Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
file.exe

Overview

General Information

Sample name:file.exe
Analysis ID:1502483
MD5:a80f8369905a553004098607dec0751a
SHA1:8b8e2d5a28541c1cf7bc28437470fcbb4ca3b61f
SHA256:38211db68d53f159f161beb3ae76d14437309e23d15766c14e65125b09534042
Tags:exe
Infos:

Detection

Score:68
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
AI detected suspicious sample
Binary is likely a compiled AutoIt script file
Found API chain indicative of sandbox detection
Machine Learning detection for sample
Maps a DLL or memory area into another process
Contains functionality for execution timing, often used to detect debuggers
Contains functionality for read data from the clipboard
Contains functionality to block mouse and keyboard input (often used to hinder debugging)
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Contains functionality to communicate with device drivers
Contains functionality to dynamically determine API calls
Contains functionality to execute programs as a different user
Contains functionality to launch a process as a different user
Contains functionality to launch a program with higher privileges
Contains functionality to modify clipboard data
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query CPU information (cpuid)
Contains functionality to read the PEB
Contains functionality to read the clipboard data
Contains functionality to retrieve information about pressed keystrokes
Contains functionality to shutdown / reboot the system
Contains functionality to simulate keystroke presses
Contains functionality to simulate mouse events
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Drops PE files
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
OS version to string mapping found (often used in BOTs)
PE file contains sections with non-standard names
Potential key logger detected (key state polling based)
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • file.exe (PID: 7012 cmdline: "C:\Users\user\Desktop\file.exe" MD5: A80F8369905A553004098607DEC0751A)
    • msedge.exe (PID: 7160 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd MD5: 69222B8101B0601CC6663F8381E7E00F)
      • msedge.exe (PID: 2672 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2100 --field-trial-handle=1944,i,1885108096133923708,5615008366606404031,262144 /prefetch:3 MD5: 69222B8101B0601CC6663F8381E7E00F)
    • firefox.exe (PID: 6312 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
  • firefox.exe (PID: 1076 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd --attempting-deelevation MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
    • firefox.exe (PID: 480 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
      • firefox.exe (PID: 8560 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2284 -parentBuildID 20230927232528 -prefsHandle 2220 -prefMapHandle 2228 -prefsLen 25359 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {983f46ee-0e12-4a53-bee0-8668e7f3c346} 480 "\\.\pipe\gecko-crash-server-pipe.480" 214b0670910 socket MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
      • firefox.exe (PID: 8900 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4048 -parentBuildID 20230927232528 -prefsHandle 3944 -prefMapHandle 3940 -prefsLen 26374 -prefMapSize 237879 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b05df780-e3db-4483-9c2e-582d825b99d8} 480 "\\.\pipe\gecko-crash-server-pipe.480" 214c06bf610 rdd MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
  • msedge.exe (PID: 6460 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd MD5: 69222B8101B0601CC6663F8381E7E00F)
    • msedge.exe (PID: 7524 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2176 --field-trial-handle=1948,i,16766255207364502604,7562736169763922936,262144 /prefetch:3 MD5: 69222B8101B0601CC6663F8381E7E00F)
    • msedge.exe (PID: 8396 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=6552 --field-trial-handle=1948,i,16766255207364502604,7562736169763922936,262144 /prefetch:8 MD5: 69222B8101B0601CC6663F8381E7E00F)
    • msedge.exe (PID: 8452 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=6800 --field-trial-handle=1948,i,16766255207364502604,7562736169763922936,262144 /prefetch:8 MD5: 69222B8101B0601CC6663F8381E7E00F)
    • identity_helper.exe (PID: 8916 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=6312 --field-trial-handle=1948,i,16766255207364502604,7562736169763922936,262144 /prefetch:8 MD5: 76C58E5BABFE4ACF0308AA646FC0F416)
    • identity_helper.exe (PID: 8936 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=6312 --field-trial-handle=1948,i,16766255207364502604,7562736169763922936,262144 /prefetch:8 MD5: 76C58E5BABFE4ACF0308AA646FC0F416)
    • msedge.exe (PID: 7720 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-GB --service-sandbox-type=search_indexer --message-loop-type-ui --mojo-platform-channel-handle=6928 --field-trial-handle=1948,i,16766255207364502604,7562736169763922936,262144 /prefetch:8 MD5: 69222B8101B0601CC6663F8381E7E00F)
  • msedge.exe (PID: 3668 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5 MD5: 69222B8101B0601CC6663F8381E7E00F)
    • msedge.exe (PID: 9184 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2332 --field-trial-handle=2076,i,7221193845708721563,11522825552492207431,262144 /prefetch:3 MD5: 69222B8101B0601CC6663F8381E7E00F)
  • msedge.exe (PID: 5480 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5 MD5: 69222B8101B0601CC6663F8381E7E00F)
    • msedge.exe (PID: 1608 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2288 --field-trial-handle=1944,i,12137075612384507687,15765736089809574248,262144 /prefetch:3 MD5: 69222B8101B0601CC6663F8381E7E00F)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Multi AV Scanner detection for submitted file
Source: file.exeVirustotal: Detection: 25%Perma Link
AI detected suspicious sample
Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
Machine Learning detection for sample
Source: file.exeJoe Sandbox ML: detected
Source: file.exeStatic PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:60381 version: TLS 1.2
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:60385 version: TLS 1.2
Source: unknownHTTPS traffic detected: 52.165.165.26:443 -> 192.168.2.4:60401 version: TLS 1.2
Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.4:60412 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.4:60414 version: TLS 1.2
Source: unknownHTTPS traffic detected: 52.222.236.80:443 -> 192.168.2.4:60415 version: TLS 1.2
Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.4:60417 version: TLS 1.2
Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.4:60418 version: TLS 1.2
Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.4:60419 version: TLS 1.2
Source: unknownHTTPS traffic detected: 52.165.165.26:443 -> 192.168.2.4:60422 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:60426 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:60425 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:60427 version: TLS 1.2
Source: Binary string: z:\task_1551543573\build\openh264\gmpopenh264.pdbV source: firefox.exe, 00000005.00000003.2060151315.00000214C1300000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2047360131.00000214C0F48000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.5.dr
Source: Binary string: z:\task_1551543573\build\openh264\gmpopenh264.pdb source: firefox.exe, 00000005.00000003.2060151315.00000214C1300000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2047360131.00000214C0F48000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.5.dr
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0101DBBE lstrlenW,GetFileAttributesW,FindFirstFileW,FindClose,0_2_0101DBBE
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0102698F FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToSystemTime,FileTimeToSystemTime,0_2_0102698F
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010268EE FindFirstFileW,FindClose,0_2_010268EE
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0101D076 FindFirstFileW,DeleteFileW,DeleteFileW,MoveFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,0_2_0101D076
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0101D3A9 FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,0_2_0101D3A9
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0102979D SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_0102979D
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_01029642 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_01029642
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_01029B2B FindFirstFileW,Sleep,FindNextFileW,FindClose,0_2_01029B2B
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_01025C97 FindFirstFileW,FindNextFileW,FindClose,0_2_01025C97
Source: Joe Sandbox ViewIP Address: 13.107.246.40 13.107.246.40
Source: Joe Sandbox ViewIP Address: 13.107.246.40 13.107.246.40
Source: Joe Sandbox ViewIP Address: 152.195.19.97 152.195.19.97
Source: Joe Sandbox ViewIP Address: 23.44.133.38 23.44.133.38
Source: Joe Sandbox ViewJA3 fingerprint: 28a2c9bd18a11de089ef85a160da29e4
Source: Joe Sandbox ViewJA3 fingerprint: fb0aa01abe9d8e4037eb3473ca6e2dca
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknownTCP traffic detected without corresponding DNS query: 20.96.153.111
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 20.96.153.111
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 20.96.153.111
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 20.96.153.111
Source: unknownTCP traffic detected without corresponding DNS query: 20.96.153.111
Source: unknownTCP traffic detected without corresponding DNS query: 20.96.153.111
Source: unknownTCP traffic detected without corresponding DNS query: 20.96.153.111
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 20.96.153.111
Source: unknownTCP traffic detected without corresponding DNS query: 20.96.153.111
Source: unknownTCP traffic detected without corresponding DNS query: 20.96.153.111
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0102CF1A InternetQueryDataAvailable,InternetReadFile,GetLastError,SetEvent,SetEvent,0_2_0102CF1A
Source: global trafficHTTP traffic detected: GET /crx/blobs/AY4GWKBMNax_FQrZEVzNkO_0mu3UShnzR6AihR_EPjVIUOT_pwZzkWCpOk8YKIu0qnIq_YObWXuPyiJ7NA0nDjMHUEYIIEknsNvJHXuPd0MqxESzoxi9xiMyJKNwZiVV1yEAxlKa5UVe61sINARQ7fO9dE0bkfP_W4GG/GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_80_1_0.crx HTTP/1.1Host: clients2.googleusercontent.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global trafficHTTP traffic detected: GET /v4/api/selection?placement=88000360&nct=1&fmt=json&ADEFAB=1&OPSYS=WIN10&locale=en-GB&country=CH&edgeid=8684241135348538038&ACHANNEL=4&ABUILD=117.0.5938.132&poptin=0&devosver=10.0.19045.2006&clr=esdk&UITHEME=light&EPCON=0&AMAJOR=117&AMINOR=0&ABLD=5938&APATCH=132 HTTP/1.1Host: arc.msn.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global trafficHTTP traffic detected: GET /assets/domains_config_gz/2.8.76/asset?assetgroup=EntityExtractionDomainsConfig HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveEdge-Asset-Group: EntityExtractionDomainsConfigSec-Mesh-Client-Edge-Version: 117.0.2045.47Sec-Mesh-Client-Edge-Channel: stableSec-Mesh-Client-OS: WindowsSec-Mesh-Client-OS-Version: 10.0.19045Sec-Mesh-Client-Arch: x86_64Sec-Mesh-Client-WebView: 0Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global trafficHTTP traffic detected: GET /assets/arbitration_priority_list/4.0.5/asset?assetgroup=ArbitrationService HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveEdge-Asset-Group: ArbitrationServiceSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global trafficHTTP traffic detected: GET /assets/edge_hub_apps_manifest_gz/4.7.107/asset?assetgroup=Shoreline HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveEdge-Asset-Group: ShorelineSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global trafficHTTP traffic detected: GET /assets/edge_hub_apps_search_maximal_light.png/1.3.6/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global trafficHTTP traffic detected: GET /assets/edge_hub_apps_shopping_maximal_light.png/1.4.0/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global trafficHTTP traffic detected: GET /assets/edge_hub_apps_toolbox_maximal_light.png/1.5.13/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global trafficHTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: */*Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global trafficHTTP traffic detected: GET /assets/edge_hub_apps_games_maximal_light.png/1.7.1/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global trafficHTTP traffic detected: GET /assets/edge_hub_apps_M365_light.png/1.7.32/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global trafficHTTP traffic detected: GET /assets/edge_hub_apps_outlook_light.png/1.9.10/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global trafficHTTP traffic detected: GET /assets/edge_hub_apps_edrop_maximal_light.png/1.1.12/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global trafficHTTP traffic detected: GET /favicon.ico HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.2045.47"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Microsoft Edge";v="117.0.2045.47", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-wow64: ?0sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://accounts.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global trafficHTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=fNaPcGodWzp8yb8&MD=UuuLbb9v HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global trafficHTTP traffic detected: GET /filestreamingservice/files/bdc392b9-6b81-4aaa-b3ee-2fffd9562edb?P1=1725823141&P2=404&P3=2&P4=FhdhZlXvFI6KtXAbNJlCnICAPPec6b1JTpnvn5TGI1P2wY0P96yCHvT1lzisj%2fbU1eqMKzk8g4C56M%2bhhvf0yQ%3d%3d HTTP/1.1Host: msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.comConnection: keep-aliveMS-CV: mGzAHmUqw4AeILS/Vm5P/RSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global trafficHTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=fNaPcGodWzp8yb8&MD=UuuLbb9v HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: firefox.exe, 00000005.00000003.2046265945.00000214BD454000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1826092358.00000214BD45D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1865652057.00000214BD45D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: "url": "https://www.facebook.com/", equals www.facebook.com (Facebook)
Source: firefox.exe, 00000005.00000003.2046265945.00000214BD454000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1826092358.00000214BD45D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1865652057.00000214BD45D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: "url": "https://www.youtube.com/", equals www.youtube.com (Youtube)
Source: aa0b92e2-8cc9-4959-843e-dfb73ecea653.tmp.7.drString found in binary or memory: "url": "https://www.youtube.com" equals www.youtube.com (Youtube)
Source: global trafficDNS traffic detected: DNS query: bzib.nelreports.net
Source: global trafficDNS traffic detected: DNS query: clients2.googleusercontent.com
Source: global trafficDNS traffic detected: DNS query: chrome.cloudflare-dns.com
Source: global trafficDNS traffic detected: DNS query: prod.classify-client.prod.webservices.mozgcp.net
Source: global trafficDNS traffic detected: DNS query: detectportal.firefox.com
Source: global trafficDNS traffic detected: DNS query: prod.detectportal.prod.cloudops.mozgcp.net
Source: global trafficDNS traffic detected: DNS query: example.org
Source: global trafficDNS traffic detected: DNS query: ipv4only.arpa
Source: global trafficDNS traffic detected: DNS query: firefox.settings.services.mozilla.com
Source: global trafficDNS traffic detected: DNS query: prod.balrog.prod.cloudops.mozgcp.net
Source: global trafficDNS traffic detected: DNS query: prod.remote-settings.prod.webservices.mozgcp.net
Source: global trafficDNS traffic detected: DNS query: services.addons.mozilla.org
Source: global trafficDNS traffic detected: DNS query: telemetry-incoming.r53-2.services.mozilla.com
Source: unknownHTTP traffic detected: POST /dns-query HTTP/1.1Host: chrome.cloudflare-dns.comConnection: keep-aliveContent-Length: 128Accept: application/dns-messageAccept-Language: *User-Agent: ChromeAccept-Encoding: identityContent-Type: application/dns-message
Source: global trafficHTTP traffic detected: HTTP/1.1 503 Service UnavailableContent-Length: 326Content-Type: text/html; charset=us-asciiDate: Sun, 01 Sep 2024 19:20:01 GMTConnection: closePMUSER_FORMAT_QS: X-CDN-TraceId: 0.26862c17.1725218401.1fe97490Access-Control-Allow-Credentials: falseAccess-Control-Allow-Methods: *Access-Control-Allow-Methods: GET, OPTIONS, POSTAccess-Control-Allow-Origin: *
Source: firefox.exe, 00000005.00000003.1824766176.00000214C0079000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2055991322.00000214C0079000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000C.00000002.2895566607.000001EDDFB50000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2897478259.00000250B9500000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: http://127.0.0.1:
Source: firefox.exe, 00000005.00000003.2060151315.00000214C1300000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.5.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: firefox.exe, 00000005.00000003.2060151315.00000214C1300000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.5.drString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0
Source: firefox.exe, 00000005.00000003.2055991322.00000214C0045000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2052538394.00000214BC7D6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2046456426.00000214BC7D7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ciscobinary.openh264.org
Source: firefox.exe, 00000005.00000003.2055991322.00000214C0079000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ciscobinary.openh264.org/
Source: firefox.exe, 00000005.00000003.2334316871.00000214C0EA2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2051412562.00000214C0E9E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ciscobinary.openh264.org/openh264-android-aarch64-42954cf0fe8a2bdc97fdc180462a3eaefceb035f.zi
Source: firefox.exe, 00000005.00000003.2334316871.00000214C0EA2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2051412562.00000214C0E9E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ciscobinary.openh264.org/openh264-android-arm-42954cf0fe8a2bdc97fdc180462a3eaefceb035f.zip
Source: firefox.exe, 00000005.00000003.2334316871.00000214C0EA2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2051412562.00000214C0E9E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ciscobinary.openh264.org/openh264-android-x86-42954cf0fe8a2bdc97fdc180462a3eaefceb035f.zip
Source: firefox.exe, 00000005.00000003.2334316871.00000214C0EA2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2051412562.00000214C0E9E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ciscobinary.openh264.org/openh264-android-x86_64-42954cf0fe8a2bdc97fdc180462a3eaefceb035f.zip
Source: firefox.exe, 00000005.00000003.2334316871.00000214C0EA2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2051412562.00000214C0E9E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ciscobinary.openh264.org/openh264-linux32-2e1774ab6dc6c43debb0b5b628bdf122a391d521.zip
Source: firefox.exe, 00000005.00000003.2334316871.00000214C0EA2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2051412562.00000214C0E9E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ciscobinary.openh264.org/openh264-linux64-2e1774ab6dc6c43debb0b5b628bdf122a391d521.zip
Source: firefox.exe, 00000005.00000003.2334316871.00000214C0EA2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2051412562.00000214C0E9E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ciscobinary.openh264.org/openh264-macosx64-2e1774ab6dc6c43debb0b5b628bdf122a391d521-2.zip
Source: firefox.exe, 00000005.00000003.2334316871.00000214C0EA2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2051412562.00000214C0E9E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ciscobinary.openh264.org/openh264-macosx64-aarch64-2e1774ab6dc6c43debb0b5b628bdf122a391d521-2
Source: firefox.exe, 00000005.00000003.2334316871.00000214C0EA2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2051412562.00000214C0E9E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ciscobinary.openh264.org/openh264-win32-2e1774ab6dc6c43debb0b5b628bdf122a391d521.zip
Source: firefox.exe, 00000005.00000003.2056219909.00000214BFB58000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ciscobinary.openh264.org/openh264-win64-2e1774ab6dc6c43debb0b5b628bdf122a391d521.zip
Source: firefox.exe, 00000005.00000003.2334316871.00000214C0EA2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2051412562.00000214C0E9E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ciscobinary.openh264.org/openh264-win64-aarch64-2e1774ab6dc6c43debb0b5b628bdf122a391d521.zip
Source: firefox.exe, 00000005.00000003.1866816266.00000214BBE54000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2120363467.00000214BBE43000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://compose.mail.yahoo.co.jp/ym/Compose?To=%ss
Source: firefox.exe, 00000005.00000003.2055866169.00000214C00C1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2060151315.00000214C1300000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.5.drString found in binary or memory: http://crl.thawte.com/ThawteTimestampingCA.crl0
Source: firefox.exe, 00000005.00000003.2060151315.00000214C1300000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.5.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O
Source: firefox.exe, 00000005.00000003.2060151315.00000214C1300000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.5.drString found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05
Source: firefox.exe, 00000005.00000003.2060151315.00000214C1300000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.5.drString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: firefox.exe, 00000005.00000003.2060151315.00000214C1300000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.5.drString found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0L
Source: firefox.exe, 00000005.00000003.2055991322.00000214C0079000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2119726413.00000214BC73C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2046456426.00000214BC7D7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://detectportal.firefox.com
Source: firefox.exe, 00000005.00000003.1864940710.00000214BE137000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://detectportal.firefox.com/
Source: firefox.exe, 00000005.00000003.2046456426.00000214BC7D7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000C.00000002.2895566607.000001EDDFB50000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2897478259.00000250B9500000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: http://detectportal.firefox.com/canonical.html
Source: firefox.exe, 00000005.00000003.2055991322.00000214C0079000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000C.00000002.2895566607.000001EDDFB50000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2897478259.00000250B9500000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: http://detectportal.firefox.com/success.txt?ipv4
Source: firefox.exe, 00000005.00000003.2055991322.00000214C0079000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000C.00000002.2895566607.000001EDDFB50000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2897478259.00000250B9500000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: http://detectportal.firefox.com/success.txt?ipv6
Source: firefox.exe, 00000005.00000003.1758106431.00000214C11BC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1771830417.00000214C11BE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://detectportal.firefox.comP
Source: firefox.exe, 00000005.00000003.2351049805.00000214B73C1000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2345672606.00000214B73D0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://en.w
Source: firefox.exe, 00000005.00000003.1866449602.00000214BBE8C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2377409157.00000214BBE8A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2119968764.00000214BBE8A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://exslt.org/common
Source: firefox.exe, 00000005.00000003.2120299762.00000214BBE81000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1866649038.00000214BBE81000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://exslt.org/dates-and-times
Source: firefox.exe, 00000005.00000003.1866449602.00000214BBE8C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2377409157.00000214BBE8A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2119968764.00000214BBE8A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://exslt.org/math
Source: firefox.exe, 00000005.00000003.2120299762.00000214BBE81000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1866649038.00000214BBE81000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://exslt.org/regular-expressions
Source: firefox.exe, 00000005.00000003.1866449602.00000214BBE8C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2377409157.00000214BBE8A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2119968764.00000214BBE8A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://exslt.org/sets
Source: firefox.exe, 00000005.00000003.1813862027.00000214C1081000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1728149471.00000214C1081000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2119520319.00000214BFB58000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1803564052.00000214C1081000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2054773546.00000214C2768000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1804855589.00000214BFA62000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1751621952.00000214C2C64000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2046183332.00000214BFB58000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1751621952.00000214C2CF2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1803250534.00000214BFCF8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1816594089.00000214BFA72000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1815211056.00000214C10F4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1845869820.000002170003F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1728149471.00000214C10F4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2120513807.00000214BFCF1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2044735281.00000214C2CF2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1770465809.00000214C2E50000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2395337629.00000214BFCCD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1813862027.00000214C1071000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1824097064.00000214C0FD5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1864092097.00000214C0FDF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/MPL/2.0/.
Source: firefox.exe, 00000005.00000003.2060151315.00000214C1300000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.5.drString found in binary or memory: http://ocsp.digicert.com0C
Source: firefox.exe, 00000005.00000003.2060151315.00000214C1300000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.5.drString found in binary or memory: http://ocsp.digicert.com0N
Source: firefox.exe, 00000005.00000003.2055866169.00000214C00C1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2060151315.00000214C1300000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.5.drString found in binary or memory: http://ocsp.thawte.com0
Source: firefox.exe, 00000005.00000003.1866816266.00000214BBE54000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2120363467.00000214BBE43000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://poczta.interia.pl/mh/?mailto=%sw
Source: firefox.exe, 00000005.00000003.2060151315.00000214C1300000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.5.drString found in binary or memory: http://ts-aia.ws.symantec.com/tss-ca-g2.cer0
Source: firefox.exe, 00000005.00000003.2060151315.00000214C1300000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.5.drString found in binary or memory: http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
Source: firefox.exe, 00000005.00000003.2060151315.00000214C1300000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.5.drString found in binary or memory: http://ts-ocsp.ws.symantec.com07
Source: firefox.exe, 00000005.00000003.1866816266.00000214BBE54000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2120363467.00000214BBE43000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://win.mail.ru/cgi-bin/sentmsg?mailto=%sy
Source: firefox.exe, 00000005.00000003.2358935643.00000214B73E6000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2358980558.00000214B73EB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ww.micro%
Source: firefox.exe, 00000005.00000003.2358300373.00000214B73E2000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2358343806.00000214B73E4000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2358526882.00000214B73E6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ww.microH
Source: firefox.exe, 00000005.00000003.2333489454.00000214B73C5000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2333395622.00000214B73C5000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2335851299.00000214B73C5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com
Source: firefox.exe, 00000005.00000003.2357855824.00000214B73E2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/de
Source: firefox.exe, 00000005.00000003.2333395622.00000214B73C5000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2357169298.00000214B73E2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers
Source: firefox.exe, 00000005.00000003.2335812813.00000214B73E5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/
Source: firefox.exe, 00000005.00000003.2335812813.00000214B73E5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/:
Source: firefox.exe, 00000005.00000003.2348527148.00000214B73EC000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2348334487.00000214B73E2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/frere-user.html
Source: firefox.exe, 00000005.00000003.2348527148.00000214B73EC000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2348334487.00000214B73E2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/frere-user.html:
Source: firefox.exe, 00000005.00000003.2348334487.00000214B73E2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers=
Source: firefox.exe, 00000005.00000003.2336005007.00000214B73E6000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2336087915.00000214B73E6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designersadnl
Source: firefox.exe, 00000005.00000003.2338169719.00000214B73C2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designershttp
Source: firefox.exe, 00000005.00000003.2336374727.00000214B73E6000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2335949436.00000214B73E6000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2336005007.00000214B73E6000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2336329449.00000214B73E6000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2336250246.00000214B73E6000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2336173630.00000214B73E6000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2336087915.00000214B73E6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designersr
Source: firefox.exe, 00000005.00000003.2357647411.00000214B73E2000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2357169298.00000214B73E2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designersv-se
Source: firefox.exe, 00000005.00000003.2335851299.00000214B73C5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.comTF
Source: firefox.exe, 00000005.00000003.2336123908.00000214B73C5000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2336042809.00000214B73C1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.comas.TTF
Source: firefox.exe, 00000005.00000003.2351767777.00000214B73C4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn
Source: firefox.exe, 00000005.00000003.2352278178.00000214B73C2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn/
Source: firefox.exe, 00000005.00000003.2351767777.00000214B73C4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn;
Source: firefox.exe, 00000005.00000003.2351767777.00000214B73C4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cna
Source: firefox.exe, 00000005.00000003.2350470940.00000214B73C1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.galapagosdesign.com/
Source: firefox.exe, 00000005.00000003.1866816266.00000214BBE54000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2120363467.00000214BBE43000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.inbox.lv/rfc2368/?value=%su
Source: firefox.exe, 00000005.00000003.2417110710.00000214B73C0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/
Source: firefox.exe, 00000005.00000003.2423252025.00000214B73C4000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2418328226.00000214B73C5000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2418071186.00000214B73C4000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2421183769.00000214B73C4000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2421763989.00000214B73C4000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2419986632.00000214B73C4000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2417110710.00000214B73C0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/8
Source: firefox.exe, 00000005.00000003.2410203849.00000214B73C4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/F
Source: firefox.exe, 00000005.00000003.2418328226.00000214B73C5000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2421183769.00000214B73C4000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2421763989.00000214B73C4000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2419986632.00000214B73C4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/H
Source: firefox.exe, 00000005.00000003.2410840646.00000214B73C4000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2410203849.00000214B73C4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/S.TTF
Source: firefox.exe, 00000005.00000003.2418071186.00000214B73C4000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2414790589.00000214B73C5000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2417110710.00000214B73C0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/X
Source: firefox.exe, 00000005.00000003.2418328226.00000214B73C5000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2418071186.00000214B73C4000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2421183769.00000214B73C4000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2421763989.00000214B73C4000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2414790589.00000214B73C5000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2419986632.00000214B73C4000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2417110710.00000214B73C0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/jp
Source: firefox.exe, 00000005.00000003.2418328226.00000214B73C5000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2418071186.00000214B73C4000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2410840646.00000214B73C4000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2410203849.00000214B73C4000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2412996246.00000214B73C4000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2414498663.00000214B73C4000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2419986632.00000214B73C4000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2417110710.00000214B73C0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/jp/
Source: firefox.exe, 00000005.00000003.2410203849.00000214B73C4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/jp/Fa/
Source: firefox.exe, 00000005.00000003.2410203849.00000214B73C4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/ld
Source: firefox.exe, 00000005.00000003.2337696991.00000214B73E6000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2337779275.00000214B73E6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.monotype.0
Source: firefox.exe, 00000005.00000003.2055866169.00000214C00C1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2060151315.00000214C1300000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.5.drString found in binary or memory: http://www.mozilla.com0
Source: firefox.exe, 00000005.00000003.2056219909.00000214BFB58000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1824495255.00000214C059B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2377117578.00000214C059B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul
Source: firefox.exe, 00000005.00000003.2334921814.00000214B73C5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.sajatypeworks.com
Source: firefox.exe, 00000005.00000003.2334921814.00000214B73C5000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2335365012.00000214B73C5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.sajatypeworks.com;
Source: firefox.exe, 00000005.00000003.2334921814.00000214B73C5000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2335365012.00000214B73C5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.sajatypeworks.coml
Source: firefox.exe, 00000005.00000003.2350470940.00000214B73C1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.sandoll.co.krF
Source: firefox.exe, 00000005.00000003.2350470940.00000214B73C1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.sandoll.co.krcomm/
Source: firefox.exe, 00000005.00000003.2403194191.00000214C1B58000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.tiro.com
Source: mozilla-temp-41.5.drString found in binary or memory: http://www.videolan.org/x264.html
Source: firefox.exe, 0000000C.00000002.2895566607.000001EDDFB50000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2897478259.00000250B9500000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://%LOCALE%.malware-error.mozilla.com/?url=
Source: firefox.exe, 0000000C.00000002.2895566607.000001EDDFB50000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2897478259.00000250B9500000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://%LOCALE%.phish-error.mozilla.com/?url=
Source: firefox.exe, 0000000C.00000002.2895566607.000001EDDFB50000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2897478259.00000250B9500000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://%LOCALE%.phish-report.mozilla.com/?url=
Source: firefox.exe, 00000005.00000003.1719663246.00000214C0000000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1721888625.00000214C0281000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1720877532.00000214C0217000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1721555155.00000214C0257000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1721717567.00000214C026C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1721154613.00000214C022C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1721342892.00000214C0241000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ac.duckduckgo.com/ac/
Source: firefox.exe, 00000005.00000003.1819337393.00000214C386F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://account.bellmedia.c
Source: firefox.exe, 0000000C.00000002.2895566607.000001EDDFB50000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2897478259.00000250B9500000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://accounts.firefox.com/
Source: firefox.exe, 0000000C.00000002.2895566607.000001EDDFB50000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2897478259.00000250B9500000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://accounts.firefox.com/settings/clients
Source: firefox.exe, 00000005.00000003.1802409252.00000214C27E3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1771705367.00000214C27D5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1823030991.00000214C27E3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2049478882.00000214C27E3000.00000004.00000800.00020000.00000000.sdmp, Session_13369691938600280.7.drString found in binary or memory: https://accounts.google.com
Source: 000003.log3.7.dr, Session_13369691938600280.7.drString found in binary or memory: https://accounts.google.com/
Source: History.7.dr, Favicons.7.drString found in binary or memory: https://accounts.google.com/InteractiveLogin?continue=https://accounts.google.com/v3/signin/challeng
Source: Favicons.7.drString found in binary or memory: https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.co
Source: Session_13369691938600280.7.drString found in binary or memory: https://accounts.google.com/_/bscframe
Source: Favicons.7.drString found in binary or memory: https://accounts.google.com/favicon.ico
Source: file.exe, 00000000.00000002.1652288995.0000000000A8F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1652288995.0000000000A82000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1649525680.0000000000A8F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1649525680.0000000000A82000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.1652053964.000001AA6835D000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000002.00000002.1653376872.000001AA68362000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/v3/signin/challenge/pwd
Source: firefox.exe, 0000000C.00000002.2894412621.000001EDDF99A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2893780479.00000250B910A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/v3/signin/challenge/pwdMOZ_C
Source: file.exe, 00000000.00000002.1652288995.0000000000A8F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1649525680.0000000000A8F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/v3/signin/challenge/pwdff
Source: file.exe, 00000000.00000002.1652056022.0000000000A58000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/v3/signin/challenge/pwdp$
Source: file.exe, 00000000.00000002.1652288995.0000000000A8F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1649525680.0000000000A8F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/v3/signin/challenge/pwdx
Source: Favicons.7.drString found in binary or memory: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Faccounts.google.com%2Fv3%2Fs
Source: firefox.exe, 00000005.00000003.1864940710.00000214BE18E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1825095938.00000214BFB25000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org
Source: firefox.exe, 0000000C.00000002.2895566607.000001EDDFB50000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2897478259.00000250B9500000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/%APP%/blocked-addon/%addonID%/%addonVersion%/
Source: firefox.exe, 0000000C.00000002.2895566607.000001EDDFB50000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2897478259.00000250B9500000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/
Source: firefox.exe, 0000000C.00000002.2895566607.000001EDDFB50000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2897478259.00000250B9500000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/language-tools/
Source: firefox.exe, 0000000C.00000002.2895566607.000001EDDFB50000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2897478259.00000250B9500000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/search-engines/
Source: firefox.exe, 0000000C.00000002.2895566607.000001EDDFB50000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2897478259.00000250B9500000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/search?q=%TERMS%&platform=%OS%&appver=%VERSION%
Source: firefox.exe, 0000000C.00000002.2895566607.000001EDDFB50000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2897478259.00000250B9500000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/themes
Source: firefox.exe, 0000000C.00000002.2895566607.000001EDDFB50000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2897478259.00000250B9500000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://api.accounts.firefox.com/v1
Source: firefox.exe, 0000000C.00000002.2895566607.000001EDDFB50000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2897478259.00000250B9500000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://apps.apple.com/app/firefox-private-safe-browser/id989804926
Source: firefox.exe, 0000000C.00000002.2895566607.000001EDDFB50000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2897478259.00000250B9500000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://apps.apple.com/us/app/firefox-private-network-vpn/id1489407738
Source: firefox.exe, 00000005.00000003.2046456426.00000214BC7D7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org
Source: firefox.exe, 00000005.00000003.2046456426.00000214BC7D7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org/
Source: firefox.exe, 0000000C.00000002.2895566607.000001EDDFB50000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2897478259.00000250B9500000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org/update/3/GMP/%VERSION%/%BUILD_ID%/%BUILD_TARGET%/%LOCALE%/%CHANNEL%/%OS_VER
Source: firefox.exe, 00000005.00000003.2046265945.00000214BD468000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org/update/3/GMP/118.0.1/20230927232528/WINNT_x86_64-msvc-x64/en-US/release/Win
Source: firefox.exe, 0000000C.00000002.2895566607.000001EDDFB50000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2897478259.00000250B9500000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org/update/3/SystemAddons/%VERSION%/%BUILD_ID%/%BUILD_TARGET%/%LOCALE%/%CHANNEL
Source: firefox.exe, 00000005.00000003.2046265945.00000214BD468000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org/update/3/SystemAddons/118.0.1/20230927232528/WINNT_x86_64-msvc-x64/en-US/re
Source: firefox.exe, 00000005.00000003.2052538394.00000214BC7EA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2057796197.00000214BC7EA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org/update/6/Firefox/118.0.1/20230927232528/WINNT_x86_64-msvc-x64/en-US/release
Source: aa0b92e2-8cc9-4959-843e-dfb73ecea653.tmp.7.drString found in binary or memory: https://bard.google.com/
Source: firefox.exe, 0000000C.00000002.2895566607.000001EDDFB50000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2897478259.00000250B9500000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://blocked.cdn.mozilla.net/
Source: firefox.exe, 0000000C.00000002.2895566607.000001EDDFB50000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2897478259.00000250B9500000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://blocked.cdn.mozilla.net/%blockID%.html
Source: firefox.exe, 00000005.00000003.2377409157.00000214BBEB5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000C.00000002.2895807713.000001EDDFCCB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2895011783.00000250B94CF000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.5.drString found in binary or memory: https://bridge.lga1.admarketplace.net/ctp?version=16.0.0&key=1696332238301000001.2&ci=1696332238417.
Source: firefox.exe, 00000005.00000003.2377409157.00000214BBEB5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000C.00000002.2895807713.000001EDDFCCB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2895011783.00000250B94CF000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.5.drString found in binary or memory: https://bridge.lga1.ap01.net/ctp?version=16.0.0&key=1696332238301000001.1&ci=1696332238417.12791&cta
Source: Reporting and NEL.7.drString found in binary or memory: https://bzib.nelreports.net/api/report?cat=bingbusiness
Source: Web Data.7.drString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
Source: Web Data.7.drString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: 0aeb64fa-e93e-4352-89d7-95f1ca22e064.tmp.8.dr, Network Persistent State0.7.drString found in binary or memory: https://chrome.cloudflare-dns.com
Source: manifest.json0.7.drString found in binary or memory: https://chrome.google.com/webstore/
Source: manifest.json0.7.drString found in binary or memory: https://chromewebstore.google.com/
Source: a063ec0d-0273-4abf-b4be-e4a9c3f7e047.tmp.8.drString found in binary or memory: https://clients2.google.com
Source: manifest.json.7.drString found in binary or memory: https://clients2.google.com/service/update2/crx
Source: a063ec0d-0273-4abf-b4be-e4a9c3f7e047.tmp.8.drString found in binary or memory: https://clients2.googleusercontent.com
Source: firefox.exe, 0000000C.00000002.2895566607.000001EDDFB50000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2897478259.00000250B9500000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://color.firefox.com/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_content=theme-f
Source: firefox.exe, 00000005.00000003.1719663246.00000214C0000000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1721888625.00000214C0281000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1720877532.00000214C0217000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1721555155.00000214C0257000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1721717567.00000214C026C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1721154613.00000214C022C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1721342892.00000214C0241000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://completion.amazon.com/search/complete?q=
Source: firefox.exe, 0000000C.00000002.2895566607.000001EDDFB50000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2897478259.00000250B9500000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://content.cdn.mozilla.net
Source: firefox.exe, 00000005.00000003.2377409157.00000214BBEB5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000C.00000002.2895807713.000001EDDFCCB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2895011783.00000250B94CF000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.5.drString found in binary or memory: https://contile-images.services.mozilla.com/0TegrVVRalreHILhR2WvtD_CFzj13HCDcLqqpvXSOuY.10862.jpg
Source: firefox.exe, 00000005.00000003.2377409157.00000214BBEB5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000C.00000002.2895807713.000001EDDFCCB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2895011783.00000250B94CF000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.5.drString found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg
Source: firefox.exe, 0000000C.00000002.2895566607.000001EDDFB50000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2897478259.00000250B9500000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://contile.services.mozilla.com/v1/tiles
Source: firefox.exe, 0000000C.00000002.2895566607.000001EDDFB50000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2897478259.00000250B9500000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://coverage.mozilla.org
Source: firefox.exe, 0000000C.00000002.2895566607.000001EDDFB50000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2897478259.00000250B9500000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://crash-stats.mozilla.org/report/index/
Source: Reporting and NEL.7.drString found in binary or memory: https://csp.withgoogle.com/csp/report-to/AccountsSignInUi
Source: Reporting and NEL.7.drString found in binary or memory: https://csp.withgoogle.com/csp/report-to/apps-themes
Source: Reporting and NEL.7.drString found in binary or memory: https://csp.withgoogle.com/csp/report-to/boq-infra/identity-boq-js-css-signers
Source: Reporting and NEL.7.drString found in binary or memory: https://csp.withgoogle.com/csp/report-to/static-on-bigtable
Source: firefox.exe, 0000000C.00000002.2895566607.000001EDDFB50000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2897478259.00000250B9500000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://dap-02.api.divviup.org
Source: firefox.exe, 00000005.00000003.1866166373.00000214BBF9B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/en-US/docs/Glossary/speculative_parsingDocumentWriteIgnored
Source: firefox.exe, 0000000C.00000002.2895566607.000001EDDFB50000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2897478259.00000250B9500000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://developers.google.com/safe-browsing/v4/advisory
Source: manifest.json.7.drString found in binary or memory: https://docs.google.com/
Source: manifest.json.7.drString found in binary or memory: https://drive-autopush.corp.google.com/
Source: manifest.json.7.drString found in binary or memory: https://drive-daily-0.corp.google.com/
Source: manifest.json.7.drString found in binary or memory: https://drive-daily-1.corp.google.com/
Source: manifest.json.7.drString found in binary or memory: https://drive-daily-2.corp.google.com/
Source: manifest.json.7.drString found in binary or memory: https://drive-daily-3.corp.google.com/
Source: manifest.json.7.drString found in binary or memory: https://drive-daily-4.corp.google.com/
Source: manifest.json.7.drString found in binary or memory: https://drive-daily-5.corp.google.com/
Source: manifest.json.7.drString found in binary or memory: https://drive-daily-6.corp.google.com/
Source: manifest.json.7.drString found in binary or memory: https://drive-preprod.corp.google.com/
Source: manifest.json.7.drString found in binary or memory: https://drive-staging.corp.google.com/
Source: manifest.json.7.drString found in binary or memory: https://drive.google.com/
Source: firefox.exe, 00000005.00000003.1719663246.00000214C0000000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1721888625.00000214C0281000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2055768360.00000214C0550000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1720877532.00000214C0217000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2377272304.00000214C0527000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1721555155.00000214C0257000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1721717567.00000214C026C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1721154613.00000214C022C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1824680668.00000214C0550000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1721342892.00000214C0241000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/
Source: Web Data.7.drString found in binary or memory: https://duckduckgo.com/ac/?q=
Source: Web Data.7.drString found in binary or memory: https://duckduckgo.com/chrome_newtab
Source: Web Data.7.drString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
Source: firefox.exe, 00000005.00000003.2060740633.00000214BFA33000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2056330834.00000214BE1DF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1804855589.00000214BFA33000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2018788673.00000214BFA34000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1723850828.00000214BFA33000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://e.mail.ru/cgi-bin/sentmsg?mailto=%s
Source: firefox.exe, 00000005.00000003.1866816266.00000214BBE54000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2120363467.00000214BBE43000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://e.mail.ru/cgi-bin/sentmsg?mailto=%sz
Source: firefox.exe, 00000005.00000003.1866816266.00000214BBE54000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2120363467.00000214BBE43000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://e.mail.ru/cgi-bin/sentmsg?mailto=%szw
Source: 000003.log.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/arbitration_priority_list/4.0.5/asset?assetgroup=Arbit
Source: 000003.log0.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/domains_config_gz/2.8.76/asset?assetgroup=EntityExtrac
Source: aa0b92e2-8cc9-4959-843e-dfb73ecea653.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_163_music.png/1.0.3/asset
Source: aa0b92e2-8cc9-4959-843e-dfb73ecea653.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_M365_dark.png/1.7.32/asset
Source: aa0b92e2-8cc9-4959-843e-dfb73ecea653.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_M365_hc.png/1.7.32/asset
Source: HubApps Icons.7.dr, aa0b92e2-8cc9-4959-843e-dfb73ecea653.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_M365_light.png/1.7.32/asset
Source: aa0b92e2-8cc9-4959-843e-dfb73ecea653.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_action_center_hc.png/1.2.1/asset
Source: aa0b92e2-8cc9-4959-843e-dfb73ecea653.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_action_center_maximal_dark.png/1.2.1/ass
Source: aa0b92e2-8cc9-4959-843e-dfb73ecea653.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_action_center_maximal_light.png/1.2.1/as
Source: aa0b92e2-8cc9-4959-843e-dfb73ecea653.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_amazon_music_light.png/1.4.13/asset
Source: aa0b92e2-8cc9-4959-843e-dfb73ecea653.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_apple_music.png/1.4.12/asset
Source: aa0b92e2-8cc9-4959-843e-dfb73ecea653.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_bard_light.png/1.0.1/asset
Source: aa0b92e2-8cc9-4959-843e-dfb73ecea653.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_active_dark.png/1.1.17/asset
Source: aa0b92e2-8cc9-4959-843e-dfb73ecea653.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_active_dark.png/1.6.8/asset
Source: aa0b92e2-8cc9-4959-843e-dfb73ecea653.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_active_light.png/1.1.17/asset
Source: aa0b92e2-8cc9-4959-843e-dfb73ecea653.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_active_light.png/1.6.8/asset
Source: aa0b92e2-8cc9-4959-843e-dfb73ecea653.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_hc.png/1.1.17/asset
Source: aa0b92e2-8cc9-4959-843e-dfb73ecea653.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_hc.png/1.6.8/asset
Source: aa0b92e2-8cc9-4959-843e-dfb73ecea653.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_collections_hc.png/1.0.3/asset
Source: aa0b92e2-8cc9-4959-843e-dfb73ecea653.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_collections_maximal_dark.png/1.0.3/asset
Source: aa0b92e2-8cc9-4959-843e-dfb73ecea653.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_collections_maximal_light.png/1.0.3/asse
Source: aa0b92e2-8cc9-4959-843e-dfb73ecea653.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_deezer.png/1.4.12/asset
Source: aa0b92e2-8cc9-4959-843e-dfb73ecea653.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_demo_dark.png/1.0.6/asset
Source: aa0b92e2-8cc9-4959-843e-dfb73ecea653.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_demo_light.png/1.0.6/asset
Source: aa0b92e2-8cc9-4959-843e-dfb73ecea653.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_designer_color.png/1.0.14/asset
Source: aa0b92e2-8cc9-4959-843e-dfb73ecea653.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_designer_hc.png/1.0.14/asset
Source: aa0b92e2-8cc9-4959-843e-dfb73ecea653.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_edrop_hc.png/1.1.12/asset
Source: aa0b92e2-8cc9-4959-843e-dfb73ecea653.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_edrop_maximal_dark.png/1.1.12/asset
Source: HubApps Icons.7.dr, aa0b92e2-8cc9-4959-843e-dfb73ecea653.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_edrop_maximal_light.png/1.1.12/asset
Source: aa0b92e2-8cc9-4959-843e-dfb73ecea653.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_etree_hc.png/1.2.0/asset
Source: aa0b92e2-8cc9-4959-843e-dfb73ecea653.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_etree_maximal_dark.png/1.2.0/asset
Source: aa0b92e2-8cc9-4959-843e-dfb73ecea653.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_etree_maximal_light.png/1.2.0/asset
Source: aa0b92e2-8cc9-4959-843e-dfb73ecea653.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_excel.png/1.7.32/asset
Source: aa0b92e2-8cc9-4959-843e-dfb73ecea653.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_facebook_messenger.png/1.5.14/asset
Source: aa0b92e2-8cc9-4959-843e-dfb73ecea653.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_gaana.png/1.0.3/asset
Source: aa0b92e2-8cc9-4959-843e-dfb73ecea653.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_hc.png/1.7.1/asset
Source: aa0b92e2-8cc9-4959-843e-dfb73ecea653.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_hc_controller.png/1.7.1/asset
Source: aa0b92e2-8cc9-4959-843e-dfb73ecea653.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_hc_joystick.png/1.7.1/asset
Source: aa0b92e2-8cc9-4959-843e-dfb73ecea653.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_maximal_dark.png/1.7.1/asset
Source: aa0b92e2-8cc9-4959-843e-dfb73ecea653.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_maximal_dark_controller.png/1.7.1/
Source: aa0b92e2-8cc9-4959-843e-dfb73ecea653.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_maximal_dark_joystick.png/1.7.1/as
Source: HubApps Icons.7.dr, aa0b92e2-8cc9-4959-843e-dfb73ecea653.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_maximal_light.png/1.7.1/asset
Source: aa0b92e2-8cc9-4959-843e-dfb73ecea653.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_maximal_light_controller.png/1.7.1
Source: aa0b92e2-8cc9-4959-843e-dfb73ecea653.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_maximal_light_joystick.png/1.7.1/a
Source: aa0b92e2-8cc9-4959-843e-dfb73ecea653.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_gmail.png/1.5.4/asset
Source: aa0b92e2-8cc9-4959-843e-dfb73ecea653.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_help.png/1.0.0/asset
Source: aa0b92e2-8cc9-4959-843e-dfb73ecea653.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_history_hc.png/0.1.3/asset
Source: aa0b92e2-8cc9-4959-843e-dfb73ecea653.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_history_maximal_dark.png/0.1.3/asset
Source: aa0b92e2-8cc9-4959-843e-dfb73ecea653.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_history_maximal_light.png/0.1.3/asset
Source: aa0b92e2-8cc9-4959-843e-dfb73ecea653.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_iHeart.png/1.0.3/asset
Source: aa0b92e2-8cc9-4959-843e-dfb73ecea653.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_image_creator_hc.png/1.0.14/asset
Source: aa0b92e2-8cc9-4959-843e-dfb73ecea653.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_image_creator_maximal_dark.png/1.0.14/as
Source: aa0b92e2-8cc9-4959-843e-dfb73ecea653.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_image_creator_maximal_light.png/1.0.14/a
Source: aa0b92e2-8cc9-4959-843e-dfb73ecea653.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_instagram.png/1.4.13/asset
Source: aa0b92e2-8cc9-4959-843e-dfb73ecea653.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_ku_gou.png/1.0.3/asset
Source: aa0b92e2-8cc9-4959-843e-dfb73ecea653.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_last.png/1.0.3/asset
Source: 000003.log.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_manifest_gz/4.7.107/asset?assetgroup=Sho
Source: aa0b92e2-8cc9-4959-843e-dfb73ecea653.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_maximal_follow_dark.png/1.1.0/asset
Source: aa0b92e2-8cc9-4959-843e-dfb73ecea653.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_maximal_follow_hc.png/1.1.0/asset
Source: aa0b92e2-8cc9-4959-843e-dfb73ecea653.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_maximal_follow_light.png/1.1.0/asset
Source: aa0b92e2-8cc9-4959-843e-dfb73ecea653.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_naver_vibe.png/1.0.3/asset
Source: aa0b92e2-8cc9-4959-843e-dfb73ecea653.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_onenote_dark.png/1.4.9/asset
Source: aa0b92e2-8cc9-4959-843e-dfb73ecea653.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_onenote_hc.png/1.4.9/asset
Source: aa0b92e2-8cc9-4959-843e-dfb73ecea653.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_onenote_light.png/1.4.9/asset
Source: aa0b92e2-8cc9-4959-843e-dfb73ecea653.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_outlook_dark.png/1.9.10/asset
Source: aa0b92e2-8cc9-4959-843e-dfb73ecea653.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_outlook_hc.png/1.9.10/asset
Source: HubApps Icons.7.dr, aa0b92e2-8cc9-4959-843e-dfb73ecea653.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_outlook_light.png/1.9.10/asset
Source: aa0b92e2-8cc9-4959-843e-dfb73ecea653.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_performance_hc.png/1.1.0/asset
Source: aa0b92e2-8cc9-4959-843e-dfb73ecea653.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_performance_maximal_dark.png/1.1.0/asset
Source: aa0b92e2-8cc9-4959-843e-dfb73ecea653.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_performance_maximal_light.png/1.1.0/asse
Source: aa0b92e2-8cc9-4959-843e-dfb73ecea653.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_power_point.png/1.7.32/asset
Source: aa0b92e2-8cc9-4959-843e-dfb73ecea653.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_qq.png/1.0.3/asset
Source: aa0b92e2-8cc9-4959-843e-dfb73ecea653.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_refresh_dark.png/1.1.12/asset
Source: aa0b92e2-8cc9-4959-843e-dfb73ecea653.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_refresh_hc.png/1.1.12/asset
Source: aa0b92e2-8cc9-4959-843e-dfb73ecea653.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_refresh_light.png/1.1.12/asset
Source: aa0b92e2-8cc9-4959-843e-dfb73ecea653.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_rewards_hc.png/1.1.3/asset
Source: aa0b92e2-8cc9-4959-843e-dfb73ecea653.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_rewards_maximal_dark.png/1.1.3/asset
Source: aa0b92e2-8cc9-4959-843e-dfb73ecea653.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_rewards_maximal_light.png/1.1.3/asset
Source: aa0b92e2-8cc9-4959-843e-dfb73ecea653.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_search_hc.png/1.3.6/asset
Source: aa0b92e2-8cc9-4959-843e-dfb73ecea653.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_search_maximal_dark.png/1.3.6/asset
Source: HubApps Icons.7.dr, aa0b92e2-8cc9-4959-843e-dfb73ecea653.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_search_maximal_light.png/1.3.6/asset
Source: aa0b92e2-8cc9-4959-843e-dfb73ecea653.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_dark.png/1.1.12/asset
Source: aa0b92e2-8cc9-4959-843e-dfb73ecea653.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_dark.png/1.4.0/asset
Source: aa0b92e2-8cc9-4959-843e-dfb73ecea653.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_dark.png/1.5.13/asset
Source: aa0b92e2-8cc9-4959-843e-dfb73ecea653.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_hc.png/1.1.12/asset
Source: aa0b92e2-8cc9-4959-843e-dfb73ecea653.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_hc.png/1.4.0/asset
Source: aa0b92e2-8cc9-4959-843e-dfb73ecea653.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_hc.png/1.5.13/asset
Source: aa0b92e2-8cc9-4959-843e-dfb73ecea653.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_light.png/1.1.12/asset
Source: aa0b92e2-8cc9-4959-843e-dfb73ecea653.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_light.png/1.4.0/asset
Source: aa0b92e2-8cc9-4959-843e-dfb73ecea653.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_light.png/1.5.13/asset
Source: aa0b92e2-8cc9-4959-843e-dfb73ecea653.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_shopping_hc.png/1.4.0/asset
Source: aa0b92e2-8cc9-4959-843e-dfb73ecea653.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_shopping_maximal_dark.png/1.4.0/asset
Source: HubApps Icons.7.dr, aa0b92e2-8cc9-4959-843e-dfb73ecea653.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_shopping_maximal_light.png/1.4.0/asset
Source: aa0b92e2-8cc9-4959-843e-dfb73ecea653.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_skype_dark.png/1.3.20/asset
Source: aa0b92e2-8cc9-4959-843e-dfb73ecea653.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_skype_hc.png/1.3.20/asset
Source: aa0b92e2-8cc9-4959-843e-dfb73ecea653.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_skype_light.png/1.3.20/asset
Source: aa0b92e2-8cc9-4959-843e-dfb73ecea653.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_sound_cloud.png/1.0.3/asset
Source: aa0b92e2-8cc9-4959-843e-dfb73ecea653.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_spotify.png/1.4.12/asset
Source: aa0b92e2-8cc9-4959-843e-dfb73ecea653.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_teams_dark.png/1.2.19/asset
Source: aa0b92e2-8cc9-4959-843e-dfb73ecea653.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_teams_hc.png/1.2.19/asset
Source: aa0b92e2-8cc9-4959-843e-dfb73ecea653.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_teams_light.png/1.2.19/asset
Source: aa0b92e2-8cc9-4959-843e-dfb73ecea653.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_telegram.png/1.0.4/asset
Source: aa0b92e2-8cc9-4959-843e-dfb73ecea653.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_theater_hc.png/1.0.5/asset
Source: aa0b92e2-8cc9-4959-843e-dfb73ecea653.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_theater_maximal_dark.png/1.0.5/asset
Source: aa0b92e2-8cc9-4959-843e-dfb73ecea653.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_theater_maximal_light.png/1.0.5/asset
Source: aa0b92e2-8cc9-4959-843e-dfb73ecea653.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_tidal.png/1.0.3/asset
Source: aa0b92e2-8cc9-4959-843e-dfb73ecea653.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_tik_tok_light.png/1.0.5/asset
Source: aa0b92e2-8cc9-4959-843e-dfb73ecea653.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_toolbox_hc.png/1.5.13/asset
Source: aa0b92e2-8cc9-4959-843e-dfb73ecea653.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_toolbox_maximal_dark.png/1.5.13/asset
Source: HubApps Icons.7.dr, aa0b92e2-8cc9-4959-843e-dfb73ecea653.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_toolbox_maximal_light.png/1.5.13/asset
Source: aa0b92e2-8cc9-4959-843e-dfb73ecea653.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_twitter_light.png/1.0.9/asset
Source: aa0b92e2-8cc9-4959-843e-dfb73ecea653.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_vk.png/1.0.3/asset
Source: aa0b92e2-8cc9-4959-843e-dfb73ecea653.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_whats_new.png/1.0.0/asset
Source: aa0b92e2-8cc9-4959-843e-dfb73ecea653.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_whatsapp_light.png/1.4.11/asset
Source: aa0b92e2-8cc9-4959-843e-dfb73ecea653.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_word.png/1.7.32/asset
Source: aa0b92e2-8cc9-4959-843e-dfb73ecea653.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_yandex_music.png/1.0.10/asset
Source: aa0b92e2-8cc9-4959-843e-dfb73ecea653.tmp.7.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_youtube.png/1.4.14/asset
Source: firefox.exe, 00000005.00000003.2060740633.00000214BFA33000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2056330834.00000214BE1DF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1804855589.00000214BFA33000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2018788673.00000214BFA34000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1723850828.00000214BFA33000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://email.seznam.cz/newMessageScreen?mailto=%s
Source: aa0b92e2-8cc9-4959-843e-dfb73ecea653.tmp.7.drString found in binary or memory: https://excel.new?from=EdgeM365Shoreline
Source: firefox.exe, 0000000C.00000002.2895566607.000001EDDFB50000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2897478259.00000250B9500000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://firefox-source-docs.mozilla.org/networking/dns/trr-skip-reasons.html#
Source: firefox.exe, 00000005.00000003.2057615393.00000214BD449000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox.settings.services.mozilla.com/v1/buckets/monitor/collections/changes/changeset?_expe
Source: a063ec0d-0273-4abf-b4be-e4a9c3f7e047.tmp.8.drString found in binary or memory: https://fonts.gstatic.com
Source: firefox.exe, 00000005.00000003.1864940710.00000214BE137000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://fpn.firefox.com
Source: firefox.exe, 0000000C.00000002.2895566607.000001EDDFB50000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2897478259.00000250B9500000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://fpn.firefox.com/browser?utm_source=firefox-desktop&utm_medium=referral&utm_campaign=about-pr
Source: firefox.exe, 0000000C.00000002.2895566607.000001EDDFB50000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2897478259.00000250B9500000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://ftp.mozilla.org/pub/labs/devtools/adb-extension/#OS#/adb-extension-latest-#OS#.xpi
Source: aa0b92e2-8cc9-4959-843e-dfb73ecea653.tmp.7.drString found in binary or memory: https://gaana.com/
Source: firefox.exe, 00000005.00000003.1719663246.00000214C0000000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1720877532.00000214C0217000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1721555155.00000214C0257000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1721717567.00000214C026C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1721154613.00000214C022C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1721342892.00000214C0241000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/mozilla-services/screenshots
Source: firefox.exe, 00000005.00000003.2049478882.00000214C27E3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2119726413.00000214BC73C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1826592023.00000214BC73C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google.com
Source: firefox.exe, 0000000C.00000002.2895566607.000001EDDFB50000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2897478259.00000250B9500000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://helper1.dap.cloudflareresearch.com/v02
Source: aa0b92e2-8cc9-4959-843e-dfb73ecea653.tmp.7.drString found in binary or memory: https://i.y.qq.com/n2/m/index.html
Source: firefox.exe, 0000000C.00000002.2895566607.000001EDDFB50000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2897478259.00000250B9500000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://ideas.mozilla.org/
Source: prefs-1.js.5.drString found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4QqmfZfYfQfafZbXfpbWfpbX7ReNxR3UIG8zInwYIFIVs9eYi
Source: firefox.exe, 00000005.00000003.1866166373.00000214BBFF0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000C.00000002.2895566607.000001EDDFB50000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2897478259.00000250B9500000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org
Source: firefox.exe, 0000000C.00000002.2895566607.000001EDDFB50000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2897478259.00000250B9500000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://install.mozilla.org
Source: aa0b92e2-8cc9-4959-843e-dfb73ecea653.tmp.7.drString found in binary or memory: https://latest.web.skype.com/?browsername=edge_canary_shoreline
Source: firefox.exe, 00000005.00000003.1758594496.00000214C07A5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1802911242.00000214C07A5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://location.services.mozilla.com
Source: firefox.exe, 00000005.00000003.2046456426.00000214BC7D7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://location.services.mozilla.com/
Source: firefox.exe, 0000000C.00000002.2895566607.000001EDDFB50000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2897478259.00000250B9500000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://location.services.mozilla.com/v1/country?key=%MOZILLA_API_KEY%
Source: firefox.exe, 00000005.00000003.2057615393.00000214BD449000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://location.services.mozilla.com/v1/country?key=7e40f68c-7938-4c5d-9f95-e61647c213eb
Source: firefox.exe, 00000005.00000003.1819337393.00000214C386F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://login.live.com
Source: firefox.exe, 00000005.00000003.1819337393.00000214C386F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://login.microsoftonline.com
Source: aa0b92e2-8cc9-4959-843e-dfb73ecea653.tmp.7.drString found in binary or memory: https://m.kugou.com/
Source: aa0b92e2-8cc9-4959-843e-dfb73ecea653.tmp.7.drString found in binary or memory: https://m.soundcloud.com/
Source: aa0b92e2-8cc9-4959-843e-dfb73ecea653.tmp.7.drString found in binary or memory: https://m.vk.com/
Source: firefox.exe, 00000005.00000003.2060740633.00000214BFA33000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2056330834.00000214BE1DF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1804855589.00000214BFA33000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2018788673.00000214BFA34000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1723850828.00000214BFA33000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.google.com/mail/?extsrc=mailto&url=%s
Source: aa0b92e2-8cc9-4959-843e-dfb73ecea653.tmp.7.drString found in binary or memory: https://mail.google.com/mail/mu/mp/266/#tl/Inbox
Source: firefox.exe, 00000005.00000003.2060740633.00000214BFA33000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2056330834.00000214BE1DF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1804855589.00000214BFA33000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2018788673.00000214BFA34000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1723850828.00000214BFA33000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.inbox.lv/compose?to=%s
Source: firefox.exe, 00000005.00000003.1866816266.00000214BBE54000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2120363467.00000214BBE43000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.inbox.lv/compose?to=%sv
Source: firefox.exe, 00000005.00000003.2060740633.00000214BFA33000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2056330834.00000214BE1DF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1804855589.00000214BFA33000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2018788673.00000214BFA34000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1723850828.00000214BFA33000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.yahoo.co.jp/compose/?To=%s
Source: firefox.exe, 00000005.00000003.1866816266.00000214BBE54000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2120363467.00000214BBE43000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.yahoo.co.jp/compose/?To=%st
Source: aa0b92e2-8cc9-4959-843e-dfb73ecea653.tmp.7.drString found in binary or memory: https://manifestdeliveryservice.edgebrowser.microsoft-staging-falcon.io/app/page-context-demo
Source: firefox.exe, 0000000C.00000002.2895807713.000001EDDFC72000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2895011783.00000250B9492000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://merino.services.mozilla.com/api/v1/suggest
Source: firefox.exe, 0000000C.00000002.2895566607.000001EDDFB50000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2897478259.00000250B9500000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://mitmdetection.services.mozilla.com/
Source: firefox.exe, 00000005.00000003.1864940710.00000214BE18E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com
Source: firefox.exe, 0000000C.00000002.2895566607.000001EDDFB50000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2897478259.00000250B9500000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/?entrypoint=protection_report_monitor&utm_source=about-protections
Source: firefox.exe, 0000000C.00000002.2895566607.000001EDDFB50000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2897478259.00000250B9500000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/about
Source: firefox.exe, 0000000C.00000002.2895566607.000001EDDFB50000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2897478259.00000250B9500000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/breach-details/
Source: firefox.exe, 0000000C.00000002.2895566607.000001EDDFB50000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2897478259.00000250B9500000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/oauth/init?entrypoint=protection_report_monitor&utm_source=about-protect
Source: firefox.exe, 0000000C.00000002.2895566607.000001EDDFB50000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2897478259.00000250B9500000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/user/breach-stats?includeResolved=true
Source: firefox.exe, 0000000C.00000002.2895566607.000001EDDFB50000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2897478259.00000250B9500000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/user/dashboard
Source: firefox.exe, 0000000C.00000002.2895566607.000001EDDFB50000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2897478259.00000250B9500000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/user/preferences
Source: firefox.exe, 0000000C.00000002.2895566607.000001EDDFB50000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2897478259.00000250B9500000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://mozilla-ohttp-fakespot.fastly-edge.com/
Source: firefox.exe, 0000000C.00000002.2895566607.000001EDDFB50000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2897478259.00000250B9500000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://mozilla.cloudflare-dns.com/dns-query
Source: aa0b92e2-8cc9-4959-843e-dfb73ecea653.tmp.7.drString found in binary or memory: https://music.amazon.com
Source: aa0b92e2-8cc9-4959-843e-dfb73ecea653.tmp.7.drString found in binary or memory: https://music.apple.com
Source: aa0b92e2-8cc9-4959-843e-dfb73ecea653.tmp.7.drString found in binary or memory: https://music.yandex.com
Source: firefox.exe, 0000000C.00000002.2895566607.000001EDDFB50000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2897478259.00000250B9500000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://normandy.cdn.mozilla.net/api/v1
Source: firefox.exe, 0000000C.00000002.2895566607.000001EDDFB50000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2897478259.00000250B9500000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://oauth.accounts.firefox.com/v1
Source: aa0b92e2-8cc9-4959-843e-dfb73ecea653.tmp.7.drString found in binary or memory: https://open.spotify.com
Source: aa0b92e2-8cc9-4959-843e-dfb73ecea653.tmp.7.drString found in binary or memory: https://outlook.live.com/calendar/view/agenda/quickcapture/moreDetails?isExtension=true
Source: firefox.exe, 00000005.00000003.2060740633.00000214BFA33000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2056330834.00000214BE1DF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1804855589.00000214BFA33000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2018788673.00000214BFA34000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1723850828.00000214BFA33000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://outlook.live.com/default.aspx?rru=compose&to=%s
Source: aa0b92e2-8cc9-4959-843e-dfb73ecea653.tmp.7.drString found in binary or memory: https://outlook.live.com/mail/0/
Source: aa0b92e2-8cc9-4959-843e-dfb73ecea653.tmp.7.drString found in binary or memory: https://outlook.live.com/mail/compose?isExtension=true
Source: aa0b92e2-8cc9-4959-843e-dfb73ecea653.tmp.7.drString found in binary or memory: https://outlook.live.com/mail/inbox?isExtension=true&sharedHeader=1&nlp=1&client_flight=outlookedge
Source: aa0b92e2-8cc9-4959-843e-dfb73ecea653.tmp.7.drString found in binary or memory: https://outlook.office.com/calendar/view/agenda/quickcapture/moreDetails?isExtension=true
Source: aa0b92e2-8cc9-4959-843e-dfb73ecea653.tmp.7.drString found in binary or memory: https://outlook.office.com/mail/0/
Source: aa0b92e2-8cc9-4959-843e-dfb73ecea653.tmp.7.drString found in binary or memory: https://outlook.office.com/mail/compose?isExtension=true
Source: aa0b92e2-8cc9-4959-843e-dfb73ecea653.tmp.7.drString found in binary or memory: https://outlook.office.com/mail/inbox?isExtension=true&sharedHeader=1&client_flight=outlookedge
Source: firefox.exe, 0000000C.00000002.2895566607.000001EDDFB50000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2897478259.00000250B9500000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://play.google.com/store/apps/details?id=org.mozilla.firefox&referrer=utm_source%3Dprotection_r
Source: firefox.exe, 0000000C.00000002.2895566607.000001EDDFB50000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2897478259.00000250B9500000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://play.google.com/store/apps/details?id=org.mozilla.firefox.vpn&referrer=utm_source%3Dfirefox-
Source: firefox.exe, 00000005.00000003.2060740633.00000214BFA33000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2056330834.00000214BE1DF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1804855589.00000214BFA33000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2018788673.00000214BFA34000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1723850828.00000214BFA33000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://poczta.interia.pl/mh/?mailto=%s
Source: firefox.exe, 00000005.00000003.1866816266.00000214BBE54000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2120363467.00000214BBE43000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://poczta.interia.pl/mh/?mailto=%sx
Source: aa0b92e2-8cc9-4959-843e-dfb73ecea653.tmp.7.drString found in binary or memory: https://powerpoint.new?from=EdgeM365Shoreline
Source: firefox.exe, 0000000C.00000002.2895566607.000001EDDFB50000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2897478259.00000250B9500000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://prod.ohttp-gateway.prod.webservices.mozgcp.net/ohttp-configs
Source: firefox.exe, 0000000C.00000002.2895566607.000001EDDFB50000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2897478259.00000250B9500000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://profile.accounts.firefox.com/v1
Source: firefox.exe, 0000000C.00000002.2895566607.000001EDDFB50000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2897478259.00000250B9500000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://profiler.firefox.com
Source: firefox.exe, 00000005.00000003.1864940710.00000214BE16D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://profiler.firefox.com/
Source: firefox.exe, 00000005.00000003.2055991322.00000214C0079000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://redirector.gvt1.com
Source: firefox.exe, 00000005.00000003.2055991322.00000214C0079000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://redirector.gvt1.com/
Source: firefox.exe, 00000005.00000003.2056330834.00000214BE1E9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://redirector.gvt1.com/edgedl/widevine-cdm/4.10.2557.0-linux-x64.zip
Source: firefox.exe, 00000005.00000003.2056330834.00000214BE1E9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://redirector.gvt1.com/edgedl/widevine-cdm/4.10.2557.0-mac-arm64.zip
Source: firefox.exe, 00000005.00000003.2056330834.00000214BE1E9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://redirector.gvt1.com/edgedl/widevine-cdm/4.10.2557.0-mac-x64.zip
Source: firefox.exe, 00000005.00000003.2056330834.00000214BE1E9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://redirector.gvt1.com/edgedl/widevine-cdm/4.10.2557.0-win-arm64.zip
Source: firefox.exe, 00000005.00000003.2056219909.00000214BFB58000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2056269926.00000214BFB52000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://redirector.gvt1.com/edgedl/widevine-cdm/4.10.2557.0-win-x64.zip
Source: firefox.exe, 00000005.00000003.2056330834.00000214BE1E9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://redirector.gvt1.com/edgedl/widevine-cdm/4.10.2557.0-win-x86.zip
Source: firefox.exe, 0000000C.00000002.2895566607.000001EDDFB50000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2897478259.00000250B9500000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://relay.firefox.com/accounts/profile/?utm_medium=firefox-desktop&utm_source=modal&utm_campaign
Source: firefox.exe, 0000000C.00000002.2895566607.000001EDDFB50000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2897478259.00000250B9500000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://relay.firefox.com/api/v1/
Source: firefox.exe, 0000000C.00000002.2895566607.000001EDDFB50000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2897478259.00000250B9500000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.google.com/safebrowsing/diagnostic?site=
Source: firefox.exe, 0000000C.00000002.2895566607.000001EDDFB50000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2897478259.00000250B9500000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.google.com/safebrowsing/downloads?client=SAFEBROWSING_ID&appver=%MAJOR_VERSION%
Source: firefox.exe, 0000000C.00000002.2895566607.000001EDDFB50000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2897478259.00000250B9500000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.google.com/safebrowsing/gethash?client=SAFEBROWSING_ID&appver=%MAJOR_VERSION%&p
Source: firefox.exe, 0000000C.00000002.2895566607.000001EDDFB50000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2897478259.00000250B9500000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.googleapis.com/v4/fullHashes:find?$ct=application/x-protobuf&key=%GOOGLE_SAFEBR
Source: firefox.exe, 0000000C.00000002.2895566607.000001EDDFB50000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2897478259.00000250B9500000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.googleapis.com/v4/threatHits?$ct=application/x-protobuf&key=%GOOGLE_SAFEBROWSIN
Source: firefox.exe, 0000000C.00000002.2895566607.000001EDDFB50000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2897478259.00000250B9500000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.googleapis.com/v4/threatListUpdates:fetch?$ct=application/x-protobuf&key=%GOOGL
Source: firefox.exe, 0000000C.00000002.2895566607.000001EDDFB50000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2897478259.00000250B9500000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://sb-ssl.google.com/safebrowsing/clientreport/download?key=%GOOGLE_SAFEBROWSING_API_KEY%
Source: firefox.exe, 00000005.00000003.1864940710.00000214BE18E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://screenshots.firefox.com
Source: firefox.exe, 00000005.00000003.1721342892.00000214C0241000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://screenshots.firefox.com/
Source: firefox.exe, 00000005.00000003.2057764231.00000214BC7F4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org
Source: firefox.exe, 0000000C.00000002.2895566607.000001EDDFB50000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2897478259.00000250B9500000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/abuse/report/addon/
Source: firefox.exe, 0000000C.00000002.2895566607.000001EDDFB50000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2897478259.00000250B9500000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/addons/addon/
Source: firefox.exe, 0000000C.00000002.2895566607.000001EDDFB50000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2897478259.00000250B9500000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/addons/language-tools/?app=firefox&type=language&appversi
Source: firefox.exe, 0000000C.00000002.2895566607.000001EDDFB50000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2897478259.00000250B9500000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/addons/search/?guid=%IDS%&lang=%LOCALE%
Source: firefox.exe, 00000005.00000003.2052041812.00000214BD4D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/addons/search/?guid=default-theme%40mozilla.org%2Caddons-
Source: firefox.exe, 0000000C.00000002.2895566607.000001EDDFB50000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2897478259.00000250B9500000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/discovery/?lang=%LOCALE%&edition=%DISTRIBUTION%
Source: firefox.exe, 0000000C.00000002.2895566607.000001EDDFB50000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2897478259.00000250B9500000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v5/addons/browser-mappings/?browser=%BROWSER%
Source: firefox.exe, 0000000C.00000002.2895566607.000001EDDFB50000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2897478259.00000250B9500000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://shavar.services.mozilla.com/downloads?client=SAFEBROWSING_ID&appver=%MAJOR_VERSION%&pver=2.2
Source: firefox.exe, 0000000C.00000002.2895566607.000001EDDFB50000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2897478259.00000250B9500000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://shavar.services.mozilla.com/gethash?client=SAFEBROWSING_ID&appver=%MAJOR_VERSION%&pver=2.2
Source: firefox.exe, 00000005.00000003.1758106431.00000214C11B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1771875572.00000214C11B5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://smartblock.firefox.etp/facebook.svg
Source: firefox.exe, 00000005.00000003.1758106431.00000214C11B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1771875572.00000214C11B5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://smartblock.firefox.etp/play.svg
Source: firefox.exe, 0000000C.00000002.2895566607.000001EDDFB50000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2897478259.00000250B9500000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://snippets.cdn.mozilla.net/%STARTPAGE_VERSION%/%NAME%/%VERSION%/%APPBUILDID%/%BUILD_TARGET%/%L
Source: firefox.exe, 00000005.00000003.1864940710.00000214BE18E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org
Source: firefox.exe, 0000000C.00000002.2895566607.000001EDDFB50000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2897478259.00000250B9500000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/
Source: firefox.exe, 0000000C.00000002.2895566607.000001EDDFB50000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2897478259.00000250B9500000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/cross-site-tracking-report
Source: firefox.exe, 0000000C.00000002.2895566607.000001EDDFB50000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2897478259.00000250B9500000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/cryptominers-report
Source: firefox.exe, 0000000C.00000002.2895566607.000001EDDFB50000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2897478259.00000250B9500000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/fingerprinters-report
Source: firefox.exe, 0000000C.00000002.2895566607.000001EDDFB50000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2897478259.00000250B9500000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/firefox-relay-integration
Source: firefox.exe, 0000000C.00000002.2895566607.000001EDDFB50000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2897478259.00000250B9500000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/password-manager-report
Source: firefox.exe, 0000000C.00000002.2895566607.000001EDDFB50000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2897478259.00000250B9500000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/search-engine-removal
Source: firefox.exe, 0000000C.00000002.2895566607.000001EDDFB50000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2897478259.00000250B9500000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/send-tab
Source: firefox.exe, 0000000C.00000002.2895566607.000001EDDFB50000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2897478259.00000250B9500000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/shield
Source: firefox.exe, 0000000C.00000002.2895566607.000001EDDFB50000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2897478259.00000250B9500000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/social-media-tracking-report
Source: firefox.exe, 0000000C.00000002.2895566607.000001EDDFB50000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2897478259.00000250B9500000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/tracking-content-report
Source: firefox.exe, 00000005.00000003.1752331512.00000214C2C23000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1822467866.00000214C2C23000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/118.0.1/WINNT/en-US/
Source: firefox.exe, 00000005.00000003.2056149466.00000214C0021000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1826092358.00000214BD45D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2056269926.00000214BFB52000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000C.00000002.2895566607.000001EDDFB50000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2897478259.00000250B9500000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/captive-portal
Source: aa0b92e2-8cc9-4959-843e-dfb73ecea653.tmp.7.drString found in binary or memory: https://tidal.com/
Source: firefox.exe, 0000000C.00000002.2895566607.000001EDDFB50000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2897478259.00000250B9500000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://token.services.mozilla.com/1.0/sync/1.5
Source: firefox.exe, 0000000C.00000002.2895566607.000001EDDFB50000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2897478259.00000250B9500000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://topsites.services.mozilla.com/cid/
Source: firefox.exe, 0000000C.00000002.2895566607.000001EDDFB50000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2897478259.00000250B9500000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://tracking-protection-issues.herokuapp.com/new
Source: firefox.exe, 00000005.00000003.1864940710.00000214BE18E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1825095938.00000214BFB25000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://truecolors.firefox.com
Source: firefox.exe, 00000005.00000003.2046265945.00000214BD454000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1826092358.00000214BD45D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1865652057.00000214BD45D000.00000004.00000800.00020000.00000000.sdmp, aa0b92e2-8cc9-4959-843e-dfb73ecea653.tmp.7.drString found in binary or memory: https://twitter.com/
Source: firefox.exe, 0000000C.00000002.2895566607.000001EDDFB50000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2897478259.00000250B9500000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://versioncheck-bg.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEM
Source: firefox.exe, 0000000C.00000002.2895566607.000001EDDFB50000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2897478259.00000250B9500000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://versioncheck.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEM_ID
Source: aa0b92e2-8cc9-4959-843e-dfb73ecea653.tmp.7.drString found in binary or memory: https://vibe.naver.com/today
Source: firefox.exe, 0000000C.00000002.2895566607.000001EDDFB50000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2897478259.00000250B9500000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://vpn.mozilla.org/?utm_source=firefox-browser&utm_medium=firefox-%CHANNEL%-browser&utm_campaig
Source: firefox.exe, 00000010.00000002.2897478259.00000250B9500000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://vpn.mozilla.org/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_campaign=about-pr
Source: aa0b92e2-8cc9-4959-843e-dfb73ecea653.tmp.7.drString found in binary or memory: https://web.skype.com/?browsername=edge_canary_shoreline
Source: aa0b92e2-8cc9-4959-843e-dfb73ecea653.tmp.7.drString found in binary or memory: https://web.skype.com/?browsername=edge_stable_shoreline
Source: aa0b92e2-8cc9-4959-843e-dfb73ecea653.tmp.7.drString found in binary or memory: https://web.telegram.org/
Source: aa0b92e2-8cc9-4959-843e-dfb73ecea653.tmp.7.drString found in binary or memory: https://web.whatsapp.com
Source: firefox.exe, 0000000C.00000002.2895566607.000001EDDFB50000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2897478259.00000250B9500000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://webcompat.com/issues/new
Source: firefox.exe, 0000000C.00000002.2895566607.000001EDDFB50000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2897478259.00000250B9500000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://webextensions.settings.services.mozilla.com/v1
Source: aa0b92e2-8cc9-4959-843e-dfb73ecea653.tmp.7.drString found in binary or memory: https://word.new?from=EdgeM365Shoreline
Source: firefox.exe, 00000005.00000003.2377409157.00000214BBEB5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000C.00000002.2895807713.000001EDDFCCB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2895011783.00000250B94CF000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.5.drString found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_7548d4575af019e4c148ccf1a78112802e66a0816a72fc94
Source: firefox.exe, 00000005.00000003.1719663246.00000214C0000000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1721888625.00000214C0281000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1720877532.00000214C0217000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1758106431.00000214C11B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1721555155.00000214C0257000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1721717567.00000214C026C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1771875572.00000214C11B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1721154613.00000214C022C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1721342892.00000214C0241000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.com/exec/obidos/external-search/
Source: aa0b92e2-8cc9-4959-843e-dfb73ecea653.tmp.7.drString found in binary or memory: https://www.deezer.com/
Source: firefox.exe, 00000005.00000003.2060151315.00000214C1300000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.5.drString found in binary or memory: https://www.digicert.com/CPS0
Source: firefox.exe, 00000005.00000003.2377409157.00000214BBEB5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000C.00000002.2895807713.000001EDDFCCB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2895011783.00000250B94CF000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.5.drString found in binary or memory: https://www.expedia.com/?locale=en_US&siteid=1&semcid=US.UB.ADMARKETPLACE.GT-C-EN.HOTEL&SEMDTL=a1219
Source: content_new.js.7.dr, content.js.7.drString found in binary or memory: https://www.google.com/chrome
Source: firefox.exe, 00000005.00000003.1719663246.00000214C0000000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1721888625.00000214C0281000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1720877532.00000214C0217000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1721555155.00000214C0257000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1721717567.00000214C026C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1721154613.00000214C022C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1721342892.00000214C0241000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/complete/search?client=firefox&q=
Source: Web Data.7.drString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
Source: firefox.exe, 00000005.00000003.1719663246.00000214C0000000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1721888625.00000214C0281000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1720877532.00000214C0217000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1758106431.00000214C11B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1721555155.00000214C0257000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1721717567.00000214C026C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1771875572.00000214C11B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1721154613.00000214C022C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1721342892.00000214C0241000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/search
Source: firefox.exe, 0000000C.00000002.2895566607.000001EDDFB50000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2897478259.00000250B9500000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/geolocation/v1/geolocate?key=%GOOGLE_LOCATION_SERVICE_API_KEY%
Source: aa0b92e2-8cc9-4959-843e-dfb73ecea653.tmp.7.drString found in binary or memory: https://www.iheart.com/podcast/
Source: aa0b92e2-8cc9-4959-843e-dfb73ecea653.tmp.7.drString found in binary or memory: https://www.instagram.com
Source: aa0b92e2-8cc9-4959-843e-dfb73ecea653.tmp.7.drString found in binary or memory: https://www.last.fm/
Source: aa0b92e2-8cc9-4959-843e-dfb73ecea653.tmp.7.drString found in binary or memory: https://www.messenger.com
Source: firefox.exe, 00000005.00000003.1825357229.00000214BD49E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org
Source: firefox.exe, 0000000C.00000002.2895566607.000001EDDFB50000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2897478259.00000250B9500000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/about/legal/terms/subscription-services/
Source: firefox.exe, 00000010.00000002.2897478259.00000250B9500000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/%VERSION%/releasenotes/?utm_source=firefox-browser&utm_medi
Source: firefox.exe, 0000000C.00000002.2895566607.000001EDDFB50000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2897478259.00000250B9500000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/%VERSION%/tour/
Source: firefox.exe, 0000000C.00000002.2895566607.000001EDDFB50000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2897478259.00000250B9500000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/geolocation/
Source: firefox.exe, 0000000C.00000002.2895566607.000001EDDFB50000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2897478259.00000250B9500000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/new?reason=manual-update
Source: firefox.exe, 0000000C.00000002.2895566607.000001EDDFB50000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2897478259.00000250B9500000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/notes
Source: firefox.exe, 0000000C.00000002.2895566607.000001EDDFB50000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2897478259.00000250B9500000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/set-as-default/thanks/
Source: firefox.exe, 0000000C.00000002.2895566607.000001EDDFB50000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2897478259.00000250B9500000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/xr/
Source: firefox.exe, 0000000C.00000002.2895566607.000001EDDFB50000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2897478259.00000250B9500000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/privacy/subscription-services/
Source: firefox.exe, 0000000C.00000002.2895566607.000001EDDFB50000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2897478259.00000250B9500000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/firefox/android/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_c
Source: firefox.exe, 0000000C.00000002.2895566607.000001EDDFB50000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2897478259.00000250B9500000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/firefox/ios/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_campa
Source: firefox.exe, 0000000C.00000002.2895566607.000001EDDFB50000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2897478259.00000250B9500000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/legal/privacy/firefox.html
Source: firefox.exe, 0000000C.00000002.2895566607.000001EDDFB50000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2897478259.00000250B9500000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/legal/privacy/firefox.html#crash-reporter
Source: firefox.exe, 0000000C.00000002.2895566607.000001EDDFB50000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2897478259.00000250B9500000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/legal/privacy/firefox.html#health-report
Source: firefox.exe, 00000005.00000003.1866767273.00000214BBE5E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2120363467.00000214BBE43000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000C.00000002.2895807713.000001EDDFCCB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2895011783.00000250B94CF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/
Source: firefox.exe, 0000000C.00000002.2895566607.000001EDDFB50000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2897478259.00000250B9500000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_c
Source: firefox.exe, 00000005.00000003.1819337393.00000214C386F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com
Source: aa0b92e2-8cc9-4959-843e-dfb73ecea653.tmp.7.drString found in binary or memory: https://www.msn.com/widgets/fullpage/cgSideBar/widget?experiences=CasualGamesHub&sharedHeader=1
Source: aa0b92e2-8cc9-4959-843e-dfb73ecea653.tmp.7.drString found in binary or memory: https://www.msn.com/widgets/fullpage/cgSideBar/widget?experiences=CasualGamesHub&sharedHeader=1&game
Source: aa0b92e2-8cc9-4959-843e-dfb73ecea653.tmp.7.drString found in binary or memory: https://www.msn.com/widgets/fullpage/cgSideBar/widget?experiences=CasualGamesHub&sharedHeader=1&item
Source: aa0b92e2-8cc9-4959-843e-dfb73ecea653.tmp.7.drString found in binary or memory: https://www.msn.com/widgets/fullpage/gaming/widget?experiences=CasualGamesHub&sharedHeader=1
Source: aa0b92e2-8cc9-4959-843e-dfb73ecea653.tmp.7.drString found in binary or memory: https://www.msn.com/widgets/fullpage/gaming/widget?experiences=CasualGamesHub&sharedHeader=1&item=fl
Source: aa0b92e2-8cc9-4959-843e-dfb73ecea653.tmp.7.drString found in binary or memory: https://www.msn.com/widgets/fullpage/gaming/widget?experiences=CasualGamesHub&sharedHeader=1&playInS
Source: aa0b92e2-8cc9-4959-843e-dfb73ecea653.tmp.7.drString found in binary or memory: https://www.office.com
Source: Top Sites.7.drString found in binary or memory: https://www.office.com/
Source: Top Sites.7.drString found in binary or memory: https://www.office.com/Office
Source: aa0b92e2-8cc9-4959-843e-dfb73ecea653.tmp.7.drString found in binary or memory: https://www.officeplus.cn/?sid=shoreline&endpoint=OPPC&source=OPCNshoreline
Source: aa0b92e2-8cc9-4959-843e-dfb73ecea653.tmp.7.drString found in binary or memory: https://www.onenote.com/stickynotes?isEdgeHub=true
Source: aa0b92e2-8cc9-4959-843e-dfb73ecea653.tmp.7.drString found in binary or memory: https://www.onenote.com/stickynotes?isEdgeHub=true&auth=1
Source: aa0b92e2-8cc9-4959-843e-dfb73ecea653.tmp.7.drString found in binary or memory: https://www.onenote.com/stickynotes?isEdgeHub=true&auth=2
Source: aa0b92e2-8cc9-4959-843e-dfb73ecea653.tmp.7.drString found in binary or memory: https://www.onenote.com/stickynotesstaging?isEdgeHub=true
Source: aa0b92e2-8cc9-4959-843e-dfb73ecea653.tmp.7.drString found in binary or memory: https://www.onenote.com/stickynotesstaging?isEdgeHub=true&auth=1
Source: aa0b92e2-8cc9-4959-843e-dfb73ecea653.tmp.7.drString found in binary or memory: https://www.onenote.com/stickynotesstaging?isEdgeHub=true&auth=2
Source: firefox.exe, 00000005.00000003.1866166373.00000214BBFAD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.openh264.org/
Source: firefox.exe, 00000005.00000003.2046265945.00000214BD454000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1826092358.00000214BD45D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1865652057.00000214BD45D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.reddit.com/
Source: aa0b92e2-8cc9-4959-843e-dfb73ecea653.tmp.7.drString found in binary or memory: https://www.tiktok.com/
Source: aa0b92e2-8cc9-4959-843e-dfb73ecea653.tmp.7.drString found in binary or memory: https://www.youtube.com
Source: firefox.exe, 00000005.00000003.2046265945.00000214BD454000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1826092358.00000214BD45D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1865652057.00000214BD45D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/
Source: aa0b92e2-8cc9-4959-843e-dfb73ecea653.tmp.7.drString found in binary or memory: https://y.music.163.com/m/
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49743
Source: unknownNetwork traffic detected: HTTP traffic on port 60418 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 60414 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 60381
Source: unknownNetwork traffic detected: HTTP traffic on port 60424 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49762 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 60408 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 60427 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 60399 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 60389 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 60400 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 60419
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 60418
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 60417
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 60415
Source: unknownNetwork traffic detected: HTTP traffic on port 49759 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 60414
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 60413
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 60412
Source: unknownNetwork traffic detected: HTTP traffic on port 49675 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 60385 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 60419 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 60415 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 60391
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 60390
Source: unknownNetwork traffic detected: HTTP traffic on port 60393 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49763 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 60389
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 60422
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 60388
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 60387
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 60386
Source: unknownNetwork traffic detected: HTTP traffic on port 60396 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 60385
Source: unknownNetwork traffic detected: HTTP traffic on port 60409 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 60426 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 60401 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 60427
Source: unknownNetwork traffic detected: HTTP traffic on port 60386 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 60426
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 60425
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 60424
Source: unknownNetwork traffic detected: HTTP traffic on port 49758 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49764
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49763
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49762
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49761
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49760
Source: unknownNetwork traffic detected: HTTP traffic on port 60422 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 60390 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 60412 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49760 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49764 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 60399
Source: unknownNetwork traffic detected: HTTP traffic on port 60397 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 60398
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 60397
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 60396
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 60394
Source: unknownNetwork traffic detected: HTTP traffic on port 60425 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 60393
Source: unknownNetwork traffic detected: HTTP traffic on port 60387 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49759
Source: unknownNetwork traffic detected: HTTP traffic on port 60381 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49758
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49757
Source: unknownNetwork traffic detected: HTTP traffic on port 49755 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49755
Source: unknownNetwork traffic detected: HTTP traffic on port 49757 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49754
Source: unknownNetwork traffic detected: HTTP traffic on port 60417 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 60413 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 60409
Source: unknownNetwork traffic detected: HTTP traffic on port 49761 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 60391 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 60400
Source: unknownNetwork traffic detected: HTTP traffic on port 60394 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 60398 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 60407 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 60408
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 60407
Source: unknownNetwork traffic detected: HTTP traffic on port 60388 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49754 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 60401
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:60381 version: TLS 1.2
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:60385 version: TLS 1.2
Source: unknownHTTPS traffic detected: 52.165.165.26:443 -> 192.168.2.4:60401 version: TLS 1.2
Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.4:60412 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.4:60414 version: TLS 1.2
Source: unknownHTTPS traffic detected: 52.222.236.80:443 -> 192.168.2.4:60415 version: TLS 1.2
Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.4:60417 version: TLS 1.2
Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.4:60418 version: TLS 1.2
Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.4:60419 version: TLS 1.2
Source: unknownHTTPS traffic detected: 52.165.165.26:443 -> 192.168.2.4:60422 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:60426 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:60425 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:60427 version: TLS 1.2
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0102EAFF OpenClipboard,IsClipboardFormatAvailable,IsClipboardFormatAvailable,GetClipboardData,CloseClipboard,GlobalLock,CloseClipboard,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,DragQueryFileW,DragQueryFileW,DragQueryFileW,GlobalUnlock,CountClipboardFormats,CloseClipboard,0_2_0102EAFF
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0102ED6A OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,GlobalUnlock,OpenClipboard,EmptyClipboard,SetClipboardData,CloseClipboard,0_2_0102ED6A
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0102EAFF OpenClipboard,IsClipboardFormatAvailable,IsClipboardFormatAvailable,GetClipboardData,CloseClipboard,GlobalLock,CloseClipboard,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,DragQueryFileW,DragQueryFileW,DragQueryFileW,GlobalUnlock,CountClipboardFormats,CloseClipboard,0_2_0102EAFF
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0101AB9C GetKeyState,GetKeyboardState,SetKeyboardState,PostMessageW,SendInput,0_2_0101AB9C
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_01049576 DefDlgProcW,SendMessageW,GetWindowLongW,SendMessageW,SendMessageW,GetKeyState,GetKeyState,GetKeyState,SendMessageW,GetKeyState,SendMessageW,SendMessageW,SendMessageW,ImageList_SetDragCursorImage,ImageList_BeginDrag,SetCapture,ClientToScreen,ImageList_DragEnter,InvalidateRect,ReleaseCapture,GetCursorPos,ScreenToClient,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,GetCursorPos,ScreenToClient,GetParent,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,GetWindowLongW,0_2_01049576

