializeConditionVariable$SleepConditionVariableCS$WakeAllConditionVariable$api-ms-win-core-synch-l1-2-0.dll$kernel32.dll
                                            • API String ID: 66158676-1714406822
                                            • Opcode ID: a07334efc56e04e17a11eb1345d7d24ec9ea27c17291453b3666d7cd64c9b2c2
                                            • Instruction ID: adbc116864277bb6a62be84f742f17310348a4fc34b1d7d86f3a830761f4cd8b
                                            • Opcode Fuzzy Hash: a07334efc56e04e17a11eb1345d7d24ec9ea27c17291453b3666d7cd64c9b2c2
                                            • Instruction Fuzzy Hash: 07210B32A54710EFD7106B64AC45B693B98EF04BA1F044239FE01F3392DB749C008EB0
                                            Function 00D830F7 Relevance: 24.9, APIs: 8, Strings: 6, Instructions: 400COMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1670591504.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                            • Associated: 00000000.00000002.1670566303.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DBC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670670449.0000000000DEC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670683312.0000000000DF4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                            Similarity
                                            • API ID: _wcslen
                                            • String ID: CLASS$CLASSNN$INSTANCE$NAME$REGEXPCLASS$TEXT
                                            • API String ID: 176396367-1603158881
                                            • Opcode ID: 0106507570fb51ae696dd749a90739902de27dbab9690d93355ee9af4b6ee1b8
                                            • Instruction ID: 21ebccfaf507d30f858153d036b16134862ee348af4d454c41f02999ed41f0a0
                                            • Opcode Fuzzy Hash: 0106507570fb51ae696dd749a90739902de27dbab9690d93355ee9af4b6ee1b8
                                            • Instruction Fuzzy Hash: B0E1C832A00616ABCB18FF68C4517EDFBB4FF54B54F588159E45AB7240DB30AE858BB0
                                            Function 00D944C0 Relevance: 24.8, APIs: 7, Strings: 7, Instructions: 309COMMON
                                            Download Yara Rule
                                            APIs
                                            • CharLowerBuffW.USER32(00000000,00000000,00DBCC08), ref: 00D94527
                                            • _wcslen.LIBCMT ref: 00D9453B
                                            • _wcslen.LIBCMT ref: 00D94599
                                            • _wcslen.LIBCMT ref: 00D945F4
                                            • _wcslen.LIBCMT ref: 00D9463F
                                            • _wcslen.LIBCMT ref: 00D946A7
                                              • Part of subcall function 00D3F9F2: _wcslen.LIBCMT ref: 00D3F9FD
                                            • GetDriveTypeW.KERNEL32(?,00DE6BF0,00000061), ref: 00D94743
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1670591504.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                            • Associated: 00000000.00000002.1670566303.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DBC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670670449.0000000000DEC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670683312.0000000000DF4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                            Similarity
                                            • API ID: _wcslen$BuffCharDriveLowerType
                                            • String ID: all$cdrom$fixed$network$ramdisk$removable$unknown
                                            • API String ID: 2055661098-1000479233
                                            • Opcode ID: 89b081e9991cced6baeecf160827d5a8d93dfad3bcaf18957449097b5cb30959
                                            • Instruction ID: 14d24b6c908f22615ddfbaedc6452ba20699cffd647012574ff7dd298189899f
                                            • Opcode Fuzzy Hash: 89b081e9991cced6baeecf160827d5a8d93dfad3bcaf18957449097b5cb30959
                                            • Instruction Fuzzy Hash: 6DB1EF716083029FCB10DF28D890E6AB7E5EFA5764F54491DF496C7292E730D846CBB2
                                            Function 00DAAFF9 Relevance: 24.4, APIs: 16, Instructions: 418processCOMMON
                                            Download Yara Rule
                                            APIs
                                            • _wcslen.LIBCMT ref: 00DAB198
                                            • GetSystemDirectoryW.KERNEL32(00000000,00000000), ref: 00DAB1B0
                                            • GetSystemDirectoryW.KERNEL32(00000000,00000000), ref: 00DAB1D4
                                            • _wcslen.LIBCMT ref: 00DAB200
                                            • GetCurrentDirectoryW.KERNEL32(00000000,00000000), ref: 00DAB214
                                            • GetCurrentDirectoryW.KERNEL32(00000000,00000000), ref: 00DAB236
                                            • _wcslen.LIBCMT ref: 00DAB332
                                              • Part of subcall function 00D905A7: GetStdHandle.KERNEL32(000000F6), ref: 00D905C6
                                            • _wcslen.LIBCMT ref: 00DAB34B
                                            • _wcslen.LIBCMT ref: 00DAB366
                                            • CreateProcessW.KERNEL32(00000000,?,00000000,00000000,?,?,00000000,?,?,?), ref: 00DAB3B6
                                            • GetLastError.KERNEL32(00000000), ref: 00DAB407
                                            • CloseHandle.KERNEL32(?), ref: 00DAB439
                                            • CloseHandle.KERNEL32(00000000), ref: 00DAB44A
                                            • CloseHandle.KERNEL32(00000000), ref: 00DAB45C
                                            • CloseHandle.KERNEL32(00000000), ref: 00DAB46E
                                            • CloseHandle.KERNEL32(?), ref: 00DAB4E3
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1670591504.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                            • Associated: 00000000.00000002.1670566303.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DBC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670670449.0000000000DEC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670683312.0000000000DF4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                            Similarity
                                            • API ID: Handle$Close_wcslen$Directory$CurrentSystem$CreateErrorLastProcess
                                            • String ID:
                                            • API String ID: 2178637699-0
                                            • Opcode ID: 72625af932bbb981cdd3f8cb9fd3bf8c2977255132c2547d82257685179509f4
                                            • Instruction ID: 055b6afa6a443052596ae7e807867e8bd0baab67cc88627cc95eb339cbb3e289
                                            • Opcode Fuzzy Hash: 72625af932bbb981cdd3f8cb9fd3bf8c2977255132c2547d82257685179509f4
                                            • Instruction Fuzzy Hash: 0DF17A315043509FCB24EF24D891B6ABBE5EF86324F18855EF4859B2A2CB31EC45CB72
                                            Function 00DA3FE9 Relevance: 23.2, APIs: 11, Strings: 2, Instructions: 478libraryloaderCOMMON
                                            Download Yara Rule
                                            APIs
                                            • LoadLibraryA.KERNEL32(kernel32.dll,?,00DBCC08), ref: 00DA40BB
                                            • GetProcAddress.KERNEL32(00000000,GetModuleHandleExW), ref: 00DA40CD
                                            • GetModuleFileNameW.KERNEL32(?,?,00000104,?,?,?,00DBCC08), ref: 00DA40F2
                                            • FreeLibrary.KERNEL32(00000000,?,00DBCC08), ref: 00DA413E
                                            • StringFromGUID2.OLE32(?,?,00000028,?,00DBCC08), ref: 00DA41A8
                                            • SysFreeString.OLEAUT32(00000009), ref: 00DA4262
                                            • QueryPathOfRegTypeLib.OLEAUT32(?,?,?,?,?), ref: 00DA42C8
                                            • SysFreeString.OLEAUT32(?), ref: 00DA42F2
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1670591504.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                            • Associated: 00000000.00000002.1670566303.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DBC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670670449.0000000000DEC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670683312.0000000000DF4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                            Similarity
                                            • API ID: FreeString$Library$AddressFileFromLoadModuleNamePathProcQueryType
                                            • String ID: GetModuleHandleExW$kernel32.dll
                                            • API String ID: 354098117-199464113
                                            • Opcode ID: 978d53d7f664f2b188b6da43913aacbaea2f530a39a10fd0d21f2e655658b6a5
                                            • Instruction ID: 2cb61f903fff50f6e63580691a66bfa45337ccf689723ff98bbe121a65503a9b
                                            • Opcode Fuzzy Hash: 978d53d7f664f2b188b6da43913aacbaea2f530a39a10fd0d21f2e655658b6a5
                                            • Instruction Fuzzy Hash: 58122C75A00215EFDB14DF54C884EAEB7B5FF8A314F288098F9059B251D7B1ED46CBA0
                                            Function 00D2326F Relevance: 23.0, APIs: 12, Strings: 1, Instructions: 214windowCOMMON
                                            Download Yara Rule
                                            APIs
                                            • GetMenuItemCount.USER32(00DF1990), ref: 00D62F8D
                                            • GetMenuItemCount.USER32(00DF1990), ref: 00D6303D
                                            • GetCursorPos.USER32(?), ref: 00D63081
                                            • SetForegroundWindow.USER32(00000000), ref: 00D6308A
                                            • TrackPopupMenuEx.USER32(00DF1990,00000000,?,00000000,00000000,00000000), ref: 00D6309D
                                            • PostMessageW.USER32(00000000,00000000,00000000,00000000), ref: 00D630A9
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1670591504.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                            • Associated: 00000000.00000002.1670566303.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DBC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670670449.0000000000DEC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670683312.0000000000DF4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                            Similarity
                                            • API ID: Menu$CountItem$CursorForegroundMessagePopupPostTrackWindow
                                            • String ID: 0
                                            • API String ID: 36266755-4108050209
                                            • Opcode ID: e123c6b5cd529c4542a97e752c3334f1b077eae90d04226191a7332eb9fd204d
                                            • Instruction ID: eaabd739814a9c6c9a6c18aef909ff2dc76065b338c109602a83284211405bdd
                                            • Opcode Fuzzy Hash: e123c6b5cd529c4542a97e752c3334f1b077eae90d04226191a7332eb9fd204d
                                            • Instruction Fuzzy Hash: 5E712A30640615FFEB219F25DC49FAABF69FF14324F244216F524A62E1C7B1A914CBB0
                                            Function 00DB6CD9 Relevance: 22.9, APIs: 11, Strings: 2, Instructions: 194windowCOMMON
                                            Download Yara Rule
                                            APIs
                                            • DestroyWindow.USER32(00000000,?), ref: 00DB6DEB
                                              • Part of subcall function 00D26B57: _wcslen.LIBCMT ref: 00D26B6A
                                            • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,?,80000000,80000000,80000000,80000000,?,00000000,00000000,?), ref: 00DB6E5F
                                            • SendMessageW.USER32(00000000,00000433,00000000,00000030), ref: 00DB6E81
                                            • SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 00DB6E94
                                            • DestroyWindow.USER32(?), ref: 00DB6EB5
                                            • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,?,80000000,80000000,80000000,80000000,?,00000000,00D20000,00000000), ref: 00DB6EE4
                                            • SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 00DB6EFD
                                            • GetDesktopWindow.USER32 ref: 00DB6F16
                                            • GetWindowRect.USER32(00000000), ref: 00DB6F1D
                                            • SendMessageW.USER32(00000000,00000418,00000000,?), ref: 00DB6F35
                                            • SendMessageW.USER32(00000000,00000421,?,00000000), ref: 00DB6F4D
                                              • Part of subcall function 00D39944: GetWindowLongW.USER32(?,000000EB), ref: 00D39952
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1670591504.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                            • Associated: 00000000.00000002.1670566303.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DBC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670670449.0000000000DEC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670683312.0000000000DF4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                            Similarity
                                            • API ID: Window$MessageSend$CreateDestroy$DesktopLongRect_wcslen
                                            • String ID: 0$tooltips_class32
                                            • API String ID: 2429346358-3619404913
                                            • Opcode ID: 86c8931a58f561450237a7bd34d26f7faa08b92f9bed4d72ef4db726943ba7f6
                                            • Instruction ID: 696c16bfde647cf2192bd73c175f22ade1eeaf76898253e8a43fb93f842e267d
                                            • Opcode Fuzzy Hash: 86c8931a58f561450237a7bd34d26f7faa08b92f9bed4d72ef4db726943ba7f6
                                            • Instruction Fuzzy Hash: 2E714475504344EFDB21CF28D848EBABBE9FB99304F08451DF99A87261D774E906CB21
                                            Function 00DB911E Relevance: 22.9, APIs: 10, Strings: 3, Instructions: 181windowfileCOMMON
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 00D39BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00D39BB2
                                            • DragQueryPoint.SHELL32(?,?), ref: 00DB9147
                                              • Part of subcall function 00DB7674: ClientToScreen.USER32(?,?), ref: 00DB769A
                                              • Part of subcall function 00DB7674: GetWindowRect.USER32(?,?), ref: 00DB7710
                                              • Part of subcall function 00DB7674: PtInRect.USER32(?,?,00DB8B89), ref: 00DB7720
                                            • SendMessageW.USER32(?,000000B0,?,?), ref: 00DB91B0
                                            • DragQueryFileW.SHELL32(?,000000FF,00000000,00000000), ref: 00DB91BB
                                            • DragQueryFileW.SHELL32(?,00000000,?,00000104), ref: 00DB91DE
                                            • SendMessageW.USER32(?,000000C2,00000001,?), ref: 00DB9225
                                            • SendMessageW.USER32(?,000000B0,?,?), ref: 00DB923E
                                            • SendMessageW.USER32(?,000000B1,?,?), ref: 00DB9255
                                            • SendMessageW.USER32(?,000000B1,?,?), ref: 00DB9277
                                            • DragFinish.SHELL32(?), ref: 00DB927E
                                            • DefDlgProcW.USER32(?,00000233,?,00000000,?,?,?), ref: 00DB9371
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1670591504.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                            • Associated: 00000000.00000002.1670566303.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DBC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670670449.0000000000DEC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670683312.0000000000DF4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                            Similarity
                                            • API ID: MessageSend$Drag$Query$FileRectWindow$ClientFinishLongPointProcScreen
                                            • String ID: @GUI_DRAGFILE$@GUI_DRAGID$@GUI_DROPID
                                            • API String ID: 221274066-3440237614
                                            • Opcode ID: 6ad70158456065f28645017230c0ba72aaa81f340f626458c8ae551205746fbc
                                            • Instruction ID: 943319f5057de630d17e7d4dae3313c258fd24833f8881af83e8d4617204a5d5
                                            • Opcode Fuzzy Hash: 6ad70158456065f28645017230c0ba72aaa81f340f626458c8ae551205746fbc
                                            • Instruction Fuzzy Hash: 72615871108341EFC701DF64D895DAFBBE8FF99350F400A2DB596922A0DB709A49CBB2
                                            Function 00D9C476 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 143networkCOMMON
                                            Download Yara Rule
                                            APIs
                                            • InternetConnectW.WININET(?,?,?,?,?,?,00000000,00000000), ref: 00D9C4B0
                                            • GetLastError.KERNEL32(?,00000003,?,?,?,?,?,?), ref: 00D9C4C3
                                            • SetEvent.KERNEL32(?,?,00000003,?,?,?,?,?,?), ref: 00D9C4D7
                                            • HttpOpenRequestW.WININET(00000000,00000000,?,00000000,00000000,00000000,?,00000000), ref: 00D9C4F0
                                            • InternetQueryOptionW.WININET(00000000,0000001F,?,?), ref: 00D9C533
                                            • InternetSetOptionW.WININET(00000000,0000001F,00000100,00000004), ref: 00D9C549
                                            • HttpSendRequestW.WININET(00000000,00000000,00000000,00000000,00000000), ref: 00D9C554
                                            • HttpQueryInfoW.WININET(00000000,00000005,?,?,?), ref: 00D9C584
                                            • GetLastError.KERNEL32(?,00000003,?,?,?,?,?,?), ref: 00D9C5DC
                                            • SetEvent.KERNEL32(?,?,00000003,?,?,?,?,?,?), ref: 00D9C5F0
                                            • InternetCloseHandle.WININET(00000000), ref: 00D9C5FB
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1670591504.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                            • Associated: 00000000.00000002.1670566303.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DBC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670670449.0000000000DEC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670683312.0000000000DF4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                            Similarity
                                            • API ID: Internet$Http$ErrorEventLastOptionQueryRequest$CloseConnectHandleInfoOpenSend
                                            • String ID:
                                            • API String ID: 3800310941-3916222277
                                            • Opcode ID: 4f0dc747076cf3bdd38ebf7516946b764af8e7a55d9dd893cd352ee870633497
                                            • Instruction ID: ad69890192cd37439aea4e882032e75b6070bf0064001da4670696179d71a299
                                            • Opcode Fuzzy Hash: 4f0dc747076cf3bdd38ebf7516946b764af8e7a55d9dd893cd352ee870633497
                                            • Instruction Fuzzy Hash: CD5138B1610308FFEB218F61C988AAA7BFCFB08754F046519F946D6250EB34E9449B70
                                            Function 00DB856F Relevance: 22.6, APIs: 15, Instructions: 131filecommemoryCOMMON
                                            Download Yara Rule
                                            APIs
                                            • CreateFileW.KERNEL32(?,80000000,00000000,00000000,00000003,00000000,00000000,?,00000000,?), ref: 00DB8592
                                            • GetFileSize.KERNEL32(00000000,00000000), ref: 00DB85A2
                                            • GlobalAlloc.KERNEL32(00000002,00000000), ref: 00DB85AD
                                            • CloseHandle.KERNEL32(00000000), ref: 00DB85BA
                                            • GlobalLock.KERNEL32(00000000), ref: 00DB85C8
                                            • ReadFile.KERNEL32(00000000,00000000,00000000,?,00000000), ref: 00DB85D7
                                            • GlobalUnlock.KERNEL32(00000000), ref: 00DB85E0
                                            • CloseHandle.KERNEL32(00000000), ref: 00DB85E7
                                            • CreateStreamOnHGlobal.OLE32(00000000,00000001,?), ref: 00DB85F8
                                            • OleLoadPicture.OLEAUT32(?,00000000,00000000,00DBFC38,?), ref: 00DB8611
                                            • GlobalFree.KERNEL32(00000000), ref: 00DB8621
                                            • GetObjectW.GDI32(?,00000018,000000FF), ref: 00DB8641
                                            • CopyImage.USER32(?,00000000,00000000,?,00002000), ref: 00DB8671
                                            • DeleteObject.GDI32(00000000), ref: 00DB8699
                                            • SendMessageW.USER32(?,00000172,00000000,00000000), ref: 00DB86AF
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1670591504.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                            • Associated: 00000000.00000002.1670566303.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DBC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670670449.0000000000DEC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670683312.0000000000DF4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                            Similarity
                                            • API ID: Global$File$CloseCreateHandleObject$AllocCopyDeleteFreeImageLoadLockMessagePictureReadSendSizeStreamUnlock
                                            • String ID:
                                            • API String ID: 3840717409-0
                                            • Opcode ID: 258bb0769077010eb83ccd5445d5019366d6296d31689f4b5dc84a778530516a
                                            • Instruction ID: 316abf815aac98cf9b312cb35ee38395bb7b46ef368e7743122ddbaba902ab25
                                            • Opcode Fuzzy Hash: 258bb0769077010eb83ccd5445d5019366d6296d31689f4b5dc84a778530516a
                                            • Instruction Fuzzy Hash: 8F41F775610205EFDB119FA5CC48EAE7BBCFB89751F144159F906E7260DB309901DB70
                                            Function 00D914BD Relevance: 21.4, APIs: 10, Strings: 2, Instructions: 360timeCOMMON
                                            Download Yara Rule
                                            APIs
                                            • VariantInit.OLEAUT32(00000000), ref: 00D91502
                                            • VariantCopy.OLEAUT32(?,?), ref: 00D9150B
                                            • VariantClear.OLEAUT32(?), ref: 00D91517
                                            • VariantTimeToSystemTime.OLEAUT32(?,?,?), ref: 00D915FB
                                            • VarR8FromDec.OLEAUT32(?,?), ref: 00D91657
                                            • VariantInit.OLEAUT32(?), ref: 00D91708
                                            • SysFreeString.OLEAUT32(?), ref: 00D9178C
                                            • VariantClear.OLEAUT32(?), ref: 00D917D8
                                            • VariantClear.OLEAUT32(?), ref: 00D917E7
                                            • VariantInit.OLEAUT32(00000000), ref: 00D91823
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1670591504.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                            • Associated: 00000000.00000002.1670566303.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DBC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670670449.0000000000DEC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670683312.0000000000DF4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                            Similarity
                                            • API ID: Variant$ClearInit$Time$CopyFreeFromStringSystem
                                            • String ID: %4d%02d%02d%02d%02d%02d$Default
                                            • API String ID: 1234038744-3931177956
                                            • Opcode ID: 161a0464c3a6b584efc6cbeca4bec07f701f8c9f227fdb3b60a5ea893f668661
                                            • Instruction ID: fa32303853a08c642e944868d5338692a397d3b5c6b61bf4fda3f64d7fbcfe2f
                                            • Opcode Fuzzy Hash: 161a0464c3a6b584efc6cbeca4bec07f701f8c9f227fdb3b60a5ea893f668661
                                            • Instruction Fuzzy Hash: 64D1EC35A00216EBDF00AF65E884B79B7B5FF44700F16855AE486AB290DB30ED46DBB1
                                            Function 00DAB60E Relevance: 21.3, APIs: 10, Strings: 2, Instructions: 285registrylibraryloaderCOMMON
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 00D29CB3: _wcslen.LIBCMT ref: 00D29CBD
                                              • Part of subcall function 00DAC998: CharUpperBuffW.USER32(?,?,?,?,?,?,?,00DAB6AE,?,?), ref: 00DAC9B5
                                              • Part of subcall function 00DAC998: _wcslen.LIBCMT ref: 00DAC9F1
                                              • Part of subcall function 00DAC998: _wcslen.LIBCMT ref: 00DACA68
                                              • Part of subcall function 00DAC998: _wcslen.LIBCMT ref: 00DACA9E
                                            • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 00DAB6F4
                                            • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 00DAB772
                                            • RegDeleteValueW.ADVAPI32(?,?), ref: 00DAB80A
                                            • RegCloseKey.ADVAPI32(?), ref: 00DAB87E
                                            • RegCloseKey.ADVAPI32(?), ref: 00DAB89C
                                            • LoadLibraryA.KERNEL32(advapi32.dll), ref: 00DAB8F2
                                            • GetProcAddress.KERNEL32(00000000,RegDeleteKeyExW), ref: 00DAB904
                                            • RegDeleteKeyW.ADVAPI32(?,?), ref: 00DAB922
                                            • FreeLibrary.KERNEL32(00000000), ref: 00DAB983
                                            • RegCloseKey.ADVAPI32(00000000), ref: 00DAB994
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1670591504.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                            • Associated: 00000000.00000002.1670566303.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DBC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670670449.0000000000DEC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670683312.0000000000DF4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                            Similarity
                                            • API ID: _wcslen$Close$DeleteLibrary$AddressBuffCharConnectFreeLoadOpenProcRegistryUpperValue
                                            • String ID: RegDeleteKeyExW$advapi32.dll
                                            • API String ID: 146587525-4033151799
                                            • Opcode ID: 2b4efda3364ba970a923039e4ae683110dfb433a3cdb330fe32df12a1d6a5b6a
                                            • Instruction ID: 9a9947ad28e0669b635f674ca140da1074b4e92c538ea5ad83d327dfc32e3794
                                            • Opcode Fuzzy Hash: 2b4efda3364ba970a923039e4ae683110dfb433a3cdb330fe32df12a1d6a5b6a
                                            • Instruction Fuzzy Hash: 65C15B30204241EFD714DF24C495B2ABBE5FF85318F18859DE49A8B2A2CB75ED46CBA1
                                            Function 00DA255C Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 169windowCOMMON
                                            Download Yara Rule
                                            APIs
                                            • GetDC.USER32(00000000), ref: 00DA25D8
                                            • CreateCompatibleBitmap.GDI32(00000000,?,?), ref: 00DA25E8
                                            • CreateCompatibleDC.GDI32(?), ref: 00DA25F4
                                            • SelectObject.GDI32(00000000,?), ref: 00DA2601
                                            • StretchBlt.GDI32(?,00000000,00000000,?,?,?,00000006,?,?,?,00CC0020), ref: 00DA266D
                                            • GetDIBits.GDI32(?,?,00000000,00000000,00000000,00000028,00000000), ref: 00DA26AC
                                            • GetDIBits.GDI32(?,?,00000000,?,00000000,00000028,00000000), ref: 00DA26D0
                                            • SelectObject.GDI32(?,?), ref: 00DA26D8
                                            • DeleteObject.GDI32(?), ref: 00DA26E1
                                            • DeleteDC.GDI32(?), ref: 00DA26E8
                                            • ReleaseDC.USER32(00000000,?), ref: 00DA26F3
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1670591504.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                            • Associated: 00000000.00000002.1670566303.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DBC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670670449.0000000000DEC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670683312.0000000000DF4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                            Similarity
                                            • API ID: Object$BitsCompatibleCreateDeleteSelect$BitmapReleaseStretch
                                            • String ID: (
                                            • API String ID: 2598888154-3887548279
                                            • Opcode ID: 6cc112206ddee8c55858d58934c6d160d180e6c145ad3f7510c233b5e63c468a
                                            • Instruction ID: df40e94fb4925d068dd3ed406dcc3aacc832ae822c7a143279be8f090784bf18
                                            • Opcode Fuzzy Hash: 6cc112206ddee8c55858d58934c6d160d180e6c145ad3f7510c233b5e63c468a
                                            • Instruction Fuzzy Hash: AA61DFB5D00219EFCF04CFA8D984AAEBBB6FF48310F248529E955A7350D770A941CFA0
                                            Function 00D5DA5D Relevance: 19.6, APIs: 13, Instructions: 114COMMONLIBRARYCODE
                                            Download Yara Rule
                                            APIs
                                            • ___free_lconv_mon.LIBCMT ref: 00D5DAA1
                                              • Part of subcall function 00D5D63C: _free.LIBCMT ref: 00D5D659
                                              • Part of subcall function 00D5D63C: _free.LIBCMT ref: 00D5D66B
                                              • Part of subcall function 00D5D63C: _free.LIBCMT ref: 00D5D67D
                                              • Part of subcall function 00D5D63C: _free.LIBCMT ref: 00D5D68F
                                              • Part of subcall function 00D5D63C: _free.LIBCMT ref: 00D5D6A1
                                              • Part of subcall function 00D5D63C: _free.LIBCMT ref: 00D5D6B3
                                              • Part of subcall function 00D5D63C: _free.LIBCMT ref: 00D5D6C5
                                              • Part of subcall function 00D5D63C: _free.LIBCMT ref: 00D5D6D7
                                              • Part of subcall function 00D5D63C: _free.LIBCMT ref: 00D5D6E9
                                              • Part of subcall function 00D5D63C: _free.LIBCMT ref: 00D5D6FB
                                              • Part of subcall function 00D5D63C: _free.LIBCMT ref: 00D5D70D
                                              • Part of subcall function 00D5D63C: _free.LIBCMT ref: 00D5D71F
                                              • Part of subcall function 00D5D63C: _free.LIBCMT ref: 00D5D731
                                            • _free.LIBCMT ref: 00D5DA96
                                              • Part of subcall function 00D529C8: RtlFreeHeap.NTDLL(00000000,00000000,?,00D5D7D1,00000000,00000000,00000000,00000000,?,00D5D7F8,00000000,00000007,00000000,?,00D5DBF5,00000000), ref: 00D529DE
                                              • Part of subcall function 00D529C8: GetLastError.KERNEL32(00000000,?,00D5D7D1,00000000,00000000,00000000,00000000,?,00D5D7F8,00000000,00000007,00000000,?,00D5DBF5,00000000,00000000), ref: 00D529F0
                                            • _free.LIBCMT ref: 00D5DAB8
                                            • _free.LIBCMT ref: 00D5DACD
                                            • _free.LIBCMT ref: 00D5DAD8
                                            • _free.LIBCMT ref: 00D5DAFA
                                            • _free.LIBCMT ref: 00D5DB0D
                                            • _free.LIBCMT ref: 00D5DB1B
                                            • _free.LIBCMT ref: 00D5DB26
                                            • _free.LIBCMT ref: 00D5DB5E
                                            • _free.LIBCMT ref: 00D5DB65
                                            • _free.LIBCMT ref: 00D5DB82
                                            • _free.LIBCMT ref: 00D5DB9A
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1670591504.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                            • Associated: 00000000.00000002.1670566303.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DBC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670670449.0000000000DEC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670683312.0000000000DF4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                            Similarity
                                            • API ID: _free$ErrorFreeHeapLast___free_lconv_mon
                                            • String ID:
                                            • API String ID: 161543041-0
                                            • Opcode ID: 46644b24cc52712bff6585091a3dd5754594cfe34b8228f3d6379f286702a93f
                                            • Instruction ID: 2d8692025b0e4ee18a46c0575ca63f06aafad475acddbc561f725c7645435512
                                            • Opcode Fuzzy Hash: 46644b24cc52712bff6585091a3dd5754594cfe34b8228f3d6379f286702a93f
                                            • Instruction Fuzzy Hash: E0312C316447059FEF31AA39E845BA677EAFF11312F194419EC59E7291DB31AC48CB30
                                            Function 00D8365B Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 267windowtimeCOMMON
                                            Download Yara Rule
                                            APIs
                                            • GetClassNameW.USER32(?,?,00000100), ref: 00D8369C
                                            • _wcslen.LIBCMT ref: 00D836A7
                                            • SendMessageTimeoutW.USER32(?,?,00000101,00000000,00000002,00001388,?), ref: 00D83797
                                            • GetClassNameW.USER32(?,?,00000400), ref: 00D8380C
                                            • GetDlgCtrlID.USER32(?), ref: 00D8385D
                                            • GetWindowRect.USER32(?,?), ref: 00D83882
                                            • GetParent.USER32(?), ref: 00D838A0
                                            • ScreenToClient.USER32(00000000), ref: 00D838A7
                                            • GetClassNameW.USER32(?,?,00000100), ref: 00D83921
                                            • GetWindowTextW.USER32(?,?,00000400), ref: 00D8395D
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1670591504.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                            • Associated: 00000000.00000002.1670566303.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DBC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670670449.0000000000DEC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670683312.0000000000DF4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                            Similarity
                                            • API ID: ClassName$Window$ClientCtrlMessageParentRectScreenSendTextTimeout_wcslen
                                            • String ID: %s%u
                                            • API String ID: 4010501982-679674701
                                            • Opcode ID: cdcf773ca0d4806ea63e3e974e9867feb94c7d4fc1b33c180747048a704ad79c
                                            • Instruction ID: 49cc6bed18685373ee0e602bc44f8163bde4b95d64fc45f8f9478d0571291403
                                            • Opcode Fuzzy Hash: cdcf773ca0d4806ea63e3e974e9867feb94c7d4fc1b33c180747048a704ad79c
                                            • Instruction Fuzzy Hash: 11919071204706AFD719EF24C895FAAB7A8FF44750F048629F999C2190EB30EA45CBB1
                                            Function 00D84954 Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 253COMMON
                                            Download Yara Rule
                                            APIs
                                            • GetClassNameW.USER32(?,?,00000400), ref: 00D84994
                                            • GetWindowTextW.USER32(?,?,00000400), ref: 00D849DA
                                            • _wcslen.LIBCMT ref: 00D849EB
                                            • CharUpperBuffW.USER32(?,00000000), ref: 00D849F7
                                            • _wcsstr.LIBVCRUNTIME ref: 00D84A2C
                                            • GetClassNameW.USER32(00000018,?,00000400), ref: 00D84A64
                                            • GetWindowTextW.USER32(?,?,00000400), ref: 00D84A9D
                                            • GetClassNameW.USER32(00000018,?,00000400), ref: 00D84AE6
                                            • GetClassNameW.USER32(?,?,00000400), ref: 00D84B20
                                            • GetWindowRect.USER32(?,?), ref: 00D84B8B
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1670591504.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                            • Associated: 00000000.00000002.1670566303.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DBC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670670449.0000000000DEC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670683312.0000000000DF4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                            Similarity
                                            • API ID: ClassName$Window$Text$BuffCharRectUpper_wcslen_wcsstr
                                            • String ID: ThumbnailClass
                                            • API String ID: 1311036022-1241985126
                                            • Opcode ID: 8820e0dcd43903f0e67cf6f59f1e31f63c6ab2ee03708853c0d6bb9e710beea5
                                            • Instruction ID: e685c34df46e34a339d01929d712a0324d9cef4df966e507e3b6dde022106d07
                                            • Opcode Fuzzy Hash: 8820e0dcd43903f0e67cf6f59f1e31f63c6ab2ee03708853c0d6bb9e710beea5
                                            • Instruction Fuzzy Hash: 7991AB711042069FDB18EF14D985FAAB7E8FF84314F08846AFD859A196EB30ED45CBB1
                                            Function 00D8BF30 Relevance: 19.4, APIs: 10, Strings: 1, Instructions: 190windowsleepCOMMON
                                            Download Yara Rule
                                            APIs
                                            • GetMenuItemInfoW.USER32(00DF1990,000000FF,00000000,00000030), ref: 00D8BFAC
                                            • SetMenuItemInfoW.USER32(00DF1990,00000004,00000000,00000030), ref: 00D8BFE1
                                            • Sleep.KERNEL32(000001F4), ref: 00D8BFF3
                                            • GetMenuItemCount.USER32(?), ref: 00D8C039
                                            • GetMenuItemID.USER32(?,00000000), ref: 00D8C056
                                            • GetMenuItemID.USER32(?,-00000001), ref: 00D8C082
                                            • GetMenuItemID.USER32(?,?), ref: 00D8C0C9
                                            • CheckMenuRadioItem.USER32(?,00000000,?,00000000,00000400), ref: 00D8C10F
                                            • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 00D8C124
                                            • SetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 00D8C145
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1670591504.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                            • Associated: 00000000.00000002.1670566303.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DBC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670670449.0000000000DEC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670683312.0000000000DF4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                            Similarity
                                            • API ID: ItemMenu$Info$CheckCountRadioSleep
                                            • String ID: 0
                                            • API String ID: 1460738036-4108050209
                                            • Opcode ID: 55cabf5b1a77cedb7c7883fd6ef9cfe7f19b9aa23cf8cd3457b58660c33fec9e
                                            • Instruction ID: 78929734a59ef3b9bb2e06d783e19d739f8b44bb06d1123e14ffe692a4e1c692
                                            • Opcode Fuzzy Hash: 55cabf5b1a77cedb7c7883fd6ef9cfe7f19b9aa23cf8cd3457b58660c33fec9e
                                            • Instruction Fuzzy Hash: 3D617AB092034AEBDF21EF64DC88EBEBBA8EB05354F145155E951A3292D735AD04CB70
                                            Function 00DACC34 Relevance: 19.4, APIs: 9, Strings: 2, Instructions: 104registryCOMMON
                                            Download Yara Rule
                                            APIs
                                            • RegEnumKeyExW.ADVAPI32(?,00000000,?,000000FF,00000000,00000000,00000000,?,?,?,00000000), ref: 00DACC64
                                            • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?,?,?,00000000), ref: 00DACC8D
                                            • FreeLibrary.KERNEL32(00000000,?,?,00000000), ref: 00DACD48
                                              • Part of subcall function 00DACC34: RegCloseKey.ADVAPI32(?,?,?,00000000), ref: 00DACCAA
                                              • Part of subcall function 00DACC34: LoadLibraryA.KERNEL32(advapi32.dll,?,?,00000000), ref: 00DACCBD
                                              • Part of subcall function 00DACC34: GetProcAddress.KERNEL32(00000000,RegDeleteKeyExW), ref: 00DACCCF
                                              • Part of subcall function 00DACC34: FreeLibrary.KERNEL32(00000000,?,?,00000000), ref: 00DACD05
                                              • Part of subcall function 00DACC34: RegEnumKeyExW.ADVAPI32(?,00000000,?,000000FF,00000000,00000000,00000000,?,?,?,00000000), ref: 00DACD28
                                            • RegDeleteKeyW.ADVAPI32(?,?), ref: 00DACCF3
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1670591504.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                            • Associated: 00000000.00000002.1670566303.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DBC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670670449.0000000000DEC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670683312.0000000000DF4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                            Similarity
                                            • API ID: Library$EnumFree$AddressCloseDeleteLoadOpenProc
                                            • String ID: RegDeleteKeyExW$advapi32.dll
                                            • API String ID: 2734957052-4033151799
                                            • Opcode ID: bf94d6e01aaeb90622e32e4a5d7bcff7b7bc3da6f6bbc5cee84b725f45cbe0a4
                                            • Instruction ID: c28a985ac4acf4ae17df37c8aacd205b9ae7b3af58c2ac877226ff2af6658f07
                                            • Opcode Fuzzy Hash: bf94d6e01aaeb90622e32e4a5d7bcff7b7bc3da6f6bbc5cee84b725f45cbe0a4
                                            • Instruction Fuzzy Hash: 28318D71911228FBDB209B95DC88EFFBB7CEF16760F041165F906E2240DB749A45DAB0
                                            Function 00D93D1E Relevance: 19.4, APIs: 8, Strings: 3, Instructions: 101fileCOMMON
                                            Download Yara Rule
                                            APIs
                                            • GetFullPathNameW.KERNEL32(?,00007FFF,?,?), ref: 00D93D40
                                            • _wcslen.LIBCMT ref: 00D93D6D
                                            • CreateDirectoryW.KERNEL32(?,00000000), ref: 00D93D9D
                                            • CreateFileW.KERNEL32(?,40000000,00000000,00000000,00000003,02200000,00000000), ref: 00D93DBE
                                            • RemoveDirectoryW.KERNEL32(?), ref: 00D93DCE
                                            • DeviceIoControl.KERNEL32(00000000,000900A4,?,?,00000000,00000000,?,00000000), ref: 00D93E55
                                            • CloseHandle.KERNEL32(00000000), ref: 00D93E60
                                            • CloseHandle.KERNEL32(00000000), ref: 00D93E6B
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1670591504.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                            • Associated: 00000000.00000002.1670566303.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DBC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670670449.0000000000DEC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670683312.0000000000DF4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                            Similarity
                                            • API ID: CloseCreateDirectoryHandle$ControlDeviceFileFullNamePathRemove_wcslen
                                            • String ID: :$\$\??\%s
                                            • API String ID: 1149970189-3457252023
                                            • Opcode ID: daa364e7f1333a543fa594e585bedd8a0ca72a7e499089b226a9f92abc0171f5
                                            • Instruction ID: f60ab6e6ea86b964528d3c3244a354de1be2be49de673ac92bb35968bd108c74
                                            • Opcode Fuzzy Hash: daa364e7f1333a543fa594e585bedd8a0ca72a7e499089b226a9f92abc0171f5
                                            • Instruction Fuzzy Hash: 4D318D76914209ABDB219BA0DC49FAF37BCEF88740F5442B5F619E6160EB7097448B34
                                            Function 00D8E6B0 Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 72sleepwindowtimeCOMMON
                                            Download Yara Rule
                                            APIs
                                            • timeGetTime.WINMM ref: 00D8E6B4
                                              • Part of subcall function 00D3E551: timeGetTime.WINMM(?,?,00D8E6D4), ref: 00D3E555
                                            • Sleep.KERNEL32(0000000A), ref: 00D8E6E1
                                            • EnumThreadWindows.USER32(?,Function_0006E665,00000000), ref: 00D8E705
                                            • FindWindowExW.USER32(00000000,00000000,BUTTON,00000000), ref: 00D8E727
                                            • SetActiveWindow.USER32 ref: 00D8E746
                                            • SendMessageW.USER32(00000000,000000F5,00000000,00000000), ref: 00D8E754
                                            • SendMessageW.USER32(00000010,00000000,00000000), ref: 00D8E773
                                            • Sleep.KERNEL32(000000FA), ref: 00D8E77E
                                            • IsWindow.USER32 ref: 00D8E78A
                                            • EndDialog.USER32(00000000), ref: 00D8E79B
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1670591504.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                            • Associated: 00000000.00000002.1670566303.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DBC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670670449.0000000000DEC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670683312.0000000000DF4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                            Similarity
                                            • API ID: Window$MessageSendSleepTimetime$ActiveDialogEnumFindThreadWindows
                                            • String ID: BUTTON
                                            • API String ID: 1194449130-3405671355
                                            • Opcode ID: f2e5b2726fbf3ce5e064add4c86eee6e10a77878c449b5901389d2e7cafc44a5
                                            • Instruction ID: 8a3cdf4c3b9a5cd0ffe0293ebd3a8c763d62d829f2a2246b9452b7c4d8f2364b
                                            • Opcode Fuzzy Hash: f2e5b2726fbf3ce5e064add4c86eee6e10a77878c449b5901389d2e7cafc44a5
                                            • Instruction Fuzzy Hash: 0F2129B0210305FFEB106F65EC8AA363BA9F754B49B14A525F515C23B1DAA1AC00DB34
                                            Function 00D8E9FC Relevance: 19.3, APIs: 5, Strings: 6, Instructions: 71COMMON
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 00D29CB3: _wcslen.LIBCMT ref: 00D29CBD
                                            • mciSendStringW.WINMM(status PlayMe mode,?,00000100,00000000), ref: 00D8EA5D
                                            • mciSendStringW.WINMM(close PlayMe,00000000,00000000,00000000), ref: 00D8EA73
                                            • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 00D8EA84
                                            • mciSendStringW.WINMM(play PlayMe wait,00000000,00000000,00000000), ref: 00D8EA96
                                            • mciSendStringW.WINMM(play PlayMe,00000000,00000000,00000000), ref: 00D8EAA7
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1670591504.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                            • Associated: 00000000.00000002.1670566303.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DBC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670670449.0000000000DEC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670683312.0000000000DF4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                            Similarity
                                            • API ID: SendString$_wcslen
                                            • String ID: alias PlayMe$close PlayMe$open $play PlayMe$play PlayMe wait$status PlayMe mode
                                            • API String ID: 2420728520-1007645807
                                            • Opcode ID: 1f72e0b23ded0ec54fb42cbcd6845bda3fef101f27116b35c29ac4d70037cd7c
                                            • Instruction ID: ee4542fbe8503adb51fca53a8598f1999d48fd0ead7852a98fb9b7638f2ac408
                                            • Opcode Fuzzy Hash: 1f72e0b23ded0ec54fb42cbcd6845bda3fef101f27116b35c29ac4d70037cd7c
                                            • Instruction Fuzzy Hash: 0C114F71A502697DD724F7A6EC4ADFF6B7CEBE1F44F440429B801A20D1EE704A49CAB0
                                            Function 00D89F91 Relevance: 18.2, APIs: 12, Instructions: 188keyboardCOMMON
                                            Download Yara Rule
                                            APIs
                                            • GetKeyboardState.USER32(?), ref: 00D8A012
                                            • SetKeyboardState.USER32(?), ref: 00D8A07D
                                            • GetAsyncKeyState.USER32(000000A0), ref: 00D8A09D
                                            • GetKeyState.USER32(000000A0), ref: 00D8A0B4
                                            • GetAsyncKeyState.USER32(000000A1), ref: 00D8A0E3
                                            • GetKeyState.USER32(000000A1), ref: 00D8A0F4
                                            • GetAsyncKeyState.USER32(00000011), ref: 00D8A120
                                            • GetKeyState.USER32(00000011), ref: 00D8A12E
                                            • GetAsyncKeyState.USER32(00000012), ref: 00D8A157
                                            • GetKeyState.USER32(00000012), ref: 00D8A165
                                            • GetAsyncKeyState.USER32(0000005B), ref: 00D8A18E
                                            • GetKeyState.USER32(0000005B), ref: 00D8A19C
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1670591504.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                            • Associated: 00000000.00000002.1670566303.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DBC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670670449.0000000000DEC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670683312.0000000000DF4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                            Similarity
                                            • API ID: State$Async$Keyboard
                                            • String ID:
                                            • API String ID: 541375521-0
                                            • Opcode ID: 3816056f150ac0abba95f9f1a090429370c102de004a15d356204c2ddf0a78bd
                                            • Instruction ID: b77c53fe3b89c3be3d1c7cdb06e7d979d3d9f52c5f63fadecf12b6c992a639fa
                                            • Opcode Fuzzy Hash: 3816056f150ac0abba95f9f1a090429370c102de004a15d356204c2ddf0a78bd
                                            • Instruction Fuzzy Hash: 1251B82090479869FB35FB6488157FAFFB59F12380F0C859BD6C25B1C2EA54AA4CC772
                                            Function 00D85CC6 Relevance: 18.2, APIs: 12, Instructions: 173COMMON
                                            Download Yara Rule
                                            APIs
                                            • GetDlgItem.USER32(?,00000001), ref: 00D85CE2
                                            • GetWindowRect.USER32(00000000,?), ref: 00D85CFB
                                            • MoveWindow.USER32(?,0000000A,00000004,?,?,00000004,00000000), ref: 00D85D59
                                            • GetDlgItem.USER32(?,00000002), ref: 00D85D69
                                            • GetWindowRect.USER32(00000000,?), ref: 00D85D7B
                                            • MoveWindow.USER32(?,?,00000004,00000000,?,00000004,00000000), ref: 00D85DCF
                                            • GetDlgItem.USER32(?,000003E9), ref: 00D85DDD
                                            • GetWindowRect.USER32(00000000,?), ref: 00D85DEF
                                            • MoveWindow.USER32(?,0000000A,00000000,?,00000004,00000000), ref: 00D85E31
                                            • GetDlgItem.USER32(?,000003EA), ref: 00D85E44
                                            • MoveWindow.USER32(00000000,0000000A,0000000A,?,-00000005,00000000), ref: 00D85E5A
                                            • InvalidateRect.USER32(?,00000000,00000001), ref: 00D85E67
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1670591504.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                            • Associated: 00000000.00000002.1670566303.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DBC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670670449.0000000000DEC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670683312.0000000000DF4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                            Similarity
                                            • API ID: Window$ItemMoveRect$Invalidate
                                            • String ID:
                                            • API String ID: 3096461208-0
                                            • Opcode ID: 392ad9bf4533cbe12fb4d22824222a6f50f05a2e9cbddce20b05d8fed97bd993
                                            • Instruction ID: 58b12b8527bb954f3a45f5672d22e3d3012d5c188aadba60c95b7fedc80c1ed1
                                            • Opcode Fuzzy Hash: 392ad9bf4533cbe12fb4d22824222a6f50f05a2e9cbddce20b05d8fed97bd993
                                            • Instruction Fuzzy Hash: FA510D71A10705EFDB18DF68DD89AAEBBB5FB48300F148229F915E6294D7709E04CB60
                                            Function 00D38BCD Relevance: 18.2, APIs: 12, Instructions: 168timeCOMMON
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 00D38F62: InvalidateRect.USER32(?,00000000,00000001,?,?,?,00D38BE8,?,00000000,?,?,?,?,00D38BBA,00000000,?), ref: 00D38FC5
                                            • DestroyWindow.USER32(?), ref: 00D38C81
                                            • KillTimer.USER32(00000000,?,?,?,?,00D38BBA,00000000,?), ref: 00D38D1B
                                            • DestroyAcceleratorTable.USER32(00000000), ref: 00D76973