System Summary

barindex
Binary is likely a compiled AutoIt script file
Source: file.exeString found in binary or memory: This is a third-party compiled AutoIt script.
Source: file.exe, 00000000.00000000.1643220571.0000000001072000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: This is a third-party compiled AutoIt script.memstr_27c5f21a-7
Source: file.exe, 00000000.00000000.1643220571.0000000001072000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: AnyArabicArmenianAvestanBalineseBamumBassa_VahBatakBengaliBopomofoBrahmiBrailleBugineseBuhidCCanadian_AboriginalCarianCaucasian_AlbanianCcCfChakmaChamCherokeeCnCoCommonCopticCsCuneiformCypriotCyrillicDeseretDevanagariDuployanEgyptian_HieroglyphsElbasanEthiopicGeorgianGlagoliticGothicGranthaGreekGujaratiGurmukhiHanHangulHanunooHebrewHiraganaImperial_AramaicInheritedInscriptional_PahlaviInscriptional_ParthianJavaneseKaithiKannadaKatakanaKayah_LiKharoshthiKhmerKhojkiKhudawadiLL&LaoLatinLepchaLimbuLinear_ALinear_BLisuLlLmLoLtLuLycianLydianMMahajaniMalayalamMandaicManichaeanMcMeMeetei_MayekMende_KikakuiMeroitic_CursiveMeroitic_HieroglyphsMiaoMnModiMongolianMroMyanmarNNabataeanNdNew_Tai_LueNkoNlNoOghamOl_ChikiOld_ItalicOld_North_ArabianOld_PermicOld_PersianOld_South_ArabianOld_TurkicOriyaOsmanyaPPahawh_HmongPalmyrenePau_Cin_HauPcPdPePfPhags_PaPhoenicianPiPoPsPsalter_PahlaviRejangRunicSSamaritanSaurashtraScSharadaShavianSiddhamSinhalaSkSmSoSora_SompengSundaneseSyloti_NagriSyriacTagalogTagbanwaTai_LeTai_ThamTai_VietTakriTamilTeluguThaanaThaiTibetanTifinaghTirhutaUgariticVaiWarang_CitiXanXpsXspXucXwdYiZZlZpZsSDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBoxSHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainermemstr_bc8e25eb-4
Source: file.exeString found in binary or memory: This is a third-party compiled AutoIt script.memstr_1aa013c2-d
Source: file.exeString found in binary or memory: AnyArabicArmenianAvestanBalineseBamumBassa_VahBatakBengaliBopomofoBrahmiBrailleBugineseBuhidCCanadian_AboriginalCarianCaucasian_AlbanianCcCfChakmaChamCherokeeCnCoCommonCopticCsCuneiformCypriotCyrillicDeseretDevanagariDuployanEgyptian_HieroglyphsElbasanEthiopicGeorgianGlagoliticGothicGranthaGreekGujaratiGurmukhiHanHangulHanunooHebrewHiraganaImperial_AramaicInheritedInscriptional_PahlaviInscriptional_ParthianJavaneseKaithiKannadaKatakanaKayah_LiKharoshthiKhmerKhojkiKhudawadiLL&LaoLatinLepchaLimbuLinear_ALinear_BLisuLlLmLoLtLuLycianLydianMMahajaniMalayalamMandaicManichaeanMcMeMeetei_MayekMende_KikakuiMeroitic_CursiveMeroitic_HieroglyphsMiaoMnModiMongolianMroMyanmarNNabataeanNdNew_Tai_LueNkoNlNoOghamOl_ChikiOld_ItalicOld_North_ArabianOld_PermicOld_PersianOld_South_ArabianOld_TurkicOriyaOsmanyaPPahawh_HmongPalmyrenePau_Cin_HauPcPdPePfPhags_PaPhoenicianPiPoPsPsalter_PahlaviRejangRunicSSamaritanSaurashtraScSharadaShavianSiddhamSinhalaSkSmSoSora_SompengSundaneseSyloti_NagriSyriacTagalogTagbanwaTai_LeTai_ThamTai_VietTakriTamilTeluguThaanaThaiTibetanTifinaghTirhutaUgariticVaiWarang_CitiXanXpsXspXucXwdYiZZlZpZsSDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBoxSHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainermemstr_db7a32fc-1
Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 16_2_00000250B9AE21F2 NtQuerySystemInformation,16_2_00000250B9AE21F2
Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 16_2_00000250B9AEA9B7 NtQuerySystemInformation,16_2_00000250B9AEA9B7
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0101D5EB: CreateFileW,DeviceIoControl,CloseHandle,0_2_0101D5EB
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_01011201 LogonUserW,DuplicateTokenEx,CloseHandle,OpenWindowStationW,GetProcessWindowStation,SetProcessWindowStation,OpenDesktopW,_wcslen,LoadUserProfileW,CreateEnvironmentBlock,CreateProcessAsUserW,UnloadUserProfile,GetProcessHeap,HeapFree,CloseWindowStation,CloseDesktop,SetProcessWindowStation,CloseHandle,DestroyEnvironmentBlock,0_2_01011201
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0101E8F6 ExitWindowsEx,InitiateSystemShutdownExW,SetSystemPowerState,0_2_0101E8F6
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00FB80600_2_00FB8060
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010220460_2_01022046
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010182980_2_01018298
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00FEE4FF0_2_00FEE4FF
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00FE676B0_2_00FE676B
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010448730_2_01044873
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00FBCAF00_2_00FBCAF0
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00FDCAA00_2_00FDCAA0
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00FCCC390_2_00FCCC39
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00FE6DD90_2_00FE6DD9
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00FB91C00_2_00FB91C0
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00FCB1190_2_00FCB119
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00FD13940_2_00FD1394
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00FD17060_2_00FD1706
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00FD781B0_2_00FD781B
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00FD19B00_2_00FD19B0
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00FC997D0_2_00FC997D
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00FB79200_2_00FB7920
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00FD7A4A0_2_00FD7A4A
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00FD7CA70_2_00FD7CA7
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00FD1C770_2_00FD1C77
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00FE9EEE0_2_00FE9EEE
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0103BE440_2_0103BE44
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00FD1F320_2_00FD1F32
Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 16_2_00000250B9AE21F216_2_00000250B9AE21F2
Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 16_2_00000250B9AE291C16_2_00000250B9AE291C
Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 16_2_00000250B9AE223216_2_00000250B9AE2232
Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 16_2_00000250B9AEA9B716_2_00000250B9AEA9B7
Source: C:\Users\user\Desktop\file.exeCode function: String function: 00FD0A30 appears 46 times
Source: C:\Users\user\Desktop\file.exeCode function: String function: 00FCF9F2 appears 31 times
Source: file.exeStatic PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
Source: classification engineClassification label: mal68.evad.winEXE@72/335@31/20
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010237B5 GetLastError,FormatMessageW,0_2_010237B5
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010110BF AdjustTokenPrivileges,CloseHandle,0_2_010110BF
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010116C3 LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,0_2_010116C3
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010251CD SetErrorMode,GetDiskFreeSpaceExW,SetErrorMode,0_2_010251CD
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0101D4DC CreateToolhelp32Snapshot,Process32FirstW,Process32NextW,FindCloseChangeNotification,0_2_0101D4DC
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0102648E _wcslen,CoInitialize,CoCreateInstance,CoUninitialize,0_2_0102648E
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00FB42A2 CreateStreamOnHGlobal,FindResourceExW,LoadResource,SizeofResource,LockResource,0_2_00FB42A2
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeFile created: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-66D4BE1E-1BF8.pmaJump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exeFile created: C:\Users\user\AppData\Local\Temp\firefoxJump to behavior
Source: file.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\file.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
Source: C:\Users\user\Desktop\file.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: Login Data.7.drBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
Source: file.exeVirustotal: Detection: 25%
Source: unknownProcess created: C:\Users\user\Desktop\file.exe "C:\Users\user\Desktop\file.exe"
Source: C:\Users\user\Desktop\file.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd
Source: C:\Users\user\Desktop\file.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd
Source: unknownProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd --attempting-deelevation
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2100 --field-trial-handle=1944,i,1885108096133923708,5615008366606404031,262144 /prefetch:3
Source: unknownProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2176 --field-trial-handle=1948,i,16766255207364502604,7562736169763922936,262144 /prefetch:3
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=6552 --field-trial-handle=1948,i,16766255207364502604,7562736169763922936,262144 /prefetch:8
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=6800 --field-trial-handle=1948,i,16766255207364502604,7562736169763922936,262144 /prefetch:8
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2284 -parentBuildID 20230927232528 -prefsHandle 2220 -prefMapHandle 2228 -prefsLen 25359 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {983f46ee-0e12-4a53-bee0-8668e7f3c346} 480 "\\.\pipe\gecko-crash-server-pipe.480" 214b0670910 socket
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe "C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=6312 --field-trial-handle=1948,i,16766255207364502604,7562736169763922936,262144 /prefetch:8
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe "C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=6312 --field-trial-handle=1948,i,16766255207364502604,7562736169763922936,262144 /prefetch:8
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4048 -parentBuildID 20230927232528 -prefsHandle 3944 -prefMapHandle 3940 -prefsLen 26374 -prefMapSize 237879 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b05df780-e3db-4483-9c2e-582d825b99d8} 480 "\\.\pipe\gecko-crash-server-pipe.480" 214c06bf610 rdd
Source: unknownProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2332 --field-trial-handle=2076,i,7221193845708721563,11522825552492207431,262144 /prefetch:3
Source: unknownProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2288 --field-trial-handle=1944,i,12137075612384507687,15765736089809574248,262144 /prefetch:3
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-GB --service-sandbox-type=search_indexer --message-loop-type-ui --mojo-platform-channel-handle=6928 --field-trial-handle=1948,i,16766255207364502604,7562736169763922936,262144 /prefetch:8
Source: C:\Users\user\Desktop\file.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwdJump to behavior
Source: C:\Users\user\Desktop\file.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwdJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2100 --field-trial-handle=1944,i,1885108096133923708,5615008366606404031,262144 /prefetch:3Jump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwdJump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2284 -parentBuildID 20230927232528 -prefsHandle 2220 -prefMapHandle 2228 -prefsLen 25359 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {983f46ee-0e12-4a53-bee0-8668e7f3c346} 480 "\\.\pipe\gecko-crash-server-pipe.480" 214b0670910 socketJump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4048 -parentBuildID 20230927232528 -prefsHandle 3944 -prefMapHandle 3940 -prefsLen 26374 -prefMapSize 237879 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b05df780-e3db-4483-9c2e-582d825b99d8} 480 "\\.\pipe\gecko-crash-server-pipe.480" 214c06bf610 rddJump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2176 --field-trial-handle=1948,i,16766255207364502604,7562736169763922936,262144 /prefetch:3Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=6552 --field-trial-handle=1948,i,16766255207364502604,7562736169763922936,262144 /prefetch:8Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=6800 --field-trial-handle=1948,i,16766255207364502604,7562736169763922936,262144 /prefetch:8Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe "C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=6312 --field-trial-handle=1948,i,16766255207364502604,7562736169763922936,262144 /prefetch:8Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe "C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=6312 --field-trial-handle=1948,i,16766255207364502604,7562736169763922936,262144 /prefetch:8Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-GB --service-sandbox-type=search_indexer --message-loop-type-ui --mojo-platform-channel-handle=6928 --field-trial-handle=1948,i,16766255207364502604,7562736169763922936,262144 /prefetch:8Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2332 --field-trial-handle=2076,i,7221193845708721563,11522825552492207431,262144 /prefetch:3
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2288 --field-trial-handle=1944,i,12137075612384507687,15765736089809574248,262144 /prefetch:3
Source: C:\Users\user\Desktop\file.exeSection loaded: wsock32.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: winmm.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: mpr.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: wininet.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: userenv.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: propsys.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: profapi.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: edputil.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: netutils.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: windows.staterepositoryps.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: appresolver.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: bcp47langs.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: slc.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: sppc.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: onecorecommonproxystub.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: pcacli.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: sfc_os.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32Jump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: Binary string: z:\task_1551543573\build\openh264\gmpopenh264.pdbV source: firefox.exe, 00000005.00000003.2060151315.00000214C1300000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2047360131.00000214C0F48000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.5.dr
Source: Binary string: z:\task_1551543573\build\openh264\gmpopenh264.pdb source: firefox.exe, 00000005.00000003.2060151315.00000214C1300000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2047360131.00000214C0F48000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.5.dr
Source: file.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: file.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: file.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: file.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: file.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00FB42DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,0_2_00FB42DE
Source: gmpopenh264.dll.tmp.5.drStatic PE information: section name: .rodata
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00FD0A76 push ecx; ret 0_2_00FD0A89
Source: C:\Program Files\Mozilla Firefox\firefox.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll.tmpJump to dropped file
Source: C:\Program Files\Mozilla Firefox\firefox.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll (copy)Jump to dropped file
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run MicrosoftEdgeAutoLaunch_C366A24065C39A1BE76E148DC2D0A868Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run MicrosoftEdgeAutoLaunch_C366A24065C39A1BE76E148DC2D0A868Jump to behavior
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00FCF98E GetForegroundWindow,FindWindowW,IsIconic,ShowWindow,SetForegroundWindow,GetWindowThreadProcessId,GetWindowThreadProcessId,GetCurrentThreadId,GetWindowThreadProcessId,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,SetForegroundWindow,MapVirtualKeyW,MapVirtualKeyW,keybd_event,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,SetForegroundWindow,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,0_2_00FCF98E
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_01041C41 IsWindowVisible,IsWindowEnabled,GetForegroundWindow,IsIconic,IsZoomed,0_2_01041C41
Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

Malware Analysis System Evasion

barindex
Found API chain indicative of sandbox detection
Source: C:\Users\user\Desktop\file.exeSandbox detection routine: GetForegroundWindow, DecisionNode, Sleepgraph_0-94674
Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 16_2_00000250B9AE21F2 rdtsc 16_2_00000250B9AE21F2
Source: C:\Users\user\Desktop\file.exeAPI coverage: 3.3 %
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0101DBBE lstrlenW,GetFileAttributesW,FindFirstFileW,FindClose,0_2_0101DBBE
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0102698F FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToSystemTime,FileTimeToSystemTime,0_2_0102698F
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010268EE FindFirstFileW,FindClose,0_2_010268EE
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0101D076 FindFirstFileW,DeleteFileW,DeleteFileW,MoveFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,0_2_0101D076
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0101D3A9 FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,0_2_0101D3A9
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0102979D SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_0102979D
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_01029642 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_01029642
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_01029B2B FindFirstFileW,Sleep,FindNextFileW,FindClose,0_2_01029B2B
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_01025C97 FindFirstFileW,FindNextFileW,FindClose,0_2_01025C97
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00FB42DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,0_2_00FB42DE
Source: firefox.exe, 0000000C.00000002.2899699265.000001EDDFE02000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWnOS
Source: firefox.exe, 00000010.00000002.2898419638.00000250B99D0000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2893780479.00000250B910A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
Source: firefox.exe, 00000005.00000003.1866166373.00000214BBF9B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000C.00000002.2898762232.000001EDDFD0F000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW : 2 : 34 : 1 : 1 : 0x20026 : 0x8 : %SystemRoot%\system32\mswsock.dll : : 1234191b-4bf7-4ca7-86e0-dfd7c32b5445
Source: firefox.exe, 0000000C.00000002.2894412621.000001EDDF99A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW L
Source: firefox.exe, 0000000C.00000002.2899699265.000001EDDFE02000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2898419638.00000250B99D0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: C:\Users\user\Desktop\file.exeProcess information queried: ProcessInformationJump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 16_2_00000250B9AE21F2 rdtsc 16_2_00000250B9AE21F2
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0102EAA2 BlockInput,0_2_0102EAA2
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00FE2622 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00FE2622
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00FB42DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,0_2_00FB42DE
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00FD4CE8 mov eax, dword ptr fs:[00000030h]0_2_00FD4CE8
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_01010B62 GetSecurityDescriptorDacl,GetAclInformation,GetLengthSid,GetLengthSid,GetAce,AddAce,GetLengthSid,GetProcessHeap,HeapAlloc,GetLengthSid,CopySid,AddAce,SetSecurityDescriptorDacl,SetUserObjectSecurity,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,0_2_01010B62
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00FE2622 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00FE2622
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00FD083F IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00FD083F
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00FD09D5 SetUnhandledExceptionFilter,0_2_00FD09D5
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00FD0C21 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_00FD0C21

HIPS / PFW / Operating System Protection Evasion

barindex
Maps a DLL or memory area into another process
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeSection loaded: NULL target: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe protection: readonlyJump to behavior
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_01011201 LogonUserW,DuplicateTokenEx,CloseHandle,OpenWindowStationW,GetProcessWindowStation,SetProcessWindowStation,OpenDesktopW,_wcslen,LoadUserProfileW,CreateEnvironmentBlock,CreateProcessAsUserW,UnloadUserProfile,GetProcessHeap,HeapFree,CloseWindowStation,CloseDesktop,SetProcessWindowStation,CloseHandle,DestroyEnvironmentBlock,0_2_01011201
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00FF2BA5 KiUserCallbackDispatcher,SetCurrentDirectoryW,GetForegroundWindow,ShellExecuteW,0_2_00FF2BA5
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0101B226 SendInput,keybd_event,0_2_0101B226
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0101E355 mouse_event,0_2_0101E355
Source: C:\Users\user\Desktop\file.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwdJump to behavior
Source: C:\Users\user\Desktop\file.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwdJump to behavior
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_01010B62 GetSecurityDescriptorDacl,GetAclInformation,GetLengthSid,GetLengthSid,GetAce,AddAce,GetLengthSid,GetProcessHeap,HeapAlloc,GetLengthSid,CopySid,AddAce,SetSecurityDescriptorDacl,SetUserObjectSecurity,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,0_2_01010B62
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_01011663 AllocateAndInitializeSid,CheckTokenMembership,FreeSid,0_2_01011663
Source: file.exeBinary or memory string: Run Script:AutoIt script files (*.au3, *.a3x)*.au3;*.a3xAll files (*.*)*.*au3#include depth exceeded. Make sure there are no recursive includesError opening the file>>>AUTOIT SCRIPT<<<Bad directive syntax errorUnterminated stringCannot parse #includeUnterminated group of commentsONOFF0%d%dShell_TrayWndREMOVEKEYSEXISTSAPPENDblankinfoquestionstopwarning
Source: file.exeBinary or memory string: Shell_TrayWnd
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00FD0698 cpuid 0_2_00FD0698
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_01028195 GetLocalTime,SystemTimeToFileTime,LocalFileTimeToFileTime,GetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,0_2_01028195
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0100D27A GetUserNameW,0_2_0100D27A
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00FEBB6F _free,GetTimeZoneInformation,WideCharToMultiByte,WideCharToMultiByte,0_2_00FEBB6F
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00FB42DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,0_2_00FB42DE
Source: file.exeBinary or memory string: WIN_81
Source: file.exeBinary or memory string: WIN_XP
Source: file.exeBinary or memory string: %.3d%S%M%H%m%Y%jX86IA64X64WIN32_NTWIN_11WIN_10WIN_2022WIN_2019WIN_2016WIN_81WIN_2012R2WIN_2012WIN_8WIN_2008R2WIN_7WIN_2008WIN_VISTAWIN_2003WIN_XPeWIN_XPInstallLanguageSYSTEM\CurrentControlSet\Control\Nls\LanguageSchemeLangIDControl Panel\AppearanceUSERPROFILEUSERDOMAINUSERDNSDOMAINGetSystemWow64DirectoryWSeDebugPrivilege:winapistdcallubyte64HKEY_LOCAL_MACHINEHKLMHKEY_CLASSES_ROOTHKCRHKEY_CURRENT_CONFIGHKCCHKEY_CURRENT_USERHKCUHKEY_USERSHKUREG_EXPAND_SZREG_SZREG_MULTI_SZREG_DWORDREG_QWORDREG_BINARYRegDeleteKeyExWadvapi32.dll+.-.\\[\\nrt]|%%|%[-+ 0#]?([0-9]*|\*)?(\.[0-9]*|\.\*)?[hlL]?[diouxXeEfgGs](*UCP)\XISVISIBLEISENABLEDTABLEFTTABRIGHTCURRENTTABSHOWDROPDOWNHIDEDROPDOWNADDSTRINGDELSTRINGFINDSTRINGGETCOUNTSETCURRENTSELECTIONGETCURRENTSELECTIONSELECTSTRINGISCHECKEDCHECKUNCHECKGETSELECTEDGETLINECOUNTGETCURRENTLINEGETCURRENTCOLEDITPASTEGETLINESENDCOMMANDIDGETITEMCOUNTGETSUBITEMCOUNTGETTEXTGETSELECTEDCOUNTISSELECTEDSELECTALLSELECTCLEARSELECTINVERTDESELECTFINDITEMVIEWCHANGEGETTOTALCOUNTCOLLAPSEEXPANDmsctls_statusbar321tooltips_class32%d/%02d/%02dbuttonComboboxListboxSysDateTimePick32SysMonthCal32.icl.exe.dllMsctls_Progress32msctls_trackbar32SysAnimate32msctls_updown32SysTabControl32SysTreeView32SysListView32-----@GUI_DRAGID@GUI_DROPID@GUI_DRAGFILEError text not found (please report)Q\EDEFINEUTF16)UTF)UCP)NO_AUTO_POSSESS)NO_START_OPT)LIMIT_MATCH=LIMIT_RECURSION=CR)LF)CRLF)ANY)ANYCRLF)BSR_ANYCRLF)BSR_UNICODE)argument is not a compiled regular expressionargument not compiled in 16 bit modeinternal error: opcode not recognizedinternal error: missing capturing bracketfailed to get memory
Source: file.exeBinary or memory string: WIN_XPe
Source: file.exeBinary or memory string: WIN_VISTA
Source: file.exeBinary or memory string: WIN_7
Source: file.exeBinary or memory string: WIN_8
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_01031204 socket,WSAGetLastError,bind,WSAGetLastError,closesocket,listen,WSAGetLastError,closesocket,0_2_01031204
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_01031806 socket,WSAGetLastError,bind,WSAGetLastError,closesocket,0_2_01031806

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire Infrastructure2
Valid Accounts		1
Native API		1
DLL Side-Loading		1
Exploitation for Privilege Escalation		1
Disable or Modify Tools		21
Input Capture		2
System Time Discovery		Remote Services1
Archive Collected Data		4
Ingress Tool Transfer		Exfiltration Over Other Network Medium1
System Shutdown/Reboot
CredentialsDomainsDefault AccountsScheduled Task/Job2
Valid Accounts		1
DLL Side-Loading		1
Deobfuscate/Decode Files or Information		LSASS Memory1
Account Discovery		Remote Desktop Protocol21
Input Capture		11
Encrypted Channel		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAt1
Registry Run Keys / Startup Folder		2
Valid Accounts		2
Obfuscated Files or Information		Security Account Manager2
File and Directory Discovery		SMB/Windows Admin Shares3
Clipboard Data		4
Non-Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook21
Access Token Manipulation		1
DLL Side-Loading		NTDS15
System Information Discovery		Distributed Component Object ModelInput Capture5
Application Layer Protocol		Traffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon Script112
Process Injection		1
Masquerading		LSA Secrets131
Security Software Discovery		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC Scripts1
Registry Run Keys / Startup Folder		2
Valid Accounts		Cached Domain Credentials1
Virtualization/Sandbox Evasion		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
Virtualization/Sandbox Evasion		DCSync3
Process Discovery		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job21
Access Token Manipulation		Proc Filesystem1
Application Window Discovery		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt112
Process Injection		/etc/passwd and /etc/shadow1
System Owner/User Discovery		Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1502483 Sample: file.exe Startdate: 01/09/2024 Architecture: WINDOWS Score: 68 48 telemetry-incoming.r53-2.services.mozilla.com 2->48 50 sni1gl.wpc.nucdn.net 2->50 52 13 other IPs or domains 2->52 70 Multi AV Scanner detection for submitted file 2->70 72 Binary is likely a compiled AutoIt script file 2->72 74 Machine Learning detection for sample 2->74 76 AI detected suspicious sample 2->76 8 file.exe 1 2->8         started        11 msedge.exe 150 525 2->11         started        14 firefox.exe 1 2->14         started        16 2 other processes 2->16 signatures3 process4 dnsIp5 78 Binary is likely a compiled AutoIt script file 8->78 80 Found API chain indicative of sandbox detection 8->80 18 msedge.exe 16 8->18         started        20 firefox.exe 1 8->20         started        66 192.168.2.4, 138, 443, 49520 unknown unknown 11->66 68 239.255.255.250 unknown Reserved 11->68 82 Maps a DLL or memory area into another process 11->82 22 msedge.exe 11->22         started        25 msedge.exe 11->25         started        27 msedge.exe 11->27         started        36 3 other processes 11->36 29 firefox.exe 3 94 14->29         started        32 msedge.exe 16->32         started        34 msedge.exe 16->34         started        signatures6 process7 dnsIp8 38 msedge.exe 18->38         started        54 13.107.246.40, 443, 49762, 49763 MICROSOFT-CORP-MSN-AS-BLOCKUS United States 22->54 56 20.96.153.111, 443, 49761 MICROSOFT-CORP-MSN-AS-BLOCKUS United States 22->56 62 13 other IPs or domains 22->62 58 prod.detectportal.prod.cloudops.mozgcp.net 34.107.221.82, 60392, 60395, 60416 GOOGLEUS United States 29->58 60 telemetry-incoming.r53-2.services.mozilla.com 34.120.208.123, 443, 60425, 60426 GOOGLEUS United States 29->60 64 5 other IPs or domains 29->64 44 C:\Users\user\AppData\...\gmpopenh264.dll.tmp, PE32+ 29->44 dropped 46 C:\Users\user\...\gmpopenh264.dll (copy), PE32+ 29->46 dropped 40 firefox.exe 29->40         started        42 firefox.exe 29->42         started        file9 process10

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
file.exe26%VirustotalBrowse
file.exe100%Joe Sandbox ML

Dropped Files

SourceDetectionScannerLabelLink
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll (copy)0%ReversingLabs
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll.tmp0%ReversingLabs

Unpacked PE Files

No Antivirus matches

Domains

SourceDetectionScannerLabelLink
example.org0%VirustotalBrowse
chrome.cloudflare-dns.com0%VirustotalBrowse
prod.balrog.prod.cloudops.mozgcp.net0%VirustotalBrowse
prod.detectportal.prod.cloudops.mozgcp.net0%VirustotalBrowse
services.addons.mozilla.org0%VirustotalBrowse
prod.classify-client.prod.webservices.mozgcp.net0%VirustotalBrowse
ipv4only.arpa0%VirustotalBrowse
prod.remote-settings.prod.webservices.mozgcp.net0%VirustotalBrowse
bzib.nelreports.net0%VirustotalBrowse
clients2.googleusercontent.com0%VirustotalBrowse
detectportal.firefox.com0%VirustotalBrowse
googlehosted.l.googleusercontent.com0%VirustotalBrowse
firefox.settings.services.mozilla.com0%VirustotalBrowse
sni1gl.wpc.nucdn.net0%VirustotalBrowse
telemetry-incoming.r53-2.services.mozilla.com0%VirustotalBrowse

URLs

SourceDetectionScannerLabelLink
https://duckduckgo.com/chrome_newtab0%URL Reputationsafe
https://duckduckgo.com/ac/?q=0%URL Reputationsafe
https://duckduckgo.com/ac/?q=0%URL Reputationsafe
http://detectportal.firefox.com/0%URL Reputationsafe
https://services.addons.mozilla.org/api/v5/addons/browser-mappings/?browser=%BROWSER%0%URL Reputationsafe
http://www.mozilla.com00%URL Reputationsafe
https://bridge.lga1.admarketplace.net/ctp?version=16.0.0&key=1696332238301000001.2&ci=1696332238417.0%URL Reputationsafe
https://merino.services.mozilla.com/api/v1/suggest0%URL Reputationsafe
https://csp.withgoogle.com/csp/report-to/apps-themes0%URL Reputationsafe
http://www.fontbureau.com/designers0%URL Reputationsafe
https://monitor.firefox.com/oauth/init?entrypoint=protection_report_monitor&utm_source=about-protect0%URL Reputationsafe
https://screenshots.firefox.com0%URL Reputationsafe
https://completion.amazon.com/search/complete?q=0%URL Reputationsafe
https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/social-media-tracking-report0%URL Reputationsafe
https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/send-tab0%URL Reputationsafe
https://monitor.firefox.com/breach-details/0%URL Reputationsafe
https://versioncheck-bg.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEM0%URL Reputationsafe
https://profiler.firefox.com/0%URL Reputationsafe
https://outlook.live.com/mail/inbox?isExtension=true&sharedHeader=1&nlp=1&client_flight=outlookedge0%URL Reputationsafe
https://services.addons.mozilla.org/api/v4/addons/addon/0%URL Reputationsafe
https://tracking-protection-issues.herokuapp.com/new0%URL Reputationsafe
http://exslt.org/sets0%URL Reputationsafe
https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/password-manager-report0%URL Reputationsafe
https://www.deezer.com/0%URL Reputationsafe
https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/fingerprinters-report0%URL Reputationsafe
https://api.accounts.firefox.com/v10%URL Reputationsafe
http://exslt.org/common0%URL Reputationsafe
https://drive-daily-2.corp.google.com/0%URL Reputationsafe
https://fpn.firefox.com0%URL Reputationsafe
https://monitor.firefox.com/?entrypoint=protection_report_monitor&utm_source=about-protections0%URL Reputationsafe
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=0%URL Reputationsafe
http://exslt.org/dates-and-times0%URL Reputationsafe
https://drive-daily-1.corp.google.com/0%URL Reputationsafe
https://excel.new?from=EdgeM365Shoreline0%URL Reputationsafe
https://drive-daily-5.corp.google.com/0%URL Reputationsafe
https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/shield0%URL Reputationsafe
https://bzib.nelreports.net/api/report?cat=bingbusiness0%URL Reputationsafe
https://mitmdetection.services.mozilla.com/0%URL Reputationsafe
https://chromewebstore.google.com/0%URL Reputationsafe
https://drive-preprod.corp.google.com/0%URL Reputationsafe
https://play.google.com/store/apps/details?id=org.mozilla.firefox.vpn&referrer=utm_source%3Dfirefox-0%Avira URL Cloudsafe
https://services.addons.mozilla.org/api/v4/abuse/report/addon/0%URL Reputationsafe
https://services.addons.mozilla.org0%Avira URL Cloudsafe
https://services.addons.mozilla.org/api/v4/addons/search/?guid=%IDS%&lang=%LOCALE%0%URL Reputationsafe
https://color.firefox.com/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_content=theme-f0%URL Reputationsafe
http://ww.microH0%Avira URL Cloudsafe
https://monitor.firefox.com/user/breach-stats?includeResolved=true0%URL Reputationsafe
https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/cross-site-tracking-report0%URL Reputationsafe
https://outlook.live.com/mail/0/0%URL Reputationsafe
https://services.addons.mozilla.org/api/v4/addons/search/?guid=default-theme%40mozilla.org%2Caddons-0%URL Reputationsafe
https://safebrowsing.google.com/safebrowsing/diagnostic?site=0%URL Reputationsafe
https://monitor.firefox.com/user/dashboard0%URL Reputationsafe
https://versioncheck.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEM_ID0%URL Reputationsafe
https://docs.google.com/0%Avira URL Cloudsafe
https://monitor.firefox.com/about0%URL Reputationsafe
https://account.bellmedia.c0%URL Reputationsafe
https://www.openh264.org/0%URL Reputationsafe
https://login.microsoftonline.com0%URL Reputationsafe
https://coverage.mozilla.org0%URL Reputationsafe
http://crl.thawte.com/ThawteTimestampingCA.crl00%URL Reputationsafe
https://csp.withgoogle.com/csp/report-to/AccountsSignInUi0%URL Reputationsafe
https://outlook.live.com/mail/compose?isExtension=true0%URL Reputationsafe
https://blocked.cdn.mozilla.net/0%URL Reputationsafe
https://developer.mozilla.org/en-US/docs/Glossary/speculative_parsingDocumentWriteIgnored0%URL Reputationsafe
https://profiler.firefox.com0%URL Reputationsafe
https://outlook.live.com/default.aspx?rru=compose&to=%s0%URL Reputationsafe
https://www.youtube.com0%Avira URL Cloudsafe
http://www.sandoll.co.krcomm/0%Avira URL Cloudsafe
https://www.instagram.com0%Avira URL Cloudsafe
https://play.google.com/store/apps/details?id=org.mozilla.firefox.vpn&referrer=utm_source%3Dfirefox-0%VirustotalBrowse
http://www.jiyu-kobo.co.jp/80%Avira URL Cloudsafe
https://services.addons.mozilla.org0%VirustotalBrowse
http://www.fontbureau.com/designersadnl0%Avira URL Cloudsafe
https://docs.google.com/0%VirustotalBrowse
https://www.amazon.com/exec/obidos/external-search/0%Avira URL Cloudsafe
https://www.msn.com0%Avira URL Cloudsafe
http://www.jiyu-kobo.co.jp/80%VirustotalBrowse
http://www.fontbureau.com/designers/frere-user.html:0%Avira URL Cloudsafe
https://outlook.office.com/mail/compose?isExtension=true0%Avira URL Cloudsafe
http://www.sandoll.co.krF0%Avira URL Cloudsafe
https://www.instagram.com0%VirustotalBrowse
http://www.fontbureau.com/designers/frere-user.html:0%VirustotalBrowse
https://www.youtube.com0%VirustotalBrowse
https://github.com/mozilla-services/screenshots0%Avira URL Cloudsafe
https://i.y.qq.com/n2/m/index.html0%Avira URL Cloudsafe
https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_7548d4575af019e4c148ccf1a78112802e66a0816a72fc940%Avira URL Cloudsafe
https://github.com/mozilla-services/screenshots0%VirustotalBrowse
https://web.telegram.org/0%Avira URL Cloudsafe
https://i.y.qq.com/n2/m/index.html0%VirustotalBrowse
http://www.jiyu-kobo.co.jp/X0%Avira URL Cloudsafe
https://www.amazon.com/exec/obidos/external-search/0%VirustotalBrowse
https://www.msn.com0%VirustotalBrowse
https://web.telegram.org/0%VirustotalBrowse
http://www.jiyu-kobo.co.jp/jp0%Avira URL Cloudsafe
https://addons.mozilla.org/%LOCALE%/%APP%/blocked-addon/%addonID%/%addonVersion%/0%Avira URL Cloudsafe
http://www.jiyu-kobo.co.jp/X0%VirustotalBrowse
https://bridge.lga1.ap01.net/ctp?version=16.0.0&key=1696332238301000001.1&ci=1696332238417.12791&cta0%Avira URL Cloudsafe
http://www.jiyu-kobo.co.jp/H0%Avira URL Cloudsafe
http://www.jiyu-kobo.co.jp/F0%Avira URL Cloudsafe
http://www.fontbureau.com/designersadnl0%VirustotalBrowse