                                            • ImageList_Destroy.COMCTL32(00000000,?,?,?,?,?,?,00000000,?,?,?,?,00D38BBA,00000000,?), ref: 00D769A1
                                            • ImageList_Destroy.COMCTL32(?,?,?,?,?,?,?,00000000,?,?,?,?,00D38BBA,00000000,?), ref: 00D769B8
                                            • ImageList_Destroy.COMCTL32(00000000,?,?,?,?,?,?,?,?,00000000,?,?,?,?,00D38BBA,00000000), ref: 00D769D4
                                            • DeleteObject.GDI32(00000000), ref: 00D769E6
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1670591504.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                            • Associated: 00000000.00000002.1670566303.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DBC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670670449.0000000000DEC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670683312.0000000000DF4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                            Similarity
                                            • API ID: Destroy$ImageList_$AcceleratorDeleteInvalidateKillObjectRectTableTimerWindow
                                            • String ID:
                                            • API String ID: 641708696-0
                                            • Opcode ID: 771657aabbb9e9453861daed9c6fac37d2fc5438c19cea624d7dadf567805ce1
                                            • Instruction ID: ec571b179f0df1e67f8c239dc7447152887033b40c428f75a09ce81b8c77ea24
                                            • Opcode Fuzzy Hash: 771657aabbb9e9453861daed9c6fac37d2fc5438c19cea624d7dadf567805ce1
                                            • Instruction Fuzzy Hash: AA616B35502B00EFCB259F25DA48B25B7F1FB54312F189519F086976A0DB71E990EFB0
                                            Function 00D39838 Relevance: 18.1, APIs: 12, Instructions: 137COMMON
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 00D39944: GetWindowLongW.USER32(?,000000EB), ref: 00D39952
                                            • GetSysColor.USER32(0000000F), ref: 00D39862
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1670591504.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                            • Associated: 00000000.00000002.1670566303.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DBC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670670449.0000000000DEC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670683312.0000000000DF4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                            Similarity
                                            • API ID: ColorLongWindow
                                            • String ID:
                                            • API String ID: 259745315-0
                                            • Opcode ID: e46181677f8871fe4796741e81a91f5d09205deca96d4797edf932d3c1d4a875
                                            • Instruction ID: 676b74376199b8ff55876dbf8aac5514cfed008e7a93474743c909b6330f2cb0
                                            • Opcode Fuzzy Hash: e46181677f8871fe4796741e81a91f5d09205deca96d4797edf932d3c1d4a875
                                            • Instruction Fuzzy Hash: A7419F31104740EFDB205F389C94BBABBA5BB46370F185615F9A6972E1D7B19C42DB30
                                            Function 00D896E2 Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 137windowCOMMON
                                            Download Yara Rule
                                            APIs
                                            • GetModuleHandleW.KERNEL32(00000000,?,00000FFF,00000001,00000000,?,?,00D6F7F8,00000001,0000138C,00000001,?,00000001,00000000,?,?), ref: 00D89717
                                            • LoadStringW.USER32(00000000,?,00D6F7F8,00000001), ref: 00D89720
                                              • Part of subcall function 00D29CB3: _wcslen.LIBCMT ref: 00D29CBD
                                            • GetModuleHandleW.KERNEL32(00000000,00000001,?,00000FFF,?,?,00D6F7F8,00000001,0000138C,00000001,?,00000001,00000000,?,?,00000000), ref: 00D89742
                                            • LoadStringW.USER32(00000000,?,00D6F7F8,00000001), ref: 00D89745
                                            • MessageBoxW.USER32(00000000,00000000,?,00011010), ref: 00D89866
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1670591504.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                            • Associated: 00000000.00000002.1670566303.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DBC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670670449.0000000000DEC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670683312.0000000000DF4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                            Similarity
                                            • API ID: HandleLoadModuleString$Message_wcslen
                                            • String ID: Error: $%s (%d) : ==> %s: %s %s$Line %d (File "%s"):$Line %d:$^ ERROR
                                            • API String ID: 747408836-2268648507
                                            • Opcode ID: 7e30345c35a791e8c8a404bb5732cc72f45ef717b0b56f0cb3c04c83d2219df8
                                            • Instruction ID: 0f48c59405257ab39d1f2db214c2525e12c3ce063e5dea3a1c1ea97b4507caf6
                                            • Opcode Fuzzy Hash: 7e30345c35a791e8c8a404bb5732cc72f45ef717b0b56f0cb3c04c83d2219df8
                                            • Instruction Fuzzy Hash: EB412C72800219AACB04FBE4ED96DFEB778EF24344F540425F605B2092EA35AF48CB71
                                            Function 00D806DE Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 127registryshareCOMMON
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 00D26B57: _wcslen.LIBCMT ref: 00D26B6A
                                            • WNetAddConnection2W.MPR(?,?,?,00000000), ref: 00D807A2
                                            • RegConnectRegistryW.ADVAPI32(?,80000002,?), ref: 00D807BE
                                            • RegOpenKeyExW.ADVAPI32(?,?,00000000,00020019,?,?,SOFTWARE\Classes\), ref: 00D807DA
                                            • RegQueryValueExW.ADVAPI32(?,00000000,00000000,00000000,?,?,?,SOFTWARE\Classes\), ref: 00D80804
                                            • CLSIDFromString.OLE32(?,000001FE,?,SOFTWARE\Classes\), ref: 00D8082C
                                            • RegCloseKey.ADVAPI32(?,?,SOFTWARE\Classes\), ref: 00D80837
                                            • RegCloseKey.ADVAPI32(?,?,SOFTWARE\Classes\), ref: 00D8083C
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1670591504.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                            • Associated: 00000000.00000002.1670566303.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DBC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670670449.0000000000DEC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670683312.0000000000DF4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                            Similarity
                                            • API ID: Close$ConnectConnection2FromOpenQueryRegistryStringValue_wcslen
                                            • String ID: SOFTWARE\Classes\$\CLSID$\IPC$
                                            • API String ID: 323675364-22481851
                                            • Opcode ID: 73bc00d6bd1cc1d45ebce6a2fcbffc0fb854ea64b154c857bed37b26a33e5f6e
                                            • Instruction ID: 0ee9e93f88d1ab329713fdc8dbf32f9e3af82be683ac9c0f17972edfcd5f815e
                                            • Opcode Fuzzy Hash: 73bc00d6bd1cc1d45ebce6a2fcbffc0fb854ea64b154c857bed37b26a33e5f6e
                                            • Instruction Fuzzy Hash: 8441F372C10229EBDB25EBA4EC958EDB778FF14754B454169E901A3261EB309E48CFB0
                                            Function 00DB3F98 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 101windowCOMMON
                                            Download Yara Rule
                                            APIs
                                            • MoveWindow.USER32(?,?,?,000000FF,000000FF,00000000,?,?,000000FF,000000FF,?,?,static,00000000,00000000,?), ref: 00DB403B
                                            • CreateCompatibleDC.GDI32(00000000), ref: 00DB4042
                                            • SendMessageW.USER32(?,00000173,00000000,00000000), ref: 00DB4055
                                            • SelectObject.GDI32(00000000,00000000), ref: 00DB405D
                                            • GetPixel.GDI32(00000000,00000000,00000000), ref: 00DB4068
                                            • DeleteDC.GDI32(00000000), ref: 00DB4072
                                            • GetWindowLongW.USER32(?,000000EC), ref: 00DB407C
                                            • SetLayeredWindowAttributes.USER32(?,?,00000000,00000001,?,00000000,?), ref: 00DB4092
                                            • DestroyWindow.USER32(?,?,?,000000FF,000000FF,?,?,static,00000000,00000000,?,?,00000000,00000000,?), ref: 00DB409E
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1670591504.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                            • Associated: 00000000.00000002.1670566303.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DBC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670670449.0000000000DEC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670683312.0000000000DF4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                            Similarity
                                            • API ID: Window$AttributesCompatibleCreateDeleteDestroyLayeredLongMessageMoveObjectPixelSelectSend
                                            • String ID: static
                                            • API String ID: 2559357485-2160076837
                                            • Opcode ID: 643cf984b2cfef5779ee2bad17de4272161d434575f6d6e7950cc8a8a0c81b15
                                            • Instruction ID: fbcefcad349b1ce14fd0deaf37d76a947dff0b7a1c7c6713366fbd3e98107589
                                            • Opcode Fuzzy Hash: 643cf984b2cfef5779ee2bad17de4272161d434575f6d6e7950cc8a8a0c81b15
                                            • Instruction Fuzzy Hash: 2B315932511215EBDB219FA8CC08FEA3BA8FF0D760F001211FA55E61A1C775D810DBB4
                                            Function 00DA3C30 Relevance: 16.8, APIs: 11, Instructions: 344fileCOMMON
                                            Download Yara Rule
                                            APIs
                                            • VariantInit.OLEAUT32(?), ref: 00DA3C5C
                                            • CoInitialize.OLE32(00000000), ref: 00DA3C8A
                                            • CoUninitialize.OLE32 ref: 00DA3C94
                                            • _wcslen.LIBCMT ref: 00DA3D2D
                                            • GetRunningObjectTable.OLE32(00000000,?), ref: 00DA3DB1
                                            • SetErrorMode.KERNEL32(00000001,00000029), ref: 00DA3ED5
                                            • CoGetInstanceFromFile.OLE32(00000000,?,00000000,00000015,00000002,?,00000001,?), ref: 00DA3F0E
                                            • CoGetObject.OLE32(?,00000000,00DBFB98,?), ref: 00DA3F2D
                                            • SetErrorMode.KERNEL32(00000000), ref: 00DA3F40
                                            • SetErrorMode.KERNEL32(00000000,00000000,00000000,00000000,00000000), ref: 00DA3FC4
                                            • VariantClear.OLEAUT32(?), ref: 00DA3FD8
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1670591504.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                            • Associated: 00000000.00000002.1670566303.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DBC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670670449.0000000000DEC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670683312.0000000000DF4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                            Similarity
                                            • API ID: ErrorMode$ObjectVariant$ClearFileFromInitInitializeInstanceRunningTableUninitialize_wcslen
                                            • String ID:
                                            • API String ID: 429561992-0
                                            • Opcode ID: 3c40433152c01e991f3f94dbb7f5ff0e7a313fe468cf0dafd4d6b877b20fc443
                                            • Instruction ID: b39ee9c86bd7169a6eb6d157d3664c542436e608eb4903878acfb1b901644477
                                            • Opcode Fuzzy Hash: 3c40433152c01e991f3f94dbb7f5ff0e7a313fe468cf0dafd4d6b877b20fc443
                                            • Instruction Fuzzy Hash: B5C10171608305DF9700DF68C88492ABBEAFF8A748F14495DF98A9B251D731EE05CB62
                                            Function 00D97A96 Relevance: 16.8, APIs: 11, Instructions: 298comCOMMON
                                            Download Yara Rule
                                            APIs
                                            • CoInitialize.OLE32(00000000), ref: 00D97AF3
                                            • SHGetSpecialFolderLocation.SHELL32(00000000,00000000,?), ref: 00D97B8F
                                            • SHGetDesktopFolder.SHELL32(?), ref: 00D97BA3
                                            • CoCreateInstance.OLE32(00DBFD08,00000000,00000001,00DE6E6C,?), ref: 00D97BEF
                                            • SHCreateShellItem.SHELL32(00000000,00000000,?,00000003), ref: 00D97C74
                                            • CoTaskMemFree.OLE32(?,?), ref: 00D97CCC
                                            • SHBrowseForFolderW.SHELL32(?), ref: 00D97D57
                                            • SHGetPathFromIDListW.SHELL32(00000000,?), ref: 00D97D7A
                                            • CoTaskMemFree.OLE32(00000000), ref: 00D97D81
                                            • CoTaskMemFree.OLE32(00000000), ref: 00D97DD6
                                            • CoUninitialize.OLE32 ref: 00D97DDC
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1670591504.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                            • Associated: 00000000.00000002.1670566303.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DBC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670670449.0000000000DEC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670683312.0000000000DF4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                            Similarity
                                            • API ID: FolderFreeTask$Create$BrowseDesktopFromInitializeInstanceItemListLocationPathShellSpecialUninitialize
                                            • String ID:
                                            • API String ID: 2762341140-0
                                            • Opcode ID: 9283deb7afd17369f732b68f28c357df621253a7240b4e8637c3b7a5b09e4d22
                                            • Instruction ID: 912b8b9c6bb94580c07b2268371762ea509dcc1f913165a6d42c4c0880350037
                                            • Opcode Fuzzy Hash: 9283deb7afd17369f732b68f28c357df621253a7240b4e8637c3b7a5b09e4d22
                                            • Instruction Fuzzy Hash: 0CC11975A14219EFCB14DF64C884DAEBBB9FF48304B148599E81ADB361D730EE45CBA0
                                            Function 00DB541D Relevance: 16.7, APIs: 11, Instructions: 191windowCOMMON
                                            Download Yara Rule
                                            APIs
                                            • SendMessageW.USER32(?,00000158,000000FF,00000158), ref: 00DB5504
                                            • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 00DB5515
                                            • CharNextW.USER32(00000158), ref: 00DB5544
                                            • SendMessageW.USER32(?,0000014B,00000000,00000000), ref: 00DB5585
                                            • SendMessageW.USER32(?,00000158,000000FF,0000014E), ref: 00DB559B
                                            • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 00DB55AC
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1670591504.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                            • Associated: 00000000.00000002.1670566303.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DBC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670670449.0000000000DEC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670683312.0000000000DF4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                            Similarity
                                            • API ID: MessageSend$CharNext
                                            • String ID:
                                            • API String ID: 1350042424-0
                                            • Opcode ID: 2ccf57d39445874aecb040809e88f75a839b96721401105272811373eeab129b
                                            • Instruction ID: ac91c6a4ab9665ef621f565c08fb4d7033093544ffc80aa699cb59c9a25af3a6
                                            • Opcode Fuzzy Hash: 2ccf57d39445874aecb040809e88f75a839b96721401105272811373eeab129b
                                            • Instruction Fuzzy Hash: 0C617C34900608EFDF209F54EC84EFE7BB9FB09721F148145F966AA2A4D7708A80DB70
                                            Function 00D7FA88 Relevance: 16.6, APIs: 11, Instructions: 122memoryCOMMON
                                            Download Yara Rule
                                            APIs
                                            • SafeArrayAllocDescriptorEx.OLEAUT32(0000000C,?,?), ref: 00D7FAAF
                                            • SafeArrayAllocData.OLEAUT32(?), ref: 00D7FB08
                                            • VariantInit.OLEAUT32(?), ref: 00D7FB1A
                                            • SafeArrayAccessData.OLEAUT32(?,?), ref: 00D7FB3A
                                            • VariantCopy.OLEAUT32(?,?), ref: 00D7FB8D
                                            • SafeArrayUnaccessData.OLEAUT32(?), ref: 00D7FBA1
                                            • VariantClear.OLEAUT32(?), ref: 00D7FBB6
                                            • SafeArrayDestroyData.OLEAUT32(?), ref: 00D7FBC3
                                            • SafeArrayDestroyDescriptor.OLEAUT32(?), ref: 00D7FBCC
                                            • VariantClear.OLEAUT32(?), ref: 00D7FBDE
                                            • SafeArrayDestroyDescriptor.OLEAUT32(?), ref: 00D7FBE9
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1670591504.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                            • Associated: 00000000.00000002.1670566303.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DBC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670670449.0000000000DEC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670683312.0000000000DF4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                            Similarity
                                            • API ID: ArraySafe$DataVariant$DescriptorDestroy$AllocClear$AccessCopyInitUnaccess
                                            • String ID:
                                            • API String ID: 2706829360-0
                                            • Opcode ID: 48d2b06afea4975f0b80d7cb2f40facbdba8fceffcc3ddeda1204ca14e30e01c
                                            • Instruction ID: a75da131aa58f7e65620ff55c9a89a55938682c03d3f22d00c189cd4a20cd14c
                                            • Opcode Fuzzy Hash: 48d2b06afea4975f0b80d7cb2f40facbdba8fceffcc3ddeda1204ca14e30e01c
                                            • Instruction Fuzzy Hash: 64415F35A10219DFCB10DF68D8549AEBBB9FF48344F008069E959E7361DB30AA45CFB0
                                            Function 00D89C79 Relevance: 16.6, APIs: 11, Instructions: 119keyboardCOMMON
                                            Download Yara Rule
                                            APIs
                                            • GetKeyboardState.USER32(?), ref: 00D89CA1
                                            • GetAsyncKeyState.USER32(000000A0), ref: 00D89D22
                                            • GetKeyState.USER32(000000A0), ref: 00D89D3D
                                            • GetAsyncKeyState.USER32(000000A1), ref: 00D89D57
                                            • GetKeyState.USER32(000000A1), ref: 00D89D6C
                                            • GetAsyncKeyState.USER32(00000011), ref: 00D89D84
                                            • GetKeyState.USER32(00000011), ref: 00D89D96
                                            • GetAsyncKeyState.USER32(00000012), ref: 00D89DAE
                                            • GetKeyState.USER32(00000012), ref: 00D89DC0
                                            • GetAsyncKeyState.USER32(0000005B), ref: 00D89DD8
                                            • GetKeyState.USER32(0000005B), ref: 00D89DEA
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1670591504.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                            • Associated: 00000000.00000002.1670566303.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DBC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670670449.0000000000DEC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670683312.0000000000DF4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                            Similarity
                                            • API ID: State$Async$Keyboard
                                            • String ID:
                                            • API String ID: 541375521-0
                                            • Opcode ID: 2ce1a1f1d8a1baab6b9d0bf248b110c4102697a9701f3977d3a6a14c98b78cd5
                                            • Instruction ID: 024bca9720e7dd86f267f1385728f4c4fb2710b884187a45a299109c9b7321e7
                                            • Opcode Fuzzy Hash: 2ce1a1f1d8a1baab6b9d0bf248b110c4102697a9701f3977d3a6a14c98b78cd5
                                            • Instruction Fuzzy Hash: F541A6346047C9ADFF31A664C8243B5FEE0BF11344F0C805ADAC6566C2EBA599C8C7B6
                                            Function 00DA055B Relevance: 16.0, APIs: 8, Strings: 1, Instructions: 207networkfileCOMMON
                                            Download Yara Rule
                                            APIs
                                            • WSAStartup.WSOCK32(00000101,?), ref: 00DA05BC
                                            • inet_addr.WSOCK32(?), ref: 00DA061C
                                            • gethostbyname.WSOCK32(?), ref: 00DA0628
                                            • IcmpCreateFile.IPHLPAPI ref: 00DA0636
                                            • IcmpSendEcho.IPHLPAPI(?,?,?,00000005,00000000,?,00000029,00000FA0), ref: 00DA06C6
                                            • IcmpSendEcho.IPHLPAPI(00000000,00000000,?,00000005,00000000,?,00000029,00000FA0), ref: 00DA06E5
                                            • IcmpCloseHandle.IPHLPAPI(?), ref: 00DA07B9
                                            • WSACleanup.WSOCK32 ref: 00DA07BF
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1670591504.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                            • Associated: 00000000.00000002.1670566303.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DBC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670670449.0000000000DEC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670683312.0000000000DF4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                            Similarity
                                            • API ID: Icmp$EchoSend$CleanupCloseCreateFileHandleStartupgethostbynameinet_addr
                                            • String ID: Ping
                                            • API String ID: 1028309954-2246546115
                                            • Opcode ID: 81d511fa5f9a2fccba2e3cfe615c276322a11bd14c6cbffb63e0316e473a02b3
                                            • Instruction ID: 359387eafe0de1f2413b19fea6cd6d8011693da84bcae734508f7df45daefa12
                                            • Opcode Fuzzy Hash: 81d511fa5f9a2fccba2e3cfe615c276322a11bd14c6cbffb63e0316e473a02b3
                                            • Instruction Fuzzy Hash: 03916B356043019FD720DF15D489F1ABBE0EF49318F1885A9E4AA9B7A2C730ED45CFA1
                                            Function 00DA8CD3 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 193COMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1670591504.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                            • Associated: 00000000.00000002.1670566303.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DBC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670670449.0000000000DEC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670683312.0000000000DF4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                            Similarity
                                            • API ID: _wcslen$BuffCharLower
                                            • String ID: cdecl$none$stdcall$winapi
                                            • API String ID: 707087890-567219261
                                            • Opcode ID: 7923dc6a3b11ac4dac2cd2166a2171004d1478a30a5a5e67385b2c390cfa5832
                                            • Instruction ID: dfa5fa16b3d213dd44588a7f91cc71083f107d8ebfa072953e69d68a5c68bc09
                                            • Opcode Fuzzy Hash: 7923dc6a3b11ac4dac2cd2166a2171004d1478a30a5a5e67385b2c390cfa5832
                                            • Instruction Fuzzy Hash: 26518171A00116DBCF14DF68C9505BEB7A5FF66724B284229F866A7284DB31DE4097B0
                                            Function 00DA372C Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 187comCOMMON
                                            Download Yara Rule
                                            APIs
                                            • CoInitialize.OLE32 ref: 00DA3774
                                            • CoUninitialize.OLE32 ref: 00DA377F
                                            • CoCreateInstance.OLE32(?,00000000,00000017,00DBFB78,?), ref: 00DA37D9
                                            • IIDFromString.OLE32(?,?), ref: 00DA384C
                                            • VariantInit.OLEAUT32(?), ref: 00DA38E4
                                            • VariantClear.OLEAUT32(?), ref: 00DA3936
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1670591504.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                            • Associated: 00000000.00000002.1670566303.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DBC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670670449.0000000000DEC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670683312.0000000000DF4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                            Similarity
                                            • API ID: Variant$ClearCreateFromInitInitializeInstanceStringUninitialize
                                            • String ID: Failed to create object$Invalid parameter$NULL Pointer assignment
                                            • API String ID: 636576611-1287834457
                                            • Opcode ID: 970b6c5d815d3d5142b74a13f67554dc77162a2681a548e214c7cec3a775e8ba
                                            • Instruction ID: 67b76e336e252866d9dd8419b2895740e4b530d71c682f1cf619f65a8c3e7ba8
                                            • Opcode Fuzzy Hash: 970b6c5d815d3d5142b74a13f67554dc77162a2681a548e214c7cec3a775e8ba
                                            • Instruction Fuzzy Hash: 1561BD71608311EFD310DF64D888B6ABBE9EF4A714F140909F9859B291C774EE48CBB2
                                            Function 00D93388 Relevance: 15.9, APIs: 3, Strings: 6, Instructions: 149COMMON
                                            Download Yara Rule
                                            APIs
                                            • LoadStringW.USER32(00000066,?,00000FFF,?), ref: 00D933CF
                                              • Part of subcall function 00D29CB3: _wcslen.LIBCMT ref: 00D29CBD
                                            • LoadStringW.USER32(00000072,?,00000FFF,?), ref: 00D933F0
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1670591504.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                            • Associated: 00000000.00000002.1670566303.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DBC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670670449.0000000000DEC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670683312.0000000000DF4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                            Similarity
                                            • API ID: LoadString$_wcslen
                                            • String ID: Error: $"%s" (%d) : ==> %s:$"%s" (%d) : ==> %s:%s%s$Incorrect parameters to object property !$Line %d (File "%s"):$^ ERROR
                                            • API String ID: 4099089115-3080491070
                                            • Opcode ID: 98d2d9aa671d31aa52316d000282f0213be48792cbeeb3a3403b2ad215bf6aa7
                                            • Instruction ID: b26e919da983a76e0e8acbf0f70f85cae74d2eba101de3e12086b9ff5fc20e90
                                            • Opcode Fuzzy Hash: 98d2d9aa671d31aa52316d000282f0213be48792cbeeb3a3403b2ad215bf6aa7
                                            • Instruction Fuzzy Hash: F6518B72900219AADF15EBA0DD52EEEB7B8EF28344F144065F405B21A2EB356F58DB70
                                            Function 00D8B5C8 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 142COMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1670591504.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                            • Associated: 00000000.00000002.1670566303.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DBC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670670449.0000000000DEC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670683312.0000000000DF4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                            Similarity
                                            • API ID: _wcslen$BuffCharUpper
                                            • String ID: APPEND$EXISTS$KEYS$REMOVE
                                            • API String ID: 1256254125-769500911
                                            • Opcode ID: f4cc104bac72228aba9ac44a317f1739b4f404f203bd2c6374d5dc5889f51739
                                            • Instruction ID: 4dd90b1649f5bcd869e2ef9e12bd15c219d064e1097540dae417b9b8b695b0c1
                                            • Opcode Fuzzy Hash: f4cc104bac72228aba9ac44a317f1739b4f404f203bd2c6374d5dc5889f51739
                                            • Instruction Fuzzy Hash: F0418632A001269BCB207F7D89915BE7BA5EF61774B29412BE465DB284F731CD81C7B0
                                            Function 00D95393 Relevance: 15.9, APIs: 4, Strings: 5, Instructions: 103COMMON
                                            Download Yara Rule
                                            APIs
                                            • SetErrorMode.KERNEL32(00000001), ref: 00D953A0
                                            • GetDiskFreeSpaceW.KERNEL32(?,?,?,?,?,00000002,00000001), ref: 00D95416
                                            • GetLastError.KERNEL32 ref: 00D95420
                                            • SetErrorMode.KERNEL32(00000000,READY), ref: 00D954A7
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1670591504.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                            • Associated: 00000000.00000002.1670566303.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DBC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670670449.0000000000DEC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670683312.0000000000DF4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                            Similarity
                                            • API ID: Error$Mode$DiskFreeLastSpace
                                            • String ID: INVALID$NOTREADY$READONLY$READY$UNKNOWN
                                            • API String ID: 4194297153-14809454
                                            • Opcode ID: a475f6451c0ff13131a63bb845739b4990dcca20d5ebf825a95717e859a1703d
                                            • Instruction ID: e0a23ba77490b0feab50c14445c4850e952ed3e800b9f33bd20b4ba0804902a9
                                            • Opcode Fuzzy Hash: a475f6451c0ff13131a63bb845739b4990dcca20d5ebf825a95717e859a1703d
                                            • Instruction Fuzzy Hash: 8331A035A00604DFCB52DF68E884AAABBB4FF55305F188065E406DB396D730DD82CBB0
                                            Function 00DB3C46 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 101windowCOMMON
                                            Download Yara Rule
                                            APIs
                                            • CreateMenu.USER32 ref: 00DB3C79
                                            • SetMenu.USER32(?,00000000), ref: 00DB3C88
                                            • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 00DB3D10
                                            • IsMenu.USER32(?), ref: 00DB3D24
                                            • CreatePopupMenu.USER32 ref: 00DB3D2E
                                            • InsertMenuItemW.USER32(?,?,00000001,00000030), ref: 00DB3D5B
                                            • DrawMenuBar.USER32 ref: 00DB3D63
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1670591504.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                            • Associated: 00000000.00000002.1670566303.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DBC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670670449.0000000000DEC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670683312.0000000000DF4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                            Similarity
                                            • API ID: Menu$CreateItem$DrawInfoInsertPopup
                                            • String ID: 0$F
                                            • API String ID: 161812096-3044882817
                                            • Opcode ID: 4357b8d43caccd76c1622b4d472daf64e4db000f9873f07dc517a3cb142763b5
                                            • Instruction ID: 6deaceec62169d7b6a00beb6c4ac26e606d6a49bedc32b0eecb7d02e59863576
                                            • Opcode Fuzzy Hash: 4357b8d43caccd76c1622b4d472daf64e4db000f9873f07dc517a3cb142763b5
                                            • Instruction Fuzzy Hash: DB416979A01309EFDB24CFA4D844AEA7BB5FF49350F180129F946A7360D770AA10DFA0
                                            Function 00D81EDF Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 78windowCOMMON
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 00D29CB3: _wcslen.LIBCMT ref: 00D29CBD
                                              • Part of subcall function 00D83CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00D83CCA
                                            • SendMessageW.USER32(?,0000018C,000000FF,00020000), ref: 00D81F64
                                            • GetDlgCtrlID.USER32 ref: 00D81F6F
                                            • GetParent.USER32 ref: 00D81F8B
                                            • SendMessageW.USER32(00000000,?,00000111,?), ref: 00D81F8E
                                            • GetDlgCtrlID.USER32(?), ref: 00D81F97
                                            • GetParent.USER32(?), ref: 00D81FAB
                                            • SendMessageW.USER32(00000000,?,00000111,?), ref: 00D81FAE
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1670591504.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                            • Associated: 00000000.00000002.1670566303.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DBC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670670449.0000000000DEC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670683312.0000000000DF4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                            Similarity
                                            • API ID: MessageSend$CtrlParent$ClassName_wcslen
                                            • String ID: ComboBox$ListBox
                                            • API String ID: 711023334-1403004172
                                            • Opcode ID: 5f7a50809f1561116d8e926ac5692ffe62c860bb488ca6a8792807c21f2a17e8
                                            • Instruction ID: f899d3bba404988fd989f265687ef46c9d5a9f3736ae31ced21aa1b503698123
                                            • Opcode Fuzzy Hash: 5f7a50809f1561116d8e926ac5692ffe62c860bb488ca6a8792807c21f2a17e8
                                            • Instruction Fuzzy Hash: 3521AC75900218EBCF04AFA0DC95EEEBBA8FF19354F000215BA65A72A1DB749919DB70
                                            Function 00D81FC0 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 77windowCOMMON
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 00D29CB3: _wcslen.LIBCMT ref: 00D29CBD
                                              • Part of subcall function 00D83CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00D83CCA
                                            • SendMessageW.USER32(?,00000186,00020000,00000000), ref: 00D82043
                                            • GetDlgCtrlID.USER32 ref: 00D8204E
                                            • GetParent.USER32 ref: 00D8206A
                                            • SendMessageW.USER32(00000000,?,00000111,?), ref: 00D8206D
                                            • GetDlgCtrlID.USER32(?), ref: 00D82076
                                            • GetParent.USER32(?), ref: 00D8208A
                                            • SendMessageW.USER32(00000000,?,00000111,?), ref: 00D8208D
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1670591504.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                            • Associated: 00000000.00000002.1670566303.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DBC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670670449.0000000000DEC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670683312.0000000000DF4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                            Similarity
                                            • API ID: MessageSend$CtrlParent$ClassName_wcslen
                                            • String ID: ComboBox$ListBox
                                            • API String ID: 711023334-1403004172
                                            • Opcode ID: d5206252cc0fea9c96891ea1faf52ca7acb986a398818d466d8b3ba196eddccd
                                            • Instruction ID: 539d799d2bc9bfc8d356a1ebc52a2908923132411c5c056463e17b294ed1a0ca
                                            • Opcode Fuzzy Hash: d5206252cc0fea9c96891ea1faf52ca7acb986a398818d466d8b3ba196eddccd
                                            • Instruction Fuzzy Hash: 9A21BEB5900218FBCB10BFA0DC95EFEBBB8FB19344F000116B995A72A1DA758918DB70
                                            Function 00DB3A23 Relevance: 15.2, APIs: 10, Instructions: 182windowCOMMON
                                            Download Yara Rule
                                            APIs
                                            • SendMessageW.USER32(?,0000101F,00000000,00000000), ref: 00DB3A9D
                                            • SendMessageW.USER32(00000000,?,0000101F,00000000), ref: 00DB3AA0
                                            • GetWindowLongW.USER32(?,000000F0), ref: 00DB3AC7
                                            • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00DB3AEA
                                            • SendMessageW.USER32(?,0000104D,00000000,00000007), ref: 00DB3B62
                                            • SendMessageW.USER32(?,00001074,00000000,00000007), ref: 00DB3BAC
                                            • SendMessageW.USER32(?,00001057,00000000,00000000), ref: 00DB3BC7
                                            • SendMessageW.USER32(?,0000101D,00001004,00000000), ref: 00DB3BE2
                                            • SendMessageW.USER32(?,0000101E,00001004,00000000), ref: 00DB3BF6
                                            • SendMessageW.USER32(?,00001008,00000000,00000007), ref: 00DB3C13
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1670591504.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                            • Associated: 00000000.00000002.1670566303.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DBC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670670449.0000000000DEC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670683312.0000000000DF4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                            Similarity
                                            • API ID: MessageSend$LongWindow
                                            • String ID:
                                            • API String ID: 312131281-0
                                            • Opcode ID: 09b708156e582c0695e67cd808ebd69333324785a8acf2baed0a442f1db2078e
                                            • Instruction ID: 867672206de6bf8ab8a7a0ee443775302985b94c3c0c2d082087f4bbb4946ff4
                                            • Opcode Fuzzy Hash: 09b708156e582c0695e67cd808ebd69333324785a8acf2baed0a442f1db2078e
                                            • Instruction Fuzzy Hash: F8615975900248EFDB10DFA8CC81EEE77B8EB49704F144199FA16E72A1D770AE45DB60
                                            Function 00D8B12F Relevance: 15.1, APIs: 10, Instructions: 88threadCOMMON
                                            Download Yara Rule
                                            APIs
                                            • GetCurrentThreadId.KERNEL32 ref: 00D8B151
                                            • GetForegroundWindow.USER32(00000000,?,?,?,?,?,00D8A1E1,?,00000001), ref: 00D8B165
                                            • GetWindowThreadProcessId.USER32(00000000), ref: 00D8B16C
                                            • AttachThreadInput.USER32(00000000,00000000,00000001,?,?,?,?,?,00D8A1E1,?,00000001), ref: 00D8B17B
                                            • GetWindowThreadProcessId.USER32(?,00000000), ref: 00D8B18D
                                            • AttachThreadInput.USER32(?,00000000,00000001,?,?,?,?,?,00D8A1E1,?,00000001), ref: 00D8B1A6
                                            • AttachThreadInput.USER32(00000000,00000000,00000001,?,?,?,?,?,00D8A1E1,?,00000001), ref: 00D8B1B8
                                            • AttachThreadInput.USER32(00000000,00000000,?,?,?,?,?,00D8A1E1,?,00000001), ref: 00D8B1FD
                                            • AttachThreadInput.USER32(?,?,00000000,?,?,?,?,?,00D8A1E1,?,00000001), ref: 00D8B212
                                            • AttachThreadInput.USER32(00000000,?,00000000,?,?,?,?,?,00D8A1E1,?,00000001), ref: 00D8B21D
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1670591504.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                            • Associated: 00000000.00000002.1670566303.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DBC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670670449.0000000000DEC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670683312.0000000000DF4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                            Similarity
                                            • API ID: Thread$AttachInput$Window$Process$CurrentForeground
                                            • String ID:
                                            • API String ID: 2156557900-0
                                            • Opcode ID: b630c6377dbd794ac03e14e15416ee80b64e056e67b3b6493c7d139c344a590f
                                            • Instruction ID: 0dc778231620b656f8a214d74cce85113133e6b13d36292d9808eb1bf92dbec2
                                            • Opcode Fuzzy Hash: b630c6377dbd794ac03e14e15416ee80b64e056e67b3b6493c7d139c344a590f
                                            • Instruction Fuzzy Hash: 5F3169B1610304EFDB10AF24DC48FBD7BA9BB51321F199116FA01D62A0DBB4AA40CB78
                                            Function 00D52C80 Relevance: 15.1, APIs: 10, Instructions: 54COMMON
                                            Download Yara Rule
                                            APIs
                                            • _free.LIBCMT ref: 00D52C94
                                              • Part of subcall function 00D529C8: RtlFreeHeap.NTDLL(00000000,00000000,?,00D5D7D1,00000000,00000000,00000000,00000000,?,00D5D7F8,00000000,00000007,00000000,?,00D5DBF5,00000000), ref: 00D529DE
                                              • Part of subcall function 00D529C8: GetLastError.KERNEL32(00000000,?,00D5D7D1,00000000,00000000,00000000,00000000,?,00D5D7F8,00000000,00000007,00000000,?,00D5DBF5,00000000,00000000), ref: 00D529F0
                                            • _free.LIBCMT ref: 00D52CA0
                                            • _free.LIBCMT ref: 00D52CAB
                                            • _free.LIBCMT ref: 00D52CB6
                                            • _free.LIBCMT ref: 00D52CC1
                                            • _free.LIBCMT ref: 00D52CCC
                                            • _free.LIBCMT ref: 00D52CD7
                                            • _free.LIBCMT ref: 00D52CE2
                                            • _free.LIBCMT ref: 00D52CED
                                            • _free.LIBCMT ref: 00D52CFB
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1670591504.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                            • Associated: 00000000.00000002.1670566303.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DBC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670670449.0000000000DEC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670683312.0000000000DF4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                            Similarity
                                            • API ID: _free$ErrorFreeHeapLast
                                            • String ID:
                                            • API String ID: 776569668-0
                                            • Opcode ID: 1d6e0adb8457aec0ac70711080c32ec6a0a46e94921b8f4a35aa8a8067a68caf
                                            • Instruction ID: 294a98b7a57db061b22b6c85bc03633d8154c8714e55165bf86a56bba91837de
                                            • Opcode Fuzzy Hash: 1d6e0adb8457aec0ac70711080c32ec6a0a46e94921b8f4a35aa8a8067a68caf
                                            • Instruction Fuzzy Hash: 8E116D76140108AFCB02AF54D882CED3BA5FF06351B5144A5FE48AB222DA31EA589FB0
                                            Function 00D97DF0 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 230COMMON
                                            Download Yara Rule
                                            APIs
                                            • GetCurrentDirectoryW.KERNEL32(00007FFF,?), ref: 00D97FAD
                                            • SetCurrentDirectoryW.KERNEL32(?), ref: 00D97FC1
                                            • GetFileAttributesW.KERNEL32(?), ref: 00D97FEB
                                            • SetFileAttributesW.KERNEL32(?,00000000), ref: 00D98005
                                            • SetCurrentDirectoryW.KERNEL32(?), ref: 00D98017
                                            • SetCurrentDirectoryW.KERNEL32(?), ref: 00D98060
                                            • SetCurrentDirectoryW.KERNEL32(?,?,?,?,?), ref: 00D980B0
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1670591504.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                            • Associated: 00000000.00000002.1670566303.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DBC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670670449.0000000000DEC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670683312.0000000000DF4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                            Similarity
                                            • API ID: CurrentDirectory$AttributesFile
                                            • String ID: *.*
                                            • API String ID: 769691225-438819550
                                            • Opcode ID: 8b5129a2602a8b3ee4c5585cc1a2ea27a53fdaf69ed073ec279e62a9c705b5a6
                                            • Instruction ID: 004db55390373a43e3f2eee2b240ec29f9a4551ce648a5d2a8aad77596978136
                                            • Opcode Fuzzy Hash: 8b5129a2602a8b3ee4c5585cc1a2ea27a53fdaf69ed073ec279e62a9c705b5a6
                                            • Instruction Fuzzy Hash: 0F81A0725182429BCF20EF14C844AAEB3E8FF99714F58485EF889D7250EB34DD458B72
                                            Function 00D25BEA Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 184windowCOMMON
                                            Download Yara Rule
                                            APIs
                                            • SetWindowLongW.USER32(?,000000EB), ref: 00D25C7A
                                              • Part of subcall function 00D25D0A: GetClientRect.USER32(?,?), ref: 00D25D30
                                              • Part of subcall function 00D25D0A: GetWindowRect.USER32(?,?), ref: 00D25D71
                                              • Part of subcall function 00D25D0A: ScreenToClient.USER32(?,?), ref: 00D25D99
                                            • GetDC.USER32 ref: 00D646F5
                                            • SendMessageW.USER32(?,00000031,00000000,00000000), ref: 00D64708
                                            • SelectObject.GDI32(00000000,00000000), ref: 00D64716
                                            • SelectObject.GDI32(00000000,00000000), ref: 00D6472B
                                            • ReleaseDC.USER32(?,00000000), ref: 00D64733
                                            • MoveWindow.USER32(?,?,?,?,?,?,?,00000031,00000000,00000000), ref: 00D647C4
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1670591504.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                            • Associated: 00000000.00000002.1670566303.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DBC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670670449.0000000000DEC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670683312.0000000000DF4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                            Similarity
                                            • API ID: Window$ClientObjectRectSelect$LongMessageMoveReleaseScreenSend
                                            • String ID: U
                                            • API String ID: 4009187628-3372436214
                                            • Opcode ID: 7d49614645eee5312bb6f62b6368efc7134a59836e614a4ca451471671fd587c
                                            • Instruction ID: 9b48bb2528d475a5e5a51b650b463dabc6b841e2d72fcab53e55ef144005520f
                                            • Opcode Fuzzy Hash: 7d49614645eee5312bb6f62b6368efc7134a59836e614a4ca451471671fd587c
                                            • Instruction Fuzzy Hash: 3F71EE30400205DFCF218F64D984EFA3BB5FF5A364F184269E9969A2AAD730D841DFB0
                                            Function 00D9359C Relevance: 14.2, APIs: 3, Strings: 5, Instructions: 150COMMON
                                            Download Yara Rule
                                            APIs
                                            • LoadStringW.USER32(00000066,?,00000FFF,00000000), ref: 00D935E4
                                              • Part of subcall function 00D29CB3: _wcslen.LIBCMT ref: 00D29CBD
                                            • LoadStringW.USER32(00DF2390,?,00000FFF,?), ref: 00D9360A
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1670591504.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                            • Associated: 00000000.00000002.1670566303.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DBC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670670449.0000000000DEC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670683312.0000000000DF4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                            Similarity
                                            • API ID: LoadString$_wcslen
                                            • String ID: Error: $"%s" (%d) : ==> %s:$"%s" (%d) : ==> %s:%s%s$Line %d (File "%s"):$^ ERROR
                                            • API String ID: 4099089115-2391861430
                                            • Opcode ID: fb7a68d53f41796794d947d210dea50ff87bb55475a56579bb6072db82a1a9e9
                                            • Instruction ID: 5f82d4f52e94efd112dd10ad48bf30962134bc52df34ddee493c1abadb8162b0
                                            • Opcode Fuzzy Hash: fb7a68d53f41796794d947d210dea50ff87bb55475a56579bb6072db82a1a9e9
                                            • Instruction Fuzzy Hash: 22513C71800259AADF15EBE0DC52EEDBB78EF24344F184125F105721A1EB316B99DF71
                                            Function 00D9C253 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 94networkCOMMON
                                            Download Yara Rule
                                            APIs
                                            • InternetOpenUrlW.WININET(?,?,00000000,00000000,?,00000000), ref: 00D9C272
                                            • HttpSendRequestW.WININET(00000000,00000000,00000000,00000000,00000000), ref: 00D9C29A
                                            • HttpQueryInfoW.WININET(00000000,00000005,?,?,?), ref: 00D9C2CA
                                            • GetLastError.KERNEL32 ref: 00D9C322
                                            • SetEvent.KERNEL32(?), ref: 00D9C336
                                            • InternetCloseHandle.WININET(00000000), ref: 00D9C341
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1670591504.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                            • Associated: 00000000.00000002.1670566303.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DBC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670670449.0000000000DEC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670683312.0000000000DF4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                            Similarity
                                            • API ID: HttpInternet$CloseErrorEventHandleInfoLastOpenQueryRequestSend
                                            • String ID:
                                            • API String ID: 3113390036-3916222277
                                            • Opcode ID: 5748f8f7f74359474e7f588a7ea439b7526f3d0019e2aea5e04f640866654b9e
                                            • Instruction ID: 264e14d6a3dacdbffffef2f73bb084e0acf2c25ec49cb2db2e9f09144f8458c6
                                            • Opcode Fuzzy Hash: 5748f8f7f74359474e7f588a7ea439b7526f3d0019e2aea5e04f640866654b9e
                                            • Instruction Fuzzy Hash: 70317CB1620308EFDB219F658C88AAB7BFCFB49744B14951EF486D2210DB30DD049B71
                                            Function 00D8989B Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 74windowCOMMON
                                            Download Yara Rule
                                            APIs
                                            • GetModuleHandleW.KERNEL32(00000000,?,?,00000FFF,00000000,?,00D63AAF,?,?,Bad directive syntax error,00DBCC08,00000000,00000010,?,?,>>>AUTOIT SCRIPT<<<), ref: 00D898BC
                                            • LoadStringW.USER32(00000000,?,00D63AAF,?), ref: 00D898C3
                                              • Part of subcall function 00D29CB3: _wcslen.LIBCMT ref: 00D29CBD
                                            • MessageBoxW.USER32(00000000,00000001,00000001,00011010), ref: 00D89987
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1670591504.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                            • Associated: 00000000.00000002.1670566303.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DBC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670670449.0000000000DEC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670683312.0000000000DF4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                            Similarity
                                            • API ID: HandleLoadMessageModuleString_wcslen
                                            • String ID: Error: $%s (%d) : ==> %s.: %s %s$.$Line %d (File "%s"):$Line %d:
                                            • API String ID: 858772685-4153970271
                                            • Opcode ID: a654f11ed4b198e17d306f614b9660ed6a554ccbc3cee047ce2a370fbb10b10b
                                            • Instruction ID: 54ae79d18f415ea36e2aef53118aa00a0815b794d8f414070e25f0067b546c54
                                            • Opcode Fuzzy Hash: a654f11ed4b198e17d306f614b9660ed6a554ccbc3cee047ce2a370fbb10b10b
                                            • Instruction Fuzzy Hash: BD216B3280021EEBCF11BF90DC16EEEB739FF28344F085429F515620A2EA719A18DB30