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
example.org
93.184.215.14
truefalseunknown
chrome.cloudflare-dns.com
172.64.41.3
truefalseunknown
prod.classify-client.prod.webservices.mozgcp.net
35.190.72.216
truefalseunknown
prod.balrog.prod.cloudops.mozgcp.net
35.244.181.201
truefalseunknown
prod.detectportal.prod.cloudops.mozgcp.net
34.107.221.82
truefalseunknown
services.addons.mozilla.org
52.222.236.80
truefalseunknown
ipv4only.arpa
192.0.0.171
truefalseunknown
prod.remote-settings.prod.webservices.mozgcp.net
34.149.100.209
truefalseunknown
googlehosted.l.googleusercontent.com
142.250.185.161
truefalseunknown
sni1gl.wpc.nucdn.net
152.199.21.175
truefalseunknown
telemetry-incoming.r53-2.services.mozilla.com
34.120.208.123
truefalseunknown
detectportal.firefox.com
unknown
unknownfalseunknown
clients2.googleusercontent.com
unknown
unknownfalseunknown
bzib.nelreports.net
unknown
unknownfalseunknown
firefox.settings.services.mozilla.com
unknown
unknownfalseunknown

Contacted URLs

NameMaliciousAntivirus DetectionReputation
https://www.google.com/favicon.icofalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://clients2.googleusercontent.com/crx/blobs/AY4GWKBMNax_FQrZEVzNkO_0mu3UShnzR6AihR_EPjVIUOT_pwZzkWCpOk8YKIu0qnIq_YObWXuPyiJ7NA0nDjMHUEYIIEknsNvJHXuPd0MqxESzoxi9xiMyJKNwZiVV1yEAxlKa5UVe61sINARQ7fO9dE0bkfP_W4GG/GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_80_1_0.crxfalse
  • Avira URL Cloud: safe
unknown

URLs from Memory and Binaries

NameSourceMaliciousAntivirus DetectionReputation
https://duckduckgo.com/chrome_newtabWeb Data.7.drfalse
  • URL Reputation: safe
unknown
https://play.google.com/store/apps/details?id=org.mozilla.firefox.vpn&referrer=utm_source%3Dfirefox-firefox.exe, 0000000C.00000002.2895566607.000001EDDFB50000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2897478259.00000250B9500000.00000002.08000000.00040000.00000000.sdmpfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://duckduckgo.com/ac/?q=Web Data.7.drfalse
  • URL Reputation: safe
  • URL Reputation: safe
unknown
http://detectportal.firefox.com/firefox.exe, 00000005.00000003.1864940710.00000214BE137000.00000004.00000800.00020000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
http://ww.microHfirefox.exe, 00000005.00000003.2358300373.00000214B73E2000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2358343806.00000214B73E4000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2358526882.00000214B73E6000.00000004.00000020.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://services.addons.mozilla.orgfirefox.exe, 00000005.00000003.2057764231.00000214BC7F4000.00000004.00000800.00020000.00000000.sdmpfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://services.addons.mozilla.org/api/v5/addons/browser-mappings/?browser=%BROWSER%firefox.exe, 0000000C.00000002.2895566607.000001EDDFB50000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2897478259.00000250B9500000.00000002.08000000.00040000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
http://www.mozilla.com0firefox.exe, 00000005.00000003.2055866169.00000214C00C1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2060151315.00000214C1300000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.5.drfalse
  • URL Reputation: safe
unknown
https://bridge.lga1.admarketplace.net/ctp?version=16.0.0&key=1696332238301000001.2&ci=1696332238417.firefox.exe, 00000005.00000003.2377409157.00000214BBEB5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000C.00000002.2895807713.000001EDDFCCB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2895011783.00000250B94CF000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.5.drfalse
  • URL Reputation: safe
unknown
https://merino.services.mozilla.com/api/v1/suggestfirefox.exe, 0000000C.00000002.2895807713.000001EDDFC72000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2895011783.00000250B9492000.00000004.00000800.00020000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://csp.withgoogle.com/csp/report-to/apps-themesReporting and NEL.7.drfalse
  • URL Reputation: safe
unknown
http://www.fontbureau.com/designersfirefox.exe, 00000005.00000003.2333395622.00000214B73C5000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2357169298.00000214B73E2000.00000004.00000020.00020000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://monitor.firefox.com/oauth/init?entrypoint=protection_report_monitor&utm_source=about-protectfirefox.exe, 0000000C.00000002.2895566607.000001EDDFB50000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2897478259.00000250B9500000.00000002.08000000.00040000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://docs.google.com/manifest.json.7.drfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://screenshots.firefox.comfirefox.exe, 00000005.00000003.1864940710.00000214BE18E000.00000004.00000800.00020000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://www.youtube.comaa0b92e2-8cc9-4959-843e-dfb73ecea653.tmp.7.drfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://completion.amazon.com/search/complete?q=firefox.exe, 00000005.00000003.1719663246.00000214C0000000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1721888625.00000214C0281000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1720877532.00000214C0217000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1721555155.00000214C0257000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1721717567.00000214C026C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1721154613.00000214C022C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1721342892.00000214C0241000.00000004.00000800.00020000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/social-media-tracking-reportfirefox.exe, 0000000C.00000002.2895566607.000001EDDFB50000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2897478259.00000250B9500000.00000002.08000000.00040000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
http://www.sandoll.co.krcomm/firefox.exe, 00000005.00000003.2350470940.00000214B73C1000.00000004.00000020.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://www.instagram.comaa0b92e2-8cc9-4959-843e-dfb73ecea653.tmp.7.drfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
http://www.jiyu-kobo.co.jp/8firefox.exe, 00000005.00000003.2423252025.00000214B73C4000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2418328226.00000214B73C5000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2418071186.00000214B73C4000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2421183769.00000214B73C4000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2421763989.00000214B73C4000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2419986632.00000214B73C4000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2417110710.00000214B73C0000.00000004.00000020.00020000.00000000.sdmpfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/send-tabfirefox.exe, 0000000C.00000002.2895566607.000001EDDFB50000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2897478259.00000250B9500000.00000002.08000000.00040000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://monitor.firefox.com/breach-details/firefox.exe, 0000000C.00000002.2895566607.000001EDDFB50000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2897478259.00000250B9500000.00000002.08000000.00040000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
http://www.fontbureau.com/designersadnlfirefox.exe, 00000005.00000003.2336005007.00000214B73E6000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2336087915.00000214B73E6000.00000004.00000020.00020000.00000000.sdmpfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://versioncheck-bg.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEMfirefox.exe, 0000000C.00000002.2895566607.000001EDDFB50000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2897478259.00000250B9500000.00000002.08000000.00040000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://www.amazon.com/exec/obidos/external-search/firefox.exe, 00000005.00000003.1719663246.00000214C0000000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1721888625.00000214C0281000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1720877532.00000214C0217000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1758106431.00000214C11B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1721555155.00000214C0257000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1721717567.00000214C026C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1771875572.00000214C11B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1721154613.00000214C022C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1721342892.00000214C0241000.00000004.00000800.00020000.00000000.sdmpfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://profiler.firefox.com/firefox.exe, 00000005.00000003.1864940710.00000214BE16D000.00000004.00000800.00020000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://www.msn.comfirefox.exe, 00000005.00000003.1819337393.00000214C386F000.00000004.00000800.00020000.00000000.sdmpfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
http://www.fontbureau.com/designers/frere-user.html:firefox.exe, 00000005.00000003.2348527148.00000214B73EC000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2348334487.00000214B73E2000.00000004.00000020.00020000.00000000.sdmpfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://outlook.live.com/mail/inbox?isExtension=true&sharedHeader=1&nlp=1&client_flight=outlookedgeaa0b92e2-8cc9-4959-843e-dfb73ecea653.tmp.7.drfalse
  • URL Reputation: safe
unknown
https://outlook.office.com/mail/compose?isExtension=trueaa0b92e2-8cc9-4959-843e-dfb73ecea653.tmp.7.drfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
http://www.sandoll.co.krFfirefox.exe, 00000005.00000003.2350470940.00000214B73C1000.00000004.00000020.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://github.com/mozilla-services/screenshotsfirefox.exe, 00000005.00000003.1719663246.00000214C0000000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1720877532.00000214C0217000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1721555155.00000214C0257000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1721717567.00000214C026C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1721154613.00000214C022C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1721342892.00000214C0241000.00000004.00000800.00020000.00000000.sdmpfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://services.addons.mozilla.org/api/v4/addons/addon/firefox.exe, 0000000C.00000002.2895566607.000001EDDFB50000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2897478259.00000250B9500000.00000002.08000000.00040000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://tracking-protection-issues.herokuapp.com/newfirefox.exe, 0000000C.00000002.2895566607.000001EDDFB50000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2897478259.00000250B9500000.00000002.08000000.00040000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
http://exslt.org/setsfirefox.exe, 00000005.00000003.1866449602.00000214BBE8C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2377409157.00000214BBE8A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2119968764.00000214BBE8A000.00000004.00000800.00020000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/password-manager-reportfirefox.exe, 0000000C.00000002.2895566607.000001EDDFB50000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2897478259.00000250B9500000.00000002.08000000.00040000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://i.y.qq.com/n2/m/index.htmlaa0b92e2-8cc9-4959-843e-dfb73ecea653.tmp.7.drfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://www.deezer.com/aa0b92e2-8cc9-4959-843e-dfb73ecea653.tmp.7.drfalse
  • URL Reputation: safe
unknown
https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_7548d4575af019e4c148ccf1a78112802e66a0816a72fc94firefox.exe, 00000005.00000003.2377409157.00000214BBEB5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000C.00000002.2895807713.000001EDDFCCB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2895011783.00000250B94CF000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.5.drfalse
  • Avira URL Cloud: safe
unknown
https://web.telegram.org/aa0b92e2-8cc9-4959-843e-dfb73ecea653.tmp.7.drfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
http://www.jiyu-kobo.co.jp/Xfirefox.exe, 00000005.00000003.2418071186.00000214B73C4000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2414790589.00000214B73C5000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2417110710.00000214B73C0000.00000004.00000020.00020000.00000000.sdmpfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
http://www.jiyu-kobo.co.jp/jpfirefox.exe, 00000005.00000003.2418328226.00000214B73C5000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2418071186.00000214B73C4000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2421183769.00000214B73C4000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2421763989.00000214B73C4000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2414790589.00000214B73C5000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2419986632.00000214B73C4000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2417110710.00000214B73C0000.00000004.00000020.00020000.00000000.sdmpfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/fingerprinters-reportfirefox.exe, 0000000C.00000002.2895566607.000001EDDFB50000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2897478259.00000250B9500000.00000002.08000000.00040000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://api.accounts.firefox.com/v1firefox.exe, 0000000C.00000002.2895566607.000001EDDFB50000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2897478259.00000250B9500000.00000002.08000000.00040000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
http://exslt.org/commonfirefox.exe, 00000005.00000003.1866449602.00000214BBE8C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2377409157.00000214BBE8A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2119968764.00000214BBE8A000.00000004.00000800.00020000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://drive-daily-2.corp.google.com/manifest.json.7.drfalse
  • URL Reputation: safe
unknown
https://addons.mozilla.org/%LOCALE%/%APP%/blocked-addon/%addonID%/%addonVersion%/firefox.exe, 0000000C.00000002.2895566607.000001EDDFB50000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2897478259.00000250B9500000.00000002.08000000.00040000.00000000.sdmpfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://fpn.firefox.comfirefox.exe, 00000005.00000003.1864940710.00000214BE137000.00000004.00000800.00020000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://monitor.firefox.com/?entrypoint=protection_report_monitor&utm_source=about-protectionsfirefox.exe, 0000000C.00000002.2895566607.000001EDDFB50000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2897478259.00000250B9500000.00000002.08000000.00040000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=Web Data.7.drfalse
  • URL Reputation: safe
unknown
http://exslt.org/dates-and-timesfirefox.exe, 00000005.00000003.2120299762.00000214BBE81000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1866649038.00000214BBE81000.00000004.00000800.00020000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://bridge.lga1.ap01.net/ctp?version=16.0.0&key=1696332238301000001.1&ci=1696332238417.12791&ctafirefox.exe, 00000005.00000003.2377409157.00000214BBEB5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000C.00000002.2895807713.000001EDDFCCB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2895011783.00000250B94CF000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.5.drfalse
  • Avira URL Cloud: safe
unknown
http://www.jiyu-kobo.co.jp/Hfirefox.exe, 00000005.00000003.2418328226.00000214B73C5000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2421183769.00000214B73C4000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2421763989.00000214B73C4000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2419986632.00000214B73C4000.00000004.00000020.00020000.00000000.sdmpfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
http://www.jiyu-kobo.co.jp/Ffirefox.exe, 00000005.00000003.2410203849.00000214B73C4000.00000004.00000020.00020000.00000000.sdmpfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://drive-daily-1.corp.google.com/manifest.json.7.drfalse
  • URL Reputation: safe
unknown
https://excel.new?from=EdgeM365Shorelineaa0b92e2-8cc9-4959-843e-dfb73ecea653.tmp.7.drfalse
  • URL Reputation: safe
unknown
https://www.youtube.com/firefox.exe, 00000005.00000003.2046265945.00000214BD454000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1826092358.00000214BD45D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1865652057.00000214BD45D000.00000004.00000800.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://drive-daily-5.corp.google.com/manifest.json.7.drfalse
  • URL Reputation: safe
unknown
https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/shieldfirefox.exe, 0000000C.00000002.2895566607.000001EDDFB50000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2897478259.00000250B9500000.00000002.08000000.00040000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://bzib.nelreports.net/api/report?cat=bingbusinessReporting and NEL.7.drfalse
  • URL Reputation: safe
unknown
http://127.0.0.1:firefox.exe, 00000005.00000003.1824766176.00000214C0079000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2055991322.00000214C0079000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000C.00000002.2895566607.000001EDDFB50000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2897478259.00000250B9500000.00000002.08000000.00040000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
http://www.monotype.0firefox.exe, 00000005.00000003.2337696991.00000214B73E6000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2337779275.00000214B73E6000.00000004.00000020.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://mitmdetection.services.mozilla.com/firefox.exe, 0000000C.00000002.2895566607.000001EDDFB50000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2897478259.00000250B9500000.00000002.08000000.00040000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
http://detectportal.firefox.comPfirefox.exe, 00000005.00000003.1758106431.00000214C11BC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1771830417.00000214C11BE000.00000004.00000800.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://chromewebstore.google.com/manifest.json0.7.drfalse
  • URL Reputation: safe
unknown
https://drive-preprod.corp.google.com/manifest.json.7.drfalse
  • URL Reputation: safe
unknown
https://chrome.google.com/webstore/manifest.json0.7.drfalse
  • Avira URL Cloud: safe
unknown
https://services.addons.mozilla.org/api/v4/abuse/report/addon/firefox.exe, 0000000C.00000002.2895566607.000001EDDFB50000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2897478259.00000250B9500000.00000002.08000000.00040000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://services.addons.mozilla.org/api/v4/addons/search/?guid=%IDS%&lang=%LOCALE%firefox.exe, 0000000C.00000002.2895566607.000001EDDFB50000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2897478259.00000250B9500000.00000002.08000000.00040000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://color.firefox.com/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_content=theme-ffirefox.exe, 0000000C.00000002.2895566607.000001EDDFB50000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2897478259.00000250B9500000.00000002.08000000.00040000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://bard.google.com/aa0b92e2-8cc9-4959-843e-dfb73ecea653.tmp.7.drfalse
  • Avira URL Cloud: safe
unknown
https://play.google.com/store/apps/details?id=org.mozilla.firefox&referrer=utm_source%3Dprotection_rfirefox.exe, 0000000C.00000002.2895566607.000001EDDFB50000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2897478259.00000250B9500000.00000002.08000000.00040000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://monitor.firefox.com/user/breach-stats?includeResolved=truefirefox.exe, 0000000C.00000002.2895566607.000001EDDFB50000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2897478259.00000250B9500000.00000002.08000000.00040000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/cross-site-tracking-reportfirefox.exe, 0000000C.00000002.2895566607.000001EDDFB50000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2897478259.00000250B9500000.00000002.08000000.00040000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://www.office.comaa0b92e2-8cc9-4959-843e-dfb73ecea653.tmp.7.drfalse
  • Avira URL Cloud: safe
unknown
https://outlook.live.com/mail/0/aa0b92e2-8cc9-4959-843e-dfb73ecea653.tmp.7.drfalse
  • URL Reputation: safe
unknown
https://services.addons.mozilla.org/api/v4/addons/search/?guid=default-theme%40mozilla.org%2Caddons-firefox.exe, 00000005.00000003.2052041812.00000214BD4D0000.00000004.00000800.00020000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://safebrowsing.google.com/safebrowsing/diagnostic?site=firefox.exe, 0000000C.00000002.2895566607.000001EDDFB50000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2897478259.00000250B9500000.00000002.08000000.00040000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
http://www.inbox.lv/rfc2368/?value=%sufirefox.exe, 00000005.00000003.1866816266.00000214BBE54000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2120363467.00000214BBE43000.00000004.00000800.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://monitor.firefox.com/user/dashboardfirefox.exe, 0000000C.00000002.2895566607.000001EDDFB50000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2897478259.00000250B9500000.00000002.08000000.00040000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://versioncheck.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEM_IDfirefox.exe, 0000000C.00000002.2895566607.000001EDDFB50000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2897478259.00000250B9500000.00000002.08000000.00040000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://tidal.com/aa0b92e2-8cc9-4959-843e-dfb73ecea653.tmp.7.drfalse
  • Avira URL Cloud: safe
unknown
https://monitor.firefox.com/aboutfirefox.exe, 0000000C.00000002.2895566607.000001EDDFB50000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2897478259.00000250B9500000.00000002.08000000.00040000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
http://mozilla.org/MPL/2.0/.firefox.exe, 00000005.00000003.1813862027.00000214C1081000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1728149471.00000214C1081000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2119520319.00000214BFB58000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1803564052.00000214C1081000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2054773546.00000214C2768000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1804855589.00000214BFA62000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1751621952.00000214C2C64000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2046183332.00000214BFB58000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1751621952.00000214C2CF2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1803250534.00000214BFCF8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1816594089.00000214BFA72000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1815211056.00000214C10F4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1845869820.000002170003F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1728149471.00000214C10F4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2120513807.00000214BFCF1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2044735281.00000214C2CF2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1770465809.00000214C2E50000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2395337629.00000214BFCCD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1813862027.00000214C1071000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1824097064.00000214C0FD5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1864092097.00000214C0FDF000.00000004.00000800.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://account.bellmedia.cfirefox.exe, 00000005.00000003.1819337393.00000214C386F000.00000004.00000800.00020000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://www.openh264.org/firefox.exe, 00000005.00000003.1866166373.00000214BBFAD000.00000004.00000800.00020000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://gaana.com/aa0b92e2-8cc9-4959-843e-dfb73ecea653.tmp.7.drfalse
  • Avira URL Cloud: safe
unknown
https://login.microsoftonline.comfirefox.exe, 00000005.00000003.1819337393.00000214C386F000.00000004.00000800.00020000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://coverage.mozilla.orgfirefox.exe, 0000000C.00000002.2895566607.000001EDDFB50000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2897478259.00000250B9500000.00000002.08000000.00040000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
http://crl.thawte.com/ThawteTimestampingCA.crl0firefox.exe, 00000005.00000003.2055866169.00000214C00C1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2060151315.00000214C1300000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.5.drfalse
  • URL Reputation: safe
unknown
https://csp.withgoogle.com/csp/report-to/AccountsSignInUiReporting and NEL.7.drfalse
  • URL Reputation: safe
unknown
https://outlook.live.com/mail/compose?isExtension=trueaa0b92e2-8cc9-4959-843e-dfb73ecea653.tmp.7.drfalse
  • URL Reputation: safe
unknown
https://blocked.cdn.mozilla.net/firefox.exe, 0000000C.00000002.2895566607.000001EDDFB50000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2897478259.00000250B9500000.00000002.08000000.00040000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://developer.mozilla.org/en-US/docs/Glossary/speculative_parsingDocumentWriteIgnoredfirefox.exe, 00000005.00000003.1866166373.00000214BBF9B000.00000004.00000800.00020000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://outlook.office.com/calendar/view/agenda/quickcapture/moreDetails?isExtension=trueaa0b92e2-8cc9-4959-843e-dfb73ecea653.tmp.7.drfalse
  • Avira URL Cloud: safe
unknown
https://profiler.firefox.comfirefox.exe, 0000000C.00000002.2895566607.000001EDDFB50000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2897478259.00000250B9500000.00000002.08000000.00040000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://outlook.live.com/default.aspx?rru=compose&to=%sfirefox.exe, 00000005.00000003.2060740633.00000214BFA33000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2056330834.00000214BE1DF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1804855589.00000214BFA33000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2018788673.00000214BFA34000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.1723850828.00000214BFA33000.00000004.00000800.00020000.00000000.sdmpfalse
  • URL Reputation: safe
unknown

World Map of Contacted IPs

  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Public IPs

IPDomainCountryFlagASNASN NameMalicious
13.107.246.40
unknownUnited States
8068MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
152.195.19.97
unknownUnited States
15133EDGECASTUSfalse
142.251.40.206
unknownUnited States
15169GOOGLEUSfalse
142.251.40.228
unknownUnited States
15169GOOGLEUSfalse
142.250.185.161
googlehosted.l.googleusercontent.comUnited States
15169GOOGLEUSfalse
23.44.133.38
unknownUnited States
20940AKAMAI-ASN1EUfalse
172.64.41.3
chrome.cloudflare-dns.comUnited States
13335CLOUDFLARENETUSfalse
34.120.208.123
telemetry-incoming.r53-2.services.mozilla.comUnited States
15169GOOGLEUSfalse
34.149.100.209
prod.remote-settings.prod.webservices.mozgcp.netUnited States
2686ATGS-MMD-ASUSfalse
52.222.236.80
services.addons.mozilla.orgUnited States
16509AMAZON-02USfalse
34.107.221.82
prod.detectportal.prod.cloudops.mozgcp.netUnited States
15169GOOGLEUSfalse
35.244.181.201
prod.balrog.prod.cloudops.mozgcp.netUnited States
15169GOOGLEUSfalse
142.250.81.234
unknownUnited States
15169GOOGLEUSfalse
239.255.255.250
unknownReserved
unknownunknownfalse
20.96.153.111
unknownUnited States
8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
23.44.201.5
unknownUnited States
20940AKAMAI-ASN1EUfalse
35.190.72.216
prod.classify-client.prod.webservices.mozgcp.netUnited States
15169GOOGLEUSfalse
172.253.115.84
unknownUnited States
15169GOOGLEUSfalse

Private

IP
192.168.2.4
127.0.0.1

General Information

Joe Sandbox version:40.0.0 Tourmaline
Analysis ID:1502483
Start date and time:2024-09-01 21:18:06 +02:00
Joe Sandbox product:CloudBasic
Overall analysis duration:0h 6m 43s
Hypervisor based Inspection enabled:false
Report type:full
Cookbook file name:default.jbs
Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:27
Number of new started drivers analysed:0
Number of existing processes analysed:0
Number of existing drivers analysed:0
Number of injected processes analysed:0
Technologies:
  • HCA enabled
  • EGA enabled
  • AMSI enabled
Analysis Mode:default
Analysis stop reason:Timeout
Sample name:file.exe
Detection:MAL
Classification:mal68.evad.winEXE@72/335@31/20
EGA Information:
  • Successful, ratio: 66.7%
HCA Information:
  • Successful, ratio: 96%
  • Number of executed functions: 37
  • Number of non-executed functions: 309
Cookbook Comments:
  • Found application associated with file extension: .exe

Warnings

  • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, backgroundTaskHost.exe, conhost.exe, svchost.exe
  • Excluded IPs from analysis (whitelisted): 13.107.42.16, 74.125.71.84, 204.79.197.239, 13.107.21.239, 142.250.186.174, 13.107.6.158, 2.19.126.152, 2.19.126.145, 142.250.181.227, 2.23.209.177, 2.23.209.189, 2.23.209.158, 2.23.209.160, 2.23.209.133, 2.23.209.150, 2.23.209.140, 2.23.209.179, 2.23.209.135, 142.250.185.67, 42.56.77.10, 192.229.221.95, 172.217.16.206, 2.22.61.56, 2.22.61.59, 172.217.18.14, 142.251.40.99, 142.251.41.3, 142.250.65.163
  • Excluded domains from analysis (whitelisted): cdp-f-ssl-tlu-net.trafficmanager.net, ciscobinary.openh264.org, config.edge.skype.com.trafficmanager.net, slscr.update.microsoft.com, a416.dscd.akamai.net, incoming.telemetry.mozilla.org, a17.rackcdn.com.mdc.edgesuite.net, aus5.mozilla.org, star.sf.tlu.dl.delivery.mp.microsoft.com.delivery.microsoft.com, a19.dscg10.akamai.net, clients2.google.com, e86303.dscx.akamaiedge.net, ocsp.digicert.com, www.bing.com.edgekey.net, redirector.gvt1.com, config-edge-skype.l-0007.l-msedge.net, msedge.b.tlu.dl.delivery.mp.microsoft.com, www.gstatic.com, l-0007.l-msedge.net, config.edge.skype.com, www.bing.com, edge-microsoft-com.dual-a-0036.a-msedge.net, fs.microsoft.com, accounts.google.com, bzib.nelreports.net.akamaized.net, fonts.gstatic.com, wildcardtlu-ssl.ec.azureedge.net, ctldl.windowsupdate.com, b-0005.b-msedge.net, detectportal.prod.mozaws.net, www-www.bing.com.trafficmanager.net, edge.microsoft.com, business-bing-com.b-0005.b-msedge.net, fe3cr.delivery.mp.microsoft.com,
  • Not all processes where analyzed, report is missing behavior information
  • Report size exceeded maximum capacity and may have missing behavior information.
  • Report size exceeded maximum capacity and may have missing disassembly code.
  • Report size getting too big, too many NtAllocateVirtualMemory calls found.
  • Report size getting too big, too many NtCreateFile calls found.
  • Report size getting too big, too many NtOpenFile calls found.
  • Report size getting too big, too many NtOpenKeyEx calls found.
  • Report size getting too big, too many NtProtectVirtualMemory calls found.
  • Report size getting too big, too many NtQueryValueKey calls found.
  • Report size getting too big, too many NtWriteVirtualMemory calls found.
  • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

Simulations

Behavior and APIs

TimeTypeDescription
20:19:05AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run MicrosoftEdgeAutoLaunch_C366A24065C39A1BE76E148DC2D0A868 "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5
20:19:14AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run MicrosoftEdgeAutoLaunch_C366A24065C39A1BE76E148DC2D0A868 "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5

Joe Sandbox View / Context

IPs

MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
13.107.246.40Payment Transfer Receipt.shtmlGet hashmaliciousHTMLPhisherBrowse
  • www.aib.gov.uk/
NEW ORDER.xlsGet hashmaliciousUnknownBrowse
  • 2s.gg/3zs
PO_OCF 408.xlsGet hashmaliciousUnknownBrowse
  • 2s.gg/42Q
06836722_218 Aluplast.docx.docGet hashmaliciousUnknownBrowse
  • 2s.gg/3zk
Quotation.xlsGet hashmaliciousUnknownBrowse
  • 2s.gg/3zM
152.195.19.97http://ustteam.com/Get hashmaliciousUnknownBrowse
  • www.ust.com/
23.44.133.38file.exeGet hashmaliciousUnknownBrowse
    file.exeGet hashmaliciousUnknownBrowse
      file.exeGet hashmaliciousUnknownBrowse
        file.exeGet hashmaliciousUnknownBrowse
          file.exeGet hashmaliciousUnknownBrowse
            file.exeGet hashmaliciousUnknownBrowse
              file.exeGet hashmaliciousUnknownBrowse
                file.exeGet hashmaliciousUnknownBrowse
                  file.exeGet hashmaliciousUnknownBrowse
                    file.exeGet hashmaliciousUnknownBrowse

                      Domains

                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                      example.orgfile.exeGet hashmaliciousUnknownBrowse
                      • 93.184.215.14
                      file.exeGet hashmaliciousUnknownBrowse
                      • 93.184.215.14
                      file.exeGet hashmaliciousUnknownBrowse
                      • 93.184.215.14
                      file.exeGet hashmaliciousUnknownBrowse
                      • 93.184.215.14
                      file.exeGet hashmaliciousUnknownBrowse
                      • 93.184.215.14
                      file.exeGet hashmaliciousUnknownBrowse
                      • 93.184.215.14
                      file.exeGet hashmaliciousUnknownBrowse
                      • 93.184.215.14
                      MDE_File_Sample_775c04b737da218ea8e0cf00c15e7212960dd200.zipGet hashmaliciousUnknownBrowse
                      • 93.184.215.14
                      file.exeGet hashmaliciousUnknownBrowse
                      • 93.184.215.14
                      https://wetransfer.com/downloads/e3c914f2e6f4651b1445415756262fa620240826020905/640d590327db92754fa0159c45d4f92720240826020905/4529de?trk=TRN_TDL_01&utm_campaign=TRN_TDL_01&utm_medium=email&utm_source=sendgridGet hashmaliciousUnknownBrowse
                      • 93.184.215.14
                      services.addons.mozilla.orgfile.exeGet hashmaliciousUnknownBrowse
                      • 52.222.236.23
                      file.exeGet hashmaliciousUnknownBrowse
                      • 18.65.39.85
                      file.exeGet hashmaliciousUnknownBrowse
                      • 52.222.236.80
                      file.exeGet hashmaliciousUnknownBrowse
                      • 18.65.39.31
                      file.exeGet hashmaliciousUnknownBrowse
                      • 52.222.236.23
                      file.exeGet hashmaliciousUnknownBrowse
                      • 52.222.236.120
                      file.exeGet hashmaliciousUnknownBrowse
                      • 52.222.236.48
                      MDE_File_Sample_775c04b737da218ea8e0cf00c15e7212960dd200.zipGet hashmaliciousUnknownBrowse
                      • 3.165.136.19
                      file.exeGet hashmaliciousUnknownBrowse
                      • 18.65.39.31
                      https://wetransfer.com/downloads/e3c914f2e6f4651b1445415756262fa620240826020905/640d590327db92754fa0159c45d4f92720240826020905/4529de?trk=TRN_TDL_01&utm_campaign=TRN_TDL_01&utm_medium=email&utm_source=sendgridGet hashmaliciousUnknownBrowse
                      • 52.222.236.120
                      chrome.cloudflare-dns.comfile.exeGet hashmaliciousUnknownBrowse
                      • 172.64.41.3
                      file.exeGet hashmaliciousAmadey, StealcBrowse
                      • 162.159.61.3
                      file.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
                      • 162.159.61.3
                      file.exeGet hashmaliciousAmadey, StealcBrowse
                      • 162.159.61.3
                      file.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
                      • 172.64.41.3
                      file.exeGet hashmaliciousAmadey, StealcBrowse
                      • 162.159.61.3
                      file.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
                      • 172.64.41.3
                      nitro.exeGet hashmaliciousLummaC StealerBrowse
                      • 172.64.41.3
                      nitro.exeGet hashmaliciousLummaC StealerBrowse
                      • 162.159.61.3
                      XarsweLoader.exeGet hashmaliciousLummaC StealerBrowse
                      • 172.64.41.3
                      ipv4only.arpafile.exeGet hashmaliciousUnknownBrowse
                      • 192.0.0.171
                      SecuriteInfo.com.Trojan-Downloader.Win32.Agent.xycwio.1244.6578.exeGet hashmaliciousCoinhiveBrowse
                      • 192.0.0.170
                      SecuriteInfo.com.Trojan-Downloader.Win32.Agent.xycwio.1244.6578.exeGet hashmaliciousCoinhiveBrowse
                      • 192.0.0.171
                      file.exeGet hashmaliciousUnknownBrowse
                      • 192.0.0.171
                      file.exeGet hashmaliciousUnknownBrowse
                      • 192.0.0.170
                      file.exeGet hashmaliciousUnknownBrowse
                      • 192.0.0.170
                      file.exeGet hashmaliciousUnknownBrowse
                      • 192.0.0.171
                      file.exeGet hashmaliciousUnknownBrowse
                      • 192.0.0.171
                      file.exeGet hashmaliciousUnknownBrowse
                      • 192.0.0.171
                      MDE_File_Sample_775c04b737da218ea8e0cf00c15e7212960dd200.zipGet hashmaliciousUnknownBrowse
                      • 192.0.0.170

                      ASNs

                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                      AKAMAI-ASN1EUfile.exeGet hashmaliciousUnknownBrowse
                      • 23.59.250.96
                      file.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
                      • 23.200.0.42
                      file.exeGet hashmaliciousAmadey, StealcBrowse
                      • 23.219.161.132
                      file.exeGet hashmaliciousAmadey, StealcBrowse
                      • 23.55.235.170
                      file.exeGet hashmaliciousUnknownBrowse
                      • 23.200.0.9
                      file.exeGet hashmaliciousUnknownBrowse
                      • 23.200.0.9
                      file.exeGet hashmaliciousUnknownBrowse
                      • 23.44.133.38
                      aisuru.i686.elfGet hashmaliciousUnknownBrowse
                      • 172.232.34.247
                      file.exeGet hashmaliciousUnknownBrowse
                      • 23.54.161.105
                      file.exeGet hashmaliciousUnknownBrowse
                      • 23.200.0.9
                      EDGECASTUSfile.exeGet hashmaliciousUnknownBrowse
                      • 152.195.19.97
                      file.exeGet hashmaliciousAmadey, StealcBrowse
                      • 152.195.19.97
                      file.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
                      • 152.195.19.97
                      file.exeGet hashmaliciousAmadey, StealcBrowse
                      • 152.195.19.97
                      file.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
                      • 152.195.19.97
                      file.exeGet hashmaliciousAmadey, StealcBrowse
                      • 152.195.19.97
                      file.exeGet hashmaliciousAmadey, StealcBrowse
                      • 152.195.19.97
                      file.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
                      • 152.195.19.97
                      file.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
                      • 152.195.19.97
                      file.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
                      • 152.195.19.97
                      MICROSOFT-CORP-MSN-AS-BLOCKUSfile.exeGet hashmaliciousUnknownBrowse
                      • 13.107.246.60
                      file.exeGet hashmaliciousAmadey, StealcBrowse
                      • 13.107.246.60
                      firmware.armv7l.elfGet hashmaliciousUnknownBrowse
                      • 20.136.68.40
                      firmware.i586.elfGet hashmaliciousUnknownBrowse
                      • 40.103.228.120
                      firmware.i686.elfGet hashmaliciousUnknownBrowse
                      • 20.222.27.101
                      firmware.arm-linux-gnueabihf.elfGet hashmaliciousUnknownBrowse
                      • 52.108.136.144
                      file.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
                      • 13.107.246.60
                      file.exeGet hashmaliciousAmadey, StealcBrowse
                      • 13.107.246.60
                      file.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
                      • 13.107.246.57
                      vir.zipGet hashmaliciousLummaC StealerBrowse
                      • 20.42.65.92

                      JA3 Fingerprints

                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                      28a2c9bd18a11de089ef85a160da29e4file.exeGet hashmaliciousUnknownBrowse
                      • 52.165.165.26
                      • 184.28.90.27
                      file.exeGet hashmaliciousAmadey, StealcBrowse
                      • 52.165.165.26
                      • 184.28.90.27
                      file.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
                      • 52.165.165.26
                      • 184.28.90.27
                      file.exeGet hashmaliciousAmadey, StealcBrowse
                      • 52.165.165.26
                      • 184.28.90.27
                      ^=L@test_PC_FilE_2024_as_P@ssKey=^.zipGet hashmaliciousGo InjectorBrowse
                      • 52.165.165.26
                      • 184.28.90.27
                      file.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
                      • 52.165.165.26
                      • 184.28.90.27
                      http://virastman.irGet hashmaliciousUnknownBrowse
                      • 52.165.165.26
                      • 184.28.90.27
                      file.exeGet hashmaliciousAmadey, StealcBrowse
                      • 52.165.165.26
                      • 184.28.90.27
                      https://pinpoint-insights.com/interx/tracker?op=click&id=1bcf8.e84f&url=https://splendo-alu.com/proposed-report22.html#skolverket@skolverket.se&id=71deGet hashmaliciousHTMLPhisherBrowse
                      • 52.165.165.26
                      • 184.28.90.27
                      file.exeGet hashmaliciousAmadey, StealcBrowse
                      • 52.165.165.26
                      • 184.28.90.27
                      fb0aa01abe9d8e4037eb3473ca6e2dcafile.exeGet hashmaliciousUnknownBrowse
                      • 35.244.181.201
                      • 34.149.100.209
                      • 52.222.236.80
                      • 34.120.208.123
                      file.exeGet hashmaliciousUnknownBrowse
                      • 35.244.181.201
                      • 34.149.100.209
                      • 52.222.236.80
                      • 34.120.208.123
                      file.exeGet hashmaliciousUnknownBrowse
                      • 35.244.181.201
                      • 34.149.100.209
                      • 52.222.236.80
                      • 34.120.208.123
                      file.exeGet hashmaliciousUnknownBrowse
                      • 35.244.181.201
                      • 34.149.100.209
                      • 52.222.236.80
                      • 34.120.208.123
                      file.exeGet hashmaliciousUnknownBrowse
                      • 35.244.181.201
                      • 34.149.100.209
                      • 52.222.236.80
                      • 34.120.208.123
                      file.exeGet hashmaliciousUnknownBrowse
                      • 35.244.181.201
                      • 34.149.100.209
                      • 52.222.236.80
                      • 34.120.208.123
                      file.exeGet hashmaliciousUnknownBrowse
                      • 35.244.181.201
                      • 34.149.100.209
                      • 52.222.236.80
                      • 34.120.208.123
                      MDE_File_Sample_775c04b737da218ea8e0cf00c15e7212960dd200.zipGet hashmaliciousUnknownBrowse
                      • 35.244.181.201
                      • 34.149.100.209
                      • 52.222.236.80
                      • 34.120.208.123
                      file.exeGet hashmaliciousUnknownBrowse
                      • 35.244.181.201
                      • 34.149.100.209
                      • 52.222.236.80
                      • 34.120.208.123
                      https://wetransfer.com/downloads/e3c914f2e6f4651b1445415756262fa620240826020905/640d590327db92754fa0159c45d4f92720240826020905/4529de?trk=TRN_TDL_01&utm_campaign=TRN_TDL_01&utm_medium=email&utm_source=sendgridGet hashmaliciousUnknownBrowse
                      • 35.244.181.201
                      • 34.149.100.209
                      • 52.222.236.80
                      • 34.120.208.123

                      Dropped Files

                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                      C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll.tmpfile.exeGet hashmaliciousUnknownBrowse
                        file.exeGet hashmaliciousUnknownBrowse
                          file.exeGet hashmaliciousUnknownBrowse
                            file.exeGet hashmaliciousUnknownBrowse
                              file.exeGet hashmaliciousUnknownBrowse
                                file.exeGet hashmaliciousUnknownBrowse
                                  file.exeGet hashmaliciousUnknownBrowse
                                    MDE_File_Sample_775c04b737da218ea8e0cf00c15e7212960dd200.zipGet hashmaliciousUnknownBrowse
                                      file.exeGet hashmaliciousUnknownBrowse
                                        SecuriteInfo.com.Win32.Evo-gen.18513.13360.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
                                          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll (copy)file.exeGet hashmaliciousUnknownBrowse
                                            file.exeGet hashmaliciousUnknownBrowse
                                              file.exeGet hashmaliciousUnknownBrowse
                                                file.exeGet hashmaliciousUnknownBrowse
                                                  file.exeGet hashmaliciousUnknownBrowse
                                                    file.exeGet hashmaliciousUnknownBrowse
                                                      file.exeGet hashmaliciousUnknownBrowse
                                                        MDE_File_Sample_775c04b737da218ea8e0cf00c15e7212960dd200.zipGet hashmaliciousUnknownBrowse
                                                          file.exeGet hashmaliciousUnknownBrowse
                                                            SecuriteInfo.com.Win32.Evo-gen.18513.13360.exeGet hashmaliciousAmadey, Stealc, VidarBrowse

                                                              Created / dropped Files

                                                              C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\uninstall_ping_308046B0AF4A39CB_d60dc410-3767-4381-bd10-561f7657946c.json (copy)

                                                              Download File
                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):6439
                                                              Entropy (8bit):5.145228827519569
                                                              Encrypted:false
                                                              SSDEEP:192:YjMXgCdcbhbVbTbfbRbObtbyEzn/nSrDtTJdB:YYlcNhnzFSJ5nSrDhJdB
                                                              MD5:CF3342621FEA0FDD3F3109134477D870
                                                              SHA1:CD4E007C4C04369092314C70A9A01458068C7BF5
                                                              SHA-256:5BA09C0AC59DF2B5CCC96B592C1F78D9CAD99DA0B8A9749FBA02732FF4B1FA57
                                                              SHA-512:837B5E2D0FF354FEF8A553CF603788B55C82E3F2B364B47BDDFBF38E805A801256DDA0D5ABC3BB74816E394AC5B6EE52E7C8BB9017ED5F1FFE732BC6C7FF6C04
                                                              Malicious:false
                                                              Preview:{"type":"uninstall","id":"d60dc410-3767-4381-bd10-561f7657946c","creationDate":"2024-09-01T20:24:10.995Z","version":4,"application":{"architecture":"x86-64","buildId":"20230927232528","name":"Firefox","version":"118.0.1","displayVersion":"118.0.1","vendor":"Mozilla","platformVersion":"118.0.1","xpcomAbi":"x86_64-msvc","channel":"release"},"payload":{"otherInstalls":0},"clientId":"65e71c9e-6ac3-4903-9066-b134350de32c","environment":{"build":{"applicationId":"{ec8030f7-c20a-464f-9b0e-13a3a9e97384}","applicationName":"Firefox","architecture":"x86-64","buildId":"20230927232528","version":"118.0.1","vendor":"Mozilla","displayVersion":"118.0.1","platformVersion":"118.0.1","xpcomAbi":"x86_64-msvc","updaterAvailable":true},"partner":{"distributionId":null,"distributionVersion":null,"partnerId":null,"distributor":null,"distributorChannel":null,"partnerNames":[]},"system":{"memoryMB":8191,"virtualMaxMB":134217728,"cpu":{"isWindowsSMode":false,"count":4,"cores":2,"vendor":"GenuineIntel","name":"I

                                                              C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\uninstall_ping_308046B0AF4A39CB_d60dc410-3767-4381-bd10-561f7657946c.json.tmp

                                                              Download File
                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):6439
                                                              Entropy (8bit):5.145228827519569
                                                              Encrypted:false
                                                              SSDEEP:192:YjMXgCdcbhbVbTbfbRbObtbyEzn/nSrDtTJdB:YYlcNhnzFSJ5nSrDhJdB
                                                              MD5:CF3342621FEA0FDD3F3109134477D870
                                                              SHA1:CD4E007C4C04369092314C70A9A01458068C7BF5
                                                              SHA-256:5BA09C0AC59DF2B5CCC96B592C1F78D9CAD99DA0B8A9749FBA02732FF4B1FA57
                                                              SHA-512:837B5E2D0FF354FEF8A553CF603788B55C82E3F2B364B47BDDFBF38E805A801256DDA0D5ABC3BB74816E394AC5B6EE52E7C8BB9017ED5F1FFE732BC6C7FF6C04
                                                              Malicious:false
                                                              Preview:{"type":"uninstall","id":"d60dc410-3767-4381-bd10-561f7657946c","creationDate":"2024-09-01T20:24:10.995Z","version":4,"application":{"architecture":"x86-64","buildId":"20230927232528","name":"Firefox","version":"118.0.1","displayVersion":"118.0.1","vendor":"Mozilla","platformVersion":"118.0.1","xpcomAbi":"x86_64-msvc","channel":"release"},"payload":{"otherInstalls":0},"clientId":"65e71c9e-6ac3-4903-9066-b134350de32c","environment":{"build":{"applicationId":"{ec8030f7-c20a-464f-9b0e-13a3a9e97384}","applicationName":"Firefox","architecture":"x86-64","buildId":"20230927232528","version":"118.0.1","vendor":"Mozilla","displayVersion":"118.0.1","platformVersion":"118.0.1","xpcomAbi":"x86_64-msvc","updaterAvailable":true},"partner":{"distributionId":null,"distributionVersion":null,"partnerId":null,"distributor":null,"distributorChannel":null,"partnerNames":[]},"system":{"memoryMB":8191,"virtualMaxMB":134217728,"cpu":{"isWindowsSMode":false,"count":4,"cores":2,"vendor":"GenuineIntel","name":"I

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\00dc5ecc-716d-4b14-955e-b70fae13b881.tmp

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):25052
                                                              Entropy (8bit):6.030344262830439
                                                              Encrypted:false
                                                              SSDEEP:768:mMGQ7FCYXGIgtDAWtJ4g1tBMTaS96Wh02tdy:mMGQ5XMBX1wK
                                                              MD5:5DC21645960179533DC26B16417B2D1F
                                                              SHA1:DA4DB4D504DD9A6C4210A560DE9B024ECE3D3DDE
                                                              SHA-256:DB09EEB675B78E6FB9C592864130A77EFBFBAA38AA0F559C1F19F20A0274CEB5
                                                              SHA-512:CF357B770DEB4AF37C5AE9002953549AF77C2D81F6779CBA6126DDF85619582145160B46DC324C4B435F24BF5EBFC74CA3270B07150FC6B1D59757CE7C1CC50A
                                                              Malicious:false
                                                              Preview:{"abusive_adblocker_etag":"\"5E25271B8190D943537AD3FDB50874FC133E8B4A00380E2A6A888D63386F728B\"","apps_count_check_time":"13369691936880079","browser":{"browser_build_version":"117.0.2045.47","browser_version_of_last_seen_whats_new":"117.0.2045.47","last_redirect_origin":"","last_seen_whats_new_page_version":"117.0.2045.47"},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"domain_actions_config":"H4sIAAAAAAAAAL1dWZPktpH+KxP9ZDtU6GMujfykHY9txVpHyHIoYh2ODhBEkWiCAAdHVbEc/u+bCVb1dE8RqEqOdh806mbzw8VEXshM/PuKb27vha2luF9LHqKT96KVoru3G+mcquXVN/++4sOgleBBWeOvvvnn4YGs7wcLz8erb65+HMKPMVx9dVXbnisDT4wMa612TNj+6j9fUSA+xFpZPyH/9dVVQig59Wx4L5+Cwzjg799ubt/jJP48zeE9TuHwDjYBc/Ew+Ktvbv/z1ZWoe+rsjB4/7Abr5U+ajz9LXo9Px+21Mk1hoo/oX6HHjTLyKTjYyMJmCbLnO/hZMpjFAjSvxOIhbxgi5FK85m+ZCkuQu7UyKoxLO97yIFoYvbAluiw2oRoYgIQ2nG2AqJY2U+koRXQbbMm3fMsEX9JMK3GLbeAvNjhrlo5GOJiTA/oXLTdG6qXtmMBDiyS59PvY7eCklyb4QcfFi7tpdwu3VBt1XNorvM4+RiU6+CjD0kb+pHz7rRm

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\051ba387-3a3f-42b6-be33-c92f4114f03e.tmp

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):22924
                                                              Entropy (8bit):6.045758057888807
                                                              Encrypted:false
                                                              SSDEEP:384:ytMGQ7LBjuYXGIgtDAW5u0TDJ2q03XsNwh7gqm96e+Mh0lkdHd5qF:mMGQ7FCYXGIgtDAWtJ4n1tBm96Wh02t4
                                                              MD5:8F7ADE9C4760A52A45A1553DB482E60C
                                                              SHA1:959502E0AD4304121DEC252089C04B0621D6A5F3
                                                              SHA-256:89ADC4CE1B08E77198CCB988A0F8D123BAB2BAC628C7EA579F837A48557F86CF
                                                              SHA-512:3EE6FEE93EF958D67BCB5122F4452CE95A5A1406E84AF09615AA7A5B13BAFFE3614691A89F4C11AE42DA16D707D5658BD199FE65B21AB4552B203E6637F51ABA
                                                              Malicious:false
                                                              Preview:{"abusive_adblocker_etag":"\"5E25271B8190D943537AD3FDB50874FC133E8B4A00380E2A6A888D63386F728B\"","apps_count_check_time":"13369691936880079","browser":{"browser_build_version":"117.0.2045.47","browser_version_of_last_seen_whats_new":"117.0.2045.47","last_redirect_origin":"","last_seen_whats_new_page_version":"117.0.2045.47"},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"domain_actions_config":"H4sIAAAAAAAAAL1dWZPktpH+KxP9ZDtU6GMujfykHY9txVpHyHIoYh2ODhBEkWiCAAdHVbEc/u+bCVb1dE8RqEqOdh806mbzw8VEXshM/PuKb27vha2luF9LHqKT96KVoru3G+mcquXVN/++4sOgleBBWeOvvvnn4YGs7wcLz8erb65+HMKPMVx9dVXbnisDT4wMa612TNj+6j9fUSA+xFpZPyH/9dVVQig59Wx4L5+Cwzjg799ubt/jJP48zeE9TuHwDjYBc/Ew+Ktvbv/z1ZWoe+rsjB4/7Abr5U+ajz9LXo9Px+21Mk1hoo/oX6HHjTLyKTjYyMJmCbLnO/hZMpjFAjSvxOIhbxgi5FK85m+ZCkuQu7UyKoxLO97yIFoYvbAluiw2oRoYgIQ2nG2AqJY2U+koRXQbbMm3fMsEX9JMK3GLbeAvNjhrlo5GOJiTA/oXLTdG6qXtmMBDiyS59PvY7eCklyb4QcfFi7tpdwu3VBt1XNorvM4+RiU6+CjD0kb+pHz7rRm

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\4ac6fb7a-084b-4ad8-9f89-2cc0b8ed2a65.tmp

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):25103
                                                              Entropy (8bit):6.02956110405164
                                                              Encrypted:false
                                                              SSDEEP:768:mMGQ7FCYXGIgtDAWtJ4gktBMTaP96Wh02tdy:mMGQ5XMBXkVK
                                                              MD5:E086446AE8537F04B11A665711C7A029
                                                              SHA1:8A7857AD2129E3D404EE34C4B2F940898CF72A8F
                                                              SHA-256:F5B451ADC4EBACBBA04DBAE9AF1DC44AA21B03E342A53EC7E9858E2B93915E9E
                                                              SHA-512:3BC37368C596BF57B02E71587E9877A67892465685A0061763EC350BBEACC19767619CB620046DB0BC44C5A087140ADEFD2E22AE29A42CFB3A5DDB1E8CCF3268
                                                              Malicious:false
                                                              Preview:{"abusive_adblocker_etag":"\"5E25271B8190D943537AD3FDB50874FC133E8B4A00380E2A6A888D63386F728B\"","apps_count_check_time":"13369691936880079","browser":{"browser_build_version":"117.0.2045.47","browser_version_of_last_seen_whats_new":"117.0.2045.47","last_redirect_origin":"","last_seen_whats_new_page_version":"117.0.2045.47"},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"domain_actions_config":"H4sIAAAAAAAAAL1dWZPktpH+KxP9ZDtU6GMujfykHY9txVpHyHIoYh2ODhBEkWiCAAdHVbEc/u+bCVb1dE8RqEqOdh806mbzw8VEXshM/PuKb27vha2luF9LHqKT96KVoru3G+mcquXVN/++4sOgleBBWeOvvvnn4YGs7wcLz8erb65+HMKPMVx9dVXbnisDT4wMa612TNj+6j9fUSA+xFpZPyH/9dVVQig59Wx4L5+Cwzjg799ubt/jJP48zeE9TuHwDjYBc/Ew+Ktvbv/z1ZWoe+rsjB4/7Abr5U+ajz9LXo9Px+21Mk1hoo/oX6HHjTLyKTjYyMJmCbLnO/hZMpjFAjSvxOIhbxgi5FK85m+ZCkuQu7UyKoxLO97yIFoYvbAluiw2oRoYgIQ2nG2AqJY2U+koRXQbbMm3fMsEX9JMK3GLbeAvNjhrlo5GOJiTA/oXLTdG6qXtmMBDiyS59PvY7eCklyb4QcfFi7tpdwu3VBt1XNorvM4+RiU6+CjD0kb+pHz7rRm

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\55d3ee13-590b-489f-a31f-fcc49b82d5a3.tmp

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:modified
                                                              Size (bytes):8106
                                                              Entropy (8bit):5.814027626578293
                                                              Encrypted:false
                                                              SSDEEP:192:asNAYYEeiRUfgQUkxAl6qRAq1k8SPxVLZ7VTiq:asNAMC9v6l6q3QxVNZTiq
                                                              MD5:924F0FC5B2B66E1EB47314DD519CA825
                                                              SHA1:B27F7BC7727FD08BEC12172CC599202259B1CC25
                                                              SHA-256:9E36FD4E5C494CFF00B39D582A7369093312282527657BEE0C3A4AE42CD28B82
                                                              SHA-512:AC10F75C16D093096B384A670601B16747570ED6C8BBAF9A24754FBB027F32AF97A59DB3EC75AA673434D4C00ECFA908BE81A404D5E44DE650EB8019874E3F00
                                                              Malicious:false
                                                              Preview:{"browser":{"last_redirect_origin":""},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false},"tab_stabs":{"closed_without_unfreeze_never_unfrozen":0,"closed_without_unfreeze_previously_unfrozen":0,"discard_without_unfreeze_never_unfrozen":0,"discard_without_unfreeze_previously_unfrozen":0},"tab_stats":{"frozen_daily":0,"unfrozen_daily":0}},"fire_local_softlanding_notification":false,"fre":{"soft_landing_bubble":{"bubble_response":0,"has_user_seen_bubble":true,"is_bubble_triggered":0}},"hardware_acceleration_mode_previous":true,"legacy":{"profile":{"name":{"migrated":true}}},"migration":{"last_edgeuwp_pin_migration_on_edge_version":"92.0.902.67","last_edgeuwp_pin_migration_on_os_version":"10 OS Version 2009 (Build 19045.2006)","last_edgeuwp_pin_mig

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\5e12960b-c25c-49aa-a3e1-c30a09a761e7.tmp

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):23966
                                                              Entropy (8bit):6.049021464434112
                                                              Encrypted:false
                                                              SSDEEP:384:ytMGQ7LBjuYXGIgtDAW5u0TDJ2q03XsNwh7gqVTvM6Yr0+Mh0lkdHd5qY:mMGQ7FCYXGIgtDAWtJ4n1tBVLM6YrUh9
                                                              MD5:A8A5BE250BCD7ADA63BB81A8DFC62B60
                                                              SHA1:5912A8B31507C84084E758BAC78C7C9AC79880C8
                                                              SHA-256:4BC0C0F8965DEA5FA9E801EBF9EF87F2ADAC1D8A1980AAA7C2C337626E6774C8
                                                              SHA-512:31918F6FEDAB84A19CFB6F83BD9056E483899DFAFA08B1421DC9528962FFC58B0994A7C7F7D130EBB9A45413FE8EF4BD99BFD719DA3616B693B04C3B6BE3FAE0
                                                              Malicious:false
                                                              Preview:{"abusive_adblocker_etag":"\"5E25271B8190D943537AD3FDB50874FC133E8B4A00380E2A6A888D63386F728B\"","apps_count_check_time":"13369691936880079","browser":{"browser_build_version":"117.0.2045.47","browser_version_of_last_seen_whats_new":"117.0.2045.47","last_redirect_origin":"","last_seen_whats_new_page_version":"117.0.2045.47"},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"domain_actions_config":"H4sIAAAAAAAAAL1dWZPktpH+KxP9ZDtU6GMujfykHY9txVpHyHIoYh2ODhBEkWiCAAdHVbEc/u+bCVb1dE8RqEqOdh806mbzw8VEXshM/PuKb27vha2luF9LHqKT96KVoru3G+mcquXVN/++4sOgleBBWeOvvvnn4YGs7wcLz8erb65+HMKPMVx9dVXbnisDT4wMa612TNj+6j9fUSA+xFpZPyH/9dVVQig59Wx4L5+Cwzjg799ubt/jJP48zeE9TuHwDjYBc/Ew+Ktvbv/z1ZWoe+rsjB4/7Abr5U+ajz9LXo9Px+21Mk1hoo/oX6HHjTLyKTjYyMJmCbLnO/hZMpjFAjSvxOIhbxgi5FK85m+ZCkuQu7UyKoxLO97yIFoYvbAluiw2oRoYgIQ2nG2AqJY2U+koRXQbbMm3fMsEX9JMK3GLbeAvNjhrlo5GOJiTA/oXLTdG6qXtmMBDiyS59PvY7eCklyb4QcfFi7tpdwu3VBt1XNorvM4+RiU6+CjD0kb+pHz7rRm

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\8aeb325e-a520-4e0d-9da7-94fd3f415d41.tmp

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):8321
                                                              Entropy (8bit):5.788110642734075
                                                              Encrypted:false
                                                              SSDEEP:192:fsNwYYEeiRUDVjukxAX6qRAq1k8SPxVLZ7VTiQ:fsNwMGZ96X6q3QxVNZTiQ
                                                              MD5:B2597F2F8B05DF41FE31227B4BD89A7C
                                                              SHA1:3058D94E6BDCEE11457885DF859BB8DD7029AE3B
                                                              SHA-256:581BB113ACAF5BFBB12A2D6A721652C1E74B1EA46BF58EC1DACDE6CE46428C78
                                                              SHA-512:9AB14D06263A8180496120A4BE4C2C5AC5F34D27C96547BF8A7053D0549D758373E6C9C788D06B4B33249D975F0BF8463CA6D41A59B2EE0F4A91FCB3D92D988E
                                                              Malicious:false
                                                              Preview:{"browser":{"last_redirect_origin":""},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"dual_engine":{"ie_to_edge":{"redirection_mode":0}},"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false},"tab_stabs":{"closed_without_unfreeze_never_unfrozen":0,"closed_without_unfreeze_previously_unfrozen":0,"discard_without_unfreeze_never_unfrozen":0,"discard_without_unfreeze_previously_unfrozen":0},"tab_stats":{"frozen_daily":0,"unfrozen_daily":0}},"fire_local_softlanding_notification":false,"fre":{"oem_bookmarks_set":true,"soft_landing_bubble":{"bubble_response":0,"has_user_seen_bubble":true,"is_bubble_triggered":0}},"hardware_acceleration_mode_previous":true,"legacy":{"profile":{"name":{"migrated":true}}},"migration":{"last_edgeuwp_pin_migration_on_edge_version":"92.0.902.67","last_edgeuwp_pin_migration

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\96842d3d-4358-4e4e-94a1-81bc65a23d1d.tmp

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:modified
                                                              Size (bytes):23966
                                                              Entropy (8bit):6.049021464434112
                                                              Encrypted:false
                                                              SSDEEP:384:ytMGQ7LBjuYXGIgtDAW5u0TDJ2q03XsNwh7gqVTvM6Yr0+Mh0lkdHd5qY:mMGQ7FCYXGIgtDAWtJ4n1tBVLM6YrUh9
                                                              MD5:A8A5BE250BCD7ADA63BB81A8DFC62B60
                                                              SHA1:5912A8B31507C84084E758BAC78C7C9AC79880C8
                                                              SHA-256:4BC0C0F8965DEA5FA9E801EBF9EF87F2ADAC1D8A1980AAA7C2C337626E6774C8
                                                              SHA-512:31918F6FEDAB84A19CFB6F83BD9056E483899DFAFA08B1421DC9528962FFC58B0994A7C7F7D130EBB9A45413FE8EF4BD99BFD719DA3616B693B04C3B6BE3FAE0
                                                              Malicious:false
                                                              Preview:{"abusive_adblocker_etag":"\"5E25271B8190D943537AD3FDB50874FC133E8B4A00380E2A6A888D63386F728B\"","apps_count_check_time":"13369691936880079","browser":{"browser_build_version":"117.0.2045.47","browser_version_of_last_seen_whats_new":"117.0.2045.47","last_redirect_origin":"","last_seen_whats_new_page_version":"117.0.2045.47"},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"domain_actions_config":"H4sIAAAAAAAAAL1dWZPktpH+KxP9ZDtU6GMujfykHY9txVpHyHIoYh2ODhBEkWiCAAdHVbEc/u+bCVb1dE8RqEqOdh806mbzw8VEXshM/PuKb27vha2luF9LHqKT96KVoru3G+mcquXVN/++4sOgleBBWeOvvvnn4YGs7wcLz8erb65+HMKPMVx9dVXbnisDT4wMa612TNj+6j9fUSA+xFpZPyH/9dVVQig59Wx4L5+Cwzjg799ubt/jJP48zeE9TuHwDjYBc/Ew+Ktvbv/z1ZWoe+rsjB4/7Abr5U+ajz9LXo9Px+21Mk1hoo/oX6HHjTLyKTjYyMJmCbLnO/hZMpjFAjSvxOIhbxgi5FK85m+ZCkuQu7UyKoxLO97yIFoYvbAluiw2oRoYgIQ2nG2AqJY2U+koRXQbbMm3fMsEX9JMK3GLbeAvNjhrlo5GOJiTA/oXLTdG6qXtmMBDiyS59PvY7eCklyb4QcfFi7tpdwu3VBt1XNorvM4+RiU6+CjD0kb+pHz7rRm

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Ad Blocking\a83ad99d-22fc-46ae-931b-e0d23ec671b8.tmp

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):107893
                                                              Entropy (8bit):4.640149995732079
                                                              Encrypted:false
                                                              SSDEEP:1536:B/lv4EsQMNeQ9s5VwB34PsiaR+tjvYArQdW+Iuh57P75:fwUQC5VwBIiElEd2K57P75
                                                              MD5:AD9FA3B6C5E14C97CFD9D9A6994CC84A
                                                              SHA1:EF063B4A4988723E0794662EC9D9831DB6566E83
                                                              SHA-256:DCC7F776DBDE2DB809D3402FC302DB414CF67FE5D57297DDDADCE1EE42CFCE8F
                                                              SHA-512:81D9D59657CAF5805D2D190E8533AF48ACEBFFF63409F5A620C4E08F868710301A0C622D7292168048A9BC16C0250669FAAA2DCBF40419740A083C6ED5D79CFA
                                                              Malicious:false
                                                              Preview:{"sites":[{"url":"24video.be"},{"url":"7dnifutbol.bg"},{"url":"6tv.dk"},{"url":"9kefa.com"},{"url":"aculpaedoslb.blogspot.pt"},{"url":"aek-live.gr"},{"url":"arcadepunk.co.uk"},{"url":"acidimg.cc"},{"url":"aazah.com"},{"url":"allehensbeverwijk.nl"},{"url":"amateurgonewild.org"},{"url":"aindasoudotempo.blogspot.com"},{"url":"anorthosis365.com"},{"url":"autoreview.bg"},{"url":"alivefoot.us"},{"url":"arbitro10.com"},{"url":"allhard.org"},{"url":"babesnude.info"},{"url":"aysel.today"},{"url":"animepornx.com"},{"url":"bahisideal20.com"},{"url":"analyseindustrie.nl"},{"url":"bahis10line.org"},{"url":"apoel365.net"},{"url":"bahissitelerisikayetleri.com"},{"url":"bambusratte.com"},{"url":"banzaj.pl"},{"url":"barlevegas.com"},{"url":"baston.info"},{"url":"atomcurve.com"},{"url":"atascadocherba.com"},{"url":"astrologer.gr"},{"url":"adultpicz.com"},{"url":"alleporno.com"},{"url":"beaver-tube.com"},{"url":"beachbabes.info"},{"url":"bearworldmagazine.com"},{"url":"bebegimdensonra.com"},{"url":"autoy

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Ad Blocking\blocklist (copy)

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):107893
                                                              Entropy (8bit):4.640149995732079
                                                              Encrypted:false
                                                              SSDEEP:1536:B/lv4EsQMNeQ9s5VwB34PsiaR+tjvYArQdW+Iuh57P75:fwUQC5VwBIiElEd2K57P75
                                                              MD5:AD9FA3B6C5E14C97CFD9D9A6994CC84A
                                                              SHA1:EF063B4A4988723E0794662EC9D9831DB6566E83
                                                              SHA-256:DCC7F776DBDE2DB809D3402FC302DB414CF67FE5D57297DDDADCE1EE42CFCE8F
                                                              SHA-512:81D9D59657CAF5805D2D190E8533AF48ACEBFFF63409F5A620C4E08F868710301A0C622D7292168048A9BC16C0250669FAAA2DCBF40419740A083C6ED5D79CFA
                                                              Malicious:false
                                                              Preview:{"sites":[{"url":"24video.be"},{"url":"7dnifutbol.bg"},{"url":"6tv.dk"},{"url":"9kefa.com"},{"url":"aculpaedoslb.blogspot.pt"},{"url":"aek-live.gr"},{"url":"arcadepunk.co.uk"},{"url":"acidimg.cc"},{"url":"aazah.com"},{"url":"allehensbeverwijk.nl"},{"url":"amateurgonewild.org"},{"url":"aindasoudotempo.blogspot.com"},{"url":"anorthosis365.com"},{"url":"autoreview.bg"},{"url":"alivefoot.us"},{"url":"arbitro10.com"},{"url":"allhard.org"},{"url":"babesnude.info"},{"url":"aysel.today"},{"url":"animepornx.com"},{"url":"bahisideal20.com"},{"url":"analyseindustrie.nl"},{"url":"bahis10line.org"},{"url":"apoel365.net"},{"url":"bahissitelerisikayetleri.com"},{"url":"bambusratte.com"},{"url":"banzaj.pl"},{"url":"barlevegas.com"},{"url":"baston.info"},{"url":"atomcurve.com"},{"url":"atascadocherba.com"},{"url":"astrologer.gr"},{"url":"adultpicz.com"},{"url":"alleporno.com"},{"url":"beaver-tube.com"},{"url":"beachbabes.info"},{"url":"bearworldmagazine.com"},{"url":"bebegimdensonra.com"},{"url":"autoy

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics-spare.pma (copy)

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:data
                                                              Category:dropped
                                                              Size (bytes):4194304
                                                              Entropy (8bit):0.0
                                                              Encrypted:false
                                                              SSDEEP:3::
                                                              MD5:B5CFA9D6C8FEBD618F91AC2843D50A1C
                                                              SHA1:2BCCBD2F38F15C13EB7D5A89FD9D85F595E23BC3
                                                              SHA-256:BB9F8DF61474D25E71FA00722318CD387396CA1736605E1248821CC0DE3D3AF8
                                                              SHA-512:BD273BF4E10ED6E305ECB7B781CB065545FCE9BE9F1E2968DF22C3A98F82D719855AAFE5FF303D14EA623A5C55E51E924E10033A92A7A6B07725D7E9692B74F5
                                                              Malicious:false
                                                              Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics-spare.pma.tmp

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:data
                                                              Category:dropped
                                                              Size (bytes):4194304
                                                              Entropy (8bit):0.0
                                                              Encrypted:false
                                                              SSDEEP:3::
                                                              MD5:B5CFA9D6C8FEBD618F91AC2843D50A1C
                                                              SHA1:2BCCBD2F38F15C13EB7D5A89FD9D85F595E23BC3
                                                              SHA-256:BB9F8DF61474D25E71FA00722318CD387396CA1736605E1248821CC0DE3D3AF8
                                                              SHA-512:BD273BF4E10ED6E305ECB7B781CB065545FCE9BE9F1E2968DF22C3A98F82D719855AAFE5FF303D14EA623A5C55E51E924E10033A92A7A6B07725D7E9692B74F5
                                                              Malicious:false
                                                              Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-66D4BE1E-193C.pma

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:DIY-Thermocam raw data (Lepton 3.x), scale 0-0, spot sensor temperature 0.000000, unit celsius, color scheme 0, calibration: offset 134217728.000000, slope 75015551881388056232440365056.000000
                                                              Category:dropped
                                                              Size (bytes):4194304
                                                              Entropy (8bit):0.468407298552039
                                                              Encrypted:false
                                                              SSDEEP:6144:gRCcNSf4xs73aHJ+v33lzqOMCSs9waHqE:7is7KW57
                                                              MD5:5072283FDC09B44D499A93F2CC45DB3C
                                                              SHA1:3279FE5AA7035021FA2BDD3095C0DFEBC73FC4B3
                                                              SHA-256:F1CD1D192CE06B7B27A4339398B6CCF9AB534C6847F61E11B82FFCBE8B3DC61F
                                                              SHA-512:E5547427C03C3C2C28F60B603A4382E10C7BDB2C13CFCE6592B20CD7C7FF627C2CAA3B6F169F3B11DAED169506E8F236DC2F9E121305C686E34ED9E87B66E1F4
                                                              Malicious:false
                                                              Preview:...@..@...@.....C.].....@..................0...............`... ...i.y.........BrowserMetrics......i.y..Yd. .......A...................v.0.....UV&K.k<................UV&K.k<................UMA.PersistentHistograms.InitResult.....8...i.y.[".................................................i.y.Pq.30....i.........117.0.2045.47-64..".en-GB*...Windows NT..10.0.190452l..x86_64..?........".vakhyk20,1(.0..8..B.......2.:.M..BU..Be...?j...GenuineIntel... .. ..........x86_64...J....k..^o..J..l.zL.^o..J....\.^o..J.....f.^o..J....?.^o..P.Z...b.INBXj....... .8.@............./......................w..U?:K..>.........."....."...2...".*.:............B)..1.3.147.37.. .*.RegKeyNotFound2.windowsR...Z.....K7..E@..$...SF@.......Y@.......Y@.......Y@........?........?.................?.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@................Y@.......Y@.......Y@........?........?z............<..8...#...msNurturingAssistanceHomeDependency.....triggered....(..$...