                                            Function 00D8209F Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 71windowCOMMON
                                            Download Yara Rule
                                            APIs
                                            • GetParent.USER32 ref: 00D820AB
                                            • GetClassNameW.USER32(00000000,?,00000100), ref: 00D820C0
                                            • SendMessageW.USER32(00000000,00000111,0000702B,00000000), ref: 00D8214D
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1670591504.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                            • Associated: 00000000.00000002.1670566303.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DBC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670670449.0000000000DEC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670683312.0000000000DF4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                            Similarity
                                            • API ID: ClassMessageNameParentSend
                                            • String ID: SHELLDLL_DefView$details$largeicons$list$smallicons
                                            • API String ID: 1290815626-3381328864
                                            • Opcode ID: a87381321e947fe26c3512b744e1628c604a9bc91e83a9ef0bc7c8fa98e0e833
                                            • Instruction ID: 0f46827dfbe98aa2a1bfc6381cf37f618a3cc5b45fb4580320f363139f5ba38b
                                            • Opcode Fuzzy Hash: a87381321e947fe26c3512b744e1628c604a9bc91e83a9ef0bc7c8fa98e0e833
                                            • Instruction Fuzzy Hash: 6B1106766C8706BAF6117221EC0BEBA379CEB05368B300116FB48E51E5FEA1A8455734
                                            Function 00D58D45 Relevance: 13.8, APIs: 9, Instructions: 300COMMONLIBRARYCODE
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1670591504.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                            • Associated: 00000000.00000002.1670566303.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DBC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670670449.0000000000DEC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670683312.0000000000DF4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: c853765a55646bbc898de75a6f45187de4598d3c0cb9fed988e814786a056126
                                            • Instruction ID: 8192fade4b6ad3cc6ef939e9f3b8fc2395e6feff5e8315af9343b9a52749af74
                                            • Opcode Fuzzy Hash: c853765a55646bbc898de75a6f45187de4598d3c0cb9fed988e814786a056126
                                            • Instruction Fuzzy Hash: 33C1CB74A04349EFCF119FACC895BADBBB0AF09312F084199ED55A7392CB709949CB70
                                            Function 00D5CE90 Relevance: 13.7, APIs: 9, Instructions: 209COMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1670591504.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                            • Associated: 00000000.00000002.1670566303.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DBC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670670449.0000000000DEC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670683312.0000000000DF4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                            Similarity
                                            • API ID: _free$EnvironmentVariable___from_strstr_to_strchr
                                            • String ID:
                                            • API String ID: 1282221369-0
                                            • Opcode ID: 032ef2add3db5d4f60c2126b19c2130072986c825895b16ac7cfaaf6ba2c7dbc
                                            • Instruction ID: dac0da9eb4cfa101d4b59608b9b4039f02801930605fe53deb51f4dfba5889f4
                                            • Opcode Fuzzy Hash: 032ef2add3db5d4f60c2126b19c2130072986c825895b16ac7cfaaf6ba2c7dbc
                                            • Instruction Fuzzy Hash: 3761E371905310AFDF21AFB8DC81A7A7BA5EF05362F08816DFD44E7282D6319909CBB0
                                            Function 00DB50D4 Relevance: 13.7, APIs: 9, Instructions: 162windowCOMMON
                                            Download Yara Rule
                                            APIs
                                            • SendMessageW.USER32(?,00002001,00000000,00000000), ref: 00DB5186
                                            • ShowWindow.USER32(?,00000000), ref: 00DB51C7
                                            • ShowWindow.USER32(?,00000005,?,00000000), ref: 00DB51CD
                                            • SetFocus.USER32(?,?,00000005,?,00000000), ref: 00DB51D1
                                              • Part of subcall function 00DB6FBA: DeleteObject.GDI32(00000000), ref: 00DB6FE6
                                            • GetWindowLongW.USER32(?,000000F0), ref: 00DB520D
                                            • SetWindowLongW.USER32(?,000000F0,00000000), ref: 00DB521A
                                            • InvalidateRect.USER32(?,00000000,00000001,?,00000001), ref: 00DB524D
                                            • SendMessageW.USER32(?,00001001,00000000,000000FE), ref: 00DB5287
                                            • SendMessageW.USER32(?,00001026,00000000,000000FE), ref: 00DB5296
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1670591504.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                            • Associated: 00000000.00000002.1670566303.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DBC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670670449.0000000000DEC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670683312.0000000000DF4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                            Similarity
                                            • API ID: Window$MessageSend$LongShow$DeleteFocusInvalidateObjectRect
                                            • String ID:
                                            • API String ID: 3210457359-0
                                            • Opcode ID: 97e28e4907c3f00dccc93bc2bb9d3d7362fe990ee355c87df6db94ae519a8d74
                                            • Instruction ID: 932a89be4a849bf1f2a008edd71195cd5cb874cff81a62ad4db40cbbdee91650
                                            • Opcode Fuzzy Hash: 97e28e4907c3f00dccc93bc2bb9d3d7362fe990ee355c87df6db94ae519a8d74
                                            • Instruction Fuzzy Hash: B4518F30A52B08FEEF249F28EC46BD87B65FB05361F184112F51B962E4C7759980DB74
                                            Function 00D38B06 Relevance: 13.7, APIs: 9, Instructions: 155windowCOMMON
                                            Download Yara Rule
                                            APIs
                                            • LoadImageW.USER32(00000000,?,?,00000010,00000010,00000010), ref: 00D76890
                                            • ExtractIconExW.SHELL32(?,?,00000000,00000000,00000001), ref: 00D768A9
                                            • LoadImageW.USER32(00000000,?,00000001,00000000,00000000,00000050), ref: 00D768B9
                                            • ExtractIconExW.SHELL32(?,?,?,00000000,00000001), ref: 00D768D1
                                            • SendMessageW.USER32(00000000,00000080,00000000,00000000), ref: 00D768F2
                                            • DestroyIcon.USER32(00000000,?,00000010,00000010,00000010,?,?,?,?,?,00D38874,00000000,00000000,00000000,000000FF,00000000), ref: 00D76901
                                            • SendMessageW.USER32(00000000,00000080,00000001,00000000), ref: 00D7691E
                                            • DestroyIcon.USER32(00000000,?,00000010,00000010,00000010,?,?,?,?,?,00D38874,00000000,00000000,00000000,000000FF,00000000), ref: 00D7692D
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1670591504.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                            • Associated: 00000000.00000002.1670566303.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DBC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670670449.0000000000DEC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670683312.0000000000DF4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                            Similarity
                                            • API ID: Icon$DestroyExtractImageLoadMessageSend
                                            • String ID:
                                            • API String ID: 1268354404-0
                                            • Opcode ID: a22b78f96cb1a64bcfc3aa40da4a0c1fb1d52606cdfd7055a3f2013b31ab2b6d
                                            • Instruction ID: 310226932715f10c49eec2948496b24588a17c1b9aeed7afd6f60ff3d52b8c39
                                            • Opcode Fuzzy Hash: a22b78f96cb1a64bcfc3aa40da4a0c1fb1d52606cdfd7055a3f2013b31ab2b6d
                                            • Instruction Fuzzy Hash: B651597460070AEFDB208F24CC55BAABBA5FB58750F148618F956D62A0EB70E950DB60
                                            Function 00D9C143 Relevance: 13.6, APIs: 9, Instructions: 95networkCOMMON
                                            Download Yara Rule
                                            APIs
                                            • InternetConnectW.WININET(?,?,?,?,?,?,00000000,00000000), ref: 00D9C182
                                            • GetLastError.KERNEL32 ref: 00D9C195
                                            • SetEvent.KERNEL32(?), ref: 00D9C1A9
                                              • Part of subcall function 00D9C253: InternetOpenUrlW.WININET(?,?,00000000,00000000,?,00000000), ref: 00D9C272
                                              • Part of subcall function 00D9C253: GetLastError.KERNEL32 ref: 00D9C322
                                              • Part of subcall function 00D9C253: SetEvent.KERNEL32(?), ref: 00D9C336
                                              • Part of subcall function 00D9C253: InternetCloseHandle.WININET(00000000), ref: 00D9C341
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1670591504.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                            • Associated: 00000000.00000002.1670566303.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DBC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670670449.0000000000DEC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670683312.0000000000DF4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                            Similarity
                                            • API ID: Internet$ErrorEventLast$CloseConnectHandleOpen
                                            • String ID:
                                            • API String ID: 337547030-0
                                            • Opcode ID: c8a53ee63dbcb18870a2274e9830bd2aa2bc50e378017f6daa5ca53f36b2bb1e
                                            • Instruction ID: 9ef9dae9038f77c5a076f50a2503fc9262cbdfae4fdecd1c4cead62ce5ff2ad7
                                            • Opcode Fuzzy Hash: c8a53ee63dbcb18870a2274e9830bd2aa2bc50e378017f6daa5ca53f36b2bb1e
                                            • Instruction Fuzzy Hash: EC318A71220701EFDF219FA5DC44A66BBF8FF58300B14652DF95AC6620DB30E8149BB4
                                            Function 00D825A2 Relevance: 13.6, APIs: 9, Instructions: 60sleepkeyboardwindowCOMMON
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 00D83A3D: GetWindowThreadProcessId.USER32(?,00000000), ref: 00D83A57
                                              • Part of subcall function 00D83A3D: GetCurrentThreadId.KERNEL32 ref: 00D83A5E
                                              • Part of subcall function 00D83A3D: AttachThreadInput.USER32(00000000,?,00000000,00000000,?,00D825B3), ref: 00D83A65
                                            • MapVirtualKeyW.USER32(00000025,00000000), ref: 00D825BD
                                            • PostMessageW.USER32(?,00000100,00000025,00000000), ref: 00D825DB
                                            • Sleep.KERNEL32(00000000,?,00000100,00000025,00000000), ref: 00D825DF
                                            • MapVirtualKeyW.USER32(00000025,00000000), ref: 00D825E9
                                            • PostMessageW.USER32(?,00000100,00000027,00000000), ref: 00D82601
                                            • Sleep.KERNEL32(00000000,?,00000100,00000027,00000000), ref: 00D82605
                                            • MapVirtualKeyW.USER32(00000025,00000000), ref: 00D8260F
                                            • PostMessageW.USER32(?,00000101,00000027,00000000), ref: 00D82623
                                            • Sleep.KERNEL32(00000000,?,00000101,00000027,00000000,?,00000100,00000027,00000000), ref: 00D82627
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1670591504.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                            • Associated: 00000000.00000002.1670566303.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DBC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670670449.0000000000DEC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670683312.0000000000DF4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                            Similarity
                                            • API ID: MessagePostSleepThreadVirtual$AttachCurrentInputProcessWindow
                                            • String ID:
                                            • API String ID: 2014098862-0
                                            • Opcode ID: 1d929c0991ddfe4eab83cf02a27714304b5898101908ca419f2b630806d238e6
                                            • Instruction ID: ddbbfc3f4598c1a2ed26766827d9656108117b6ac73e93af70188ee024688243
                                            • Opcode Fuzzy Hash: 1d929c0991ddfe4eab83cf02a27714304b5898101908ca419f2b630806d238e6
                                            • Instruction Fuzzy Hash: 7601B1703A0310FBFB1067689C8AF593F59EB5EB52F101102F358EE1E1C9E264448A79
                                            Function 00D81803 Relevance: 13.5, APIs: 9, Instructions: 49memorythreadCOMMON
                                            Download Yara Rule
                                            APIs
                                            • GetProcessHeap.KERNEL32(00000008,0000000C,?,00000000,?,00D81449,?,?,00000000), ref: 00D8180C
                                            • HeapAlloc.KERNEL32(00000000,?,00D81449,?,?,00000000), ref: 00D81813
                                            • GetCurrentProcess.KERNEL32(00000000,00000000,00000000,00000002,?,00D81449,?,?,00000000), ref: 00D81828
                                            • GetCurrentProcess.KERNEL32(?,00000000,?,00D81449,?,?,00000000), ref: 00D81830
                                            • DuplicateHandle.KERNEL32(00000000,?,00D81449,?,?,00000000), ref: 00D81833
                                            • GetCurrentProcess.KERNEL32(00000000,00000000,00000000,00000002,?,00D81449,?,?,00000000), ref: 00D81843
                                            • GetCurrentProcess.KERNEL32(00D81449,00000000,?,00D81449,?,?,00000000), ref: 00D8184B
                                            • DuplicateHandle.KERNEL32(00000000,?,00D81449,?,?,00000000), ref: 00D8184E
                                            • CreateThread.KERNEL32(00000000,00000000,00D81874,00000000,00000000,00000000), ref: 00D81868
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1670591504.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                            • Associated: 00000000.00000002.1670566303.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DBC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670670449.0000000000DEC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670683312.0000000000DF4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                            Similarity
                                            • API ID: Process$Current$DuplicateHandleHeap$AllocCreateThread
                                            • String ID:
                                            • API String ID: 1957940570-0
                                            • Opcode ID: d5bec7b2eb06d12276dca0063f47badf225508d8ce5df5d4474557eb0ab1adbe
                                            • Instruction ID: 08698210fa89bf2a6969dadc5cd37eb2890676b1d1dc9411c91131d10f8b9cd8
                                            • Opcode Fuzzy Hash: d5bec7b2eb06d12276dca0063f47badf225508d8ce5df5d4474557eb0ab1adbe
                                            • Instruction Fuzzy Hash: 7D01ACB5250304FFE610AFA5DC49F5B3BACFB89B51F405511FA05EB291C67098048B30
                                            Function 00DAA0E2 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 160COMMON
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 00D8D4DC: CreateToolhelp32Snapshot.KERNEL32 ref: 00D8D501
                                              • Part of subcall function 00D8D4DC: Process32FirstW.KERNEL32(00000000,?), ref: 00D8D50F
                                              • Part of subcall function 00D8D4DC: FindCloseChangeNotification.KERNEL32(00000000), ref: 00D8D5DC
                                            • OpenProcess.KERNEL32(00000001,00000000,?), ref: 00DAA16D
                                            • GetLastError.KERNEL32 ref: 00DAA180
                                            • OpenProcess.KERNEL32(00000001,00000000,?), ref: 00DAA1B3
                                            • TerminateProcess.KERNEL32(00000000,00000000), ref: 00DAA268
                                            • GetLastError.KERNEL32(00000000), ref: 00DAA273
                                            • CloseHandle.KERNEL32(00000000), ref: 00DAA2C4
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1670591504.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                            • Associated: 00000000.00000002.1670566303.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DBC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670670449.0000000000DEC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670683312.0000000000DF4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                            Similarity
                                            • API ID: Process$CloseErrorLastOpen$ChangeCreateFindFirstHandleNotificationProcess32SnapshotTerminateToolhelp32
                                            • String ID: SeDebugPrivilege
                                            • API String ID: 1701285019-2896544425
                                            • Opcode ID: f126a67dcf201fbeac6ff9e45e85cbc97ec56486e347a1aa6cf87ec148c9a30f
                                            • Instruction ID: ddc3da3cd4f79b5bd2578053a52794d30fe40d3fe79cf07a075f15b60e272435
                                            • Opcode Fuzzy Hash: f126a67dcf201fbeac6ff9e45e85cbc97ec56486e347a1aa6cf87ec148c9a30f
                                            • Instruction Fuzzy Hash: 2E618F31205342AFD720DF18C494F1ABBE1AF55318F58859CE4568B7A3C776EC49CBA2
                                            Function 00DB3886 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 141windowCOMMON
                                            Download Yara Rule
                                            APIs
                                            • SendMessageW.USER32(00000000,00001036,00000010,00000010), ref: 00DB3925
                                            • SendMessageW.USER32(00000000,00001036,00000000,?), ref: 00DB393A
                                            • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000013), ref: 00DB3954
                                            • _wcslen.LIBCMT ref: 00DB3999
                                            • SendMessageW.USER32(?,00001057,00000000,?), ref: 00DB39C6
                                            • SendMessageW.USER32(?,00001061,?,0000000F), ref: 00DB39F4
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1670591504.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                            • Associated: 00000000.00000002.1670566303.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DBC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670670449.0000000000DEC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670683312.0000000000DF4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                            Similarity
                                            • API ID: MessageSend$Window_wcslen
                                            • String ID: SysListView32
                                            • API String ID: 2147712094-78025650
                                            • Opcode ID: d6e7c4a67ed89c666e665497de6c72740b6c9b68fc5be58204865df87ccedbff
                                            • Instruction ID: aa4ab1e10753c7d3c2d45e13619b9567590dbe5d561943926116233fa874359c
                                            • Opcode Fuzzy Hash: d6e7c4a67ed89c666e665497de6c72740b6c9b68fc5be58204865df87ccedbff
                                            • Instruction Fuzzy Hash: A2419F71A00318EBEF219F64CC45BEA7BA9EF08350F140126F959E7291D7B1D980DBB0
                                            Function 00D8BC5E Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 137windowCOMMON
                                            Download Yara Rule
                                            APIs
                                            • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 00D8BCFD
                                            • IsMenu.USER32(00000000), ref: 00D8BD1D
                                            • CreatePopupMenu.USER32 ref: 00D8BD53
                                            • GetMenuItemCount.USER32(01575B98), ref: 00D8BDA4
                                            • InsertMenuItemW.USER32(01575B98,?,00000001,00000030), ref: 00D8BDCC
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1670591504.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                            • Associated: 00000000.00000002.1670566303.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DBC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670670449.0000000000DEC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670683312.0000000000DF4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                            Similarity
                                            • API ID: Menu$Item$CountCreateInfoInsertPopup
                                            • String ID: 0$2
                                            • API String ID: 93392585-3793063076
                                            • Opcode ID: 2b77859d53d61e0c6bb54adc8e60f7f30529c0b7922609505cafdb5f228e27c4
                                            • Instruction ID: 5c9f95c351ad356d02432ec7f3e3ef736d4146ba3a5311df463ef48a81ebdf6f
                                            • Opcode Fuzzy Hash: 2b77859d53d61e0c6bb54adc8e60f7f30529c0b7922609505cafdb5f228e27c4
                                            • Instruction Fuzzy Hash: 61518E70A00205FBDB20EFA9D884BAEBBF4FF45324F18465AE452E7291E7709945CB71
                                            Function 00D8C874 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 81windowCOMMON
                                            Download Yara Rule
                                            APIs
                                            • LoadIconW.USER32(00000000,00007F03), ref: 00D8C913
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1670591504.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                            • Associated: 00000000.00000002.1670566303.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DBC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670670449.0000000000DEC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670683312.0000000000DF4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                            Similarity
                                            • API ID: IconLoad
                                            • String ID: blank$info$question$stop$warning
                                            • API String ID: 2457776203-404129466
                                            • Opcode ID: ba2e6eef406500d495f9790ed8afbe6582fba49dfbd3cd412791a87cdfe1982a
                                            • Instruction ID: ac382d848320ea932fc854e28d9669063664b12acd03d6c7b9a7223497387154
                                            • Opcode Fuzzy Hash: ba2e6eef406500d495f9790ed8afbe6582fba49dfbd3cd412791a87cdfe1982a
                                            • Instruction Fuzzy Hash: DA113D316E9706FFE7007B149C83DAA37ACDF15769B20106BF500A6282E774DE405775
                                            Function 00D8DE27 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 70networkCOMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1670591504.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                            • Associated: 00000000.00000002.1670566303.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DBC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670670449.0000000000DEC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670683312.0000000000DF4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                            Similarity
                                            • API ID: CleanupStartup_strcatgethostbynamegethostnameinet_ntoa
                                            • String ID: 0.0.0.0
                                            • API String ID: 642191829-3771769585
                                            • Opcode ID: 94393b81f39763a5ee629066b25ea733977b4d7cc3051493023a0a8f13b954b6
                                            • Instruction ID: 55e56e6c1c3957e8c5493c9490600700d00e3c6ddd15fee398a19fbd54a4fdd4
                                            • Opcode Fuzzy Hash: 94393b81f39763a5ee629066b25ea733977b4d7cc3051493023a0a8f13b954b6
                                            • Instruction Fuzzy Hash: 6711E471914204EFCB21BB249C4AEEE77ADEB11710F0401A9F585EA1D1EF709A818B70
                                            Function 00DB9F86 Relevance: 12.3, APIs: 8, Instructions: 260windowCOMMON
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 00D39BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00D39BB2
                                            • GetSystemMetrics.USER32(0000000F), ref: 00DB9FC7
                                            • GetSystemMetrics.USER32(0000000F), ref: 00DB9FE7
                                            • MoveWindow.USER32(00000003,?,?,?,?,00000000,?,?,?), ref: 00DBA224
                                            • SendMessageW.USER32(00000003,00000142,00000000,0000FFFF), ref: 00DBA242
                                            • SendMessageW.USER32(00000003,00000469,?,00000000), ref: 00DBA263
                                            • ShowWindow.USER32(00000003,00000000), ref: 00DBA282
                                            • InvalidateRect.USER32(?,00000000,00000001), ref: 00DBA2A7
                                            • DefDlgProcW.USER32(?,00000005,?,?), ref: 00DBA2CA
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1670591504.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                            • Associated: 00000000.00000002.1670566303.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DBC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670670449.0000000000DEC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670683312.0000000000DF4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                            Similarity
                                            • API ID: Window$MessageMetricsSendSystem$InvalidateLongMoveProcRectShow
                                            • String ID:
                                            • API String ID: 1211466189-0
                                            • Opcode ID: ad8050be985d7af811f3325f49665d79c891a32d733461f1c65ac9d9acd0ce1c
                                            • Instruction ID: 05792644a1f9ed74b08920c4e70885569b9810f0b51b297d685508e6223ad8da
                                            • Opcode Fuzzy Hash: ad8050be985d7af811f3325f49665d79c891a32d733461f1c65ac9d9acd0ce1c
                                            • Instruction Fuzzy Hash: 12B17931600215EFDF14CF6CC9857EE7BB2BF48741F088069ED8A9B295DB31A940CB61
                                            Function 00D8ED19 Relevance: 12.1, APIs: 8, Instructions: 137timeCOMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1670591504.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                            • Associated: 00000000.00000002.1670566303.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DBC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670670449.0000000000DEC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670683312.0000000000DF4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                            Similarity
                                            • API ID: _wcslen$LocalTime
                                            • String ID:
                                            • API String ID: 952045576-0
                                            • Opcode ID: e3b9f1484aa1f70dfd5af59ed01c5fb3be73c79a716394a901e0df312e3f8640
                                            • Instruction ID: 28e41205d4acc2edd5c5ab6e2b546e98fb0c91adc5406d51bad3041143b7a04a
                                            • Opcode Fuzzy Hash: e3b9f1484aa1f70dfd5af59ed01c5fb3be73c79a716394a901e0df312e3f8640
                                            • Instruction Fuzzy Hash: 1F41AE65C10218B6CB11FBB4888AACFB7A8EF45310F508466F518F3122FB34E245C7BA
                                            Function 00D3F8D8 Relevance: 12.1, APIs: 8, Instructions: 124COMMON
                                            Download Yara Rule
                                            APIs
                                            • ShowWindow.USER32(FFFFFFFF,000000FF,?,00000000,?,00D7682C,00000004,00000000,00000000), ref: 00D3F953
                                            • ShowWindow.USER32(FFFFFFFF,00000006,?,00000000,?,00D7682C,00000004,00000000,00000000), ref: 00D7F3D1
                                            • ShowWindow.USER32(FFFFFFFF,000000FF,?,00000000,?,00D7682C,00000004,00000000,00000000), ref: 00D7F454
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1670591504.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                            • Associated: 00000000.00000002.1670566303.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DBC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670670449.0000000000DEC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670683312.0000000000DF4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                            Similarity
                                            • API ID: ShowWindow
                                            • String ID:
                                            • API String ID: 1268545403-0
                                            • Opcode ID: a0c24d256915cb0d65590413b762c77c78ac66612f68b2e9857ecce2408d7bc9
                                            • Instruction ID: f933e44bef93c4f7adf742b79933aaf34339cd30f3cd25d1d0fa08e0e57b5740
                                            • Opcode Fuzzy Hash: a0c24d256915cb0d65590413b762c77c78ac66612f68b2e9857ecce2408d7bc9
                                            • Instruction Fuzzy Hash: B841E931A18744FBC7398B29888876E7B91BB56324F1C853CE08B96760D672E880CF71
                                            Function 00DB2D03 Relevance: 12.1, APIs: 8, Instructions: 95windowCOMMON
                                            Download Yara Rule
                                            APIs
                                            • DeleteObject.GDI32(00000000), ref: 00DB2D1B
                                            • GetDC.USER32(00000000), ref: 00DB2D23
                                            • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00DB2D2E
                                            • ReleaseDC.USER32(00000000,00000000), ref: 00DB2D3A
                                            • CreateFontW.GDI32(?,00000000,00000000,00000000,?,00000000,00000000,00000000,00000001,00000004,00000000,?,00000000,?), ref: 00DB2D76
                                            • SendMessageW.USER32(?,00000030,00000000,00000001), ref: 00DB2D87
                                            • MoveWindow.USER32(?,?,?,?,?,00000000,?,?,00DB5A65,?,?,000000FF,00000000,?,000000FF,?), ref: 00DB2DC2
                                            • SendMessageW.USER32(?,00000142,00000000,00000000), ref: 00DB2DE1
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1670591504.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                            • Associated: 00000000.00000002.1670566303.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DBC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670670449.0000000000DEC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670683312.0000000000DF4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                            Similarity
                                            • API ID: MessageSend$CapsCreateDeleteDeviceFontMoveObjectReleaseWindow
                                            • String ID:
                                            • API String ID: 3864802216-0
                                            • Opcode ID: db5a73cb54b721400cef3cab1e60783f53ff8fcf943d267fb152e9e9ecfbaa76
                                            • Instruction ID: d172e92028b0be91c038e31074a3f0430c15c496f5a183b4b074ebc73b733c2f
                                            • Opcode Fuzzy Hash: db5a73cb54b721400cef3cab1e60783f53ff8fcf943d267fb152e9e9ecfbaa76
                                            • Instruction Fuzzy Hash: 16317A72211214FBEB118F548C8AFFB3BA9FB49711F084155FE09DA2A1C6759850CBB0
                                            Function 00D85622 Relevance: 12.1, APIs: 8, Instructions: 92COMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1670591504.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                            • Associated: 00000000.00000002.1670566303.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DBC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670670449.0000000000DEC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670683312.0000000000DF4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                            Similarity
                                            • API ID: _memcmp
                                            • String ID:
                                            • API String ID: 2931989736-0
                                            • Opcode ID: 203d551686a106366d62f5987faaaa5abf35cbb7f89b5e3af88552e83fc5ee22
                                            • Instruction ID: d07e7b9665ab7b0d3ad57ed19bbbf0bbca466b0bd2e88022aeef02a955d9549d
                                            • Opcode Fuzzy Hash: 203d551686a106366d62f5987faaaa5abf35cbb7f89b5e3af88552e83fc5ee22
                                            • Instruction Fuzzy Hash: 7121C675650A09BBD6147A20AE83FFB335CEF21394F484020FD059A689F721ED5583B9
                                            Function 00DA4FAE Relevance: 10.9, APIs: 4, Strings: 2, Instructions: 359COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1670591504.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                            • Associated: 00000000.00000002.1670566303.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DBC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670670449.0000000000DEC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670683312.0000000000DF4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: NULL Pointer assignment$Not an Object type
                                            • API String ID: 0-572801152
                                            • Opcode ID: 4a8d32892285aec94270b8387e7b60ad8f17a9330667aa0c7e4cff14bf886965
                                            • Instruction ID: 64b272ef1d846ccc5e328480fa473a7da4fedfa2796dc59a28184d22dcac8c19
                                            • Opcode Fuzzy Hash: 4a8d32892285aec94270b8387e7b60ad8f17a9330667aa0c7e4cff14bf886965
                                            • Instruction Fuzzy Hash: DFD1B071A0060AAFDF10CF98D880BAEB7B5FF49344F188469E915AB285E370DD45CBB0
                                            Function 00D61522 Relevance: 10.8, APIs: 7, Instructions: 268COMMON
                                            Download Yara Rule
                                            APIs
                                            • GetCPInfo.KERNEL32(?,?), ref: 00D615CE
                                            • MultiByteToWideChar.KERNEL32(?,00000009,?,?,00000000,00000000), ref: 00D61651
                                            • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 00D616E4
                                            • MultiByteToWideChar.KERNEL32(?,00000009,?,?,00000000,00000000), ref: 00D616FB
                                              • Part of subcall function 00D53820: RtlAllocateHeap.NTDLL(00000000,?,00DF1444,?,00D3FDF5,?,?,00D2A976,00000010,00DF1440,00D213FC,?,00D213C6,?,00D21129), ref: 00D53852
                                            • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 00D61777
                                            • __freea.LIBCMT ref: 00D617A2
                                            • __freea.LIBCMT ref: 00D617AE
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1670591504.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                            • Associated: 00000000.00000002.1670566303.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DBC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670670449.0000000000DEC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670683312.0000000000DF4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                            Similarity
                                            • API ID: ByteCharMultiWide$__freea$AllocateHeapInfo
                                            • String ID:
                                            • API String ID: 2829977744-0
                                            • Opcode ID: fe4ef18fa3815ebd8e0f845c36ff2a917996537f4a9764bc07b8719150314ebf
                                            • Instruction ID: b3dab41b00a6f2116e9be08d9c4ea0d499069595efd45c1152c07fd04eb275ee
                                            • Opcode Fuzzy Hash: fe4ef18fa3815ebd8e0f845c36ff2a917996537f4a9764bc07b8719150314ebf
                                            • Instruction Fuzzy Hash: 1191A279E002169BDF208EB4C881AEEBBB5EF49350F1C4659E802E7291D735DD44CBB0
                                            Function 00DA4523 Relevance: 10.8, APIs: 4, Strings: 2, Instructions: 262COMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1670591504.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                            • Associated: 00000000.00000002.1670566303.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DBC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670670449.0000000000DEC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670683312.0000000000DF4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                            Similarity
                                            • API ID: Variant$ClearInit
                                            • String ID: Incorrect Object type in FOR..IN loop$Null Object assignment in FOR..IN loop
                                            • API String ID: 2610073882-625585964
                                            • Opcode ID: 8d4a6baf82e0284106d99715fca478faaddff64362a6b5ac54c893a9e9110238
                                            • Instruction ID: 947b1b278b7cd1b954a7f5d1d2c42e21aca599ecebc0a766ef9ca356892d7155
                                            • Opcode Fuzzy Hash: 8d4a6baf82e0284106d99715fca478faaddff64362a6b5ac54c893a9e9110238
                                            • Instruction Fuzzy Hash: 7391AC71A00219EFDF20CFA5D884FAEBBB8EF86710F148559F505AB280D7B09945CBB0
                                            Function 00D91187 Relevance: 10.8, APIs: 7, Instructions: 254COMMON
                                            Download Yara Rule
                                            APIs
                                            • SafeArrayGetVartype.OLEAUT32(00000001,?), ref: 00D9125C
                                            • SafeArrayAccessData.OLEAUT32(00000000,?), ref: 00D91284
                                            • SafeArrayUnaccessData.OLEAUT32(00000001), ref: 00D912A8
                                            • SafeArrayAccessData.OLEAUT32(00000001,?), ref: 00D912D8
                                            • SafeArrayAccessData.OLEAUT32(00000001,?), ref: 00D9135F
                                            • SafeArrayAccessData.OLEAUT32(00000001,?), ref: 00D913C4
                                            • SafeArrayAccessData.OLEAUT32(00000001,?), ref: 00D91430
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1670591504.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                            • Associated: 00000000.00000002.1670566303.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DBC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670670449.0000000000DEC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670683312.0000000000DF4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                            Similarity
                                            • API ID: ArraySafe$Data$Access$UnaccessVartype
                                            • String ID:
                                            • API String ID: 2550207440-0
                                            • Opcode ID: 4cf8d6375245e7cf2ab1b2e5dc2352796ac75abfff0c79316b0dcb6b66c410c2
                                            • Instruction ID: 2e7d5d7f0f5622f4ab59f84ee39a6aa5ce7769dc837203e83a7602130680ce49
                                            • Opcode Fuzzy Hash: 4cf8d6375245e7cf2ab1b2e5dc2352796ac75abfff0c79316b0dcb6b66c410c2
                                            • Instruction Fuzzy Hash: FA91CD79A0021AAFDF009FA8D885BBEB7B5FF48314F144129E940EB291D774E945CBB4
                                            Function 00D3948A Relevance: 10.8, APIs: 7, Instructions: 254COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1670591504.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                            • Associated: 00000000.00000002.1670566303.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DBC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670670449.0000000000DEC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670683312.0000000000DF4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                            Similarity
                                            • API ID: ObjectSelect$BeginCreatePath
                                            • String ID:
                                            • API String ID: 3225163088-0
                                            • Opcode ID: cb25b1b8b0c958a9bed8990b1cd4fecdcae2d06272480bb31cd9783e23483059
                                            • Instruction ID: 97c73f74b57e903dfc0bdf4577ed42c0233b5f047699780f136eefba4b460c2e
                                            • Opcode Fuzzy Hash: cb25b1b8b0c958a9bed8990b1cd4fecdcae2d06272480bb31cd9783e23483059
                                            • Instruction Fuzzy Hash: B6910371D00219EFCB11CFA9C894AEEBBB8FF49320F148559E515B7251D7B4AA82CB70
                                            Function 00DA3947 Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 240COMMON
                                            Download Yara Rule
                                            APIs
                                            • VariantInit.OLEAUT32(?), ref: 00DA396B
                                            • CharUpperBuffW.USER32(?,?), ref: 00DA3A7A
                                            • _wcslen.LIBCMT ref: 00DA3A8A
                                            • VariantClear.OLEAUT32(?), ref: 00DA3C1F
                                              • Part of subcall function 00D90CDF: VariantInit.OLEAUT32(00000000), ref: 00D90D1F
                                              • Part of subcall function 00D90CDF: VariantCopy.OLEAUT32(?,?), ref: 00D90D28
                                              • Part of subcall function 00D90CDF: VariantClear.OLEAUT32(?), ref: 00D90D34
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1670591504.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                            • Associated: 00000000.00000002.1670566303.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DBC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670670449.0000000000DEC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670683312.0000000000DF4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                            Similarity
                                            • API ID: Variant$ClearInit$BuffCharCopyUpper_wcslen
                                            • String ID: AUTOIT.ERROR$Incorrect Parameter format
                                            • API String ID: 4137639002-1221869570
                                            • Opcode ID: dbe843743dd71d9ba7d87ff8291e4e75b4ba288d1f6d36cede9d140c12dce660
                                            • Instruction ID: b21afb2d4b3f3684c16d2f0e222ba2b8cbc8c0d1ee29880977b6ea883f4cf178
                                            • Opcode Fuzzy Hash: dbe843743dd71d9ba7d87ff8291e4e75b4ba288d1f6d36cede9d140c12dce660
                                            • Instruction Fuzzy Hash: BB9148756083459FC704EF28C48096AB7E6FF89314F14892DF88A9B351DB30EE45CBA2
                                            Function 00DA4BAD Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 236COMMON
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 00D8000E: CLSIDFromProgID.OLE32(?,?,?,00000000,?,?,?,-C000001E,00000001,?,00D7FF41,80070057,?,?,?,00D8035E), ref: 00D8002B
                                              • Part of subcall function 00D8000E: ProgIDFromCLSID.OLE32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,00D7FF41,80070057,?,?), ref: 00D80046
                                              • Part of subcall function 00D8000E: lstrcmpiW.KERNEL32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,00D7FF41,80070057,?,?), ref: 00D80054
                                              • Part of subcall function 00D8000E: CoTaskMemFree.OLE32(00000000,?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,00D7FF41,80070057,?), ref: 00D80064
                                            • CoInitializeSecurity.OLE32(00000000,000000FF,00000000,00000000,00000002,00000003,00000000,00000000,00000000,00000001,?,?), ref: 00DA4C51
                                            • _wcslen.LIBCMT ref: 00DA4D59
                                            • CoCreateInstanceEx.OLE32(?,00000000,00000015,?,00000001,?), ref: 00DA4DCF
                                            • CoTaskMemFree.OLE32(?), ref: 00DA4DDA
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1670591504.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                            • Associated: 00000000.00000002.1670566303.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DBC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670670449.0000000000DEC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670683312.0000000000DF4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                            Similarity
                                            • API ID: FreeFromProgTask$CreateInitializeInstanceSecurity_wcslenlstrcmpi
                                            • String ID: NULL Pointer assignment
                                            • API String ID: 614568839-2785691316
                                            • Opcode ID: ce4d276da1445a6e1eef8f4ff4c87815814fa624a27adf18cd45a2dd96b92ac1
                                            • Instruction ID: 282cac9a9743c4c3d522cbb1e75d5087cd3cafdc6ce8977d2974474ae766afa9
                                            • Opcode Fuzzy Hash: ce4d276da1445a6e1eef8f4ff4c87815814fa624a27adf18cd45a2dd96b92ac1
                                            • Instruction Fuzzy Hash: 17910571D00229EBDF14DFA4D891AEEB7B8FF49314F108169E915A7251EB709A448FB0
                                            Function 00DB20FD Relevance: 10.7, APIs: 7, Instructions: 196windowCOMMON
                                            Download Yara Rule
                                            APIs
                                            • GetMenu.USER32(?), ref: 00DB2183
                                            • GetMenuItemCount.USER32(00000000), ref: 00DB21B5
                                            • GetMenuStringW.USER32(00000000,00000000,?,00007FFF,00000400), ref: 00DB21DD
                                            • _wcslen.LIBCMT ref: 00DB2213
                                            • GetMenuItemID.USER32(?,?), ref: 00DB224D
                                            • GetSubMenu.USER32(?,?), ref: 00DB225B
                                              • Part of subcall function 00D83A3D: GetWindowThreadProcessId.USER32(?,00000000), ref: 00D83A57
                                              • Part of subcall function 00D83A3D: GetCurrentThreadId.KERNEL32 ref: 00D83A5E
                                              • Part of subcall function 00D83A3D: AttachThreadInput.USER32(00000000,?,00000000,00000000,?,00D825B3), ref: 00D83A65
                                            • PostMessageW.USER32(?,00000111,00000000,00000000), ref: 00DB22E3
                                              • Part of subcall function 00D8E97B: Sleep.KERNEL32 ref: 00D8E9F3
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1670591504.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                            • Associated: 00000000.00000002.1670566303.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DBC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670670449.0000000000DEC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670683312.0000000000DF4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                            Similarity
                                            • API ID: Menu$Thread$Item$AttachCountCurrentInputMessagePostProcessSleepStringWindow_wcslen
                                            • String ID:
                                            • API String ID: 4196846111-0
                                            • Opcode ID: c96915f77a97e72f4f4ac9ce9b326285202389dda99b03dd06afad3b0f7cfaa7
                                            • Instruction ID: c4e025448f5755b7f06d6588fb56a688b482f1387d61704e43f09ed69438cc27
                                            • Opcode Fuzzy Hash: c96915f77a97e72f4f4ac9ce9b326285202389dda99b03dd06afad3b0f7cfaa7
                                            • Instruction Fuzzy Hash: 1C712B76A00215EFCB14DF68C845ABEB7F5EF88310F148459E956EB351DB34EA418BB0
                                            Function 00DB7E9E Relevance: 10.7, APIs: 7, Instructions: 193windowCOMMON
                                            Download Yara Rule
                                            APIs
                                            • IsWindow.USER32(01575968), ref: 00DB7F37
                                            • IsWindowEnabled.USER32(01575968), ref: 00DB7F43
                                            • SendMessageW.USER32(00000000,0000041C,00000000,00000000), ref: 00DB801E
                                            • SendMessageW.USER32(01575968,000000B0,?,?), ref: 00DB8051
                                            • IsDlgButtonChecked.USER32(?,?), ref: 00DB8089
                                            • GetWindowLongW.USER32(01575968,000000EC), ref: 00DB80AB
                                            • SendMessageW.USER32(?,000000A1,00000002,00000000), ref: 00DB80C3
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1670591504.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                            • Associated: 00000000.00000002.1670566303.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DBC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670670449.0000000000DEC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670683312.0000000000DF4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                            Similarity
                                            • API ID: MessageSendWindow$ButtonCheckedEnabledLong
                                            • String ID:
                                            • API String ID: 4072528602-0
                                            • Opcode ID: 09d8e1727bcd0ef550b1a7bbbda99e9e8d98832ccb7b9bdcfb55ca0668485658
                                            • Instruction ID: cd7dcd1bb7b64301bdc07066d5851d23c3ff34f78cf7c6ed69e1dfd548f17cd9
                                            • Opcode Fuzzy Hash: 09d8e1727bcd0ef550b1a7bbbda99e9e8d98832ccb7b9bdcfb55ca0668485658
                                            • Instruction Fuzzy Hash: 88716E34A09204EFEB219F54C894FFABBB9EF49340F184459E956973A1CB31A845DB34
                                            Function 00D8AEBA Relevance: 10.7, APIs: 7, Instructions: 162windowCOMMON
                                            Download Yara Rule
                                            APIs
                                            • GetParent.USER32(?), ref: 00D8AEF9
                                            • GetKeyboardState.USER32(?), ref: 00D8AF0E
                                            • SetKeyboardState.USER32(?), ref: 00D8AF6F
                                            • PostMessageW.USER32(?,00000101,00000010,?), ref: 00D8AF9D
                                            • PostMessageW.USER32(?,00000101,00000011,?), ref: 00D8AFBC
                                            • PostMessageW.USER32(?,00000101,00000012,?), ref: 00D8AFFD
                                            • PostMessageW.USER32(?,00000101,0000005B,?), ref: 00D8B020
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1670591504.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                            • Associated: 00000000.00000002.1670566303.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DBC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670670449.0000000000DEC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670683312.0000000000DF4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                            Similarity
                                            • API ID: MessagePost$KeyboardState$Parent
                                            • String ID:
                                            • API String ID: 87235514-0
                                            • Opcode ID: 046dc4684faed597dddf1a72c04856b3bfc85f89a6a176a6038025362146d15f
                                            • Instruction ID: d2bee698b4bd1d137afcf0bc406f90f3d8d59f95a6bc462c34826f141eecfe6b
                                            • Opcode Fuzzy Hash: 046dc4684faed597dddf1a72c04856b3bfc85f89a6a176a6038025362146d15f
                                            • Instruction Fuzzy Hash: 1151E3A06047D53DFB3662388C45BBABEA95F06314F0C858AF2D9954C2D3D8ACD4D771
                                            Function 00D8ACDA Relevance: 10.7, APIs: 7, Instructions: 161windowCOMMON
                                            Download Yara Rule
                                            APIs
                                            • GetParent.USER32(00000000), ref: 00D8AD19
                                            • GetKeyboardState.USER32(?), ref: 00D8AD2E
                                            • SetKeyboardState.USER32(?), ref: 00D8AD8F
                                            • PostMessageW.USER32(00000000,00000100,00000010,?), ref: 00D8ADBB
                                            • PostMessageW.USER32(00000000,00000100,00000011,?), ref: 00D8ADD8
                                            • PostMessageW.USER32(00000000,00000100,00000012,?), ref: 00D8AE17
                                            • PostMessageW.USER32(00000000,00000100,0000005B,?), ref: 00D8AE38
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1670591504.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                            • Associated: 00000000.00000002.1670566303.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DBC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670670449.0000000000DEC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670683312.0000000000DF4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                            Similarity
                                            • API ID: MessagePost$KeyboardState$Parent
                                            • String ID:
                                            • API String ID: 87235514-0
                                            • Opcode ID: a628a05b05a26f96f025363110c5eed8f84e1cab8ffbc54f5874e2c232118dc1
                                            • Instruction ID: ed36e6bdc2b47f3f7cddae1662047b2f5ab78ddffaaa9c86accb2a9691d1ca32
                                            • Opcode Fuzzy Hash: a628a05b05a26f96f025363110c5eed8f84e1cab8ffbc54f5874e2c232118dc1
                                            • Instruction Fuzzy Hash: FF51E8A16047D53DFB37A3388C55B7ABE986B46301F0C898AF1D5868C2D394EC84D772
                                            Function 00D5542E Relevance: 10.7, APIs: 7, Instructions: 152fileCOMMONLIBRARYCODE
                                            Download Yara Rule
                                            APIs
                                            • GetConsoleCP.KERNEL32(00D63CD6,?,?,?,?,?,?,?,?,00D55BA3,?,?,00D63CD6,?,?), ref: 00D55470
                                            • __fassign.LIBCMT ref: 00D554EB
                                            • __fassign.LIBCMT ref: 00D55506
                                            • WideCharToMultiByte.KERNEL32(?,00000000,?,00000001,00D63CD6,00000005,00000000,00000000), ref: 00D5552C
                                            • WriteFile.KERNEL32(?,00D63CD6,00000000,00D55BA3,00000000,?,?,?,?,?,?,?,?,?,00D55BA3,?), ref: 00D5554B
                                            • WriteFile.KERNEL32(?,?,00000001,00D55BA3,00000000,?,?,?,?,?,?,?,?,?,00D55BA3,?), ref: 00D55584