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-66D4BE1E-1BF8.pma

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:data
                                                              Category:dropped
                                                              Size (bytes):4194304
                                                              Entropy (8bit):0.039696554059525824
                                                              Encrypted:false
                                                              SSDEEP:192:os01utmqvDzK6SJ8yTFGqLsbZHtgbXjhhULHhxgNE//cRQMcsrRLn8y08Tcm2RGY:30Et+lWCGh+KQB9L08T2RGOD
                                                              MD5:B7A8253C0DFA86FA0A943B2B6DAA9719
                                                              SHA1:D3F07DA0159FE4E6CB9B03A162D7D1FFF72243B9
                                                              SHA-256:A3EB48179486968AF93C471B87552D3690BCBE4650C0158E12362815901EEC42
                                                              SHA-512:7C193354A0E6882B3A17DBDC4F29D1100B6D07184BDA265ED7F69F36DE5E1DEEF0F3F45998C4371C0C0ECBF726C06B5C2DEDDD6CCDA1C6C2107D135E9CE8255D
                                                              Malicious:false
                                                              Preview:...@..@...@.....C.].....@................a...P..............`... ...i.y.........BrowserMetrics......i.y..Yd. .......A...................v.0.....UV&K.k<................UV&K.k<................UMA.PersistentHistograms.InitResult.....8...i.y.[".................................................i.y.Pq.30....q.........117.0.2045.47-64..".en-GB*...Windows NT..10.0.190452l..x86_64..?........".vakhyk20,1(.0..8..B.......2.:.M..BU..Be...?j...GenuineIntel... .. ..........x86_64...J....k..^o..J..l.zL.^o..J...I.r.^o..J....\.^o..J.....f.^o..J....?.^o..P.Z...b.INBXj....... .8.@............./......................w..U.>.........."....."...2...".*.:............B)..1.3.147.37.. .*.RegKeyNotFound2.windowsR...Z.....K7..E@..$...SF@.......Y@.......Y@.......Y@........?........?.................?.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@................Y@.......Y@.......Y@........?........?z...........................................................................

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-66D4BE32-E54.pma

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:data
                                                              Category:dropped
                                                              Size (bytes):4194304
                                                              Entropy (8bit):0.041094307039241065
                                                              Encrypted:false
                                                              SSDEEP:192:J10EbtmqvD9KX7DJu3BZlq+MgXXbt00ALXzPhJ0NaM/W1gQMOdWWn8y08Tcm2RGY:z0EtwqX5i7rhatygidX08T2RGOD
                                                              MD5:09BE0A84D34341AB19D2C107959D671C
                                                              SHA1:690D85FC10AC1A77FD5393FCF21C3467C4105F04
                                                              SHA-256:092870A0090883EDCDB7238B50D1AB98F9F8D9E91828749406C24A2A4FA93485
                                                              SHA-512:04A6E077ACB6D6C679E24AE368A2D644A46F8F6BC8A95110D24A76EE2417FEB24507B6DEA9A1B9F2D0A949B0F17536E91AEDDBF9119FF11BED90FCD6591A61F9
                                                              Malicious:false
                                                              Preview:...@..@...@.....C.].....@................b..HR..............`... ...i.y.........BrowserMetrics......i.y..Yd. .......A...................v.0.....UV&K.k<................UV&K.k<................UMA.PersistentHistograms.InitResult.....8...i.y.[".................................................i.y.Pq.30....}.........117.0.2045.47-64..".en-GB*...Windows NT..10.0.190452l..x86_64..?........".vakhyk20,1(.0..8..B.......2.:.M..BU..Be...?j...GenuineIntel... .. ..........x86_64...J....k..^o..J..l.zL.^o..J...I.r.^o..J....\.^o..J.....f.^o..J....?.^o..P.Z...b.INBXj....... .8.@............./......................w..U].0r........>.........."....."...2...".*.:............B)..1.3.147.37.. .*.RegKeyNotFound2.windowsR...Z.....K7..E@..$...SF@.......Y@.......Y@.......Y@........?........?.................?.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@................Y@.......Y@.......Y@........?........?z...............................................................

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-66D4BE3A-1568.pma

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:data
                                                              Category:dropped
                                                              Size (bytes):4194304
                                                              Entropy (8bit):0.0395102964765284
                                                              Encrypted:false
                                                              SSDEEP:192:5m0EbtmqvDKKXGJLMo4sPqpRX/gg4rfh9rNE3aeu1gQsW1bjpn8y08Tcm2RGOdB:U0Et64osfmhFE6gq1J08T2RGOD
                                                              MD5:FC16E55056F173FBBAD001F597ADDD6A
                                                              SHA1:4797796BD8A192EC9B6208293D045848DEDB29AD
                                                              SHA-256:3F67D388C8785A11A88A24D79022B58FC5BF4C2E848671520E922E978FF60E79
                                                              SHA-512:62C836C010C95C93A193092B27CB4EAE4F62A3BAACE36E526B1B71A6DC39E7803033410D3E2E6B2FD1A72413DA2E96E5ADA2653B0C57C71565C678E4C68C3C49
                                                              Malicious:false
                                                              Preview:...@..@...@.....C.].....@................]...M..............`... ...i.y.........BrowserMetrics......i.y..Yd. .......A...................v.0.....UV&K.k<................UV&K.k<................UMA.PersistentHistograms.InitResult.....8...i.y.[".................................................i.y.Pq.30....}.........117.0.2045.47-64..".en-GB*...Windows NT..10.0.190452l..x86_64..?........".vakhyk20,1(.0..8..B.......2.:.M..BU..Be...?j...GenuineIntel... .. ..........x86_64...J....k..^o..J..l.zL.^o..J...I.r.^o..J....\.^o..J.....f.^o..J....?.^o..P.Z...b.INBXj....... .8.@............./......................w..U].0r........>.........."....."...2...".*.:............B)..1.3.147.37.. .*.RegKeyNotFound2.windowsR...Z.....K7..E@..$...SF@.......Y@.......Y@.......Y@........?........?.................?.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@................Y@.......Y@.......Y@........?........?z...............................................................

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\CrashpadMetrics-active.pma

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:data
                                                              Category:dropped
                                                              Size (bytes):16384
                                                              Entropy (8bit):0.3553968406659012
                                                              Encrypted:false
                                                              SSDEEP:12:biUXhV0xosU8xCe+JKlkQuMRxCb8ZXfgYJ0IJpP0KLsyW1L7Fx6:bFRqxosU8xWMk8xVZ4YWI30otWn
                                                              MD5:CFAB81B800EDABACBF6CB61AA78D5258
                                                              SHA1:2730D4DA1BE7238D701DC84EB708A064B8D1CF27
                                                              SHA-256:452A5479B9A2E03612576C30D30E6F51F51274CD30EF576EA1E71D20C657376F
                                                              SHA-512:EC188B0EE4D3DAABC26799B34EE471BEE988BDD7CEB011ED7DF3D4CF26F98932BBBB4B70DC2B7FD4DF9A3981B3CE22F4B5BE4A0DB97514D526E521575EFB2EC6
                                                              Malicious:false
                                                              Preview:...@.@...@..............@...................................`... ...i.y.........CrashpadMetrics.....i.y..Yd.h.......A.......e............,.........W.......................W....................Microsoft.UMA.PersistentAllocator.CrashpadMetrics.UsedPct.......h...i.y.[".................................!...&...+...0...6...;...@...E...K...P...U...Z...`...e...........i.y..Yd.........A............................E.[4.f..................E.[4.f.................Microsoft.UMA.PersistentAllocator.CrashpadMetrics.Errors............i.y..Yd.........A..................._..-`....h-.....................h-....................Crashpad.HandlerLifetimeMilestone.......0...i.y.[".........................................i.y..Yd.@.......C...........................VM....],................WM....],................Stability.BrowserExitCodes...... ...i.y......VM....],........H...i.y.1U!S............................................................ ...i.y...0...WM....],........................................

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:data
                                                              Category:dropped
                                                              Size (bytes):280
                                                              Entropy (8bit):3.060980776278344
                                                              Encrypted:false
                                                              SSDEEP:3:FiWWltl/9UgBVP/Sh/JzvLi2RRIxINXj1J1:o1//BVsJDG2Yq
                                                              MD5:74B32A83C9311607EB525C6E23854EE0
                                                              SHA1:C345A4A3BB52D7CD94EA63B75A424BE7B52CFCD2
                                                              SHA-256:06509A7E418D9CCE502E897EAEEE8C6E3DCB1D0622B421DD968AF3916A5BFF90
                                                              SHA-512:ADC193A89F0E476E7326B4EA0472814FE6DD0C16FC010AAF7B4CF78567D5DF6A1574C1CE99A63018AFE7E9AD68918147880621A3C00FAA7AD1014A0056B4B9C4
                                                              Malicious:false
                                                              Preview:sdPC......................5.y&.K.?....................................................................................................................................47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=....................48ea0ba2-e9bb-4568-92cb-0f42a5c5d505............

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\043ad7fe-31b7-4917-80cd-9f98ae2b7f20.tmp

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):39660
                                                              Entropy (8bit):5.562221959992098
                                                              Encrypted:false
                                                              SSDEEP:768:ZsFk1x7pLGLvECWPdNfmC8F1+UoAYDCx9Tuqh0VfUC9xbog/OVItG1Vnqrw1V1DF:ZsFk1ncvECWPdNfmCu1ja1tGbnP1VjSw
                                                              MD5:6EC34E09B1604BFE36494ABCFFE0CBE3
                                                              SHA1:4D686DE7295C78AC7EAE9762036545ECD5902761
                                                              SHA-256:72A0A7B992C20415F11F0620C6BEC35DAA044E55861E93B9E53E27E76F8122B8
                                                              SHA-512:A9200DBC2011F0742FD84C1DB8A8A1737BC8A5C1732C806C6732D5499AA797F61AC200664E6523D5B1FAD9775C557CE501251388398167AC74F04DE59391FF34
                                                              Malicious:false
                                                              Preview:{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13369691936105297","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13369691936105297","location":5,"ma

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\066d5289-46b7-4b11-907f-4026c4e7756f.tmp

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):12314
                                                              Entropy (8bit):5.074707420716103
                                                              Encrypted:false
                                                              SSDEEP:192:sVaJ9pQTryZigaba4uyAJb4ryaYW3387pj+F1FQAVtG1f:sVaLA3ujJsryvpU7Qoa
                                                              MD5:B455A28B915C5AF2FC60084F68F510FA
                                                              SHA1:3FEC92DA1A0AACBD9A57B36D835169F5E6BEF3EB
                                                              SHA-256:291211C2BD5D241196DF3CB86A3A278D548C983EA294D4EEFC67293D15A06586
                                                              SHA-512:B35611362824686869B444ECAEC7466075BCC107813F1F255A08A736D66A7047B4CE8FBF824A9D38CE8817C8C92C8CE703F29EA5D60EDC4A1D7C5B09D336D582
                                                              Malicious:false
                                                              Preview:{"aadc_info":{"age_group":0},"account_id_migration_state":2,"account_tracker_service_last_update":"13369691936772833","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117794":{"last_path":""},"380c71d3-10bf-4a5d-9a06-c932e4b7d1d8":{"last_path":""},"3a2f4dee-d482-4ef8-baef-cb22b649608c":{"last_path":""},"3b5ee6f6-5322-4061-81e4-d976818

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\1bcb3170-cc4f-442d-8ace-802717e3a3e0.tmp

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):13577
                                                              Entropy (8bit):5.24076650206815
                                                              Encrypted:false
                                                              SSDEEP:192:sVaJ9pQTryZiuaba4uyAJb4ryCguYYW3387pj+F1FQA4tG1f:sVaLAJujJsryxupU7Qxa
                                                              MD5:0B1FDD3FC39A027CC2F2B82A00530FA8
                                                              SHA1:127941ED8BAF1130140EC1AD22970F326F17A923
                                                              SHA-256:F5B9BD86217A0B5CEEE6B138BF97CDA4D6D44DA94B7DF5C1100AC124C8625F1E
                                                              SHA-512:11F0F8A8D0E5D19F6AD5B9AC6E57D68F93F31B85E576BC515210316FE784B2BAB731D55D4AB1B967E6AB99EF17CA86E165B6CD16688E3ADACCAAC0ECCE2EF1D8
                                                              Malicious:false
                                                              Preview:{"aadc_info":{"age_group":0},"account_id_migration_state":2,"account_tracker_service_last_update":"13369691936772833","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117794":{"last_path":""},"380c71d3-10bf-4a5d-9a06-c932e4b7d1d8":{"last_path":""},"3a2f4dee-d482-4ef8-baef-cb22b649608c":{"last_path":""},"3b5ee6f6-5322-4061-81e4-d976818

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\3c3cb00c-a4f0-406e-a265-25a31b4c54d4.tmp

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):37817
                                                              Entropy (8bit):5.555788773281046
                                                              Encrypted:false
                                                              SSDEEP:768:ZsFk1x7pLGLvECWPdNfmC8F1+UoAYDCx9Tuqh0VfUC9xbog/OVO1Vnqrw1V7DdKE:ZsFk1ncvECWPdNfmCu1jaPbnP1VVStM
                                                              MD5:8B992CA49887BC2E7628F7039468C1F9
                                                              SHA1:C74F055778D9F046B0D668FDBFF6E22DF1792706
                                                              SHA-256:707F2D8424896622D34CC1919F19CB37C74F4EC77DB5872CFA6383B0F3116DA6
                                                              SHA-512:EA92E9D8363C87BE196458B0C76E1460A85EAFBCC6B16A66FA017DDDF0237A4C714957539D39A83732C90AF0ED9B53C67256171C1439E41A4665F92FAE1C3A0E
                                                              Malicious:false
                                                              Preview:{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13369691936105297","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13369691936105297","location":5,"ma

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\74db587a-9296-4c02-9762-af54f6b05cba.tmp

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):13687
                                                              Entropy (8bit):5.239203332993116
                                                              Encrypted:false
                                                              SSDEEP:192:sVaJ9pQTryZiuaba4uyAJb4ryCguYYW3387pj+F1FQAXtG1f:sVaLAJujJsryxupU7Qqa
                                                              MD5:A480D97226F1955C20A2EEE02A56114E
                                                              SHA1:E4EEE896832F8ADDDCAD1A8355EDFE46243A1FDB
                                                              SHA-256:9E9A30D6673E82933E8954F6EDEAF87E7197A5A14BB1AF66731AEA8D80DF27C8
                                                              SHA-512:17BFDC3C46F9D68DC3F52B91EF3CA2FE5C967FD942A3F358E0CDD6CDB55D63F7A0B025F8D3AAD3298A70C4BDA9F5440BE2A309D2BF3D5A1E5C39EE2E6A412373
                                                              Malicious:false
                                                              Preview:{"aadc_info":{"age_group":0},"account_id_migration_state":2,"account_tracker_service_last_update":"13369691936772833","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117794":{"last_path":""},"380c71d3-10bf-4a5d-9a06-c932e4b7d1d8":{"last_path":""},"3a2f4dee-d482-4ef8-baef-cb22b649608c":{"last_path":""},"3b5ee6f6-5322-4061-81e4-d976818

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\000001.dbtmp

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:ASCII text
                                                              Category:dropped
                                                              Size (bytes):16
                                                              Entropy (8bit):3.2743974703476995
                                                              Encrypted:false
                                                              SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                              MD5:46295CAC801E5D4857D09837238A6394
                                                              SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                              SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                              SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                              Malicious:false
                                                              Preview:MANIFEST-000001.

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\000003.log

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:data
                                                              Category:modified
                                                              Size (bytes):1695826
                                                              Entropy (8bit):5.041138795131119
                                                              Encrypted:false
                                                              SSDEEP:24576:1PfQUg6kAdRhiGzmYoAo2ENU0ifYeV3br2M:1PfZ/mS5
                                                              MD5:FF037081884D36A9C219F0A7CC4B1FF5
                                                              SHA1:7348B71E50CB6ADBEBBC979B8495DC8139415438
                                                              SHA-256:1CE2C9B4D89E7662A3407DD7956FB62E2761B8C1073CB9F8EEAE06473B40CE55
                                                              SHA-512:787E38149A2FF07ED85DF45AD15468B17C8B1A0CBB8A79B4870DC0E76B085739B471D860BBD9EE6D5EB4F5259C51CFD13D7C6AF607F58C9C575E4D80D315C902
                                                              Malicious:false
                                                              Preview:...m.................DB_VERSION.1U.].................QUERY_TIMESTAMP:arbitration_priority_list4.*.*.13369691942976897.$QUERY:arbitration_priority_list4.*.*..[{"name":"arbitration_priority_list","url":"https://edgeassetservice.azureedge.net/assets/arbitration_priority_list/4.0.5/asset?assetgroup=ArbitrationService","version":{"major":4,"minor":0,"patch":5},"hash":"2DPW9BV28WrPpgGHdKsEvldNQvD7dA0AAxPa3B/lKN0=","size":11989}]...P.................QUERY_TIMESTAMP:edge_hub_apps_manifest_gz4.7.*.13369691942994009.$QUERY:edge_hub_apps_manifest_gz4.7.*..[{"name":"edge_hub_apps_manifest_gz","url":"https://edgeassetservice.azureedge.net/assets/edge_hub_apps_manifest_gz/4.7.107/asset?assetgroup=Shoreline","version":{"major":4,"minor":7,"patch":107},"hash":"Qoxdh2pZS19o99emYo77uFsfzxtXVDB75kV6eln53YE=","size":1682291}]=_.../..............'ASSET_VERSION:arbitration_priority_list.4.0.5..ASSET:arbitration_priority_list.]{.. "configVersion": 32,.. "PrivilegedExperiences": [.. "ShorelinePrivileged

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\CURRENT (copy)

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:ASCII text
                                                              Category:dropped
                                                              Size (bytes):16
                                                              Entropy (8bit):3.2743974703476995
                                                              Encrypted:false
                                                              SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                              MD5:46295CAC801E5D4857D09837238A6394
                                                              SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                              SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                              SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                              Malicious:false
                                                              Preview:MANIFEST-000001.

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:ASCII text
                                                              Category:dropped
                                                              Size (bytes):293
                                                              Entropy (8bit):5.100488753218957
                                                              Encrypted:false
                                                              SSDEEP:6:PVPJq1wkn23oH+Tcwt9Eh1ZB2KLllVPAq2Pwkn23oH+Tcwt9Eh1tIFUv:PH1fYeb9Eh1ZFLnivYfYeb9Eh16FUv
                                                              MD5:2BAFEF6BC6CD4702FC454DF6E5158BFC
                                                              SHA1:5049B438E8DC42B7E81F625BF3F037BFADECF914
                                                              SHA-256:84BAE0631FD77976C152E22FB7A14B9328BDF9DA63BA600ABDED43964B72168E
                                                              SHA-512:7091211CD464E23301C7EDEB7E6ABE7BD6E9F8CD8F9662F165179A63E88DE09A930E179F4D47A33DBED85A9D39035C88C02AADE85DA68C54FCB0D2305198AC8A
                                                              Malicious:false
                                                              Preview:2024/09/01-15:19:01.471 2140 Creating DB C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db since it was missing..2024/09/01-15:19:01.638 2140 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db/MANIFEST-000001.

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\MANIFEST-000001

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:OpenPGP Secret Key
                                                              Category:dropped
                                                              Size (bytes):41
                                                              Entropy (8bit):4.704993772857998
                                                              Encrypted:false
                                                              SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                                              MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                              SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                              SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                              SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                              Malicious:false
                                                              Preview:.|.."....leveldb.BytewiseComparator......

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AssistanceHome\AssistanceHomeSQLite

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 1
                                                              Category:dropped
                                                              Size (bytes):12288
                                                              Entropy (8bit):0.3202460253800455
                                                              Encrypted:false
                                                              SSDEEP:6:l9bNFlEuWk8TRH9MRumWEyE4gLueXdNOmWxFxCxmWxYgCxmW5y/mWz4ynLAtD/W4:TLiuWkMORuHEyESeXdwDQ3SOAtD/ie
                                                              MD5:40B18EC43DB334E7B3F6295C7626F28D
                                                              SHA1:0E46584B0E0A9703C6B2EC1D246F41E63AF2296F
                                                              SHA-256:85E961767239E90A361FB6AA0A3FD9DAA57CAAF9E30599BB70124F1954B751C8
                                                              SHA-512:8BDACDC4A9559E4273AD01407D5D411035EECD927385A51172F401558444AD29B5AD2DC5562D1101244665EBE86BBDDE072E75ECA050B051482005EB6A52CDBD
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DIPS

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 1
                                                              Category:dropped
                                                              Size (bytes):28672
                                                              Entropy (8bit):0.46555960941312247
                                                              Encrypted:false
                                                              SSDEEP:24:TLi5YFQq3qh7z3WMYziciNW9WkZ96UwOfBNjPb2:TouQq3qh7z3bY2LNW9WMcUvB5b2
                                                              MD5:4DE37E71BC9610EAFE634C46ADD6A7F0
                                                              SHA1:03765165C692F7FF8D298CE431290F5545F12511
                                                              SHA-256:BDA049D90BB3ACBEF6ED72D5EB9C4B562A27DA4CA0C7F1DDDBB3C0C0B70F9977
                                                              SHA-512:EEFCB8D5555131ADA7E314D943A115BF688A8BFCE254C502A5348D85738349FB57CECD078832A5D4FCBED8D9903B83A225204E0EFEA3C01395AE255760D05536
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ ..........................................................................j..........g.....8...n................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DawnCache\data_0

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:FoxPro FPT, blocks size 512, next free block index 3284796609, field type 0
                                                              Category:dropped
                                                              Size (bytes):8192
                                                              Entropy (8bit):0.01057775872642915
                                                              Encrypted:false
                                                              SSDEEP:3:MsFl:/F
                                                              MD5:CF89D16BB9107C631DAABF0C0EE58EFB
                                                              SHA1:3AE5D3A7CF1F94A56E42F9A58D90A0B9616AE74B
                                                              SHA-256:D6A5FE39CD672781B256E0E3102F7022635F1D4BB7CFCC90A80FFFE4D0F3877E
                                                              SHA-512:8CB5B059C8105EB91E74A7D5952437AAA1ADA89763C5843E7B0F1B93D9EBE15ED40F287C652229291FAC02D712CF7FF5ECECEF276BA0D7DDC35558A3EC3F77B0
                                                              Malicious:false
                                                              Preview:............$...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DawnCache\data_1

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:data
                                                              Category:dropped
                                                              Size (bytes):270336
                                                              Entropy (8bit):8.280239615765425E-4
                                                              Encrypted:false
                                                              SSDEEP:3:MsEllllkEthXllkl2:/M/xT02
                                                              MD5:D0D388F3865D0523E451D6BA0BE34CC4
                                                              SHA1:8571C6A52AACC2747C048E3419E5657B74612995
                                                              SHA-256:902F30C1FB0597D0734BC34B979EC5D131F8F39A4B71B338083821216EC8D61B
                                                              SHA-512:376011D00DE659EB6082A74E862CFAC97A9BB508E0B740761505142E2D24EC1C30AA61EFBC1C0DD08FF0F34734444DE7F77DD90A6CA42B48A4C7FAD5F0BDDD17
                                                              Malicious:false
                                                              Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DawnCache\data_2

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:data
                                                              Category:dropped
                                                              Size (bytes):8192
                                                              Entropy (8bit):0.011852361981932763
                                                              Encrypted:false
                                                              SSDEEP:3:MsHlDll:/H
                                                              MD5:0962291D6D367570BEE5454721C17E11
                                                              SHA1:59D10A893EF321A706A9255176761366115BEDCB
                                                              SHA-256:EC1702806F4CC7C42A82FC2B38E89835FDE7C64BB32060E0823C9077CA92EFB7
                                                              SHA-512:F555E961B69E09628EAF9C61F465871E6984CD4D31014F954BB747351DAD9CEA6D17C1DB4BCA2C1EB7F187CB5F3C0518748C339C8B43BBD1DBD94AEAA16F58ED
                                                              Malicious:false
                                                              Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DawnCache\data_3

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:data
                                                              Category:dropped
                                                              Size (bytes):8192
                                                              Entropy (8bit):0.012340643231932763
                                                              Encrypted:false
                                                              SSDEEP:3:MsGl3ll:/y
                                                              MD5:41876349CB12D6DB992F1309F22DF3F0
                                                              SHA1:5CF26B3420FC0302CD0A71E8D029739B8765BE27
                                                              SHA-256:E09F42C398D688DCE168570291F1F92D079987DEDA3099A34ADB9E8C0522B30C
                                                              SHA-512:E9A4FC1F7CB6AE2901F8E02354A92C4AAA7A53C640DCF692DB42A27A5ACC2A3BFB25A0DE0EB08AB53983132016E7D43132EA4292E439BB636AAFD53FB6EF907E
                                                              Malicious:false
                                                              Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DawnCache\index

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:FoxPro FPT, blocks size 768, next free block index 3284796353, field type 0
                                                              Category:dropped
                                                              Size (bytes):262512
                                                              Entropy (8bit):9.553120663130604E-4
                                                              Encrypted:false
                                                              SSDEEP:3:LsNlr:Ls3
                                                              MD5:F4A9DCB33215C04CC6C2DCA3AF582F4B
                                                              SHA1:73ABAFAC70E371304E8AACAE38B6F16A8B41C20E
                                                              SHA-256:6102458E166F929504406B1BFF333CEC81080EA2D1F117AAE13A6E2F8F7DF32F
                                                              SHA-512:FC1AFE47395F3D9E91AF46E2787D4DA8216E4021DE8E5FB9C9E04ECA9BB763C1FCE3C7F1F8FB97A5C74CA1F98B53ADC2BC5012EEE9E766A447796201EFE72AC2
                                                              Malicious:false
                                                              Preview:.........................................'..../.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\000001.dbtmp

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:ASCII text
                                                              Category:dropped
                                                              Size (bytes):16
                                                              Entropy (8bit):3.2743974703476995
                                                              Encrypted:false
                                                              SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                              MD5:46295CAC801E5D4857D09837238A6394
                                                              SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                              SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                              SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                              Malicious:false
                                                              Preview:MANIFEST-000001.

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\000003.log

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:data
                                                              Category:dropped
                                                              Size (bytes):33
                                                              Entropy (8bit):3.5394429593752084
                                                              Encrypted:false
                                                              SSDEEP:3:iWstvhYNrkUn:iptAd
                                                              MD5:F27314DD366903BBC6141EAE524B0FDE
                                                              SHA1:4714D4A11C53CF4258C3A0246B98E5F5A01FBC12
                                                              SHA-256:68C7AD234755B9EDB06832A084D092660970C89A7305E0C47D327B6AC50DD898
                                                              SHA-512:07A0D529D9458DE5E46385F2A9D77E0987567BA908B53DDB1F83D40D99A72E6B2E3586B9F79C2264A83422C4E7FC6559CAC029A6F969F793F7407212BB3ECD51
                                                              Malicious:false
                                                              Preview:...m.................DB_VERSION.1

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\CURRENT (copy)

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:ASCII text
                                                              Category:dropped
                                                              Size (bytes):16
                                                              Entropy (8bit):3.2743974703476995
                                                              Encrypted:false
                                                              SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                              MD5:46295CAC801E5D4857D09837238A6394
                                                              SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                              SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                              SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                              Malicious:false
                                                              Preview:MANIFEST-000001.

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\LOG

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:ASCII text
                                                              Category:dropped
                                                              Size (bytes):305
                                                              Entropy (8bit):5.207366309718401
                                                              Encrypted:false
                                                              SSDEEP:6:PVPdQP3M1wkn23oH+TcwtnG2tbB2KLllVPdQo4ROq2Pwkn23oH+TcwtnG2tMsIF2:PHM3rfYebn9VFLnHLcOvYfYebn9GFUv
                                                              MD5:B1ADE3EDD5C0CAC62DC137E815775086
                                                              SHA1:052944BA3EE303CB1CADF1CABF4A70FBB3147240
                                                              SHA-256:C28847B472635945FC0CD39455C6AAD358AD880816CD2919BA2DF91F00BB634D
                                                              SHA-512:43E89E7D646D8D195D35886D52A3185F7EDF5B410CD7F2DBB3F696F01C675F95F911EFD4528DFE88FE8564192E61BF7BDD521195095CAD77C9E13E6CDFCAF2AD
                                                              Malicious:false
                                                              Preview:2024/09/01-15:18:56.131 1d14 Creating DB C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons/coupons_data.db since it was missing..2024/09/01-15:18:56.149 1d14 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons/coupons_data.db/MANIFEST-000001.

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\MANIFEST-000001

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:OpenPGP Secret Key
                                                              Category:dropped
                                                              Size (bytes):41
                                                              Entropy (8bit):4.704993772857998
                                                              Encrypted:false
                                                              SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                                              MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                              SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                              SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                              SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                              Malicious:false
                                                              Preview:.|.."....leveldb.BytewiseComparator......

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeEDrop\EdgeEDropSQLite.db

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 14, database pages 8, cookie 0xe, schema 4, UTF-8, version-valid-for 14
                                                              Category:dropped
                                                              Size (bytes):32768
                                                              Entropy (8bit):0.494709561094235
                                                              Encrypted:false
                                                              SSDEEP:24:TLEC30OIcqIn2o0FUFlA2cs0US5S693Xlej2:ThLaJUnAg0UB6I
                                                              MD5:CF7760533536E2AF66EA68BC3561B74D
                                                              SHA1:E991DE2EA8F42AE7E0A96A3B3B8AF87A689C8CCD
                                                              SHA-256:E1F183FAE5652BA52F5363A7E28BF62B53E7781314C9AB76B5708AF9918BE066
                                                              SHA-512:38B15FE7503F6DFF9D39BC74AA0150A7FF038029F973BE9A37456CDE6807BCBDEAB06E624331C8DFDABE95A5973B0EE26A391DB2587E614A37ADD50046470162
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ ..........................................................................j...i............t...c................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeHubAppUsage\EdgeHubAppUsageSQLite.db

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 5, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 5
                                                              Category:dropped
                                                              Size (bytes):20480
                                                              Entropy (8bit):0.6145626467895939
                                                              Encrypted:false
                                                              SSDEEP:24:TLqpR+DDNzWjJ0npnyXKUO8+jk0n6pdnRmL:Te8D4jJ/6Up+vnKn2
                                                              MD5:69D5CDC2C326A3FDA34ED12646013CA7
                                                              SHA1:1D47EFCAD3BB16936D1AE89AF974659F53F80E4B
                                                              SHA-256:08C50248566B13520311C274C188E06AB3BBDF79E7C371D36E3F101B82115347
                                                              SHA-512:29FF2C3C377C51B7545558C5F13EF68063A93AA5790138301CE741DA81D817C45E762772D3CFB6CD34F1BD7C4A09C4B9B9161A39A2C15784C08E086E148DF9C9
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ ..........................................................................j...%.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\000001.dbtmp

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:ASCII text
                                                              Category:dropped
                                                              Size (bytes):16
                                                              Entropy (8bit):3.2743974703476995
                                                              Encrypted:false
                                                              SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                              MD5:46295CAC801E5D4857D09837238A6394
                                                              SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                              SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                              SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                              Malicious:false
                                                              Preview:MANIFEST-000001.

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\000003.log

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:data
                                                              Category:dropped
                                                              Size (bytes):375520
                                                              Entropy (8bit):5.354171808360095
                                                              Encrypted:false
                                                              SSDEEP:6144:MA/imBpx6WdPSxKWcHu5MURacq49QxxPnyEndBuHltBfdK5WNbsVEziP/CfXtLPz:MFdMyq49tEndBuHltBfdK5WNbsVEziPU
                                                              MD5:A27E164DD68F6A3715C61CAB1FD9F4BE
                                                              SHA1:0F979E532FCA68432730A4D92506EA9026A41769
                                                              SHA-256:079F3E170D54D792E0D850020E237BFFD3E03683A9257E0E356C2C814F89385A
                                                              SHA-512:4A4026EB89729E8CF007D1414B92705B7E35204C3BFF83637766D13AB8E019B85C3D5EFBFD4569FDFECDB064D3F2C4B8A00D11D32DCEF670AFB6228249910C88
                                                              Malicious:false
                                                              Preview:...m.................DB_VERSION.1....q...............&QUERY_TIMESTAMP:domains_config_gz2.*.*.13369691942965981..QUERY:domains_config_gz2.*.*..[{"name":"domains_config_gz","url":"https://edgeassetservice.azureedge.net/assets/domains_config_gz/2.8.76/asset?assetgroup=EntityExtractionDomainsConfig","version":{"major":2,"minor":8,"patch":76},"hash":"78Xsq/1H+MXv88uuTT1Rx79Nu2ryKVXh2J6ZzLZd38w=","size":374872}]..*.`~...............ASSET_VERSION:domains_config_gz.2.8.76..ASSET:domains_config_gz...{"config": {"token_limit": 1600, "page_cutoff": 4320, "default_locale_map": {"bg": "bg-bg", "bs": "bs-ba", "el": "el-gr", "en": "en-us", "es": "es-mx", "et": "et-ee", "cs": "cs-cz", "da": "da-dk", "de": "de-de", "fa": "fa-ir", "fi": "fi-fi", "fr": "fr-fr", "he": "he-il", "hr": "hr-hr", "hu": "hu-hu", "id": "id-id", "is": "is-is", "it": "it-it", "ja": "ja-jp", "ko": "ko-kr", "lv": "lv-lv", "lt": "lt-lt", "mk": "mk-mk", "nl": "nl-nl", "nb": "nb-no", "no": "no-no", "pl": "pl-pl", "pt": "pt-pt", "ro": "

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\CURRENT (copy)

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:ASCII text
                                                              Category:dropped
                                                              Size (bytes):16
                                                              Entropy (8bit):3.2743974703476995
                                                              Encrypted:false
                                                              SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                              MD5:46295CAC801E5D4857D09837238A6394
                                                              SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                              SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                              SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                              Malicious:false
                                                              Preview:MANIFEST-000001.

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\LOG

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:ASCII text
                                                              Category:dropped
                                                              Size (bytes):309
                                                              Entropy (8bit):5.172665390972963
                                                              Encrypted:false
                                                              SSDEEP:6:PVPcXrR1wkn23oH+Tcwtk2WwnvB2KLllVPtmQ+q2Pwkn23oH+Tcwtk2WwnvIFUv:Pab0fYebkxwnvFLnyvYfYebkxwnQFUv
                                                              MD5:FE0716A43DEA2DB1915D5B43A63C0330
                                                              SHA1:D0BAF6D8EFEABE7E68E2E5AD65233C2E140C2BA6
                                                              SHA-256:AC60827C2CE9CE393FFE9689A0DBB9B61C9772265270E365964FBE0EDACD382A
                                                              SHA-512:805419BCB499554E220F303A004C2DC0B476F97E029FA2968449BF8544EA7DAF3E5EA355CEC406E82692E654768700E758258DD81628BD19E3A1A09D7A7A7D3F
                                                              Malicious:false
                                                              Preview:2024/09/01-15:19:01.391 2248 Creating DB C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtractionAssetStore.db since it was missing..2024/09/01-15:19:01.415 2248 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtractionAssetStore.db/MANIFEST-000001.

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\MANIFEST-000001

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:OpenPGP Secret Key
                                                              Category:dropped
                                                              Size (bytes):41
                                                              Entropy (8bit):4.704993772857998
                                                              Encrypted:false
                                                              SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                                              MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                              SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                              SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                              SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                              Malicious:false
                                                              Preview:.|.."....leveldb.BytewiseComparator......

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\domains_config.json

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:modified
                                                              Size (bytes):358860
                                                              Entropy (8bit):5.324619303727684
                                                              Encrypted:false
                                                              SSDEEP:6144:CgimBVvUrsc6rRA81b/18jyJNjfvrfM6RH:C1gAg1zfvf
                                                              MD5:ABA5417DC0FCF12BFB5CB625937C5E8B
                                                              SHA1:C9A865B5ED54E28F744EBD4F981ED154D0BE0DBE
                                                              SHA-256:0F8F82CB7D07DB645981FC9C690BAB2882D9B1CDF435A8EF8E20CC3908B525F0
                                                              SHA-512:B2E6FCD65AC5682276E3BE94DFCD5FEA6CCF76631B5B852CF2E576894BDC08C38B006D78B2EE8056FC50DF08EB14237722DCC81DD3B065F064334BFFAF4E53C7
                                                              Malicious:false
                                                              Preview:{"aee_config":{"ar":{"price_regex":{"ae":"(((ae|aed|\\x{062F}\\x{0660}\\x{0625}\\x{0660}|\\x{062F}\\.\\x{0625}|dhs|dh)\\s*\\d{1,3})|(\\d{1,3}\\s*(ae|aed|\\x{062F}\\x{0660}\\x{0625}\\x{0660}|\\x{062F}\\.\\x{0625}|dhs|dh)))","dz":"(((dzd|da|\\x{062F}\\x{062C})\\s*\\d{1,3})|(\\d{1,3}\\s*(dzd|da|\\x{062F}\\x{062C})))","eg":"(((e\\x{00a3}|egp)\\s*\\d{1,3})|(\\d{1,3}\\s*(e\\x{00a3}|egp)))","ma":"(((mad|dhs|dh)\\s*\\d{1,3})|(\\d{1,3}\\s*(mad|dhs|dh)))","sa":"((\\d{1,3}\\s*(sar\\s*\\x{fdfc}|sar|sr|\\x{fdfc}|\\.\\x{0631}\\.\\x{0633}))|((sar\\s*\\x{fdfc}|sar|sr|\\x{fdfc}|\\.\\x{0631}\\.\\x{0633})\\s*\\d{1,3}))"},"product_terms":"((\\x{0623}\\x{0636}\\x{0641}\\s*\\x{0625}\\x{0644}\\x{0649}\\s*\\x{0627}\\x{0644}\\x{0639}\\x{0631}\\x{0628}\\x{0629})|(\\x{0623}\\x{0636}\\x{0641}\\s*\\x{0625}\\x{0644}\\x{0649}\\s*\\x{0627}\\x{0644}\\x{062D}\\x{0642}\\x{064A}\\x{0628}\\x{0629})|(\\x{0627}\\x{0634}\\x{062A}\\x{0631}\\x{064A}\\s*\\x{0627}\\x{0644}\\x{0622}\\x{0646})|(\\x{062E}\\x{064A}\\x{0627}\\x{0631}

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\000001.dbtmp

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:ASCII text
                                                              Category:dropped
                                                              Size (bytes):16
                                                              Entropy (8bit):3.2743974703476995
                                                              Encrypted:false
                                                              SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                              MD5:46295CAC801E5D4857D09837238A6394
                                                              SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                              SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                              SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                              Malicious:false
                                                              Preview:MANIFEST-000001.

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\000003.log

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:data
                                                              Category:dropped
                                                              Size (bytes):209
                                                              Entropy (8bit):1.8784775129881184
                                                              Encrypted:false
                                                              SSDEEP:3:FQxlXNQxlXNQxlXNQxlXNQxlXNQxlXNQxlXNQxlXNQxlXNQxlXNQxlX:qTCTCTCTCTCTCTCTCTCTCT
                                                              MD5:478D49D9CCB25AC14589F834EA70FB9E
                                                              SHA1:5D30E87D66E279F8815AFFE4C691AAF1D577A21E
                                                              SHA-256:BB6CC6DF54CF476D95409032C79E065F4E10D512E73F7E16018E550456F753D5
                                                              SHA-512:FB5431054A23D3C532568B1F150873D9130DBC4A88BE19BC2A4907D0DC2888C5B55993154EAD4A6C466E2173092B8705684A6802B850F051639E1F2457387471
                                                              Malicious:false
                                                              Preview:.f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5...............

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\CURRENT (copy)

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:ASCII text
                                                              Category:dropped
                                                              Size (bytes):16
                                                              Entropy (8bit):3.2743974703476995
                                                              Encrypted:false
                                                              SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                              MD5:46295CAC801E5D4857D09837238A6394
                                                              SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                              SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                              SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                              Malicious:false
                                                              Preview:MANIFEST-000001.

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\LOG

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:ASCII text
                                                              Category:dropped
                                                              Size (bytes):281
                                                              Entropy (8bit):5.196007109283005
                                                              Encrypted:false
                                                              SSDEEP:6:PVPdQoBY81wkn23oH+Tcwt8aVdg2KLllVPdQv+q2Pwkn23oH+Tcwt8aPrqIFUv:PHL6bfYeb0LnHU+vYfYebL3FUv
                                                              MD5:87D5EDE840FB09AB881F327228AB7CB6
                                                              SHA1:96616765BBA3684303E4B2D4F185E506EA88251F
                                                              SHA-256:8CEB566D57760CBB4075367D56D054B06DB8CA0380B53483C6E1910DCF0B7439
                                                              SHA-512:F2040F9C2F571433FE3F2180B66AE9373BC948F99AB995FD423BDAC2FB605EF6857A882FD95B50AEF5818B56663602A415238E0E84767A3AAE1630D343DF2F9F
                                                              Malicious:false
                                                              Preview:2024/09/01-15:18:56.145 1d3c Creating DB C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules since it was missing..2024/09/01-15:18:56.159 1d3c Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules/MANIFEST-000001.

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\MANIFEST-000001

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:OpenPGP Secret Key
                                                              Category:dropped
                                                              Size (bytes):41
                                                              Entropy (8bit):4.704993772857998
                                                              Encrypted:false
                                                              SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                                              MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                              SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                              SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                              SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                              Malicious:false
                                                              Preview:.|.."....leveldb.BytewiseComparator......

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\000001.dbtmp

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:ASCII text
                                                              Category:dropped
                                                              Size (bytes):16
                                                              Entropy (8bit):3.2743974703476995
                                                              Encrypted:false
                                                              SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                              MD5:46295CAC801E5D4857D09837238A6394
                                                              SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                              SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                              SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                              Malicious:false
                                                              Preview:MANIFEST-000001.

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\000003.log

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:data
                                                              Category:dropped
                                                              Size (bytes):209
                                                              Entropy (8bit):1.8784775129881184
                                                              Encrypted:false
                                                              SSDEEP:3:FQxlXNQxlXNQxlXNQxlXNQxlXNQxlXNQxlXNQxlXNQxlXNQxlXNQxlX:qTCTCTCTCTCTCTCTCTCTCT
                                                              MD5:478D49D9CCB25AC14589F834EA70FB9E
                                                              SHA1:5D30E87D66E279F8815AFFE4C691AAF1D577A21E
                                                              SHA-256:BB6CC6DF54CF476D95409032C79E065F4E10D512E73F7E16018E550456F753D5
                                                              SHA-512:FB5431054A23D3C532568B1F150873D9130DBC4A88BE19BC2A4907D0DC2888C5B55993154EAD4A6C466E2173092B8705684A6802B850F051639E1F2457387471
                                                              Malicious:false
                                                              Preview:.f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5...............

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\CURRENT (copy)

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:ASCII text
                                                              Category:dropped
                                                              Size (bytes):16
                                                              Entropy (8bit):3.2743974703476995
                                                              Encrypted:false
                                                              SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                              MD5:46295CAC801E5D4857D09837238A6394
                                                              SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                              SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                              SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                              Malicious:false
                                                              Preview:MANIFEST-000001.

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\LOG

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:ASCII text
                                                              Category:dropped
                                                              Size (bytes):285
                                                              Entropy (8bit):5.188667941751514
                                                              Encrypted:false
                                                              SSDEEP:6:PVPdQqySm81wkn23oH+Tcwt86FB2KLllVPdQl+q2Pwkn23oH+Tcwt865IFUv:PHcbfYeb/FFLnHu+vYfYeb/WFUv
                                                              MD5:127F26DD07C5A92965FDA138A6D987C2
                                                              SHA1:7EE842A82FBEA1D9AEEAE9AAB355A175194F5EC5
                                                              SHA-256:136F5373F6B8CF49BBE68281D5F25AE92993DC3E0081BE308D25A77A91068C73
                                                              SHA-512:0E875213F13C849B5F551615D87B031BC8D77D3DC32CECA40C561E42EEB6F2AC446D5F60221DCA3AEAEE16CC288CCF7EB654D328E50860ACFA4308A234E4925C
                                                              Malicious:false
                                                              Preview:2024/09/01-15:18:56.161 1d3c Creating DB C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts since it was missing..2024/09/01-15:18:56.175 1d3c Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts/MANIFEST-000001.

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\MANIFEST-000001

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:OpenPGP Secret Key
                                                              Category:dropped
                                                              Size (bytes):41
                                                              Entropy (8bit):4.704993772857998
                                                              Encrypted:false
                                                              SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                                              MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                              SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                              SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                              SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                              Malicious:false
                                                              Preview:.|.."....leveldb.BytewiseComparator......

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\000003.log

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:data
                                                              Category:dropped
                                                              Size (bytes):1197
                                                              Entropy (8bit):1.8784775129881184
                                                              Encrypted:false
                                                              SSDEEP:12:qWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWW:
                                                              MD5:A2A3B1383E3AAC2430F44FC7BF3E447E
                                                              SHA1:B807210A1205126A107A5FE25F070D2879407AA4
                                                              SHA-256:90685D4E050DA5B6E6F7A42A1EE21264A68F1734FD3BD4A0E044BB53791020A2
                                                              SHA-512:396FAB9625A2FF396222DBC86A0E2CDE724C83F3130EE099F2872AED2F2F2ECE13B0853D635F589B70BD1B5E586C05A3231D68CAF9E46B6E2DAC105A10D0A1C8
                                                              Malicious:false
                                                              Preview:.f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5........

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:ASCII text
                                                              Category:dropped
                                                              Size (bytes):322
                                                              Entropy (8bit):5.208610533452964
                                                              Encrypted:false
                                                              SSDEEP:6:PVPdQPA+q2Pwkn23oH+Tcwt8NIFUt82VPdQimZmw+2VPdQeNVkwOwkn23oH+TcwY:PHavYfYebpFUt82HHm/+2Hjz5JfYebqJ
                                                              MD5:B5AC21E08C3595C29707B08D9C7B5218
                                                              SHA1:723F525FF02B4AB421BAC2CB0C2258419813D61F
                                                              SHA-256:ADE76ADA35C29E7B25C979F95C5C2BD309C223B414F4A9D27E4B025033D14062
                                                              SHA-512:2DEE312E12E9DAF45A79D667F281F74076E73F98046BE47CE676B5DF2C812C5EF4157C5CAA29F21007EAE638B2EAB90393F9E9777FE9C93674C9A7A686BFDD60
                                                              Malicious:false
                                                              Preview:2024/09/01-15:18:57.067 1ca8 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State/MANIFEST-000001.2024/09/01-15:18:57.068 1ca8 Recovering log #3.2024/09/01-15:18:57.069 1ca8 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State/000003.log .

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG.old (copy)

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:ASCII text
                                                              Category:dropped
                                                              Size (bytes):322
                                                              Entropy (8bit):5.208610533452964
                                                              Encrypted:false
                                                              SSDEEP:6:PVPdQPA+q2Pwkn23oH+Tcwt8NIFUt82VPdQimZmw+2VPdQeNVkwOwkn23oH+TcwY:PHavYfYebpFUt82HHm/+2Hjz5JfYebqJ
                                                              MD5:B5AC21E08C3595C29707B08D9C7B5218
                                                              SHA1:723F525FF02B4AB421BAC2CB0C2258419813D61F
                                                              SHA-256:ADE76ADA35C29E7B25C979F95C5C2BD309C223B414F4A9D27E4B025033D14062
                                                              SHA-512:2DEE312E12E9DAF45A79D667F281F74076E73F98046BE47CE676B5DF2C812C5EF4157C5CAA29F21007EAE638B2EAB90393F9E9777FE9C93674C9A7A686BFDD60
                                                              Malicious:false
                                                              Preview:2024/09/01-15:18:57.067 1ca8 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State/MANIFEST-000001.2024/09/01-15:18:57.068 1ca8 Recovering log #3.2024/09/01-15:18:57.069 1ca8 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State/000003.log .

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\ExtensionActivityComp

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 1, cookie 0x1, schema 4, UTF-8, version-valid-for 1
                                                              Category:dropped
                                                              Size (bytes):4096
                                                              Entropy (8bit):0.3169096321222068
                                                              Encrypted:false
                                                              SSDEEP:3:lSWbNFl/sl+ltl4ltllOl83/XWEEabIDWzdWuAzTgdWj3FtFIU:l9bNFlEs1ok8fDEPDadUTgd81Z
                                                              MD5:2554AD7847B0D04963FDAE908DB81074
                                                              SHA1:F84ABD8D05D7B0DFB693485614ECF5204989B74A
                                                              SHA-256:F6EF01E679B9096A7D8A0BD8151422543B51E65142119A9F3271F25F966E6C42
                                                              SHA-512:13009172518387D77A67BBF86719527077BE9534D90CB06E7F34E1CCE7C40B49A185D892EE859A8BAFB69D5EBB6D667831A0FAFBA28AC1F44570C8B68F8C90A4
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\ExtensionActivityEdge

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 2, database pages 8, cookie 0x8, schema 4, UTF-8, version-valid-for 2
                                                              Category:dropped
                                                              Size (bytes):32768
                                                              Entropy (8bit):0.40981274649195937
                                                              Encrypted:false
                                                              SSDEEP:24:TL1WK3iOvwxwwweePKmJIOAdQBVA/kjo/TJZwJ9OV3WOT/5eQQ:Tmm+/9ZW943WOT/
                                                              MD5:1A7F642FD4F71A656BE75B26B2D9ED79
                                                              SHA1:51BBF587FB0CCC2D726DDB95C96757CC2854CFAD
                                                              SHA-256:B96B6DDC10C29496069E16089DB0AB6911D7C13B82791868D583897C6D317977
                                                              SHA-512:FD14EADCF5F7AB271BE6D8EF682977D1A0B5199A142E4AB353614F2F96AE9B49A6F35A19CC237489F297141994A4A16B580F88FAC44486FCB22C05B2F1C3F7D1
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ ..........................................................................j............M.....8...b..............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha\1.2.1_0\_metadata\computed_hashes.json

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):429
                                                              Entropy (8bit):5.809210454117189
                                                              Encrypted:false
                                                              SSDEEP:6:Y8U0vEjrAWT0VAUD9lpMXO4SrqiweVHUSENjrAWT0HQQ9/LZyVMQ3xqiweVHlrSQ:Y8U5j0pqCjJA7tNj0pHx/LZ4hcdQ
                                                              MD5:5D1D9020CCEFD76CA661902E0C229087
                                                              SHA1:DCF2AA4A1C626EC7FFD9ABD284D29B269D78FCB6
                                                              SHA-256:B829B0DF7E3F2391BFBA70090EB4CE2BA6A978CCD665EEBF1073849BDD4B8FB9
                                                              SHA-512:5F6E72720E64A7AC19F191F0179992745D5136D41DCDC13C5C3C2E35A71EB227570BD47C7B376658EF670B75929ABEEBD8EF470D1E24B595A11D320EC1479E3C
                                                              Malicious:false
                                                              Preview:{"file_hashes":[{"block_hashes":["OdZL4YFLwCTKbdslekC6/+U9KTtDUk+T+nnpVOeRzUc=","6RbL+qKART8FehO4s7U0u67iEI8/jaN+8Kg3kII+uy4=","CuN6+RcZAysZCfrzCZ8KdWDkQqyaIstSrcmsZ/c2MVs="],"block_size":4096,"path":"content.js"},{"block_hashes":["OdZL4YFLwCTKbdslekC6/+U9KTtDUk+T+nnpVOeRzUc=","UL53sQ5hOhAmII/Yx6muXikzahxM+k5gEmVOh7xJ3Rw=","u6MdmVNzBUfDzMwv2LEJ6pXR8k0nnvpYRwOL8aApwP8="],"block_size":4096,"path":"content_new.js"}],"version":2}

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Favicons

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 2, database pages 10, cookie 0x8, schema 4, UTF-8, version-valid-for 2
                                                              Category:dropped
                                                              Size (bytes):20480
                                                              Entropy (8bit):2.4446734522924625
                                                              Encrypted:false
                                                              SSDEEP:48:0Bmw6fU1zBP2Ry+S6uK2FS92IyaSyh+Ybrz1LMpbp+2gjGCHkJ/AztYZIHfmlhlY:0BCyGyM+elS9nsH4/AztcVuuoKwnXJR
                                                              MD5:E394F07BE8370054DE01988628B02D93
                                                              SHA1:3B5D9BBE0CF34C5E01C527DAF31D00BFA40A8CFA
                                                              SHA-256:26026568868D282B04A32718A60202B4FDDAA0AE6B53C9047167A66C1E7C4F81
                                                              SHA-512:E154560001F01CC870449556AAD06733060282D2C837EE3D5E2B135124734D8BDD7D286A32DD16A53CF2E46FD05F5617AC440385287B63674CEC9C865D670714
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ ..........................................................................j..........g....._.c...~.2.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................s...;+...indexfavicon_bitmaps_icon_idfavico

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 39, 1st free page 10, free pages 4, cookie 0x45, schema 4, UTF-8, version-valid-for 4
                                                              Category:dropped
                                                              Size (bytes):159744
                                                              Entropy (8bit):0.6465572850918667
                                                              Encrypted:false
                                                              SSDEEP:96:TcTjGU+bGzPDLjGQLBE3up+U0jBo4tgi3JMe9xJDECVjNCnXi:TMx+GPXBBE3upb0HtTTDxVj4X
                                                              MD5:766DA1C2675B7765258849F6D613D211
                                                              SHA1:F46C7A060F6D8F68B83EA59295DE88C981D05CF4
                                                              SHA-256:478923C0A72D7D6FB1105CB0C4667CB0E337610EA8CC1F5276292ACAC2442EA2
                                                              SHA-512:6A5907D53326F5BB991205A92E217EEB9F1CFCB462C347ADF5F670AD7329830EB47EED63B8D1DA2F7F68A0BF14BF09C84C3801B483E89DF1909B6A7510A21D16
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ .......'...........E......................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History-journal

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:data
                                                              Category:dropped
                                                              Size (bytes):8720
                                                              Entropy (8bit):0.32872990409968056
                                                              Encrypted:false
                                                              SSDEEP:6:TiA/J3+t76Y4QZZofU99pO0BYukqR4EZY4QZvGJ:fhHQws9LdZjBQZGJ
                                                              MD5:730479FC4EA382100E0E5A400DF6DE53
                                                              SHA1:3DC635FFB783BE6124DED9A74D71ACD9E9BF3691
                                                              SHA-256:A14B05BF016AF4E51F48911C35E03D8C96C6767AF93FEFA9754ED5412B222329
                                                              SHA-512:072B3B3FDFCE0AE4EBFD1989CCE3C9064F169F3B480AB049993E3C6EB86559E7FD598D29C9F0116B6834B93796C4A29F0B135310B26BCA98AE42DE658603D59A
                                                              Malicious:false
                                                              Preview:............k.[....'....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HubApps (copy)

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:ASCII text, with very long lines (1597), with CRLF line terminators
                                                              Category:dropped
                                                              Size (bytes):115717
                                                              Entropy (8bit):5.183660917461099
                                                              Encrypted:false
                                                              SSDEEP:1536:utDURN77GZqW3v6PD/469IxVBmB22q7LRks3swn0:utAaE2Jt0
                                                              MD5:3D8183370B5E2A9D11D43EBEF474B305
                                                              SHA1:155AB0A46E019E834FA556F3D818399BFF02162B
                                                              SHA-256:6A30BADAD93601FC8987B8239D8907BCBE65E8F1993E4D045D91A77338A2A5B4
                                                              SHA-512:B7AD04F10CD5DE147BDBBE2D642B18E9ECB2D39851BE1286FDC65FF83985EA30278C95263C98999B6D94683AE1DB86436877C30A40992ACA1743097A2526FE81
                                                              Malicious:false
                                                              Preview:{.. "current_locale": "en-GB",.. "hub_apps": [ {.. "auto_show": {.. "enabled": true,.. "fre_notification": {.. "enabled": true,.. "header": "Was opening this pane helpful to you?",.. "show_count": 2,.. "text": "Was opening this pane helpful to you?".. },.. "settings_description": "We'll automatically open Bing Chat in the sidebar to show you relevant web experiences alongside your web content",.. "settings_title": "Automatically open Bing Chat in the sidebar",.. "triggering_configs|flight:msHubAppsMsnArticleAutoShowTriggering": [ {.. "show_count_basis": "signal",.. "signal_name": "IsMsnArticleAutoOpenFromP1P2",.. "signal_threshold": 0.5.. } ],.. "triggering_configs|flight:msUndersidePersistentChat": [ {.. "signal_name": "IsUndersidePersistentChatLink",.. "signal_threshold": 0.5.. } ],.. "triggering_co

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HubApps Icons

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 6, database pages 12, cookie 0x3, schema 4, UTF-8, version-valid-for 6
                                                              Category:dropped
                                                              Size (bytes):49152
                                                              Entropy (8bit):3.3017936489692
                                                              Encrypted:false
                                                              SSDEEP:384:qj9P0RcVP/Kbtn773pL1gam6ILhYQkQerbRKToaAu:qdNVP/e7ibOe2bRKcC
                                                              MD5:8ABEA899B38030156507216A14B3089D
                                                              SHA1:A9F5E619EDA3BB2F245C1E81F9090FE54CE1F67C
                                                              SHA-256:819919A40DBB9E56085A6914F480E17B3DED69C7D312289D72CB375FDF1CC774
                                                              SHA-512:E0C32383580A912F93E0914E67B991F37B2679B4A78BCD54864E0268229FE11B9CF44DE59E549DFFFB8C04D3E0C46FA207341F13CA70B45499F2FC63F4C00456
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ ..........................................................................j..........g...:.8....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold\LOG

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:ASCII text
                                                              Category:dropped
                                                              Size (bytes):406
                                                              Entropy (8bit):5.2704760358740295
                                                              Encrypted:false
                                                              SSDEEP:12:PHPf+vYfYeb8rcHEZrELFUt82HPN1/+2HPfV5JfYeb8rcHEZrEZSJ:3kYfYeb8nZrExg8ANdfJfYeb8nZrEZe
                                                              MD5:C8D407C3130DA8122B2FC564EB549D9C
                                                              SHA1:6F9B86DEA8D6320DEA4B71F1890CF8A80C283C96
                                                              SHA-256:5E2F39E3D0A9DF5B1416F6DA21E42A4347C382A509EDDD62B64FFEC8D3BE7BCE
                                                              SHA-512:F02DD3B008C12BB54A8B38A5FAF9C0A9C54553B5045EC808670B5DAC12A5AE7215C71D83D23C57834AE9CC2DEE041BE2C2B2AEBA221C23DFDFFA4C00536D1D66
                                                              Malicious:false
                                                              Preview:2024/09/01-15:18:58.601 1c9c Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold/MANIFEST-000001.2024/09/01-15:18:58.601 1c9c Recovering log #3.2024/09/01-15:18:58.601 1c9c Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold/000003.log .

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold\LOG.old (copy)

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:ASCII text
                                                              Category:dropped
                                                              Size (bytes):406
                                                              Entropy (8bit):5.2704760358740295
                                                              Encrypted:false
                                                              SSDEEP:12:PHPf+vYfYeb8rcHEZrELFUt82HPN1/+2HPfV5JfYeb8rcHEZrEZSJ:3kYfYeb8nZrExg8ANdfJfYeb8nZrEZe
                                                              MD5:C8D407C3130DA8122B2FC564EB549D9C
                                                              SHA1:6F9B86DEA8D6320DEA4B71F1890CF8A80C283C96
                                                              SHA-256:5E2F39E3D0A9DF5B1416F6DA21E42A4347C382A509EDDD62B64FFEC8D3BE7BCE
                                                              SHA-512:F02DD3B008C12BB54A8B38A5FAF9C0A9C54553B5045EC808670B5DAC12A5AE7215C71D83D23C57834AE9CC2DEE041BE2C2B2AEBA221C23DFDFFA4C00536D1D66
                                                              Malicious:false
                                                              Preview:2024/09/01-15:18:58.601 1c9c Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold/MANIFEST-000001.2024/09/01-15:18:58.601 1c9c Recovering log #3.2024/09/01-15:18:58.601 1c9c Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold/000003.log .

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:ASCII text
                                                              Category:dropped
                                                              Size (bytes):334
                                                              Entropy (8bit):5.178108690908014
                                                              Encrypted:false
                                                              SSDEEP:6:PVPdQz+9+q2Pwkn23oH+Tcwt8a2jMGIFUt82VPdQpN2WZmw+2VPdQuW9VkwOwknz:PHt9+vYfYeb8EFUt82HIJ/+2Hw9V5Jfo
                                                              MD5:DD83D82E86E362186F4D31463D78E58B
                                                              SHA1:A906695C7202755ACC35C8F0E60FE2747D4F219D
                                                              SHA-256:DA2B3F25E00EA66183D1AD38CACD6DDE1D639B3955929F412021D70503CB8A68
                                                              SHA-512:55A5D248FEFE558398496DC1782590273F20FF6CE97D765BC18D849ABA55F448BD89F02B897D749E05CEB6135F59CB585D695B0AE9A58E2B93A996565F72AA30
                                                              Malicious:false
                                                              Preview:2024/09/01-15:18:57.146 1e0c Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb/MANIFEST-000001.2024/09/01-15:18:57.149 1e0c Recovering log #3.2024/09/01-15:18:57.152 1e0c Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb/000003.log .

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG.old (copy)

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:ASCII text
                                                              Category:dropped
                                                              Size (bytes):334
                                                              Entropy (8bit):5.178108690908014
                                                              Encrypted:false
                                                              SSDEEP:6:PVPdQz+9+q2Pwkn23oH+Tcwt8a2jMGIFUt82VPdQpN2WZmw+2VPdQuW9VkwOwknz:PHt9+vYfYeb8EFUt82HIJ/+2Hw9V5Jfo
                                                              MD5:DD83D82E86E362186F4D31463D78E58B
                                                              SHA1:A906695C7202755ACC35C8F0E60FE2747D4F219D
                                                              SHA-256:DA2B3F25E00EA66183D1AD38CACD6DDE1D639B3955929F412021D70503CB8A68
                                                              SHA-512:55A5D248FEFE558398496DC1782590273F20FF6CE97D765BC18D849ABA55F448BD89F02B897D749E05CEB6135F59CB585D695B0AE9A58E2B93A996565F72AA30
                                                              Malicious:false
                                                              Preview:2024/09/01-15:18:57.146 1e0c Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb/MANIFEST-000001.2024/09/01-15:18:57.149 1e0c Recovering log #3.2024/09/01-15:18:57.152 1e0c Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb/000003.log .

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 2, database pages 28, cookie 0x1d, schema 4, UTF-8, version-valid-for 2
                                                              Category:dropped
                                                              Size (bytes):57344
                                                              Entropy (8bit):0.863060653641558
                                                              Encrypted:false
                                                              SSDEEP:96:u7/KLPeymOT7ynlm+yKwt7izhGnvgbn8MouB6wznP:u74CnlmVizhGE7IwD
                                                              MD5:C681C90B3AAD7F7E4AF8664DE16971DF
                                                              SHA1:9F72588CEA6569261291B19E06043A1EFC3653BC
                                                              SHA-256:ADB987BF641B2531991B8DE5B10244C3FE1ACFA7AD7A61A65D2E2D8E7AB34C1D
                                                              SHA-512:4696BF334961E4C9757BAC40C41B4FBE3E0B9F821BD242CE6967B347053787BE54D1270D7166745126AFA42E8193AC2E695B0D8F11DE8F0B2876628B7C128942
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network Action Predictor

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 11, cookie 0x6, schema 4, UTF-8, version-valid-for 3
                                                              Category:dropped
                                                              Size (bytes):45056
                                                              Entropy (8bit):0.40293591932113104
                                                              Encrypted:false
                                                              SSDEEP:24:TLVgTjDk5Yk8k+/kCkzD3zzbLGfIzLihje90xq/WMFFfeFzfXVVlYWOT/CUFSe:Tmo9n+8dv/qALihje9kqL42WOT/9F
                                                              MD5:ADC0CFB8A1A20DE2C4AB738B413CBEA4
                                                              SHA1:238EF489E5FDC6EBB36F09D415FB353350E7097B
                                                              SHA-256:7C071E36A64FB1881258712C9880F155D9CBAC693BADCC391A1CB110C257CC37
                                                              SHA-512:38C8B7293B8F7BEF03299BAFB981EEEE309945B1BDE26ACDAD6FDD63247C21CA04D493A1DDAFC3B9A1904EFED998E9C7C0C8E98506FD4AC0AB252DFF34566B66
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ ..........................................................................j.......=......\.t.+.>...,...=........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\331e2b4d-a468-417f-a20c-e6115d507e0b.tmp

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):354
                                                              Entropy (8bit):5.473579886432024
                                                              Encrypted:false
                                                              SSDEEP:6:YWyWN1iL50xHA9vh8wXwlmUUAnIMp5sXQc0JXBv31dB8wXwlmUUAnIMp52WHSQ:YWyX5Sg9vt+UAnIQc01R7N+UAnITVQ
                                                              MD5:A08D7AD02EA542C1673A6F2A26701ADB
                                                              SHA1:E881DE060BB2842CC78D25FC512831883FE7178A
                                                              SHA-256:50B5D93623DBDDD173792A4EB2EED85065986EFFBB3CBCF8B21DFE71311CFFC1
                                                              SHA-512:150070183F5A4C12353B7A7F82D710F1178700F7A0AA813B75D8042A7CD5F4198FB970CFE3BE28A208461CA81C476415F7337D8EEF907E161312EACA7B67A8E1
                                                              Malicious:false
                                                              Preview:{"sts":[{"expiry":1727869700.805692,"host":"dUymlFcJcEIuWrPNRCRXYtREHxXDHdPfT47kO1IQnQ0=","mode":"force-https","sts_include_subdomains":true,"sts_observed":1696333700.805702},{"expiry":1756754347.881886,"host":"8/RrMmQlCD2Gsp14wUCE1P8r7B2C5+yE0+g79IPyRsc=","mode":"force-https","sts_include_subdomains":true,"sts_observed":1725218347.88189}],"version":2}

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\3fdb20b9-98f5-4643-8d07-172b1c3d2433.tmp

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):2
                                                              Entropy (8bit):1.0
                                                              Encrypted:false
                                                              SSDEEP:3:H:H
                                                              MD5:D751713988987E9331980363E24189CE
                                                              SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                              SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                              SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                              Malicious:false
                                                              Preview:[]

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\9375e314-f63b-452f-b8fe-30bae3e995a5.tmp

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):2
                                                              Entropy (8bit):1.0
                                                              Encrypted:false
                                                              SSDEEP:3:H:H
                                                              MD5:D751713988987E9331980363E24189CE
                                                              SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                              SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                              SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                              Malicious:false
                                                              Preview:[]

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 9, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 9
                                                              Category:dropped
                                                              Size (bytes):20480
                                                              Entropy (8bit):1.083737009485729
                                                              Encrypted:false
                                                              SSDEEP:48:T2dKLopF+SawLUO1Xj8BTo6r6yR2JqFOoSnfxca8OFyPr:ige+AulcfW1r
                                                              MD5:F4FF36D1091F132BA42240784C173B72
                                                              SHA1:BE471278E7B11D670CC1DDD19768E7DB95209BEA
                                                              SHA-256:AA5410096F18446439382C1230D3D1CB17E785D6736C3B76E8FDB82672D45A28
                                                              SHA-512:18C105A50C537204437DD6FDD526A3E0F12ADB4777C9F2AF62E51B69C7E1E9FAC3EC5B41E1E746507157DF444472C8341A332BF045CB3246BC736BEA7C6F09EC
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ ..........................................................................j...$......g..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):61
                                                              Entropy (8bit):3.926136109079379
                                                              Encrypted:false
                                                              SSDEEP:3:YLb9N+eAXRfHDH2LSL:YHpoeSL
                                                              MD5:4DF4574BFBB7E0B0BC56C2C9B12B6C47
                                                              SHA1:81EFCBD3E3DA8221444A21F45305AF6FA4B71907
                                                              SHA-256:E1B77550222C2451772C958E44026ABE518A2C8766862F331765788DDD196377
                                                              SHA-512:78B14F60F2D80400FE50360CF303A961685396B7697775D078825A29B717081442D357C2039AD0984D4B622976B0314EDE8F478CDE320DAEC118DA546CB0682A
                                                              Malicious:false
                                                              Preview:{"net":{"http_server_properties":{"servers":[],"version":5}}}

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State~RF2bf6e.TMP (copy)

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):61
                                                              Entropy (8bit):3.926136109079379
                                                              Encrypted:false
                                                              SSDEEP:3:YLb9N+eAXRfHDH2LSL:YHpoeSL
                                                              MD5:4DF4574BFBB7E0B0BC56C2C9B12B6C47
                                                              SHA1:81EFCBD3E3DA8221444A21F45305AF6FA4B71907
                                                              SHA-256:E1B77550222C2451772C958E44026ABE518A2C8766862F331765788DDD196377
                                                              SHA-512:78B14F60F2D80400FE50360CF303A961685396B7697775D078825A29B717081442D357C2039AD0984D4B622976B0314EDE8F478CDE320DAEC118DA546CB0682A
                                                              Malicious:false
                                                              Preview:{"net":{"http_server_properties":{"servers":[],"version":5}}}

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State~RF3aa5a.TMP (copy)

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):61
                                                              Entropy (8bit):3.926136109079379
                                                              Encrypted:false
                                                              SSDEEP:3:YLb9N+eAXRfHDH2LSL:YHpoeSL
                                                              MD5:4DF4574BFBB7E0B0BC56C2C9B12B6C47
                                                              SHA1:81EFCBD3E3DA8221444A21F45305AF6FA4B71907
                                                              SHA-256:E1B77550222C2451772C958E44026ABE518A2C8766862F331765788DDD196377
                                                              SHA-512:78B14F60F2D80400FE50360CF303A961685396B7697775D078825A29B717081442D357C2039AD0984D4B622976B0314EDE8F478CDE320DAEC118DA546CB0682A
                                                              Malicious:false
                                                              Preview:{"net":{"http_server_properties":{"servers":[],"version":5}}}

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Reporting and NEL

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 6, database pages 9, cookie 0x4, schema 4, UTF-8, version-valid-for 6
                                                              Category:dropped
                                                              Size (bytes):36864
                                                              Entropy (8bit):1.331587190738425
                                                              Encrypted:false
                                                              SSDEEP:96:uIEumQv8m1ccnvS6oDo2dQF2YQ9UZD19RVkI:uIEumQv8m1ccnvS6V282rUZDbd
                                                              MD5:D0DBC948EFAFB826827E38A8B4D91DD8
                                                              SHA1:2C5D38A44A18BE99D9EB546C25527A882560F4B3
                                                              SHA-256:D382EEBEE48D7A22FB74068E5A38633DE86FB06330ACEB13566FD813E659A1F9
                                                              SHA-512:61192C1116CD3DF7BA3E6260324CA08B90E55FEE1DEF815AAC06D8E23FE324C2B80659DE7BE170AEDF40382088B150C770F9A3F12DA9A7C4783CB62435B204E7
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ ..........................................................................j..........g...D.........7............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports (copy)

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):2
                                                              Entropy (8bit):1.0
                                                              Encrypted:false
                                                              SSDEEP:3:H:H
                                                              MD5:D751713988987E9331980363E24189CE
                                                              SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                              SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                              SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                              Malicious:false
                                                              Preview:[]

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports~RF2a0ba.TMP (copy)

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):2
                                                              Entropy (8bit):1.0
                                                              Encrypted:false
                                                              SSDEEP:3:H:H
                                                              MD5:D751713988987E9331980363E24189CE
                                                              SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                              SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                              SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                              Malicious:false
                                                              Preview:[]

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports~RF2b471.TMP (copy)

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):2
                                                              Entropy (8bit):1.0
                                                              Encrypted:false
                                                              SSDEEP:3:H:H
                                                              MD5:D751713988987E9331980363E24189CE
                                                              SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                              SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                              SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                              Malicious:false
                                                              Preview:[]

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries (copy)

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):40
                                                              Entropy (8bit):4.1275671571169275
                                                              Encrypted:false
                                                              SSDEEP:3:Y2ktGMxkAXWMSN:Y2xFMSN
                                                              MD5:20D4B8FA017A12A108C87F540836E250
                                                              SHA1:1AC617FAC131262B6D3CE1F52F5907E31D5F6F00
                                                              SHA-256:6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
                                                              SHA-512:507B2B8A8A168FF8F2BDAFA5D9D341C44501A5F17D9F63F3D43BD586BC9E8AE33221887869FA86F845B7D067CB7D2A7009EFD71DDA36E03A40A74FEE04B86856
                                                              Malicious:false
                                                              Preview:{"SDCH":{"dictionaries":{},"version":2}}

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):203
                                                              Entropy (8bit):5.4042796420747425
                                                              Encrypted:false
                                                              SSDEEP:6:YAQN1iL50xHA9vh8wXwlmUUAnIMp5sXX2SQ:Y45Sg9vt+UAnIXZQ
                                                              MD5:24D66E5F1B8C76C76511DA68057CDE5E
                                                              SHA1:70225FEC1AE3FEF8D8A767D9EA0B0E108BF8F10D
                                                              SHA-256:D5CB3A4A104E2EC4F13E8B4CDF3BD469E0AB638713928BEA1EAEAF03998B794C
                                                              SHA-512:1CA093B4BB4E0B3EE0B791AD0E6B39AC9640CEB6ED005BD10A10B4AF904858F4898D86D26B60B625CDA9425FF317C6B9FE0DF2E12C897A52720AF775B19491AA
                                                              Malicious:false
                                                              Preview:{"expect_ct":[],"sts":[{"expiry":1727869700.805692,"host":"dUymlFcJcEIuWrPNRCRXYtREHxXDHdPfT47kO1IQnQ0=","mode":"force-https","sts_include_subdomains":true,"sts_observed":1696333700.805702}],"version":2}

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity~RF2bf6e.TMP (copy)

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):203
                                                              Entropy (8bit):5.4042796420747425
                                                              Encrypted:false
                                                              SSDEEP:6:YAQN1iL50xHA9vh8wXwlmUUAnIMp5sXX2SQ:Y45Sg9vt+UAnIXZQ
                                                              MD5:24D66E5F1B8C76C76511DA68057CDE5E
                                                              SHA1:70225FEC1AE3FEF8D8A767D9EA0B0E108BF8F10D
                                                              SHA-256:D5CB3A4A104E2EC4F13E8B4CDF3BD469E0AB638713928BEA1EAEAF03998B794C
                                                              SHA-512:1CA093B4BB4E0B3EE0B791AD0E6B39AC9640CEB6ED005BD10A10B4AF904858F4898D86D26B60B625CDA9425FF317C6B9FE0DF2E12C897A52720AF775B19491AA
                                                              Malicious:false
                                                              Preview:{"expect_ct":[],"sts":[{"expiry":1727869700.805692,"host":"dUymlFcJcEIuWrPNRCRXYtREHxXDHdPfT47kO1IQnQ0=","mode":"force-https","sts_include_subdomains":true,"sts_observed":1696333700.805702}],"version":2}

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity~RF3c0ff.TMP (copy)

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):203
                                                              Entropy (8bit):5.4042796420747425
                                                              Encrypted:false
                                                              SSDEEP:6:YAQN1iL50xHA9vh8wXwlmUUAnIMp5sXX2SQ:Y45Sg9vt+UAnIXZQ
                                                              MD5:24D66E5F1B8C76C76511DA68057CDE5E
                                                              SHA1:70225FEC1AE3FEF8D8A767D9EA0B0E108BF8F10D
                                                              SHA-256:D5CB3A4A104E2EC4F13E8B4CDF3BD469E0AB638713928BEA1EAEAF03998B794C
                                                              SHA-512:1CA093B4BB4E0B3EE0B791AD0E6B39AC9640CEB6ED005BD10A10B4AF904858F4898D86D26B60B625CDA9425FF317C6B9FE0DF2E12C897A52720AF775B19491AA
                                                              Malicious:false
                                                              Preview:{"expect_ct":[],"sts":[{"expiry":1727869700.805692,"host":"dUymlFcJcEIuWrPNRCRXYtREHxXDHdPfT47kO1IQnQ0=","mode":"force-https","sts_include_subdomains":true,"sts_observed":1696333700.805702}],"version":2}

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Trust Tokens

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 9, cookie 0x6, schema 4, UTF-8, version-valid-for 3
                                                              Category:dropped
                                                              Size (bytes):36864
                                                              Entropy (8bit):0.36515621748816035
                                                              Encrypted:false
                                                              SSDEEP:24:TLH3lIIAoDJ84l5lDlnDMlRlyKDtM6UwccWfp15fBIe:Tb31DtX5nDOvyKDhU1cSB
                                                              MD5:25363ADC3C9D98BAD1A33D0792405CBF
                                                              SHA1:D06E343087D86EF1A06F7479D81B26C90A60B5C3
                                                              SHA-256:6E019B8B9E389216D5BDF1F2FE63F41EF98E71DA101F2A6BE04F41CC5954532D
                                                              SHA-512:CF7EEE35D0E00945AF221BEC531E8BF06C08880DA00BD103FA561BC069D7C6F955CBA3C1C152A4884601E5A670B7487D39B4AE9A4D554ED8C14F129A74E555F7
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ ..........................................................................j.......X..g...}.....$.X..............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\a063ec0d-0273-4abf-b4be-e4a9c3f7e047.tmp

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):2271
                                                              Entropy (8bit):5.27210949511241
                                                              Encrypted:false
                                                              SSDEEP:48:YXs98sfhfcdsVgsVdVC5sorsqgnsmp/+HFseYsN+H1CbZ:1d57VQr6p/4xt4c1
                                                              MD5:EB059231A604B4C8D4E5CC3A75AC12EE
                                                              SHA1:5A08D124231170BC38B8392684EB1F2F56497D7C
                                                              SHA-256:7C93FA934F09617BDA412D681BF96B77F20F956CB254CAC34C272D2F1CE64AD2
                                                              SHA-512:83F5FD46616B84FE1EE04EA124FE3F595C58E4DD3B75652077471FF42907258FE236036D214641D20B538D2D9593AA1B80BCFBF25C47DEE48D86F5F246C6D89F
                                                              Malicious:false
                                                              Preview:{"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13372283939544077","port":443,"protocol_str":"quic"}],"anonymization":["GAAAABIAAABodHRwczovL2dvb2dsZS5jb20AAA==",false],"server":"https://clients2.google.com"},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13372283940566086","port":443,"protocol_str":"quic"}],"anonymization":["JAAAAB0AAABodHRwczovL2dvb2dsZXVzZXJjb250ZW50LmNvbQAAAA==",false],"server":"https://clients2.googleusercontent.com"},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13372283942607259","port":443,"protocol_str":"quic"}],"anonymization":["GAAAABIAAABodHRwczovL2dvb2dsZS5jb20AAA==",false],"server":"https://fonts.gstatic.com"},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13369785542622578","port":443,"protocol_str":"quic"}],"anonymization":["FAAAABAAAABodHRwczovL2JpbmcuY29t",false],"server":"https://www.bing.com"},{"alternative_service":[{"advertised_alpn

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\a270f432-f25d-47be-a056-ceb6f809b0c8.tmp

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):111
                                                              Entropy (8bit):4.718418993774295
                                                              Encrypted:false
                                                              SSDEEP:3:YLb9N+eAXRfHDH2LS7PMVKJq0nMb1KKtiVY:YHpoeS7PMVKJTnMRK3VY
                                                              MD5:285252A2F6327D41EAB203DC2F402C67
                                                              SHA1:ACEDB7BA5FBC3CE914A8BF386A6F72CA7BAA33C6
                                                              SHA-256:5DFC321417FC31359F23320EA68014EBFD793C5BBED55F77DAB4180BBD4A2026
                                                              SHA-512:11CE7CB484FEE66894E63C31DB0D6B7EF66AD0327D4E7E2EB85F3BCC2E836A3A522C68D681E84542E471E54F765E091EFE1EE4065641B0299B15613EB32DCC0D
                                                              Malicious:false
                                                              Preview:{"net":{"http_server_properties":{"servers":[],"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\b1a6ec76-8c3f-46fe-9ee3-d3fae9b6973b.tmp

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):2
                                                              Entropy (8bit):1.0
                                                              Encrypted:false
                                                              SSDEEP:3:H:H
                                                              MD5:D751713988987E9331980363E24189CE
                                                              SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                              SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                              SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                              Malicious:false
                                                              Preview:[]

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\cb62ddac-2387-41c7-bcad-79d58a5136d0.tmp

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):40
                                                              Entropy (8bit):4.1275671571169275
                                                              Encrypted:false
                                                              SSDEEP:3:Y2ktGMxkAXWMSN:Y2xFMSN
                                                              MD5:20D4B8FA017A12A108C87F540836E250
                                                              SHA1:1AC617FAC131262B6D3CE1F52F5907E31D5F6F00
                                                              SHA-256:6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
                                                              SHA-512:507B2B8A8A168FF8F2BDAFA5D9D341C44501A5F17D9F63F3D43BD586BC9E8AE33221887869FA86F845B7D067CB7D2A7009EFD71DDA36E03A40A74FEE04B86856
                                                              Malicious:false
                                                              Preview:{"SDCH":{"dictionaries":{},"version":2}}

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\eb024c89-1ff6-4178-a734-ce07c44720e6.tmp

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):355
                                                              Entropy (8bit):5.470610917744766
                                                              Encrypted:false
                                                              SSDEEP:6:YWyWN1iL50xHA9vh8wXwlmUUAnIMp5sXQcnNPBv31dB8wXwlmUUAnIMp52Zp5SQ:YWyX5Sg9vt+UAnIQcNPR7N+UAnITZGQ
                                                              MD5:3785305775CAD1D4662966E463678289
                                                              SHA1:C82A17903636206CDB6015EE7913781D9B0D6127
                                                              SHA-256:4D741B06F0D4E50FF376F020CF0AC3A7223BC6E4F09B730B51386F2173285C28
                                                              SHA-512:56A125F027CBB5D0D3574819B5286EC15DCE8CC38B4ED9F4A30790559BC466357F063FAD8D421083F717067241DC7CDA080F8905515789182D75A62888B92F7B
                                                              Malicious:false
                                                              Preview:{"sts":[{"expiry":1727869700.805692,"host":"dUymlFcJcEIuWrPNRCRXYtREHxXDHdPfT47kO1IQnQ0=","mode":"force-https","sts_include_subdomains":true,"sts_observed":1696333700.805702},{"expiry":1756754407.818244,"host":"8/RrMmQlCD2Gsp14wUCE1P8r7B2C5+yE0+g79IPyRsc=","mode":"force-https","sts_include_subdomains":true,"sts_observed":1725218407.818249}],"version":2}

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Nurturing\campaign_history

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 2, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 2
                                                              Category:dropped
                                                              Size (bytes):20480
                                                              Entropy (8bit):0.5744102022039023
                                                              Encrypted:false
                                                              SSDEEP:12:TL1QAFUxOUDaabZXiDiIF8izX4fhhdWeci2oesJaYi3isCHIrdNG7fdjxHIXOFSY:TLiOUOq0afDdWec9sJKG7zo7J5fc
                                                              MD5:8B7CCBAE5FB8F1D3FDB331AED0833FB0
                                                              SHA1:7924CE8D7CF818F1132F1C8A047FBEEF13F18877
                                                              SHA-256:8029C4EAA75734867C5970AB41422A7F551EBFDF65E152C09F8A4038B17080C8
                                                              SHA-512:23B07F98E037ECC9BAAB37EA93264503B936CA180F4873D19944D186F3529926CBDC7A0962E7A51EADC8CEB2CA85D94BFC3C431D0068B8320C45BF24C0DDB163
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences (copy)

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):12314
                                                              Entropy (8bit):5.074707420716103
                                                              Encrypted:false
                                                              SSDEEP:192:sVaJ9pQTryZigaba4uyAJb4ryaYW3387pj+F1FQAVtG1f:sVaLA3ujJsryvpU7Qoa
                                                              MD5:B455A28B915C5AF2FC60084F68F510FA
                                                              SHA1:3FEC92DA1A0AACBD9A57B36D835169F5E6BEF3EB
                                                              SHA-256:291211C2BD5D241196DF3CB86A3A278D548C983EA294D4EEFC67293D15A06586
                                                              SHA-512:B35611362824686869B444ECAEC7466075BCC107813F1F255A08A736D66A7047B4CE8FBF824A9D38CE8817C8C92C8CE703F29EA5D60EDC4A1D7C5B09D336D582
                                                              Malicious:false
                                                              Preview:{"aadc_info":{"age_group":0},"account_id_migration_state":2,"account_tracker_service_last_update":"13369691936772833","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117794":{"last_path":""},"380c71d3-10bf-4a5d-9a06-c932e4b7d1d8":{"last_path":""},"3a2f4dee-d482-4ef8-baef-cb22b649608c":{"last_path":""},"3b5ee6f6-5322-4061-81e4-d976818

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF2debd.TMP (copy)

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):12314
                                                              Entropy (8bit):5.074707420716103
                                                              Encrypted:false
                                                              SSDEEP:192:sVaJ9pQTryZigaba4uyAJb4ryaYW3387pj+F1FQAVtG1f:sVaLA3ujJsryvpU7Qoa
                                                              MD5:B455A28B915C5AF2FC60084F68F510FA
                                                              SHA1:3FEC92DA1A0AACBD9A57B36D835169F5E6BEF3EB
                                                              SHA-256:291211C2BD5D241196DF3CB86A3A278D548C983EA294D4EEFC67293D15A06586
                                                              SHA-512:B35611362824686869B444ECAEC7466075BCC107813F1F255A08A736D66A7047B4CE8FBF824A9D38CE8817C8C92C8CE703F29EA5D60EDC4A1D7C5B09D336D582
                                                              Malicious:false
                                                              Preview:{"aadc_info":{"age_group":0},"account_id_migration_state":2,"account_tracker_service_last_update":"13369691936772833","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117794":{"last_path":""},"380c71d3-10bf-4a5d-9a06-c932e4b7d1d8":{"last_path":""},"3a2f4dee-d482-4ef8-baef-cb22b649608c":{"last_path":""},"3b5ee6f6-5322-4061-81e4-d976818

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF3108b.TMP (copy)

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):12314
                                                              Entropy (8bit):5.074707420716103
                                                              Encrypted:false
                                                              SSDEEP:192:sVaJ9pQTryZigaba4uyAJb4ryaYW3387pj+F1FQAVtG1f:sVaLA3ujJsryvpU7Qoa
                                                              MD5:B455A28B915C5AF2FC60084F68F510FA
                                                              SHA1:3FEC92DA1A0AACBD9A57B36D835169F5E6BEF3EB
                                                              SHA-256:291211C2BD5D241196DF3CB86A3A278D548C983EA294D4EEFC67293D15A06586
                                                              SHA-512:B35611362824686869B444ECAEC7466075BCC107813F1F255A08A736D66A7047B4CE8FBF824A9D38CE8817C8C92C8CE703F29EA5D60EDC4A1D7C5B09D336D582
                                                              Malicious:false
                                                              Preview:{"aadc_info":{"age_group":0},"account_id_migration_state":2,"account_tracker_service_last_update":"13369691936772833","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117794":{"last_path":""},"380c71d3-10bf-4a5d-9a06-c932e4b7d1d8":{"last_path":""},"3a2f4dee-d482-4ef8-baef-cb22b649608c":{"last_path":""},"3b5ee6f6-5322-4061-81e4-d976818

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF347e7.TMP (copy)

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):12314
                                                              Entropy (8bit):5.074707420716103
                                                              Encrypted:false
                                                              SSDEEP:192:sVaJ9pQTryZigaba4uyAJb4ryaYW3387pj+F1FQAVtG1f:sVaLA3ujJsryvpU7Qoa
                                                              MD5:B455A28B915C5AF2FC60084F68F510FA
                                                              SHA1:3FEC92DA1A0AACBD9A57B36D835169F5E6BEF3EB
                                                              SHA-256:291211C2BD5D241196DF3CB86A3A278D548C983EA294D4EEFC67293D15A06586
                                                              SHA-512:B35611362824686869B444ECAEC7466075BCC107813F1F255A08A736D66A7047B4CE8FBF824A9D38CE8817C8C92C8CE703F29EA5D60EDC4A1D7C5B09D336D582
                                                              Malicious:false
                                                              Preview:{"aadc_info":{"age_group":0},"account_id_migration_state":2,"account_tracker_service_last_update":"13369691936772833","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117794":{"last_path":""},"380c71d3-10bf-4a5d-9a06-c932e4b7d1d8":{"last_path":""},"3a2f4dee-d482-4ef8-baef-cb22b649608c":{"last_path":""},"3b5ee6f6-5322-4061-81e4-d976818

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF39cdd.TMP (copy)

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):12314
                                                              Entropy (8bit):5.074707420716103
                                                              Encrypted:false
                                                              SSDEEP:192:sVaJ9pQTryZigaba4uyAJb4ryaYW3387pj+F1FQAVtG1f:sVaLA3ujJsryvpU7Qoa
                                                              MD5:B455A28B915C5AF2FC60084F68F510FA
                                                              SHA1:3FEC92DA1A0AACBD9A57B36D835169F5E6BEF3EB
                                                              SHA-256:291211C2BD5D241196DF3CB86A3A278D548C983EA294D4EEFC67293D15A06586
                                                              SHA-512:B35611362824686869B444ECAEC7466075BCC107813F1F255A08A736D66A7047B4CE8FBF824A9D38CE8817C8C92C8CE703F29EA5D60EDC4A1D7C5B09D336D582
                                                              Malicious:false
                                                              Preview:{"aadc_info":{"age_group":0},"account_id_migration_state":2,"account_tracker_service_last_update":"13369691936772833","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117794":{"last_path":""},"380c71d3-10bf-4a5d-9a06-c932e4b7d1d8":{"last_path":""},"3a2f4dee-d482-4ef8-baef-cb22b649608c":{"last_path":""},"3b5ee6f6-5322-4061-81e4-d976818

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\PreferredApps

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):33
                                                              Entropy (8bit):4.051821770808046
                                                              Encrypted:false
                                                              SSDEEP:3:YVXADAEvTLSJ:Y9AcEvHSJ
                                                              MD5:2B432FEF211C69C745ACA86DE4F8E4AB
                                                              SHA1:4B92DA8D4C0188CF2409500ADCD2200444A82FCC
                                                              SHA-256:42B55D126D1E640B1ED7A6BDCB9A46C81DF461FA7E131F4F8C7108C2C61C14DE
                                                              SHA-512:948502DE4DC89A7E9D2E1660451FCD0F44FD3816072924A44F145D821D0363233CC92A377DBA3A0A9F849E3C17B1893070025C369C8120083A622D025FE1EACF
                                                              Malicious:false
                                                              Preview:{"preferred_apps":[],"version":1}

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences (copy)

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):34462
                                                              Entropy (8bit):5.558242763687503
                                                              Encrypted:false
                                                              SSDEEP:768:ZsFkWCWPdNf9C8F1+UoAYDCx9Tuqh0VfUC9xbog/OVO1Vnqrw1VbDdKp3tuM:ZsFkWCWPdNf9Cu1jaPbnP1V1Stv
                                                              MD5:25B15ABE0A473B7C5BD23BBE5E0D953F
                                                              SHA1:9B9EA4B11F46BBEAE0A662C1174E722CAFCF3563
                                                              SHA-256:FDD7E5BCF66F032AA0CBE818C0FA776671B0C0F60F0AA41EA4FDC6E52D801C9E
                                                              SHA-512:F580DC51A20E22ED83D87AE16170C3BF5BB4B1E55BCA2BA167A06A1604BEC49ABEF8C6D84EBCD8AB50CF3EB7F50BADA3D7821E5567B021AF634F4E867148D8F8
                                                              Malicious:false
                                                              Preview:{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13369691936105297","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13369691936105297","location":5,"ma

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences~RF2db72.TMP (copy)

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):34462
                                                              Entropy (8bit):5.558242763687503
                                                              Encrypted:false
                                                              SSDEEP:768:ZsFkWCWPdNf9C8F1+UoAYDCx9Tuqh0VfUC9xbog/OVO1Vnqrw1VbDdKp3tuM:ZsFkWCWPdNf9Cu1jaPbnP1V1Stv
                                                              MD5:25B15ABE0A473B7C5BD23BBE5E0D953F
                                                              SHA1:9B9EA4B11F46BBEAE0A662C1174E722CAFCF3563
                                                              SHA-256:FDD7E5BCF66F032AA0CBE818C0FA776671B0C0F60F0AA41EA4FDC6E52D801C9E
                                                              SHA-512:F580DC51A20E22ED83D87AE16170C3BF5BB4B1E55BCA2BA167A06A1604BEC49ABEF8C6D84EBCD8AB50CF3EB7F50BADA3D7821E5567B021AF634F4E867148D8F8
                                                              Malicious:false
                                                              Preview:{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13369691936105297","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13369691936105297","location":5,"ma

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences~RF30d20.TMP (copy)

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):34462
                                                              Entropy (8bit):5.558242763687503
                                                              Encrypted:false
                                                              SSDEEP:768:ZsFkWCWPdNf9C8F1+UoAYDCx9Tuqh0VfUC9xbog/OVO1Vnqrw1VbDdKp3tuM:ZsFkWCWPdNf9Cu1jaPbnP1V1Stv
                                                              MD5:25B15ABE0A473B7C5BD23BBE5E0D953F
                                                              SHA1:9B9EA4B11F46BBEAE0A662C1174E722CAFCF3563
                                                              SHA-256:FDD7E5BCF66F032AA0CBE818C0FA776671B0C0F60F0AA41EA4FDC6E52D801C9E
                                                              SHA-512:F580DC51A20E22ED83D87AE16170C3BF5BB4B1E55BCA2BA167A06A1604BEC49ABEF8C6D84EBCD8AB50CF3EB7F50BADA3D7821E5567B021AF634F4E867148D8F8
                                                              Malicious:false
                                                              Preview:{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13369691936105297","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13369691936105297","location":5,"ma

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:data
                                                              Category:dropped
                                                              Size (bytes):364
                                                              Entropy (8bit):4.0582260642028505
                                                              Encrypted:false
                                                              SSDEEP:6:S85aEFljljljljljljl2hlaDCA9+9w+CA5EEE:S+a8ljljljljljljlIUCAY++CA
                                                              MD5:F5FDA0772CEA47A3E859E265CD0904AD
                                                              SHA1:12D6D939C826CD5EF81CF27FE0B3DCE38CE87739
                                                              SHA-256:157A27D9E7D5A66FF780121C21E035BD8C48CEDD4689FFC005D4F23C7BC76AC7
                                                              SHA-512:9D582E4B740BCA13D3B45CBDFE3648FEABEA7ABCBE3237B9ACE6BCA116FB32D99AE139C47B576A57E715DBE2E57A5E57E00D40B243466A4B9891B8E0A3B8F519
                                                              Malicious:false
                                                              Preview:*...#................version.1..namespace-..&f.................&f.................&f.................&f.................&f.................&f.................&f...............]..j................next-map-id.1.Knamespace-39a40e62_5a5f_48b1_9ed3_af90d758bc54-https://accounts.google.com/.0V.e................V.e................V.e................V.e................

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:ASCII text
                                                              Category:dropped
                                                              Size (bytes):322
                                                              Entropy (8bit):5.156716320350072
                                                              Encrypted:false
                                                              SSDEEP:6:PVPdQAQ9+q2Pwkn23oH+TcwtrQMxIFUt82VPdQs02WZmw+2VPdQs5+9VkwOwkn2n:PHY9+vYfYebCFUt82H30J/+2H35+9V5J
                                                              MD5:E841637533FB8FDD38467B55233391CE
                                                              SHA1:86DB536BE06669B98DBBE184C1071DF91E99DBE4
                                                              SHA-256:C3E9786A9E3121A8BE537E31CD9F9224089398993D5AC50FCADCA86010E3643A
                                                              SHA-512:0D9EF4AC45A820C97CDA2D6743001DF2AAAC4A9111E2A4B21A3434062981918487336F9958858A13F608CF075C5D8C1D9A28671E52146C3B82BB98DDBC4296A8
                                                              Malicious:false
                                                              Preview:2024/09/01-15:18:57.167 1e0c Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage/MANIFEST-000001.2024/09/01-15:18:57.174 1e0c Recovering log #3.2024/09/01-15:18:57.178 1e0c Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage/000003.log .

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG.old (copy)

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:ASCII text
                                                              Category:dropped
                                                              Size (bytes):322
                                                              Entropy (8bit):5.156716320350072
                                                              Encrypted:false
                                                              SSDEEP:6:PVPdQAQ9+q2Pwkn23oH+TcwtrQMxIFUt82VPdQs02WZmw+2VPdQs5+9VkwOwkn2n:PHY9+vYfYebCFUt82H30J/+2H35+9V5J
                                                              MD5:E841637533FB8FDD38467B55233391CE
                                                              SHA1:86DB536BE06669B98DBBE184C1071DF91E99DBE4
                                                              SHA-256:C3E9786A9E3121A8BE537E31CD9F9224089398993D5AC50FCADCA86010E3643A
                                                              SHA-512:0D9EF4AC45A820C97CDA2D6743001DF2AAAC4A9111E2A4B21A3434062981918487336F9958858A13F608CF075C5D8C1D9A28671E52146C3B82BB98DDBC4296A8
                                                              Malicious:false
                                                              Preview:2024/09/01-15:18:57.167 1e0c Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage/MANIFEST-000001.2024/09/01-15:18:57.174 1e0c Recovering log #3.2024/09/01-15:18:57.178 1e0c Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage/000003.log .

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Session_13369691938600280

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:data
                                                              Category:dropped
                                                              Size (bytes):9647
                                                              Entropy (8bit):4.19263346467602
                                                              Encrypted:false
                                                              SSDEEP:192:3uww2Fv3Ppo7PoDQ3Ppo7PM/q3Ppo7PMveANgp3Ppo7P:nrpoDocpoDppoDLpoD
                                                              MD5:A823429FF4F481CE0A840DB4FB1108E4
                                                              SHA1:6DE5C8BC2BE25046B0C76FA188F8468921675167
                                                              SHA-256:E7A7C2785C0048D17935DC1DDE52C77CDD93FEE791608F8CB1F8047775E6E06D
                                                              SHA-512:A452CC63E244C6198AD5E04BCB795E1E1EC921022AE5079F5FDDD93215D490077080DDF7CC48CCAD708E0E91150A1F7DDE6C7CEE74F6E7D4E245A2D5AC76B9B0
                                                              Malicious:false
                                                              Preview:SNSS.......2..b...........2..b......"2..b...........2..b.......2..b.......3..b.......3..b....!..3..b...............................2..b3..b1..,...3..b$...39a40e62_5a5f_48b1_9ed3_af90d758bc54...2..b.......3..b....U..........2..b...2..b.......................2..b.......................2..b.......................2..b.......................5..0...2..b&...{1A5CCF63-1000-409F-B5C1-AFEC7F75D4D9}.....2..b.......3..b...........3..b....<...https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Faccounts.google.com%2Fv3%2Fsignin%2Fchallenge%2Fpwd&ifkv=Ab5oB3p-mhz-SWHCNA6aYjrplmiBDRqjOxL7QwwQTRsaBppqVRowBJ4-tc5dOC4KmSuUyrGkSug3&service=accountsettings&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-837163598%3A1725218341186745&ddm=0............!.........................................................................................................[..!....[..!..H.......`...............X...........................................................<...h.t.t.p.s.:././.a.c.c.o.u.n.t.

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Shortcuts

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 1
                                                              Category:dropped
                                                              Size (bytes):20480
                                                              Entropy (8bit):0.44194574462308833
                                                              Encrypted:false
                                                              SSDEEP:12:TLiNCcUMskMVcIWGhWxBzEXx7AAQlvsdFxOUwa5qgufTJpbZ75fOS:TLisVMnYPhIY5Qlvsd6UwccNp15fB
                                                              MD5:B35F740AA7FFEA282E525838EABFE0A6
                                                              SHA1:A67822C17670CCE0BA72D3E9C8DA0CE755A3421A
                                                              SHA-256:5D599596D116802BAD422497CF68BE59EEB7A9135E3ED1C6BEACC48F73827161
                                                              SHA-512:05C0D33516B2C1AB6928FB34957AD3E03CB0A8B7EEC0FD627DD263589655A16DEA79100B6CC29095C3660C95FD2AFB2E4DD023F0597BD586DD664769CABB67F8
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ ..........................................................................j..........g....."....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:ASCII text
                                                              Category:dropped
                                                              Size (bytes):350
                                                              Entropy (8bit):5.176656911843177
                                                              Encrypted:false
                                                              SSDEEP:6:PVPdQ3CU9+q2Pwkn23oH+Tcwt7Uh2ghZIFUt82VPdQ3MJZmw+2VPdQ3M9VkwOwkr:PHmh4vYfYebIhHh2FUt82HmMJ/+2HmME
                                                              MD5:66BE26C64EBD8A25FDCE787B2A25E135
                                                              SHA1:2727EC9BD4B001806CBBA3120D1CB695819A6FC7
                                                              SHA-256:A277A294D7AB068473098BC4AC6E470BB3573A3996B9E142CDEA20C01CEE4FAB
                                                              SHA-512:AB08F2C75F7A1FCC306D1CF291B15C9FEA9EBA4A4FD0D934F315C57A84692D5019FECF45E82C24F15C3624D153FC138BAB2D6F7B1BE0417D02016408B3BE61A2
                                                              Malicious:false
                                                              Preview:2024/09/01-15:18:56.281 1d28 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database/MANIFEST-000001.2024/09/01-15:18:56.282 1d28 Recovering log #3.2024/09/01-15:18:56.282 1d28 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database/000003.log .

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG.old (copy)

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:ASCII text
                                                              Category:dropped
                                                              Size (bytes):350
                                                              Entropy (8bit):5.176656911843177
                                                              Encrypted:false
                                                              SSDEEP:6:PVPdQ3CU9+q2Pwkn23oH+Tcwt7Uh2ghZIFUt82VPdQ3MJZmw+2VPdQ3M9VkwOwkr:PHmh4vYfYebIhHh2FUt82HmMJ/+2HmME
                                                              MD5:66BE26C64EBD8A25FDCE787B2A25E135
                                                              SHA1:2727EC9BD4B001806CBBA3120D1CB695819A6FC7
                                                              SHA-256:A277A294D7AB068473098BC4AC6E470BB3573A3996B9E142CDEA20C01CEE4FAB
                                                              SHA-512:AB08F2C75F7A1FCC306D1CF291B15C9FEA9EBA4A4FD0D934F315C57A84692D5019FECF45E82C24F15C3624D153FC138BAB2D6F7B1BE0417D02016408B3BE61A2
                                                              Malicious:false
                                                              Preview:2024/09/01-15:18:56.281 1d28 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database/MANIFEST-000001.2024/09/01-15:18:56.282 1d28 Recovering log #3.2024/09/01-15:18:56.282 1d28 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database/000003.log .

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Cache\Cache_Data\data_0

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:FoxPro FPT, blocks size 512, next free block index 3284796609, field type 0
                                                              Category:dropped
                                                              Size (bytes):8192
                                                              Entropy (8bit):0.01057775872642915
                                                              Encrypted:false
                                                              SSDEEP:3:MsFl:/F
                                                              MD5:CF89D16BB9107C631DAABF0C0EE58EFB
                                                              SHA1:3AE5D3A7CF1F94A56E42F9A58D90A0B9616AE74B
                                                              SHA-256:D6A5FE39CD672781B256E0E3102F7022635F1D4BB7CFCC90A80FFFE4D0F3877E
                                                              SHA-512:8CB5B059C8105EB91E74A7D5952437AAA1ADA89763C5843E7B0F1B93D9EBE15ED40F287C652229291FAC02D712CF7FF5ECECEF276BA0D7DDC35558A3EC3F77B0
                                                              Malicious:false
                                                              Preview:............$...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Cache\Cache_Data\data_1

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:data
                                                              Category:dropped
                                                              Size (bytes):270336
                                                              Entropy (8bit):8.280239615765425E-4
                                                              Encrypted:false
                                                              SSDEEP:3:MsEllllkEthXllkl2:/M/xT02
                                                              MD5:D0D388F3865D0523E451D6BA0BE34CC4
                                                              SHA1:8571C6A52AACC2747C048E3419E5657B74612995
                                                              SHA-256:902F30C1FB0597D0734BC34B979EC5D131F8F39A4B71B338083821216EC8D61B
                                                              SHA-512:376011D00DE659EB6082A74E862CFAC97A9BB508E0B740761505142E2D24EC1C30AA61EFBC1C0DD08FF0F34734444DE7F77DD90A6CA42B48A4C7FAD5F0BDDD17
                                                              Malicious:false
                                                              Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Cache\Cache_Data\data_2

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:data
                                                              Category:dropped
                                                              Size (bytes):8192
                                                              Entropy (8bit):0.011852361981932763
                                                              Encrypted:false
                                                              SSDEEP:3:MsHlDll:/H
                                                              MD5:0962291D6D367570BEE5454721C17E11
                                                              SHA1:59D10A893EF321A706A9255176761366115BEDCB
                                                              SHA-256:EC1702806F4CC7C42A82FC2B38E89835FDE7C64BB32060E0823C9077CA92EFB7
                                                              SHA-512:F555E961B69E09628EAF9C61F465871E6984CD4D31014F954BB747351DAD9CEA6D17C1DB4BCA2C1EB7F187CB5F3C0518748C339C8B43BBD1DBD94AEAA16F58ED
                                                              Malicious:false
                                                              Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Cache\Cache_Data\data_3

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:data
                                                              Category:dropped
                                                              Size (bytes):8192
                                                              Entropy (8bit):0.012340643231932763
                                                              Encrypted:false
                                                              SSDEEP:3:MsGl3ll:/y
                                                              MD5:41876349CB12D6DB992F1309F22DF3F0
                                                              SHA1:5CF26B3420FC0302CD0A71E8D029739B8765BE27
                                                              SHA-256:E09F42C398D688DCE168570291F1F92D079987DEDA3099A34ADB9E8C0522B30C
                                                              SHA-512:E9A4FC1F7CB6AE2901F8E02354A92C4AAA7A53C640DCF692DB42A27A5ACC2A3BFB25A0DE0EB08AB53983132016E7D43132EA4292E439BB636AAFD53FB6EF907E
                                                              Malicious:false
                                                              Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Cache\Cache_Data\index

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:FoxPro FPT, blocks size 768, next free block index 3284796353, field type 0
                                                              Category:dropped
                                                              Size (bytes):524656
                                                              Entropy (8bit):5.027445846313988E-4
                                                              Encrypted:false
                                                              SSDEEP:3:Lsul3d/:LsS
                                                              MD5:66FB89A49E40A9715F67DC9A714AB566
                                                              SHA1:D81BD900470453855B2C5DBDCC4B0EAC645EBFA9
                                                              SHA-256:9262E69821F1916FB69E443F8606A130C1EBBF1E5894DB111C53A963B84CD898
                                                              SHA-512:1CDABD44E5BE5E159EC786331CDB77CC67F442D77D0A68CC7FA309D594DD2695AAA06801FC06E4800BDA7532C2D38D0A9F5B52F4F350F5B9433E286389F01BDE
                                                              Malicious:false
                                                              Preview:............................................../.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\DawnCache\data_0

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:FoxPro FPT, blocks size 512, next free block index 3284796609, field type 0
                                                              Category:dropped
                                                              Size (bytes):8192
                                                              Entropy (8bit):0.01057775872642915
                                                              Encrypted:false
                                                              SSDEEP:3:MsFl:/F
                                                              MD5:CF89D16BB9107C631DAABF0C0EE58EFB
                                                              SHA1:3AE5D3A7CF1F94A56E42F9A58D90A0B9616AE74B
                                                              SHA-256:D6A5FE39CD672781B256E0E3102F7022635F1D4BB7CFCC90A80FFFE4D0F3877E
                                                              SHA-512:8CB5B059C8105EB91E74A7D5952437AAA1ADA89763C5843E7B0F1B93D9EBE15ED40F287C652229291FAC02D712CF7FF5ECECEF276BA0D7DDC35558A3EC3F77B0
                                                              Malicious:false
                                                              Preview:............$...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\DawnCache\data_1

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:data
                                                              Category:dropped
                                                              Size (bytes):270336
                                                              Entropy (8bit):0.0012471779557650352
                                                              Encrypted:false
                                                              SSDEEP:3:MsEllllkEthXllkl2zE:/M/xT02z
                                                              MD5:F50F89A0A91564D0B8A211F8921AA7DE
                                                              SHA1:112403A17DD69D5B9018B8CEDE023CB3B54EAB7D
                                                              SHA-256:B1E963D702392FB7224786E7D56D43973E9B9EFD1B89C17814D7C558FFC0CDEC
                                                              SHA-512:BF8CDA48CF1EC4E73F0DD1D4FA5562AF1836120214EDB74957430CD3E4A2783E801FA3F4ED2AFB375257CAEED4ABE958265237D6E0AACF35A9EDE7A2E8898D58
                                                              Malicious:false
                                                              Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\DawnCache\data_2

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:data
                                                              Category:dropped
                                                              Size (bytes):8192
                                                              Entropy (8bit):0.011852361981932763
                                                              Encrypted:false
                                                              SSDEEP:3:MsHlDll:/H
                                                              MD5:0962291D6D367570BEE5454721C17E11
                                                              SHA1:59D10A893EF321A706A9255176761366115BEDCB
                                                              SHA-256:EC1702806F4CC7C42A82FC2B38E89835FDE7C64BB32060E0823C9077CA92EFB7
                                                              SHA-512:F555E961B69E09628EAF9C61F465871E6984CD4D31014F954BB747351DAD9CEA6D17C1DB4BCA2C1EB7F187CB5F3C0518748C339C8B43BBD1DBD94AEAA16F58ED
                                                              Malicious:false
                                                              Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\DawnCache\data_3

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:data
                                                              Category:dropped
                                                              Size (bytes):8192
                                                              Entropy (8bit):0.012340643231932763
                                                              Encrypted:false
                                                              SSDEEP:3:MsGl3ll:/y
                                                              MD5:41876349CB12D6DB992F1309F22DF3F0
                                                              SHA1:5CF26B3420FC0302CD0A71E8D029739B8765BE27
                                                              SHA-256:E09F42C398D688DCE168570291F1F92D079987DEDA3099A34ADB9E8C0522B30C
                                                              SHA-512:E9A4FC1F7CB6AE2901F8E02354A92C4AAA7A53C640DCF692DB42A27A5ACC2A3BFB25A0DE0EB08AB53983132016E7D43132EA4292E439BB636AAFD53FB6EF907E
                                                              Malicious:false
                                                              Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\DawnCache\index

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:FoxPro FPT, blocks size 768, next free block index 3284796353, field type 0
                                                              Category:dropped
                                                              Size (bytes):262512
                                                              Entropy (8bit):9.553120663130604E-4
                                                              Encrypted:false
                                                              SSDEEP:3:LsNlIrbK:Ls3Irb
                                                              MD5:CE596A8794021FE36B9814A4EBF16F81
                                                              SHA1:A1179F74372619A2F5B331D1DF8DF4AAF1BD9145
                                                              SHA-256:3E859657B405EC78607FDB0C7F3123B977AFB78C471897C1FB64CD37481BB0A5
                                                              SHA-512:0605A332D4CA0FD1043F3453AB6D04ACC3AD93532E3F05F77DE3089BE2B694D8CA5368A06751044F929F586E282F44C734724584F854A700D60817E672E17869
                                                              Malicious:false
                                                              Preview:........................................E..../.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\GPUCache\data_1

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:data
                                                              Category:dropped
                                                              Size (bytes):270336
                                                              Entropy (8bit):0.0012471779557650352
                                                              Encrypted:false
                                                              SSDEEP:3:MsEllllkEthXllkl2zE:/M/xT02z
                                                              MD5:F50F89A0A91564D0B8A211F8921AA7DE
                                                              SHA1:112403A17DD69D5B9018B8CEDE023CB3B54EAB7D
                                                              SHA-256:B1E963D702392FB7224786E7D56D43973E9B9EFD1B89C17814D7C558FFC0CDEC
                                                              SHA-512:BF8CDA48CF1EC4E73F0DD1D4FA5562AF1836120214EDB74957430CD3E4A2783E801FA3F4ED2AFB375257CAEED4ABE958265237D6E0AACF35A9EDE7A2E8898D58
                                                              Malicious:false
                                                              Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb\LOG

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:ASCII text
                                                              Category:dropped
                                                              Size (bytes):432
                                                              Entropy (8bit):5.264069234857325
                                                              Encrypted:false
                                                              SSDEEP:12:PH39+vYfYebvqBQFUt82HtP+J/+2HX9V5JfYebvqBvJ:CYfYebvZg8iuJfYebvk
                                                              MD5:D99D08C0D24907D33E4801C32602E8E0
                                                              SHA1:5B768CE57F34101711546641E3936256D077DB23
                                                              SHA-256:9AE4BAD6A449384EE421A06D16B2C21F1CE21386DEC70B80AD6E6D71093571F5
                                                              SHA-512:32A54189AC3473F5CD77F228CA55DA2B8AEBF810B0C904F16C926A9C6D21083CBB9BC734BDA299EEF71164EDDD30B1ABB22E7784F03009143D4DF10884EB5B48
                                                              Malicious:false
                                                              Preview:2024/09/01-15:18:57.449 1e0c Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb/MANIFEST-000001.2024/09/01-15:18:57.453 1e0c Recovering log #3.2024/09/01-15:18:57.456 1e0c Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb/000003.log .

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb\LOG.old (copy)

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:ASCII text
                                                              Category:dropped
                                                              Size (bytes):432
                                                              Entropy (8bit):5.264069234857325
                                                              Encrypted:false
                                                              SSDEEP:12:PH39+vYfYebvqBQFUt82HtP+J/+2HX9V5JfYebvqBvJ:CYfYebvZg8iuJfYebvk
                                                              MD5:D99D08C0D24907D33E4801C32602E8E0
                                                              SHA1:5B768CE57F34101711546641E3936256D077DB23
                                                              SHA-256:9AE4BAD6A449384EE421A06D16B2C21F1CE21386DEC70B80AD6E6D71093571F5
                                                              SHA-512:32A54189AC3473F5CD77F228CA55DA2B8AEBF810B0C904F16C926A9C6D21083CBB9BC734BDA299EEF71164EDDD30B1ABB22E7784F03009143D4DF10884EB5B48
                                                              Malicious:false
                                                              Preview:2024/09/01-15:18:57.449 1e0c Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb/MANIFEST-000001.2024/09/01-15:18:57.453 1e0c Recovering log #3.2024/09/01-15:18:57.456 1e0c Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb/000003.log .