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1670591504.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                            • Associated: 00000000.00000002.1670566303.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DBC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670670449.0000000000DEC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670683312.0000000000DF4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                            Similarity
                                            • API ID: FileWrite__fassign$ByteCharConsoleMultiWide
                                            • String ID:
                                            • API String ID: 1324828854-0
                                            • Opcode ID: be5a1376155f717bd3b566d6ea9097290d796d50deebfe5dbfe348cb016709cd
                                            • Instruction ID: 83609b60682221a1842e110da795acb3016f5fde24a5cd30487c3e29685d4c45
                                            • Opcode Fuzzy Hash: be5a1376155f717bd3b566d6ea9097290d796d50deebfe5dbfe348cb016709cd
                                            • Instruction Fuzzy Hash: 6B51BF70A007499FDF11CFA8E851AEEBBF9EF09301F14412AED55E7291E6309A45CB70
                                            Function 00D42D20 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 117COMMON
                                            Download Yara Rule
                                            APIs
                                            • _ValidateLocalCookies.LIBCMT ref: 00D42D4B
                                            • ___except_validate_context_record.LIBVCRUNTIME ref: 00D42D53
                                            • _ValidateLocalCookies.LIBCMT ref: 00D42DE1
                                            • __IsNonwritableInCurrentImage.LIBCMT ref: 00D42E0C
                                            • _ValidateLocalCookies.LIBCMT ref: 00D42E61
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1670591504.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                            • Associated: 00000000.00000002.1670566303.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DBC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670670449.0000000000DEC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670683312.0000000000DF4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                            Similarity
                                            • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
                                            • String ID: csm
                                            • API String ID: 1170836740-1018135373
                                            • Opcode ID: 5c8dbebe30daff6c52f00c92cf5629e20ae68d1c423e267531f629521d83f59b
                                            • Instruction ID: 1aebcc4d780d8375bad6c87e5cf71e7ee0023d3c30d6e5cfc1b3579a1ca81244
                                            • Opcode Fuzzy Hash: 5c8dbebe30daff6c52f00c92cf5629e20ae68d1c423e267531f629521d83f59b
                                            • Instruction Fuzzy Hash: 1B416034E00209EBCF10DF68C885AAEBBA5FF45324F588155F915AB392D7319A55CBF0
                                            Function 00DA10B8 Relevance: 10.6, APIs: 7, Instructions: 110networkCOMMON
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 00DA304E: inet_addr.WSOCK32(?,?,?,?,?,00000000), ref: 00DA307A
                                              • Part of subcall function 00DA304E: _wcslen.LIBCMT ref: 00DA309B
                                            • socket.WSOCK32(00000002,00000001,00000006,?,?,00000000), ref: 00DA1112
                                            • WSAGetLastError.WSOCK32 ref: 00DA1121
                                            • WSAGetLastError.WSOCK32 ref: 00DA11C9
                                            • closesocket.WSOCK32(00000000), ref: 00DA11F9
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1670591504.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                            • Associated: 00000000.00000002.1670566303.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DBC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670670449.0000000000DEC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670683312.0000000000DF4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                            Similarity
                                            • API ID: ErrorLast$_wcslenclosesocketinet_addrsocket
                                            • String ID:
                                            • API String ID: 2675159561-0
                                            • Opcode ID: 3c622f086293099b9bb498a2580d5884561461b00e5a6ad1af0d7db093c34e1d
                                            • Instruction ID: f90fc64e6f89e4d45e020671b3f30f0fe486c89b73e1034a7c604f4c5f716c20
                                            • Opcode Fuzzy Hash: 3c622f086293099b9bb498a2580d5884561461b00e5a6ad1af0d7db093c34e1d
                                            • Instruction Fuzzy Hash: 1341D039600314EFDB109F14D884BAABBA9FF86368F188159F9559B291C770ED41CBF0
                                            Function 00D8CF00 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 108filestringCOMMON
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 00D8DDE0: GetFullPathNameW.KERNEL32(00000000,00007FFF,?,?,?,?,?,?,00D8CF22,?), ref: 00D8DDFD
                                              • Part of subcall function 00D8DDE0: GetFullPathNameW.KERNEL32(?,00007FFF,?,?,?,?,?,00D8CF22,?), ref: 00D8DE16
                                            • lstrcmpiW.KERNEL32(?,?), ref: 00D8CF45
                                            • MoveFileW.KERNEL32(?,?), ref: 00D8CF7F
                                            • _wcslen.LIBCMT ref: 00D8D005
                                            • _wcslen.LIBCMT ref: 00D8D01B
                                            • SHFileOperationW.SHELL32(?), ref: 00D8D061
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1670591504.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                            • Associated: 00000000.00000002.1670566303.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DBC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670670449.0000000000DEC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670683312.0000000000DF4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                            Similarity
                                            • API ID: FileFullNamePath_wcslen$MoveOperationlstrcmpi
                                            • String ID: \*.*
                                            • API String ID: 3164238972-1173974218
                                            • Opcode ID: cbd70974639028faad2de110183ee40e7cc8d05a3b8a7f6cae382f213babffd9
                                            • Instruction ID: 10a91428f372e70150c4ede5648e1f76c909ab56068522d0514404aa3c1ca94a
                                            • Opcode Fuzzy Hash: cbd70974639028faad2de110183ee40e7cc8d05a3b8a7f6cae382f213babffd9
                                            • Instruction Fuzzy Hash: AB4123719462189FDF12FFA4D981ADEB7B9EF58380F1400A6E645EB141EA34A684CF70
                                            Function 00DB2DFD Relevance: 10.6, APIs: 7, Instructions: 99windowCOMMON
                                            Download Yara Rule
                                            APIs
                                            • SendMessageW.USER32(?,000000F0,00000000,00000000), ref: 00DB2E1C
                                            • GetWindowLongW.USER32(?,000000F0), ref: 00DB2E4F
                                            • GetWindowLongW.USER32(?,000000F0), ref: 00DB2E84
                                            • SendMessageW.USER32(?,000000F1,00000000,00000000), ref: 00DB2EB6
                                            • SendMessageW.USER32(?,000000F1,00000001,00000000), ref: 00DB2EE0
                                            • GetWindowLongW.USER32(?,000000F0), ref: 00DB2EF1
                                            • SetWindowLongW.USER32(?,000000F0,00000000), ref: 00DB2F0B
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1670591504.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                            • Associated: 00000000.00000002.1670566303.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DBC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670670449.0000000000DEC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670683312.0000000000DF4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                            Similarity
                                            • API ID: LongWindow$MessageSend
                                            • String ID:
                                            • API String ID: 2178440468-0
                                            • Opcode ID: 1f83f94b10eca78a950702e5cbd3c553c13af43be8e3c42696c2907ff4c8d512
                                            • Instruction ID: 6b5745eb28181fed0f70138230da2fec67f0cf0930bd38c762744057b4bf45b1
                                            • Opcode Fuzzy Hash: 1f83f94b10eca78a950702e5cbd3c553c13af43be8e3c42696c2907ff4c8d512
                                            • Instruction Fuzzy Hash: 4631E136604250EFDB218F59DC84FA937A5FB9A710F195164F912CB2B1CBB1E840DB61
                                            Function 00D87726 Relevance: 10.6, APIs: 7, Instructions: 94memoryCOMMON
                                            Download Yara Rule
                                            APIs
                                            • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 00D87769
                                            • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 00D8778F
                                            • SysAllocString.OLEAUT32(00000000), ref: 00D87792
                                            • SysAllocString.OLEAUT32(?), ref: 00D877B0
                                            • SysFreeString.OLEAUT32(?), ref: 00D877B9
                                            • StringFromGUID2.OLE32(?,?,00000028), ref: 00D877DE
                                            • SysAllocString.OLEAUT32(?), ref: 00D877EC
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1670591504.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                            • Associated: 00000000.00000002.1670566303.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DBC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670670449.0000000000DEC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670683312.0000000000DF4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                            Similarity
                                            • API ID: String$Alloc$ByteCharMultiWide$FreeFrom
                                            • String ID:
                                            • API String ID: 3761583154-0
                                            • Opcode ID: ad95cd6fb60ba1ed2922a029ec03be8a9c6ee1897758d419a99c6124d5c79bb4
                                            • Instruction ID: d2e9cc25c23b3cbf6a5089cd639eb08b562c98e175dcdbfd3d8baf27447f5954
                                            • Opcode Fuzzy Hash: ad95cd6fb60ba1ed2922a029ec03be8a9c6ee1897758d419a99c6124d5c79bb4
                                            • Instruction Fuzzy Hash: 0A218E76608219EFDB10EFA8CC88CBB77ACFB09764B148125BA15EB250D670ED41C7B0
                                            Function 00D877FD Relevance: 10.6, APIs: 7, Instructions: 89memoryCOMMON
                                            Download Yara Rule
                                            APIs
                                            • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 00D87842
                                            • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 00D87868
                                            • SysAllocString.OLEAUT32(00000000), ref: 00D8786B
                                            • SysAllocString.OLEAUT32 ref: 00D8788C
                                            • SysFreeString.OLEAUT32 ref: 00D87895
                                            • StringFromGUID2.OLE32(?,?,00000028), ref: 00D878AF
                                            • SysAllocString.OLEAUT32(?), ref: 00D878BD
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1670591504.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                            • Associated: 00000000.00000002.1670566303.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DBC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670670449.0000000000DEC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670683312.0000000000DF4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                            Similarity
                                            • API ID: String$Alloc$ByteCharMultiWide$FreeFrom
                                            • String ID:
                                            • API String ID: 3761583154-0
                                            • Opcode ID: e64bc9b47d10ed4c2999411e0774a02f8aee8c566e2f7f5fa9bec11ed6e1bc8f
                                            • Instruction ID: 4adaea610978728f431b8471ebc743a93eaa645ae80ecc335edaebae1ba5839a
                                            • Opcode Fuzzy Hash: e64bc9b47d10ed4c2999411e0774a02f8aee8c566e2f7f5fa9bec11ed6e1bc8f
                                            • Instruction Fuzzy Hash: 18216035608204FFDB10AFA8DC88DAA77BCFB09760B248125F915DB2A1DA70ED41CB74
                                            Function 00D904D2 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 80pipeCOMMON
                                            Download Yara Rule
                                            APIs
                                            • GetStdHandle.KERNEL32(0000000C), ref: 00D904F2
                                            • CreatePipe.KERNEL32(?,?,0000000C,00000000), ref: 00D9052E
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1670591504.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                            • Associated: 00000000.00000002.1670566303.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DBC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670670449.0000000000DEC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670683312.0000000000DF4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                            Similarity
                                            • API ID: CreateHandlePipe
                                            • String ID: nul
                                            • API String ID: 1424370930-2873401336
                                            • Opcode ID: 0758d1f3852394ef23b7f49037f98b33f8ed9c3d58165b085f451e381efbe10f
                                            • Instruction ID: 8d7b9b5fa57158b382ee23b68139904ea7f4f6a06394a3e37caf2acb87760a49
                                            • Opcode Fuzzy Hash: 0758d1f3852394ef23b7f49037f98b33f8ed9c3d58165b085f451e381efbe10f
                                            • Instruction Fuzzy Hash: A7212A75500305EFDF609F69E844A9A7BB8BF44764F654A29E8A1E72E0E770D940CF30
                                            Function 00D905A7 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 80pipeCOMMON
                                            Download Yara Rule
                                            APIs
                                            • GetStdHandle.KERNEL32(000000F6), ref: 00D905C6
                                            • CreatePipe.KERNEL32(?,?,0000000C,00000000), ref: 00D90601
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1670591504.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                            • Associated: 00000000.00000002.1670566303.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DBC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670670449.0000000000DEC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670683312.0000000000DF4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                            Similarity
                                            • API ID: CreateHandlePipe
                                            • String ID: nul
                                            • API String ID: 1424370930-2873401336
                                            • Opcode ID: 6ee9dd6a32fdd631dc3f6efa969e1717c4f3cffe3af5d33175f3c6c2ce74232c
                                            • Instruction ID: 60f49cff6d2e1eadd65640313816968fa5dee1bc8545e34aaba24ca3f2dd85ed
                                            • Opcode Fuzzy Hash: 6ee9dd6a32fdd631dc3f6efa969e1717c4f3cffe3af5d33175f3c6c2ce74232c
                                            • Instruction Fuzzy Hash: 65215E75500305EFDF209F69AC04A9A7BE8BF95724F240B19F8A1E72E0D7B09960CB70
                                            Function 00DB40AD Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 75windowCOMMON
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 00D2600E: CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 00D2604C
                                              • Part of subcall function 00D2600E: GetStockObject.GDI32(00000011), ref: 00D26060
                                              • Part of subcall function 00D2600E: SendMessageW.USER32(00000000,00000030,00000000), ref: 00D2606A
                                            • SendMessageW.USER32(00000000,00002001,00000000,FF000000), ref: 00DB4112
                                            • SendMessageW.USER32(?,00000409,00000000,FF000000), ref: 00DB411F
                                            • SendMessageW.USER32(?,00000402,00000000,00000000), ref: 00DB412A
                                            • SendMessageW.USER32(?,00000401,00000000,00640000), ref: 00DB4139
                                            • SendMessageW.USER32(?,00000404,00000001,00000000), ref: 00DB4145
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1670591504.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                            • Associated: 00000000.00000002.1670566303.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DBC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670670449.0000000000DEC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670683312.0000000000DF4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                            Similarity
                                            • API ID: MessageSend$CreateObjectStockWindow
                                            • String ID: Msctls_Progress32
                                            • API String ID: 1025951953-3636473452
                                            • Opcode ID: b740cc4c00fe61528d65b1a1eba42c1d98a648169c1a8a1cc84a838ab8366ee5
                                            • Instruction ID: c1d55fab4045522ca76e7fa4303b0d3a15bc2b9e28235593a04d9736837be466
                                            • Opcode Fuzzy Hash: b740cc4c00fe61528d65b1a1eba42c1d98a648169c1a8a1cc84a838ab8366ee5
                                            • Instruction Fuzzy Hash: 6411B2B2550219BEEF119F64CC85EE77F5DEF18798F004111BA18E2150C672DC21DBB4
                                            Function 00D5D7DF Relevance: 10.6, APIs: 7, Instructions: 65COMMONLIBRARYCODE
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 00D5D7A3: _free.LIBCMT ref: 00D5D7CC
                                            • _free.LIBCMT ref: 00D5D82D
                                              • Part of subcall function 00D529C8: RtlFreeHeap.NTDLL(00000000,00000000,?,00D5D7D1,00000000,00000000,00000000,00000000,?,00D5D7F8,00000000,00000007,00000000,?,00D5DBF5,00000000), ref: 00D529DE
                                              • Part of subcall function 00D529C8: GetLastError.KERNEL32(00000000,?,00D5D7D1,00000000,00000000,00000000,00000000,?,00D5D7F8,00000000,00000007,00000000,?,00D5DBF5,00000000,00000000), ref: 00D529F0
                                            • _free.LIBCMT ref: 00D5D838
                                            • _free.LIBCMT ref: 00D5D843
                                            • _free.LIBCMT ref: 00D5D897
                                            • _free.LIBCMT ref: 00D5D8A2
                                            • _free.LIBCMT ref: 00D5D8AD
                                            • _free.LIBCMT ref: 00D5D8B8
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1670591504.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                            • Associated: 00000000.00000002.1670566303.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DBC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670670449.0000000000DEC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670683312.0000000000DF4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                            Similarity
                                            • API ID: _free$ErrorFreeHeapLast
                                            • String ID:
                                            • API String ID: 776569668-0
                                            • Opcode ID: d5e9bbcb1dbdafe4c8d3bd98f36014f41f46dc5d4a3df644b036f3c2391e0fc8
                                            • Instruction ID: 083acb50420f52cb91bc5199d485e3de40c6955c8d246d09af4f64e454e533d3
                                            • Opcode Fuzzy Hash: d5e9bbcb1dbdafe4c8d3bd98f36014f41f46dc5d4a3df644b036f3c2391e0fc8
                                            • Instruction Fuzzy Hash: 1B112E71580704AADD31BFB0CC46FDB7B9DEF05702F400815BE9AA6592D775A50D4A70
                                            Function 00D8DA5A Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 46windowCOMMON
                                            Download Yara Rule
                                            APIs
                                            • GetModuleHandleW.KERNEL32(00000000,?,?,00000100,00000000), ref: 00D8DA74
                                            • LoadStringW.USER32(00000000), ref: 00D8DA7B
                                            • GetModuleHandleW.KERNEL32(00000000,00001389,?,00000100), ref: 00D8DA91
                                            • LoadStringW.USER32(00000000), ref: 00D8DA98
                                            • MessageBoxW.USER32(00000000,?,?,00011010), ref: 00D8DADC
                                            Strings
                                            • %s (%d) : ==> %s: %s %s, xrefs: 00D8DAB9
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1670591504.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                            • Associated: 00000000.00000002.1670566303.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DBC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670670449.0000000000DEC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670683312.0000000000DF4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                            Similarity
                                            • API ID: HandleLoadModuleString$Message
                                            • String ID: %s (%d) : ==> %s: %s %s
                                            • API String ID: 4072794657-3128320259
                                            • Opcode ID: fa259aca2452ed81bbaa9aa923fc016afaf1849ba3cc9c1ed31c3daded7db93b
                                            • Instruction ID: 8a229b880073f16d2942b474197feac35b0323110d7cfc053051689a0270683f
                                            • Opcode Fuzzy Hash: fa259aca2452ed81bbaa9aa923fc016afaf1849ba3cc9c1ed31c3daded7db93b
                                            • Instruction Fuzzy Hash: EB016DF2910308FFE711ABA49D89EEB776CEB08341F401596B746E2181EA749E848F74
                                            Function 00D9096B Relevance: 10.5, APIs: 7, Instructions: 35synchronizationthreadCOMMON
                                            Download Yara Rule
                                            APIs
                                            • InterlockedExchange.KERNEL32(01572DB0,01572DB0), ref: 00D9097B
                                            • EnterCriticalSection.KERNEL32(01572D90,00000000), ref: 00D9098D
                                            • TerminateThread.KERNEL32(?,000001F6), ref: 00D9099B
                                            • WaitForSingleObject.KERNEL32(?,000003E8), ref: 00D909A9
                                            • CloseHandle.KERNEL32(?), ref: 00D909B8
                                            • InterlockedExchange.KERNEL32(01572DB0,000001F6), ref: 00D909C8
                                            • LeaveCriticalSection.KERNEL32(01572D90), ref: 00D909CF
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1670591504.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                            • Associated: 00000000.00000002.1670566303.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DBC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670670449.0000000000DEC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670683312.0000000000DF4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                            Similarity
                                            • API ID: CriticalExchangeInterlockedSection$CloseEnterHandleLeaveObjectSingleTerminateThreadWait
                                            • String ID:
                                            • API String ID: 3495660284-0
                                            • Opcode ID: 93779680a689bedeb04e874c685b36ff3a3bb8b412efa8a2539e8550bf03d3f0
                                            • Instruction ID: 2ca515b8d3f46964836d1269b752ee4fc5b00c6f1e7c1ae185535f3a1ac2798c
                                            • Opcode Fuzzy Hash: 93779680a689bedeb04e874c685b36ff3a3bb8b412efa8a2539e8550bf03d3f0
                                            • Instruction Fuzzy Hash: 33F01D31552612FBDB455F94EE88ADA7A25BF01702F442226F101909A0C7749865CFA4
                                            Function 00D25D0A Relevance: 9.3, APIs: 6, Instructions: 276COMMON
                                            Download Yara Rule
                                            APIs
                                            • GetClientRect.USER32(?,?), ref: 00D25D30
                                            • GetWindowRect.USER32(?,?), ref: 00D25D71
                                            • ScreenToClient.USER32(?,?), ref: 00D25D99
                                            • GetClientRect.USER32(?,?), ref: 00D25ED7
                                            • GetWindowRect.USER32(?,?), ref: 00D25EF8
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1670591504.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                            • Associated: 00000000.00000002.1670566303.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DBC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670670449.0000000000DEC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670683312.0000000000DF4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                            Similarity
                                            • API ID: Rect$Client$Window$Screen
                                            • String ID:
                                            • API String ID: 1296646539-0
                                            • Opcode ID: 11321a86fbb7326e64b3d5bf54fb6b2c75fe33758a18f878fb9c7af53b32bd12
                                            • Instruction ID: 4f616a886f675b25ef8fc224a93eceb6054e4824a554c734a78e58be15fc724a
                                            • Opcode Fuzzy Hash: 11321a86fbb7326e64b3d5bf54fb6b2c75fe33758a18f878fb9c7af53b32bd12
                                            • Instruction Fuzzy Hash: 1FB16834A0074ADBDB14CFA8D480BEAB7F1FF58314F18951AE8A9D7254DB30EA51DB60
                                            Function 00D501B7 Relevance: 9.3, APIs: 6, Instructions: 269COMMON
                                            Download Yara Rule
                                            APIs
                                            • __allrem.LIBCMT ref: 00D500BA
                                            • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00D500D6
                                            • __allrem.LIBCMT ref: 00D500ED
                                            • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00D5010B
                                            • __allrem.LIBCMT ref: 00D50122
                                            • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00D50140
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1670591504.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                            • Associated: 00000000.00000002.1670566303.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DBC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670670449.0000000000DEC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670683312.0000000000DF4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                            Similarity
                                            • API ID: Unothrow_t@std@@@__allrem__ehfuncinfo$??2@
                                            • String ID:
                                            • API String ID: 1992179935-0
                                            • Opcode ID: c0aa086816e9a6b10c8594d9af3fc1b6618250ddc70608c46d0048b3e4fbc764
                                            • Instruction ID: 94e3d1e0218229795b93b7198ebbce9574b8ac62a9ab3d3d5f00a0c95284db1b
                                            • Opcode Fuzzy Hash: c0aa086816e9a6b10c8594d9af3fc1b6618250ddc70608c46d0048b3e4fbc764
                                            • Instruction Fuzzy Hash: AA81E672A00B069BEB209F68CC41B6B77E9EF41325F28453AFD51D6691E770D9088BB1
                                            Function 00DA1D10 Relevance: 9.3, APIs: 6, Instructions: 254networkCOMMON
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 00DA3149: select.WSOCK32(00000000,?,00000000,00000000,?,?,?,00000000,?,?,?,00DA101C,00000000,?,?,00000000), ref: 00DA3195
                                            • __WSAFDIsSet.WSOCK32(00000000,?,00000000,00000000,?,00000064,00000000), ref: 00DA1DC0
                                            • #17.WSOCK32(00000000,?,?,00000000,?,00000010), ref: 00DA1DE1
                                            • WSAGetLastError.WSOCK32 ref: 00DA1DF2
                                            • inet_ntoa.WSOCK32(?), ref: 00DA1E8C
                                            • htons.WSOCK32(?,?,?,?,?), ref: 00DA1EDB
                                            • _strlen.LIBCMT ref: 00DA1F35
                                              • Part of subcall function 00D839E8: _strlen.LIBCMT ref: 00D839F2
                                              • Part of subcall function 00D26D9E: MultiByteToWideChar.KERNEL32(00000000,00000001,?,?,00000000,00000000,00000002,?,?,?,?,00D3CF58,?,?,?), ref: 00D26DBA
                                              • Part of subcall function 00D26D9E: MultiByteToWideChar.KERNEL32(00000000,00000001,?,?,00000000,?,?,?,00D3CF58,?,?,?), ref: 00D26DED
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1670591504.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                            • Associated: 00000000.00000002.1670566303.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DBC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670670449.0000000000DEC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670683312.0000000000DF4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                            Similarity
                                            • API ID: ByteCharMultiWide_strlen$ErrorLasthtonsinet_ntoaselect
                                            • String ID:
                                            • API String ID: 1923757996-0
                                            • Opcode ID: 3c9c94ff12033aed7faedec8395739242d752da3c69ee6e13d3e96d032a9fe78
                                            • Instruction ID: f0f6a587c3a4dde65bdbb3a902cbfaff32235f91473903a47640db29c133643f
                                            • Opcode Fuzzy Hash: 3c9c94ff12033aed7faedec8395739242d752da3c69ee6e13d3e96d032a9fe78
                                            • Instruction Fuzzy Hash: 8AA1DF35504350AFC324DF20C895F2ABBA5EF95318F58894CF4565B2A2CB71EE46CBB1
                                            Function 00D561FE Relevance: 9.2, APIs: 6, Instructions: 216COMMON
                                            Download Yara Rule
                                            APIs
                                            • MultiByteToWideChar.KERNEL32(00000001,00000000,?,?,00000000,00000000,?,00D482D9,00D482D9,?,?,?,00D5644F,00000001,00000001,8BE85006), ref: 00D56258
                                            • MultiByteToWideChar.KERNEL32(00000001,00000001,?,?,00000000,?,?,?,?,00D5644F,00000001,00000001,8BE85006,?,?,?), ref: 00D562DE
                                            • WideCharToMultiByte.KERNEL32(00000001,00000000,00000000,00000000,?,8BE85006,00000000,00000000,?,00000400,00000000,?,00000000,00000000,00000000,00000000), ref: 00D563D8
                                            • __freea.LIBCMT ref: 00D563E5
                                              • Part of subcall function 00D53820: RtlAllocateHeap.NTDLL(00000000,?,00DF1444,?,00D3FDF5,?,?,00D2A976,00000010,00DF1440,00D213FC,?,00D213C6,?,00D21129), ref: 00D53852
                                            • __freea.LIBCMT ref: 00D563EE
                                            • __freea.LIBCMT ref: 00D56413
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1670591504.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                            • Associated: 00000000.00000002.1670566303.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DBC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670670449.0000000000DEC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670683312.0000000000DF4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                            Similarity
                                            • API ID: ByteCharMultiWide__freea$AllocateHeap
                                            • String ID:
                                            • API String ID: 1414292761-0
                                            • Opcode ID: 82725752d4439f8c9afb7609e00ae61e0e41158e85571b30e9c082976006f3a3
                                            • Instruction ID: e062b6c5f9631d6b18f29e16803b96f0d89099ac09de89c19f2cefca62d6feb5
                                            • Opcode Fuzzy Hash: 82725752d4439f8c9afb7609e00ae61e0e41158e85571b30e9c082976006f3a3
                                            • Instruction Fuzzy Hash: C551BF72A10216ABEF259F64CC81EAF7BAAEB44752F5D4629FC05D7140EB34DC48C6B0
                                            Function 00DABBDB Relevance: 9.2, APIs: 6, Instructions: 191registryCOMMON
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 00D29CB3: _wcslen.LIBCMT ref: 00D29CBD
                                              • Part of subcall function 00DAC998: CharUpperBuffW.USER32(?,?,?,?,?,?,?,00DAB6AE,?,?), ref: 00DAC9B5
                                              • Part of subcall function 00DAC998: _wcslen.LIBCMT ref: 00DAC9F1
                                              • Part of subcall function 00DAC998: _wcslen.LIBCMT ref: 00DACA68
                                              • Part of subcall function 00DAC998: _wcslen.LIBCMT ref: 00DACA9E
                                            • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 00DABCCA
                                            • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 00DABD25
                                            • RegCloseKey.ADVAPI32(00000000), ref: 00DABD6A
                                            • RegEnumValueW.ADVAPI32(?,-00000001,?,?,00000000,?,00000000,00000000), ref: 00DABD99
                                            • RegCloseKey.ADVAPI32(?,?,00000000), ref: 00DABDF3
                                            • RegCloseKey.ADVAPI32(?), ref: 00DABDFF
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1670591504.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                            • Associated: 00000000.00000002.1670566303.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DBC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670670449.0000000000DEC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670683312.0000000000DF4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                            Similarity
                                            • API ID: _wcslen$Close$BuffCharConnectEnumOpenRegistryUpperValue
                                            • String ID:
                                            • API String ID: 1120388591-0
                                            • Opcode ID: 0540da87e5f596a837aa1c9f0ec8a3c5a47fd78899d7a71d04785897512d1c1d
                                            • Instruction ID: ec7299fed4eddd6ebc34cf9fbaab963e20137d2302b91d7108a703cf885f0e20
                                            • Opcode Fuzzy Hash: 0540da87e5f596a837aa1c9f0ec8a3c5a47fd78899d7a71d04785897512d1c1d
                                            • Instruction Fuzzy Hash: 91817E30118241EFD714DF24C895E2ABBE5FF85318F18495DF4968B2A2DB31ED46CBA2
                                            Function 00D7F7AD Relevance: 9.2, APIs: 6, Instructions: 183memoryCOMMON
                                            Download Yara Rule
                                            APIs
                                            • VariantInit.OLEAUT32(00000035), ref: 00D7F7B9
                                            • SysAllocString.OLEAUT32(00000001), ref: 00D7F860
                                            • VariantCopy.OLEAUT32(00D7FA64,00000000), ref: 00D7F889
                                            • VariantClear.OLEAUT32(00D7FA64), ref: 00D7F8AD
                                            • VariantCopy.OLEAUT32(00D7FA64,00000000), ref: 00D7F8B1
                                            • VariantClear.OLEAUT32(?), ref: 00D7F8BB
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1670591504.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                            • Associated: 00000000.00000002.1670566303.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DBC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670670449.0000000000DEC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670683312.0000000000DF4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                            Similarity
                                            • API ID: Variant$ClearCopy$AllocInitString
                                            • String ID:
                                            • API String ID: 3859894641-0
                                            • Opcode ID: 00f25b8ad583d8aa8a42db794a86276c73d75e1cb2b6891331f5169ebad16d17
                                            • Instruction ID: a8d1735a80d4871f7f7f482b5971d00d4b01f56ca44b9f820690313b490bd90e
                                            • Opcode Fuzzy Hash: 00f25b8ad583d8aa8a42db794a86276c73d75e1cb2b6891331f5169ebad16d17
                                            • Instruction Fuzzy Hash: 7551A232610310EACF34AB65D895B6DB3A8EF55314F24D466E909EF291EB709C40CBB6
                                            Function 00D9910C Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 383COMMON
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 00D27620: _wcslen.LIBCMT ref: 00D27625
                                              • Part of subcall function 00D26B57: _wcslen.LIBCMT ref: 00D26B6A
                                            • GetOpenFileNameW.COMDLG32(00000058), ref: 00D994E5
                                            • _wcslen.LIBCMT ref: 00D99506
                                            • _wcslen.LIBCMT ref: 00D9952D
                                            • GetSaveFileNameW.COMDLG32(00000058), ref: 00D99585
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1670591504.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                            • Associated: 00000000.00000002.1670566303.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DBC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670670449.0000000000DEC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670683312.0000000000DF4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                            Similarity
                                            • API ID: _wcslen$FileName$OpenSave
                                            • String ID: X
                                            • API String ID: 83654149-3081909835
                                            • Opcode ID: 8aa18bea563817dc05a721de79f46a018a9ed5ba27639104fa209642dd11dbf3
                                            • Instruction ID: 555c3f65059f15e78b12f580c2ccccbfb16fc938d4fefc94dd91a51aa603d543
                                            • Opcode Fuzzy Hash: 8aa18bea563817dc05a721de79f46a018a9ed5ba27639104fa209642dd11dbf3
                                            • Instruction Fuzzy Hash: FDE17F315043509FDB24EF28D491A6AB7E4FF95314F08896DE8899B2A2DB31DD05CBB2
                                            Function 00D3920C Relevance: 9.1, APIs: 6, Instructions: 113COMMON
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 00D39BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00D39BB2
                                            • BeginPaint.USER32(?,?,?), ref: 00D39241
                                            • GetWindowRect.USER32(?,?), ref: 00D392A5
                                            • ScreenToClient.USER32(?,?), ref: 00D392C2
                                            • SetViewportOrgEx.GDI32(00000000,?,?,00000000), ref: 00D392D3
                                            • EndPaint.USER32(?,?,?,?,?), ref: 00D39321
                                            • Rectangle.GDI32(00000000,00000000,00000000,?,?), ref: 00D771EA
                                              • Part of subcall function 00D39339: BeginPath.GDI32(00000000), ref: 00D39357
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1670591504.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                            • Associated: 00000000.00000002.1670566303.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DBC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670670449.0000000000DEC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670683312.0000000000DF4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                            Similarity
                                            • API ID: BeginPaintWindow$ClientLongPathRectRectangleScreenViewport
                                            • String ID:
                                            • API String ID: 3050599898-0
                                            • Opcode ID: c25cf478f0aa62748edda3a3246e27746be7b81126a3a3c2776a9981d6342ad2
                                            • Instruction ID: e7fb9f0cc2f8ba949f23824bcbc8e75673fc3d57d44a06fee001f7ed9bf243f2
                                            • Opcode Fuzzy Hash: c25cf478f0aa62748edda3a3246e27746be7b81126a3a3c2776a9981d6342ad2
                                            • Instruction Fuzzy Hash: D641AB74104300EFD711DF24D894FBABBA8EB4A320F044669F9A5D72B1D7B19845DBB1
                                            Function 00D907EF Relevance: 9.1, APIs: 6, Instructions: 107fileCOMMON
                                            Download Yara Rule
                                            APIs
                                            • InterlockedExchange.KERNEL32(?,000001F5), ref: 00D9080C
                                            • ReadFile.KERNEL32(?,?,0000FFFF,?,00000000), ref: 00D90847
                                            • EnterCriticalSection.KERNEL32(?), ref: 00D90863
                                            • LeaveCriticalSection.KERNEL32(?), ref: 00D908DC
                                            • ReadFile.KERNEL32(?,?,0000FFFF,00000000,00000000), ref: 00D908F3
                                            • InterlockedExchange.KERNEL32(?,000001F6), ref: 00D90921
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1670591504.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                            • Associated: 00000000.00000002.1670566303.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DBC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670670449.0000000000DEC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670683312.0000000000DF4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                            Similarity
                                            • API ID: CriticalExchangeFileInterlockedReadSection$EnterLeave
                                            • String ID:
                                            • API String ID: 3368777196-0
                                            • Opcode ID: cb898c8d0966eb7c6059fac26e9c33189c4cd02ae19a2cff3eeb9bae911917c8
                                            • Instruction ID: cdf42257cf76ac89a39955a44a7c1a5a0b5542cec16fe259b93a7fafc9473b70
                                            • Opcode Fuzzy Hash: cb898c8d0966eb7c6059fac26e9c33189c4cd02ae19a2cff3eeb9bae911917c8
                                            • Instruction Fuzzy Hash: FF412771A00209EFDF14AF54DC85AAA7BB9FF04314F1440A9ED04EA296DB30DE65DBB4
                                            Function 00DB81DB Relevance: 9.1, APIs: 6, Instructions: 104windowCOMMON
                                            Download Yara Rule
                                            APIs
                                            • ShowWindow.USER32(FFFFFFFF,00000000,?,00000000,00000000,?,00D7F3AB,00000000,?,?,00000000,?,00D7682C,00000004,00000000,00000000), ref: 00DB824C
                                            • EnableWindow.USER32(?,00000000), ref: 00DB8272
                                            • ShowWindow.USER32(FFFFFFFF,00000000), ref: 00DB82D1
                                            • ShowWindow.USER32(?,00000004), ref: 00DB82E5
                                            • EnableWindow.USER32(?,00000001), ref: 00DB830B
                                            • SendMessageW.USER32(?,0000130C,00000000,00000000), ref: 00DB832F
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1670591504.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                            • Associated: 00000000.00000002.1670566303.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DBC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670670449.0000000000DEC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670683312.0000000000DF4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                            Similarity
                                            • API ID: Window$Show$Enable$MessageSend
                                            • String ID:
                                            • API String ID: 642888154-0
                                            • Opcode ID: 8af3f90538de443a8d221618029dca17e22a775ac7b2b5fd5876a4943a57b633
                                            • Instruction ID: e3e92b6a3887d659a0883e714b84025fe253d4275cf19c3f46b1a8f4d552c3af
                                            • Opcode Fuzzy Hash: 8af3f90538de443a8d221618029dca17e22a775ac7b2b5fd5876a4943a57b633
                                            • Instruction Fuzzy Hash: B6419138601744EFDB11CF14C899BE47BE4BB0A715F1852A9E51ACB362CB71A841DF74
                                            Function 00D84C7D Relevance: 9.1, APIs: 6, Instructions: 87windowCOMMON
                                            Download Yara Rule
                                            APIs
                                            • IsWindowVisible.USER32(?), ref: 00D84C95
                                            • SendMessageW.USER32(?,0000000E,00000000,00000000), ref: 00D84CB2
                                            • SendMessageW.USER32(?,0000000D,00000001,00000000), ref: 00D84CEA
                                            • _wcslen.LIBCMT ref: 00D84D08
                                            • CharUpperBuffW.USER32(00000000,00000000,?,?,?,?), ref: 00D84D10
                                            • _wcsstr.LIBVCRUNTIME ref: 00D84D1A
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1670591504.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                            • Associated: 00000000.00000002.1670566303.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DBC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670670449.0000000000DEC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670683312.0000000000DF4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                            Similarity
                                            • API ID: MessageSend$BuffCharUpperVisibleWindow_wcslen_wcsstr
                                            • String ID:
                                            • API String ID: 72514467-0
                                            • Opcode ID: 245d47d519d40b2ddf043878b52a393192bb47b505d269ce325a193dbb610b82
                                            • Instruction ID: e9981edf04ac48ad1f16ad251a5ad41fc60ba3ebcf832435a9580d6db7d60360
                                            • Opcode Fuzzy Hash: 245d47d519d40b2ddf043878b52a393192bb47b505d269ce325a193dbb610b82
                                            • Instruction Fuzzy Hash: 5C210872604205FBEB256B39EC49E7B7B9CDF45750F14803AF809DA2A1EA61DC41D7B0
                                            Function 00D9581E Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 336comCOMMON
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 00D23AA2: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00D23A97,?,?,00D22E7F,?,?,?,00000000), ref: 00D23AC2
                                            • _wcslen.LIBCMT ref: 00D9587B
                                            • CoInitialize.OLE32(00000000), ref: 00D95995
                                            • CoCreateInstance.OLE32(00DBFCF8,00000000,00000001,00DBFB68,?), ref: 00D959AE
                                            • CoUninitialize.OLE32 ref: 00D959CC
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1670591504.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                            • Associated: 00000000.00000002.1670566303.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DBC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670670449.0000000000DEC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670683312.0000000000DF4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                            Similarity
                                            • API ID: CreateFullInitializeInstanceNamePathUninitialize_wcslen
                                            • String ID: .lnk
                                            • API String ID: 3172280962-24824748
                                            • Opcode ID: 2d25a222847a7639ede5a9fd2ab2dba2834ddd04a45d801f943cc3ba2b091a1a
                                            • Instruction ID: a9d41195df75ec8991b103a7534838364012cd86aa04c6180816ea473e4845e0
                                            • Opcode Fuzzy Hash: 2d25a222847a7639ede5a9fd2ab2dba2834ddd04a45d801f943cc3ba2b091a1a
                                            • Instruction Fuzzy Hash: 05D16371604701DFCB14DF24D480A2ABBE1FF89718F148969F88A9B361DB31EC05CBA2
                                            Function 00D8175D Relevance: 9.1, APIs: 6, Instructions: 68memoryCOMMON
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 00D80FB4: GetTokenInformation.ADVAPI32(?,00000002,?,00000000,?), ref: 00D80FCA
                                              • Part of subcall function 00D80FB4: GetLastError.KERNEL32(?,00000002,?,00000000,?), ref: 00D80FD6
                                              • Part of subcall function 00D80FB4: GetProcessHeap.KERNEL32(00000008,?,?,00000002,?,00000000,?), ref: 00D80FE5
                                              • Part of subcall function 00D80FB4: HeapAlloc.KERNEL32(00000000,?,00000002,?,00000000,?), ref: 00D80FEC
                                              • Part of subcall function 00D80FB4: GetTokenInformation.ADVAPI32(?,00000002,00000000,?,?,?,00000002,?,00000000,?), ref: 00D81002
                                            • GetLengthSid.ADVAPI32(?,00000000,00D81335), ref: 00D817AE
                                            • GetProcessHeap.KERNEL32(00000008,00000000), ref: 00D817BA
                                            • HeapAlloc.KERNEL32(00000000), ref: 00D817C1
                                            • CopySid.ADVAPI32(00000000,00000000,?), ref: 00D817DA
                                            • GetProcessHeap.KERNEL32(00000000,00000000,00D81335), ref: 00D817EE
                                            • HeapFree.KERNEL32(00000000), ref: 00D817F5
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1670591504.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                            • Associated: 00000000.00000002.1670566303.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DBC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670670449.0000000000DEC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670683312.0000000000DF4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                            Similarity
                                            • API ID: Heap$Process$AllocInformationToken$CopyErrorFreeLastLength
                                            • String ID:
                                            • API String ID: 3008561057-0
                                            • Opcode ID: 8a1eb433b8fae6665c322e4b17e7a8f7280131782de9d947c2cf405fdfed0d3b
                                            • Instruction ID: 95ef2088ca6faf854678b3ec9ad4413d7f6a5d170c1b468af05daab0cd145fab
                                            • Opcode Fuzzy Hash: 8a1eb433b8fae6665c322e4b17e7a8f7280131782de9d947c2cf405fdfed0d3b
                                            • Instruction Fuzzy Hash: F9119776610305EBDB10AFA8DC49BAE7BADFB41795F144119F481E7210C736A949CB70
                                            Function 00D814CE Relevance: 9.1, APIs: 6, Instructions: 64processCOMMON
                                            Download Yara Rule
                                            APIs
                                            • GetCurrentProcess.KERNEL32(0000000A,00000004), ref: 00D814FF
                                            • OpenProcessToken.ADVAPI32(00000000), ref: 00D81506
                                            • CreateEnvironmentBlock.USERENV(?,00000004,00000001), ref: 00D81515
                                            • CloseHandle.KERNEL32(00000004), ref: 00D81520
                                            • CreateProcessWithLogonW.ADVAPI32(?,?,?,00000000,00000000,?,?,00000000,?,?,?), ref: 00D8154F
                                            • DestroyEnvironmentBlock.USERENV(00000000), ref: 00D81563
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1670591504.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                            • Associated: 00000000.00000002.1670566303.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DBC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670670449.0000000000DEC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670683312.0000000000DF4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                            Similarity
                                            • API ID: Process$BlockCreateEnvironment$CloseCurrentDestroyHandleLogonOpenTokenWith
                                            • String ID:
                                            • API String ID: 1413079979-0
                                            • Opcode ID: 44b2fd4b3e1e8f0d14b25903931b4ec12c719e07e60c579a39fc9f75b4e9cbf7
                                            • Instruction ID: 88ab53c62015cf13f98d59cad86c2ea2c046344b9da4da4e01518404a607bed2
                                            • Opcode Fuzzy Hash: 44b2fd4b3e1e8f0d14b25903931b4ec12c719e07e60c579a39fc9f75b4e9cbf7
                                            • Instruction Fuzzy Hash: BD114476504209EBDB119FA8ED49FDE7BADFB48704F084164FA05A2260C371CE659B70
                                            Function 00D43382 Relevance: 9.1, APIs: 6, Instructions: 60COMMONLIBRARYCODE
                                            Download Yara Rule
                                            APIs
                                            • GetLastError.KERNEL32(?,?,00D43379,00D42FE5), ref: 00D43390
                                            • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 00D4339E
                                            • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 00D433B7
                                            • SetLastError.KERNEL32(00000000,?,00D43379,00D42FE5), ref: 00D43409
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1670591504.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                            • Associated: 00000000.00000002.1670566303.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DBC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670670449.0000000000DEC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670683312.0000000000DF4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                            Similarity
                                            • API ID: ErrorLastValue___vcrt_
                                            • String ID:
                                            • API String ID: 3852720340-0
                                            • Opcode ID: 98203d80c355e5002194354629b15d3b166667ac6e7d7a52569779e8265fc740
                                            • Instruction ID: 710ff5feaf65cc2ce3daf3aad421b6425d411b48841c8f26ccaf723ed75031a4
                                            • Opcode Fuzzy Hash: 98203d80c355e5002194354629b15d3b166667ac6e7d7a52569779e8265fc740
                                            • Instruction Fuzzy Hash: E601FC33619312FFAA193B7CBCC9A672A94EB0577A7240329F420C53F1EF114E065974
                                            Function 00D52D74 Relevance: 9.0, APIs: 6, Instructions: 50COMMONLIBRARYCODE
                                            Download Yara Rule
                                            APIs
                                            • GetLastError.KERNEL32(?,?,00D55686,00D63CD6,?,00000000,?,00D55B6A,?,?,?,?,?,00D4E6D1,?,00DE8A48), ref: 00D52D78
                                            • _free.LIBCMT ref: 00D52DAB
                                            • _free.LIBCMT ref: 00D52DD3
                                            • SetLastError.KERNEL32(00000000,?,?,?,?,00D4E6D1,?,00DE8A48,00000010,00D24F4A,?,?,00000000,00D63CD6), ref: 00D52DE0
                                            • SetLastError.KERNEL32(00000000,?,?,?,?,00D4E6D1,?,00DE8A48,00000010,00D24F4A,?,?,00000000,00D63CD6), ref: 00D52DEC
                                            • _abort.LIBCMT ref: 00D52DF2
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1670591504.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                            • Associated: 00000000.00000002.1670566303.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DBC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670670449.0000000000DEC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670683312.0000000000DF4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                            Similarity
                                            • API ID: ErrorLast$_free$_abort
                                            • String ID:
                                            • API String ID: 3160817290-0
                                            • Opcode ID: 050ea2357c84594e538009381bc735ada8545a8721cd43e179ec2999abe54ef8
                                            • Instruction ID: fa4069305cafdc688da0e78df46e5a7be80705a959e7fd3603dadc21ff9a06c9
                                            • Opcode Fuzzy Hash: 050ea2357c84594e538009381bc735ada8545a8721cd43e179ec2999abe54ef8
                                            • Instruction Fuzzy Hash: 6DF0A432544B00A7CE123734AC06E7A2669EBC37B3F29451AFC24E2392EF24880E45B1
                                            Function 00DB8A24 Relevance: 9.0, APIs: 6, Instructions: 49COMMON
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 00D39639: ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,00000000), ref: 00D39693
                                              • Part of subcall function 00D39639: SelectObject.GDI32(?,00000000), ref: 00D396A2
                                              • Part of subcall function 00D39639: BeginPath.GDI32(?), ref: 00D396B9
                                              • Part of subcall function 00D39639: SelectObject.GDI32(?,00000000), ref: 00D396E2
                                            • MoveToEx.GDI32(?,-00000002,00000000,00000000), ref: 00DB8A4E
                                            • LineTo.GDI32(?,00000003,00000000), ref: 00DB8A62
                                            • MoveToEx.GDI32(?,00000000,-00000002,00000000), ref: 00DB8A70
                                            • LineTo.GDI32(?,00000000,00000003), ref: 00DB8A80
                                            • EndPath.GDI32(?), ref: 00DB8A90
                                            • StrokePath.GDI32(?), ref: 00DB8AA0
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1670591504.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                            • Associated: 00000000.00000002.1670566303.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DBC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670670449.0000000000DEC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670683312.0000000000DF4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                            Similarity
                                            • API ID: Path$LineMoveObjectSelect$BeginCreateStroke
                                            • String ID:
                                            • API String ID: 43455801-0
                                            • Opcode ID: e6c9078e6b86dfeb95aedd60490b7911f97874d56e324776e0d66374280f7148
                                            • Instruction ID: 92edfe89094a28f08477bb87a327830faae125ccdba54a6c74487edb7616f57a
                                            • Opcode Fuzzy Hash: e6c9078e6b86dfeb95aedd60490b7911f97874d56e324776e0d66374280f7148
                                            • Instruction Fuzzy Hash: EE11C976400209FFDB129F94DC88EAA7F6DEB08394F048112FA599A2A1C7719D55DFB0
                                            Function 00D851FD Relevance: 9.0, APIs: 6, Instructions: 49COMMON
                                            Download Yara Rule
                                            APIs
                                            • GetDC.USER32(00000000), ref: 00D85218
                                            • GetDeviceCaps.GDI32(00000000,00000058), ref: 00D85229
                                            • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00D85230
                                            • ReleaseDC.USER32(00000000,00000000), ref: 00D85238
                                            • MulDiv.KERNEL32(000009EC,?,00000000), ref: 00D8524F
                                            • MulDiv.KERNEL32(000009EC,00000001,?), ref: 00D85261
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1670591504.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                            • Associated: 00000000.00000002.1670566303.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DBC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670670449.0000000000DEC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670683312.0000000000DF4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                            Similarity
                                            • API ID: CapsDevice$Release
                                            • String ID:
                                            • API String ID: 1035833867-0
                                            • Opcode ID: ef7943ca71cc74323d0fa6d9d700386af4d0c1dbf47db0a19f50b61d3dac1065
                                            • Instruction ID: e5c056e04252ac0821800a6b52a11953b650a283d55ead27fcd5991a425f60d7
                                            • Opcode Fuzzy Hash: ef7943ca71cc74323d0fa6d9d700386af4d0c1dbf47db0a19f50b61d3dac1065
                                            • Instruction Fuzzy Hash: 2B012C75A00718FBEB10ABAA9C49E5EBFA8FB48751F044165FA04E7391DA709800CBB0
                                            Function 00D21BC3 Relevance: 9.0, APIs: 6, Instructions: 44keyboardCOMMON
                                            Download Yara Rule
                                            APIs
                                            • MapVirtualKeyW.USER32(0000005B,00000000), ref: 00D21BF4
                                            • MapVirtualKeyW.USER32(00000010,00000000), ref: 00D21BFC
                                            • MapVirtualKeyW.USER32(000000A0,00000000), ref: 00D21C07
                                            • MapVirtualKeyW.USER32(000000A1,00000000), ref: 00D21C12
                                            • MapVirtualKeyW.USER32(00000011,00000000), ref: 00D21C1A
                                            • MapVirtualKeyW.USER32(00000012,00000000), ref: 00D21C22
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1670591504.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                            • Associated: 00000000.00000002.1670566303.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DBC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670670449.0000000000DEC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670683312.0000000000DF4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                            Similarity
                                            • API ID: Virtual
                                            • String ID:
                                            • API String ID: 4278518827-0
                                            • Opcode ID: b7ad7f1a05bdb09d073672d8ff090e7720a0254190d897b5b861a98548820392
                                            • Instruction ID: 76ba2152f2b0bf421b3b449f1f494d0c58d377d16d26b43da599f84c329f43ba
                                            • Opcode Fuzzy Hash: b7ad7f1a05bdb09d073672d8ff090e7720a0254190d897b5b861a98548820392
                                            • Instruction Fuzzy Hash: 0A016CB0902759BDE3008F5A8C85B52FFA8FF19354F00411B915C47A41C7F5A864CBE5
                                            Function 00D8EB20 Relevance: 9.0, APIs: 6, Instructions: 42windowtimethreadCOMMON
                                            Download Yara Rule
                                            APIs
                                            • PostMessageW.USER32(?,00000010,00000000,00000000), ref: 00D8EB30
                                            • SendMessageTimeoutW.USER32(?,00000010,00000000,00000000,00000002,000001F4,?), ref: 00D8EB46
                                            • GetWindowThreadProcessId.USER32(?,?), ref: 00D8EB55
                                            • OpenProcess.KERNEL32(001F0FFF,00000000,?,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 00D8EB64
                                            • TerminateProcess.KERNEL32(00000000,00000000,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 00D8EB6E
                                            • CloseHandle.KERNEL32(00000000,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 00D8EB75
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1670591504.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                            • Associated: 00000000.00000002.1670566303.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DBC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670670449.0000000000DEC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670683312.0000000000DF4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                            Similarity
                                            • API ID: Process$Message$CloseHandleOpenPostSendTerminateThreadTimeoutWindow
                                            • String ID:
                                            • API String ID: 839392675-0
                                            • Opcode ID: 7801b709da3e9c321d8898ff4798442671fa9ce3101039583d7306e06db5e0f2
                                            • Instruction ID: c58907efe51d7c5c9a1618081d5375d236d05d8af80d1263237a7112e4c5b51d
                                            • Opcode Fuzzy Hash: 7801b709da3e9c321d8898ff4798442671fa9ce3101039583d7306e06db5e0f2
                                            • Instruction Fuzzy Hash: D4F03072250258FBE7215B529C0DEEF3B7CFFCAB51F001259F601E1291E7A05A01C6B5
                                            Function 00D77439 Relevance: 9.0, APIs: 6, Instructions: 37windowCOMMON
                                            Download Yara Rule
                                            APIs
                                            • GetClientRect.USER32(?), ref: 00D77452
                                            • SendMessageW.USER32(?,00001328,00000000,?), ref: 00D77469
                                            • GetWindowDC.USER32(?), ref: 00D77475
                                            • GetPixel.GDI32(00000000,?,?), ref: 00D77484
                                            • ReleaseDC.USER32(?,00000000), ref: 00D77496
                                            • GetSysColor.USER32(00000005), ref: 00D774B0
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1670591504.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                            • Associated: 00000000.00000002.1670566303.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DBC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670670449.0000000000DEC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670683312.0000000000DF4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                            Similarity
                                            • API ID: ClientColorMessagePixelRectReleaseSendWindow
                                            • String ID:
                                            • API String ID: 272304278-0
                                            • Opcode ID: d130b860459e118ce9d9f6ce2e6139340e3db263219deaf488ed9c630a09ccaf
                                            • Instruction ID: cf24414fa8d2320ab4dd8a5265ce1ddf8de24fb79ecc7cbe254de7d84a17c43f
                                            • Opcode Fuzzy Hash: d130b860459e118ce9d9f6ce2e6139340e3db263219deaf488ed9c630a09ccaf
                                            • Instruction Fuzzy Hash: 23017431810205EFEB205FA4DC08FAA7BB6FB04321F655664F91AE22B0CB311E41AB70
                                            Function 00D81874 Relevance: 9.0, APIs: 6, Instructions: 23memorysynchronizationCOMMON
                                            Download Yara Rule
                                            APIs
                                            • WaitForSingleObject.KERNEL32(?,000000FF), ref: 00D8187F
                                            • UnloadUserProfile.USERENV(?,?), ref: 00D8188B
                                            • CloseHandle.KERNEL32(?), ref: 00D81894
                                            • CloseHandle.KERNEL32(?), ref: 00D8189C
                                            • GetProcessHeap.KERNEL32(00000000,?), ref: 00D818A5
                                            • HeapFree.KERNEL32(00000000), ref: 00D818AC
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1670591504.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                            • Associated: 00000000.00000002.1670566303.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DBC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670670449.0000000000DEC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670683312.0000000000DF4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                            Similarity
                                            • API ID: CloseHandleHeap$FreeObjectProcessProfileSingleUnloadUserWait
                                            • String ID:
                                            • API String ID: 146765662-0
                                            • Opcode ID: 5968804e8531050f007bbc6bf5e0946c2bda71a6f7240cc81e2ba57abbd4ee4a
                                            • Instruction ID: 37bd75fbafe72cca3a8c8bc44b68947eea84a2c404c13c5bdd304901f1aac34f
                                            • Opcode Fuzzy Hash: 5968804e8531050f007bbc6bf5e0946c2bda71a6f7240cc81e2ba57abbd4ee4a
                                            • Instruction Fuzzy Hash: 33E0C276114301FBDA015FA5ED0C90ABB69FB59B62B509321F225D1270CB329420DB60
                                            Function 00D8C5D0 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 191windowCOMMON
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 00D27620: _wcslen.LIBCMT ref: 00D27625
                                            • GetMenuItemInfoW.USER32(?,?,00000000,?), ref: 00D8C6EE
                                            • _wcslen.LIBCMT ref: 00D8C735
                                            • SetMenuItemInfoW.USER32(?,?,00000000,?), ref: 00D8C79C
                                            • SetMenuDefaultItem.USER32(?,000000FF,00000000), ref: 00D8C7CA
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1670591504.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                            • Associated: 00000000.00000002.1670566303.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DBC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670670449.0000000000DEC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670683312.0000000000DF4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                            Similarity
                                            • API ID: ItemMenu$Info_wcslen$Default
                                            • String ID: 0
                                            • API String ID: 1227352736-4108050209
                                            • Opcode ID: 257b7ed19f45d257029bdf463e0f7bd830a95af87282106343b1fb1d5ccc9e34
                                            • Instruction ID: 4b539c42382afc29ea57f813dffb8c57fb8da9c388f117228eb71469c965f5a8
                                            • Opcode Fuzzy Hash: 257b7ed19f45d257029bdf463e0f7bd830a95af87282106343b1fb1d5ccc9e34
                                            • Instruction Fuzzy Hash: FF519F71624301DBD724AF28DC85A6B77E4EF59314F082A2DF995D32A1EB70D904CBB2
                                            Function 00D8719E Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 120comlibraryloaderCOMMON
                                            Download Yara Rule
                                            APIs
                                            • CoCreateInstance.OLE32(?,00000000,00000005,?,?,?,?,?,?,?,?,?,?,?), ref: 00D87206
                                            • SetErrorMode.KERNEL32(00000001,?,?,?,?,?,?,?,?,?), ref: 00D8723C
                                            • GetProcAddress.KERNEL32(?,DllGetClassObject), ref: 00D8724D
                                            • SetErrorMode.KERNEL32(00000000,?,?,?,?,?,?,?,?,?), ref: 00D872CF
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1670591504.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                            • Associated: 00000000.00000002.1670566303.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DBC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670670449.0000000000DEC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670683312.0000000000DF4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                            Similarity
                                            • API ID: ErrorMode$AddressCreateInstanceProc
                                            • String ID: DllGetClassObject
                                            • API String ID: 753597075-1075368562
                                            • Opcode ID: ae07b8b754127612db8e42f8bfecf6ffe4c94a8be03540b1b5aed9de8b1c1103
                                            • Instruction ID: f97f7f060efdd383fb04223dc7bf66942695a2de2ab6ff744c4d705d5688af25
                                            • Opcode Fuzzy Hash: ae07b8b754127612db8e42f8bfecf6ffe4c94a8be03540b1b5aed9de8b1c1103
                                            • Instruction Fuzzy Hash: 9B416D71A04204EFDB15EF54C884B9A7BA9EF84350F2580A9BD09EF21AD7B1D944CBB4
                                            Function 00DB3D7C Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 101windowCOMMON
                                            Download Yara Rule
                                            APIs
                                            • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 00DB3E35
                                            • IsMenu.USER32(?), ref: 00DB3E4A
                                            • InsertMenuItemW.USER32(?,?,00000001,00000030), ref: 00DB3E92
                                            • DrawMenuBar.USER32 ref: 00DB3EA5
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1670591504.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                            • Associated: 00000000.00000002.1670566303.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DBC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670670449.0000000000DEC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670683312.0000000000DF4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                            Similarity
                                            • API ID: Menu$Item$DrawInfoInsert
                                            • String ID: 0
                                            • API String ID: 3076010158-4108050209
                                            • Opcode ID: 7bc1d8f63c096bfa3763ae9d8c2f5de100a0e81f0fa4b103ccd9d2d6c240cb10
                                            • Instruction ID: 12156b07377fb1944b45f2762d16eed9ca03994216e910e1b40bac3ef0823d6c
                                            • Opcode Fuzzy Hash: 7bc1d8f63c096bfa3763ae9d8c2f5de100a0e81f0fa4b103ccd9d2d6c240cb10
                                            • Instruction Fuzzy Hash: D14126B5A00249EFDB10DF54D884AEABBB5FB48354F08422AF916AB350D730EE44DF60
                                            Function 00D81DE2 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 93windowCOMMON
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 00D29CB3: _wcslen.LIBCMT ref: 00D29CBD
                                              • Part of subcall function 00D83CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00D83CCA
                                            • SendMessageW.USER32(?,00000188,00000000,00000000), ref: 00D81E66
                                            • SendMessageW.USER32(?,0000018A,00000000,00000000), ref: 00D81E79
                                            • SendMessageW.USER32(?,00000189,?,00000000), ref: 00D81EA9
                                              • Part of subcall function 00D26B57: _wcslen.LIBCMT ref: 00D26B6A
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1670591504.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                            • Associated: 00000000.00000002.1670566303.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DBC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670670449.0000000000DEC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670683312.0000000000DF4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                            Similarity
                                            • API ID: MessageSend$_wcslen$ClassName
                                            • String ID: ComboBox$ListBox
                                            • API String ID: 2081771294-1403004172
                                            • Opcode ID: 7feeb32483b76390c1caa6540264720748ee5d92033d06a75e807cd68c3b79b5
                                            • Instruction ID: 652384a9b345054757c9da210f8e1156b17ffacc0e5820b7971999ae566fb982
                                            • Opcode Fuzzy Hash: 7feeb32483b76390c1caa6540264720748ee5d92033d06a75e807cd68c3b79b5
                                            • Instruction Fuzzy Hash: 19210F75A00208BEDB15BBA4EC56CFFB7BCEF55354B144129F825A32E0DB34490A9730
                                            Function 00DAC9EA Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 91COMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1670591504.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                            • Associated: 00000000.00000002.1670566303.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DBC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670670449.0000000000DEC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670683312.0000000000DF4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                            Similarity
                                            • API ID: _wcslen
                                            • String ID: HKEY_LOCAL_MACHINE$HKLM
                                            • API String ID: 176396367-4004644295
                                            • Opcode ID: 716e2b9daeed35bcdc8c4629062b9b594842f7c609cffa49b3211f20004d6a2a
                                            • Instruction ID: 27eb7bc8365d3b6e8e0d29dc97949e781dc82da3f2e70147e7f692adcbfb23ff
                                            • Opcode Fuzzy Hash: 716e2b9daeed35bcdc8c4629062b9b594842f7c609cffa49b3211f20004d6a2a
                                            • Instruction Fuzzy Hash: FE31F673A2056E8BCB20EF6D98501BE33919BA3774F1D502DE845AB345EA71CE81D7B0
                                            Function 00DB2F17 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 78windowlibraryCOMMON
                                            Download Yara Rule
                                            APIs
                                            • SendMessageW.USER32(00000000,00000467,00000000,?), ref: 00DB2F8D
                                            • LoadLibraryW.KERNEL32(?), ref: 00DB2F94
                                            • SendMessageW.USER32(?,00000467,00000000,00000000), ref: 00DB2FA9
                                            • DestroyWindow.USER32(?), ref: 00DB2FB1
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1670591504.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                            • Associated: 00000000.00000002.1670566303.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DBC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670670449.0000000000DEC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670683312.0000000000DF4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                            Similarity
                                            • API ID: MessageSend$DestroyLibraryLoadWindow
                                            • String ID: SysAnimate32
                                            • API String ID: 3529120543-1011021900
                                            • Opcode ID: 4cc90746d23d39c598877fda3a1ff8c16660b115250572e43b55df884e7cb60d
                                            • Instruction ID: fb564a4817d9c1b137357c9d7724d0f859752c064922ebd7731cb4b84e663c86
                                            • Opcode Fuzzy Hash: 4cc90746d23d39c598877fda3a1ff8c16660b115250572e43b55df884e7cb60d
                                            • Instruction Fuzzy Hash: 4E218672210209EBEB108EA69C84EBB37B9EF5D768F144228FA52D21A0D671DC919770
                                            Function 00D44D6D Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 38libraryloaderCOMMONLIBRARYCODE
                                            Download Yara Rule
                                            APIs
                                            • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,?,00D44D1E,00D528E9,?,00D44CBE,00D528E9,00DE88B8,0000000C,00D44E15,00D528E9,00000002), ref: 00D44D8D
                                            • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 00D44DA0
                                            • FreeLibrary.KERNEL32(00000000,?,?,?,00D44D1E,00D528E9,?,00D44CBE,00D528E9,00DE88B8,0000000C,00D44E15,00D528E9,00000002,00000000), ref: 00D44DC3
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1670591504.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                            • Associated: 00000000.00000002.1670566303.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DBC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670670449.0000000000DEC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670683312.0000000000DF4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                            Similarity
                                            • API ID: AddressFreeHandleLibraryModuleProc
                                            • String ID: CorExitProcess$mscoree.dll
                                            • API String ID: 4061214504-1276376045
                                            • Opcode ID: 99b0e88c4261ecfd9311f30892386394853274cde6ad06db9d84a04c53d1ddf5
                                            • Instruction ID: 9732272c4440ee126b6fd0d7a74f82e8ea256b5a8ed0ceb84890392700699a5d
                                            • Opcode Fuzzy Hash: 99b0e88c4261ecfd9311f30892386394853274cde6ad06db9d84a04c53d1ddf5
                                            • Instruction Fuzzy Hash: 8BF04F35A50308FBDB159F94DC49BADBFB9EF44751F0401A8F909E22A0CB705984CAB0
                                            Function 00D7D3A0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 29libraryloaderCOMMON
                                            Download Yara Rule
                                            APIs
                                            • LoadLibraryA.KERNEL32 ref: 00D7D3AD
                                            • GetProcAddress.KERNEL32(00000000,GetSystemWow64DirectoryW), ref: 00D7D3BF
                                            • FreeLibrary.KERNEL32(00000000), ref: 00D7D3E5
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1670591504.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                            • Associated: 00000000.00000002.1670566303.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DBC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670670449.0000000000DEC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670683312.0000000000DF4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                            Similarity
                                            • API ID: Library$AddressFreeLoadProc
                                            • String ID: GetSystemWow64DirectoryW$X64
                                            • API String ID: 145871493-2590602151
                                            • Opcode ID: 37978a6afdd602e72da946894f7cb849db881a406b6556c2719bee84fef6ffa0
                                            • Instruction ID: b493e9c337017561de6160b8ea714dd9e0658bac4cfc9fb164f33d1f53225a35
                                            • Opcode Fuzzy Hash: 37978a6afdd602e72da946894f7cb849db881a406b6556c2719bee84fef6ffa0
                                            • Instruction Fuzzy Hash: FEF05530805720DBC7701B108C58A6D7336BF00B01F5AD259F84EF2256FB70CC418AB6
                                            Function 00D24E90 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 24libraryloaderCOMMON
                                            Download Yara Rule
                                            APIs
                                            • LoadLibraryA.KERNEL32(kernel32.dll,?,?,00D24EDD,?,00DF1418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00D24E9C
                                            • GetProcAddress.KERNEL32(00000000,Wow64DisableWow64FsRedirection), ref: 00D24EAE
                                            • FreeLibrary.KERNEL32(00000000,?,?,00D24EDD,?,00DF1418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00D24EC0
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1670591504.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                            • Associated: 00000000.00000002.1670566303.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DBC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670670449.0000000000DEC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670683312.0000000000DF4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                            Similarity
                                            • API ID: Library$AddressFreeLoadProc
                                            • String ID: Wow64DisableWow64FsRedirection$kernel32.dll
                                            • API String ID: 145871493-3689287502
                                            • Opcode ID: 3e426f12c4dae978a7dc4412b32979e209476025aeb8eccda2964d430e68376e
                                            • Instruction ID: c7157d75363fc8e77f0747faae597beb77c398d46d828c468310118034e675d1
                                            • Opcode Fuzzy Hash: 3e426f12c4dae978a7dc4412b32979e209476025aeb8eccda2964d430e68376e
                                            • Instruction Fuzzy Hash: FAE08635A11732DBA2311B29BC18A6F6558BF91FA670A0215FC01E2300DBA0CD0641B1
                                            Function 00D24E59 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 22libraryloaderCOMMON
                                            Download Yara Rule
                                            APIs
                                            • LoadLibraryA.KERNEL32(kernel32.dll,?,?,00D63CDE,?,00DF1418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00D24E62
                                            • GetProcAddress.KERNEL32(00000000,Wow64RevertWow64FsRedirection), ref: 00D24E74
                                            • FreeLibrary.KERNEL32(00000000,?,?,00D63CDE,?,00DF1418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00D24E87
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1670591504.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                            • Associated: 00000000.00000002.1670566303.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DBC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670670449.0000000000DEC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670683312.0000000000DF4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                            Similarity
                                            • API ID: Library$AddressFreeLoadProc
                                            • String ID: Wow64RevertWow64FsRedirection$kernel32.dll
                                            • API String ID: 145871493-1355242751
                                            • Opcode ID: dc1cc72053bab87acad03dfe034e01a4c9de737235e622974f2f5f06e5eba8f7
                                            • Instruction ID: c58df7ce439b30b59986175d69880d8dea28cf35de5cbe6d65e2ea4880f701d0
                                            • Opcode Fuzzy Hash: dc1cc72053bab87acad03dfe034e01a4c9de737235e622974f2f5f06e5eba8f7
                                            • Instruction Fuzzy Hash: CED01235512732DB6A621B297C1CD9F6A18BF85B9530A1615FD15F6224CF60CD0285F4
                                            Function 00D92947 Relevance: 7.8, APIs: 5, Instructions: 313fileCOMMON
                                            Download Yara Rule
                                            APIs
                                            • DeleteFileW.KERNEL32(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 00D92C05
                                            • DeleteFileW.KERNEL32(?), ref: 00D92C87
                                            • CopyFileW.KERNEL32(?,?,00000000,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001), ref: 00D92C9D
                                            • DeleteFileW.KERNEL32(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 00D92CAE
                                            • DeleteFileW.KERNEL32(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 00D92CC0
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1670591504.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                            • Associated: 00000000.00000002.1670566303.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DBC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670670449.0000000000DEC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670683312.0000000000DF4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                            Similarity
                                            • API ID: File$Delete$Copy
                                            • String ID:
                                            • API String ID: 3226157194-0
                                            • Opcode ID: a9c644d73b30810f0f99cff68ba5a2f0f8fff14b63fe9b1ccb81a5a7ffff6532
                                            • Instruction ID: 2b09a338636d1393ba39d492b43fd37f9ec4e625d22f1b560a54c0ea25fbf5cb
                                            • Opcode Fuzzy Hash: a9c644d73b30810f0f99cff68ba5a2f0f8fff14b63fe9b1ccb81a5a7ffff6532
                                            • Instruction Fuzzy Hash: F7B13B72D00129ABDF21EBA4DC85EEEBBBDEF49354F1040A6F509E6145EA309A448F71
                                            Function 00DAA387 Relevance: 7.8, APIs: 5, Instructions: 256COMMON
                                            Download Yara Rule
                                            APIs
                                            • GetCurrentProcessId.KERNEL32 ref: 00DAA427
                                            • OpenProcess.KERNEL32(00000410,00000000,00000000), ref: 00DAA435
                                            • GetProcessIoCounters.KERNEL32(00000000,?), ref: 00DAA468
                                            • CloseHandle.KERNEL32(?), ref: 00DAA63D
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1670591504.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                            • Associated: 00000000.00000002.1670566303.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DBC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670670449.0000000000DEC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670683312.0000000000DF4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                            Similarity
                                            • API ID: Process$CloseCountersCurrentHandleOpen
                                            • String ID:
                                            • API String ID: 3488606520-0
                                            • Opcode ID: dbaa8a5970e1d3f04079d2733bd223ff310bb89c58577c5e1614f32858ddfbb3
                                            • Instruction ID: c74903af0adf4a8c32845aca02483b99f510fbf319f9d5c321f4391f33975b86
                                            • Opcode Fuzzy Hash: dbaa8a5970e1d3f04079d2733bd223ff310bb89c58577c5e1614f32858ddfbb3
                                            • Instruction Fuzzy Hash: 74A1A1716043019FD720DF28D886B2AB7E1EF88714F18895DF5599B392D7B0EC41CBA2
                                            Function 00D8E3FB Relevance: 7.7, APIs: 5, Instructions: 167filestringCOMMON
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 00D8DDE0: GetFullPathNameW.KERNEL32(00000000,00007FFF,?,?,?,?,?,?,00D8CF22,?), ref: 00D8DDFD
                                              • Part of subcall function 00D8DDE0: GetFullPathNameW.KERNEL32(?,00007FFF,?,?,?,?,?,00D8CF22,?), ref: 00D8DE16
                                              • Part of subcall function 00D8E199: GetFileAttributesW.KERNEL32(?,00D8CF95), ref: 00D8E19A
                                            • lstrcmpiW.KERNEL32(?,?), ref: 00D8E473
                                            • MoveFileW.KERNEL32(?,?), ref: 00D8E4AC
                                            • _wcslen.LIBCMT ref: 00D8E5EB
                                            • _wcslen.LIBCMT ref: 00D8E603
                                            • SHFileOperationW.SHELL32(?,?,?,?,?,?), ref: 00D8E650
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1670591504.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                            • Associated: 00000000.00000002.1670566303.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DBC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670670449.0000000000DEC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670683312.0000000000DF4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                            Similarity
                                            • API ID: File$FullNamePath_wcslen$AttributesMoveOperationlstrcmpi
                                            • String ID:
                                            • API String ID: 3183298772-0
                                            • Opcode ID: dc55586432080ddd6da9fbde4bb30b248d944cdba9f2afa94968ec20acedeb21
                                            • Instruction ID: fc6599ac501ca0ce327e6465f9ad458adee3d485781ab5af7abf062e3da42fc2
                                            • Opcode Fuzzy Hash: dc55586432080ddd6da9fbde4bb30b248d944cdba9f2afa94968ec20acedeb21
                                            • Instruction Fuzzy Hash: F6514EB24083459BC724EBA4D8919DFB3ECEF94344F04492EF589D3191EE74E6888B76
                                            Function 00DAB9C9 Relevance: 7.7, APIs: 5, Instructions: 167registryCOMMON
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 00D29CB3: _wcslen.LIBCMT ref: 00D29CBD
                                              • Part of subcall function 00DAC998: CharUpperBuffW.USER32(?,?,?,?,?,?,?,00DAB6AE,?,?), ref: 00DAC9B5
                                              • Part of subcall function 00DAC998: _wcslen.LIBCMT ref: 00DAC9F1
                                              • Part of subcall function 00DAC998: _wcslen.LIBCMT ref: 00DACA68
                                              • Part of subcall function 00DAC998: _wcslen.LIBCMT ref: 00DACA9E
                                            • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 00DABAA5
                                            • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 00DABB00
                                            • RegEnumKeyExW.ADVAPI32(?,-00000001,?,?,00000000,00000000,00000000,?), ref: 00DABB63
                                            • RegCloseKey.ADVAPI32(?,?), ref: 00DABBA6
                                            • RegCloseKey.ADVAPI32(00000000), ref: 00DABBB3
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1670591504.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                            • Associated: 00000000.00000002.1670566303.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DBC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670670449.0000000000DEC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670683312.0000000000DF4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                            Similarity
                                            • API ID: _wcslen$Close$BuffCharConnectEnumOpenRegistryUpper
                                            • String ID:
                                            • API String ID: 826366716-0
                                            • Opcode ID: 434ad4d8c18f16733aefed4d880781e3fc40516bece11a75c45759b755b77faa
                                            • Instruction ID: 427c27dfa062b4a876327b5a1a802511abadda487deb4f502f41266c18278e75
                                            • Opcode Fuzzy Hash: 434ad4d8c18f16733aefed4d880781e3fc40516bece11a75c45759b755b77faa
                                            • Instruction Fuzzy Hash: 1B616C31208241AFD714DF14C491E2ABBE5FF85318F58895DF4998B2A2DB31ED46CBB2
                                            Function 00D88BB0 Relevance: 7.7, APIs: 5, Instructions: 159COMMON
                                            Download Yara Rule
                                            APIs
                                            • VariantInit.OLEAUT32(?), ref: 00D88BCD
                                            • VariantClear.OLEAUT32 ref: 00D88C3E
                                            • VariantClear.OLEAUT32 ref: 00D88C9D
                                            • VariantClear.OLEAUT32(?), ref: 00D88D10
                                            • VariantChangeType.OLEAUT32(?,?,00000000,00000013), ref: 00D88D3B
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1670591504.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                            • Associated: 00000000.00000002.1670566303.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DBC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670670449.0000000000DEC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670683312.0000000000DF4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                            Similarity
                                            • API ID: Variant$Clear$ChangeInitType
                                            • String ID:
                                            • API String ID: 4136290138-0
                                            • Opcode ID: f8790250b23060c05f99a3e67b2fbda011340dd91ae1a9c25f6af1c546160baa
                                            • Instruction ID: cf81a5e512ba0f1ae70052ac3d794d1895e513db20ab776034cff9abaf268cfd
                                            • Opcode Fuzzy Hash: f8790250b23060c05f99a3e67b2fbda011340dd91ae1a9c25f6af1c546160baa
                                            • Instruction Fuzzy Hash: 86516BB5A00219EFCB14DF68C894AAAB7F8FF89310B158559F905DB354E730E911CFA0
                                            Function 00D98AFB Relevance: 7.6, APIs: 5, Instructions: 143COMMON
                                            Download Yara Rule
                                            APIs
                                            • GetPrivateProfileSectionW.KERNEL32(00000003,?,00007FFF,?), ref: 00D98BAE
                                            • GetPrivateProfileSectionW.KERNEL32(?,00000003,00000003,?), ref: 00D98BDA
                                            • WritePrivateProfileSectionW.KERNEL32(?,?,?), ref: 00D98C32
                                            • WritePrivateProfileStringW.KERNEL32(00000003,00000000,00000000,?), ref: 00D98C57
                                            • WritePrivateProfileStringW.KERNEL32(00000000,00000000,00000000,?), ref: 00D98C5F
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1670591504.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                            • Associated: 00000000.00000002.1670566303.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DBC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670670449.0000000000DEC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670683312.0000000000DF4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                            Similarity
                                            • API ID: PrivateProfile$SectionWrite$String
                                            • String ID:
                                            • API String ID: 2832842796-0
                                            • Opcode ID: 0d6718bbf6b27961effbab8a60ccb68f95504938116906bad6054aa5b6652a4e
                                            • Instruction ID: b809ddf0df9b9651fc7bdd57d151fb5fced286eb47671c29bd20a55f20c9cb21
                                            • Opcode Fuzzy Hash: 0d6718bbf6b27961effbab8a60ccb68f95504938116906bad6054aa5b6652a4e
                                            • Instruction Fuzzy Hash: 35514835A00219DFCB10DF64D880A69BBF5FF49318F088098E849AB362CB31ED41DBB0
                                            Function 00DA8EE4 Relevance: 7.6, APIs: 5, Instructions: 143libraryloaderCOMMON
                                            Download Yara Rule
                                            APIs
                                            • LoadLibraryW.KERNEL32(?,00000000,?), ref: 00DA8F40
                                            • GetProcAddress.KERNEL32(00000000,?), ref: 00DA8FD0
                                            • GetProcAddress.KERNEL32(00000000,00000000), ref: 00DA8FEC
                                            • GetProcAddress.KERNEL32(00000000,?), ref: 00DA9032
                                            • FreeLibrary.KERNEL32(00000000), ref: 00DA9052
                                              • Part of subcall function 00D3F6C9: WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,00000000,00000000,00000000,?,00000000,?,?,?,00D91043,?,753CE610), ref: 00D3F6E6
                                              • Part of subcall function 00D3F6C9: WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,00D7FA64,00000000,00000000,?,?,00D91043,?,753CE610,?,00D7FA64), ref: 00D3F70D
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1670591504.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                            • Associated: 00000000.00000002.1670566303.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DBC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670670449.0000000000DEC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670683312.0000000000DF4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                            Similarity
                                            • API ID: AddressProc$ByteCharLibraryMultiWide$FreeLoad
                                            • String ID:
                                            • API String ID: 666041331-0
                                            • Opcode ID: 9cf9f3e1417920350e9a2cae2dd8d90690e612cf4bf6cb56e57ef06a64af7955
                                            • Instruction ID: b90fd902a06bd899cea5c784585bfce786ea7faf9c5dca9fb35b30b3d07a3be2
                                            • Opcode Fuzzy Hash: 9cf9f3e1417920350e9a2cae2dd8d90690e612cf4bf6cb56e57ef06a64af7955
                                            • Instruction Fuzzy Hash: C8512835600215DFC715DF58C4948ADFBB1FF5A364F0881A9E80AAB362DB31ED85CBA0
                                            Function 00DB6B76 Relevance: 7.6, APIs: 5, Instructions: 131windowCOMMON
                                            Download Yara Rule
                                            APIs
                                            • SetWindowLongW.USER32(00000002,000000F0,?), ref: 00DB6C33
                                            • SetWindowLongW.USER32(?,000000EC,?), ref: 00DB6C4A
                                            • SendMessageW.USER32(00000002,00001036,00000000,?), ref: 00DB6C73
                                            • ShowWindow.USER32(00000002,00000000,00000002,00000002,?,?,?,?,?,?,?,00D9AB79,00000000,00000000), ref: 00DB6C98
                                            • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000027,00000002,?,00000001,00000002,00000002,?,?,?), ref: 00DB6CC7
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1670591504.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                            • Associated: 00000000.00000002.1670566303.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DBC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670670449.0000000000DEC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670683312.0000000000DF4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                            Similarity
                                            • API ID: Window$Long$MessageSendShow
                                            • String ID:
                                            • API String ID: 3688381893-0
                                            • Opcode ID: 7e5d0e6995560d5dc7b35830a8dc6a692a788e1cd64d7ddf1886672819a7da03
                                            • Instruction ID: 033f434bb82a7a0758005c68513203602710ae7ecc687e207afada289a69819b
                                            • Opcode Fuzzy Hash: 7e5d0e6995560d5dc7b35830a8dc6a692a788e1cd64d7ddf1886672819a7da03
                                            • Instruction Fuzzy Hash: AB418E35A04204EFDB248F28CC59FE97FA5EB09350F190268F996E73A0C775ED41CAA0
                                            Function 00D52051 Relevance: 7.6, APIs: 5, Instructions: 129COMMONLIBRARYCODE
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1670591504.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                            • Associated: 00000000.00000002.1670566303.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DBC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670670449.0000000000DEC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670683312.0000000000DF4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                            Similarity
                                            • API ID: _free
                                            • String ID:
                                            • API String ID: 269201875-0
                                            • Opcode ID: de730e97442db71fc186896fe8d9475f56218dfd1fad55b9db3c7580f797ac46
                                            • Instruction ID: 270ad43bb92b7a9b25859cddc535dbd874e1cb7ab44223adf8808adf05ba9bc5
                                            • Opcode Fuzzy Hash: de730e97442db71fc186896fe8d9475f56218dfd1fad55b9db3c7580f797ac46
                                            • Instruction Fuzzy Hash: EB41B032A002049FCF24DF78C981A6EB7A5EF8A314F194568ED15EB395D731AD09CBA0
                                            Function 00D3912D Relevance: 7.6, APIs: 5, Instructions: 121keyboardCOMMON
                                            Download Yara Rule
                                            APIs
                                            • GetCursorPos.USER32(?), ref: 00D39141
                                            • ScreenToClient.USER32(00000000,?), ref: 00D3915E
                                            • GetAsyncKeyState.USER32(00000001), ref: 00D39183
                                            • GetAsyncKeyState.USER32(00000002), ref: 00D3919D
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1670591504.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                            • Associated: 00000000.00000002.1670566303.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DBC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670670449.0000000000DEC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670683312.0000000000DF4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                            Similarity
                                            • API ID: AsyncState$ClientCursorScreen
                                            • String ID:
                                            • API String ID: 4210589936-0
                                            • Opcode ID: e3f68f728474ffa3e52046f764482dfd4b289db542148fde8968775268668edf
                                            • Instruction ID: 8a04bd79fdba82539012db04b05b88db3c86deacbcee1f091265821124ec6a75
                                            • Opcode Fuzzy Hash: e3f68f728474ffa3e52046f764482dfd4b289db542148fde8968775268668edf
                                            • Instruction Fuzzy Hash: FF414D31A0861AFBDF159F64C858BEEF774FB05320F248629E869A7290D7706950CFB1
                                            Function 00D93874 Relevance: 7.6, APIs: 5, Instructions: 101windowCOMMON
                                            Download Yara Rule
                                            APIs
                                            • GetInputState.USER32 ref: 00D938CB
                                            • TranslateAcceleratorW.USER32(?,00000000,?), ref: 00D93922
                                            • TranslateMessage.USER32(?), ref: 00D9394B
                                            • DispatchMessageW.USER32(?), ref: 00D93955
                                            • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00D93966
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1670591504.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                            • Associated: 00000000.00000002.1670566303.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DBC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670670449.0000000000DEC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670683312.0000000000DF4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                            Similarity
                                            • API ID: Message$Translate$AcceleratorDispatchInputPeekState
                                            • String ID:
                                            • API String ID: 2256411358-0
                                            • Opcode ID: 2f4e6604dee9340aa78594ac35d03cd30d956977b50c653a30513ae9221a070d
                                            • Instruction ID: 40590f7dcc7229cdba7887fcfcf25c18ba31004b0a5f7e0f9843ffc718943f33
                                            • Opcode Fuzzy Hash: 2f4e6604dee9340aa78594ac35d03cd30d956977b50c653a30513ae9221a070d
                                            • Instruction Fuzzy Hash: 4E31A270904341FEEF35CB759848BB637E8EB15304F08466DE4A6C62A0E7B4AA85CF31
                                            Function 00D9CF1A Relevance: 7.6, APIs: 5, Instructions: 93networkfileCOMMON
                                            Download Yara Rule
                                            APIs
                                            • InternetQueryDataAvailable.WININET(?,?,00000000,00000000), ref: 00D9CF38
                                            • InternetReadFile.WININET(?,00000000,?,?), ref: 00D9CF6F
                                            • GetLastError.KERNEL32(?,00000000,?,?,?,00D9C21E,00000000), ref: 00D9CFB4
                                            • SetEvent.KERNEL32(?,?,00000000,?,?,?,00D9C21E,00000000), ref: 00D9CFC8
                                            • SetEvent.KERNEL32(?,?,00000000,?,?,?,00D9C21E,00000000), ref: 00D9CFF2
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1670591504.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                            • Associated: 00000000.00000002.1670566303.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DBC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670670449.0000000000DEC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670683312.0000000000DF4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                            Similarity
                                            • API ID: EventInternet$AvailableDataErrorFileLastQueryRead
                                            • String ID:
                                            • API String ID: 3191363074-0
                                            • Opcode ID: 8bbc1ee6f3e7c063cd87423e649bef932db635557f3961c14bebf2b6a5dcbf9e
                                            • Instruction ID: a7c830f086a44fa59fb7c58e115396b763a172dc529f25f80054e99b3e74dab8
                                            • Opcode Fuzzy Hash: 8bbc1ee6f3e7c063cd87423e649bef932db635557f3961c14bebf2b6a5dcbf9e
                                            • Instruction Fuzzy Hash: 76313A71A15205EFDF20DFA5D8849AABBF9EF14350B14542EF546D2251EB30EE409B70
                                            Function 00D81901 Relevance: 7.6, APIs: 5, Instructions: 93sleepwindowCOMMON
                                            Download Yara Rule
                                            APIs
                                            • GetWindowRect.USER32(?,?), ref: 00D81915
                                            • PostMessageW.USER32(00000001,00000201,00000001), ref: 00D819C1
                                            • Sleep.KERNEL32(00000000,?,?,?), ref: 00D819C9
                                            • PostMessageW.USER32(00000001,00000202,00000000), ref: 00D819DA
                                            • Sleep.KERNEL32(00000000,?,?,?,?), ref: 00D819E2
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1670591504.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                            • Associated: 00000000.00000002.1670566303.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DBC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670670449.0000000000DEC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670683312.0000000000DF4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                            Similarity
                                            • API ID: MessagePostSleep$RectWindow
                                            • String ID:
                                            • API String ID: 3382505437-0
                                            • Opcode ID: 9d10b38b01770133bd534fd121c875793abb1440b65d87b350446bb7b27676c8
                                            • Instruction ID: b3f85e784e47ee94143fbc0630d4a9d984e499f577baf7a3ffaad832d16489fb
                                            • Opcode Fuzzy Hash: 9d10b38b01770133bd534fd121c875793abb1440b65d87b350446bb7b27676c8
                                            • Instruction Fuzzy Hash: E0319E75A00219EFCB00EFA8C999AAE3BB9EB04315F144225F961E72D1C7709949CBA0