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\0aeb64fa-e93e-4352-89d7-95f1ca22e064.tmp

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):193
                                                              Entropy (8bit):4.864047146590611
                                                              Encrypted:false
                                                              SSDEEP:6:YHpoueH2a9a1o3/QBR70S7PMVKJTnMRK3VY:YH/u2caq3QH7E4T3y
                                                              MD5:18D8AE83268DD3A59C64AAD659CF2FD3
                                                              SHA1:018C9736438D095A67B1C9953082F671C2FDB681
                                                              SHA-256:D659029D35ADEBB7918AF32FFF3202C63D8047043A8BDF329B2A97751CF95056
                                                              SHA-512:BB0962F930E9844E8C0E9CD209C07F46259E4C7677D5443B7AEE90DCF7B7E8F9960C5E3FCB8A83B9BB40862FBE0442C547083A9FD421D86674B88B2BEBBEB2FB
                                                              Malicious:false
                                                              Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\1d22e22a-e6ea-4c46-81dc-166cf27e1b61.tmp

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):2
                                                              Entropy (8bit):1.0
                                                              Encrypted:false
                                                              SSDEEP:3:H:H
                                                              MD5:D751713988987E9331980363E24189CE
                                                              SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                              SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                              SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                              Malicious:false
                                                              Preview:[]

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\57d68818-86f5-45ef-b162-149eb86cd9a3.tmp

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):2
                                                              Entropy (8bit):1.0
                                                              Encrypted:false
                                                              SSDEEP:3:H:H
                                                              MD5:D751713988987E9331980363E24189CE
                                                              SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                              SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                              SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                              Malicious:false
                                                              Preview:[]

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Network Persistent State

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):193
                                                              Entropy (8bit):4.864047146590611
                                                              Encrypted:false
                                                              SSDEEP:6:YHpoueH2a9a1o3/QBR70S7PMVKJTnMRK3VY:YH/u2caq3QH7E4T3y
                                                              MD5:18D8AE83268DD3A59C64AAD659CF2FD3
                                                              SHA1:018C9736438D095A67B1C9953082F671C2FDB681
                                                              SHA-256:D659029D35ADEBB7918AF32FFF3202C63D8047043A8BDF329B2A97751CF95056
                                                              SHA-512:BB0962F930E9844E8C0E9CD209C07F46259E4C7677D5443B7AEE90DCF7B7E8F9960C5E3FCB8A83B9BB40862FBE0442C547083A9FD421D86674B88B2BEBBEB2FB
                                                              Malicious:false
                                                              Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Network Persistent State~RF2c78c.TMP (copy)

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):193
                                                              Entropy (8bit):4.864047146590611
                                                              Encrypted:false
                                                              SSDEEP:6:YHpoueH2a9a1o3/QBR70S7PMVKJTnMRK3VY:YH/u2caq3QH7E4T3y
                                                              MD5:18D8AE83268DD3A59C64AAD659CF2FD3
                                                              SHA1:018C9736438D095A67B1C9953082F671C2FDB681
                                                              SHA-256:D659029D35ADEBB7918AF32FFF3202C63D8047043A8BDF329B2A97751CF95056
                                                              SHA-512:BB0962F930E9844E8C0E9CD209C07F46259E4C7677D5443B7AEE90DCF7B7E8F9960C5E3FCB8A83B9BB40862FBE0442C547083A9FD421D86674B88B2BEBBEB2FB
                                                              Malicious:false
                                                              Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Network Persistent State~RF3b826.TMP (copy)

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):193
                                                              Entropy (8bit):4.864047146590611
                                                              Encrypted:false
                                                              SSDEEP:6:YHpoueH2a9a1o3/QBR70S7PMVKJTnMRK3VY:YH/u2caq3QH7E4T3y
                                                              MD5:18D8AE83268DD3A59C64AAD659CF2FD3
                                                              SHA1:018C9736438D095A67B1C9953082F671C2FDB681
                                                              SHA-256:D659029D35ADEBB7918AF32FFF3202C63D8047043A8BDF329B2A97751CF95056
                                                              SHA-512:BB0962F930E9844E8C0E9CD209C07F46259E4C7677D5443B7AEE90DCF7B7E8F9960C5E3FCB8A83B9BB40862FBE0442C547083A9FD421D86674B88B2BEBBEB2FB
                                                              Malicious:false
                                                              Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Reporting and NEL

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3035005, file counter 4, database pages 9, cookie 0x4, schema 4, UTF-8, version-valid-for 4
                                                              Category:dropped
                                                              Size (bytes):36864
                                                              Entropy (8bit):0.555790634850688
                                                              Encrypted:false
                                                              SSDEEP:48:TsIopKWurJNVr1GJmA8pv82pfurJNVrdHXuccaurJN2VrJ1n4n1GmzNGU1cSB:QIEumQv8m1ccnvS6
                                                              MD5:0247E46DE79B6CD1BF08CAF7782F7793
                                                              SHA1:B3A63ED5BE3D8EC6E3949FC5E2D21D97ACC873A6
                                                              SHA-256:AAD0053186875205E014AB98AE8C18A6233CB715DD3AF44E7E8EB259AEAB5EEA
                                                              SHA-512:148804598D2A9EA182BD2ADC71663D481F88683CE3D672CE12A43E53B0D34FD70458BE5AAA781B20833E963804E7F4562855F2D18F7731B7C2EAEA5D6D52FBB6
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ ..........................................................................O}.........g...D.........7............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\SCT Auditing Pending Reports (copy)

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):2
                                                              Entropy (8bit):1.0
                                                              Encrypted:false
                                                              SSDEEP:3:H:H
                                                              MD5:D751713988987E9331980363E24189CE
                                                              SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                              SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                              SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                              Malicious:false
                                                              Preview:[]

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\SCT Auditing Pending Reports~RF2b471.TMP (copy)

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):2
                                                              Entropy (8bit):1.0
                                                              Encrypted:false
                                                              SSDEEP:3:H:H
                                                              MD5:D751713988987E9331980363E24189CE
                                                              SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                              SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                              SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                              Malicious:false
                                                              Preview:[]

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Sdch Dictionaries (copy)

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):40
                                                              Entropy (8bit):4.1275671571169275
                                                              Encrypted:false
                                                              SSDEEP:3:Y2ktGMxkAXWMSN:Y2xFMSN
                                                              MD5:20D4B8FA017A12A108C87F540836E250
                                                              SHA1:1AC617FAC131262B6D3CE1F52F5907E31D5F6F00
                                                              SHA-256:6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
                                                              SHA-512:507B2B8A8A168FF8F2BDAFA5D9D341C44501A5F17D9F63F3D43BD586BC9E8AE33221887869FA86F845B7D067CB7D2A7009EFD71DDA36E03A40A74FEE04B86856
                                                              Malicious:false
                                                              Preview:{"SDCH":{"dictionaries":{},"version":2}}

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Trust Tokens

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 9, cookie 0x6, schema 4, UTF-8, version-valid-for 3
                                                              Category:dropped
                                                              Size (bytes):36864
                                                              Entropy (8bit):0.36515621748816035
                                                              Encrypted:false
                                                              SSDEEP:24:TLH3lIIAoDJ84l5lDlnDMlRlyKDtM6UwccWfp15fBIe:Tb31DtX5nDOvyKDhU1cSB
                                                              MD5:25363ADC3C9D98BAD1A33D0792405CBF
                                                              SHA1:D06E343087D86EF1A06F7479D81B26C90A60B5C3
                                                              SHA-256:6E019B8B9E389216D5BDF1F2FE63F41EF98E71DA101F2A6BE04F41CC5954532D
                                                              SHA-512:CF7EEE35D0E00945AF221BEC531E8BF06C08880DA00BD103FA561BC069D7C6F955CBA3C1C152A4884601E5A670B7487D39B4AE9A4D554ED8C14F129A74E555F7
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ ..........................................................................j.......X..g...}.....$.X..............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\a2d8a6cb-3a0d-4bee-b18f-571b75546a78.tmp

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):40
                                                              Entropy (8bit):4.1275671571169275
                                                              Encrypted:false
                                                              SSDEEP:3:Y2ktGMxkAXWMSN:Y2xFMSN
                                                              MD5:20D4B8FA017A12A108C87F540836E250
                                                              SHA1:1AC617FAC131262B6D3CE1F52F5907E31D5F6F00
                                                              SHA-256:6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
                                                              SHA-512:507B2B8A8A168FF8F2BDAFA5D9D341C44501A5F17D9F63F3D43BD586BC9E8AE33221887869FA86F845B7D067CB7D2A7009EFD71DDA36E03A40A74FEE04B86856
                                                              Malicious:false
                                                              Preview:{"SDCH":{"dictionaries":{},"version":2}}

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\aba8c75d-899a-4bb0-a3a4-46d1f8fc5707.tmp

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):111
                                                              Entropy (8bit):4.718418993774295
                                                              Encrypted:false
                                                              SSDEEP:3:YLb9N+eAXRfHDH2LS7PMVKJq0nMb1KKtiVY:YHpoeS7PMVKJTnMRK3VY
                                                              MD5:285252A2F6327D41EAB203DC2F402C67
                                                              SHA1:ACEDB7BA5FBC3CE914A8BF386A6F72CA7BAA33C6
                                                              SHA-256:5DFC321417FC31359F23320EA68014EBFD793C5BBED55F77DAB4180BBD4A2026
                                                              SHA-512:11CE7CB484FEE66894E63C31DB0D6B7EF66AD0327D4E7E2EB85F3BCC2E836A3A522C68D681E84542E471E54F765E091EFE1EE4065641B0299B15613EB32DCC0D
                                                              Malicious:false
                                                              Preview:{"net":{"http_server_properties":{"servers":[],"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\000003.log

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:data
                                                              Category:dropped
                                                              Size (bytes):80
                                                              Entropy (8bit):3.4921535629071894
                                                              Encrypted:false
                                                              SSDEEP:3:S8ltHlS+QUl1ASEGhTFljl:S85aEFljl
                                                              MD5:69449520FD9C139C534E2970342C6BD8
                                                              SHA1:230FE369A09DEF748F8CC23AD70FD19ED8D1B885
                                                              SHA-256:3F2E9648DFDB2DDB8E9D607E8802FEF05AFA447E17733DD3FD6D933E7CA49277
                                                              SHA-512:EA34C39AEA13B281A6067DE20AD0CDA84135E70C97DB3CDD59E25E6536B19F7781E5FC0CA4A11C3618D43FC3BD3FBC120DD5C1C47821A248B8AD351F9F4E6367
                                                              Malicious:false
                                                              Preview:*...#................version.1..namespace-..&f.................&f...............

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\LOG

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:ASCII text
                                                              Category:dropped
                                                              Size (bytes):420
                                                              Entropy (8bit):5.226874685723173
                                                              Encrypted:false
                                                              SSDEEP:12:PcN9+vYfYebvqBZFUt82LJ/+269V5JfYebvqBaJ:UMYfYebvyg8jJfYebvL
                                                              MD5:939DDF5BF3FE85E138616D25B5D861F5
                                                              SHA1:48DE0693CB0C30A8FA0C8052CCC3B0A4EB9C9F9A
                                                              SHA-256:DC7CBC4CC865EDE0EFB94A45D8697C50530CA1323BF3E6FE2BB3A60CE9565E6F
                                                              SHA-512:32A4F37470C2F086E926B6A02077217F12B49684013770AD87B8D71A103401C89EBB0943105BFBACE709D4310A6957553C119A046CC98D1A2AF992C4B8FE27C8
                                                              Malicious:false
                                                              Preview:2024/09/01-15:19:13.571 1e0c Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage/MANIFEST-000001.2024/09/01-15:19:13.572 1e0c Recovering log #3.2024/09/01-15:19:13.575 1e0c Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage/000003.log .

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\LOG.old (copy)

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:ASCII text
                                                              Category:dropped
                                                              Size (bytes):420
                                                              Entropy (8bit):5.226874685723173
                                                              Encrypted:false
                                                              SSDEEP:12:PcN9+vYfYebvqBZFUt82LJ/+269V5JfYebvqBaJ:UMYfYebvyg8jJfYebvL
                                                              MD5:939DDF5BF3FE85E138616D25B5D861F5
                                                              SHA1:48DE0693CB0C30A8FA0C8052CCC3B0A4EB9C9F9A
                                                              SHA-256:DC7CBC4CC865EDE0EFB94A45D8697C50530CA1323BF3E6FE2BB3A60CE9565E6F
                                                              SHA-512:32A4F37470C2F086E926B6A02077217F12B49684013770AD87B8D71A103401C89EBB0943105BFBACE709D4310A6957553C119A046CC98D1A2AF992C4B8FE27C8
                                                              Malicious:false
                                                              Preview:2024/09/01-15:19:13.571 1e0c Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage/MANIFEST-000001.2024/09/01-15:19:13.572 1e0c Recovering log #3.2024/09/01-15:19:13.575 1e0c Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage/000003.log .

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:ASCII text
                                                              Category:dropped
                                                              Size (bytes):326
                                                              Entropy (8bit):5.239636084512943
                                                              Encrypted:false
                                                              SSDEEP:6:PVPdQ3fE9+q2Pwkn23oH+TcwtpIFUt82VPdQ3+GNJZmw+2VPdQ3QQ39VkwOwkn2T:PHmfi+vYfYebmFUt82Hm+GX/+2HmJV5d
                                                              MD5:E1A1CF917BFFCD205F16EB4F6B7D39D2
                                                              SHA1:DF90952E670DAAF99305AEC321408A37B540B100
                                                              SHA-256:7B71BE6C6B7254D13D5FAF680BC9C22063266370C1A85AF600A6A80641444BA5
                                                              SHA-512:3FFE94E0D654114249FD61F1F839467FE1E6876B1784CC2D3A39FC84F2F28E6684A845F0E4C22F339D5C15048E536E0DF3648E3D6586EEBF46015C952EEF34DC
                                                              Malicious:false
                                                              Preview:2024/09/01-15:18:56.258 1d2c Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB/MANIFEST-000001.2024/09/01-15:18:56.259 1d2c Recovering log #3.2024/09/01-15:18:56.260 1d2c Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB/000003.log .

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG.old (copy)

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:ASCII text
                                                              Category:dropped
                                                              Size (bytes):326
                                                              Entropy (8bit):5.239636084512943
                                                              Encrypted:false
                                                              SSDEEP:6:PVPdQ3fE9+q2Pwkn23oH+TcwtpIFUt82VPdQ3+GNJZmw+2VPdQ3QQ39VkwOwkn2T:PHmfi+vYfYebmFUt82Hm+GX/+2HmJV5d
                                                              MD5:E1A1CF917BFFCD205F16EB4F6B7D39D2
                                                              SHA1:DF90952E670DAAF99305AEC321408A37B540B100
                                                              SHA-256:7B71BE6C6B7254D13D5FAF680BC9C22063266370C1A85AF600A6A80641444BA5
                                                              SHA-512:3FFE94E0D654114249FD61F1F839467FE1E6876B1784CC2D3A39FC84F2F28E6684A845F0E4C22F339D5C15048E536E0DF3648E3D6586EEBF46015C952EEF34DC
                                                              Malicious:false
                                                              Preview:2024/09/01-15:18:56.258 1d2c Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB/MANIFEST-000001.2024/09/01-15:18:56.259 1d2c Recovering log #3.2024/09/01-15:18:56.260 1d2c Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB/000003.log .

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Top Sites

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 2, database pages 7, 1st free page 5, free pages 2, cookie 0x5, schema 4, UTF-8, version-valid-for 2
                                                              Category:dropped
                                                              Size (bytes):28672
                                                              Entropy (8bit):0.26707851465859517
                                                              Encrypted:false
                                                              SSDEEP:12:TLPp5yN8h6MvDOH+FxOUwa5qVZ7Nkl25Pe2d:TLh8Gxk+6Uwc8NlYC
                                                              MD5:04F8B790DF73BD7CD01238F4681C3F44
                                                              SHA1:DF12D0A21935FC01B36A24BF72AB9640FEBB2077
                                                              SHA-256:96BD789329E46DD9D83002DC40676922A48A3601BF4B5D7376748B34ECE247A0
                                                              SHA-512:0DD492C371D310121F7FD57D29F8CE92AA2536A74923AC27F9C4C0C1580C849D7779348FC80410DEBB5EEE14F357EBDF33BF670D1E7B6CCDF15D69AC127AB7C3
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ ..........................................................................j..........g.......j.j................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:data
                                                              Category:dropped
                                                              Size (bytes):131072
                                                              Entropy (8bit):0.005540384065426848
                                                              Encrypted:false
                                                              SSDEEP:3:ImtVx//l/hIIDlltyE/leTtt:IiVt/l5l4Et
                                                              MD5:32A9A88D1B978D4D1EC4EB07A82D22A5
                                                              SHA1:D0F6930E7CE271797BE39E4B02234C238EF1DD4D
                                                              SHA-256:69BE3F6E37F092E9B5A178990FC1142E4C946B66B0521CCE9AA012375C917CB6
                                                              SHA-512:EE8B6E8BD56735E3E530550D53EF27271D8FF0F9EFBA6044268B14F8B967BDF0653C16EC8A2B52BA2E3F95CCD66789F4EDD78792EC3E9D71B60177FF3B69570C
                                                              Malicious:false
                                                              Preview:VLnk.....?.........u.6Q.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Web Data

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 5, database pages 89, cookie 0x66, schema 4, UTF-8, version-valid-for 5
                                                              Category:dropped
                                                              Size (bytes):184320
                                                              Entropy (8bit):1.0673752754548955
                                                              Encrypted:false
                                                              SSDEEP:192:QSqzWMMUfTlnGCTjHbRJkkqtXaWTK+hGgH+6e7EHVumYDN7n6:QrzWMff5nzkkqtXnTK+hNH+5EVumi
                                                              MD5:8DEBE7A830FBCA53835C184B15EA3C4D
                                                              SHA1:C22E32E518147E7D25D44BD87B3789F85A078DD1
                                                              SHA-256:B332C0E18FAC3E3F9DA7EBB244A76AA015F7A08A2BC31223634E7BEB2175D0AD
                                                              SHA-512:06BAF1AC71A1684F831FD0FDFD2BA506449ABFC8E328BB0C77FA5518B8D25754DDE50DCB61506C52E8BD2433109A17EFA0C22AF79D3F07F7AAC942F1F8FEB3C1
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ .......Y...........f......................................................j............O........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\WebAssistDatabase

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 10, database pages 7, cookie 0xb, schema 4, UTF-8, version-valid-for 10
                                                              Category:dropped
                                                              Size (bytes):14336
                                                              Entropy (8bit):1.4144150105247923
                                                              Encrypted:false
                                                              SSDEEP:48:uOK3tjkSdj5IUltGhp22iSBgEa2Ry+S6Q3Jt2Ry+S6sxj/:PtSjGhp22iSRVzI
                                                              MD5:FF2DED9D9E84C2F8B03A6E7BA271E497
                                                              SHA1:F3E7FB7EA05DA91E3C043719A1D2F4200AA1EA2E
                                                              SHA-256:94103E63697527389D376847402F7068C9775091F09BC0FD1853F75A82C0F5CA
                                                              SHA-512:368EE72A1EE71F8BD75E131636F550E70C3FAC780E0CC66D48B014D361040C662DDF474330D378755B052A8677D5AF5E9079B95F8837B4B183D2E987C2A9C822
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ ..........................................................................j..................n..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\WebStorage\QuotaManager

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 10, cookie 0x7, schema 4, UTF-8, version-valid-for 1
                                                              Category:dropped
                                                              Size (bytes):40960
                                                              Entropy (8bit):0.41235120905181716
                                                              Encrypted:false
                                                              SSDEEP:48:Tnj7dojKsKmjKZKAsjZNOjAhts3N8g1j3UcB:v7doKsKuKZKlZNmu46yjx
                                                              MD5:981F351994975A68A0DD3ECE5E889FD0
                                                              SHA1:080D3386290A14A68FCE07709A572AF98097C52D
                                                              SHA-256:3F0C0B2460E0AA2A94E0BF79C8944F2F4835D2701249B34A13FD200F7E5316D7
                                                              SHA-512:C5930797C46EEC25D356BAEB6CFE37E9F462DEE2AE8866343B2C382DBAD45C1544EF720D520C4407F56874596B31EFD6822B58A9D3DAE6F85E47FF802DBAA20B
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ ..........................................................................j.......w..g...........M...w..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\aa0b92e2-8cc9-4959-843e-dfb73ecea653.tmp

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:ASCII text, with very long lines (1597), with CRLF line terminators
                                                              Category:dropped
                                                              Size (bytes):115717
                                                              Entropy (8bit):5.183660917461099
                                                              Encrypted:false
                                                              SSDEEP:1536:utDURN77GZqW3v6PD/469IxVBmB22q7LRks3swn0:utAaE2Jt0
                                                              MD5:3D8183370B5E2A9D11D43EBEF474B305
                                                              SHA1:155AB0A46E019E834FA556F3D818399BFF02162B
                                                              SHA-256:6A30BADAD93601FC8987B8239D8907BCBE65E8F1993E4D045D91A77338A2A5B4
                                                              SHA-512:B7AD04F10CD5DE147BDBBE2D642B18E9ECB2D39851BE1286FDC65FF83985EA30278C95263C98999B6D94683AE1DB86436877C30A40992ACA1743097A2526FE81
                                                              Malicious:false
                                                              Preview:{.. "current_locale": "en-GB",.. "hub_apps": [ {.. "auto_show": {.. "enabled": true,.. "fre_notification": {.. "enabled": true,.. "header": "Was opening this pane helpful to you?",.. "show_count": 2,.. "text": "Was opening this pane helpful to you?".. },.. "settings_description": "We'll automatically open Bing Chat in the sidebar to show you relevant web experiences alongside your web content",.. "settings_title": "Automatically open Bing Chat in the sidebar",.. "triggering_configs|flight:msHubAppsMsnArticleAutoShowTriggering": [ {.. "show_count_basis": "signal",.. "signal_name": "IsMsnArticleAutoOpenFromP1P2",.. "signal_threshold": 0.5.. } ],.. "triggering_configs|flight:msUndersidePersistentChat": [ {.. "signal_name": "IsUndersidePersistentChatLink",.. "signal_threshold": 0.5.. } ],.. "triggering_co

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\aebecdda-452e-4eb2-86bc-83c99274d82c.tmp

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:very short file (no magic)
                                                              Category:dropped
                                                              Size (bytes):1
                                                              Entropy (8bit):0.0
                                                              Encrypted:false
                                                              SSDEEP:3:L:L
                                                              MD5:5058F1AF8388633F609CADB75A75DC9D
                                                              SHA1:3A52CE780950D4D969792A2559CD519D7EE8C727
                                                              SHA-256:CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
                                                              SHA-512:0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
                                                              Malicious:false
                                                              Preview:.

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\arbitration_service_config.json

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:ASCII text, with very long lines (3951), with CRLF line terminators
                                                              Category:dropped
                                                              Size (bytes):11755
                                                              Entropy (8bit):5.190465908239046
                                                              Encrypted:false
                                                              SSDEEP:192:hH4vrmqRBB4W4PoiUDNaxvR5FCHFcoaSbqGEDI:hH4vrmUB6W4jR3GaSbqGEDI
                                                              MD5:07301A857C41B5854E6F84CA00B81EA0
                                                              SHA1:7441FC1018508FF4F3DBAA139A21634C08ED979C
                                                              SHA-256:2343C541E095E1D5F202E8D2A0807113E69E1969AF8E15E3644C51DB0BF33FBF
                                                              SHA-512:00ADE38E9D2F07C64648202F1D5F18A2DFB2781C0517EAEBCD567D8A77DBB7CB40A58B7C7D4EC03336A63A20D2E11DD64448F020C6FF72F06CA870AA2B4765E0
                                                              Malicious:false
                                                              Preview:{.. "DefaultCohort": {.. "21f3388b-c2a5-4791-8f6e-a4cad6d17f4f.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.BingHomePage.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Covid.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Finance.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Jobs.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.KnowledgeCard.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Local.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.NTP3PCLICK.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.NotifySearchPage.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Recipe.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.SearchPage.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Sports.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Travel.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Weather.Bubble": 1,.. "2cb2db96-3bd0-403e-abe2-9269b3761041.Bubble": 1,.

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\c203f2f6-98fa-4deb-a009-38e355d0fccd.tmp

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:very short file (no magic)
                                                              Category:dropped
                                                              Size (bytes):1
                                                              Entropy (8bit):0.0
                                                              Encrypted:false
                                                              SSDEEP:3:L:L
                                                              MD5:5058F1AF8388633F609CADB75A75DC9D
                                                              SHA1:3A52CE780950D4D969792A2559CD519D7EE8C727
                                                              SHA-256:CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
                                                              SHA-512:0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
                                                              Malicious:false
                                                              Preview:.

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\d1004e34-5bf8-4e10-bda7-4f1d2ca452d3.tmp

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):13649
                                                              Entropy (8bit):5.239789483967391
                                                              Encrypted:false
                                                              SSDEEP:192:sVaJ9pQTryZiuaba4uyAJb4ryCguYYW3387pj+F1FQADtG1f:sVaLAJujJsryxupU7QOa
                                                              MD5:ED00C12F33CBC9081D96FBBEE6675481
                                                              SHA1:45FE5B014BBF93A6D0BAC2C3A770E60EEE7237F8
                                                              SHA-256:F4F91474AC5F99BBE77FD0329A38CA891F144D3D1E70C5D2B78AC2825DE59516
                                                              SHA-512:A49890F6D3A7164C19C9C409C43E8727453521DEB00119E973454734A144B8BB24209B27AF3579D1DB9F46CB570F84DD35F02EB085B944268A7C5A9BE828ADA6
                                                              Malicious:false
                                                              Preview:{"aadc_info":{"age_group":0},"account_id_migration_state":2,"account_tracker_service_last_update":"13369691936772833","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117794":{"last_path":""},"380c71d3-10bf-4a5d-9a06-c932e4b7d1d8":{"last_path":""},"3a2f4dee-d482-4ef8-baef-cb22b649608c":{"last_path":""},"3b5ee6f6-5322-4061-81e4-d976818

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\databases\Databases.db

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 7, cookie 0x4, schema 4, UTF-8, version-valid-for 1
                                                              Category:dropped
                                                              Size (bytes):28672
                                                              Entropy (8bit):0.3410017321959524
                                                              Encrypted:false
                                                              SSDEEP:12:TLiqi/nGb0EiDFIlTSFbyrKZb9YwFOqAyl+FxOUwa5qgufTJpbZ75fOSG:TLiMNiD+lZk/Fj+6UwccNp15fBG
                                                              MD5:98643AF1CA5C0FE03CE8C687189CE56B
                                                              SHA1:ECADBA79A364D72354C658FD6EA3D5CF938F686B
                                                              SHA-256:4DC3BF7A36AB5DA80C0995FAF61ED0F96C4DE572F2D6FF9F120F9BC44B69E444
                                                              SHA-512:68B69FCE8EF5AB1DDA2994BA4DB111136BD441BC3EFC0251F57DC20A3095B8420669E646E2347EAB7BAF30CACA4BCF74BD88E049378D8DE57DE72E4B8A5FF74B
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ ..........................................................................j..........g.....P....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\dd690892-d485-4eea-8ec2-9fa1985e0aef.tmp

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):34462
                                                              Entropy (8bit):5.558242763687503
                                                              Encrypted:false
                                                              SSDEEP:768:ZsFkWCWPdNf9C8F1+UoAYDCx9Tuqh0VfUC9xbog/OVO1Vnqrw1VbDdKp3tuM:ZsFkWCWPdNf9Cu1jaPbnP1V1Stv
                                                              MD5:25B15ABE0A473B7C5BD23BBE5E0D953F
                                                              SHA1:9B9EA4B11F46BBEAE0A662C1174E722CAFCF3563
                                                              SHA-256:FDD7E5BCF66F032AA0CBE818C0FA776671B0C0F60F0AA41EA4FDC6E52D801C9E
                                                              SHA-512:F580DC51A20E22ED83D87AE16170C3BF5BB4B1E55BCA2BA167A06A1604BEC49ABEF8C6D84EBCD8AB50CF3EB7F50BADA3D7821E5567B021AF634F4E867148D8F8
                                                              Malicious:false
                                                              Preview:{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13369691936105297","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13369691936105297","location":5,"ma

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\dfecd7df-8498-49c0-8212-d06a60cb97d7.tmp

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):12922
                                                              Entropy (8bit):5.166570508097393
                                                              Encrypted:false
                                                              SSDEEP:192:sVaJ9pQTryZiuaba4uyAJb4ryC+YW3387pj+F1FQAVtG1f:sVaLAJujJsryGpU7Qoa
                                                              MD5:154D256FF293ACC067440FD62A3C16D5
                                                              SHA1:9F40816F7DBF27A0EE59EEA62EC1E9DC45D52174
                                                              SHA-256:AB1643FDAD5748565C6A1DBB490FFE8573D87BDB3CED4F2559F85553B835D108
                                                              SHA-512:B730C9F6EA20AA664EF6C383DE804E148143483741AB1493722F7173C81FA22315803D7E2859C949B8CDB0B172AE65340E9F46232C3EA2DE0F0EEC9BAB64F5F5
                                                              Malicious:false
                                                              Preview:{"aadc_info":{"age_group":0},"account_id_migration_state":2,"account_tracker_service_last_update":"13369691936772833","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117794":{"last_path":""},"380c71d3-10bf-4a5d-9a06-c932e4b7d1d8":{"last_path":""},"3a2f4dee-d482-4ef8-baef-cb22b649608c":{"last_path":""},"3b5ee6f6-5322-4061-81e4-d976818

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\heavy_ad_intervention_opt_out.db

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 2, database pages 4, cookie 0x2, schema 4, UTF-8, version-valid-for 2
                                                              Category:dropped
                                                              Size (bytes):16384
                                                              Entropy (8bit):0.35226517389931394
                                                              Encrypted:false
                                                              SSDEEP:12:TLC+waBg9LBgVDBgQjiZBgKuFtuQkMbmgcVAzO5kMCgGUg5OR:TLPdBgtBgJBgQjiZS53uQFE27MCgGZsR
                                                              MD5:D2CCDC36225684AAE8FA563AFEDB14E7
                                                              SHA1:3759649035F23004A4C30A14C5F0B54191BEBF80
                                                              SHA-256:080AEE864047C67CB1586A5BA5EDA007AFD18ECC2B702638287E386F159D7AEE
                                                              SHA-512:1A915AF643D688CA68AEDC1FF26C407D960D18DFDE838B417C437D7ADAC7B91C906E782DCC414784E64287915BD1DE5BB6A282E59AA9FEB8C384B4D4BC5F70EC
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ ..........................................................................j.......Q......Q......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db-shm

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:data
                                                              Category:dropped
                                                              Size (bytes):32768
                                                              Entropy (8bit):0.09717079535727363
                                                              Encrypted:false
                                                              SSDEEP:6:G9l/bPl/bs9XHl/Vl/Unkl/Vl/Vl/Vl/Vl/Vl/Vl/Vl/Vl/Vl/Vl/Vl/Vl/UpW6N:Ct7toFnnnnnnnnnnnnnnpEo
                                                              MD5:7F714C2E6685B60297B6C4A76735FD1D
                                                              SHA1:E2DB17C839ACB24F70ED9EE65B145386A39CBAB2
                                                              SHA-256:2970D30D5352EF3C3A1B8ED353B09AC71ECB74A0D94B6086481CB0A44E2E78EA
                                                              SHA-512:D22B86238C301E56383FDEF1833B4AD1AC610BBA600061F5581496A60B7E840BA62B842626DA623A1E928FCDFBC1A128B5C885542814B1A032C763702DE3800A
                                                              Malicious:false
                                                              Preview:..-.............H........J.O..d.i.z..%M....A8X..-.............H........J.O..d.i.z..%M....A8X........D...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db-wal

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:SQLite Write-Ahead Log, version 3007000
                                                              Category:dropped
                                                              Size (bytes):296672
                                                              Entropy (8bit):1.0134985731557578
                                                              Encrypted:false
                                                              SSDEEP:384:CcmvlRxdQkJZ1HN3XKxlwZamvsKZaxvfc:CPJdQkJZ1HN3XKhSs/hk
                                                              MD5:3CED7CB286C4DDBDA6B29BA8F3326E34
                                                              SHA1:8930A4A562353CABB97BE2AA10E55179524C27CD
                                                              SHA-256:60E37A56A5D19AA0043280FEBCB1190B7875103ECFDC5A74886073DBCF130CD0
                                                              SHA-512:4009EC402159F88B9F560D5C0A58D72AF82D4AFA5D64D1F8ACFB10589AAE1877E4F8A81AD66D2B3502B050BB2DF5AEA549EA15AB49F2F2839043E006D2902888
                                                              Malicious:false
                                                              Preview:7....-...........i.z..%MO.m.T...........i.z..%M3.#....1................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000001.dbtmp

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:ASCII text
                                                              Category:dropped
                                                              Size (bytes):16
                                                              Entropy (8bit):3.2743974703476995
                                                              Encrypted:false
                                                              SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                              MD5:46295CAC801E5D4857D09837238A6394
                                                              SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                              SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                              SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                              Malicious:false
                                                              Preview:MANIFEST-000001.

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:data
                                                              Category:modified
                                                              Size (bytes):250
                                                              Entropy (8bit):3.7048918782369986
                                                              Encrypted:false
                                                              SSDEEP:3:VVXntjQPEnjQpcSlll3seGKT9rcQ6xdUQYrOtlTxotlTxotlTxotlTxotlTxotle:/XntM+Wlll3sedhOXYrOuuuuuu
                                                              MD5:8BDFEEEF71E2C35C423B4904A6DCBAE8
                                                              SHA1:96F26B968EE39532CF170CA82D4ABB4A01556744
                                                              SHA-256:5D7F14F10AD534DEFBFFF65F482BE130FA25509D9F4E021ACF6A0ED8DF5E578E
                                                              SHA-512:3D87E2145A9B5A581DA2C0D5AB8CE4D3ADCB4534F2BD48705626DAE3D842BEBDAD83BBAC0CCE10DFD5CBDED06009A2D7C9E21B508CBB5BE5F23FCBE089DEDAE9
                                                              Malicious:false
                                                              Preview:A..r.................20_1_1...1.,U.................20_1_1...1Z...0................39_config..........6.....n ....1u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\CURRENT (copy)

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:ASCII text
                                                              Category:dropped
                                                              Size (bytes):16
                                                              Entropy (8bit):3.2743974703476995
                                                              Encrypted:false
                                                              SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                              MD5:46295CAC801E5D4857D09837238A6394
                                                              SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                              SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                              SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                              Malicious:false
                                                              Preview:MANIFEST-000001.

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:ASCII text
                                                              Category:dropped
                                                              Size (bytes):281
                                                              Entropy (8bit):5.253658547489799
                                                              Encrypted:false
                                                              SSDEEP:6:PVPdQ99f2s1wkn23oH+Tcwtfrl2KLllVPdQJL+q2Pwkn23oH+TcwtfrK+IFUv:PH08fYeb1LnHK+vYfYeb23FUv
                                                              MD5:A057369F8F7C1199A260539136BABC78
                                                              SHA1:91541F57120111926E72781D91A62883E2015426
                                                              SHA-256:737C9E03D9A2F03B59593F33FD790224FB6BB1AEF4D8614DC6E67E3FECAB4DE1
                                                              SHA-512:AE44730D3E7C2EF7972944C990E4A48990984AE70C25288AEB8DB1BC7CF695F8CAC633272CD7E32AADC759521DEE977A6AB75BBB4FC8CB68BB6B0D89D24F5BF1
                                                              Malicious:false
                                                              Preview:2024/09/01-15:18:56.813 1c9c Creating DB C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db since it was missing..2024/09/01-15:18:57.289 1c9c Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db/MANIFEST-000001.

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\MANIFEST-000001

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:OpenPGP Secret Key
                                                              Category:dropped
                                                              Size (bytes):41
                                                              Entropy (8bit):4.704993772857998
                                                              Encrypted:false
                                                              SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                                              MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                              SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                              SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                              SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                              Malicious:false
                                                              Preview:.|.."....leveldb.BytewiseComparator......

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000001.dbtmp

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:ASCII text
                                                              Category:dropped
                                                              Size (bytes):16
                                                              Entropy (8bit):3.2743974703476995
                                                              Encrypted:false
                                                              SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                              MD5:46295CAC801E5D4857D09837238A6394
                                                              SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                              SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                              SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                              Malicious:false
                                                              Preview:MANIFEST-000001.

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:data
                                                              Category:dropped
                                                              Size (bytes):617
                                                              Entropy (8bit):3.9325179151892424
                                                              Encrypted:false
                                                              SSDEEP:12:G0nYUteza//z3p/Uz0RuWlJhC+lvBavRtin01zv0:G0nYUtezaD3RUovhC+lvBOL0
                                                              MD5:AD15D72AA4792C14DDD002CED70E8245
                                                              SHA1:30D0E75166FDA7126A73480EE3222C193231B579
                                                              SHA-256:17A781FB31D3176491D9B277ADEEE5521972C68956A2271637BBCBFEB27D6A7D
                                                              SHA-512:20B8D19B529A392FE0CBB44844926210D98C477498377B8370AA3A3A763C047EF96BE341686406522868EF848C83EF5EF4792B17CDD0462D4680EDA542C8A54F
                                                              Malicious:false
                                                              Preview:.h.6.................__global... .t...................__global... .9..b.................33_..........................21_.....n[.=.................33_.....vuNX.................21_.....<...................20_.....,.1..................19_.....QL.s.................18_.....<.J|.................37_...... .A.................38_..........................39_........].................20_.....Owa..................20_.....`..N.................19_.....D8.X.................18_......`...................37_..........................38_......\e..................39_.....dz.|.................9_.....'\c..................9_.....

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\CURRENT (copy)

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:ASCII text
                                                              Category:dropped
                                                              Size (bytes):16
                                                              Entropy (8bit):3.2743974703476995
                                                              Encrypted:false
                                                              SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                              MD5:46295CAC801E5D4857D09837238A6394
                                                              SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                              SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                              SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                              Malicious:false
                                                              Preview:MANIFEST-000001.

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:ASCII text
                                                              Category:dropped
                                                              Size (bytes):299
                                                              Entropy (8bit):5.20280657060814
                                                              Encrypted:false
                                                              SSDEEP:6:PVPdQOf3M1wkn23oH+Tcwtfrzs52KLllVPdQ9eZq2Pwkn23oH+TcwtfrzAdIFUv:PHd3rfYebs9LnHrZvYfYeb9FUv
                                                              MD5:DC88591BB44DA78583FFFEE89BACE33E
                                                              SHA1:F3BEE544335077FF5CE9DA63A96AD9EE0A7CB474
                                                              SHA-256:0F046FE1034611641FFAB34DDFA98D4692DE788F1456A88003A9D2C91D4A9C91
                                                              SHA-512:9DF26833136DD514D98F9D7FD6FF5EBE1D772126E11CB3656678CE5F51AAAE8DE4EC979EDE240DFD9BCFDD30CB08C98312FA26AAD8A13D54BFE17D4D9351FB1F
                                                              Malicious:false
                                                              Preview:2024/09/01-15:18:56.789 1d14 Creating DB C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata since it was missing..2024/09/01-15:18:56.808 1d14 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata/MANIFEST-000001.

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\MANIFEST-000001

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:OpenPGP Secret Key
                                                              Category:dropped
                                                              Size (bytes):41
                                                              Entropy (8bit):4.704993772857998
                                                              Encrypted:false
                                                              SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                                              MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                              SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                              SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                              SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                              Malicious:false
                                                              Preview:.|.."....leveldb.BytewiseComparator......

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\data_0

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:FoxPro FPT, blocks size 512, next free block index 3284796609, field type 0
                                                              Category:dropped
                                                              Size (bytes):8192
                                                              Entropy (8bit):0.01057775872642915
                                                              Encrypted:false
                                                              SSDEEP:3:MsFl:/F
                                                              MD5:CF89D16BB9107C631DAABF0C0EE58EFB
                                                              SHA1:3AE5D3A7CF1F94A56E42F9A58D90A0B9616AE74B
                                                              SHA-256:D6A5FE39CD672781B256E0E3102F7022635F1D4BB7CFCC90A80FFFE4D0F3877E
                                                              SHA-512:8CB5B059C8105EB91E74A7D5952437AAA1ADA89763C5843E7B0F1B93D9EBE15ED40F287C652229291FAC02D712CF7FF5ECECEF276BA0D7DDC35558A3EC3F77B0
                                                              Malicious:false
                                                              Preview:............$...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\data_1

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:data
                                                              Category:dropped
                                                              Size (bytes):270336
                                                              Entropy (8bit):8.280239615765425E-4
                                                              Encrypted:false
                                                              SSDEEP:3:MsEllllkEthXllkl2:/M/xT02
                                                              MD5:D0D388F3865D0523E451D6BA0BE34CC4
                                                              SHA1:8571C6A52AACC2747C048E3419E5657B74612995
                                                              SHA-256:902F30C1FB0597D0734BC34B979EC5D131F8F39A4B71B338083821216EC8D61B
                                                              SHA-512:376011D00DE659EB6082A74E862CFAC97A9BB508E0B740761505142E2D24EC1C30AA61EFBC1C0DD08FF0F34734444DE7F77DD90A6CA42B48A4C7FAD5F0BDDD17
                                                              Malicious:false
                                                              Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\data_2

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:data
                                                              Category:dropped
                                                              Size (bytes):8192
                                                              Entropy (8bit):0.011852361981932763
                                                              Encrypted:false
                                                              SSDEEP:3:MsHlDll:/H
                                                              MD5:0962291D6D367570BEE5454721C17E11
                                                              SHA1:59D10A893EF321A706A9255176761366115BEDCB
                                                              SHA-256:EC1702806F4CC7C42A82FC2B38E89835FDE7C64BB32060E0823C9077CA92EFB7
                                                              SHA-512:F555E961B69E09628EAF9C61F465871E6984CD4D31014F954BB747351DAD9CEA6D17C1DB4BCA2C1EB7F187CB5F3C0518748C339C8B43BBD1DBD94AEAA16F58ED
                                                              Malicious:false
                                                              Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\data_3

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:data
                                                              Category:dropped
                                                              Size (bytes):8192
                                                              Entropy (8bit):0.012340643231932763
                                                              Encrypted:false
                                                              SSDEEP:3:MsGl3ll:/y
                                                              MD5:41876349CB12D6DB992F1309F22DF3F0
                                                              SHA1:5CF26B3420FC0302CD0A71E8D029739B8765BE27
                                                              SHA-256:E09F42C398D688DCE168570291F1F92D079987DEDA3099A34ADB9E8C0522B30C
                                                              SHA-512:E9A4FC1F7CB6AE2901F8E02354A92C4AAA7A53C640DCF692DB42A27A5ACC2A3BFB25A0DE0EB08AB53983132016E7D43132EA4292E439BB636AAFD53FB6EF907E
                                                              Malicious:false
                                                              Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\index

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:FoxPro FPT, blocks size 768, next free block index 3284796353, field type 0
                                                              Category:dropped
                                                              Size (bytes):262512
                                                              Entropy (8bit):9.553120663130604E-4
                                                              Encrypted:false
                                                              SSDEEP:3:LsNl:Ls3
                                                              MD5:05B61CCE8EB7F9CEDC65FA3A5F9E1476
                                                              SHA1:211E1BBC3DDA58B5973DAC46CE5E02871CA607DD
                                                              SHA-256:406BFFE43749AFDD5258385036C99CAAE3403735A1DEEB229B08D021B89F46E2
                                                              SHA-512:8470C3410F93F50B76FBAD54D11EE9E94429CC573386440B9DB9EE0BCA51664C855729E4519F611DDA9354095F0A6CC615ED94B9E7D8332EF9649CDC731AD1D2
                                                              Malicious:false
                                                              Preview:........................................6...../.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\GraphiteDawnCache\data_0

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:FoxPro FPT, blocks size 512, next free block index 3284796609, field type 0
                                                              Category:dropped
                                                              Size (bytes):8192
                                                              Entropy (8bit):0.01057775872642915
                                                              Encrypted:false
                                                              SSDEEP:3:MsFl:/F
                                                              MD5:CF89D16BB9107C631DAABF0C0EE58EFB
                                                              SHA1:3AE5D3A7CF1F94A56E42F9A58D90A0B9616AE74B
                                                              SHA-256:D6A5FE39CD672781B256E0E3102F7022635F1D4BB7CFCC90A80FFFE4D0F3877E
                                                              SHA-512:8CB5B059C8105EB91E74A7D5952437AAA1ADA89763C5843E7B0F1B93D9EBE15ED40F287C652229291FAC02D712CF7FF5ECECEF276BA0D7DDC35558A3EC3F77B0
                                                              Malicious:false
                                                              Preview:............$...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\GraphiteDawnCache\data_1

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:data
                                                              Category:dropped
                                                              Size (bytes):270336
                                                              Entropy (8bit):8.280239615765425E-4
                                                              Encrypted:false
                                                              SSDEEP:3:MsEllllkEthXllkl2:/M/xT02
                                                              MD5:D0D388F3865D0523E451D6BA0BE34CC4
                                                              SHA1:8571C6A52AACC2747C048E3419E5657B74612995
                                                              SHA-256:902F30C1FB0597D0734BC34B979EC5D131F8F39A4B71B338083821216EC8D61B
                                                              SHA-512:376011D00DE659EB6082A74E862CFAC97A9BB508E0B740761505142E2D24EC1C30AA61EFBC1C0DD08FF0F34734444DE7F77DD90A6CA42B48A4C7FAD5F0BDDD17
                                                              Malicious:false
                                                              Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\GraphiteDawnCache\data_2

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:data
                                                              Category:dropped
                                                              Size (bytes):8192
                                                              Entropy (8bit):0.011852361981932763
                                                              Encrypted:false
                                                              SSDEEP:3:MsHlDll:/H
                                                              MD5:0962291D6D367570BEE5454721C17E11
                                                              SHA1:59D10A893EF321A706A9255176761366115BEDCB
                                                              SHA-256:EC1702806F4CC7C42A82FC2B38E89835FDE7C64BB32060E0823C9077CA92EFB7
                                                              SHA-512:F555E961B69E09628EAF9C61F465871E6984CD4D31014F954BB747351DAD9CEA6D17C1DB4BCA2C1EB7F187CB5F3C0518748C339C8B43BBD1DBD94AEAA16F58ED
                                                              Malicious:false
                                                              Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\GraphiteDawnCache\data_3

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:data
                                                              Category:dropped
                                                              Size (bytes):8192
                                                              Entropy (8bit):0.012340643231932763
                                                              Encrypted:false
                                                              SSDEEP:3:MsGl3ll:/y
                                                              MD5:41876349CB12D6DB992F1309F22DF3F0
                                                              SHA1:5CF26B3420FC0302CD0A71E8D029739B8765BE27
                                                              SHA-256:E09F42C398D688DCE168570291F1F92D079987DEDA3099A34ADB9E8C0522B30C
                                                              SHA-512:E9A4FC1F7CB6AE2901F8E02354A92C4AAA7A53C640DCF692DB42A27A5ACC2A3BFB25A0DE0EB08AB53983132016E7D43132EA4292E439BB636AAFD53FB6EF907E
                                                              Malicious:false
                                                              Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\GraphiteDawnCache\index

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:FoxPro FPT, blocks size 768, next free block index 3284796353, field type 0
                                                              Category:dropped
                                                              Size (bytes):262512
                                                              Entropy (8bit):9.553120663130604E-4
                                                              Encrypted:false
                                                              SSDEEP:3:LsNl9:Ls3
                                                              MD5:8AE9806BA59D782153DF3BF3D211EDB7
                                                              SHA1:C41CD49F42D1B050FAD711E6BA69A03825FA6E7E
                                                              SHA-256:7D14A2F1971D327A74384B89C80B6869B59232259FBBB8AF243C3B3A03BE98F8
                                                              SHA-512:04C2303321CB38560463D9019E27EC0121122CA009E1C8EDE7873F863C91FC2E7893506C1834D3882AB8E615171C236D856B00AEE19D1AC073EAF9F66678097B
                                                              Malicious:false
                                                              Preview:........................................~...../.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Last Browser

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:data
                                                              Category:dropped
                                                              Size (bytes):120
                                                              Entropy (8bit):3.32524464792714
                                                              Encrypted:false
                                                              SSDEEP:3:tbloIlrJFlXnpQoWcNylRjlgbYnPdJiG6R7lZAUAl:tbdlrYoWcV0n1IGi7kBl
                                                              MD5:A397E5983D4A1619E36143B4D804B870
                                                              SHA1:AA135A8CC2469CFD1EF2D7955F027D95BE5DFBD4
                                                              SHA-256:9C70F766D3B84FC2BB298EFA37CC9191F28BEC336329CC11468CFADBC3B137F4
                                                              SHA-512:4159EA654152D2810C95648694DD71957C84EA825FCCA87B36F7E3282A72B30EF741805C610C5FA847CA186E34BDE9C289AAA7B6931C5B257F1D11255CD2A816
                                                              Malicious:false
                                                              Preview:C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.M.i.c.r.o.s.o.f.t.\.E.d.g.e.\.A.p.p.l.i.c.a.t.i.o.n.\.m.s.e.d.g.e...e.x.e.

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Last Version

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:ASCII text, with no line terminators
                                                              Category:dropped
                                                              Size (bytes):13
                                                              Entropy (8bit):2.7192945256669794
                                                              Encrypted:false
                                                              SSDEEP:3:NYLFRQI:ap2I
                                                              MD5:BF16C04B916ACE92DB941EBB1AF3CB18
                                                              SHA1:FA8DAEAE881F91F61EE0EE21BE5156255429AA8A
                                                              SHA-256:7FC23C9028A316EC0AC25B09B5B0D61A1D21E58DFCF84C2A5F5B529129729098
                                                              SHA-512:F0B7DF5517596B38D57C57B5777E008D6229AB5B1841BBE74602C77EEA2252BF644B8650C7642BD466213F62E15CC7AB5A95B28E26D3907260ED1B96A74B65FB
                                                              Malicious:false
                                                              Preview:117.0.2045.47

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State (copy)

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):6820
                                                              Entropy (8bit):5.7920024328402215
                                                              Encrypted:false
                                                              SSDEEP:96:iaqkHfQYeC5ih/cI9URLl8RotojMFVvlwhBe4IbONIeTC6XQS0qGqk+Z4uj+rjEy:akYYMeiRUEhD6qRAq1k8SPxVLZ7VTiq
                                                              MD5:ABA0D4251AB908A95CAC0590963D72BD
                                                              SHA1:2BCC1ACE0550C009676AD49BFB2B3FDB05377796
                                                              SHA-256:9E6FA79615076BA6FAEA98F7613FB21DA946145145056A22259B7B2186BB97C3
                                                              SHA-512:A7CE51A7A2B7CAD370BAEF6A837267A2383F95EE0582821EC458B334C95302845369B64BD49AA32A4BFF9099AA0FA8487F8CD53A7B244A7F0FB722C0D130B256
                                                              Malicious:false
                                                              Preview:{"browser":{"last_redirect_origin":""},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false}},"fire_local_softlanding_notification":false,"fre":{"soft_landing_bubble":{"bubble_response":0,"has_user_seen_bubble":true,"is_bubble_triggered":0}},"hardware_acceleration_mode_previous":true,"legacy":{"profile":{"name":{"migrated":true}}},"migration":{"last_edgeuwp_pin_migration_on_edge_version":"92.0.902.67","last_edgeuwp_pin_migration_on_os_version":"10 OS Version 2009 (Build 19045.2006)","last_edgeuwp_pin_migration_success":false},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAAA4cQdUOP8KSYXFIUxw9L66EAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAACORkPsObHHiKUNtay3fzZjqnvATE84vmPU3gjZxfa3LwAAAAA

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF2863d.TMP (copy)

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):6820
                                                              Entropy (8bit):5.7920024328402215
                                                              Encrypted:false
                                                              SSDEEP:96:iaqkHfQYeC5ih/cI9URLl8RotojMFVvlwhBe4IbONIeTC6XQS0qGqk+Z4uj+rjEy:akYYMeiRUEhD6qRAq1k8SPxVLZ7VTiq
                                                              MD5:ABA0D4251AB908A95CAC0590963D72BD
                                                              SHA1:2BCC1ACE0550C009676AD49BFB2B3FDB05377796
                                                              SHA-256:9E6FA79615076BA6FAEA98F7613FB21DA946145145056A22259B7B2186BB97C3
                                                              SHA-512:A7CE51A7A2B7CAD370BAEF6A837267A2383F95EE0582821EC458B334C95302845369B64BD49AA32A4BFF9099AA0FA8487F8CD53A7B244A7F0FB722C0D130B256
                                                              Malicious:false
                                                              Preview:{"browser":{"last_redirect_origin":""},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false}},"fire_local_softlanding_notification":false,"fre":{"soft_landing_bubble":{"bubble_response":0,"has_user_seen_bubble":true,"is_bubble_triggered":0}},"hardware_acceleration_mode_previous":true,"legacy":{"profile":{"name":{"migrated":true}}},"migration":{"last_edgeuwp_pin_migration_on_edge_version":"92.0.902.67","last_edgeuwp_pin_migration_on_os_version":"10 OS Version 2009 (Build 19045.2006)","last_edgeuwp_pin_migration_success":false},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAAA4cQdUOP8KSYXFIUxw9L66EAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAACORkPsObHHiKUNtay3fzZjqnvATE84vmPU3gjZxfa3LwAAAAA

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF2864d.TMP (copy)

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):6820
                                                              Entropy (8bit):5.7920024328402215
                                                              Encrypted:false
                                                              SSDEEP:96:iaqkHfQYeC5ih/cI9URLl8RotojMFVvlwhBe4IbONIeTC6XQS0qGqk+Z4uj+rjEy:akYYMeiRUEhD6qRAq1k8SPxVLZ7VTiq
                                                              MD5:ABA0D4251AB908A95CAC0590963D72BD
                                                              SHA1:2BCC1ACE0550C009676AD49BFB2B3FDB05377796
                                                              SHA-256:9E6FA79615076BA6FAEA98F7613FB21DA946145145056A22259B7B2186BB97C3
                                                              SHA-512:A7CE51A7A2B7CAD370BAEF6A837267A2383F95EE0582821EC458B334C95302845369B64BD49AA32A4BFF9099AA0FA8487F8CD53A7B244A7F0FB722C0D130B256
                                                              Malicious:false
                                                              Preview:{"browser":{"last_redirect_origin":""},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false}},"fire_local_softlanding_notification":false,"fre":{"soft_landing_bubble":{"bubble_response":0,"has_user_seen_bubble":true,"is_bubble_triggered":0}},"hardware_acceleration_mode_previous":true,"legacy":{"profile":{"name":{"migrated":true}}},"migration":{"last_edgeuwp_pin_migration_on_edge_version":"92.0.902.67","last_edgeuwp_pin_migration_on_os_version":"10 OS Version 2009 (Build 19045.2006)","last_edgeuwp_pin_migration_success":false},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAAA4cQdUOP8KSYXFIUxw9L66EAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAACORkPsObHHiKUNtay3fzZjqnvATE84vmPU3gjZxfa3LwAAAAA

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF28b9c.TMP (copy)

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):6820
                                                              Entropy (8bit):5.7920024328402215
                                                              Encrypted:false
                                                              SSDEEP:96:iaqkHfQYeC5ih/cI9URLl8RotojMFVvlwhBe4IbONIeTC6XQS0qGqk+Z4uj+rjEy:akYYMeiRUEhD6qRAq1k8SPxVLZ7VTiq
                                                              MD5:ABA0D4251AB908A95CAC0590963D72BD
                                                              SHA1:2BCC1ACE0550C009676AD49BFB2B3FDB05377796
                                                              SHA-256:9E6FA79615076BA6FAEA98F7613FB21DA946145145056A22259B7B2186BB97C3
                                                              SHA-512:A7CE51A7A2B7CAD370BAEF6A837267A2383F95EE0582821EC458B334C95302845369B64BD49AA32A4BFF9099AA0FA8487F8CD53A7B244A7F0FB722C0D130B256
                                                              Malicious:false
                                                              Preview:{"browser":{"last_redirect_origin":""},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false}},"fire_local_softlanding_notification":false,"fre":{"soft_landing_bubble":{"bubble_response":0,"has_user_seen_bubble":true,"is_bubble_triggered":0}},"hardware_acceleration_mode_previous":true,"legacy":{"profile":{"name":{"migrated":true}}},"migration":{"last_edgeuwp_pin_migration_on_edge_version":"92.0.902.67","last_edgeuwp_pin_migration_on_os_version":"10 OS Version 2009 (Build 19045.2006)","last_edgeuwp_pin_migration_success":false},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAAA4cQdUOP8KSYXFIUxw9L66EAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAACORkPsObHHiKUNtay3fzZjqnvATE84vmPU3gjZxfa3LwAAAAA

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF28bbb.TMP (copy)

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):6820
                                                              Entropy (8bit):5.7920024328402215
                                                              Encrypted:false
                                                              SSDEEP:96:iaqkHfQYeC5ih/cI9URLl8RotojMFVvlwhBe4IbONIeTC6XQS0qGqk+Z4uj+rjEy:akYYMeiRUEhD6qRAq1k8SPxVLZ7VTiq
                                                              MD5:ABA0D4251AB908A95CAC0590963D72BD
                                                              SHA1:2BCC1ACE0550C009676AD49BFB2B3FDB05377796
                                                              SHA-256:9E6FA79615076BA6FAEA98F7613FB21DA946145145056A22259B7B2186BB97C3
                                                              SHA-512:A7CE51A7A2B7CAD370BAEF6A837267A2383F95EE0582821EC458B334C95302845369B64BD49AA32A4BFF9099AA0FA8487F8CD53A7B244A7F0FB722C0D130B256
                                                              Malicious:false
                                                              Preview:{"browser":{"last_redirect_origin":""},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false}},"fire_local_softlanding_notification":false,"fre":{"soft_landing_bubble":{"bubble_response":0,"has_user_seen_bubble":true,"is_bubble_triggered":0}},"hardware_acceleration_mode_previous":true,"legacy":{"profile":{"name":{"migrated":true}}},"migration":{"last_edgeuwp_pin_migration_on_edge_version":"92.0.902.67","last_edgeuwp_pin_migration_on_os_version":"10 OS Version 2009 (Build 19045.2006)","last_edgeuwp_pin_migration_success":false},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAAA4cQdUOP8KSYXFIUxw9L66EAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAACORkPsObHHiKUNtay3fzZjqnvATE84vmPU3gjZxfa3LwAAAAA

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF2b2bc.TMP (copy)

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):6820
                                                              Entropy (8bit):5.7920024328402215
                                                              Encrypted:false
                                                              SSDEEP:96:iaqkHfQYeC5ih/cI9URLl8RotojMFVvlwhBe4IbONIeTC6XQS0qGqk+Z4uj+rjEy:akYYMeiRUEhD6qRAq1k8SPxVLZ7VTiq
                                                              MD5:ABA0D4251AB908A95CAC0590963D72BD
                                                              SHA1:2BCC1ACE0550C009676AD49BFB2B3FDB05377796
                                                              SHA-256:9E6FA79615076BA6FAEA98F7613FB21DA946145145056A22259B7B2186BB97C3
                                                              SHA-512:A7CE51A7A2B7CAD370BAEF6A837267A2383F95EE0582821EC458B334C95302845369B64BD49AA32A4BFF9099AA0FA8487F8CD53A7B244A7F0FB722C0D130B256
                                                              Malicious:false
                                                              Preview:{"browser":{"last_redirect_origin":""},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false}},"fire_local_softlanding_notification":false,"fre":{"soft_landing_bubble":{"bubble_response":0,"has_user_seen_bubble":true,"is_bubble_triggered":0}},"hardware_acceleration_mode_previous":true,"legacy":{"profile":{"name":{"migrated":true}}},"migration":{"last_edgeuwp_pin_migration_on_edge_version":"92.0.902.67","last_edgeuwp_pin_migration_on_os_version":"10 OS Version 2009 (Build 19045.2006)","last_edgeuwp_pin_migration_success":false},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAAA4cQdUOP8KSYXFIUxw9L66EAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAACORkPsObHHiKUNtay3fzZjqnvATE84vmPU3gjZxfa3LwAAAAA

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF2d2d6.TMP (copy)

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):6820
                                                              Entropy (8bit):5.7920024328402215
                                                              Encrypted:false
                                                              SSDEEP:96:iaqkHfQYeC5ih/cI9URLl8RotojMFVvlwhBe4IbONIeTC6XQS0qGqk+Z4uj+rjEy:akYYMeiRUEhD6qRAq1k8SPxVLZ7VTiq
                                                              MD5:ABA0D4251AB908A95CAC0590963D72BD
                                                              SHA1:2BCC1ACE0550C009676AD49BFB2B3FDB05377796
                                                              SHA-256:9E6FA79615076BA6FAEA98F7613FB21DA946145145056A22259B7B2186BB97C3
                                                              SHA-512:A7CE51A7A2B7CAD370BAEF6A837267A2383F95EE0582821EC458B334C95302845369B64BD49AA32A4BFF9099AA0FA8487F8CD53A7B244A7F0FB722C0D130B256
                                                              Malicious:false
                                                              Preview:{"browser":{"last_redirect_origin":""},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false}},"fire_local_softlanding_notification":false,"fre":{"soft_landing_bubble":{"bubble_response":0,"has_user_seen_bubble":true,"is_bubble_triggered":0}},"hardware_acceleration_mode_previous":true,"legacy":{"profile":{"name":{"migrated":true}}},"migration":{"last_edgeuwp_pin_migration_on_edge_version":"92.0.902.67","last_edgeuwp_pin_migration_on_os_version":"10 OS Version 2009 (Build 19045.2006)","last_edgeuwp_pin_migration_success":false},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAAA4cQdUOP8KSYXFIUxw9L66EAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAACORkPsObHHiKUNtay3fzZjqnvATE84vmPU3gjZxfa3LwAAAAA

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF2d392.TMP (copy)

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):6820
                                                              Entropy (8bit):5.7920024328402215
                                                              Encrypted:false
                                                              SSDEEP:96:iaqkHfQYeC5ih/cI9URLl8RotojMFVvlwhBe4IbONIeTC6XQS0qGqk+Z4uj+rjEy:akYYMeiRUEhD6qRAq1k8SPxVLZ7VTiq
                                                              MD5:ABA0D4251AB908A95CAC0590963D72BD
                                                              SHA1:2BCC1ACE0550C009676AD49BFB2B3FDB05377796
                                                              SHA-256:9E6FA79615076BA6FAEA98F7613FB21DA946145145056A22259B7B2186BB97C3
                                                              SHA-512:A7CE51A7A2B7CAD370BAEF6A837267A2383F95EE0582821EC458B334C95302845369B64BD49AA32A4BFF9099AA0FA8487F8CD53A7B244A7F0FB722C0D130B256
                                                              Malicious:false
                                                              Preview:{"browser":{"last_redirect_origin":""},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false}},"fire_local_softlanding_notification":false,"fre":{"soft_landing_bubble":{"bubble_response":0,"has_user_seen_bubble":true,"is_bubble_triggered":0}},"hardware_acceleration_mode_previous":true,"legacy":{"profile":{"name":{"migrated":true}}},"migration":{"last_edgeuwp_pin_migration_on_edge_version":"92.0.902.67","last_edgeuwp_pin_migration_on_os_version":"10 OS Version 2009 (Build 19045.2006)","last_edgeuwp_pin_migration_success":false},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAAA4cQdUOP8KSYXFIUxw9L66EAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAACORkPsObHHiKUNtay3fzZjqnvATE84vmPU3gjZxfa3LwAAAAA

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF2f2b3.TMP (copy)

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):6820
                                                              Entropy (8bit):5.7920024328402215
                                                              Encrypted:false
                                                              SSDEEP:96:iaqkHfQYeC5ih/cI9URLl8RotojMFVvlwhBe4IbONIeTC6XQS0qGqk+Z4uj+rjEy:akYYMeiRUEhD6qRAq1k8SPxVLZ7VTiq
                                                              MD5:ABA0D4251AB908A95CAC0590963D72BD
                                                              SHA1:2BCC1ACE0550C009676AD49BFB2B3FDB05377796
                                                              SHA-256:9E6FA79615076BA6FAEA98F7613FB21DA946145145056A22259B7B2186BB97C3
                                                              SHA-512:A7CE51A7A2B7CAD370BAEF6A837267A2383F95EE0582821EC458B334C95302845369B64BD49AA32A4BFF9099AA0FA8487F8CD53A7B244A7F0FB722C0D130B256
                                                              Malicious:false
                                                              Preview:{"browser":{"last_redirect_origin":""},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false}},"fire_local_softlanding_notification":false,"fre":{"soft_landing_bubble":{"bubble_response":0,"has_user_seen_bubble":true,"is_bubble_triggered":0}},"hardware_acceleration_mode_previous":true,"legacy":{"profile":{"name":{"migrated":true}}},"migration":{"last_edgeuwp_pin_migration_on_edge_version":"92.0.902.67","last_edgeuwp_pin_migration_on_os_version":"10 OS Version 2009 (Build 19045.2006)","last_edgeuwp_pin_migration_success":false},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAAA4cQdUOP8KSYXFIUxw9L66EAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAACORkPsObHHiKUNtay3fzZjqnvATE84vmPU3gjZxfa3LwAAAAA

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF2f2c2.TMP (copy)

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):6820
                                                              Entropy (8bit):5.7920024328402215
                                                              Encrypted:false
                                                              SSDEEP:96:iaqkHfQYeC5ih/cI9URLl8RotojMFVvlwhBe4IbONIeTC6XQS0qGqk+Z4uj+rjEy:akYYMeiRUEhD6qRAq1k8SPxVLZ7VTiq
                                                              MD5:ABA0D4251AB908A95CAC0590963D72BD
                                                              SHA1:2BCC1ACE0550C009676AD49BFB2B3FDB05377796
                                                              SHA-256:9E6FA79615076BA6FAEA98F7613FB21DA946145145056A22259B7B2186BB97C3
                                                              SHA-512:A7CE51A7A2B7CAD370BAEF6A837267A2383F95EE0582821EC458B334C95302845369B64BD49AA32A4BFF9099AA0FA8487F8CD53A7B244A7F0FB722C0D130B256
                                                              Malicious:false
                                                              Preview:{"browser":{"last_redirect_origin":""},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false}},"fire_local_softlanding_notification":false,"fre":{"soft_landing_bubble":{"bubble_response":0,"has_user_seen_bubble":true,"is_bubble_triggered":0}},"hardware_acceleration_mode_previous":true,"legacy":{"profile":{"name":{"migrated":true}}},"migration":{"last_edgeuwp_pin_migration_on_edge_version":"92.0.902.67","last_edgeuwp_pin_migration_on_os_version":"10 OS Version 2009 (Build 19045.2006)","last_edgeuwp_pin_migration_success":false},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAAA4cQdUOP8KSYXFIUxw9L66EAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAACORkPsObHHiKUNtay3fzZjqnvATE84vmPU3gjZxfa3LwAAAAA