                                            Function 00DB5706 Relevance: 7.6, APIs: 5, Instructions: 82windowCOMMON
                                            Download Yara Rule
                                            APIs
                                            • SendMessageW.USER32(?,00001053,000000FF,?), ref: 00DB5745
                                            • SendMessageW.USER32(?,00001074,?,00000001), ref: 00DB579D
                                            • _wcslen.LIBCMT ref: 00DB57AF
                                            • _wcslen.LIBCMT ref: 00DB57BA
                                            • SendMessageW.USER32(?,00001002,00000000,?), ref: 00DB5816
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1670591504.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                            • Associated: 00000000.00000002.1670566303.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DBC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670670449.0000000000DEC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670683312.0000000000DF4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                            Similarity
                                            • API ID: MessageSend$_wcslen
                                            • String ID:
                                            • API String ID: 763830540-0
                                            • Opcode ID: f9893bef12041cecf78c240a706f5224b6cdbc6d82d21a45c6bb472319c507f2
                                            • Instruction ID: 26143f994c5041f7d1df6080473f4b33cb42cd00fa05469114ff3beb03bcc6b3
                                            • Opcode Fuzzy Hash: f9893bef12041cecf78c240a706f5224b6cdbc6d82d21a45c6bb472319c507f2
                                            • Instruction Fuzzy Hash: A9217175904618EBDB209FA0EC85BEE77B8FF05724F148216E92AEB184D7708985CF70
                                            Function 00DA0930 Relevance: 7.6, APIs: 5, Instructions: 69COMMON
                                            Download Yara Rule
                                            APIs
                                            • IsWindow.USER32(00000000), ref: 00DA0951
                                            • GetForegroundWindow.USER32 ref: 00DA0968
                                            • GetDC.USER32(00000000), ref: 00DA09A4
                                            • GetPixel.GDI32(00000000,?,00000003), ref: 00DA09B0
                                            • ReleaseDC.USER32(00000000,00000003), ref: 00DA09E8
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1670591504.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                            • Associated: 00000000.00000002.1670566303.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DBC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670670449.0000000000DEC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670683312.0000000000DF4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                            Similarity
                                            • API ID: Window$ForegroundPixelRelease
                                            • String ID:
                                            • API String ID: 4156661090-0
                                            • Opcode ID: a719eac2b997a52d22a51eba519645ab3af4d5c94729da906269283356fd4a9b
                                            • Instruction ID: 1768a078fe6a061b2909d7e340a6a1115be14d1973055195c80de9496c8668cc
                                            • Opcode Fuzzy Hash: a719eac2b997a52d22a51eba519645ab3af4d5c94729da906269283356fd4a9b
                                            • Instruction Fuzzy Hash: 0C214C35600214EFD704EF69D885AAEBBE9EF49700F048169E84AD7762CB70AC04CB70
                                            Function 00D5CDBD Relevance: 7.6, APIs: 5, Instructions: 68COMMON
                                            Download Yara Rule
                                            APIs
                                            • GetEnvironmentStringsW.KERNEL32 ref: 00D5CDC6
                                            • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00D5CDE9
                                              • Part of subcall function 00D53820: RtlAllocateHeap.NTDLL(00000000,?,00DF1444,?,00D3FDF5,?,?,00D2A976,00000010,00DF1440,00D213FC,?,00D213C6,?,00D21129), ref: 00D53852
                                            • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,00000000,00000000), ref: 00D5CE0F
                                            • _free.LIBCMT ref: 00D5CE22
                                            • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 00D5CE31
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1670591504.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                            • Associated: 00000000.00000002.1670566303.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DBC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670670449.0000000000DEC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670683312.0000000000DF4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                            Similarity
                                            • API ID: ByteCharEnvironmentMultiStringsWide$AllocateFreeHeap_free
                                            • String ID:
                                            • API String ID: 336800556-0
                                            • Opcode ID: fa6c29fb0dc4aa61d864cf976d411aa6ae63ec476f08c29ebfce6a112baf369e
                                            • Instruction ID: 31fbe1495178e56cb3944ec52a364259185e9468bc1888993034a964c941e50e
                                            • Opcode Fuzzy Hash: fa6c29fb0dc4aa61d864cf976d411aa6ae63ec476f08c29ebfce6a112baf369e
                                            • Instruction Fuzzy Hash: 4501A772621315BF2B2117BA6C8ED7F7E6DEEC6BE23191229FD05D7301EA618D0581B0
                                            Function 00D39639 Relevance: 7.6, APIs: 5, Instructions: 66COMMON
                                            Download Yara Rule
                                            APIs
                                            • ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,00000000), ref: 00D39693
                                            • SelectObject.GDI32(?,00000000), ref: 00D396A2
                                            • BeginPath.GDI32(?), ref: 00D396B9
                                            • SelectObject.GDI32(?,00000000), ref: 00D396E2
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1670591504.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                            • Associated: 00000000.00000002.1670566303.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DBC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670670449.0000000000DEC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670683312.0000000000DF4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                            Similarity
                                            • API ID: ObjectSelect$BeginCreatePath
                                            • String ID:
                                            • API String ID: 3225163088-0
                                            • Opcode ID: ca7413ae2127f683b0156953e5f8c68998ac6c5345ab5ff355ee44d8f8db8eb4
                                            • Instruction ID: 865a16e47eac4287d0edbbd49f9fd2d279ed4b784b04278bcbb3c438bdfd3e94
                                            • Opcode Fuzzy Hash: ca7413ae2127f683b0156953e5f8c68998ac6c5345ab5ff355ee44d8f8db8eb4
                                            • Instruction Fuzzy Hash: 94214F74812305EBDB119F69ED257B9BBA8BB50365F148316F424E62A0D3F09891CFF4
                                            Function 00D85711 Relevance: 7.6, APIs: 5, Instructions: 61COMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1670591504.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                            • Associated: 00000000.00000002.1670566303.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DBC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670670449.0000000000DEC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670683312.0000000000DF4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                            Similarity
                                            • API ID: _memcmp
                                            • String ID:
                                            • API String ID: 2931989736-0
                                            • Opcode ID: 66641a50400577ad1921113487f8f300af7a164d1ffd3b98075a7d5dd283c3cb
                                            • Instruction ID: a9ec3da1228695ee4f9ada88ab45a6587091188f43fb185c086c348e2618c9aa
                                            • Opcode Fuzzy Hash: 66641a50400577ad1921113487f8f300af7a164d1ffd3b98075a7d5dd283c3cb
                                            • Instruction Fuzzy Hash: 3901B1AA641A09FFE2086A11ED82FFB735CDB217A4F548030FD099A245F760ED5483B4
                                            Function 00D52DF8 Relevance: 7.6, APIs: 5, Instructions: 53COMMONLIBRARYCODE
                                            Download Yara Rule
                                            APIs
                                            • GetLastError.KERNEL32(?,?,?,00D4F2DE,00D53863,00DF1444,?,00D3FDF5,?,?,00D2A976,00000010,00DF1440,00D213FC,?,00D213C6), ref: 00D52DFD
                                            • _free.LIBCMT ref: 00D52E32
                                            • _free.LIBCMT ref: 00D52E59
                                            • SetLastError.KERNEL32(00000000,00D21129), ref: 00D52E66
                                            • SetLastError.KERNEL32(00000000,00D21129), ref: 00D52E6F
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1670591504.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                            • Associated: 00000000.00000002.1670566303.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DBC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670670449.0000000000DEC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670683312.0000000000DF4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                            Similarity
                                            • API ID: ErrorLast$_free
                                            • String ID:
                                            • API String ID: 3170660625-0
                                            • Opcode ID: b883d5e86e83977b4cd00b2b23174f6c149fdded3288c4e8a987f8fd59c89486
                                            • Instruction ID: cbfbe3205fc1bc4512d07136b9a917e4b9b3add347c8ce1cb3f46694b397865f
                                            • Opcode Fuzzy Hash: b883d5e86e83977b4cd00b2b23174f6c149fdded3288c4e8a987f8fd59c89486
                                            • Instruction Fuzzy Hash: 82018132245B00AB8E1267746C87D7B2699EBD33A7B694129FC65E2392EF64D80D4530
                                            Function 00D8000E Relevance: 7.5, APIs: 5, Instructions: 47stringCOMMON
                                            Download Yara Rule
                                            APIs
                                            • CLSIDFromProgID.OLE32(?,?,?,00000000,?,?,?,-C000001E,00000001,?,00D7FF41,80070057,?,?,?,00D8035E), ref: 00D8002B
                                            • ProgIDFromCLSID.OLE32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,00D7FF41,80070057,?,?), ref: 00D80046
                                            • lstrcmpiW.KERNEL32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,00D7FF41,80070057,?,?), ref: 00D80054
                                            • CoTaskMemFree.OLE32(00000000,?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,00D7FF41,80070057,?), ref: 00D80064
                                            • CLSIDFromString.OLE32(?,?,?,?,?,00000000,?,?,?,-C000001E,00000001,?,00D7FF41,80070057,?,?), ref: 00D80070
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1670591504.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                            • Associated: 00000000.00000002.1670566303.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DBC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670670449.0000000000DEC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670683312.0000000000DF4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                            Similarity
                                            • API ID: From$Prog$FreeStringTasklstrcmpi
                                            • String ID:
                                            • API String ID: 3897988419-0
                                            • Opcode ID: 28e64dff29ffa8d7848a93a6ee9e9a5623d463335f334a816e4a21c14116ea38
                                            • Instruction ID: 7430f3920faab0b635b03a63d64744f76f9551d50a213cff0873bacb932844b7
                                            • Opcode Fuzzy Hash: 28e64dff29ffa8d7848a93a6ee9e9a5623d463335f334a816e4a21c14116ea38
                                            • Instruction Fuzzy Hash: 3F0178B6610304EFDB516F68DC04BAA7EADEF48792F185224F905D6210E771DD449BB0
                                            Function 00D8E97B Relevance: 7.5, APIs: 5, Instructions: 47sleepCOMMON
                                            Download Yara Rule
                                            APIs
                                            • QueryPerformanceCounter.KERNEL32(?), ref: 00D8E997
                                            • QueryPerformanceFrequency.KERNEL32(?), ref: 00D8E9A5
                                            • Sleep.KERNEL32(00000000), ref: 00D8E9AD
                                            • QueryPerformanceCounter.KERNEL32(?), ref: 00D8E9B7
                                            • Sleep.KERNEL32 ref: 00D8E9F3
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1670591504.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                            • Associated: 00000000.00000002.1670566303.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DBC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670670449.0000000000DEC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670683312.0000000000DF4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                            Similarity
                                            • API ID: PerformanceQuery$CounterSleep$Frequency
                                            • String ID:
                                            • API String ID: 2833360925-0
                                            • Opcode ID: 424001c61eebff82acaa3304b002064731f0f9d00fe610cf645e4f8475af50d5
                                            • Instruction ID: 9ff4f5afe7e44f34e3f5617d96bf4d0bc1eea5ab6d52160ae18cc6bb725cb06e
                                            • Opcode Fuzzy Hash: 424001c61eebff82acaa3304b002064731f0f9d00fe610cf645e4f8475af50d5
                                            • Instruction Fuzzy Hash: 33011331D01629DBCF00BBE9ED59AEDFBB8FB09701F000656E942B2241CB7096548FB1
                                            Function 00D810F9 Relevance: 7.5, APIs: 5, Instructions: 46memoryCOMMON
                                            Download Yara Rule
                                            APIs
                                            • GetUserObjectSecurity.USER32(?,00000004,?,00000000,?), ref: 00D81114
                                            • GetLastError.KERNEL32(?,00000000,00000000,?,?,00D80B9B,?,?,?), ref: 00D81120
                                            • GetProcessHeap.KERNEL32(00000008,?,?,00000000,00000000,?,?,00D80B9B,?,?,?), ref: 00D8112F
                                            • HeapAlloc.KERNEL32(00000000,?,00000000,00000000,?,?,00D80B9B,?,?,?), ref: 00D81136
                                            • GetUserObjectSecurity.USER32(?,00000004,00000000,?,?), ref: 00D8114D
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1670591504.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                            • Associated: 00000000.00000002.1670566303.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DBC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670670449.0000000000DEC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670683312.0000000000DF4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                            Similarity
                                            • API ID: HeapObjectSecurityUser$AllocErrorLastProcess
                                            • String ID:
                                            • API String ID: 842720411-0
                                            • Opcode ID: bce8009ae25f7a156796f7427f1479d11d5e9bfd2147fa65c571931044b390b1
                                            • Instruction ID: e63394c1a481a3916929b06bc4573e00e4057d6de06d35960702fe5326ccb899
                                            • Opcode Fuzzy Hash: bce8009ae25f7a156796f7427f1479d11d5e9bfd2147fa65c571931044b390b1
                                            • Instruction Fuzzy Hash: DA014679200305EFDB115BA8DC4DAAA3B6EFF893A0B240419FA45D2360DA31DC008A70
                                            Function 00D80FB4 Relevance: 7.5, APIs: 5, Instructions: 43memoryCOMMON
                                            Download Yara Rule
                                            APIs
                                            • GetTokenInformation.ADVAPI32(?,00000002,?,00000000,?), ref: 00D80FCA
                                            • GetLastError.KERNEL32(?,00000002,?,00000000,?), ref: 00D80FD6
                                            • GetProcessHeap.KERNEL32(00000008,?,?,00000002,?,00000000,?), ref: 00D80FE5
                                            • HeapAlloc.KERNEL32(00000000,?,00000002,?,00000000,?), ref: 00D80FEC
                                            • GetTokenInformation.ADVAPI32(?,00000002,00000000,?,?,?,00000002,?,00000000,?), ref: 00D81002
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1670591504.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                            • Associated: 00000000.00000002.1670566303.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DBC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670670449.0000000000DEC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670683312.0000000000DF4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                            Similarity
                                            • API ID: HeapInformationToken$AllocErrorLastProcess
                                            • String ID:
                                            • API String ID: 44706859-0
                                            • Opcode ID: c203ac529086b9ae696e8925b0c7790e815f1cb6a3f7cde915f6149b61408079
                                            • Instruction ID: e62858339f111c7150266aa49de85e9e5c37d82beeea4a2ab539277dfdffb847
                                            • Opcode Fuzzy Hash: c203ac529086b9ae696e8925b0c7790e815f1cb6a3f7cde915f6149b61408079
                                            • Instruction Fuzzy Hash: 97F04979210302EBDB216FA89C4AF5A3BADFF89762F144525FA45D6351CA70DC418A70
                                            Function 00D81014 Relevance: 7.5, APIs: 5, Instructions: 43memoryCOMMON
                                            Download Yara Rule
                                            APIs
                                            • GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),?,00000000,?), ref: 00D8102A
                                            • GetLastError.KERNEL32(?,TokenIntegrityLevel,?,00000000,?), ref: 00D81036
                                            • GetProcessHeap.KERNEL32(00000008,?,?,TokenIntegrityLevel,?,00000000,?), ref: 00D81045
                                            • HeapAlloc.KERNEL32(00000000,?,TokenIntegrityLevel,?,00000000,?), ref: 00D8104C
                                            • GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),00000000,?,?,?,TokenIntegrityLevel,?,00000000,?), ref: 00D81062
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1670591504.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                            • Associated: 00000000.00000002.1670566303.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DBC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670670449.0000000000DEC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670683312.0000000000DF4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                            Similarity
                                            • API ID: HeapInformationToken$AllocErrorLastProcess
                                            • String ID:
                                            • API String ID: 44706859-0
                                            • Opcode ID: 36707b78a1914fc1e4be9651dabc7c018388c77e740627c3d4711768b4c743f8
                                            • Instruction ID: 10a3a11a5474c4124542407f729d94b6692b503148ec7411001fb76ce7143514
                                            • Opcode Fuzzy Hash: 36707b78a1914fc1e4be9651dabc7c018388c77e740627c3d4711768b4c743f8
                                            • Instruction Fuzzy Hash: 49F04979210301EBDB216FA8EC4AF5B3BADFF89761F140525FA45D6350CA70D8418A70
                                            Function 00D9030F Relevance: 7.5, APIs: 6, Instructions: 41COMMON
                                            Download Yara Rule
                                            APIs
                                            • CloseHandle.KERNEL32(?,?,?,?,00D9017D,?,00D932FC,?,00000001,00D62592,?), ref: 00D90324
                                            • CloseHandle.KERNEL32(?,?,?,?,00D9017D,?,00D932FC,?,00000001,00D62592,?), ref: 00D90331
                                            • CloseHandle.KERNEL32(?,?,?,?,00D9017D,?,00D932FC,?,00000001,00D62592,?), ref: 00D9033E
                                            • CloseHandle.KERNEL32(?,?,?,?,00D9017D,?,00D932FC,?,00000001,00D62592,?), ref: 00D9034B
                                            • CloseHandle.KERNEL32(?,?,?,?,00D9017D,?,00D932FC,?,00000001,00D62592,?), ref: 00D90358
                                            • CloseHandle.KERNEL32(?,?,?,?,00D9017D,?,00D932FC,?,00000001,00D62592,?), ref: 00D90365
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1670591504.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                            • Associated: 00000000.00000002.1670566303.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DBC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670670449.0000000000DEC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670683312.0000000000DF4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                            Similarity
                                            • API ID: CloseHandle
                                            • String ID:
                                            • API String ID: 2962429428-0
                                            • Opcode ID: 6b15499f2419e1976bb8daf82185dc1adec0c85145e1d87ffa22d23c8d46a4b0
                                            • Instruction ID: cbfcfeb8a793e4c97aa7cd07d0cf50b15d0b63462031573b4e415f64cebd7a3f
                                            • Opcode Fuzzy Hash: 6b15499f2419e1976bb8daf82185dc1adec0c85145e1d87ffa22d23c8d46a4b0
                                            • Instruction Fuzzy Hash: F801AE72800B15DFCB30AF66E880816FBF9BF603153198A3FD19652931C3B1A958DFA0
                                            Function 00D5D73A Relevance: 7.5, APIs: 5, Instructions: 40COMMONLIBRARYCODE
                                            Download Yara Rule
                                            APIs
                                            • _free.LIBCMT ref: 00D5D752
                                              • Part of subcall function 00D529C8: RtlFreeHeap.NTDLL(00000000,00000000,?,00D5D7D1,00000000,00000000,00000000,00000000,?,00D5D7F8,00000000,00000007,00000000,?,00D5DBF5,00000000), ref: 00D529DE
                                              • Part of subcall function 00D529C8: GetLastError.KERNEL32(00000000,?,00D5D7D1,00000000,00000000,00000000,00000000,?,00D5D7F8,00000000,00000007,00000000,?,00D5DBF5,00000000,00000000), ref: 00D529F0
                                            • _free.LIBCMT ref: 00D5D764
                                            • _free.LIBCMT ref: 00D5D776
                                            • _free.LIBCMT ref: 00D5D788
                                            • _free.LIBCMT ref: 00D5D79A
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1670591504.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                            • Associated: 00000000.00000002.1670566303.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DBC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670670449.0000000000DEC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670683312.0000000000DF4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                            Similarity
                                            • API ID: _free$ErrorFreeHeapLast
                                            • String ID:
                                            • API String ID: 776569668-0
                                            • Opcode ID: e6a9b2993f8f31ecf1a50c897ee0e952bfc80b7d253a9823dcbbbdda09ff6e30
                                            • Instruction ID: 35f0d342b203d01286a627a039ebc314e0bdbe341c2dbef3d75139aaa87fc956
                                            • Opcode Fuzzy Hash: e6a9b2993f8f31ecf1a50c897ee0e952bfc80b7d253a9823dcbbbdda09ff6e30
                                            • Instruction Fuzzy Hash: B6F03132550348AB8A25FB54F9C1C567BDEFB093127A81805FC55E7602C730FC888E70
                                            Function 00D85C44 Relevance: 7.5, APIs: 5, Instructions: 40windowtimeCOMMON
                                            Download Yara Rule
                                            APIs
                                            • GetDlgItem.USER32(?,000003E9), ref: 00D85C58
                                            • GetWindowTextW.USER32(00000000,?,00000100), ref: 00D85C6F
                                            • MessageBeep.USER32(00000000), ref: 00D85C87
                                            • KillTimer.USER32(?,0000040A), ref: 00D85CA3
                                            • EndDialog.USER32(?,00000001), ref: 00D85CBD
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1670591504.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                            • Associated: 00000000.00000002.1670566303.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DBC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670670449.0000000000DEC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670683312.0000000000DF4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                            Similarity
                                            • API ID: BeepDialogItemKillMessageTextTimerWindow
                                            • String ID:
                                            • API String ID: 3741023627-0
                                            • Opcode ID: 6fd488f0a1b1bc218bd6113958a8630e7ed71e9bcef672c4cc41a74dd130e102
                                            • Instruction ID: b7d0d3658e5f401b3f0ce44e6ad43277cc86679ea2ed955b147c9749f19237af
                                            • Opcode Fuzzy Hash: 6fd488f0a1b1bc218bd6113958a8630e7ed71e9bcef672c4cc41a74dd130e102
                                            • Instruction Fuzzy Hash: A4018130510B04EBEB216B10ED4EFA677B8BB00B05F042699A583A15E1DBF0A9848FB0
                                            Function 00D522A0 Relevance: 7.5, APIs: 5, Instructions: 30COMMON
                                            Download Yara Rule
                                            APIs
                                            • _free.LIBCMT ref: 00D522BE
                                              • Part of subcall function 00D529C8: RtlFreeHeap.NTDLL(00000000,00000000,?,00D5D7D1,00000000,00000000,00000000,00000000,?,00D5D7F8,00000000,00000007,00000000,?,00D5DBF5,00000000), ref: 00D529DE
                                              • Part of subcall function 00D529C8: GetLastError.KERNEL32(00000000,?,00D5D7D1,00000000,00000000,00000000,00000000,?,00D5D7F8,00000000,00000007,00000000,?,00D5DBF5,00000000,00000000), ref: 00D529F0
                                            • _free.LIBCMT ref: 00D522D0
                                            • _free.LIBCMT ref: 00D522E3
                                            • _free.LIBCMT ref: 00D522F4
                                            • _free.LIBCMT ref: 00D52305
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1670591504.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                            • Associated: 00000000.00000002.1670566303.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DBC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670670449.0000000000DEC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670683312.0000000000DF4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                            Similarity
                                            • API ID: _free$ErrorFreeHeapLast
                                            • String ID:
                                            • API String ID: 776569668-0
                                            • Opcode ID: 6c93891cea8764cff9937a5934ed6f5bbadf26d2c46172cb61d2159c266d56bc
                                            • Instruction ID: 5ce7b1dc0f3987dfc6a5b50dc6f245471d02b486ed0e46914f743079a904f870
                                            • Opcode Fuzzy Hash: 6c93891cea8764cff9937a5934ed6f5bbadf26d2c46172cb61d2159c266d56bc
                                            • Instruction Fuzzy Hash: AAF01D784503509B8A12BF94AC4287C3F64FB19752B04550AFC10E7372C731041ADFB8
                                            Function 00D395C5 Relevance: 7.5, APIs: 5, Instructions: 29COMMON
                                            Download Yara Rule
                                            APIs
                                            • EndPath.GDI32(?), ref: 00D395D4
                                            • StrokeAndFillPath.GDI32(?,?,00D771F7,00000000,?,?,?), ref: 00D395F0
                                            • SelectObject.GDI32(?,00000000), ref: 00D39603
                                            • DeleteObject.GDI32 ref: 00D39616
                                            • StrokePath.GDI32(?), ref: 00D39631
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1670591504.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                            • Associated: 00000000.00000002.1670566303.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DBC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670670449.0000000000DEC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670683312.0000000000DF4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                            Similarity
                                            • API ID: Path$ObjectStroke$DeleteFillSelect
                                            • String ID:
                                            • API String ID: 2625713937-0
                                            • Opcode ID: bfd160f3bb2ef45dfc05e88745ed455bfded8054495eda99d17042bc25d88d8a
                                            • Instruction ID: 43539435bdcb924eb8e5f73243f081349cf064a492a7b1f824aa9601bc139de6
                                            • Opcode Fuzzy Hash: bfd160f3bb2ef45dfc05e88745ed455bfded8054495eda99d17042bc25d88d8a
                                            • Instruction Fuzzy Hash: 45F01939006304EBDB126F69ED287793B65BB10362F048314F465D52F0CBB08991DFB0
                                            Function 00D50F47 Relevance: 7.4, APIs: 2, Strings: 2, Instructions: 389COMMONLIBRARYCODE
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1670591504.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                            • Associated: 00000000.00000002.1670566303.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DBC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670670449.0000000000DEC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670683312.0000000000DF4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                            Similarity
                                            • API ID: __freea$_free
                                            • String ID: a/p$am/pm
                                            • API String ID: 3432400110-3206640213
                                            • Opcode ID: 26d3598dc3fecd829600eabb3a84e268416bbbd9d800b53eff1e7bb1abce5fb7
                                            • Instruction ID: b1b7baf0315b816ce18ae094f80591b2cfb51007358474cc6096a2cce435e222
                                            • Opcode Fuzzy Hash: 26d3598dc3fecd829600eabb3a84e268416bbbd9d800b53eff1e7bb1abce5fb7
                                            • Instruction Fuzzy Hash: 63D1F439900206DAEF249F68C865BFEB7B1FF05702F280259ED419B650D7759D88CBB1
                                            Function 00DA7B7E Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 230COMMON
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 00D40242: EnterCriticalSection.KERNEL32(00DF070C,00DF1884,?,?,00D3198B,00DF2518,?,?,?,00D212F9,00000000), ref: 00D4024D
                                              • Part of subcall function 00D40242: LeaveCriticalSection.KERNEL32(00DF070C,?,00D3198B,00DF2518,?,?,?,00D212F9,00000000), ref: 00D4028A
                                              • Part of subcall function 00D29CB3: _wcslen.LIBCMT ref: 00D29CBD
                                              • Part of subcall function 00D400A3: __onexit.LIBCMT ref: 00D400A9
                                            • __Init_thread_footer.LIBCMT ref: 00DA7BFB
                                              • Part of subcall function 00D401F8: EnterCriticalSection.KERNEL32(00DF070C,?,?,00D38747,00DF2514), ref: 00D40202
                                              • Part of subcall function 00D401F8: LeaveCriticalSection.KERNEL32(00DF070C,?,00D38747,00DF2514), ref: 00D40235
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1670591504.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                            • Associated: 00000000.00000002.1670566303.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DBC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670670449.0000000000DEC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670683312.0000000000DF4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                            Similarity
                                            • API ID: CriticalSection$EnterLeave$Init_thread_footer__onexit_wcslen
                                            • String ID: 5$G$Variable must be of type 'Object'.
                                            • API String ID: 535116098-3733170431
                                            • Opcode ID: f5705daa44e1117e3edc666b0037e7845591c7f83e8a296dd7f80aa8c6664d57
                                            • Instruction ID: 499860a3b402524a0f551e4fb51ed100dcfbb54de199ffb5e3e137de6984eb06
                                            • Opcode Fuzzy Hash: f5705daa44e1117e3edc666b0037e7845591c7f83e8a296dd7f80aa8c6664d57
                                            • Instruction Fuzzy Hash: 12915774A04209EFCB14EF94D8919ADBBB1FF4A304F148059F846AB292DB71AE45CB71
                                            Function 00D82716 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 121windowCOMMON
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 00D8B403: WriteProcessMemory.KERNEL32(?,?,?,00000000,00000000,00000000,?,00D821D0,?,?,00000034,00000800,?,00000034), ref: 00D8B42D
                                            • SendMessageW.USER32(?,00001104,00000000,00000000), ref: 00D82760
                                              • Part of subcall function 00D8B3CE: ReadProcessMemory.KERNEL32(?,?,?,00000000,00000000,00000000,?,00D821FF,?,?,00000800,?,00001073,00000000,?,?), ref: 00D8B3F8
                                              • Part of subcall function 00D8B32A: GetWindowThreadProcessId.USER32(?,?), ref: 00D8B355
                                              • Part of subcall function 00D8B32A: OpenProcess.KERNEL32(00000438,00000000,?,?,?,00D82194,00000034,?,?,00001004,00000000,00000000), ref: 00D8B365
                                              • Part of subcall function 00D8B32A: VirtualAllocEx.KERNEL32(00000000,00000000,?,00001000,00000004,?,?,00D82194,00000034,?,?,00001004,00000000,00000000), ref: 00D8B37B
                                            • SendMessageW.USER32(?,00001111,00000000,00000000), ref: 00D827CD
                                            • SendMessageW.USER32(?,00001111,00000000,00000000), ref: 00D8281A
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1670591504.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                            • Associated: 00000000.00000002.1670566303.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DBC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670670449.0000000000DEC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670683312.0000000000DF4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                            Similarity
                                            • API ID: Process$MessageSend$Memory$AllocOpenReadThreadVirtualWindowWrite
                                            • String ID: @
                                            • API String ID: 4150878124-2766056989
                                            • Opcode ID: 10a228806cdf058b3a11db48221ff0fdf201ed9e3fce1fc940e5045ed39febc1
                                            • Instruction ID: 518a9a32f7b2eb9d2f48afa0b73f006d9441197ec607378892c957f262e85a76
                                            • Opcode Fuzzy Hash: 10a228806cdf058b3a11db48221ff0fdf201ed9e3fce1fc940e5045ed39febc1
                                            • Instruction Fuzzy Hash: 40413B76900218BFDB10EBA4CD86AEEBBB8EF09710F004095FA55B7191DB706E45CBB0
                                            Function 00D5172E Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 115COMMON
                                            Download Yara Rule
                                            APIs
                                            • GetModuleFileNameW.KERNEL32(00000000,C:\Users\user\Desktop\file.exe,00000104), ref: 00D51769
                                            • _free.LIBCMT ref: 00D51834
                                            • _free.LIBCMT ref: 00D5183E
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1670591504.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                            • Associated: 00000000.00000002.1670566303.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DBC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670670449.0000000000DEC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670683312.0000000000DF4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                            Similarity
                                            • API ID: _free$FileModuleName
                                            • String ID: C:\Users\user\Desktop\file.exe
                                            • API String ID: 2506810119-1957095476
                                            • Opcode ID: 06048845a7de09fc5606eaafb7bbae4dcf8cccaa1662a58d259ab700bb02c3f4
                                            • Instruction ID: bb2c0f49d1b8c126fdd5420983092b50475c69ed0c02b43c3f76efb2b87da187
                                            • Opcode Fuzzy Hash: 06048845a7de09fc5606eaafb7bbae4dcf8cccaa1662a58d259ab700bb02c3f4
                                            • Instruction Fuzzy Hash: 05318179A00358FBDF21DB999881EAEBBBCEB89311B144166FC04D7311D6708E48CBB0
                                            Function 00D8C27D Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 114windowCOMMON
                                            Download Yara Rule
                                            APIs
                                            • GetMenuItemInfoW.USER32(00000004,00000000,00000000,?), ref: 00D8C306
                                            • DeleteMenu.USER32(?,00000007,00000000), ref: 00D8C34C
                                            • DeleteMenu.USER32(?,00000000,00000000,?,00000000,00000000,00DF1990,01575B98), ref: 00D8C395
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1670591504.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                            • Associated: 00000000.00000002.1670566303.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DBC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670670449.0000000000DEC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670683312.0000000000DF4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                            Similarity
                                            • API ID: Menu$Delete$InfoItem
                                            • String ID: 0
                                            • API String ID: 135850232-4108050209
                                            • Opcode ID: 4e931ccd1137b8275f43a47f6a84b4c18ad6afa53b314096f773652f13c5d940
                                            • Instruction ID: c573960ae23e27c1a1f74da422105c1efeb6582668293c6c53ea009625ac70a3
                                            • Opcode Fuzzy Hash: 4e931ccd1137b8275f43a47f6a84b4c18ad6afa53b314096f773652f13c5d940
                                            • Instruction Fuzzy Hash: 06418D71214301EFD720EF25D884B6ABBE8EB85320F149A2DF9A597291D730E905CB72
                                            Function 00DB4416 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 106COMMON
                                            Download Yara Rule
                                            APIs
                                            • SetWindowPos.USER32(00000000,00000000,00000000,00000000,00000000,00000000,00000013,?,?,SysTreeView32,00DBCC08,00000000,?,?,?,?), ref: 00DB44AA
                                            • GetWindowLongW.USER32 ref: 00DB44C7
                                            • SetWindowLongW.USER32(?,000000F0,00000000), ref: 00DB44D7
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1670591504.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                            • Associated: 00000000.00000002.1670566303.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DBC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670670449.0000000000DEC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670683312.0000000000DF4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                            Similarity
                                            • API ID: Window$Long
                                            • String ID: SysTreeView32
                                            • API String ID: 847901565-1698111956
                                            • Opcode ID: 04f9cf1c43439a408d7bd6932c292c3db08af6ccbb39977d6d7707d6c8f1c574
                                            • Instruction ID: 0bd196b4496ae63fc537e2714e177f976c741b826d29a7314b38703f27670abe
                                            • Opcode Fuzzy Hash: 04f9cf1c43439a408d7bd6932c292c3db08af6ccbb39977d6d7707d6c8f1c574
                                            • Instruction Fuzzy Hash: 16315B31210605EFDB219E78DC45BEA7BA9EB08324F244715F976922E1D7B0EC619770
                                            Function 00DA304E Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 90networkCOMMON
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 00DA335B: WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,00000000,00000000,00000000,?,?,?,?,?,00DA3077,?,?), ref: 00DA3378
                                            • inet_addr.WSOCK32(?,?,?,?,?,00000000), ref: 00DA307A
                                            • _wcslen.LIBCMT ref: 00DA309B
                                            • htons.WSOCK32(00000000,?,?,00000000), ref: 00DA3106
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1670591504.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                            • Associated: 00000000.00000002.1670566303.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DBC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670670449.0000000000DEC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670683312.0000000000DF4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                            Similarity
                                            • API ID: ByteCharMultiWide_wcslenhtonsinet_addr
                                            • String ID: 255.255.255.255
                                            • API String ID: 946324512-2422070025
                                            • Opcode ID: 0a8f5de31cff3c8d00b25acd1b96dd51f8134f9525c09051f4bce74a79ae551a
                                            • Instruction ID: f8dddfb156e445b835453c7307521164256dcb92abc66d6e407e05c9fbbc55dc
                                            • Opcode Fuzzy Hash: 0a8f5de31cff3c8d00b25acd1b96dd51f8134f9525c09051f4bce74a79ae551a
                                            • Instruction Fuzzy Hash: 8D31AF392043059FCB10CF68C486AAAB7E2EF16318F288059F8158B392DB32EE41C771
                                            Function 00DB3EB8 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 89windowCOMMON
                                            Download Yara Rule
                                            APIs
                                            • SendMessageW.USER32(00000000,00001009,00000000,?), ref: 00DB3F40
                                            • SetWindowPos.USER32(?,00000000,?,?,?,?,00000004), ref: 00DB3F54
                                            • SendMessageW.USER32(?,00001002,00000000,?), ref: 00DB3F78
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1670591504.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                            • Associated: 00000000.00000002.1670566303.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DBC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670670449.0000000000DEC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670683312.0000000000DF4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                            Similarity
                                            • API ID: MessageSend$Window
                                            • String ID: SysMonthCal32
                                            • API String ID: 2326795674-1439706946
                                            • Opcode ID: 10f842966fdf551e3e2d0cc1149196ab4a5eded9d19c158bfd3c7aa8d5a729f2
                                            • Instruction ID: f597127d28f0f2347df0e0e0c3bfa4d092ade3581ea51825769453510ba319ab
                                            • Opcode Fuzzy Hash: 10f842966fdf551e3e2d0cc1149196ab4a5eded9d19c158bfd3c7aa8d5a729f2
                                            • Instruction Fuzzy Hash: B121AB32610219FBDF219E90CC46FEA3B79EF48714F150214FA16AB190D6B1E850DBA0
                                            Function 00DB4653 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 87windowCOMMON
                                            Download Yara Rule
                                            APIs
                                            • SendMessageW.USER32(00000000,00000469,?,00000000), ref: 00DB4705
                                            • SendMessageW.USER32(00000000,00000465,00000000,80017FFF), ref: 00DB4713
                                            • DestroyWindow.USER32(00000000,00000000,?,?,?,00000000,msctls_updown32,00000000,00000000,00000000,00000000,00000000,00000000,?,?,00000000), ref: 00DB471A
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1670591504.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                            • Associated: 00000000.00000002.1670566303.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DBC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670670449.0000000000DEC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670683312.0000000000DF4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                            Similarity
                                            • API ID: MessageSend$DestroyWindow
                                            • String ID: msctls_updown32
                                            • API String ID: 4014797782-2298589950
                                            • Opcode ID: 91e58a3b1f2a0b2d2a908a3cb3902e72952a6a5e2b1ce69fc6f3a54cb4d7a633
                                            • Instruction ID: 8882334e9bcd23520df96183a48561f7bfbf4e8ab307fa1235fe004fa6c56f17
                                            • Opcode Fuzzy Hash: 91e58a3b1f2a0b2d2a908a3cb3902e72952a6a5e2b1ce69fc6f3a54cb4d7a633
                                            • Instruction Fuzzy Hash: 10212CB5601209EFDB10DF68DC81DBA37ADEB5A3A4B040159FA119B361CB71EC11DAB0
                                            Function 00D895AD Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 85COMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1670591504.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                            • Associated: 00000000.00000002.1670566303.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DBC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670670449.0000000000DEC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670683312.0000000000DF4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                            Similarity
                                            • API ID: _wcslen
                                            • String ID: #OnAutoItStartRegister$#notrayicon$#requireadmin
                                            • API String ID: 176396367-2734436370
                                            • Opcode ID: c7a7bc5bb42ef320e0faabdd54e9d3d6906c32e5afff645d3bcd4a126066f57e
                                            • Instruction ID: 9f0f048a26e8b6f8881615ace59d911f0420e9476f773c5b22a58ca35a67688d
                                            • Opcode Fuzzy Hash: c7a7bc5bb42ef320e0faabdd54e9d3d6906c32e5afff645d3bcd4a126066f57e
                                            • Instruction Fuzzy Hash: EC21F672204561A6D331BB249C22FBBB398DF61714F1C402AF9CA97141EB51DD45D3B5
                                            Function 00DB37B7 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84windowCOMMON
                                            Download Yara Rule
                                            APIs
                                            • SendMessageW.USER32(00000000,00000180,00000000,?), ref: 00DB3840
                                            • SendMessageW.USER32(?,00000186,00000000,00000000), ref: 00DB3850
                                            • MoveWindow.USER32(00000000,?,?,?,?,00000000,?,?,Listbox,00000000,00000000,?,?,?,?,?), ref: 00DB3876
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1670591504.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                            • Associated: 00000000.00000002.1670566303.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DBC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670670449.0000000000DEC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670683312.0000000000DF4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                            Similarity
                                            • API ID: MessageSend$MoveWindow
                                            • String ID: Listbox
                                            • API String ID: 3315199576-2633736733
                                            • Opcode ID: 37890eb92ac0bd25bee0c93541fefd4cd677bd9aeb7d4339ca78add6ea137a24
                                            • Instruction ID: baaca948069efdd7c028b058e9c4207f9c8d4259a8e4342cbab577fcf4fc250b
                                            • Opcode Fuzzy Hash: 37890eb92ac0bd25bee0c93541fefd4cd677bd9aeb7d4339ca78add6ea137a24
                                            • Instruction Fuzzy Hash: 0421AC72610218FBEB218E54DC85EFB376EEF89750F108124F9069B190CA71DC5297B0
                                            Function 00D949F4 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 78COMMON
                                            Download Yara Rule
                                            APIs
                                            • SetErrorMode.KERNEL32(00000001), ref: 00D94A08
                                            • GetVolumeInformationW.KERNEL32(?,?,00007FFF,?,00000000,00000000,00000000,00000000), ref: 00D94A5C
                                            • SetErrorMode.KERNEL32(00000000,?,?,00DBCC08), ref: 00D94AD0
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1670591504.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                            • Associated: 00000000.00000002.1670566303.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DBC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670670449.0000000000DEC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670683312.0000000000DF4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                            Similarity
                                            • API ID: ErrorMode$InformationVolume
                                            • String ID: %lu
                                            • API String ID: 2507767853-685833217
                                            • Opcode ID: 1203b2371daeed00e2fc541f01aefe3b12af39980f72b3c71be127564b2deda8
                                            • Instruction ID: 6d0f7f41a98f55eb6760f9ec7bf0aa62ac63aa90b24e84e87af746725b9b2727
                                            • Opcode Fuzzy Hash: 1203b2371daeed00e2fc541f01aefe3b12af39980f72b3c71be127564b2deda8
                                            • Instruction Fuzzy Hash: B3310F75A00219AFDB10DF54C985EAABBF8EF44308F1480A5F505EB252D771ED46CB71
                                            Function 00DB41EB Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 67windowCOMMON
                                            Download Yara Rule
                                            APIs
                                            • SendMessageW.USER32(00000000,00000405,00000000,00000000), ref: 00DB424F
                                            • SendMessageW.USER32(?,00000406,00000000,00640000), ref: 00DB4264
                                            • SendMessageW.USER32(?,00000414,0000000A,00000000), ref: 00DB4271
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1670591504.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                            • Associated: 00000000.00000002.1670566303.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DBC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670670449.0000000000DEC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670683312.0000000000DF4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                            Similarity
                                            • API ID: MessageSend
                                            • String ID: msctls_trackbar32
                                            • API String ID: 3850602802-1010561917
                                            • Opcode ID: 1c27632863b54d5e035f1d7fd7c3340d1161b9b9cdbdd2af8db2934e70f77a45
                                            • Instruction ID: 007ebfaad378d96aa99c781060c9c088d667320b8bec39aa7504b5ddb1032950
                                            • Opcode Fuzzy Hash: 1c27632863b54d5e035f1d7fd7c3340d1161b9b9cdbdd2af8db2934e70f77a45
                                            • Instruction Fuzzy Hash: 9D11C131240248BEEF209E29CC06FEB3BACEF95B54F014114FA56E20A1D271D811AB74
                                            Function 00D82F52 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 67windowCOMMON
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 00D26B57: _wcslen.LIBCMT ref: 00D26B6A
                                              • Part of subcall function 00D82DA7: SendMessageTimeoutW.USER32(?,00000000,00000000,00000000,00000002,00001388,?), ref: 00D82DC5
                                              • Part of subcall function 00D82DA7: GetWindowThreadProcessId.USER32(?,00000000), ref: 00D82DD6
                                              • Part of subcall function 00D82DA7: GetCurrentThreadId.KERNEL32 ref: 00D82DDD
                                              • Part of subcall function 00D82DA7: AttachThreadInput.USER32(00000000,?,00000000,00000000), ref: 00D82DE4
                                            • GetFocus.USER32 ref: 00D82F78
                                              • Part of subcall function 00D82DEE: GetParent.USER32(00000000), ref: 00D82DF9
                                            • GetClassNameW.USER32(?,?,00000100), ref: 00D82FC3
                                            • EnumChildWindows.USER32(?,00D8303B), ref: 00D82FEB
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1670591504.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                            • Associated: 00000000.00000002.1670566303.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DBC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670670449.0000000000DEC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670683312.0000000000DF4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                            Similarity
                                            • API ID: Thread$AttachChildClassCurrentEnumFocusInputMessageNameParentProcessSendTimeoutWindowWindows_wcslen
                                            • String ID: %s%d
                                            • API String ID: 1272988791-1110647743
                                            • Opcode ID: 47217dace3c281a2faeea370e266f738fa0c5b7aeeb4a99511ee1dceaa71a109
                                            • Instruction ID: 755b2408f9a104cc9709bd72a91eeb082188c506fb13b6becf471cc7e75e70c2
                                            • Opcode Fuzzy Hash: 47217dace3c281a2faeea370e266f738fa0c5b7aeeb4a99511ee1dceaa71a109
                                            • Instruction Fuzzy Hash: 5711B175600205ABCF257F749C85EFE3B6AEF94704F044075F909DB292DE3099498B70
                                            Function 00DB5882 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 47windowCOMMON
                                            Download Yara Rule
                                            APIs
                                            • GetMenuItemInfoW.USER32(?,?,?,00000030), ref: 00DB58C1
                                            • SetMenuItemInfoW.USER32(?,?,?,00000030), ref: 00DB58EE
                                            • DrawMenuBar.USER32(?), ref: 00DB58FD
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1670591504.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                            • Associated: 00000000.00000002.1670566303.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DBC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670670449.0000000000DEC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670683312.0000000000DF4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                            Similarity
                                            • API ID: Menu$InfoItem$Draw
                                            • String ID: 0
                                            • API String ID: 3227129158-4108050209
                                            • Opcode ID: c9ac5cafec4c53f52178637de93bb2fbd05812a33afbdb420a62303f4fa4f7fb
                                            • Instruction ID: af404f6c45208473f0fdd6c750d1967a63173a4cc1c78c8c8f2034173ca76561
                                            • Opcode Fuzzy Hash: c9ac5cafec4c53f52178637de93bb2fbd05812a33afbdb420a62303f4fa4f7fb
                                            • Instruction Fuzzy Hash: 38012D35510218EFDB219F11EC44BEEBBB4FB45761F1481AAF88AD6251DB308A94DF31
                                            Function 00D8007F Relevance: 6.3, APIs: 4, Instructions: 322COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1670591504.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                            • Associated: 00000000.00000002.1670566303.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DBC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670670449.0000000000DEC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670683312.0000000000DF4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: bcf16f08682328dcb1dbabac05f230931834e03a14156fd78834312f57eee927
                                            • Instruction ID: 7b87ee66fbe37a1ff882cf9b84380299ade8b1674590f42b0408b1c347074c2a
                                            • Opcode Fuzzy Hash: bcf16f08682328dcb1dbabac05f230931834e03a14156fd78834312f57eee927
                                            • Instruction Fuzzy Hash: 21C18C75A00206EFDB54DF98C888BAEBBB5FF48714F148598E405EB251C770EE45CBA0
                                            Function 00D53E80 Relevance: 6.3, APIs: 4, Instructions: 305COMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1670591504.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                            • Associated: 00000000.00000002.1670566303.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DBC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670670449.0000000000DEC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670683312.0000000000DF4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                            Similarity
                                            • API ID: __alldvrm$_strrchr
                                            • String ID:
                                            • API String ID: 1036877536-0
                                            • Opcode ID: 190bec492484a18a97fe5f025dcdb3e473ceac46589bc02d4dbe4f94f5be8f6e
                                            • Instruction ID: d5f7cf78a8e61553ef25395bf49ee97ea3e3d8d64b0bbf61daa95396f6731852
                                            • Opcode Fuzzy Hash: 190bec492484a18a97fe5f025dcdb3e473ceac46589bc02d4dbe4f94f5be8f6e
                                            • Instruction Fuzzy Hash: 7AA16772D007869FDF11CF18C891BAEBBE4EF61395F28416DED859B281C2348989C771
                                            Function 00DA342E Relevance: 6.3, APIs: 4, Instructions: 257COMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1670591504.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                            • Associated: 00000000.00000002.1670566303.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DBC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670670449.0000000000DEC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670683312.0000000000DF4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                            Similarity
                                            • API ID: Variant$ClearInitInitializeUninitialize
                                            • String ID:
                                            • API String ID: 1998397398-0
                                            • Opcode ID: ce637f517d90ee6e87f9e45db8f1eaeaf493b91574d88a4dc79c2f3c0d667122
                                            • Instruction ID: 2ae2d13da9a0806423ea036d435b1d3e70166cbdc24493507de767474e230404
                                            • Opcode Fuzzy Hash: ce637f517d90ee6e87f9e45db8f1eaeaf493b91574d88a4dc79c2f3c0d667122
                                            • Instruction Fuzzy Hash: 5EA129756047109FC710DF28D585A2AB7E5FF89714F188859F98AAB362DB30EE01CBB1
                                            Function 00D80436 Relevance: 6.2, APIs: 4, Instructions: 230COMMON
                                            Download Yara Rule
                                            APIs
                                            • ProgIDFromCLSID.OLE32(?,00000000,?,00000000,00000800,00000000,?,00DBFC08,?), ref: 00D805F0
                                            • CoTaskMemFree.OLE32(00000000,00000000,?,00000000,00000800,00000000,?,00DBFC08,?), ref: 00D80608
                                            • CLSIDFromProgID.OLE32(?,?,00000000,00DBCC40,000000FF,?,00000000,00000800,00000000,?,00DBFC08,?), ref: 00D8062D
                                            • _memcmp.LIBVCRUNTIME ref: 00D8064E
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1670591504.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                            • Associated: 00000000.00000002.1670566303.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DBC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670670449.0000000000DEC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670683312.0000000000DF4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                            Similarity
                                            • API ID: FromProg$FreeTask_memcmp
                                            • String ID:
                                            • API String ID: 314563124-0
                                            • Opcode ID: 00f4ea994f0498e43fa7ad4057067b1edc38a6179d9c511d2bda4190a42329f1
                                            • Instruction ID: 35b521c914e6dbee6d635c1cac4312ac903914f645db2b93d07c3bf03eeb1a56
                                            • Opcode Fuzzy Hash: 00f4ea994f0498e43fa7ad4057067b1edc38a6179d9c511d2bda4190a42329f1
                                            • Instruction Fuzzy Hash: 00810D75A00109EFCB44DF94C984EEEBBB9FF89315F144598E506AB250DB71AE0ACB70
                                            Function 00DAA67C Relevance: 6.2, APIs: 4, Instructions: 175processCOMMON
                                            Download Yara Rule
                                            APIs
                                            • CreateToolhelp32Snapshot.KERNEL32 ref: 00DAA6AC
                                            • Process32FirstW.KERNEL32(00000000,?), ref: 00DAA6BA
                                              • Part of subcall function 00D29CB3: _wcslen.LIBCMT ref: 00D29CBD
                                            • Process32NextW.KERNEL32(00000000,?), ref: 00DAA79C
                                            • CloseHandle.KERNEL32(00000000), ref: 00DAA7AB
                                              • Part of subcall function 00D3CE60: CompareStringW.KERNEL32(00000409,00000001,?,00000000,00000000,?,?,00000000,?,00D63303,?), ref: 00D3CE8A
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1670591504.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                            • Associated: 00000000.00000002.1670566303.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DBC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670670449.0000000000DEC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670683312.0000000000DF4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                            Similarity
                                            • API ID: Process32$CloseCompareCreateFirstHandleNextSnapshotStringToolhelp32_wcslen
                                            • String ID:
                                            • API String ID: 1991900642-0
                                            • Opcode ID: cc6faa5cdfe9d7e73413a9f610edce165608e7051381dd7b736edb773dfd5a0a
                                            • Instruction ID: 7156a91a3f8fe08f90909a8c80c33c71b13252223ce68825e1677dac1240fd07
                                            • Opcode Fuzzy Hash: cc6faa5cdfe9d7e73413a9f610edce165608e7051381dd7b736edb773dfd5a0a
                                            • Instruction Fuzzy Hash: 50513B71508310AFD710EF24D886A6BBBE8FF99758F44492DF58597251EB30D904CBB2
                                            Function 00D61391 Relevance: 6.2, APIs: 4, Instructions: 152COMMONLIBRARYCODE
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1670591504.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                            • Associated: 00000000.00000002.1670566303.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DBC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670670449.0000000000DEC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670683312.0000000000DF4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                            Similarity
                                            • API ID: _free
                                            • String ID:
                                            • API String ID: 269201875-0
                                            • Opcode ID: bc70dd37d23f924743c7cce7886a91a1b5777bbc22b3498afacc2350def56b26
                                            • Instruction ID: 891955a127ccfe64916fa0a6e79e2868cca8be6c148a525aebdd6ea69bb05c95
                                            • Opcode Fuzzy Hash: bc70dd37d23f924743c7cce7886a91a1b5777bbc22b3498afacc2350def56b26
                                            • Instruction Fuzzy Hash: F5412C39A00210ABDF21BBFD9C86ABE3AA5EF41370F1C4225FC19D72A1EF7498455671
                                            Function 00DB6278 Relevance: 6.1, APIs: 4, Instructions: 138COMMON
                                            Download Yara Rule
                                            APIs
                                            • GetWindowRect.USER32(?,?), ref: 00DB62E2
                                            • ScreenToClient.USER32(?,?), ref: 00DB6315
                                            • MoveWindow.USER32(?,?,?,?,000000FF,00000001,?,?,?,?,?), ref: 00DB6382
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1670591504.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                            • Associated: 00000000.00000002.1670566303.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DBC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670670449.0000000000DEC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670683312.0000000000DF4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                            Similarity
                                            • API ID: Window$ClientMoveRectScreen
                                            • String ID:
                                            • API String ID: 3880355969-0
                                            • Opcode ID: 6a87a951f497da349d2671341be48224e155eeaf95b5186569a2c7e7dafeb2d3
                                            • Instruction ID: 0c6607b9381bb0cab393afe3b3ff37ebb21594a00c82f46046639a0627d1b39e
                                            • Opcode Fuzzy Hash: 6a87a951f497da349d2671341be48224e155eeaf95b5186569a2c7e7dafeb2d3
                                            • Instruction Fuzzy Hash: 6D51F974900209EFDB10DF68D8819EE7BB5EB55360F188269F916973A0D774ED81CBA0
                                            Function 00DA1AD6 Relevance: 6.1, APIs: 4, Instructions: 138networkCOMMON
                                            Download Yara Rule
                                            APIs
                                            • socket.WSOCK32(00000002,00000002,00000011), ref: 00DA1AFD
                                            • WSAGetLastError.WSOCK32 ref: 00DA1B0B
                                            • #21.WSOCK32(?,0000FFFF,00000020,00000002,00000004), ref: 00DA1B8A
                                            • WSAGetLastError.WSOCK32 ref: 00DA1B94
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1670591504.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                            • Associated: 00000000.00000002.1670566303.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DBC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670670449.0000000000DEC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670683312.0000000000DF4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                            Similarity
                                            • API ID: ErrorLast$socket
                                            • String ID:
                                            • API String ID: 1881357543-0
                                            • Opcode ID: 23f3fcb21f7fdfb25f3803dfd43fd30c176b630c2b81114157b5e903a5a919ec
                                            • Instruction ID: 3d270f3ba12810894a50c2c6c92464d9e406048458c1d9d99937c2de5f101ec6
                                            • Opcode Fuzzy Hash: 23f3fcb21f7fdfb25f3803dfd43fd30c176b630c2b81114157b5e903a5a919ec
                                            • Instruction Fuzzy Hash: 2D419039600210AFE720AF24D886F2977E5EF49718F548488F95A9F7D2D672DD418BB0
                                            Function 00D5B41F Relevance: 6.1, APIs: 4, Instructions: 133COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1670591504.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                            • Associated: 00000000.00000002.1670566303.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DBC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670670449.0000000000DEC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670683312.0000000000DF4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 53698cb5684807129037341e1d9026fe119e543ee46be5965224167efaf967b0
                                            • Instruction ID: 867bf21c2ec3809dde73c6fc1ad48dff18ca3d2627dda2d2370c5b8f15dccf8a
                                            • Opcode Fuzzy Hash: 53698cb5684807129037341e1d9026fe119e543ee46be5965224167efaf967b0
                                            • Instruction Fuzzy Hash: 8C411775A00304AFDB249F38CC41B6ABBA9EB88721F20452BFD51DB292D771990987B0
                                            Function 00D956D9 Relevance: 6.1, APIs: 4, Instructions: 110fileCOMMON
                                            Download Yara Rule
                                            APIs
                                            • CreateHardLinkW.KERNEL32(00000002,?,00000000), ref: 00D95783
                                            • GetLastError.KERNEL32(?,00000000), ref: 00D957A9
                                            • DeleteFileW.KERNEL32(00000002,?,00000000), ref: 00D957CE
                                            • CreateHardLinkW.KERNEL32(00000002,?,00000000,?,00000000), ref: 00D957FA
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1670591504.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                            • Associated: 00000000.00000002.1670566303.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DBC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670670449.0000000000DEC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670683312.0000000000DF4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                            Similarity
                                            • API ID: CreateHardLink$DeleteErrorFileLast
                                            • String ID:
                                            • API String ID: 3321077145-0
                                            • Opcode ID: b6358477dcec275031dc1c222d23593b773457ff890f0589eef7d40b230e966d
                                            • Instruction ID: 8397e8504381f85f8a9c135b325dd34f2d6570b19ad7549edaa90ee74fc13f06
                                            • Opcode Fuzzy Hash: b6358477dcec275031dc1c222d23593b773457ff890f0589eef7d40b230e966d
                                            • Instruction Fuzzy Hash: 2F411E35600610DFCB21EF55D544A5EBBE1EF99324B198498E84AAB366CB34FD40CBB1
                                            Function 00D5D8C3 Relevance: 6.1, APIs: 4, Instructions: 110COMMON
                                            Download Yara Rule
                                            APIs
                                            • MultiByteToWideChar.KERNEL32(?,00000000,8BE85006,00D46D71,00000000,00000000,00D482D9,?,00D482D9,?,00000001,00D46D71,8BE85006,00000001,00D482D9,00D482D9), ref: 00D5D910
                                            • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 00D5D999
                                            • GetStringTypeW.KERNEL32(?,00000000,00000000,?), ref: 00D5D9AB
                                            • __freea.LIBCMT ref: 00D5D9B4
                                              • Part of subcall function 00D53820: RtlAllocateHeap.NTDLL(00000000,?,00DF1444,?,00D3FDF5,?,?,00D2A976,00000010,00DF1440,00D213FC,?,00D213C6,?,00D21129), ref: 00D53852
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1670591504.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                            • Associated: 00000000.00000002.1670566303.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DBC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670670449.0000000000DEC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670683312.0000000000DF4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                            Similarity
                                            • API ID: ByteCharMultiWide$AllocateHeapStringType__freea
                                            • String ID:
                                            • API String ID: 2652629310-0
                                            • Opcode ID: cf01defb2706fe3600d860b614ae02fc8480bd386233be97006d06a67399d562
                                            • Instruction ID: cde8478dbd6b2b26c54ca482aa30cfb41067364416f4094d7dbefb1862b4b40a
                                            • Opcode Fuzzy Hash: cf01defb2706fe3600d860b614ae02fc8480bd386233be97006d06a67399d562
                                            • Instruction Fuzzy Hash: 1831B072A1020AABDF24DF64DC45EAE7BA6EB41311B094268FC04E7251EB35CD58CFB0
                                            Function 00DB52C1 Relevance: 6.1, APIs: 4, Instructions: 104windowCOMMON
                                            Download Yara Rule
                                            APIs
                                            • SendMessageW.USER32(?,00001024,00000000,?), ref: 00DB5352
                                            • GetWindowLongW.USER32(?,000000F0), ref: 00DB5375
                                            • SetWindowLongW.USER32(?,000000F0,00000000), ref: 00DB5382
                                            • InvalidateRect.USER32(?,00000000,00000001,?,?,?), ref: 00DB53A8
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1670591504.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                            • Associated: 00000000.00000002.1670566303.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DBC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670670449.0000000000DEC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670683312.0000000000DF4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                            Similarity
                                            • API ID: LongWindow$InvalidateMessageRectSend
                                            • String ID:
                                            • API String ID: 3340791633-0
                                            • Opcode ID: ebdb50d13fb43bf7f7b41b25e9e19da59d4a074abe198f0d141a6c6548348c0d
                                            • Instruction ID: c486ae6e16e9023e675c3173f4beac277f625c5f04724cc4f7762b4d2e5f4045
                                            • Opcode Fuzzy Hash: ebdb50d13fb43bf7f7b41b25e9e19da59d4a074abe198f0d141a6c6548348c0d
                                            • Instruction Fuzzy Hash: B531E234A55A08EFEB309E14EC55FE877E1AB04390F5C4102FA53963E4C7B6A980DB71
                                            Function 00D8AB9C Relevance: 6.1, APIs: 4, Instructions: 103keyboardwindowCOMMON
                                            Download Yara Rule
                                            APIs
                                            • GetKeyboardState.USER32(?,75C0C0D0,?,00008000), ref: 00D8ABF1
                                            • SetKeyboardState.USER32(00000080,?,00008000), ref: 00D8AC0D
                                            • PostMessageW.USER32(00000000,00000101,00000000), ref: 00D8AC74
                                            • SendInput.USER32(00000001,?,0000001C,75C0C0D0,?,00008000), ref: 00D8ACC6
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1670591504.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                            • Associated: 00000000.00000002.1670566303.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DBC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670670449.0000000000DEC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670683312.0000000000DF4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                            Similarity
                                            • API ID: KeyboardState$InputMessagePostSend
                                            • String ID:
                                            • API String ID: 432972143-0
                                            • Opcode ID: 4bd30c81ad4fbbbc879b12b6d43104d43af46d6036fcafd02486e514eab6b85f
                                            • Instruction ID: 3a64832e18bd4d88104f2252ffefe5d736df8c0b462e59c76f5f22a4c32b07de
                                            • Opcode Fuzzy Hash: 4bd30c81ad4fbbbc879b12b6d43104d43af46d6036fcafd02486e514eab6b85f
                                            • Instruction Fuzzy Hash: 06310674A00718AFFF35EB6D8C14BFABBA5AB89310F0C431BE485922D1C37589858772
                                            Function 00DB7674 Relevance: 6.1, APIs: 4, Instructions: 102windowCOMMON
                                            Download Yara Rule
                                            APIs
                                            • ClientToScreen.USER32(?,?), ref: 00DB769A
                                            • GetWindowRect.USER32(?,?), ref: 00DB7710
                                            • PtInRect.USER32(?,?,00DB8B89), ref: 00DB7720
                                            • MessageBeep.USER32(00000000), ref: 00DB778C
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1670591504.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                            • Associated: 00000000.00000002.1670566303.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DBC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670670449.0000000000DEC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670683312.0000000000DF4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                            Similarity
                                            • API ID: Rect$BeepClientMessageScreenWindow
                                            • String ID:
                                            • API String ID: 1352109105-0
                                            • Opcode ID: 40eb44a4d2aba583a80af2083556bd3a3e51b89f96a361488b433571f98f89b5
                                            • Instruction ID: 63fb22ceddbe2adde9318495f20c5f11ab78c5495c92efb3bd09367ee44a1bb2
                                            • Opcode Fuzzy Hash: 40eb44a4d2aba583a80af2083556bd3a3e51b89f96a361488b433571f98f89b5
                                            • Instruction Fuzzy Hash: 01412A38605214DFCB11CF59C894EE977F5FB89314F1981A8E416DB361CB71A942CFA0
                                            Function 00DB16DA Relevance: 6.1, APIs: 4, Instructions: 101COMMON
                                            Download Yara Rule
                                            APIs
                                            • GetForegroundWindow.USER32 ref: 00DB16EB
                                              • Part of subcall function 00D83A3D: GetWindowThreadProcessId.USER32(?,00000000), ref: 00D83A57
                                              • Part of subcall function 00D83A3D: GetCurrentThreadId.KERNEL32 ref: 00D83A5E
                                              • Part of subcall function 00D83A3D: AttachThreadInput.USER32(00000000,?,00000000,00000000,?,00D825B3), ref: 00D83A65
                                            • GetCaretPos.USER32(?), ref: 00DB16FF
                                            • ClientToScreen.USER32(00000000,?), ref: 00DB174C
                                            • GetForegroundWindow.USER32 ref: 00DB1752
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1670591504.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                            • Associated: 00000000.00000002.1670566303.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DBC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670670449.0000000000DEC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670683312.0000000000DF4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                            Similarity
                                            • API ID: ThreadWindow$Foreground$AttachCaretClientCurrentInputProcessScreen
                                            • String ID:
                                            • API String ID: 2759813231-0
                                            • Opcode ID: 04949d040e3552dadff660cd32bda1f4c6aa3a4c7a713593eea3d7a8a6350857
                                            • Instruction ID: 5bf8eba3feaecec3757c526d62618c9ea72737d1fcf29fa2efdf6121f881bcc5
                                            • Opcode Fuzzy Hash: 04949d040e3552dadff660cd32bda1f4c6aa3a4c7a713593eea3d7a8a6350857
                                            • Instruction Fuzzy Hash: C3315E75D00259EFC704EFA9D981CAEB7F9EF58308B5480A9E415E7211DA31DE45CBB0
                                            Function 00D8DF95 Relevance: 6.1, APIs: 4, Instructions: 87COMMON
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 00D27620: _wcslen.LIBCMT ref: 00D27625
                                            • _wcslen.LIBCMT ref: 00D8DFCB
                                            • _wcslen.LIBCMT ref: 00D8DFE2
                                            • _wcslen.LIBCMT ref: 00D8E00D
                                            • GetTextExtentPoint32W.GDI32(?,00000000,00000000,?), ref: 00D8E018
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1670591504.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                            • Associated: 00000000.00000002.1670566303.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DBC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670670449.0000000000DEC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670683312.0000000000DF4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                            Similarity
                                            • API ID: _wcslen$ExtentPoint32Text
                                            • String ID:
                                            • API String ID: 3763101759-0
                                            • Opcode ID: b32e1e25143bdb79f716f6ce67e4a5fff679d19caf728ebf3f2cff8231488dc5
                                            • Instruction ID: a0410e12b1e67a953e4df721022c38d2e3cee94ce3b901876ee34a617dd21fec
                                            • Opcode Fuzzy Hash: b32e1e25143bdb79f716f6ce67e4a5fff679d19caf728ebf3f2cff8231488dc5
                                            • Instruction Fuzzy Hash: A8218371900214EFCB21AFA8D981BAEB7F9EF45760F144069E905FB285D6709E41CBB1
                                            Function 00DB8FC9 Relevance: 6.1, APIs: 4, Instructions: 78windowCOMMON
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 00D39BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00D39BB2
                                            • GetCursorPos.USER32(?), ref: 00DB9001
                                            • TrackPopupMenuEx.USER32(?,00000000,?,?,?,00000000,?,00D77711,?,?,?,?,?), ref: 00DB9016
                                            • GetCursorPos.USER32(?), ref: 00DB905E
                                            • DefDlgProcW.USER32(?,0000007B,?,?,?,?,?,?,?,?,?,?,00D77711,?,?,?), ref: 00DB9094
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1670591504.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                            • Associated: 00000000.00000002.1670566303.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DBC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670670449.0000000000DEC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670683312.0000000000DF4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                            Similarity
                                            • API ID: Cursor$LongMenuPopupProcTrackWindow
                                            • String ID:
                                            • API String ID: 2864067406-0
                                            • Opcode ID: 3fb754d3f55a8a935e45de3724d49c826273b21eaab1ec8fa7dd90f06968614b
                                            • Instruction ID: 4596ab2811456a700e397d1bf65ede5f7b745e51d460e6e09a321941d60a6d01
                                            • Opcode Fuzzy Hash: 3fb754d3f55a8a935e45de3724d49c826273b21eaab1ec8fa7dd90f06968614b
                                            • Instruction Fuzzy Hash: 48219F35600158FFCB259F94C8A8EFABBB9FB4A350F044165FA0687261C7719950DBB0
                                            Function 00D8D2C1 Relevance: 6.1, APIs: 4, Instructions: 78COMMON
                                            Download Yara Rule
                                            APIs
                                            • GetFileAttributesW.KERNEL32(?,00DBCB68), ref: 00D8D2FB
                                            • GetLastError.KERNEL32 ref: 00D8D30A
                                            • CreateDirectoryW.KERNEL32(?,00000000), ref: 00D8D319
                                            • CreateDirectoryW.KERNEL32(?,00000000,00000000,000000FF,00DBCB68), ref: 00D8D376
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1670591504.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                            • Associated: 00000000.00000002.1670566303.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DBC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670670449.0000000000DEC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670683312.0000000000DF4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                            Similarity
                                            • API ID: CreateDirectory$AttributesErrorFileLast
                                            • String ID:
                                            • API String ID: 2267087916-0
                                            • Opcode ID: e8ece23e769ee4b3afae870e5979d0683ae2b35345377142e6518b35958559fb
                                            • Instruction ID: e64f2b1ea779da9d4838f71b690c7376dfea6637ed4e49ea2212d2e174ab08fb
                                            • Opcode Fuzzy Hash: e8ece23e769ee4b3afae870e5979d0683ae2b35345377142e6518b35958559fb
                                            • Instruction Fuzzy Hash: D6215970508301DF8700EF28D8818AAB7E8FA5A328F544A19F499C72E1D7309949CBB2
                                            Function 00D81571 Relevance: 6.1, APIs: 4, Instructions: 78memoryCOMMON
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 00D81014: GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),?,00000000,?), ref: 00D8102A
                                              • Part of subcall function 00D81014: GetLastError.KERNEL32(?,TokenIntegrityLevel,?,00000000,?), ref: 00D81036
                                              • Part of subcall function 00D81014: GetProcessHeap.KERNEL32(00000008,?,?,TokenIntegrityLevel,?,00000000,?), ref: 00D81045
                                              • Part of subcall function 00D81014: HeapAlloc.KERNEL32(00000000,?,TokenIntegrityLevel,?,00000000,?), ref: 00D8104C
                                              • Part of subcall function 00D81014: GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),00000000,?,?,?,TokenIntegrityLevel,?,00000000,?), ref: 00D81062
                                            • LookupPrivilegeValueW.ADVAPI32(00000000,?,?), ref: 00D815BE
                                            • _memcmp.LIBVCRUNTIME ref: 00D815E1
                                            • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00D81617
                                            • HeapFree.KERNEL32(00000000), ref: 00D8161E
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1670591504.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                            • Associated: 00000000.00000002.1670566303.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DBC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670670449.0000000000DEC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670683312.0000000000DF4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                            Similarity
                                            • API ID: Heap$InformationProcessToken$AllocErrorFreeLastLookupPrivilegeValue_memcmp
                                            • String ID:
                                            • API String ID: 1592001646-0
                                            • Opcode ID: 04c879cfb38403e296c712ba00e170d82c9a792d1257a745615bedf814d61434
                                            • Instruction ID: bc14aab0986b857706b8bbf30df040adbba799ed0b1cfbe57eb86ca44d00ad12
                                            • Opcode Fuzzy Hash: 04c879cfb38403e296c712ba00e170d82c9a792d1257a745615bedf814d61434
                                            • Instruction Fuzzy Hash: F6214A75E00209EFDB10EFA4C945BEEB7B8FF44354F194459E441AB241E730AA4ACBB0
                                            Function 00DB2782 Relevance: 6.1, APIs: 4, Instructions: 75COMMON
                                            Download Yara Rule
                                            APIs
                                            • GetWindowLongW.USER32(?,000000EC), ref: 00DB280A
                                            • SetWindowLongW.USER32(?,000000EC,00000000), ref: 00DB2824
                                            • SetWindowLongW.USER32(?,000000EC,00000000), ref: 00DB2832
                                            • SetLayeredWindowAttributes.USER32(?,00000000,?,00000002), ref: 00DB2840
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1670591504.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                            • Associated: 00000000.00000002.1670566303.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DBC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670670449.0000000000DEC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670683312.0000000000DF4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                            Similarity
                                            • API ID: Window$Long$AttributesLayered
                                            • String ID:
                                            • API String ID: 2169480361-0
                                            • Opcode ID: 812e5731e40aa0f6c2e3fd9aa3e835747bc5955ea9013f2230fefb10a57c4725
                                            • Instruction ID: 34ad62587c112babaed2e16e7a3e134974b62dcadaaeca96d6ce3e9cef924e87
                                            • Opcode Fuzzy Hash: 812e5731e40aa0f6c2e3fd9aa3e835747bc5955ea9013f2230fefb10a57c4725
                                            • Instruction Fuzzy Hash: 36218136215511EFD7149B24C845FBA7795EF45324F148258E4268B6A2CB71FC42C7B0
                                            Function 00D878F5 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 71stringCOMMON
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 00D88D7D: lstrlenW.KERNEL32(?,00000002,000000FF,?,?,?,00D8790A,?,000000FF,?,00D88754,00000000,?,0000001C,?,?), ref: 00D88D8C
                                              • Part of subcall function 00D88D7D: lstrcpyW.KERNEL32(00000000,?), ref: 00D88DB2
                                              • Part of subcall function 00D88D7D: lstrcmpiW.KERNEL32(00000000,?,00D8790A,?,000000FF,?,00D88754,00000000,?,0000001C,?,?), ref: 00D88DE3
                                            • lstrlenW.KERNEL32(?,00000002,000000FF,?,000000FF,?,00D88754,00000000,?,0000001C,?,?,00000000), ref: 00D87923
                                            • lstrcpyW.KERNEL32(00000000,?), ref: 00D87949
                                            • lstrcmpiW.KERNEL32(00000002,cdecl,?,00D88754,00000000,?,0000001C,?,?,00000000), ref: 00D87984
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1670591504.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                            • Associated: 00000000.00000002.1670566303.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DBC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670670449.0000000000DEC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670683312.0000000000DF4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                            Similarity
                                            • API ID: lstrcmpilstrcpylstrlen
                                            • String ID: cdecl
                                            • API String ID: 4031866154-3896280584
                                            • Opcode ID: 415dca735a632ebe62493732136b90400d34d817da1d233852a74d00f495f177
                                            • Instruction ID: 937fd33e53768c817cb38b187c176e5f04785f49d51105e8587bc423ff14e840
                                            • Opcode Fuzzy Hash: 415dca735a632ebe62493732136b90400d34d817da1d233852a74d00f495f177
                                            • Instruction Fuzzy Hash: B211A23A600342ABCB15BF39D845E7A77A9FF45390B54402AF946C7364EB31D811DB71
                                            Function 00DB7CC2 Relevance: 6.1, APIs: 4, Instructions: 70COMMON
                                            Download Yara Rule
                                            APIs
                                            • GetWindowLongW.USER32(?,000000F0), ref: 00DB7D0B
                                            • SetWindowLongW.USER32(00000000,000000F0,?), ref: 00DB7D2A
                                            • SetWindowLongW.USER32(00000000,000000EC,000000FF), ref: 00DB7D42
                                            • SetWindowPos.USER32(00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,?,?,?,?,?,00D9B7AD,00000000), ref: 00DB7D6B
                                              • Part of subcall function 00D39BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00D39BB2
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1670591504.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                            • Associated: 00000000.00000002.1670566303.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DBC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670670449.0000000000DEC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670683312.0000000000DF4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                            Similarity
                                            • API ID: Window$Long
                                            • String ID:
                                            • API String ID: 847901565-0
                                            • Opcode ID: d50c79e04ac7fc4f90d98e23ea179c86715ae4f029f65b90cce1102878c7874a
                                            • Instruction ID: 7778146c284aff4ac69d494815f316d0a344e30513eec6fc1f8713b8163526a9
                                            • Opcode Fuzzy Hash: d50c79e04ac7fc4f90d98e23ea179c86715ae4f029f65b90cce1102878c7874a
                                            • Instruction Fuzzy Hash: A4115E35615615EFCB109F28CC04AB63BA5BF853A0F258728F83AD72F0D7319951DBA0
                                            Function 00DB5660 Relevance: 6.1, APIs: 4, Instructions: 67windowCOMMON
                                            Download Yara Rule
                                            APIs
                                            • SendMessageW.USER32(?,00001060,?,00000004), ref: 00DB56BB
                                            • _wcslen.LIBCMT ref: 00DB56CD
                                            • _wcslen.LIBCMT ref: 00DB56D8
                                            • SendMessageW.USER32(?,00001002,00000000,?), ref: 00DB5816
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1670591504.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                            • Associated: 00000000.00000002.1670566303.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DBC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670670449.0000000000DEC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670683312.0000000000DF4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                            Similarity
                                            • API ID: MessageSend_wcslen
                                            • String ID:
                                            • API String ID: 455545452-0
                                            • Opcode ID: 9824f179c6e3e0749738cb421684c3c2a13258b1a8bbc73e23dd89ceafb6cc7f
                                            • Instruction ID: a1260281c415f0ddf303ef24f1077aaa8c1727a68852e19e270ef6e596aa63a6
                                            • Opcode Fuzzy Hash: 9824f179c6e3e0749738cb421684c3c2a13258b1a8bbc73e23dd89ceafb6cc7f
                                            • Instruction Fuzzy Hash: F411E135A00608EADF209F61EC85BEE37ACEF11764B14402AF906D6085EB70CA80CF70
                                            Function 00D51D09 Relevance: 6.1, APIs: 4, Instructions: 63COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1670591504.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                            • Associated: 00000000.00000002.1670566303.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DBC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670670449.0000000000DEC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670683312.0000000000DF4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 74d01b297c49627d865b026255e7f3b4d4154dbf11ecb26f893b204137173a8a
                                            • Instruction ID: 51e0a0958a082124e87ee9c68b1655c60a96dd81d5811ffb7bf29242b3697ef3
                                            • Opcode Fuzzy Hash: 74d01b297c49627d865b026255e7f3b4d4154dbf11ecb26f893b204137173a8a
                                            • Instruction Fuzzy Hash: A9018FB620571A7EFE2126786CC0F67662DEF813BAB380326FD31A12D2DF608C494570
                                            Function 00D81A27 Relevance: 6.1, APIs: 4, Instructions: 56windowCOMMON
                                            Download Yara Rule
                                            APIs
                                            • SendMessageW.USER32(?,000000B0,?,?), ref: 00D81A47
                                            • SendMessageW.USER32(?,000000C9,?,00000000), ref: 00D81A59
                                            • SendMessageW.USER32(?,000000C9,?,00000000), ref: 00D81A6F
                                            • SendMessageW.USER32(?,000000C9,?,00000000), ref: 00D81A8A
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1670591504.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                            • Associated: 00000000.00000002.1670566303.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DBC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670670449.0000000000DEC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670683312.0000000000DF4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                            Similarity
                                            • API ID: MessageSend
                                            • String ID:
                                            • API String ID: 3850602802-0
                                            • Opcode ID: 7e4a01e036a63f46218bad9c5a7c6e71b29ec37d29a894d97a37e9b2722ec6f8
                                            • Instruction ID: df7198cee1d23b7c10bf4a4206e17958df858af2940dcc872b8eabd57b3208e8
                                            • Opcode Fuzzy Hash: 7e4a01e036a63f46218bad9c5a7c6e71b29ec37d29a894d97a37e9b2722ec6f8
                                            • Instruction Fuzzy Hash: 3D113C7AD01219FFEB10DBA4CD85FADBB78FB08750F200091E610B7290D6716E51DBA4
                                            Function 00D8E1D6 Relevance: 6.1, APIs: 4, Instructions: 55synchronizationthreadwindowCOMMON
                                            Download Yara Rule
                                            APIs
                                            • GetCurrentThreadId.KERNEL32 ref: 00D8E1FD
                                            • MessageBoxW.USER32(?,?,?,?), ref: 00D8E230
                                            • WaitForSingleObject.KERNEL32(00000000,000000FF,?,?,?,?), ref: 00D8E246
                                            • CloseHandle.KERNEL32(00000000,?,?,?,?), ref: 00D8E24D
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1670591504.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                            • Associated: 00000000.00000002.1670566303.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DBC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670670449.0000000000DEC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670683312.0000000000DF4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                            Similarity
                                            • API ID: CloseCurrentHandleMessageObjectSingleThreadWait
                                            • String ID:
                                            • API String ID: 2880819207-0
                                            • Opcode ID: 51f919411ccd9f937d595411a2f886e13778b03cbced39c4b10364a466edfb76
                                            • Instruction ID: ce0b5a3c36bf8e53a8616e85a00fe735028aa33f90d5fb01bfcb7e439eb2fe94
                                            • Opcode Fuzzy Hash: 51f919411ccd9f937d595411a2f886e13778b03cbced39c4b10364a466edfb76
                                            • Instruction Fuzzy Hash: 1711C476904354FBC701AFA89C49BAE7FADAB45324F548369F924E3391D6B0C9048BB0
                                            Function 00D4D1CC Relevance: 6.1, APIs: 4, Instructions: 55threadCOMMON
                                            Download Yara Rule
                                            APIs
                                            • CreateThread.KERNEL32(00000000,?,00D4CFF9,00000000,00000004,00000000), ref: 00D4D218
                                            • GetLastError.KERNEL32 ref: 00D4D224
                                            • __dosmaperr.LIBCMT ref: 00D4D22B
                                            • ResumeThread.KERNEL32(00000000), ref: 00D4D249
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1670591504.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                            • Associated: 00000000.00000002.1670566303.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DBC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670670449.0000000000DEC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670683312.0000000000DF4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                            Similarity
                                            • API ID: Thread$CreateErrorLastResume__dosmaperr
                                            • String ID:
                                            • API String ID: 173952441-0
                                            • Opcode ID: 0549aecd4c14683bd382f1d7371143511b6893594b1bcd3c6fa44f64e2fe7e00
                                            • Instruction ID: 484b44cf6e52b451bb1a0fa9176962798e57aecf5dfb94a9d021b906a0e9a045
                                            • Opcode Fuzzy Hash: 0549aecd4c14683bd382f1d7371143511b6893594b1bcd3c6fa44f64e2fe7e00
                                            • Instruction Fuzzy Hash: 7401F936815314BBCB115BB5DC49BAF7A6AEF82331F140319F925E61E0CBB0C905C6B0
                                            Function 00DB9EF3 Relevance: 6.1, APIs: 4, Instructions: 55COMMON
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 00D39BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00D39BB2
                                            • GetClientRect.USER32(?,?), ref: 00DB9F31
                                            • GetCursorPos.USER32(?), ref: 00DB9F3B
                                            • ScreenToClient.USER32(?,?), ref: 00DB9F46
                                            • DefDlgProcW.USER32(?,00000020,?,00000000,?,?,?), ref: 00DB9F7A
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1670591504.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                            • Associated: 00000000.00000002.1670566303.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DBC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670670449.0000000000DEC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670683312.0000000000DF4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                            Similarity
                                            • API ID: Client$CursorLongProcRectScreenWindow
                                            • String ID:
                                            • API String ID: 4127811313-0
                                            • Opcode ID: 274edf618cbac93382edb92c2f132b487f30650389ef4374395d09529877eaa5
                                            • Instruction ID: c30815be92bcf1a360ac56321155a50a00d4a3bd9e1e30da33150e1ee433888b
                                            • Opcode Fuzzy Hash: 274edf618cbac93382edb92c2f132b487f30650389ef4374395d09529877eaa5
                                            • Instruction Fuzzy Hash: 8411283190025AEBDB10DF98C8959FEB7B8FF49321F000555FA12E3150D730AA81CBB1
                                            Function 00D2600E Relevance: 6.1, APIs: 4, Instructions: 53windowCOMMON
                                            Download Yara Rule
                                            APIs
                                            • CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 00D2604C
                                            • GetStockObject.GDI32(00000011), ref: 00D26060
                                            • SendMessageW.USER32(00000000,00000030,00000000), ref: 00D2606A
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1670591504.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                            • Associated: 00000000.00000002.1670566303.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DBC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670670449.0000000000DEC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670683312.0000000000DF4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                            Similarity
                                            • API ID: CreateMessageObjectSendStockWindow
                                            • String ID:
                                            • API String ID: 3970641297-0
                                            • Opcode ID: 15d9add58787714dba5e7e814a700420bab7455b88e42ee25f40a7e29c863f56
                                            • Instruction ID: 1b82d38d68febca053ff9451775a867487cd09e3efb45a6c49271dd17e836359
                                            • Opcode Fuzzy Hash: 15d9add58787714dba5e7e814a700420bab7455b88e42ee25f40a7e29c863f56
                                            • Instruction Fuzzy Hash: C3115E72501659FFEF124FA49D44EEA7B69FF19398F040215FA1496110D732DC60EBB0
                                            Function 00D43B3C Relevance: 6.1, APIs: 4, Instructions: 53COMMONLIBRARYCODE
                                            Download Yara Rule
                                            APIs
                                            • ___BuildCatchObject.LIBVCRUNTIME ref: 00D43B56
                                              • Part of subcall function 00D43AA3: BuildCatchObjectHelperInternal.LIBVCRUNTIME ref: 00D43AD2
                                              • Part of subcall function 00D43AA3: ___AdjustPointer.LIBCMT ref: 00D43AED
                                            • _UnwindNestedFrames.LIBCMT ref: 00D43B6B
                                            • __FrameHandler3::FrameUnwindToState.LIBVCRUNTIME ref: 00D43B7C
                                            • CallCatchBlock.LIBVCRUNTIME ref: 00D43BA4
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1670591504.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                            • Associated: 00000000.00000002.1670566303.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DBC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670670449.0000000000DEC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670683312.0000000000DF4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                            Similarity
                                            • API ID: Catch$BuildFrameObjectUnwind$AdjustBlockCallFramesHandler3::HelperInternalNestedPointerState
                                            • String ID:
                                            • API String ID: 737400349-0
                                            • Opcode ID: 12ea49abee573113f57dbd3ec3a577afcc9c348439d29e6cbe32e78011ac24d3
                                            • Instruction ID: 29657a57d0a5c83634711219925720a5d2fa7d4d2f26b3bb3d11fc3102032407
                                            • Opcode Fuzzy Hash: 12ea49abee573113f57dbd3ec3a577afcc9c348439d29e6cbe32e78011ac24d3
                                            • Instruction Fuzzy Hash: 0E010C32100149BBDF126E99CC46EEB7F6DEF58754F084114FE4896121C732E961DBB0
                                            Function 00D53073 Relevance: 6.1, APIs: 4, Instructions: 52libraryCOMMONLIBRARYCODE
                                            Download Yara Rule
                                            APIs
                                            • LoadLibraryExW.KERNEL32(00000000,00000000,00000800,00D213C6,00000000,00000000,?,00D5301A,00D213C6,00000000,00000000,00000000,?,00D5328B,00000006,FlsSetValue), ref: 00D530A5
                                            • GetLastError.KERNEL32(?,00D5301A,00D213C6,00000000,00000000,00000000,?,00D5328B,00000006,FlsSetValue,00DC2290,FlsSetValue,00000000,00000364,?,00D52E46), ref: 00D530B1
                                            • LoadLibraryExW.KERNEL32(00000000,00000000,00000000,?,00D5301A,00D213C6,00000000,00000000,00000000,?,00D5328B,00000006,FlsSetValue,00DC2290,FlsSetValue,00000000), ref: 00D530BF
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1670591504.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                            • Associated: 00000000.00000002.1670566303.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DBC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670670449.0000000000DEC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670683312.0000000000DF4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                            Similarity
                                            • API ID: LibraryLoad$ErrorLast
                                            • String ID:
                                            • API String ID: 3177248105-0
                                            • Opcode ID: beb2eb92a3a3c8173ff1227379cf4d22eb952ffbe6d16d55fc8fb75dc97849dc
                                            • Instruction ID: d1e49bdcbe3e7f4319f9faf3043b9da3023d8a5afe0ecc48da801b31ed85dec1
                                            • Opcode Fuzzy Hash: beb2eb92a3a3c8173ff1227379cf4d22eb952ffbe6d16d55fc8fb75dc97849dc
                                            • Instruction Fuzzy Hash: 8201B132311322EBCF214E6C9C449667B98AF45BE2B144720FD05E32C0C721D909C6F0
                                            Function 00D87464 Relevance: 6.1, APIs: 4, Instructions: 51registryCOMMON
                                            Download Yara Rule
                                            APIs
                                            • GetModuleFileNameW.KERNEL32(?,?,00000104,00000000), ref: 00D8747F
                                            • LoadTypeLibEx.OLEAUT32(?,00000002,?), ref: 00D87497
                                            • RegisterTypeLib.OLEAUT32(?,?,00000000), ref: 00D874AC
                                            • RegisterTypeLibForUser.OLEAUT32(?,?,00000000), ref: 00D874CA
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1670591504.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                            • Associated: 00000000.00000002.1670566303.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DBC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670670449.0000000000DEC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670683312.0000000000DF4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                            Similarity
                                            • API ID: Type$Register$FileLoadModuleNameUser
                                            • String ID:
                                            • API String ID: 1352324309-0
                                            • Opcode ID: d150fadd8eb5c1143a0fdf71b23f0df3b66894587860524cb0626d23a7d04b8d
                                            • Instruction ID: 26fdf25316ccb8ad327f4a612f551517bec97474fc410589de261ccaffd44640