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF39cbe.TMP (copy)

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):6820
                                                              Entropy (8bit):5.7920024328402215
                                                              Encrypted:false
                                                              SSDEEP:96:iaqkHfQYeC5ih/cI9URLl8RotojMFVvlwhBe4IbONIeTC6XQS0qGqk+Z4uj+rjEy:akYYMeiRUEhD6qRAq1k8SPxVLZ7VTiq
                                                              MD5:ABA0D4251AB908A95CAC0590963D72BD
                                                              SHA1:2BCC1ACE0550C009676AD49BFB2B3FDB05377796
                                                              SHA-256:9E6FA79615076BA6FAEA98F7613FB21DA946145145056A22259B7B2186BB97C3
                                                              SHA-512:A7CE51A7A2B7CAD370BAEF6A837267A2383F95EE0582821EC458B334C95302845369B64BD49AA32A4BFF9099AA0FA8487F8CD53A7B244A7F0FB722C0D130B256
                                                              Malicious:false
                                                              Preview:{"browser":{"last_redirect_origin":""},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false}},"fire_local_softlanding_notification":false,"fre":{"soft_landing_bubble":{"bubble_response":0,"has_user_seen_bubble":true,"is_bubble_triggered":0}},"hardware_acceleration_mode_previous":true,"legacy":{"profile":{"name":{"migrated":true}}},"migration":{"last_edgeuwp_pin_migration_on_edge_version":"92.0.902.67","last_edgeuwp_pin_migration_on_os_version":"10 OS Version 2009 (Build 19045.2006)","last_edgeuwp_pin_migration_success":false},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAAA4cQdUOP8KSYXFIUxw9L66EAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAACORkPsObHHiKUNtay3fzZjqnvATE84vmPU3gjZxfa3LwAAAAA

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF3c3ce.TMP (copy)

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):6820
                                                              Entropy (8bit):5.7920024328402215
                                                              Encrypted:false
                                                              SSDEEP:96:iaqkHfQYeC5ih/cI9URLl8RotojMFVvlwhBe4IbONIeTC6XQS0qGqk+Z4uj+rjEy:akYYMeiRUEhD6qRAq1k8SPxVLZ7VTiq
                                                              MD5:ABA0D4251AB908A95CAC0590963D72BD
                                                              SHA1:2BCC1ACE0550C009676AD49BFB2B3FDB05377796
                                                              SHA-256:9E6FA79615076BA6FAEA98F7613FB21DA946145145056A22259B7B2186BB97C3
                                                              SHA-512:A7CE51A7A2B7CAD370BAEF6A837267A2383F95EE0582821EC458B334C95302845369B64BD49AA32A4BFF9099AA0FA8487F8CD53A7B244A7F0FB722C0D130B256
                                                              Malicious:false
                                                              Preview:{"browser":{"last_redirect_origin":""},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false}},"fire_local_softlanding_notification":false,"fre":{"soft_landing_bubble":{"bubble_response":0,"has_user_seen_bubble":true,"is_bubble_triggered":0}},"hardware_acceleration_mode_previous":true,"legacy":{"profile":{"name":{"migrated":true}}},"migration":{"last_edgeuwp_pin_migration_on_edge_version":"92.0.902.67","last_edgeuwp_pin_migration_on_os_version":"10 OS Version 2009 (Build 19045.2006)","last_edgeuwp_pin_migration_success":false},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAAA4cQdUOP8KSYXFIUxw9L66EAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAACORkPsObHHiKUNtay3fzZjqnvATE84vmPU3gjZxfa3LwAAAAA

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF3f917.TMP (copy)

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):6820
                                                              Entropy (8bit):5.7920024328402215
                                                              Encrypted:false
                                                              SSDEEP:96:iaqkHfQYeC5ih/cI9URLl8RotojMFVvlwhBe4IbONIeTC6XQS0qGqk+Z4uj+rjEy:akYYMeiRUEhD6qRAq1k8SPxVLZ7VTiq
                                                              MD5:ABA0D4251AB908A95CAC0590963D72BD
                                                              SHA1:2BCC1ACE0550C009676AD49BFB2B3FDB05377796
                                                              SHA-256:9E6FA79615076BA6FAEA98F7613FB21DA946145145056A22259B7B2186BB97C3
                                                              SHA-512:A7CE51A7A2B7CAD370BAEF6A837267A2383F95EE0582821EC458B334C95302845369B64BD49AA32A4BFF9099AA0FA8487F8CD53A7B244A7F0FB722C0D130B256
                                                              Malicious:false
                                                              Preview:{"browser":{"last_redirect_origin":""},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false}},"fire_local_softlanding_notification":false,"fre":{"soft_landing_bubble":{"bubble_response":0,"has_user_seen_bubble":true,"is_bubble_triggered":0}},"hardware_acceleration_mode_previous":true,"legacy":{"profile":{"name":{"migrated":true}}},"migration":{"last_edgeuwp_pin_migration_on_edge_version":"92.0.902.67","last_edgeuwp_pin_migration_on_os_version":"10 OS Version 2009 (Build 19045.2006)","last_edgeuwp_pin_migration_success":false},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAAA4cQdUOP8KSYXFIUxw9L66EAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAACORkPsObHHiKUNtay3fzZjqnvATE84vmPU3gjZxfa3LwAAAAA

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Nurturing\campaign_history

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 4
                                                              Category:dropped
                                                              Size (bytes):20480
                                                              Entropy (8bit):0.5963118027796015
                                                              Encrypted:false
                                                              SSDEEP:12:TLyeuAFUxOUDaabZXiDiIF8izX4fhhdWeci2oesJaYi3isTydBVzQd9U9ez/qS9i:TLyXOUOq0afDdWec9sJz+Z7J5fc
                                                              MD5:48A6A0713B06707BC2FE9A0F381748D3
                                                              SHA1:043A614CFEF749A49837F19F627B9D6B73F15039
                                                              SHA-256:2F2006ADEA26E5FF95198883A080C9881D774154D073051FC69053AF912B037B
                                                              SHA-512:4C04FFAE2B558EB4C05AD9DCA094700D927AFAD1E561D6358F1A77CB09FC481A6424237DFF6AB37D147E029E19D565E876CD85A2E9C0EC1B068002AA13A16DBA
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\ShaderCache\data_0

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:FoxPro FPT, blocks size 512, next free block index 3284796609, field type 0
                                                              Category:dropped
                                                              Size (bytes):8192
                                                              Entropy (8bit):0.01057775872642915
                                                              Encrypted:false
                                                              SSDEEP:3:MsFl:/F
                                                              MD5:CF89D16BB9107C631DAABF0C0EE58EFB
                                                              SHA1:3AE5D3A7CF1F94A56E42F9A58D90A0B9616AE74B
                                                              SHA-256:D6A5FE39CD672781B256E0E3102F7022635F1D4BB7CFCC90A80FFFE4D0F3877E
                                                              SHA-512:8CB5B059C8105EB91E74A7D5952437AAA1ADA89763C5843E7B0F1B93D9EBE15ED40F287C652229291FAC02D712CF7FF5ECECEF276BA0D7DDC35558A3EC3F77B0
                                                              Malicious:false
                                                              Preview:............$...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\ShaderCache\data_1

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:data
                                                              Category:dropped
                                                              Size (bytes):270336
                                                              Entropy (8bit):8.280239615765425E-4
                                                              Encrypted:false
                                                              SSDEEP:3:MsEllllkEthXllkl2:/M/xT02
                                                              MD5:D0D388F3865D0523E451D6BA0BE34CC4
                                                              SHA1:8571C6A52AACC2747C048E3419E5657B74612995
                                                              SHA-256:902F30C1FB0597D0734BC34B979EC5D131F8F39A4B71B338083821216EC8D61B
                                                              SHA-512:376011D00DE659EB6082A74E862CFAC97A9BB508E0B740761505142E2D24EC1C30AA61EFBC1C0DD08FF0F34734444DE7F77DD90A6CA42B48A4C7FAD5F0BDDD17
                                                              Malicious:false
                                                              Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\ShaderCache\data_2

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:data
                                                              Category:dropped
                                                              Size (bytes):8192
                                                              Entropy (8bit):0.011852361981932763
                                                              Encrypted:false
                                                              SSDEEP:3:MsHlDll:/H
                                                              MD5:0962291D6D367570BEE5454721C17E11
                                                              SHA1:59D10A893EF321A706A9255176761366115BEDCB
                                                              SHA-256:EC1702806F4CC7C42A82FC2B38E89835FDE7C64BB32060E0823C9077CA92EFB7
                                                              SHA-512:F555E961B69E09628EAF9C61F465871E6984CD4D31014F954BB747351DAD9CEA6D17C1DB4BCA2C1EB7F187CB5F3C0518748C339C8B43BBD1DBD94AEAA16F58ED
                                                              Malicious:false
                                                              Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\ShaderCache\data_3

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:data
                                                              Category:dropped
                                                              Size (bytes):8192
                                                              Entropy (8bit):0.012340643231932763
                                                              Encrypted:false
                                                              SSDEEP:3:MsGl3ll:/y
                                                              MD5:41876349CB12D6DB992F1309F22DF3F0
                                                              SHA1:5CF26B3420FC0302CD0A71E8D029739B8765BE27
                                                              SHA-256:E09F42C398D688DCE168570291F1F92D079987DEDA3099A34ADB9E8C0522B30C
                                                              SHA-512:E9A4FC1F7CB6AE2901F8E02354A92C4AAA7A53C640DCF692DB42A27A5ACC2A3BFB25A0DE0EB08AB53983132016E7D43132EA4292E439BB636AAFD53FB6EF907E
                                                              Malicious:false
                                                              Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\ShaderCache\index

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:FoxPro FPT, blocks size 768, next free block index 3284796353, field type 0
                                                              Category:dropped
                                                              Size (bytes):262512
                                                              Entropy (8bit):9.553120663130604E-4
                                                              Encrypted:false
                                                              SSDEEP:3:LsNlgnka+:Ls3gka
                                                              MD5:861FF72D4496D4AD078F5418D4464C1D
                                                              SHA1:39581CADBCC24DB0EBCFF57764DF19D530CD9013
                                                              SHA-256:7CB0A1FA42015DF84BE8A226AB3C405CE0DC1C7872581A37EDED22A202FEB223
                                                              SHA-512:3B70BA57887E9A934CF47BD35E909828FADD28DF9D45810910ACEBB066CFDF5D48962A8AB456B1338EDA6FF3E282F15383F61C748595A4B7124FEC9F98BF79CB
                                                              Malicious:false
                                                              Preview:........................................Yd..../.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\customSettings

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:ASCII text, with no line terminators
                                                              Category:dropped
                                                              Size (bytes):47
                                                              Entropy (8bit):4.3818353308528755
                                                              Encrypted:false
                                                              SSDEEP:3:2jRo6jhM6ceYcUtS2djIn:5I2uxUt5Mn
                                                              MD5:48324111147DECC23AC222A361873FC5
                                                              SHA1:0DF8B2267ABBDBD11C422D23338262E3131A4223
                                                              SHA-256:D8D672F953E823063955BD9981532FC3453800C2E74C0CC3653D091088ABD3B3
                                                              SHA-512:E3B5DB7BA5E4E3DE3741F53D91B6B61D6EB9ECC8F4C07B6AE1C2293517F331B716114BAB41D7935888A266F7EBDA6FABA90023EFFEC850A929986053853F1E02
                                                              Malicious:false
                                                              Preview:customSettings_F95BA787499AB4FA9EFFF472CE383A14

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\customSettings_F95BA787499AB4FA9EFFF472CE383A14

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):35
                                                              Entropy (8bit):4.014438730983427
                                                              Encrypted:false
                                                              SSDEEP:3:YDMGA2ADH/AYKEqsYq:YQXT/bKE1F
                                                              MD5:BB57A76019EADEDC27F04EB2FB1F1841
                                                              SHA1:8B41A1B995D45B7A74A365B6B1F1F21F72F86760
                                                              SHA-256:2BAE8302F9BD2D87AE26ACF692663DF1639B8E2068157451DA4773BD8BD30A2B
                                                              SHA-512:A455D7F8E0BE9A27CFB7BE8FE0B0E722B35B4C8F206CAD99064473F15700023D5995CC2C4FAFDB8FBB50F0BAB3EC8B241E9A512C0766AAAE1A86C3472C589FFD
                                                              Malicious:false
                                                              Preview:{"forceServiceDetermination":false}

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\customSynchronousLookupUris

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:ASCII text, with no line terminators
                                                              Category:dropped
                                                              Size (bytes):29
                                                              Entropy (8bit):3.922828737239167
                                                              Encrypted:false
                                                              SSDEEP:3:2NGw+K+:fwZ+
                                                              MD5:7BAAFE811F480ACFCCCEE0D744355C79
                                                              SHA1:24B89AE82313084BB8BBEB9AD98A550F41DF7B27
                                                              SHA-256:D5743766AF0312C7B7728219FC24A03A4FB1C2A54A506F337953FBC2C1B847C7
                                                              SHA-512:70FE1C197AF507CC0D65E99807D245C896A40A4271BA1121F9B621980877B43019E584C48780951FC1AD2A5D7D146FC6EA4678139A5B38F9B6F7A5F1E2E86BA3
                                                              Malicious:false
                                                              Preview:customSynchronousLookupUris_0

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\customSynchronousLookupUris_0

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:data
                                                              Category:dropped
                                                              Size (bytes):35302
                                                              Entropy (8bit):7.99333285466604
                                                              Encrypted:true
                                                              SSDEEP:768:rRhaFePY38QBsj61g3g01LXoDGPpgb8KbMcnjrQCckBuJyqk3x8cBBT:rLP+TBK6ZQLXSsaMcnHQQcox80
                                                              MD5:0E06E28C3536360DE3486B1A9E5195E8
                                                              SHA1:EB768267F34EC16A6CCD1966DCA4C3C2870268AB
                                                              SHA-256:F2658B1C913A96E75B45E6ADB464C8D796B34AC43BAF1635AA32E16D1752971C
                                                              SHA-512:45F1E909599E2F63372867BC359CF72FD846619DFEB5359E52D5700E0B1BCFFE5FF07606511A3BFFDDD933A0507195439457E4E29A49EB6451F26186B7240041
                                                              Malicious:false
                                                              Preview:.......murmur3.....IN...9.......0..X..#l....C....]......pv..E..........,..?.N?....V..B-.*.F.1....g|..._.>'.-(V... .=.7P.m....#}.r.....>.LE...G.A.h5........J..=..L^-.Zl++,..h..o.y..~j.]u...W...&s.........M..........h3b..[.5.]..V^w.........a.*...6g3..%.gy../{|Z.B..X.}5.]..t.1.H&B.[.).$Y......2....L.t...{...[WE.yy.]..e.v0..\.J3..T.`1Lnh.../..-=w...W.&N7.nz.P...z......'i..R6....../....t.[..&-.....T&l..e....$.8.."....Iq....J.v..|.6.M...zE...a9uw..'.$6.L..m$......NB).JL.G.7}8(`....J.)b.E.m...c.0I.V...|$....;.k.......*8v..l.:..@.F.........K..2...%(...kA......LJd~._A.N.....$3...5....Z"...X=.....%.........6.k.....F..1..l,ia..i.i....y.M..Cl.....*...}.I..r..-+=b.6....%...#...W..K.....=.F....~.....[.......-...../;....~.09..d.....GR..H.lR...m.Huh9.:..A H./)..D.F..Y.n7.....7D.O.a;>Z.K....w...sq..qo3N...8@.zpD.Ku......+.Z=.zNFgP._@.z.ic.......3.....+..j...an%...X..7.q..A.l.7.S2..+....1.s.b..z...@v..!.y...N.C.XQ.p.\..x8(.<.....cq.(

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\edgeSettings

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:ASCII text, with no line terminators
                                                              Category:dropped
                                                              Size (bytes):18
                                                              Entropy (8bit):3.5724312513221195
                                                              Encrypted:false
                                                              SSDEEP:3:kDnaV6bVon:kDYa2
                                                              MD5:5692162977B015E31D5F35F50EFAB9CF
                                                              SHA1:705DC80E8B32AC8B68F7E13CF8A75DCCB251ED7D
                                                              SHA-256:42CCB5159B168DBE5D5DDF026E5F7ED3DBF50873CFE47C7C3EF0677BB07B90D4
                                                              SHA-512:32905A4CC5BCE0FE8502DDD32096F40106625218BEDC4E218A344225D6DF2595A7B70EEB3695DCEFDD894ECB2B66BED479654E8E07F02526648E07ACFE47838C
                                                              Malicious:false
                                                              Preview:edgeSettings_2.0-0

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\edgeSettings_2.0-0

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):3581
                                                              Entropy (8bit):4.459693941095613
                                                              Encrypted:false
                                                              SSDEEP:96:JTMhnytNaSA4BOsNQNhnUZTFGKDIWHCgL5tfHaaJzRHF+P1sYmnfHUdT+GWBH7Y/:KyMot7vjFU
                                                              MD5:BDE38FAE28EC415384B8CFE052306D6C
                                                              SHA1:3019740AF622B58D573C00BF5C98DD77F3FBB5CD
                                                              SHA-256:1F4542614473AE103A5EE3DEEEC61D033A40271CFF891AAA6797534E4DBB4D20
                                                              SHA-512:9C369D69298EBF087412EDA782EE72AFE5448FD0D69EA5141C2744EA5F6C36CDF70A51845CDC174838BAC0ADABDFA70DF6AEDBF6E7867578AE7C4B7805A8B55E
                                                              Malicious:false
                                                              Preview:{"models":[],"geoidMaps":{"gw_my":"https://malaysia.smartscreen.microsoft.com/","gw_tw":"https://taiwan.smartscreen.microsoft.com/","gw_at":"https://austria.smartscreen.microsoft.com/","gw_es":"https://spain.smartscreen.microsoft.com/","gw_pl":"https://poland.smartscreen.microsoft.com/","gw_se":"https://sweden.smartscreen.microsoft.com/","gw_kr":"https://southkorea.smartscreen.microsoft.com/","gw_br":"https://brazil.smartscreen.microsoft.com/","au":"https://australia.smartscreen.microsoft.com/","dk":"https://denmark.smartscreen.microsoft.com/","gw_sg":"https://singapore.smartscreen.microsoft.com/","gw_fr":"https://france.smartscreen.microsoft.com/","gw_ca":"https://canada.smartscreen.microsoft.com/","test":"https://eu-9.smartscreen.microsoft.com/","gw_il":"https://israel.smartscreen.microsoft.com/","gw_au":"https://australia.smartscreen.microsoft.com/","gw_ffl4mod":"https://unitedstates4.ss.wd.microsoft.us/","gw_ffl4":"https://unitedstates1.ss.wd.microsoft.us/","gw_eu":"https://europe.

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\synchronousLookupUris

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:ASCII text, with no line terminators
                                                              Category:dropped
                                                              Size (bytes):47
                                                              Entropy (8bit):4.493433469104717
                                                              Encrypted:false
                                                              SSDEEP:3:kfKbQSQSuLA5:kyUc5
                                                              MD5:3F90757B200B52DCF5FDAC696EFD3D60
                                                              SHA1:569A2E1BED9ECCDF7CD03E270AEF2BD7FF9B0E77
                                                              SHA-256:1EE63F0A3502CFB7DF195FABBA41A7805008AB2CCCDAEB9AF990409D163D60C8
                                                              SHA-512:39252BBAA33130DF50F36178A8EAB1D09165666D8A229FBB3495DD01CBE964F87CD2E6FCD479DFCA36BE06309EF18FEDA7F14722C57545203BBA24972D4835C8
                                                              Malicious:false
                                                              Preview:synchronousLookupUris_636976985063396749.rel.v2

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\synchronousLookupUris_636976985063396749.rel.v2

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:data
                                                              Category:dropped
                                                              Size (bytes):35302
                                                              Entropy (8bit):7.99333285466604
                                                              Encrypted:true
                                                              SSDEEP:768:rRhaFePY38QBsj61g3g01LXoDGPpgb8KbMcnjrQCckBuJyqk3x8cBBT:rLP+TBK6ZQLXSsaMcnHQQcox80
                                                              MD5:0E06E28C3536360DE3486B1A9E5195E8
                                                              SHA1:EB768267F34EC16A6CCD1966DCA4C3C2870268AB
                                                              SHA-256:F2658B1C913A96E75B45E6ADB464C8D796B34AC43BAF1635AA32E16D1752971C
                                                              SHA-512:45F1E909599E2F63372867BC359CF72FD846619DFEB5359E52D5700E0B1BCFFE5FF07606511A3BFFDDD933A0507195439457E4E29A49EB6451F26186B7240041
                                                              Malicious:false
                                                              Preview:.......murmur3.....IN...9.......0..X..#l....C....]......pv..E..........,..?.N?....V..B-.*.F.1....g|..._.>'.-(V... .=.7P.m....#}.r.....>.LE...G.A.h5........J..=..L^-.Zl++,..h..o.y..~j.]u...W...&s.........M..........h3b..[.5.]..V^w.........a.*...6g3..%.gy../{|Z.B..X.}5.]..t.1.H&B.[.).$Y......2....L.t...{...[WE.yy.]..e.v0..\.J3..T.`1Lnh.../..-=w...W.&N7.nz.P...z......'i..R6....../....t.[..&-.....T&l..e....$.8.."....Iq....J.v..|.6.M...zE...a9uw..'.$6.L..m$......NB).JL.G.7}8(`....J.)b.E.m...c.0I.V...|$....;.k.......*8v..l.:..@.F.........K..2...%(...kA......LJd~._A.N.....$3...5....Z"...X=.....%.........6.k.....F..1..l,ia..i.i....y.M..Cl.....*...}.I..r..-+=b.6....%...#...W..K.....=.F....~.....[.......-...../;....~.09..d.....GR..H.lR...m.Huh9.:..A H./)..D.F..Y.n7.....7D.O.a;>Z.K....w...sq..qo3N...8@.zpD.Ku......+.Z=.zNFgP._@.z.ic.......3.....+..j...an%...X..7.q..A.l.7.S2..+....1.s.b..z...@v..!.y...N.C.XQ.p.\..x8(.<.....cq.(

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\topTraffic

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:ASCII text, with no line terminators
                                                              Category:dropped
                                                              Size (bytes):50
                                                              Entropy (8bit):3.9904355005135823
                                                              Encrypted:false
                                                              SSDEEP:3:0xXF/XctY5GUf+:0RFeUf+
                                                              MD5:E144AFBFB9EE10479AE2A9437D3FC9CA
                                                              SHA1:5AAAC173107C688C06944D746394C21535B0514B
                                                              SHA-256:EB28E8ED7C014F211BD81308853F407DF86AEBB5F80F8E4640C608CD772544C2
                                                              SHA-512:837D15B3477C95D2D71391D677463A497D8D9FFBD7EB42E412DA262C9B5C82F22CE4338A0BEAA22C81A06ECA2DF7A9A98B7D61ECACE5F087912FD9BA7914AF3F
                                                              Malicious:false
                                                              Preview:topTraffic_170540185939602997400506234197983529371

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\topTraffic_170540185939602997400506234197983529371

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:data
                                                              Category:dropped
                                                              Size (bytes):575056
                                                              Entropy (8bit):7.999649474060713
                                                              Encrypted:true
                                                              SSDEEP:12288:fXdhUG0PlM/EXEBQlbk19RrH76Im4u8C1jJodha:Ji80e9Rb7Tm4u8CnR
                                                              MD5:BE5D1A12C1644421F877787F8E76642D
                                                              SHA1:06C46A95B4BD5E145E015FA7E358A2D1AC52C809
                                                              SHA-256:C1CE928FBEF4EF5A4207ABAFD9AB6382CC29D11DDECC215314B0522749EF6A5A
                                                              SHA-512:FD5B100E2F192164B77F4140ADF6DE0322F34D7B6F0CF14AED91BACAB18BB8F195F161F7CF8FB10651122A598CE474AC4DC39EDF47B6A85C90C854C2A3170960
                                                              Malicious:false
                                                              Preview:...._+jE.`..}....S..1....G}s..E....y".Wh.^.W.H...-...#.A...KR...9b........>k......bU.IVo...D......Y..[l.yx.......'c=..I0.....E.d...-...1 ....m../C...OQ.........qW..<:N.....38.u..X-..s....<..U.,Mi..._.......`.Y/.........^..,.E..........j@..G8..N.... ..Ea...4.+.79k.!T.-5W..!..@+..!.P..LDG.....V."....L.... .(#..$..&......C.....%A.T}....K_.S..'Q.".d....s....(j.D!......Ov..)*d0)."(..%..-..G..L.}....i.....m9;.....t.w..0....f?..-..M.c.3.....N7K.T..D>.3.x...z..u$5!..4..T.....U.O^L{.5..=E..'..;.}(|.6.:..f!.>...?M.8......P.D.J.I4.<...*.y.E....>....i%.6..Y.@..n.....M..r..C.f.;..<..0.H...F....h.......HB1]1....u..:...H..k....B.Q..J...@}j~.#...'Y.J~....I...ub.&..L[z..1.W/.Ck....M.......[.......N.F..z*.{nZ~d.V.4.u.K.V.......X.<p..cz..>*....X...W..da3(..g..Z$.L4.j=~.p.l.\.[e.&&.Y ...U)..._.^r0.,.{_......`S..[....(.\..p.bt.g..%.$+....f.....d....Im..f...W ......G..i_8a..ae..7....pS.....z-H..A.s.4.3..O.r.....u.S......a.}..v.-/..... ...a.x#./:...sS&U.().xL...pg

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Variations

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):86
                                                              Entropy (8bit):4.389669793590032
                                                              Encrypted:false
                                                              SSDEEP:3:YQ3JYq9xSs0dMEJAELJ25AmIpozQOn:YQ3Kq9X0dMgAEiLIMn
                                                              MD5:03B6D5E81A4DC4D4E6C27BE1E932B9D9
                                                              SHA1:3C5EF0615314BDB136AB57C90359F1839BDD5C93
                                                              SHA-256:73B017F7C5ECD629AD41D14147D53F7D3D070C5967E1E571811A6DB39F06EACC
                                                              SHA-512:0037EB23CCDBDDE93CFEB7B9A223D59D0872D4EC7F5E3CA4F7767A7301E96E1AF1175980DC4F08531D5571AFB94DF789567588DEB2D6D611C57EE4CC05376547
                                                              Malicious:false
                                                              Preview:{"user_experience_metrics.stability.exited_cleanly":true,"variations_crash_streak":15}

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\a06cfde0-1cf4-41a7-8ab9-22dd1cd209e8.tmp

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):25052
                                                              Entropy (8bit):6.030369492061626
                                                              Encrypted:false
                                                              SSDEEP:768:mMGQ7FCYXGIgtDAWtJ4g1tBMTaP96Wh02tdy:mMGQ5XMBX1VK
                                                              MD5:913055D883E075E54F0C3CF7E3131D6E
                                                              SHA1:E620821A55BAEF79579A701120BD3F55F7061263
                                                              SHA-256:FC57F1D238A6166F5B33C489A270E46D492A045A86914413B6EAD0557285F924
                                                              SHA-512:E9485DB3D087C635264AAE9240DD8DF5954789DFA8F95032FFD92B86B2F88079A73F7FF471A1BE711D1DA306FEC6D0F5D722EABC45F2024C481E9F6AAB5D3A02
                                                              Malicious:false
                                                              Preview:{"abusive_adblocker_etag":"\"5E25271B8190D943537AD3FDB50874FC133E8B4A00380E2A6A888D63386F728B\"","apps_count_check_time":"13369691936880079","browser":{"browser_build_version":"117.0.2045.47","browser_version_of_last_seen_whats_new":"117.0.2045.47","last_redirect_origin":"","last_seen_whats_new_page_version":"117.0.2045.47"},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"domain_actions_config":"H4sIAAAAAAAAAL1dWZPktpH+KxP9ZDtU6GMujfykHY9txVpHyHIoYh2ODhBEkWiCAAdHVbEc/u+bCVb1dE8RqEqOdh806mbzw8VEXshM/PuKb27vha2luF9LHqKT96KVoru3G+mcquXVN/++4sOgleBBWeOvvvnn4YGs7wcLz8erb65+HMKPMVx9dVXbnisDT4wMa612TNj+6j9fUSA+xFpZPyH/9dVVQig59Wx4L5+Cwzjg799ubt/jJP48zeE9TuHwDjYBc/Ew+Ktvbv/z1ZWoe+rsjB4/7Abr5U+ajz9LXo9Px+21Mk1hoo/oX6HHjTLyKTjYyMJmCbLnO/hZMpjFAjSvxOIhbxgi5FK85m+ZCkuQu7UyKoxLO97yIFoYvbAluiw2oRoYgIQ2nG2AqJY2U+koRXQbbMm3fMsEX9JMK3GLbeAvNjhrlo5GOJiTA/oXLTdG6qXtmMBDiyS59PvY7eCklyb4QcfFi7tpdwu3VBt1XNorvM4+RiU6+CjD0kb+pHz7rRm

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\bbe46430-8c0e-4dd1-9548-5a9cb41bb6e9.tmp

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):8239
                                                              Entropy (8bit):5.794134143991496
                                                              Encrypted:false
                                                              SSDEEP:192:fsNAYYEeiRUCVjukxAX6qRAq1k8SPxVLZ7VTiQ:fsNAMNZ96X6q3QxVNZTiQ
                                                              MD5:932CFA45DBE14ABF6F0411B0A66BE68E
                                                              SHA1:6C4458502954A63165A151F22E5781D013E98355
                                                              SHA-256:A59EA7556992C4BDAA56585553F3BE402E43C4646D54AB559A016D502B53956F
                                                              SHA-512:D8A9CEE4905C55600BD863CE21BF75BC194C618692F5D562435740A6EF3094E230366AC3F292D6C1FCABF734009AF872A58AC1AE59F2CDC9C8E067713DDA10EB
                                                              Malicious:false
                                                              Preview:{"browser":{"last_redirect_origin":""},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"dual_engine":{"ie_to_edge":{"redirection_mode":0}},"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false},"tab_stabs":{"closed_without_unfreeze_never_unfrozen":0,"closed_without_unfreeze_previously_unfrozen":0,"discard_without_unfreeze_never_unfrozen":0,"discard_without_unfreeze_previously_unfrozen":0},"tab_stats":{"frozen_daily":0,"unfrozen_daily":0}},"fire_local_softlanding_notification":false,"fre":{"soft_landing_bubble":{"bubble_response":0,"has_user_seen_bubble":true,"is_bubble_triggered":0}},"hardware_acceleration_mode_previous":true,"legacy":{"profile":{"name":{"migrated":true}}},"migration":{"last_edgeuwp_pin_migration_on_edge_version":"92.0.902.67","last_edgeuwp_pin_migration_on_os_version":"10 OS Ve

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\cbf87674-287c-4901-a846-8839c92da34f.tmp

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):6820
                                                              Entropy (8bit):5.7920024328402215
                                                              Encrypted:false
                                                              SSDEEP:96:iaqkHfQYeC5ih/cI9URLl8RotojMFVvlwhBe4IbONIeTC6XQS0qGqk+Z4uj+rjEy:akYYMeiRUEhD6qRAq1k8SPxVLZ7VTiq
                                                              MD5:ABA0D4251AB908A95CAC0590963D72BD
                                                              SHA1:2BCC1ACE0550C009676AD49BFB2B3FDB05377796
                                                              SHA-256:9E6FA79615076BA6FAEA98F7613FB21DA946145145056A22259B7B2186BB97C3
                                                              SHA-512:A7CE51A7A2B7CAD370BAEF6A837267A2383F95EE0582821EC458B334C95302845369B64BD49AA32A4BFF9099AA0FA8487F8CD53A7B244A7F0FB722C0D130B256
                                                              Malicious:false
                                                              Preview:{"browser":{"last_redirect_origin":""},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false}},"fire_local_softlanding_notification":false,"fre":{"soft_landing_bubble":{"bubble_response":0,"has_user_seen_bubble":true,"is_bubble_triggered":0}},"hardware_acceleration_mode_previous":true,"legacy":{"profile":{"name":{"migrated":true}}},"migration":{"last_edgeuwp_pin_migration_on_edge_version":"92.0.902.67","last_edgeuwp_pin_migration_on_os_version":"10 OS Version 2009 (Build 19045.2006)","last_edgeuwp_pin_migration_success":false},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAAA4cQdUOP8KSYXFIUxw9L66EAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAACORkPsObHHiKUNtay3fzZjqnvATE84vmPU3gjZxfa3LwAAAAA

                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\ce599a9b-bac1-4f2b-bf5e-c4d13d1d48f7.tmp

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):8106
                                                              Entropy (8bit):5.814027626578293
                                                              Encrypted:false
                                                              SSDEEP:192:asNAYYEeiRUfgQUkxAl6qRAq1k8SPxVLZ7VTiq:asNAMC9v6l6q3QxVNZTiq
                                                              MD5:924F0FC5B2B66E1EB47314DD519CA825
                                                              SHA1:B27F7BC7727FD08BEC12172CC599202259B1CC25
                                                              SHA-256:9E36FD4E5C494CFF00B39D582A7369093312282527657BEE0C3A4AE42CD28B82
                                                              SHA-512:AC10F75C16D093096B384A670601B16747570ED6C8BBAF9A24754FBB027F32AF97A59DB3EC75AA673434D4C00ECFA908BE81A404D5E44DE650EB8019874E3F00
                                                              Malicious:false
                                                              Preview:{"browser":{"last_redirect_origin":""},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false},"tab_stabs":{"closed_without_unfreeze_never_unfrozen":0,"closed_without_unfreeze_previously_unfrozen":0,"discard_without_unfreeze_never_unfrozen":0,"discard_without_unfreeze_previously_unfrozen":0},"tab_stats":{"frozen_daily":0,"unfrozen_daily":0}},"fire_local_softlanding_notification":false,"fre":{"soft_landing_bubble":{"bubble_response":0,"has_user_seen_bubble":true,"is_bubble_triggered":0}},"hardware_acceleration_mode_previous":true,"legacy":{"profile":{"name":{"migrated":true}}},"migration":{"last_edgeuwp_pin_migration_on_edge_version":"92.0.902.67","last_edgeuwp_pin_migration_on_os_version":"10 OS Version 2009 (Build 19045.2006)","last_edgeuwp_pin_mig

                                                              C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:data
                                                              Category:dropped
                                                              Size (bytes):2278
                                                              Entropy (8bit):3.8459264259147474
                                                              Encrypted:false
                                                              SSDEEP:48:uiTrlKxrgxzxl9Il8u+Nsyr9W66/fgTlXuLff5dd1rc:myY4Cyrn6+QLXk
                                                              MD5:4682A3E338932CF2379BD4146A40A933
                                                              SHA1:118E845D05F7EB9B47E21B6AE9B4953CCA0CF815
                                                              SHA-256:D6B465DAE0BE5D8EA3A7E113637D526FE799AB21E2B0424C791F023A02B9E991
                                                              SHA-512:2E031EE4307F2909C11AA50B519BD562D2DD5CB1F26D0CA2AAB872E4365A956A4B4A1A0DE8D54DBEDB6A021A5001BCB367C568716C979CC0B1E41E00A18D7BD6
                                                              Malicious:false
                                                              Preview:{.".T.B.D.a.t.a.S.t.o.r.e.O.b.j.e.c.t.".:.{.".H.e.a.d.e.r.".:.{.".O.b.j.e.c.t.T.y.p.e.".:.".T.o.k.e.n.R.e.s.p.o.n.s.e.".,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.a.j.o.r.".:.2.,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.i.n.o.r.".:.1.}.,.".O.b.j.e.c.t.D.a.t.a.".:.{.".S.y.s.t.e.m.D.e.f.i.n.e.d.P.r.o.p.e.r.t.i.e.s.".:.{.".R.e.q.u.e.s.t.I.n.d.e.x.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".W.i.p.w.W.M.+.N.H.l.b.C.D.m.s.Z.p.8.S.O.s.j.h.t.F.B.s.=.".}.,.".E.x.p.i.r.a.t.i.o.n.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.B.I.r.L.q.z.8.2.g.E.=.".}.,.".S.t.a.t.u.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.A.A.A.A.A.=.=.".}.,.".R.e.s.p.o.n.s.e.B.y.t.e.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.t.r.u.e.,.".V.a.l.u.e.".:.".A.Q.A.A.A.N.C.M.n.d.8.B.F.d.E.R.j.H.o.A.w.E./.C.l.+.s.B.A.A.A.A.O.H.E.H.V.D.

                                                              C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\cf7513a936f7effbb38627e56f8d1fce10eb12cc.tbres

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:data
                                                              Category:dropped
                                                              Size (bytes):4622
                                                              Entropy (8bit):3.9963749694880515
                                                              Encrypted:false
                                                              SSDEEP:96:pY4YgqdEQXxhHHg9LI/Okt6QN+oQab9pe4/YrT:pWlXXHHg5nk6y+oQ8x/W
                                                              MD5:C6ED81A3572BF4F7629AA0292B98ED7B
                                                              SHA1:9F6A9731FDA9E642A86275D562BD70FC61858628
                                                              SHA-256:C3C9001424D96BF2639273C26E20D6F66858CD5794EF64F9E76CC728B4709937
                                                              SHA-512:EAA2316F282E57754B015875C3BD6A526CF1CB4D1C1615A6AFEC81CC6C0EDFD743745770256FEF90714FC93207A8A477AE7624AA65A1E2B5AE495DC3419E4727
                                                              Malicious:false
                                                              Preview:{.".T.B.D.a.t.a.S.t.o.r.e.O.b.j.e.c.t.".:.{.".H.e.a.d.e.r.".:.{.".O.b.j.e.c.t.T.y.p.e.".:.".T.o.k.e.n.R.e.s.p.o.n.s.e.".,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.a.j.o.r.".:.2.,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.i.n.o.r.".:.1.}.,.".O.b.j.e.c.t.D.a.t.a.".:.{.".S.y.s.t.e.m.D.e.f.i.n.e.d.P.r.o.p.e.r.t.i.e.s.".:.{.".R.e.q.u.e.s.t.I.n.d.e.x.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".z.3.U.T.q.T.b.3.7./.u.z.h.i.f.l.b.4.0.f.z.h.D.r.E.s.w.=.".}.,.".E.x.p.i.r.a.t.i.o.n.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".k.R.T.9.E.6.T.8.2.g.E.=.".}.,.".S.t.a.t.u.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.w.A.A.A.A.=.=.".}.,.".R.e.s.p.o.n.s.e.B.y.t.e.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.t.r.u.e.,.".V.a.l.u.e.".:.".A.Q.A.A.A.N.C.M.n.d.8.B.F.d.E.R.j.H.o.A.w.E./.C.l.+.s.B.A.A.A.A.O.H.E.H.V.D.

                                                              C:\Users\user\AppData\Local\Temp\45a0fae4-04f0-4153-b161-cb4725a1fbf6.tmp

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:Google Chrome extension, version 3
                                                              Category:dropped
                                                              Size (bytes):135751
                                                              Entropy (8bit):7.804610863392373
                                                              Encrypted:false
                                                              SSDEEP:1536:h+OX7O5AeBWdSq2Zso2iDNjF3dNUPOTy61NVo8OJXhQXXUWFMOiiBIHWI7YyjM/8:pVdSj9hjVn6Oj5fOJR+k0iiW2IPMaIul
                                                              MD5:83EF25FBEE6866A64F09323BFE1536E0
                                                              SHA1:24E8BD033CD15E3CF4F4FF4C8123E1868544AC65
                                                              SHA-256:F421D74829F2923FD9E5A06153E4E42DB011824C33475E564B17091598996E6F
                                                              SHA-512:C699D1C9649977731EEA0CB4740C4BEAACEEC82AECC43F9F2B1E5625C487C0BC45FA08A1152A35EFBDB3DB73B8AF3625206315D1F9645A24E1969316F9F5B38C
                                                              Malicious:false
                                                              Preview:Cr24..............0.."0...*.H.............0.........^...1"...w.g..t..2J.G1.)X4..=&.?[j,Lz..j.u.e[I.q*Ba/X...P.h..L.....2%3_o.......H.)'.=.e...?.......j..3UH.|.X.M..u..s[.*..?$....F%....I....)..,-./.e5).f..O.q.^........9..(.._.ph2..^.YBPXf_8....h[.v...S.*1`.#..5.SF.:f-.#.65.i..b.]9...y2.'....k[..........1...c@e.J.~..A...(9=...I.N.e..T......6.7..*.Kk?....]<.S(.....9}........$..6...:...9..b|B..8..I..7.8K\.KIn7.:.!^;.H........8.....,.\....b..uC...e?..E.U.........P..G..u!+......C.)Kw...............4..Qye..=$..Q.......?Oi.,O.RW6.k.+.&. .wu..tf....[0Y0...*.H.=....*.H.=....B..............r...2..+Y.I...k..bR.j5Sl..8.......H"i.-l..`.Q.{...G0E. ..r.....p..~..3.1.vD.i.]...~...!...<..4KV.~y.).`........>E.NT.%1".%............o.....J._.H.B..w..C......UU.&C..fB&..|..i..J......I.??^.Z.....Y....0^......?...o.....O.~......W.....~.......R..z.Ma...u]..*..-.n....2s<....E..6.<..W.H.qh....:j.y...N.D.]Nj....../..a...{....g.....f).~._....1q..L..#.G...Q.w...J."

                                                              C:\Users\user\AppData\Local\Temp\7be5c440-0e44-4d98-a9db-127b13852fe3.tmp

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 695310
                                                              Category:dropped
                                                              Size (bytes):529841
                                                              Entropy (8bit):7.998135800144309
                                                              Encrypted:true
                                                              SSDEEP:12288:Bf1frUE37zfAegwBb0QLTluZBBd/VMf+xVmY6ZODxI8OlIc:BVrUErvvBb0kT+BBL2+xVmYbD+8Op
                                                              MD5:BDCA653EDB3E656BD40028BEF9B4C640
                                                              SHA1:A9BF99947F4EDE5C829D8FD929B07DB65271E989
                                                              SHA-256:B2056BD0E26F04E6F53C3C85082D53959FA35CA1B59E02A3A1F20FDA5582520D
                                                              SHA-512:D3A4E90EE4DE25EDC032B4932EE010F8E6EA65A3904D1C9D831E4C162BF0362B3821A8D886078574B56E253F7EE1EA0BA0EFAD644BE016E5A48C17C906D1D4E7
                                                              Malicious:false
                                                              Preview:...........s......Lf...4..w:o...4m.....e..C.....j._...U .'^..p.e......H...M..>.&.;.....\\....]\.V&b%pzCgXq:.0t....c.-].~..[.m...m....v.x..+.S.`%.fw..j......UiO.+]09qz..m...i...3..\......k......q....n.x........},..muq......Sv*...:..\...kY.i.k?...{h].6.{.p.Q..B...}A....tq*h]G.?.(....,.\w].=.......S...3du............X;=P.p.....Kw:..Fww.>lm.`.@.]..-r.4..?.._,Vk.s.`<b..O..s.;.>..q..,,..`..........Z..>.w:.o...r......2..}..P.v..:.V.G.\...g...:.7..}...q....Fgd..#..v..-.+`'.`... ..G..B...-.c1....q.f.[~.v.....|...z`.x*h....ac....3......]v.L.I.G...(.8.L..({c....5.:.p.......07........p....p..T*V..a...k.A...j}.v._......y..8.......].M;x#U.].,..e8.^...).6.b.7._.4.......XO...n...(.}..eMT.".v@T*S...!..J2..<..&....:.\9t..w.....^B.....U.Qy..Qn~.P.b(...?r.N.~zwsr.Y.:.~.v.X.....SoZ.(...9.I......?.m.{.o....G..V&?...mob....^p.<....f.[..hsE.0...E. 1N.x.W.x./+.O5..Z~9o.ee...........V.Y.....0.....@%A.. .F0R.=Q9T'..P.\V.}.....|..O.?.{......Mh.kjO.

                                                              C:\Users\user\AppData\Local\Temp\cadfc7de-2fba-49aa-a326-8cd4d9c5c14d.tmp

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:very short file (no magic)
                                                              Category:dropped
                                                              Size (bytes):1
                                                              Entropy (8bit):0.0
                                                              Encrypted:false
                                                              SSDEEP:3:L:L
                                                              MD5:5058F1AF8388633F609CADB75A75DC9D
                                                              SHA1:3A52CE780950D4D969792A2559CD519D7EE8C727
                                                              SHA-256:CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
                                                              SHA-512:0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
                                                              Malicious:false
                                                              Preview:.

                                                              C:\Users\user\AppData\Local\Temp\cf7397ca-e998-463e-bd03-9b85894aaa1a.tmp

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:Google Chrome extension, version 3
                                                              Category:dropped
                                                              Size (bytes):11185
                                                              Entropy (8bit):7.951995436832936
                                                              Encrypted:false
                                                              SSDEEP:192:YEKh1jNlwQbamjq6Bcykrs3kAVg55GzVQM5F+XwsxNv7/lsoltBq0WG4ZeJTmrRb:fKT/BAzA05Gn5F+XV7NNltrWG4kJTm1b
                                                              MD5:78E47DDA17341BED7BE45DCCFD89AC87
                                                              SHA1:1AFDE30E46997452D11E4A2ADBBF35CCE7A1404F
                                                              SHA-256:67D161098BE68CD24FEBC0C7B48F515F199DDA72F20AE3BBB97FCF2542BB0550
                                                              SHA-512:9574A66D3756540479DC955C4057144283E09CAE11CE11EBCE801053BB48E536E67DC823B91895A9E3EE8D3CB27C065D5E9030C39A26CBF3F201348385B418A5
                                                              Malicious:false
                                                              Preview:Cr24..............0.."0...*.H.............0.........N.......E#......9e.u.q...VYY..@.+.C..k.O..bK.`..6.G..%.....3Z...e _.6....F..1p..K.Z......./ .3...OT..`..0...Y...FT..43.th.y...}....p.L...2S.&i.`..o...f.oH.....N..:..ijT.3.F{.0.,.f?'f.CQt;b_"Pc.. ..~S.I.c.8Z.;.....{G.a......k...>.`.o..%.$>;.....g.............jg?.R..@.:..........&..{...x@.Py..;kT....%F".S..w...N....9...A..@X.t!i.@..1;......1E..X.....[.~$....J......;=T.;)k..Y...$......S......M.P..P..>..=..u.....2p...w.9..1qw.a\A..Vj .C.....A..Cf1.r6.A...L. _m...[..l.Wr_../.. .B..9!.!+..ZG.K.......0.."0...*.H.............0.........^SUd%Q.L].......Cl2o...\[.....'*...;R=....N.C5....d. .....J.C>u.kr..Y..syJC.XS.q..E.n?....(G.5..)2.G..!.M.SS.{..U....!.EE..M[.#qs.A.1...g)nQ.c..G....Bd..7... .O.BI..KXQ..4.d.K.0......g.....-p....Z.E{...M&.~n.TE7..{0....5.#.C+3.y)pd9.e.........@..3.9..B.....I....2nX........2.?.~..S....]G.N.....Lr.O.Ve....9..D1.G..W)...P.?=.#..7.R.lz..a.wX.e..h.h.~....v..RP.@X....d.G

                                                              C:\Users\user\AppData\Local\Temp\cv_debug.log

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):353
                                                              Entropy (8bit):5.331242509609151
                                                              Encrypted:false
                                                              SSDEEP:6:YEtHMvoQhL56s/utHM42RjVLCquQJjDrwv/utHM8uL56s/C:YWHMgQhL56s/cHMVOP0Dkv/cHMdL56s6
                                                              MD5:2581A87345BB3A5A71BE7E11D52CFE23
                                                              SHA1:780F0B509B82BC9FBE0359FB180AE4323636BEA5
                                                              SHA-256:EDB56CC0785A06051E0407DFE8DC566DDFC77FDC3344F2882F419FFF0F9DA738
                                                              SHA-512:89E2F2B6376CBD6ADC72BB5543BF3B9AEF7830D5DC65707B6CBEDE9739FDAC016CE4D8CE47F46E6417FC5D67B5B16F97E44585252003150A38043F1C7B8CC4CC
                                                              Malicious:false
                                                              Preview:{"logTime": "0901/191902", "correlationVector":"w2Er5tTTHjjuuHLS6DGXRD","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "0901/191902", "correlationVector":"A36DBCC5BD72484FB88E4CCF8237D7F2","action":"FETCH_UX_CONFIG", "result":""}.{"logTime": "0901/191902", "correlationVector":"mGzAHmUqw4AeILS/Vm5P/R","action":"EXTENSION_UPDATER", "result":""}.

                                                              C:\Users\user\AppData\Local\Temp\d5a034f9-1e09-4f4a-ba39-e07f1b2f3e1e.tmp

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:very short file (no magic)
                                                              Category:dropped
                                                              Size (bytes):1
                                                              Entropy (8bit):0.0
                                                              Encrypted:false
                                                              SSDEEP:3:L:L
                                                              MD5:5058F1AF8388633F609CADB75A75DC9D
                                                              SHA1:3A52CE780950D4D969792A2559CD519D7EE8C727
                                                              SHA-256:CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
                                                              SHA-512:0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
                                                              Malicious:false
                                                              Preview:.

                                                              C:\Users\user\AppData\Local\Temp\e9abb6d9-4187-42d6-b0e2-d1c7c6f736a2.tmp

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1366x720, components 3
                                                              Category:dropped
                                                              Size (bytes):206855
                                                              Entropy (8bit):7.983996634657522
                                                              Encrypted:false
                                                              SSDEEP:3072:5WcDW3D2an0GMJGqJCj+1ZxdmdopHjHTFYPQyairiVoo4XSWrPoiXvJddppWmEI5:l81Lel7E6lEMVo/S01fDpWmEgD
                                                              MD5:788DF0376CE061534448AA17288FEA95
                                                              SHA1:C3B9285574587B3D1950EE4A8D64145E93842AEB
                                                              SHA-256:B7FB1D3C27E04785757E013EC1AC4B1551D862ACD86F6888217AB82E642882A5
                                                              SHA-512:3AA9C1AA00060753422650BBFE58EEEA308DA018605A6C5287788C3E2909BE876367F83B541E1D05FE33F284741250706339010571D2E2D153A5C5A107D35001
                                                              Malicious:false
                                                              Preview:......Exif..II*.................Ducky.......2......Adobe.d...........................................................#"""#''''''''''..................................................!! !!''''''''''........V.."....................................................................................!1..AQ..aq."2....R..T....Br.#S.U..b..3Cs...t6.c.$D.5uV...4d.E&....%F......................!1..AQaq....."2......BRbr3CS....#..4.............?......1f.n..T......TP....E...........P.....@.........E..@......E.P........@........E.....P.P..A@@.E..@.P.P..AP.P..AP..@....T..AP.E..P.Z .. ....."... .....7.H...w.....t.....T....M.."... P..n.n..t5..*B.P..*(.................*.....................( ..................*.. .".... .".......(.. .".....*.. ....o......E.6... ..*..."........."J......Ah......@.@@....:@{6..wCp..3...((.(......................*...@..(...."....................*......*.. ........T.......@.@@........AP.P..@.E@....E@.d.E@.@@..@.P.T..@..@..P.D...@M........EO..."...=.wCp.....R......P.@......

                                                              C:\Users\user\AppData\Local\Temp\fe23149c-d6c1-4b38-82ad-c966428e522d.tmp

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 41902
                                                              Category:dropped
                                                              Size (bytes):76319
                                                              Entropy (8bit):7.996132588300074
                                                              Encrypted:true
                                                              SSDEEP:1536:hS5Vvm808scZeEzFrSpzBUl4MZIGM/iys3BBrYunau6w6DLZ8:GdS8scZNzFrMa4M+lK5/nEDd8
                                                              MD5:24439F0E82F6A60E541FB2697F02043F
                                                              SHA1:E3FAA84B0ED8CDD2268D53A0ECC6F3134D5EBD8F
                                                              SHA-256:B24DD5C374F8BB381A48605D183B6590245EE802C65F643632A3BE9BB1F313C5
                                                              SHA-512:8FD794657A9F80FDBC2350DC26A2C82DFD82266B934A4472B3319FDB870841C832137D4F5CE41D518859B8B1DA63031C6B7E750D301F87D6ECA45B958B147FCD
                                                              Malicious:false
                                                              Preview:...........m{..(.}...7.\...N.D*.w..m..q....%XfL.*I.ql..;/.....s...E...0....`..A..[o^.^Y...F_.'.*.."L...^.......Y..W..l...E0..YY...:.&.u?....J..U<.q."...p.ib:.g.*.^.q.mr.....^&.{.E.....,EAp.q.......=.=.....z^.,d.^..J.R..zI4..2b?.-D5/.^...+.G..Y..?5..k........i.,.T#........_DV....P..d2......b\..L....o....Z.}../....CU.$.-..D9`..~......=....._.2O..?....b.{...7IY.L..q....K....T..5m.d.s.4.^... ..~<..7~6OS..b...^>.......s..n....k."..G.....L...z.U...... ... .ZY...,...kU1..N...(..V.r\$..s...X.It...x.mr..W....g........9DQR....*d......;L.S.....G... .._D.{.=.zI.g.Y~...`T..p.yO..4......8$..v.J..I.%..._.d.[..du5._._...?\..8.c.....U...fy.t....q.t....T@.......:zu..\,.!.I..AN_.....FeX..h.c.i.W.......(.....Y..F...R%.\..@.. 2(e,&.76..F+...l.t.$..`...........Wi.{.U.&(.b}...}.i..,...k....!..%...&.c..D-."..SQ.......q9....)j....7.".N....AX...).d./giR....uk.....s.....^...........:...~......(hP..K.@.&..?.E0:+D|9...U.q.cu..)t{.e...X...{.....z......LL&I6.=.

                                                              C:\Users\user\AppData\Local\Temp\mozilla-temp-files\mozilla-temp-41

                                                              Download File
                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                              File Type:ISO Media, MP4 Base Media v1 [ISO 14496-12:2003]
                                                              Category:dropped
                                                              Size (bytes):32768
                                                              Entropy (8bit):0.4593089050301797
                                                              Encrypted:false
                                                              SSDEEP:48:9SP0nUgwyZXYI65yFRX2D3GNTTfyn0Mk1iA:9SDKaIjo3UzyE1L
                                                              MD5:D910AD167F0217587501FDCDB33CC544
                                                              SHA1:2F57441CEFDC781011B53C1C5D29AC54835AFC1D
                                                              SHA-256:E3699D9404A3FFC1AFF0CA8A3972DC0EF38BDAB927741E9F627C7C55CEA42E81
                                                              SHA-512:F1871BF28FF25EE52BDB99C7A80AB715C7CAC164DCD2FD87E681168EE927FD2C5E80E03C91BB638D955A4627213BF575FF4D9EECAEDA7718C128CF2CE8F7CB3D
                                                              Malicious:false
                                                              Preview:... ftypisom....isomiso2avc1mp41....free....mdat..........E...H..,. .#..x264 - core 152 r2851 ba24899 - H.264/MPEG-4 AVC codec - Copyleft 2003-2017 - http://www.videolan.org/x264.html - options: cabac=1 ref=3 deblock=1:0:0 analyse=0x3:0x113 me=hex subme=7 psy=1 psy_rd=1.00:0.00 mixed_ref=1 me_range=16 chroma_me=1 trellis=1 8x8dct=1 cqm=0 deadzone=21,11 fast_pskip=1 chroma_qp_offset=-2 threads=4 lookahead_threads=1 sliced_threads=0 nr=0 decimate=1 interlaced=0 bluray_compat=0 constrained_intra=0 bframes=3 b_pyramid=2 b_adapt=1 b_bias=0 direct=1 weightb=1 open_gop=0 weightp=2 keyint=250 keyint_min=25 scenecut=40 intra_refresh=0 rc_lookahead=40 rc=crf mbtree=1 crf=23.0 qcomp=0.60 qpmin=0 qpmax=69 qpstep=4 ip_ratio=1.40 aq=1:1.00......e...+...s|.kG3...'.u.."...,J.w.~.d\..(K....!.+..;....h....(.T.*...M......0..~L..8..B..A.y..R..,.zBP.';j.@.].w..........c......C=.'f....gI.$^.......m5V.L...{U..%V[....8......B..i..^,....:...,..5.m.%dA....moov...lmvhd...................(...........

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir6460_1866555910\45a0fae4-04f0-4153-b161-cb4725a1fbf6.tmp

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:Google Chrome extension, version 3
                                                              Category:dropped
                                                              Size (bytes):135751
                                                              Entropy (8bit):7.804610863392373
                                                              Encrypted:false
                                                              SSDEEP:1536:h+OX7O5AeBWdSq2Zso2iDNjF3dNUPOTy61NVo8OJXhQXXUWFMOiiBIHWI7YyjM/8:pVdSj9hjVn6Oj5fOJR+k0iiW2IPMaIul
                                                              MD5:83EF25FBEE6866A64F09323BFE1536E0
                                                              SHA1:24E8BD033CD15E3CF4F4FF4C8123E1868544AC65
                                                              SHA-256:F421D74829F2923FD9E5A06153E4E42DB011824C33475E564B17091598996E6F
                                                              SHA-512:C699D1C9649977731EEA0CB4740C4BEAACEEC82AECC43F9F2B1E5625C487C0BC45FA08A1152A35EFBDB3DB73B8AF3625206315D1F9645A24E1969316F9F5B38C
                                                              Malicious:false
                                                              Preview:Cr24..............0.."0...*.H.............0.........^...1"...w.g..t..2J.G1.)X4..=&.?[j,Lz..j.u.e[I.q*Ba/X...P.h..L.....2%3_o.......H.)'.=.e...?.......j..3UH.|.X.M..u..s[.*..?$....F%....I....)..,-./.e5).f..O.q.^........9..(.._.ph2..^.YBPXf_8....h[.v...S.*1`.#..5.SF.:f-.#.65.i..b.]9...y2.'....k[..........1...c@e.J.~..A...(9=...I.N.e..T......6.7..*.Kk?....]<.S(.....9}........$..6...:...9..b|B..8..I..7.8K\.KIn7.:.!^;.H........8.....,.\....b..uC...e?..E.U.........P..G..u!+......C.)Kw...............4..Qye..=$..Q.......?Oi.,O.RW6.k.+.&. .wu..tf....[0Y0...*.H.=....*.H.=....B..............r...2..+Y.I...k..bR.j5Sl..8.......H"i.-l..`.Q.{...G0E. ..r.....p..~..3.1.vD.i.]...~...!...<..4KV.~y.).`........>E.NT.%1".%............o.....J._.H.B..w..C......UU.&C..fB&..|..i..J......I.??^.Z.....Y....0^......?...o.....O.~......W.....~.......R..z.Ma...u]..*..-.n....2s<....E..6.<..W.H.qh....:j.y...N.D.]Nj....../..a...{....g.....f).~._....1q..L..#.G...Q.w...J."

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir6460_1866555910\CRX_INSTALL\128.png

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced
                                                              Category:dropped
                                                              Size (bytes):4982
                                                              Entropy (8bit):7.929761711048726
                                                              Encrypted:false
                                                              SSDEEP:96:L7Rf7U1ylWb3KfyEfOXE+PIcvBirQFiAql1ZwKREkXCSAk:pTvWqfD+gl0sAql1u7kySAk
                                                              MD5:913064ADAAA4C4FA2A9D011B66B33183
                                                              SHA1:99EA751AC2597A080706C690612AEEEE43161FC1
                                                              SHA-256:AFB4CE8882EF7AE80976EBA7D87F6E07FCDDC8E9E84747E8D747D1E996DEA8EB
                                                              SHA-512:162BF69B1AD5122C6154C111816E4B87A8222E6994A72743ED5382D571D293E1467A2ED2FC6CC27789B644943CF617A56DA530B6A6142680C5B2497579A632B5
                                                              Malicious:false
                                                              Preview:.PNG........IHDR..............>a....=IDATx..]}...U..;...O.Q..QH.I(....v..E....GUb*..R[.4@%..hK..B..(.B..". ....&)U#.%...jZ...JC.8.....{.cfvgf.3;.....}ow.....{...P.B...*T.P.B...*Tx...=.Q..wv.w.....|.e.1.$.P.?..l_\.n.}...~.g.....Q...A.f....m.....{,...C2 %..X.......FE.1.N..f...Q..D.K87.....:g..Q.{............3@$.8.....{.....q....G.. .....5..y......)XK..F...D.......... ."8...J#.eM.i....H.E.....a.RIP.`......)..T.....! .[p`X.`..L.a....e. .T..2.....H..p$..02...j....\..........s{...Ymm~.a........f.$./.[.{..C.2:.0..6..]....`....NW.....0..o.T..$;k.2......_...k..{,.+........{..6...L..... .dw...l$..}...K...EV....0......P...e....k....+Go....qw.9.1...X2\..qfw0v.....N...{...l.."....f.A..I..+#.v....'..~E.N-k.........{...l.$..ga..1...$......x$X=}.N..S..B$p..`..`.ZG:c..RA.(.0......Gg.A.I..>...3u.u........_..KO.m.........C...,..c.......0...@_..m...-..7.......4LZ......j@.......\..'....u. QJ.:G..I`.w'B0..w.H..'b.0- ......|..}./.....e..,.K.1........W.u.v. ...\.o

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir6460_1866555910\CRX_INSTALL\_locales\af\messages.json

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):908
                                                              Entropy (8bit):4.512512697156616
                                                              Encrypted:false
                                                              SSDEEP:12:1HASvgMTCBxNB+kCIww3v+BBJ/wjsV8lCBxeBeRiGTCSU8biHULaBg/4srCBhUJJ:1HAkkJ+kCIwEg/wwbw0PXa22QLWmSDg
                                                              MD5:12403EBCCE3AE8287A9E823C0256D205
                                                              SHA1:C82D43C501FAE24BFE05DB8B8F95ED1C9AC54037
                                                              SHA-256:B40BDE5B612CFFF936370B32FB0C58CC205FC89937729504C6C0B527B60E2CBA
                                                              SHA-512:153401ECDB13086D2F65F9B9F20ACB3CEFE5E2AEFF1C31BA021BE35BF08AB0634812C33D1D34DA270E5693A8048FC5E2085E30974F6A703F75EA1622A0CA0FFD
                                                              Malicious:false
                                                              Preview:{.. "createnew": {.. "message": "SKEP NUWE".. },.. "explanationofflinedisabled": {.. "message": "Jy is vanlyn. As jy Google Dokumente sonder 'n internetverbinding wil gebruik, moet jy die volgende keer as jy aan die internet gekoppel is na instellings op die Google Dokumente-tuisblad gaan en vanlynsinkronisering aanskakel.".. },.. "explanationofflineenabled": {.. "message": "Jy is vanlyn, maar jy kan nog steeds beskikbare l.ers redigeer of nuwes skep.".. },.. "extdesc": {.. "message": "Skep, wysig en bekyk jou dokumente, sigblaaie en aanbiedings . alles sonder toegang tot die internet.".. },.. "extname": {.. "message": "Google Vanlyn Dokumente".. },.. "learnmore": {.. "message": "Kom meer te wete".. },.. "popuphelptext": {.. "message": "Skryf, redigeer en werk saam, waar jy ook al is, met of sonder 'n internetverbinding.".. }..}..