                                            • Opcode Fuzzy Hash: d150fadd8eb5c1143a0fdf71b23f0df3b66894587860524cb0626d23a7d04b8d
                                            • Instruction Fuzzy Hash: DE116DB5209315EBE720AF58DC09F927FFCFB40B14F208569A696D6191D7B0E904DB70
                                            Function 00D8B0A8 Relevance: 6.0, APIs: 4, Instructions: 50sleepCOMMON
                                            Download Yara Rule
                                            APIs
                                            • QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,?,?,00D8ACD3,?,00008000), ref: 00D8B0C4
                                            • Sleep.KERNEL32(00000000,?,?,?,?,?,?,?,?,00D8ACD3,?,00008000), ref: 00D8B0E9
                                            • QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,?,?,00D8ACD3,?,00008000), ref: 00D8B0F3
                                            • Sleep.KERNEL32(00000000,?,?,?,?,?,?,?,?,00D8ACD3,?,00008000), ref: 00D8B126
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1670591504.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                            • Associated: 00000000.00000002.1670566303.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DBC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670670449.0000000000DEC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670683312.0000000000DF4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                            Similarity
                                            • API ID: CounterPerformanceQuerySleep
                                            • String ID:
                                            • API String ID: 2875609808-0
                                            • Opcode ID: 92deec6943942f35ea7c4b1dba48a895f395952ad780fa00f9b7bb872fb36fc1
                                            • Instruction ID: c7dd3ff025049e1ca12b29185d6af6ae3b4147ca337fd546e7d3598d255b9480
                                            • Opcode Fuzzy Hash: 92deec6943942f35ea7c4b1dba48a895f395952ad780fa00f9b7bb872fb36fc1
                                            • Instruction Fuzzy Hash: D4113931D01728E7CF00EFA8E9986EEBB78FF0A761F114186D981B6281CB3096508B71
                                            Function 00DB7E14 Relevance: 6.0, APIs: 4, Instructions: 46COMMON
                                            Download Yara Rule
                                            APIs
                                            • GetWindowRect.USER32(?,?), ref: 00DB7E33
                                            • ScreenToClient.USER32(?,?), ref: 00DB7E4B
                                            • ScreenToClient.USER32(?,?), ref: 00DB7E6F
                                            • InvalidateRect.USER32(?,?,?,?,?,?,?,?,?,?,?,?), ref: 00DB7E8A
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1670591504.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                            • Associated: 00000000.00000002.1670566303.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DBC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670670449.0000000000DEC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670683312.0000000000DF4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                            Similarity
                                            • API ID: ClientRectScreen$InvalidateWindow
                                            • String ID:
                                            • API String ID: 357397906-0
                                            • Opcode ID: a9aa38998963001654826bf5510f1e09f274b367dc50f220caadd5adcc9fe73b
                                            • Instruction ID: 0d8e34f987377651fd9cda738af57649545429eb4fe1207e8015601690566d24
                                            • Opcode Fuzzy Hash: a9aa38998963001654826bf5510f1e09f274b367dc50f220caadd5adcc9fe73b
                                            • Instruction Fuzzy Hash: E01113B9D0024AEFDB41DF98C8849EEBBF5FF08310F505166E915E2210D735AA55CF60
                                            Function 00D82DA7 Relevance: 6.0, APIs: 4, Instructions: 34threadwindowtimeCOMMON
                                            Download Yara Rule
                                            APIs
                                            • SendMessageTimeoutW.USER32(?,00000000,00000000,00000000,00000002,00001388,?), ref: 00D82DC5
                                            • GetWindowThreadProcessId.USER32(?,00000000), ref: 00D82DD6
                                            • GetCurrentThreadId.KERNEL32 ref: 00D82DDD
                                            • AttachThreadInput.USER32(00000000,?,00000000,00000000), ref: 00D82DE4
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1670591504.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                            • Associated: 00000000.00000002.1670566303.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DBC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670670449.0000000000DEC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670683312.0000000000DF4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                            Similarity
                                            • API ID: Thread$AttachCurrentInputMessageProcessSendTimeoutWindow
                                            • String ID:
                                            • API String ID: 2710830443-0
                                            • Opcode ID: f2cdb951f5763cac0f6063000577cbcda957cc3dd49bb9d692a3be09a89c851d
                                            • Instruction ID: cd04ecf3013816d4998e149634cae816d11cfc021695b2f1c668ec7339617107
                                            • Opcode Fuzzy Hash: f2cdb951f5763cac0f6063000577cbcda957cc3dd49bb9d692a3be09a89c851d
                                            • Instruction Fuzzy Hash: 4AE06D72611324FBD7202B629C0DEFB3F6CFB42BA1F041215B505D11909AA4C840C6F0
                                            Function 00DB8863 Relevance: 6.0, APIs: 4, Instructions: 31COMMON
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 00D39639: ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,00000000), ref: 00D39693
                                              • Part of subcall function 00D39639: SelectObject.GDI32(?,00000000), ref: 00D396A2
                                              • Part of subcall function 00D39639: BeginPath.GDI32(?), ref: 00D396B9
                                              • Part of subcall function 00D39639: SelectObject.GDI32(?,00000000), ref: 00D396E2
                                            • MoveToEx.GDI32(?,00000000,00000000,00000000), ref: 00DB8887
                                            • LineTo.GDI32(?,?,?), ref: 00DB8894
                                            • EndPath.GDI32(?), ref: 00DB88A4
                                            • StrokePath.GDI32(?), ref: 00DB88B2
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1670591504.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                            • Associated: 00000000.00000002.1670566303.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DBC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670670449.0000000000DEC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670683312.0000000000DF4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                            Similarity
                                            • API ID: Path$ObjectSelect$BeginCreateLineMoveStroke
                                            • String ID:
                                            • API String ID: 1539411459-0
                                            • Opcode ID: 7500047694a395e2d952c44879ebd50aa58aa38878260494d9106fa1033a885a
                                            • Instruction ID: 0acfe7649f6f93a65bc8d83a0afb572f5c37ba57a93ad940e8a14e7899f2bd68
                                            • Opcode Fuzzy Hash: 7500047694a395e2d952c44879ebd50aa58aa38878260494d9106fa1033a885a
                                            • Instruction Fuzzy Hash: 3DF03A3A041359FBDB126F94AC0AFDA3A59AF06310F448100FA12A52E1C7B55511DFF5
                                            Function 00D398B0 Relevance: 6.0, APIs: 4, Instructions: 23COMMON
                                            Download Yara Rule
                                            APIs
                                            • GetSysColor.USER32(00000008), ref: 00D398CC
                                            • SetTextColor.GDI32(?,?), ref: 00D398D6
                                            • SetBkMode.GDI32(?,00000001), ref: 00D398E9
                                            • GetStockObject.GDI32(00000005), ref: 00D398F1
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1670591504.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                            • Associated: 00000000.00000002.1670566303.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DBC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670670449.0000000000DEC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670683312.0000000000DF4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                            Similarity
                                            • API ID: Color$ModeObjectStockText
                                            • String ID:
                                            • API String ID: 4037423528-0
                                            • Opcode ID: f0d272ac7915411b185c3b33dc62f62c276efffe10ecf751dee39a682e2cc8f6
                                            • Instruction ID: bfdb016486b41e71d6c767c5827208922238e95b4447e60aba9a0e9cc7689a24
                                            • Opcode Fuzzy Hash: f0d272ac7915411b185c3b33dc62f62c276efffe10ecf751dee39a682e2cc8f6
                                            • Instruction Fuzzy Hash: CDE06D31254780EADB215B78EC09BE83F60BB12376F08D719F6FAA81E1C37146409B30
                                            Function 00D8162B Relevance: 6.0, APIs: 4, Instructions: 22threadCOMMON
                                            Download Yara Rule
                                            APIs
                                            • GetCurrentThread.KERNEL32 ref: 00D81634
                                            • OpenThreadToken.ADVAPI32(00000000,?,?,?,00D811D9), ref: 00D8163B
                                            • GetCurrentProcess.KERNEL32(00000028,?,?,?,?,00D811D9), ref: 00D81648
                                            • OpenProcessToken.ADVAPI32(00000000,?,?,?,00D811D9), ref: 00D8164F
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1670591504.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                            • Associated: 00000000.00000002.1670566303.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DBC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670670449.0000000000DEC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670683312.0000000000DF4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                            Similarity
                                            • API ID: CurrentOpenProcessThreadToken
                                            • String ID:
                                            • API String ID: 3974789173-0
                                            • Opcode ID: 6b1dbf114a1966d0330857ee7710336c9a0267f3be5835c1001411822a9eb3cb
                                            • Instruction ID: d26348a4a783891cb501e5c95f6981148f8302509ef31aca5ca394287f3d0d92
                                            • Opcode Fuzzy Hash: 6b1dbf114a1966d0330857ee7710336c9a0267f3be5835c1001411822a9eb3cb
                                            • Instruction Fuzzy Hash: 18E08635611311DBD7302FA09D0DF8A3B7CBF44791F184918F285C9180E6344445C774
                                            Function 00D7D858 Relevance: 6.0, APIs: 4, Instructions: 19COMMON
                                            Download Yara Rule
                                            APIs
                                            • GetDesktopWindow.USER32 ref: 00D7D858
                                            • GetDC.USER32(00000000), ref: 00D7D862
                                            • GetDeviceCaps.GDI32(00000000,0000000C), ref: 00D7D882
                                            • ReleaseDC.USER32(?), ref: 00D7D8A3
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1670591504.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                            • Associated: 00000000.00000002.1670566303.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DBC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670670449.0000000000DEC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670683312.0000000000DF4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                            Similarity
                                            • API ID: CapsDesktopDeviceReleaseWindow
                                            • String ID:
                                            • API String ID: 2889604237-0
                                            • Opcode ID: 213ad435138a5566b37a82809283c073b245fea547a700d361871b50e868be37
                                            • Instruction ID: d7335410016179c1b3621526c5ee034ddf1ae4405fd0d3034d347541794f2388
                                            • Opcode Fuzzy Hash: 213ad435138a5566b37a82809283c073b245fea547a700d361871b50e868be37
                                            • Instruction Fuzzy Hash: 6FE0E5B4810204DFCB41AFA49908A6DBBB2FB48310F10A149E846E7360D7388901AF60
                                            Function 00D7D86C Relevance: 6.0, APIs: 4, Instructions: 18COMMON
                                            Download Yara Rule
                                            APIs
                                            • GetDesktopWindow.USER32 ref: 00D7D86C
                                            • GetDC.USER32(00000000), ref: 00D7D876
                                            • GetDeviceCaps.GDI32(00000000,0000000C), ref: 00D7D882
                                            • ReleaseDC.USER32(?), ref: 00D7D8A3
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1670591504.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                            • Associated: 00000000.00000002.1670566303.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DBC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670670449.0000000000DEC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670683312.0000000000DF4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                            Similarity
                                            • API ID: CapsDesktopDeviceReleaseWindow
                                            • String ID:
                                            • API String ID: 2889604237-0
                                            • Opcode ID: ded8cd27bd4311002711ad8ab5d97730b5928aab3d158636e7ef18a90ddddbd5
                                            • Instruction ID: efcde3e921ca28d082f64cd859bfe4f723941db17137da67957e1e5d0ae491e7
                                            • Opcode Fuzzy Hash: ded8cd27bd4311002711ad8ab5d97730b5928aab3d158636e7ef18a90ddddbd5
                                            • Instruction Fuzzy Hash: 2EE01A74C10304DFCB40AFA4D808A6DBBB1FB48310F10A148F846E7360C73859019F60
                                            Function 00D94D87 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 230shareCOMMON
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 00D27620: _wcslen.LIBCMT ref: 00D27625
                                            • WNetUseConnectionW.MPR(00000000,?,0000002A,00000000,?,?,0000002A,?), ref: 00D94ED4
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1670591504.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                            • Associated: 00000000.00000002.1670566303.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DBC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670670449.0000000000DEC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670683312.0000000000DF4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                            Similarity
                                            • API ID: Connection_wcslen
                                            • String ID: *$LPT
                                            • API String ID: 1725874428-3443410124
                                            • Opcode ID: 7490d699fee0f7fb9fad5e572d8fa03fe4c31447abc859d87a3cbba465df6670
                                            • Instruction ID: 2e3a66bf19df65aaf7e0d3fd8309209a31bdc0dff163863ea21ea506b6cbd1c0
                                            • Opcode Fuzzy Hash: 7490d699fee0f7fb9fad5e572d8fa03fe4c31447abc859d87a3cbba465df6670
                                            • Instruction Fuzzy Hash: 71914E75A002159FCB14DF58C494EAABBF1EF44308F188099E44A9F762D731ED86CBB1
                                            Function 00D4E27D Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 189COMMON
                                            Download Yara Rule
                                            APIs
                                            • __startOneArgErrorHandling.LIBCMT ref: 00D4E30D
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1670591504.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                            • Associated: 00000000.00000002.1670566303.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DBC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670670449.0000000000DEC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670683312.0000000000DF4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                            Similarity
                                            • API ID: ErrorHandling__start
                                            • String ID: pow
                                            • API String ID: 3213639722-2276729525
                                            • Opcode ID: fc3159c5df3c1124250d944d7b3c4c06e06dcae6c1df91a0b85af9bbe7554d99
                                            • Instruction ID: 8649c314daf740b869223be2f5ed461e88b2fe07d5f843d34cac401a6171b514
                                            • Opcode Fuzzy Hash: fc3159c5df3c1124250d944d7b3c4c06e06dcae6c1df91a0b85af9bbe7554d99
                                            • Instruction Fuzzy Hash: 8D515A61A0C303E7CF167B14E9467792BA4FF40742F384999FCD5823A9DB318C899A76
                                            Function 00D3E187 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 184COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1670591504.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                            • Associated: 00000000.00000002.1670566303.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DBC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670670449.0000000000DEC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670683312.0000000000DF4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: #
                                            • API String ID: 0-1885708031
                                            • Opcode ID: aa338bfba39bcf72d77007160a939b12ee31efee0aed110a2d802af24173e5f4
                                            • Instruction ID: 49336582fd0c8a354fca682f22a9d861fbb7b20bebde52a45ee5f4ebf14a4040
                                            • Opcode Fuzzy Hash: aa338bfba39bcf72d77007160a939b12ee31efee0aed110a2d802af24173e5f4
                                            • Instruction Fuzzy Hash: 5B512439500356DFDB19DF68C481ABA7BA8EF69310F288095F8959B2D0E634DD52CBB0
                                            Function 00D3F291 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 144sleepCOMMON
                                            Download Yara Rule
                                            APIs
                                            • Sleep.KERNEL32(00000000), ref: 00D3F2A2
                                            • GlobalMemoryStatusEx.KERNEL32(?), ref: 00D3F2BB
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1670591504.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                            • Associated: 00000000.00000002.1670566303.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DBC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670670449.0000000000DEC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670683312.0000000000DF4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                            Similarity
                                            • API ID: GlobalMemorySleepStatus
                                            • String ID: @
                                            • API String ID: 2783356886-2766056989
                                            • Opcode ID: ee9dcad4323fb792115a645a6af6a1554d88fdd2ad651aa3f29fcd836e076911
                                            • Instruction ID: 623709095520d82dcb255d874d72eec9f6ff360224e1244b5e69a1d3060b6f6a
                                            • Opcode Fuzzy Hash: ee9dcad4323fb792115a645a6af6a1554d88fdd2ad651aa3f29fcd836e076911
                                            • Instruction Fuzzy Hash: AE513771418744ABD320AF50E886BAFBBF8FF94304F81885DF1D981195EB308929CB76
                                            Function 00DA5745 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 125COMMON
                                            Download Yara Rule
                                            APIs
                                            • CharUpperBuffW.USER32(?,?,?,00000003,?,?), ref: 00DA57E0
                                            • _wcslen.LIBCMT ref: 00DA57EC
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1670591504.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                            • Associated: 00000000.00000002.1670566303.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DBC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670670449.0000000000DEC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670683312.0000000000DF4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                            Similarity
                                            • API ID: BuffCharUpper_wcslen
                                            • String ID: CALLARGARRAY
                                            • API String ID: 157775604-1150593374
                                            • Opcode ID: 03b4859789055a2e9faee22b9eb5e070eecf3035658d1e5c375d06f11e029866
                                            • Instruction ID: 413eaba4fc6c38f0014de1c5f602a570f66bfd04f713fd31463c1cc723bd8534
                                            • Opcode Fuzzy Hash: 03b4859789055a2e9faee22b9eb5e070eecf3035658d1e5c375d06f11e029866
                                            • Instruction Fuzzy Hash: D7418E71E002099FCB14EFB9D8819AEBBB5FF5A324F144069E505A7296E734DD81CBB0
                                            Function 00D9D0F4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 98networkCOMMON
                                            Download Yara Rule
                                            APIs
                                            • _wcslen.LIBCMT ref: 00D9D130
                                            • InternetCrackUrlW.WININET(?,00000000,00000000,0000007C), ref: 00D9D13A
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1670591504.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                            • Associated: 00000000.00000002.1670566303.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DBC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670670449.0000000000DEC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670683312.0000000000DF4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                            Similarity
                                            • API ID: CrackInternet_wcslen
                                            • String ID: |
                                            • API String ID: 596671847-2343686810
                                            • Opcode ID: 5101177e933aec81bcd337283c48de15f22a8651154212ef037285b7afd39a85
                                            • Instruction ID: 06836046be90cb2d872d080d25dab082fc662bd3386ead3370bb0d5f08ac124c
                                            • Opcode Fuzzy Hash: 5101177e933aec81bcd337283c48de15f22a8651154212ef037285b7afd39a85
                                            • Instruction Fuzzy Hash: 63311871D01219ABCF15EFA4DC85AEEBFBAFF14304F104019F815A6166EB31AA46DB70
                                            Function 00DB356C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 96COMMON
                                            Download Yara Rule
                                            APIs
                                            • DestroyWindow.USER32(?,?,?,?), ref: 00DB3621
                                            • MoveWindow.USER32(?,?,?,?,?,00000001,?,?,?), ref: 00DB365C
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1670591504.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                            • Associated: 00000000.00000002.1670566303.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DBC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670670449.0000000000DEC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670683312.0000000000DF4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                            Similarity
                                            • API ID: Window$DestroyMove
                                            • String ID: static
                                            • API String ID: 2139405536-2160076837
                                            • Opcode ID: 6f1f74fb2d3bd5fc7bb649c2cb71d91c5964a53a2f4ca0a6497edb7f75c53068
                                            • Instruction ID: dc3432ee64dea834f06085031345cdd5ab02f0b172bb05dc8f407b01f85ad5ac
                                            • Opcode Fuzzy Hash: 6f1f74fb2d3bd5fc7bb649c2cb71d91c5964a53a2f4ca0a6497edb7f75c53068
                                            • Instruction Fuzzy Hash: A4318D71110604EEDB249F28DC80EFB73A9FF88764F049619F9A6D7290DA30AD91E770
                                            Function 00DB4537 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 95windowCOMMON
                                            Download Yara Rule
                                            APIs
                                            • SendMessageW.USER32(00000027,00001132,00000000,?), ref: 00DB461F
                                            • SendMessageW.USER32(?,00001105,00000000,00000000), ref: 00DB4634
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1670591504.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                            • Associated: 00000000.00000002.1670566303.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DBC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670670449.0000000000DEC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670683312.0000000000DF4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                            Similarity
                                            • API ID: MessageSend
                                            • String ID: '
                                            • API String ID: 3850602802-1997036262
                                            • Opcode ID: ad51e8b1068464ffe629b045c4cd0de881f4fb6f87c69a8b95781529f435983d
                                            • Instruction ID: 3a7bc4c54eac1eabb640fc2a8156a3daf20a4b70e3c9f1cb848cace5fb0f671e
                                            • Opcode Fuzzy Hash: ad51e8b1068464ffe629b045c4cd0de881f4fb6f87c69a8b95781529f435983d
                                            • Instruction Fuzzy Hash: 0C31F574A01619EFDB14CFA9C990BEA7BF5FF49300F14406AE905AB392D770A941CFA0
                                            Function 00DB31EF Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 72windowCOMMON
                                            Download Yara Rule
                                            APIs
                                            • SendMessageW.USER32(00000000,00000143,00000000,?), ref: 00DB327C
                                            • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 00DB3287
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1670591504.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                            • Associated: 00000000.00000002.1670566303.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DBC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670670449.0000000000DEC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670683312.0000000000DF4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                            Similarity
                                            • API ID: MessageSend
                                            • String ID: Combobox
                                            • API String ID: 3850602802-2096851135
                                            • Opcode ID: 59432dbe9e79d163bed98645966263c8636d56c1932a82a84843c5303b751a55
                                            • Instruction ID: 6436527e9752d0b165fac9584866cd537a0b5a180537de469662109f85ce2aa5
                                            • Opcode Fuzzy Hash: 59432dbe9e79d163bed98645966263c8636d56c1932a82a84843c5303b751a55
                                            • Instruction Fuzzy Hash: 8611B271300208FFEF259E94DC81EFB376AEB983A4F144228F91997290D671DD51A7B0
                                            Function 00DB3710 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 67COMMON
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 00D2600E: CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 00D2604C
                                              • Part of subcall function 00D2600E: GetStockObject.GDI32(00000011), ref: 00D26060
                                              • Part of subcall function 00D2600E: SendMessageW.USER32(00000000,00000030,00000000), ref: 00D2606A
                                            • GetWindowRect.USER32(00000000,?), ref: 00DB377A
                                            • GetSysColor.USER32(00000012), ref: 00DB3794
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1670591504.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                            • Associated: 00000000.00000002.1670566303.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DBC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670670449.0000000000DEC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670683312.0000000000DF4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                            Similarity
                                            • API ID: Window$ColorCreateMessageObjectRectSendStock
                                            • String ID: static
                                            • API String ID: 1983116058-2160076837
                                            • Opcode ID: 2ab130adabe9b4b63fa26004fdb6feef498cd95a9ab16c4cddb3c367e1a91ee1
                                            • Instruction ID: 5074e9dcf8d6cc135914775bd0cabc181c7832f8f5b3fb247a8be7cff1e26fcf
                                            • Opcode Fuzzy Hash: 2ab130adabe9b4b63fa26004fdb6feef498cd95a9ab16c4cddb3c367e1a91ee1
                                            • Instruction Fuzzy Hash: DA1129B2610209EFDB00DFA8CC45EEA7BB8FB08354F005614F956E2250EB75E851DB60
                                            Function 00D9CD1E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66networkCOMMON
                                            Download Yara Rule
                                            APIs
                                            • InternetOpenW.WININET(?,00000000,00000000,00000000,00000000), ref: 00D9CD7D
                                            • InternetSetOptionW.WININET(00000000,00000032,?,00000008), ref: 00D9CDA6
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1670591504.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                            • Associated: 00000000.00000002.1670566303.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DBC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670670449.0000000000DEC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670683312.0000000000DF4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                            Similarity
                                            • API ID: Internet$OpenOption
                                            • String ID: <local>
                                            • API String ID: 942729171-4266983199
                                            • Opcode ID: cd4eaf62d153c1ead5db93899a39784e744b51c4a618e762e48e07c1bc1c9a4d
                                            • Instruction ID: 74ff1471b48e9473ca9dab35fddecdd1661d79158fbde68fe7c8782aac43c496
                                            • Opcode Fuzzy Hash: cd4eaf62d153c1ead5db93899a39784e744b51c4a618e762e48e07c1bc1c9a4d
                                            • Instruction Fuzzy Hash: 9411E5B1225631BADB384B668C49FF7BEACEF127A4F00523AB149C3180D7709841D6F0
                                            Function 00DB3429 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 64windowCOMMON
                                            Download Yara Rule
                                            APIs
                                            • GetWindowTextLengthW.USER32(00000000), ref: 00DB34AB
                                            • SendMessageW.USER32(?,000000B1,00000000,00000000), ref: 00DB34BA
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1670591504.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                            • Associated: 00000000.00000002.1670566303.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DBC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670670449.0000000000DEC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670683312.0000000000DF4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                            Similarity
                                            • API ID: LengthMessageSendTextWindow
                                            • String ID: edit
                                            • API String ID: 2978978980-2167791130
                                            • Opcode ID: d3844a4fa379260fcbffc0719c41683f31ab2fe3f97c1cddfe6345b766c03e47
                                            • Instruction ID: 37f9fc6e875c4dcff8f75f760d535f6417a3004f0c054d83817ece98c4d64e65
                                            • Opcode Fuzzy Hash: d3844a4fa379260fcbffc0719c41683f31ab2fe3f97c1cddfe6345b766c03e47
                                            • Instruction Fuzzy Hash: 9E116A71110208EBEB228E68DC44AEB37AAEB15778F544324F966932E0C771DC51AB70
                                            Function 00D86C86 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 56COMMON
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 00D29CB3: _wcslen.LIBCMT ref: 00D29CBD
                                            • CharUpperBuffW.USER32(?,?,?), ref: 00D86CB6
                                            • _wcslen.LIBCMT ref: 00D86CC2
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1670591504.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                            • Associated: 00000000.00000002.1670566303.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DBC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670670449.0000000000DEC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670683312.0000000000DF4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                            Similarity
                                            • API ID: _wcslen$BuffCharUpper
                                            • String ID: STOP
                                            • API String ID: 1256254125-2411985666
                                            • Opcode ID: d28f445e7e9c4d0d2c5c34ed67a52bb54167d5ab047aba8205e20c485ae5a852
                                            • Instruction ID: 2707650abaefe6863d08d60cba27c8cd15e339685ec4f1f038d5d642a71f7da9
                                            • Opcode Fuzzy Hash: d28f445e7e9c4d0d2c5c34ed67a52bb54167d5ab047aba8205e20c485ae5a852
                                            • Instruction Fuzzy Hash: 7E01C032A105268BCB21BFBDDC909BF7BA5FB61724B190528E86296294EA31D940C770
                                            Function 00D81CDE Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 52windowCOMMON
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 00D29CB3: _wcslen.LIBCMT ref: 00D29CBD
                                              • Part of subcall function 00D83CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00D83CCA
                                            • SendMessageW.USER32(?,000001A2,000000FF,?), ref: 00D81D4C
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1670591504.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                            • Associated: 00000000.00000002.1670566303.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DBC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670670449.0000000000DEC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670683312.0000000000DF4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                            Similarity
                                            • API ID: ClassMessageNameSend_wcslen
                                            • String ID: ComboBox$ListBox
                                            • API String ID: 624084870-1403004172
                                            • Opcode ID: 168fe22d20545dac3669b0e2cf9b57f1044640d8a141576816ca356679e80557
                                            • Instruction ID: e86087a365f46f32846f8eec79a13a4d41d43ab161501f5233f461498b9a42d2
                                            • Opcode Fuzzy Hash: 168fe22d20545dac3669b0e2cf9b57f1044640d8a141576816ca356679e80557
                                            • Instruction Fuzzy Hash: B901D875601228ABCB04FBA4DC61EFEB368FB56354F040619F876573D1EA30590D8770
                                            Function 00D81BD8 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 50windowCOMMON
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 00D29CB3: _wcslen.LIBCMT ref: 00D29CBD
                                              • Part of subcall function 00D83CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00D83CCA
                                            • SendMessageW.USER32(?,00000180,00000000,?), ref: 00D81C46
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1670591504.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                            • Associated: 00000000.00000002.1670566303.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DBC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670670449.0000000000DEC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670683312.0000000000DF4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                            Similarity
                                            • API ID: ClassMessageNameSend_wcslen
                                            • String ID: ComboBox$ListBox
                                            • API String ID: 624084870-1403004172
                                            • Opcode ID: f8d2819f2d8db15a89b88e918ded00adfb18acecbeb6e39b39f8b80fbde88ccd
                                            • Instruction ID: 3d3084113d5ca812052e1a4d5f705b48cca1cc1f0542d48acc13d6e70b62f1cf
                                            • Opcode Fuzzy Hash: f8d2819f2d8db15a89b88e918ded00adfb18acecbeb6e39b39f8b80fbde88ccd
                                            • Instruction Fuzzy Hash: 4201A7B9A81118ABCB04FB90D961EFFF7ACEB15744F140019A41667281EA209E1D97B1
                                            Function 00D81C5C Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 49windowCOMMON
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 00D29CB3: _wcslen.LIBCMT ref: 00D29CBD
                                              • Part of subcall function 00D83CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00D83CCA
                                            • SendMessageW.USER32(?,00000182,?,00000000), ref: 00D81CC8
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1670591504.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                            • Associated: 00000000.00000002.1670566303.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DBC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670670449.0000000000DEC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670683312.0000000000DF4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                            Similarity
                                            • API ID: ClassMessageNameSend_wcslen
                                            • String ID: ComboBox$ListBox
                                            • API String ID: 624084870-1403004172
                                            • Opcode ID: a9c6e5c4e510812d257c818683b72b57bdf1b7c00e6deebacc71eda47b713f7f
                                            • Instruction ID: 4730a161e23181ab938651c22a0327dac39e86af5255fb521c275c676358590e
                                            • Opcode Fuzzy Hash: a9c6e5c4e510812d257c818683b72b57bdf1b7c00e6deebacc71eda47b713f7f
                                            • Instruction Fuzzy Hash: 9101DBB564011867CB04F791DA11EFEF3ACEB21344F140015B80573281EA609F1DD771
                                            Function 00D81D68 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 46windowCOMMON
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 00D29CB3: _wcslen.LIBCMT ref: 00D29CBD
                                              • Part of subcall function 00D83CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00D83CCA
                                            • SendMessageW.USER32(?,0000018B,00000000,00000000), ref: 00D81DD3
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1670591504.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                            • Associated: 00000000.00000002.1670566303.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DBC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670670449.0000000000DEC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670683312.0000000000DF4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                            Similarity
                                            • API ID: ClassMessageNameSend_wcslen
                                            • String ID: ComboBox$ListBox
                                            • API String ID: 624084870-1403004172
                                            • Opcode ID: 9774acb9fbd0b3f8fcb2545c941236b6ecc53ac22c93e1372f8ff63fc715a93a
                                            • Instruction ID: 81e697c062802f6d27bd86fee1bdcd767b106a7428d6345641abf912835a2603
                                            • Opcode Fuzzy Hash: 9774acb9fbd0b3f8fcb2545c941236b6ecc53ac22c93e1372f8ff63fc715a93a
                                            • Instruction Fuzzy Hash: 5DF0A4B5A41228ABDB04F7A4DC62FFEB76CEB11754F080915B862632C1DA60990D8370
                                            Function 00DA747E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36COMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1670591504.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                            • Associated: 00000000.00000002.1670566303.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DBC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670670449.0000000000DEC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670683312.0000000000DF4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                            Similarity
                                            • API ID: _wcslen
                                            • String ID: 3, 3, 16, 1
                                            • API String ID: 176396367-3042988571
                                            • Opcode ID: 5c420e97eb7ac795de349a0d91fcb11ec542b6cfa66b78fbc2e02e07fd39f581
                                            • Instruction ID: 12eb0970ef84fad1e0fbb9971e16b1d1c1a33430a6ef38a193a00035358487fb
                                            • Opcode Fuzzy Hash: 5c420e97eb7ac795de349a0d91fcb11ec542b6cfa66b78fbc2e02e07fd39f581
                                            • Instruction Fuzzy Hash: 92E02202214220219271227AECC1A7F578DCFCF7A0718182FF981C226AEED4CDD2A3B0
                                            Function 00D80B15 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 28windowCOMMON
                                            Download Yara Rule
                                            APIs
                                            • MessageBoxW.USER32(00000000,Error allocating memory.,AutoIt,00000010), ref: 00D80B23
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1670591504.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                            • Associated: 00000000.00000002.1670566303.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DBC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670670449.0000000000DEC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670683312.0000000000DF4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                            Similarity
                                            • API ID: Message
                                            • String ID: AutoIt$Error allocating memory.
                                            • API String ID: 2030045667-4017498283
                                            • Opcode ID: 3aa555cd59282bad59a871afe432b64749454eb81972f3f27dc1c12ffd2c17c3
                                            • Instruction ID: f01cce61ae8a81876b330eafe4a6c5d09024cef8637e2ebca214da9d1b17f140
                                            • Opcode Fuzzy Hash: 3aa555cd59282bad59a871afe432b64749454eb81972f3f27dc1c12ffd2c17c3
                                            • Instruction Fuzzy Hash: 61E04832254358ABD21437957C07FC97A84DF15B55F10042AFB58955C38AE1649446B9
                                            Function 00D40D42 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 22COMMON
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 00D3F7C9: InitializeCriticalSectionAndSpinCount.KERNEL32(?,00000000,?,00D40D71,?,?,?,00D2100A), ref: 00D3F7CE
                                            • IsDebuggerPresent.KERNEL32(?,?,?,00D2100A), ref: 00D40D75
                                            • OutputDebugStringW.KERNEL32(ERROR : Unable to initialize critical section in CAtlBaseModule,?,?,?,00D2100A), ref: 00D40D84
                                            Strings
                                            • ERROR : Unable to initialize critical section in CAtlBaseModule, xrefs: 00D40D7F
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1670591504.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                            • Associated: 00000000.00000002.1670566303.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DBC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670670449.0000000000DEC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670683312.0000000000DF4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                            Similarity
                                            • API ID: CountCriticalDebugDebuggerInitializeOutputPresentSectionSpinString
                                            • String ID: ERROR : Unable to initialize critical section in CAtlBaseModule
                                            • API String ID: 55579361-631824599
                                            • Opcode ID: bda50426a2fffcc9921ddda34c00e85c2b5edc48a20296d4d8bcda29bc0197e0
                                            • Instruction ID: 5c1343ac0b2cf4fe2a6d95e851029995f6465e5de574719b85139cf2bc82480e
                                            • Opcode Fuzzy Hash: bda50426a2fffcc9921ddda34c00e85c2b5edc48a20296d4d8bcda29bc0197e0
                                            • Instruction Fuzzy Hash: 9FE06D74600311CBD3209FB8E8047527FE0BF04744F048A2DE582C6B51DBB5E4488BB1
                                            Function 00D93017 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 18COMMON
                                            Download Yara Rule
                                            APIs
                                            • GetTempPathW.KERNEL32(00000104,?,00000001), ref: 00D9302F
                                            • GetTempFileNameW.KERNEL32(?,aut,00000000,?), ref: 00D93044
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1670591504.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                            • Associated: 00000000.00000002.1670566303.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DBC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670670449.0000000000DEC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670683312.0000000000DF4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                            Similarity
                                            • API ID: Temp$FileNamePath
                                            • String ID: aut
                                            • API String ID: 3285503233-3010740371
                                            • Opcode ID: 0e5758dddaa44d0909b607213a5ad5b07a322f85dd49ca6aa36e29e263619433
                                            • Instruction ID: d5008bca2464a6bcabc8ba45264e3aa5b3b8b028717feb75bc2352b752af287c
                                            • Opcode Fuzzy Hash: 0e5758dddaa44d0909b607213a5ad5b07a322f85dd49ca6aa36e29e263619433
                                            • Instruction Fuzzy Hash: 74D05B71500314E7DA20A7959C0DFC73A6CD705750F0002617755D2191DAB0D544CBF4
                                            Function 00D7D21C Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 17timeCOMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1670591504.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                            • Associated: 00000000.00000002.1670566303.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DBC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670670449.0000000000DEC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670683312.0000000000DF4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                            Similarity
                                            • API ID: LocalTime
                                            • String ID: %.3d$X64
                                            • API String ID: 481472006-1077770165
                                            • Opcode ID: 2c7df5ac292aca133eb3c1e870f547989072c7d7ac2a9f7eb33f6da99b0dc300
                                            • Instruction ID: f6eb22da43d64004bb072a3e02720ecee5b1383a54566eaa2e85ad4948a8d897
                                            • Opcode Fuzzy Hash: 2c7df5ac292aca133eb3c1e870f547989072c7d7ac2a9f7eb33f6da99b0dc300
                                            • Instruction Fuzzy Hash: 01D012A1C08108FACB90A7D0DC458B9B37DFF08341F50C452F99EE1041F634C5096B75
                                            Function 00DB2356 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 15windowCOMMON
                                            Download Yara Rule
                                            APIs
                                            • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 00DB236C
                                            • PostMessageW.USER32(00000000), ref: 00DB2373
                                              • Part of subcall function 00D8E97B: Sleep.KERNEL32 ref: 00D8E9F3
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1670591504.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                            • Associated: 00000000.00000002.1670566303.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DBC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670670449.0000000000DEC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670683312.0000000000DF4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                            Similarity
                                            • API ID: FindMessagePostSleepWindow
                                            • String ID: Shell_TrayWnd
                                            • API String ID: 529655941-2988720461
                                            • Opcode ID: 28c545b7d5b9982ab05777e1b1295d2f77cb0e3a46745495af19d7c99d955684
                                            • Instruction ID: 4d6211afd69c54542945c92f0c2257d7148d009fef2f9bcfc2d4689b60e0f97e
                                            • Opcode Fuzzy Hash: 28c545b7d5b9982ab05777e1b1295d2f77cb0e3a46745495af19d7c99d955684
                                            • Instruction Fuzzy Hash: 4BD0A9323D0310FAE264B7309C0FFC66604AB04B00F000A02B281EA2E0C8E0A8008A34
                                            Function 00DB2322 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 15windowCOMMON
                                            Download Yara Rule
                                            APIs
                                            • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 00DB232C
                                            • PostMessageW.USER32(00000000,00000111,00000197,00000000), ref: 00DB233F
                                              • Part of subcall function 00D8E97B: Sleep.KERNEL32 ref: 00D8E9F3
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1670591504.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                            • Associated: 00000000.00000002.1670566303.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DBC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670670449.0000000000DEC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670683312.0000000000DF4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                            Similarity
                                            • API ID: FindMessagePostSleepWindow
                                            • String ID: Shell_TrayWnd
                                            • API String ID: 529655941-2988720461
                                            • Opcode ID: 534b3cd6e350ad36c990f5b00a400767f05f6963a5f521e02aaf392bfbf21357
                                            • Instruction ID: 25b1efa02886612ff3ec7edaa6d67bb1fba68cd14c6f8027b9db1668df7719c5
                                            • Opcode Fuzzy Hash: 534b3cd6e350ad36c990f5b00a400767f05f6963a5f521e02aaf392bfbf21357
                                            • Instruction Fuzzy Hash: 8FD0A9323A0310FAE264B7309C0FFD66A04AB00B00F000A02B285EA2E0C8E0A8008A30
                                            Function 00D5BDFD Relevance: 5.1, APIs: 4, Instructions: 139COMMONLIBRARYCODE
                                            Download Yara Rule
                                            APIs
                                            • MultiByteToWideChar.KERNEL32(?,00000009,?,00000000,00000000,?,?,?,00000000,?,?,?,?,?,00000000,?), ref: 00D5BE93
                                            • GetLastError.KERNEL32 ref: 00D5BEA1
                                            • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 00D5BEFC
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1670591504.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                            • Associated: 00000000.00000002.1670566303.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DBC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670634464.0000000000DE2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670670449.0000000000DEC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1670683312.0000000000DF4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_d20000_file.jbxd
                                            Similarity
                                            • API ID: ByteCharMultiWide$ErrorLast
                                            • String ID:
                                            • API String ID: 1717984340-0
                                            • Opcode ID: 3dfbef70f8e0c2949da7aa184edd3bcb221335dd176acb804e74c78e65c0c838
                                            • Instruction ID: 780cedd999f5563d8e03fbf69bf68057c3ec8ca634d535d59b0a1edfed3d503e
                                            • Opcode Fuzzy Hash: 3dfbef70f8e0c2949da7aa184edd3bcb221335dd176acb804e74c78e65c0c838
                                            • Instruction Fuzzy Hash: B041D434604206EFCF218F65CC45ABABBA5EF41372F18416AFD59A72A1DB318D09CB70

                                            Execution Graph

                                            Execution Coverage:0.3%
                                            Dynamic/Decrypted Code Coverage:0%
                                            Signature Coverage:100%
                                            Total number of Nodes:6
                                            Total number of Limit Nodes:0
                                            execution_graph 5001 130c8a32377 5002 130c8a32387 NtQuerySystemInformation 5001->5002 5003 130c8a32324 5002->5003 5004 130c8ec82f2 5005 130c8ec8349 NtQuerySystemInformation 5004->5005 5006 130c8ec66c4 5004->5006 5005->5006

                                            Callgraph

                                            Executed Functions

                                            Function 00000130C8EC82F2 Relevance: 26.1, APIs: 1, Strings: 10, Instructions: 6826nativeCOMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000011.00000002.2917721199.00000130C8EC6000.00000020.00000001.00020000.00000000.sdmp, Offset: 00000130C8EC6000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_17_2_130c8ec6000_firefox.jbxd
                                            Similarity
                                            • API ID: InformationQuerySystem
                                            • String ID: #$#$#$4$>$>$>$A$z$z
                                            • API String ID: 3562636166-3072146587
                                            • Opcode ID: a7beeb6ed6d4bd1c13836e24e4a4bf8602c8d7752103ee20adf8d6ea9f6b849f
                                            • Instruction ID: 51259de1c0f9944da95dac7f2184f1ebc3dcd8d3ccfce8f2ad5ca5c27408a412
                                            • Opcode Fuzzy Hash: a7beeb6ed6d4bd1c13836e24e4a4bf8602c8d7752103ee20adf8d6ea9f6b849f
                                            • Instruction Fuzzy Hash: 87A3E431A18A588BDB2EDF18DC957E977E5FB98310F00526ED84BC7251DF34EB028A85