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir6460_1866555910\CRX_INSTALL\_locales\am\messages.json

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):1285
                                                              Entropy (8bit):4.702209356847184
                                                              Encrypted:false
                                                              SSDEEP:24:1HAn6bfEpxtmqMI91ivWjm/6GcCIoToCZzlgkX/Mj:W6bMt3MITFjm/Pcd4oCZhg6k
                                                              MD5:9721EBCE89EC51EB2BAEB4159E2E4D8C
                                                              SHA1:58979859B28513608626B563138097DC19236F1F
                                                              SHA-256:3D0361A85ADFCD35D0DE74135723A75B646965E775188F7DCDD35E3E42DB788E
                                                              SHA-512:FA3689E8663565D3C1C923C81A620B006EA69C99FB1EB15D07F8F45192ED9175A6A92315FA424159C1163382A3707B25B5FC23E590300C62CBE2DACE79D84871
                                                              Malicious:false
                                                              Preview:{.. "createnew": {.. "message": "... ...".. },.. "explanationofflinedisabled": {.. "message": "..... .. .... Google ..... ........ ..... ..... .Google .... ... .. .. .. ..... .... ....... .. ....... ... .. .. ..... .. ..... ....".. },.. "explanationofflineenabled": {.. "message": "..... .. .... ... .. .... .... ..... .... ... ..... .... .....".. },.. "extdesc": {.. "message": "...... ..... .... ... .. ..... ...... ..... .... .. ..... . .... .. ...... .....".. },.. "extname": {.. "message": "..... .. Goog

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir6460_1866555910\CRX_INSTALL\_locales\ar\messages.json

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):1244
                                                              Entropy (8bit):4.5533961615623735
                                                              Encrypted:false
                                                              SSDEEP:12:1HASvgPCBxNhieFTr9ogjIxurIyJCCBxeh6wAZKn7uCSUhStuysUm+WCBhSueW1Y:1HAgJzoaC6VEn7Css8yoXzzd
                                                              MD5:3EC93EA8F8422FDA079F8E5B3F386A73
                                                              SHA1:24640131CCFB21D9BC3373C0661DA02D50350C15
                                                              SHA-256:ABD0919121956AB535E6A235DE67764F46CFC944071FCF2302148F5FB0E8C65A
                                                              SHA-512:F40E879F85BC9B8120A9B7357ED44C22C075BF065F45BEA42BD5316AF929CBD035D5D6C35734E454AEF5B79D378E51A77A71FA23F9EBD0B3754159718FCEB95C
                                                              Malicious:false
                                                              Preview:{.. "createnew": {.. "message": "..... ....".. },.. "explanationofflinedisabled": {.. "message": "... ... ...... ........ ....... Google ... ..... .......... ..... ... ......... .. ...... ........ ........ Google ..... ........ ... ..... .. ..... ....... .... .... .... ..........".. },.. "explanationofflineenabled": {.. "message": "... ... ...... .... .. .... ....... ..... ....... ....... .. ..... ..... ......".. },.. "extdesc": {.. "message": "..... ......... ...... ........ ....... ......... ........ ....... .. ... ... ..... .........".. },.. "extname": {.. "message": "....... Google ... ......".. },.. "learnmore": {.. "messa

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir6460_1866555910\CRX_INSTALL\_locales\az\messages.json

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):977
                                                              Entropy (8bit):4.867640976960053
                                                              Encrypted:false
                                                              SSDEEP:24:1HAWNjbwlmyuAoW32Md+80cVLdUSERHtRo3SjX:J3wlzs42m+8TV+S4H0CjX
                                                              MD5:9A798FD298008074E59ECC253E2F2933
                                                              SHA1:1E93DA985E880F3D3350FC94F5CCC498EFC8C813
                                                              SHA-256:628145F4281FA825D75F1E332998904466ABD050E8B0DC8BB9B6A20488D78A66
                                                              SHA-512:9094480379F5AB711B3C32C55FD162290CB0031644EA09A145E2EF315DA12F2E55369D824AF218C3A7C37DD9A276AEEC127D8B3627D3AB45A14B0191ED2BBE70
                                                              Malicious:false
                                                              Preview:{.. "createnew": {.. "message": "YEN.S.N. YARADIN".. },.. "explanationofflinedisabled": {.. "message": "Oflayns.n.z. Google S.n.di internet ba.lant.s. olmadan istifad. etm.k ist.yirsinizs., Google S.n.din .sas s.hif.sind. ayarlara gedin v. n.vb.ti d.f. internet. qo.ulanda oflayn sinxronizasiyan. aktiv edin.".. },.. "explanationofflineenabled": {.. "message": "Oflayns.n.z, amma m.vcud fayllar. redakt. ed. v. yenil.rini yarada bil.rsiniz.".. },.. "extdesc": {.. "message": "S.n.d, c.dv.l v. t.qdimatlar.n ham.s.n. internet olmadan redakt. edin, yarad.n v. bax.n.".. },.. "extname": {.. "message": "Google S.n.d Oflayn".. },.. "learnmore": {.. "message": ".trafl. M.lumat".. },.. "popuphelptext": {.. "message": "Harda olma..n.zdan v. internet. qo.ulu olub-olmad...n.zdan as.l. olmayaraq, yaz.n, redakt. edin v. .m.kda.l.q edin.".. }..}..

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir6460_1866555910\CRX_INSTALL\_locales\be\messages.json

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):3107
                                                              Entropy (8bit):3.535189746470889
                                                              Encrypted:false
                                                              SSDEEP:48:YOWdTQ0QRk+QyJQAy6Qg4QWSe+QECTQLHQlQIfyQ0fnWQjQDrTQik+QvkZTQ+89b:GdTbyRvwgbCTEHQhyVues9oOT3rOCkV
                                                              MD5:68884DFDA320B85F9FC5244C2DD00568
                                                              SHA1:FD9C01E03320560CBBB91DC3D1917C96D792A549
                                                              SHA-256:DDF16859A15F3EB3334D6241975CA3988AC3EAFC3D96452AC3A4AFD3644C8550
                                                              SHA-512:7FF0FBD555B1F9A9A4E36B745CBFCAD47B33024664F0D99E8C080BE541420D1955D35D04B5E973C07725573E592CD0DD84FDBB867C63482BAFF6929ADA27CCDE
                                                              Malicious:false
                                                              Preview:{"createnew":{"message":"\u0421\u0422\u0412\u0410\u0420\u042b\u0426\u042c \u041d\u041e\u0412\u042b"},"explanationofflinedisabled":{"message":"\u0412\u044b \u045e \u043f\u0430\u0437\u0430\u0441\u0435\u0442\u043a\u0430\u0432\u044b\u043c \u0440\u044d\u0436\u044b\u043c\u0435. \u041a\u0430\u0431 \u043a\u0430\u0440\u044b\u0441\u0442\u0430\u0446\u0446\u0430 \u0414\u0430\u043a\u0443\u043c\u0435\u043d\u0442\u0430\u043c\u0456 Google \u0431\u0435\u0437 \u043f\u0430\u0434\u043a\u043b\u044e\u0447\u044d\u043d\u043d\u044f \u0434\u0430 \u0456\u043d\u0442\u044d\u0440\u043d\u044d\u0442\u0443, \u043f\u0435\u0440\u0430\u0439\u0434\u0437\u0456\u0446\u0435 \u0434\u0430 \u043d\u0430\u043b\u0430\u0434 \u043d\u0430 \u0433\u0430\u043b\u043e\u045e\u043d\u0430\u0439 \u0441\u0442\u0430\u0440\u043e\u043d\u0446\u044b \u0414\u0430\u043a\u0443\u043c\u0435\u043d\u0442\u0430\u045e Google \u0456 \u045e\u043a\u043b\u044e\u0447\u044b\u0446\u0435 \u0441\u0456\u043d\u0445\u0440\u0430\u043d\u0456\u0437\u0430\u0446\u044b\u044e

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir6460_1866555910\CRX_INSTALL\_locales\bg\messages.json

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):1389
                                                              Entropy (8bit):4.561317517930672
                                                              Encrypted:false
                                                              SSDEEP:24:1HAp1DQqUfZ+Yann08VOeadclUZbyMzZzsYvwUNn7nOyRK8/nn08V7:g1UTfZ+Ya08Uey3tflCRE08h
                                                              MD5:2E6423F38E148AC5A5A041B1D5989CC0
                                                              SHA1:88966FFE39510C06CD9F710DFAC8545672FFDCEB
                                                              SHA-256:AC4A8B5B7C0B0DD1C07910F30DCFBDF1BCB701CFCFD182B6153FD3911D566C0E
                                                              SHA-512:891FCDC6F07337970518322C69C6026896DD3588F41F1E6C8A1D91204412CAE01808F87F9F2DEA1754458D70F51C3CEF5F12A9E3FC011165A42B0844C75EC683
                                                              Malicious:false
                                                              Preview:{.. "createnew": {.. "message": ".........".. },.. "explanationofflinedisabled": {.. "message": "...... .... .. .. .......... Google ......... ... ........ ......, ........ ........... . ......... ........ .. Google ......... . ........ ...... .............. ......... ..., ...... ..... ...... . .........".. },.. "explanationofflineenabled": {.. "message": "...... ..., .. ... ...... .. ........... ......... ....... ... .. ......... .....".. },.. "extdesc": {.. "message": "............, .......... . ............ ...... ........., .......... ....... . ........... . ...... .... ... ...... .. .........".. },..

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir6460_1866555910\CRX_INSTALL\_locales\bn\messages.json

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):1763
                                                              Entropy (8bit):4.25392954144533
                                                              Encrypted:false
                                                              SSDEEP:24:1HABGtNOtIyHmVd+q+3X2AFl2DhrR7FAWS9+SMzI8QVAEq8yB0XtfOyvU7D:oshmm/+H2Ml2DrFPS9+S99EzBd7D
                                                              MD5:651375C6AF22E2BCD228347A45E3C2C9
                                                              SHA1:109AC3A912326171D77869854D7300385F6E628C
                                                              SHA-256:1DBF38E425C5C7FC39E8077A837DF0443692463BA1FBE94E288AB5A93242C46E
                                                              SHA-512:958AA7CF645FAB991F2ECA0937BA734861B373FB1C8BCC001599BE57C65E0917F7833A971D93A7A6423C5F54A4839D3A4D5F100C26EFA0D2A068516953989F9D
                                                              Malicious:false
                                                              Preview:{.. "createnew": {.. "message": ".... .... ....".. },.. "explanationofflinedisabled": {.. "message": ".... ....... ....... .... ......... ..... ..... Google ........ ....... ...., Google .......... ........ ....... ... ... .... ... .... ... ........... .... ....... .... ... ...... ..... .... .....".. },.. "explanationofflineenabled": {.. "message": ".... ....... ......, ...... .... .... ...... .......... ........ .... .. .... .... .... .... .......".. },.. "extdesc":

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir6460_1866555910\CRX_INSTALL\_locales\ca\messages.json

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):930
                                                              Entropy (8bit):4.569672473374877
                                                              Encrypted:false
                                                              SSDEEP:12:1HASvggoSCBxNFT0sXuqgEHQ2fTq9blUJYUJaw9CBxejZFPLOjCSUuE44pMiiDat:1HAtqs+BEHGpURxSp1iUPWCAXtRKe
                                                              MD5:D177261FFE5F8AB4B3796D26835F8331
                                                              SHA1:4BE708E2FFE0F018AC183003B74353AD646C1657
                                                              SHA-256:D6E65238187A430FF29D4C10CF1C46B3F0FA4B91A5900A17C5DFD16E67FFC9BD
                                                              SHA-512:E7D730304AED78C0F4A78DADBF835A22B3D8114FB41D67B2B26F4FE938B572763D3E127B7C1C81EBE7D538DA976A7A1E7ADC40F918F88AFADEA2201AE8AB47D0
                                                              Malicious:false
                                                              Preview:{.. "createnew": {.. "message": "CREA'N UN DE NOU".. },.. "explanationofflinedisabled": {.. "message": "No tens connexi.. Per utilitzar Documents de Google sense connexi. a Internet, ves a la configuraci. de la p.gina d'inici d'aquest servei i activa l'opci. per sincronitzar-se sense connexi. la propera vegada que estiguis connectat a la xarxa.".. },.. "explanationofflineenabled": {.. "message": "Tot i que no tens connexi., pots editar o crear fitxers.".. },.. "extdesc": {.. "message": "Edita, crea i consulta documents, fulls de c.lcul i presentacions, tot sense acc.s a Internet.".. },.. "extname": {.. "message": "Documents de Google sense connexi.".. },.. "learnmore": {.. "message": "M.s informaci.".. },.. "popuphelptext": {.. "message": "Escriu text, edita fitxers i col.labora-hi siguis on siguis, amb o sense connexi. a Internet.".. }..}..

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir6460_1866555910\CRX_INSTALL\_locales\cs\messages.json

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):913
                                                              Entropy (8bit):4.947221919047
                                                              Encrypted:false
                                                              SSDEEP:12:1HASvgdsbCBxNBmobXP15Dxoo60n40h6qCBxeBeGG/9jZCSUKFPDLZ2B2hCBhPLm:1HApJmoZ5e50nzQhwAd7dvYB2kDSGGKs
                                                              MD5:CCB00C63E4814F7C46B06E4A142F2DE9
                                                              SHA1:860936B2A500CE09498B07A457E0CCA6B69C5C23
                                                              SHA-256:21AE66CE537095408D21670585AD12599B0F575FF2CB3EE34E3A48F8CC71CFAB
                                                              SHA-512:35839DAC6C985A6CA11C1BFF5B8B5E59DB501FCB91298E2C41CB0816B6101BF322445B249EAEA0CEF38F76D73A4E198F2B6E25EEA8D8A94EA6007D386D4F1055
                                                              Malicious:false
                                                              Preview:{.. "createnew": {.. "message": "VYTVO.IT".. },.. "explanationofflinedisabled": {.. "message": "Jste offline. Pokud chcete Dokumenty Google pou..vat bez p.ipojen. k.internetu, a. budete p...t. online, p.ejd.te do nastaven. na domovsk. str.nce Dokument. Google a.zapn.te offline synchronizaci.".. },.. "explanationofflineenabled": {.. "message": "Jste offline, ale st.le m..ete upravovat dostupn. soubory nebo vytv..et nov..".. },.. "extdesc": {.. "message": "Upravujte, vytv..ejte a.zobrazujte sv. dokumenty, tabulky a.prezentace . v.e bez p..stupu k.internetu.".. },.. "extname": {.. "message": "Dokumenty Google offline".. },.. "learnmore": {.. "message": "Dal.. informace".. },.. "popuphelptext": {.. "message": "Pi.te, upravujte a.spolupracujte kdekoli, s.p.ipojen.m k.internetu i.bez n.j.".. }..}..

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir6460_1866555910\CRX_INSTALL\_locales\cy\messages.json

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):806
                                                              Entropy (8bit):4.815663786215102
                                                              Encrypted:false
                                                              SSDEEP:12:YGo35xMxy6gLr4Dn1eBVa1xzxyn1VFQB6FDVgdAJex9QH7uy+XJEjENK32J21j:Y735+yoeeRG54uDmdXx9Q7u3r83Xj
                                                              MD5:A86407C6F20818972B80B9384ACFBBED
                                                              SHA1:D1531CD0701371E95D2A6BB5EDCB79B949D65E7C
                                                              SHA-256:A482663292A913B02A9CDE4635C7C92270BF3C8726FD274475DC2C490019A7C9
                                                              SHA-512:D9FBF675514A890E9656F83572208830C6D977E34D5744C298A012515BC7EB5A17726ADD0D9078501393BABD65387C4F4D3AC0CC0F7C60C72E09F336DCA88DE7
                                                              Malicious:false
                                                              Preview:{"createnew":{"message":"CREU NEWYDD"},"explanationofflinedisabled":{"message":"Rydych chi all-lein. I ddefnyddio Dogfennau Google heb gysylltiad \u00e2'r rhyngrwyd, ewch i'r gosodiadau ar dudalen hafan Dogfennau Google a throi 'offine sync' ymlaen y tro nesaf y byddwch wedi'ch cysylltu \u00e2'r rhyngrwyd."},"explanationofflineenabled":{"message":"Rydych chi all-lein, ond gallwch barhau i olygu'r ffeiliau sydd ar gael neu greu rhai newydd."},"extdesc":{"message":"Gallwch olygu, creu a gweld eich dogfennau, taenlenni a chyflwyniadau \u2013 i gyd heb fynediad i'r rhyngrwyd."},"extname":{"message":"Dogfennau Google All-lein"},"learnmore":{"message":"DYSGU MWY"},"popuphelptext":{"message":"Ysgrifennwch, golygwch a chydweithiwch lle bynnag yr ydych, gyda chysylltiad \u00e2'r rhyngrwyd neu hebddo."}}.

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir6460_1866555910\CRX_INSTALL\_locales\da\messages.json

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):883
                                                              Entropy (8bit):4.5096240460083905
                                                              Encrypted:false
                                                              SSDEEP:24:1HA4EFkQdUULMnf1yo+9qgpukAXW9bGJTvDyqdr:zEFkegfw9qwAXWNs/yu
                                                              MD5:B922F7FD0E8CCAC31B411FC26542C5BA
                                                              SHA1:2D25E153983E311E44A3A348B7D97AF9AAD21A30
                                                              SHA-256:48847D57C75AF51A44CBF8F7EF1A4496C2007E58ED56D340724FDA1604FF9195
                                                              SHA-512:AD0954DEEB17AF04858DD5EC3D3B3DA12DFF7A666AF4061DEB6FD492992D95DB3BAF751AB6A59BEC7AB22117103A93496E07632C2FC724623BB3ACF2CA6093F3
                                                              Malicious:false
                                                              Preview:{.. "createnew": {.. "message": "OPRET NYT".. },.. "explanationofflinedisabled": {.. "message": "Du er offline. Hvis du vil bruge Google Docs uden en internetforbindelse, kan du g. til indstillinger p. startsiden for Google Docs og aktivere offlinesynkronisering, n.ste gang du har internetforbindelse.".. },.. "explanationofflineenabled": {.. "message": "Du er offline, men du kan stadig redigere tilg.ngelige filer eller oprette nye.".. },.. "extdesc": {.. "message": "Rediger, opret og se dine dokumenter, regneark og pr.sentationer helt uden internetadgang.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "F. flere oplysninger".. },.. "popuphelptext": {.. "message": "Skriv, rediger og samarbejd, uanset hvor du er, og uanset om du har internetforbindelse.".. }..}..

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir6460_1866555910\CRX_INSTALL\_locales\de\messages.json

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):1031
                                                              Entropy (8bit):4.621865814402898
                                                              Encrypted:false
                                                              SSDEEP:24:1HA6sZnqWd77ykJzCkhRhoe1HMNaAJPwG/p98HKpy2kX/R:WZqWxykJzthRhoQma+tpyHX2O/R
                                                              MD5:D116453277CC860D196887CEC6432FFE
                                                              SHA1:0AE00288FDE696795CC62FD36EABC507AB6F4EA4
                                                              SHA-256:36AC525FA6E28F18572D71D75293970E0E1EAD68F358C20DA4FDC643EEA2C1C5
                                                              SHA-512:C788C3202A27EC220E3232AE25E3C855F3FDB8F124848F46A3D89510C564641A2DFEA86D5014CEA20D3D2D3C1405C96DBEB7CCAD910D65C55A32FDCA8A33FDD4
                                                              Malicious:false
                                                              Preview:{.. "createnew": {.. "message": "NEU ERSTELLEN".. },.. "explanationofflinedisabled": {.. "message": "Sie sind offline. Um Google Docs ohne Internetverbindung zu verwenden, gehen Sie auf der Google Docs-Startseite auf \"Einstellungen\" und schalten die Offlinesynchronisierung ein, wenn Sie das n.chste Mal mit dem Internet verbunden sind.".. },.. "explanationofflineenabled": {.. "message": "Sie sind offline, aber k.nnen weiterhin verf.gbare Dateien bearbeiten oder neue Dateien erstellen.".. },.. "extdesc": {.. "message": "Mit der Erweiterung k.nnen Sie Dokumente, Tabellen und Pr.sentationen bearbeiten, erstellen und aufrufen.. ganz ohne Internetverbindung.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Weitere Informationen".. },.. "popuphelptext": {.. "message": "Mit oder ohne Internetverbindung: Sie k.nnen von .berall Dokumente erstellen, .ndern und zusammen mit anderen

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir6460_1866555910\CRX_INSTALL\_locales\el\messages.json

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):1613
                                                              Entropy (8bit):4.618182455684241
                                                              Encrypted:false
                                                              SSDEEP:24:1HAJKan4EITDZGoziRAc2Z8eEfkTJfLhGX7b0UBNoAcGpVyhxefSmuq:SKzTD0IK85JlwsGOUyaSk
                                                              MD5:9ABA4337C670C6349BA38FDDC27C2106
                                                              SHA1:1FC33BE9AB4AD99216629BC89FBB30E7AA42B812
                                                              SHA-256:37CA6AB271D6E7C9B00B846FDB969811C9CE7864A85B5714027050795EA24F00
                                                              SHA-512:8564F93AD8485C06034A89421CE74A4E719BBAC865E33A7ED0B87BAA80B7F7E54B240266F2EDB595DF4E6816144428DB8BE18A4252CBDCC1E37B9ECC9F9D7897
                                                              Malicious:false
                                                              Preview:{.. "createnew": {.. "message": ".......... ....".. },.. "explanationofflinedisabled": {.. "message": "..... ..... ......... ... .. ............... .. ....... Google ..... ....... ... ........., ......... .... ......... .... ...... ...... ... ........ Google ... ............. ... ........... ..... ........ ... ....... .... ... .. ..... ............ ... ..........".. },.. "explanationofflineenabled": {.. "message": "..... ..... ........ .... ........ .. .............. .. ......... ...... . .. ............. ... .......".. },.. "extdesc": {.. "message": ".............., ............ ... ..... .. ......., .

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir6460_1866555910\CRX_INSTALL\_locales\en\messages.json

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):851
                                                              Entropy (8bit):4.4858053753176526
                                                              Encrypted:false
                                                              SSDEEP:12:1HASvgg4eCBxNdN3Pj1NzXW6iFryCBxesJGceKCSUuvNn3AwCBhUufz1tHaXRdAv:1HA3dj/BNzXviFrpj4sNQXJezAa6
                                                              MD5:07FFBE5F24CA348723FF8C6C488ABFB8
                                                              SHA1:6DC2851E39B2EE38F88CF5C35A90171DBEA5B690
                                                              SHA-256:6895648577286002F1DC9C3366F558484EB7020D52BBF64A296406E61D09599C
                                                              SHA-512:7ED2C8DB851A84F614D5DAF1D5FE633BD70301FD7FF8A6723430F05F642CEB3B1AD0A40DE65B224661C782FFCEC69D996EBE3E5BB6B2F478181E9A07D8CD41F6
                                                              Malicious:false
                                                              Preview:{.. "createnew": {.. "message": "CREATE NEW".. },.. "explanationofflinedisabled": {.. "message": "You're offline. To use Google Docs without an internet connection, go to settings on the Google Docs homepage and turn on offline sync the next time you're connected to the internet.".. },.. "explanationofflineenabled": {.. "message": "You're offline, but you can still edit available files or create new ones.".. },.. "extdesc": {.. "message": "Edit, create, and view your documents, spreadsheets, and presentations . all without internet access.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Learn More".. },.. "popuphelptext": {.. "message": "Write, edit, and collaborate wherever you are, with or without an internet connection.".. }..}..

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir6460_1866555910\CRX_INSTALL\_locales\en_CA\messages.json

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):851
                                                              Entropy (8bit):4.4858053753176526
                                                              Encrypted:false
                                                              SSDEEP:12:1HASvgg4eCBxNdN3Pj1NzXW6iFryCBxesJGceKCSUuvNn3AwCBhUufz1tHaXRdAv:1HA3dj/BNzXviFrpj4sNQXJezAa6
                                                              MD5:07FFBE5F24CA348723FF8C6C488ABFB8
                                                              SHA1:6DC2851E39B2EE38F88CF5C35A90171DBEA5B690
                                                              SHA-256:6895648577286002F1DC9C3366F558484EB7020D52BBF64A296406E61D09599C
                                                              SHA-512:7ED2C8DB851A84F614D5DAF1D5FE633BD70301FD7FF8A6723430F05F642CEB3B1AD0A40DE65B224661C782FFCEC69D996EBE3E5BB6B2F478181E9A07D8CD41F6
                                                              Malicious:false
                                                              Preview:{.. "createnew": {.. "message": "CREATE NEW".. },.. "explanationofflinedisabled": {.. "message": "You're offline. To use Google Docs without an internet connection, go to settings on the Google Docs homepage and turn on offline sync the next time you're connected to the internet.".. },.. "explanationofflineenabled": {.. "message": "You're offline, but you can still edit available files or create new ones.".. },.. "extdesc": {.. "message": "Edit, create, and view your documents, spreadsheets, and presentations . all without internet access.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Learn More".. },.. "popuphelptext": {.. "message": "Write, edit, and collaborate wherever you are, with or without an internet connection.".. }..}..

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir6460_1866555910\CRX_INSTALL\_locales\en_GB\messages.json

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):848
                                                              Entropy (8bit):4.494568170878587
                                                              Encrypted:false
                                                              SSDEEP:12:1HASvgg4eCBxNdN3vRyc1NzXW6iFrSCBxesJGceKCSUuvlvOgwCBhUufz1tnaXrQ:1HA3djfR3NzXviFrJj4sJXJ+bA6RM
                                                              MD5:3734D498FB377CF5E4E2508B8131C0FA
                                                              SHA1:AA23E39BFE526B5E3379DE04E00EACBA89C55ADE
                                                              SHA-256:AB5CDA04013DCE0195E80AF714FBF3A67675283768FFD062CF3CF16EDB49F5D4
                                                              SHA-512:56D9C792954214B0DE56558983F7EB7805AC330AF00E944E734340BE41C68E5DD03EDDB17A63BC2AB99BDD9BE1F2E2DA5BE8BA7C43D938A67151082A9041C7BA
                                                              Malicious:false
                                                              Preview:{.. "createnew": {.. "message": "CREATE NEW".. },.. "explanationofflinedisabled": {.. "message": "You're offline. To use Google Docs without an Internet connection, go to settings on the Google Docs homepage and turn on offline sync the next time you're connected to the Internet.".. },.. "explanationofflineenabled": {.. "message": "You're offline, but you can still edit available files or create new ones.".. },.. "extdesc": {.. "message": "Edit, create and view your documents, spreadsheets and presentations . all without Internet access.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Learn more".. },.. "popuphelptext": {.. "message": "Write, edit and collaborate wherever you are, with or without an Internet connection.".. }..}..

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir6460_1866555910\CRX_INSTALL\_locales\en_US\messages.json

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):1425
                                                              Entropy (8bit):4.461560329690825
                                                              Encrypted:false
                                                              SSDEEP:24:1HA6Krbbds5Kna/BNzXviFrpsCxKU4irpNQ0+qWK5yOJAaCB7MAa6:BKrbBs5Kna/BNzXvi3sCxKZirA0jWK5m
                                                              MD5:578215FBB8C12CB7E6CD73FBD16EC994
                                                              SHA1:9471D71FA6D82CE1863B74E24237AD4FD9477187
                                                              SHA-256:102B586B197EA7D6EDFEB874B97F95B05D229EA6A92780EA8544C4FF1E6BC5B1
                                                              SHA-512:E698B1A6A6ED6963182F7D25AC12C6DE06C45D14499DDC91E81BDB35474E7EC9071CFEBD869B7D129CB2CD127BC1442C75E408E21EB8E5E6906A607A3982B212
                                                              Malicious:false
                                                              Preview:{.. "createNew": {.. "description": "Text shown in the extension pop up for creating a new document",.. "message": "CREATE NEW".. },.. "explanationOfflineDisabled": {.. "description": "Text shown in the extension popup when the user is offline and offline is disabled.",.. "message": "You're offline. To use Google Docs without an internet connection, go to settings on the Google Docs homepage and turn on offline sync the next time you're connected to the internet.".. },.. "explanationOfflineEnabled": {.. "description": "Text shown in the extension popup when the user is offline and offline is enabled.",.. "message": "You're offline, but you can still edit available files or create new ones.".. },.. "extDesc": {.. "description": "Extension description",.. "message": "Edit, create, and view your documents, spreadsheets, and presentations . all without internet access.".. },.. "extName": {.. "description": "Extension name",..

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir6460_1866555910\CRX_INSTALL\_locales\es\messages.json

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):961
                                                              Entropy (8bit):4.537633413451255
                                                              Encrypted:false
                                                              SSDEEP:12:1HASvggeCBxNFxcw2CVcfamedatqWCCBxeFxCF/m+rWAaFQbCSUuExqIQdO06stp:1HAqn0gcfa9dc/5mCpmIWck02USfWmk
                                                              MD5:F61916A206AC0E971CDCB63B29E580E3
                                                              SHA1:994B8C985DC1E161655D6E553146FB84D0030619
                                                              SHA-256:2008F4FAAB71AB8C76A5D8811AD40102C380B6B929CE0BCE9C378A7CADFC05EB
                                                              SHA-512:D9C63B2F99015355ACA04D74A27FD6B81170750C4B4BE7293390DC81EF4CD920EE9184B05C61DC8979B6C2783528949A4AE7180DBF460A2620DBB0D3FD7A05CF
                                                              Malicious:false
                                                              Preview:{.. "createnew": {.. "message": "CREAR".. },.. "explanationofflinedisabled": {.. "message": "No tienes conexi.n. Para usar Documentos de Google sin conexi.n a Internet, ve a Configuraci.n en la p.gina principal de Documentos de Google y activa la sincronizaci.n sin conexi.n la pr.xima vez que te conectes a Internet.".. },.. "explanationofflineenabled": {.. "message": "No tienes conexi.n. Aun as., puedes crear archivos o editar los que est.n disponibles.".. },.. "extdesc": {.. "message": "Edita, crea y consulta tus documentos, hojas de c.lculo y presentaciones; todo ello, sin acceso a Internet.".. },.. "extname": {.. "message": "Documentos de Google sin conexi.n".. },.. "learnmore": {.. "message": "M.s informaci.n".. },.. "popuphelptext": {.. "message": "Escribe o edita contenido y colabora con otras personas desde cualquier lugar, con o sin conexi.n a Internet.".. }..}..

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir6460_1866555910\CRX_INSTALL\_locales\es_419\messages.json

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):959
                                                              Entropy (8bit):4.570019855018913
                                                              Encrypted:false
                                                              SSDEEP:24:1HARn05cfa9dcDmQOTtSprj0zaGUSjSGZ:+n0CfMcDmQOTQprj4qpC
                                                              MD5:535331F8FB98894877811B14994FEA9D
                                                              SHA1:42475E6AFB6A8AE41E2FC2B9949189EF9BBE09FB
                                                              SHA-256:90A560FF82605DB7EDA26C90331650FF9E42C0B596CEDB79B23598DEC1B4988F
                                                              SHA-512:2CE9C69E901AB5F766E6CFC1E592E1AF5A07AA78D154CCBB7898519A12E6B42A21C5052A86783ABE3E7A05043D4BD41B28960FEDDB30169FF7F7FE7208C8CFE9
                                                              Malicious:false
                                                              Preview:{.. "createnew": {.. "message": "CREAR NUEVO".. },.. "explanationofflinedisabled": {.. "message": "No tienes conexi.n. Para usar Documentos de Google sin conexi.n a Internet, ve a la configuraci.n de la p.gina principal de Documentos de Google y activa la sincronizaci.n sin conexi.n la pr.xima vez que est.s conectado a Internet.".. },.. "explanationofflineenabled": {.. "message": "No tienes conexi.n, pero a.n puedes modificar los archivos disponibles o crear otros nuevos.".. },.. "extdesc": {.. "message": "Edita, crea y consulta tus documentos, hojas de c.lculo y presentaciones aunque no tengas acceso a Internet".. },.. "extname": {.. "message": "Documentos de Google sin conexi.n".. },.. "learnmore": {.. "message": "M.s informaci.n".. },.. "popuphelptext": {.. "message": "Escribe, modifica y colabora dondequiera que est.s, con conexi.n a Internet o sin ella.".. }..}..

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir6460_1866555910\CRX_INSTALL\_locales\et\messages.json

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):968
                                                              Entropy (8bit):4.633956349931516
                                                              Encrypted:false
                                                              SSDEEP:24:1HA5WG6t306+9sihHvMfdJLjUk4NJPNczGr:mWGY0cOUdJODPmzs
                                                              MD5:64204786E7A7C1ED9C241F1C59B81007
                                                              SHA1:586528E87CD670249A44FB9C54B1796E40CDB794
                                                              SHA-256:CC31B877238DA6C1D51D9A6155FDE565727A1956572F466C387B7E41C4923A29
                                                              SHA-512:44FCF93F3FB10A3DB68D74F9453995995AB2D16863EC89779DB451A4D90F19743B8F51095EEC3ECEF5BD0C5C60D1BF3DFB0D64DF288DCCFBE70C129AE350B2C6
                                                              Malicious:false
                                                              Preview:{.. "createnew": {.. "message": "LOO UUS".. },.. "explanationofflinedisabled": {.. "message": "Teil ei ole v.rgu.hendust. Teenuse Google.i dokumendid kasutamiseks ilma Interneti-.henduseta avage j.rgmine kord, kui olete Internetiga .hendatud, teenuse Google.i dokumendid avalehel seaded ja l.litage sisse v.rgu.henduseta s.nkroonimine.".. },.. "explanationofflineenabled": {.. "message": "Teil ei ole v.rgu.hendust, kuid saate endiselt saadaolevaid faile muuta v.i uusi luua.".. },.. "extdesc": {.. "message": "Saate luua, muuta ja vaadata oma dokumente, arvustustabeleid ning esitlusi ilma Interneti-.henduseta.".. },.. "extname": {.. "message": "V.rgu.henduseta Google.i dokumendid".. },.. "learnmore": {.. "message": "Lisateave".. },.. "popuphelptext": {.. "message": "Kirjutage, muutke ja tehke koost..d .ksk.ik kus olenemata sellest, kas teil on Interneti-.hendus.".. }..}..

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir6460_1866555910\CRX_INSTALL\_locales\eu\messages.json

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):838
                                                              Entropy (8bit):4.4975520913636595
                                                              Encrypted:false
                                                              SSDEEP:24:YnmjggqTWngosqYQqE1kjO39m7OddC0vjWQMmWgqwgQ8KLcxOb:Ynmsgqyngosq9qxTOs0vjWQMbgqchb
                                                              MD5:29A1DA4ACB4C9D04F080BB101E204E93
                                                              SHA1:2D0E4587DDD4BAC1C90E79A88AF3BD2C140B53B1
                                                              SHA-256:A41670D52423BA69C7A65E7E153E7B9994E8DD0370C584BDA0714BD61C49C578
                                                              SHA-512:B7B7A5A0AA8F6724B0FA15D65F25286D9C66873F03080CBABA037BDEEA6AADC678AC4F083BC52C2DB01BEB1B41A755ED67BBDDB9C0FE4E35A004537A3F7FC458
                                                              Malicious:false
                                                              Preview:{"createnew":{"message":"SORTU"},"explanationofflinedisabled":{"message":"Ez zaude konektatuta Internetera. Google Dokumentuak konexiorik gabe erabiltzeko, joan Google Dokumentuak zerbitzuaren orri nagusiko ezarpenetara eta aktibatu konexiorik gabeko sinkronizazioa Internetera konektatzen zaren hurrengoan."},"explanationofflineenabled":{"message":"Ez zaude konektatuta Internetera, baina erabilgarri dauden fitxategiak edita ditzakezu, baita beste batzuk sortu ere."},"extdesc":{"message":"Editatu, sortu eta ikusi dokumentuak, kalkulu-orriak eta aurkezpenak Interneteko konexiorik gabe."},"extname":{"message":"Google Dokumentuak konexiorik gabe"},"learnmore":{"message":"Lortu informazio gehiago"},"popuphelptext":{"message":"Edonon zaudela ere, ez duzu zertan konektatuta egon idatzi, editatu eta lankidetzan jardun ahal izateko."}}.

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir6460_1866555910\CRX_INSTALL\_locales\fa\messages.json

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):1305
                                                              Entropy (8bit):4.673517697192589
                                                              Encrypted:false
                                                              SSDEEP:24:1HAX9yM7oiI99Rwx4xyQakJbfAEJhmq/RlBu92P7FbNcgYVJ0:JM7ovex4xyQaKjAEyq/p7taX0
                                                              MD5:097F3BA8DE41A0AAF436C783DCFE7EF3
                                                              SHA1:986B8CABD794E08C7AD41F0F35C93E4824AC84DF
                                                              SHA-256:7C4C09D19AC4DA30CC0F7F521825F44C4DFBC19482A127FBFB2B74B3468F48F1
                                                              SHA-512:8114EA7422E3B20AE3F08A3A64A6FFE1517A7579A3243919B8F789EB52C68D6F5A591F7B4D16CEE4BD337FF4DAF4057D81695732E5F7D9E761D04F859359FADB
                                                              Malicious:false
                                                              Preview:{.. "createnew": {.. "message": "..... ... ....".. },.. "explanationofflinedisabled": {.. "message": "...... ...... .... ....... .. ....... Google .... ..... ........ .... ... .. .. ....... ... ..... .. ....... .. .... .... ....... Google ..... . .......... ...... .. .... .....".. },.. "explanationofflineenabled": {.. "message": "...... ..... ... ...... ......... ......... .. .. .. ..... ..... ...... .... .. ........ ..... ..... .....".. },.. "extdesc": {.. "message": "...... ............ . ........ .. ....... ..... . ...... .... . ... ... ..... .... ...... .. ........".. },.. "extname": {.. "message": "....... Google .

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir6460_1866555910\CRX_INSTALL\_locales\fi\messages.json

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):911
                                                              Entropy (8bit):4.6294343834070935
                                                              Encrypted:false
                                                              SSDEEP:12:1HASvguCBxNMME2BESA7gPQk36xCBxeMMcXYBt+CSU1pfazCBhUunV1tLaX5GI2N:1HAVioESAsPf36O3Xst/p3J8JeEY
                                                              MD5:B38CBD6C2C5BFAA6EE252D573A0B12A1
                                                              SHA1:2E490D5A4942D2455C3E751F96BD9960F93C4B60
                                                              SHA-256:2D752A5DBE80E34EA9A18C958B4C754F3BC10D63279484E4DF5880B8FD1894D2
                                                              SHA-512:6E65207F4D8212736059CC802C6A7104E71A9CC0935E07BD13D17EC46EA26D10BC87AD923CD84D78781E4F93231A11CB9ED8D3558877B6B0D52C07CB005F1C0C
                                                              Malicious:false
                                                              Preview:{.. "createnew": {.. "message": "LUO UUSI".. },.. "explanationofflinedisabled": {.. "message": "Olet offline-tilassa. Jos haluat k.ytt.. Google Docsia ilman internetyhteytt., siirry Google Docsin etusivulle ja ota asetuksissa k.ytt..n offline-synkronointi, kun seuraavan kerran olet yhteydess. internetiin.".. },.. "explanationofflineenabled": {.. "message": "Olet offline-tilassa. Voit kuitenkin muokata k.ytett.viss. olevia tiedostoja tai luoda uusia.".. },.. "extdesc": {.. "message": "Muokkaa, luo ja katso dokumentteja, laskentataulukoita ja esityksi. ilman internetyhteytt..".. },.. "extname": {.. "message": "Google Docsin offline-tila".. },.. "learnmore": {.. "message": "Lis.tietoja".. },.. "popuphelptext": {.. "message": "Kirjoita, muokkaa ja tee yhteisty.t. paikasta riippumatta, my.s ilman internetyhteytt..".. }..}..

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir6460_1866555910\CRX_INSTALL\_locales\fil\messages.json

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):939
                                                              Entropy (8bit):4.451724169062555
                                                              Encrypted:false
                                                              SSDEEP:24:1HAXbH2eZXn6sjLITdRSJpGL/gWFJ3sqixO:ubHfZqsHIT/FLL3qO
                                                              MD5:FCEA43D62605860FFF41BE26BAD80169
                                                              SHA1:F25C2CE893D65666CC46EA267E3D1AA080A25F5B
                                                              SHA-256:F51EEB7AAF5F2103C1043D520E5A4DE0FA75E4DC375E23A2C2C4AFD4D9293A72
                                                              SHA-512:F66F113A26E5BCF54B9AAFA69DAE3C02C9C59BD5B9A05F829C92AF208C06DC8CCC7A1875CBB7B7CE425899E4BA27BFE8CE2CDAF43A00A1B9F95149E855989EE0
                                                              Malicious:false
                                                              Preview:{.. "createnew": {.. "message": "GUMAWA NG BAGO".. },.. "explanationofflinedisabled": {.. "message": "Naka-offline ka. Upang magamit ang Google Docs nang walang koneksyon sa internet, pumunta sa mga setting sa homepage ng Google Docs at i-on ang offline na pag-sync sa susunod na nakakonekta ka sa internet.".. },.. "explanationofflineenabled": {.. "message": "Naka-offline ka, ngunit maaari mo pa ring i-edit ang mga available na file o gumawa ng mga bago.".. },.. "extdesc": {.. "message": "I-edit, gawin, at tingnan ang iyong mga dokumento, spreadsheet, at presentation . lahat ng ito nang walang access sa internet.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Matuto Pa".. },.. "popuphelptext": {.. "message": "Magsulat, mag-edit at makipag-collaborate nasaan ka man, nang mayroon o walang koneksyon sa internet.".. }..}..

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir6460_1866555910\CRX_INSTALL\_locales\fr\messages.json

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):977
                                                              Entropy (8bit):4.622066056638277
                                                              Encrypted:false
                                                              SSDEEP:24:1HAdy42ArMdsH50Jd6Z1PCBolXAJ+GgNHp0X16M1J1:EyfArMS2Jd6Z1PCBolX2+vNmX16Y1
                                                              MD5:A58C0EEBD5DC6BB5D91DAF923BD3A2AA
                                                              SHA1:F169870EEED333363950D0BCD5A46D712231E2AE
                                                              SHA-256:0518287950A8B010FFC8D52554EB82E5D93B6C3571823B7CECA898906C11ABCC
                                                              SHA-512:B04AFD61DE490BC838354E8DC6C22BE5C7AC6E55386FFF78489031ACBE2DBF1EAA2652366F7A1E62CE87CFCCB75576DA3B2645FEA1645B0ECEB38B1FA3A409E8
                                                              Malicious:false
                                                              Preview:{.. "createnew": {.. "message": "CR.ER".. },.. "explanationofflinedisabled": {.. "message": "Vous .tes hors connexion. Pour pouvoir utiliser Google.Docs sans connexion Internet, acc.dez aux param.tres de la page d'accueil de Google.Docs et activez la synchronisation hors connexion lors de votre prochaine connexion . Internet.".. },.. "explanationofflineenabled": {.. "message": "Vous .tes hors connexion, mais vous pouvez quand m.me modifier les fichiers disponibles ou cr.er des fichiers.".. },.. "extdesc": {.. "message": "Modifiez, cr.ez et consultez des documents, feuilles de calcul et pr.sentations, sans acc.s . Internet.".. },.. "extname": {.. "message": "Google.Docs hors connexion".. },.. "learnmore": {.. "message": "En savoir plus".. },.. "popuphelptext": {.. "message": "R.digez des documents, modifiez-les et collaborez o. que vous soyez, avec ou sans connexion Internet.".. }..}..

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir6460_1866555910\CRX_INSTALL\_locales\fr_CA\messages.json

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):972
                                                              Entropy (8bit):4.621319511196614
                                                              Encrypted:false
                                                              SSDEEP:24:1HAdyg2pwbv1V8Cd61PC/vT2fg3YHDyM1J1:EyHpwbpd61C/72Y3YOY1
                                                              MD5:6CAC04BDCC09034981B4AB567B00C296
                                                              SHA1:84F4D0E89E30ED7B7ACD7644E4867FFDB346D2A5
                                                              SHA-256:4CAA46656ECC46A420AA98D3307731E84F5AC1A89111D2E808A228C436D83834
                                                              SHA-512:160590B6EC3DCF48F3EA7A5BAA11A8F6FA4131059469623E00AD273606B468B3A6E56D199E97DAA0ECB6C526260EBAE008570223F2822811F441D1C900DC33D6
                                                              Malicious:false
                                                              Preview:{.. "createnew": {.. "message": "CR.ER".. },.. "explanationofflinedisabled": {.. "message": "Vous .tes hors connexion. Pour utiliser Google.Documents sans connexion Internet, acc.dez aux param.tres sur la page d'accueil Google.Documents et activez la synchronisation hors ligne la prochaine fois que vous .tes connect. . Internet.".. },.. "explanationofflineenabled": {.. "message": "Vous .tes hors connexion, mais vous pouvez toujours modifier les fichiers disponibles ou en cr.er.".. },.. "extdesc": {.. "message": "Modifiez, cr.ez et consultez vos documents, vos feuilles de calcul et vos pr.sentations, le tout sans acc.s . Internet.".. },.. "extname": {.. "message": "Google.Documents hors connexion".. },.. "learnmore": {.. "message": "En savoir plus".. },.. "popuphelptext": {.. "message": ".crivez, modifiez et collaborez o. que vous soyez, avec ou sans connexion Internet.".. }..}..

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir6460_1866555910\CRX_INSTALL\_locales\gl\messages.json

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):990
                                                              Entropy (8bit):4.497202347098541
                                                              Encrypted:false
                                                              SSDEEP:12:1HASvggECBxNbWVqMjlMgaPLqXPhTth0CBxebWbMRCSUCjAKFCSIj0tR7tCBhP1l:1HACzWsMlajIhJhHKWbFKFC0tR8oNK5
                                                              MD5:6BAAFEE2F718BEFBC7CD58A04CCC6C92
                                                              SHA1:CE0BDDDA2FA1F0AD222B604C13FF116CBB6D02CF
                                                              SHA-256:0CF098DFE5BBB46FC0132B3CF0C54B06B4D2C8390D847EE2A65D20F9B7480F4C
                                                              SHA-512:3DA23E74CD6CF9C0E2A0C4DBA60301281D362FB0A2A908F39A55ABDCA4CC69AD55638C63CC3BEFD44DC032F9CBB9E2FDC1B4C4ABE292917DF8272BA25B82AF20
                                                              Malicious:false
                                                              Preview:{.. "createnew": {.. "message": "CREAR NOVO".. },.. "explanationofflinedisabled": {.. "message": "Est.s sen conexi.n. Para utilizar Documentos de Google sen conexi.n a Internet, accede .s opci.ns de configuraci.n na p.xina de inicio de Documentos de Google e activa a sincronizaci.n sen conexi.n a pr.xima vez que esteas conectado a Internet.".. },.. "explanationofflineenabled": {.. "message": "Est.s sen conexi.n. A.nda podes editar os ficheiros dispo.ibles ou crear outros novos.".. },.. "extdesc": {.. "message": "Modifica, crea e consulta os teus documentos, follas de c.lculo e presentaci.ns sen necesidade de acceder a Internet.".. },.. "extname": {.. "message": "Documentos de Google sen conexi.n".. },.. "learnmore": {.. "message": "M.is informaci.n".. },.. "popuphelptext": {.. "message": "Escribe, edita e colabora esteas onde esteas, tanto se tes conexi.n a Internet como se non a tes.".. }..}..

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir6460_1866555910\CRX_INSTALL\_locales\gu\messages.json

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):1658
                                                              Entropy (8bit):4.294833932445159
                                                              Encrypted:false
                                                              SSDEEP:24:1HA3k3FzEVeXWuvLujNzAK11RiqRC2sA0O3cEiZ7dPRFFOPtZdK0A41yG3BczKT3:Q4pE4rCjNjw6/0y+5j8ZHA4PBSKr
                                                              MD5:BC7E1D09028B085B74CB4E04D8A90814
                                                              SHA1:E28B2919F000B41B41209E56B7BF3A4448456CFE
                                                              SHA-256:FE8218DF25DB54E633927C4A1640B1A41B8E6CB3360FA386B5382F833B0B237C
                                                              SHA-512:040A8267D67DB05BBAA52F1FAC3460F58D35C5B73AA76BBF17FA78ACC6D3BFB796A870DD44638F9AC3967E35217578A20D6F0B975CEEEEDBADFC9F65BE7E72C9
                                                              Malicious:false
                                                              Preview:{.. "createnew": {.. "message": ".... .....".. },.. "explanationofflinedisabled": {.. "message": "... ...... ... ........ ....... ... Google .......... ..... .... ...., ... .... .... ...... ........ .... ...... ... ...... Google ........ ...... .. ........ .. ... ... ...... ....... .... ....".. },.. "explanationofflineenabled": {.. "message": "... ...... .., ..... ... ... .. ...... ..... ....... ... ... .. .... ... ..... ... ...".. },.. "extdesc": {.. "message": "..... ........., ..

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir6460_1866555910\CRX_INSTALL\_locales\hi\messages.json

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):1672
                                                              Entropy (8bit):4.314484457325167
                                                              Encrypted:false
                                                              SSDEEP:48:46G2+ymELbLNzGVx/hXdDtxSRhqv7Qm6/7Lm:4GbxzGVzXdDtx+qzU/7C
                                                              MD5:98A7FC3E2E05AFFFC1CFE4A029F47476
                                                              SHA1:A17E077D6E6BA1D8A90C1F3FAF25D37B0FF5A6AD
                                                              SHA-256:D2D1AFA224CDA388FF1DC8FAC24CDA228D7CE09DE5D375947D7207FA4A6C4F8D
                                                              SHA-512:457E295C760ABFD29FC6BBBB7FC7D4959287BCA7FB0E3E99EB834087D17EED331DEF18138838D35C48C6DDC8A0134AFFFF1A5A24033F9B5607B355D3D48FDF88
                                                              Malicious:false
                                                              Preview:{.. "createnew": {.. "message": "... .....".. },.. "explanationofflinedisabled": {.. "message": ".. ...... .... ....... ....... .. .... Google ........ .. ..... .... .. ..., .... ... ....... .. ...... .... .. Google ........ .. ........ .. ...... ... .... .. ...... ....... .... .....".. },.. "explanationofflineenabled": {.. "message": ".. ...... ..., ..... .. .. .. ...... ...... ..... .. .... ... .. .. ...... ... .... ....".. },.. "extdesc": {.. "message": ".... .... ....... ...... ..

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir6460_1866555910\CRX_INSTALL\_locales\hr\messages.json

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):935
                                                              Entropy (8bit):4.6369398601609735
                                                              Encrypted:false
                                                              SSDEEP:24:1HA7sR5k/I+UX/hrcySxG1fIZ3tp/S/d6Gpb+D:YsE/I+UX/hVSxQ03f/Sj+D
                                                              MD5:25CDFF9D60C5FC4740A48EF9804BF5C7
                                                              SHA1:4FADECC52FB43AEC084DF9FF86D2D465FBEBCDC0
                                                              SHA-256:73E6E246CEEAB9875625CD4889FBF931F93B7B9DEAA11288AE1A0F8A6E311E76
                                                              SHA-512:EF00B08496427FEB5A6B9FB3FE2E5404525BE7C329D9DD2A417480637FD91885837D134A26980DCF9F61E463E6CB68F09A24402805807E656AF16B116A75E02C
                                                              Malicious:false
                                                              Preview:{.. "createnew": {.. "message": "IZRADI NOVI".. },.. "explanationofflinedisabled": {.. "message": "Vi ste izvan mre.e. Da biste koristili Google dokumente bez internetske veze, idite na postavke na po.etnoj stranici Google dokumenata i uklju.ite izvanmre.nu sinkronizaciju sljede.i put kada se pove.ete s internetom.".. },.. "explanationofflineenabled": {.. "message": "Vi ste izvan mre.e, no i dalje mo.ete ure.ivati dostupne datoteke i izra.ivati nove.".. },.. "extdesc": {.. "message": "Uredite, izradite i pregledajte dokumente, prora.unske tablice i prezentacije . sve bez pristupa internetu.".. },.. "extname": {.. "message": "Google dokumenti izvanmre.no".. },.. "learnmore": {.. "message": "Saznajte vi.e".. },.. "popuphelptext": {.. "message": "Pi.ite, ure.ujte i sura.ujte gdje god se nalazili, povezani s internetom ili izvanmre.no.".. }..}..

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir6460_1866555910\CRX_INSTALL\_locales\hu\messages.json

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):1065
                                                              Entropy (8bit):4.816501737523951
                                                              Encrypted:false
                                                              SSDEEP:24:1HA6J54gEYwFFMxv4gvyB9FzmxlsN147g/zJcYwJgrus4QY2jom:NJ54gEYwUmgKHFzmsG7izJcYOgKgYjm
                                                              MD5:8930A51E3ACE3DD897C9E61A2AEA1D02
                                                              SHA1:4108506500C68C054BA03310C49FA5B8EE246EA4
                                                              SHA-256:958C0F664FCA20855FA84293566B2DDB7F297185619143457D6479E6AC81D240
                                                              SHA-512:126B80CD3428C0BC459EEAAFCBE4B9FDE2541A57F19F3EC7346BAF449F36DC073A9CF015594A57203255941551B25F6FAA6D2C73C57C44725F563883FF902606
                                                              Malicious:false
                                                              Preview:{.. "createnew": {.. "message": ".J L.TREHOZ.SA".. },.. "explanationofflinedisabled": {.. "message": "Jelenleg offline .llapotban van. Ha a Google Dokumentumokat internetkapcsolat n.lk.l szeretn. haszn.lni, a legk.zelebbi internethaszn.lata sor.n nyissa meg a Google Dokumentumok kezd.oldal.n tal.lhat. be.ll.t.sokat, .s tiltsa le az offline szinkroniz.l.s be.ll.t.st.".. },.. "explanationofflineenabled": {.. "message": "Offline .llapotban van, de az el.rhet. f.jlokat .gy is szerkesztheti, valamint l.trehozhat .jakat.".. },.. "extdesc": {.. "message": "Szerkesszen, hozzon l.tre .s tekintsen meg dokumentumokat, t.bl.zatokat .s prezent.ci.kat . ak.r internetkapcsolat n.lk.l is.".. },.. "extname": {.. "message": "Google Dokumentumok Offline".. },.. "learnmore": {.. "message": "Tov.bbi inform.ci.".. },.. "popuphelptext": {.. "message": ".rjon, szerkesszen .s dolgozzon egy.tt m.sokkal

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir6460_1866555910\CRX_INSTALL\_locales\hy\messages.json

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):2771
                                                              Entropy (8bit):3.7629875118570055
                                                              Encrypted:false
                                                              SSDEEP:48:Y0Fx+eiYZBZ7K1ZZ/5QQxTuDLoFZaIZSK7lq0iC0mlMO6M3ih1oAgC:lF2BTz6N/
                                                              MD5:55DE859AD778E0AA9D950EF505B29DA9
                                                              SHA1:4479BE637A50C9EE8A2F7690AD362A6A8FFC59B2
                                                              SHA-256:0B16E3F8BD904A767284345AE86A0A9927C47AFE89E05EA2B13AD80009BDF9E4
                                                              SHA-512:EDAB2FCC14CABB6D116E9C2907B42CFBC34F1D9035F43E454F1F4D1F3774C100CBADF6B4C81B025810ED90FA91C22F1AEFE83056E4543D92527E4FE81C7889A8
                                                              Malicious:false
                                                              Preview:{"createnew":{"message":"\u054d\u054f\u0535\u0542\u053e\u0535\u053c \u0546\u0548\u0550"},"explanationofflinedisabled":{"message":"Google \u0553\u0561\u057d\u057f\u0561\u0569\u0572\u0569\u0565\u0580\u0568 \u0576\u0561\u0587 \u0561\u0576\u0581\u0561\u0576\u0581 \u057c\u0565\u056a\u056b\u0574\u0578\u0582\u0574 \u0585\u0563\u057f\u0561\u0563\u0578\u0580\u056e\u0565\u056c\u0578\u0582 \u0570\u0561\u0574\u0561\u0580 \u0574\u056b\u0561\u0581\u0565\u0584 \u0570\u0561\u0574\u0561\u0581\u0561\u0576\u0581\u056b\u0576, \u0562\u0561\u0581\u0565\u0584 \u056e\u0561\u057c\u0561\u0575\u0578\u0582\u0569\u0575\u0561\u0576 \u0563\u056c\u056d\u0561\u057e\u0578\u0580 \u0567\u057b\u0568, \u0561\u0576\u0581\u0565\u0584 \u056f\u0561\u0580\u0563\u0561\u057e\u0578\u0580\u0578\u0582\u0574\u0576\u0565\u0580 \u0587 \u0574\u056b\u0561\u0581\u0580\u0565\u0584 \u0561\u0576\u0581\u0561\u0576\u0581 \u0570\u0561\u0574\u0561\u056a\u0561\u0574\u0561\u0581\u0578\u0582\u0574\u0568:"},"explanationofflineenabled":{"message":"\u

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir6460_1866555910\CRX_INSTALL\_locales\id\messages.json

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):858
                                                              Entropy (8bit):4.474411340525479
                                                              Encrypted:false
                                                              SSDEEP:12:1HASvgJX4CBxNpXemNOAJRFqjRpCBxedIdjTi92OvbCSUuoi01uRwCBhUuvz1thK:1HARXzhXemNOQWGcEoeH1eXJNvT2
                                                              MD5:34D6EE258AF9429465AE6A078C2FB1F5
                                                              SHA1:612CAE151984449A4346A66C0A0DF4235D64D932
                                                              SHA-256:E3C86DDD2EFEBE88EED8484765A9868202546149753E03A61EB7C28FD62CFCA1
                                                              SHA-512:20427807B64A0F79A6349F8A923152D9647DA95C05DE19AD3A4BF7DB817E25227F3B99307C8745DD323A6591B515221BD2F1E92B6F1A1783BDFA7142E84601B1
                                                              Malicious:false
                                                              Preview:{.. "createnew": {.. "message": "BUAT BARU".. },.. "explanationofflinedisabled": {.. "message": "Anda sedang offline. Untuk menggunakan Google Dokumen tanpa koneksi internet, buka setelan di beranda Google Dokumen dan aktifkan sinkronisasi offline saat terhubung ke internet.".. },.. "explanationofflineenabled": {.. "message": "Anda sedang offline, namun Anda masih dapat mengedit file yang tersedia atau membuat file baru.".. },.. "extdesc": {.. "message": "Edit, buat, dan lihat dokumen, spreadsheet, dan presentasi . tanpa perlu akses internet.".. },.. "extname": {.. "message": "Google Dokumen Offline".. },.. "learnmore": {.. "message": "Pelajari Lebih Lanjut".. },.. "popuphelptext": {.. "message": "Tulis, edit, dan gabungkan di mana saja, dengan atau tanpa koneksi internet.".. }..}..

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir6460_1866555910\CRX_INSTALL\_locales\is\messages.json

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):954
                                                              Entropy (8bit):4.631887382471946
                                                              Encrypted:false
                                                              SSDEEP:12:YGXU2rOcxGe+J97f9TP2DBX9tMfxqbTMvOfWWgdraqlifVpm0Ekf95MwP9KkJ+je:YwBrD2J2DBLMfFuWvdpY94vioO+uh
                                                              MD5:1F565FB1C549B18AF8BBFED8DECD5D94
                                                              SHA1:B57F4BDAE06FF3DFC1EB3E56B6F2F204D6F63638
                                                              SHA-256:E16325D1A641EF7421F2BAFCD6433D53543C89D498DD96419B03CBA60B9C7D60
                                                              SHA-512:A60B8E042A9BCDCC136B87948E9924A0B24D67C6CA9803904B876F162A0AD82B9619F1316BE9FF107DD143B44F7E6F5DF604ABFE00818DEB40A7D62917CDA69F
                                                              Malicious:false
                                                              Preview:{"createnew":{"message":"B\u00daA TIL N\u00ddTT"},"explanationofflinedisabled":{"message":"\u00de\u00fa ert \u00e1n nettengingar. Til a\u00f0 nota Google skj\u00f6l \u00e1n nettengingar skaltu opna stillingarnar \u00e1 heimas\u00ed\u00f0u Google skjala og virkja samstillingu \u00e1n nettengingar n\u00e6st \u00feegar \u00fe\u00fa tengist netinu."},"explanationofflineenabled":{"message":"Engin nettenging. \u00de\u00fa getur samt sem \u00e1\u00f0ur breytt tilt\u00e6kum skr\u00e1m e\u00f0a b\u00fai\u00f0 til n\u00fdjar."},"extdesc":{"message":"Breyttu, b\u00fa\u00f0u til og sko\u00f0a\u00f0u skj\u00f6lin \u00fe\u00edn, t\u00f6flureikna og kynningar \u2014 allt \u00e1n nettengingar."},"extname":{"message":"Google skj\u00f6l \u00e1n nettengingar"},"learnmore":{"message":"Frekari uppl\u00fdsingar"},"popuphelptext":{"message":"Skrifa\u00f0u, breyttu og starfa\u00f0u me\u00f0 \u00f6\u00f0rum hvort sem nettenging er til sta\u00f0ar e\u00f0a ekki."}}.

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir6460_1866555910\CRX_INSTALL\_locales\it\messages.json

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):899
                                                              Entropy (8bit):4.474743599345443
                                                              Encrypted:false
                                                              SSDEEP:12:1HASvggrCBxNp8WJOJJrJ3WytVCBxep3bjP5CSUCjV8AgJJm2CBhr+z1tWgjqEOW:1HANXJOTBFtKa8Agju4NB3j
                                                              MD5:0D82B734EF045D5FE7AA680B6A12E711
                                                              SHA1:BD04F181E4EE09F02CD53161DCABCEF902423092
                                                              SHA-256:F41862665B13C0B4C4F562EF1743684CCE29D4BCF7FE3EA494208DF253E33885
                                                              SHA-512:01F305A280112482884485085494E871C66D40C0B03DE710B4E5F49C6A478D541C2C1FDA2CEAF4307900485946DEE9D905851E98A2EB237642C80D464D1B3ADA
                                                              Malicious:false
                                                              Preview:{.. "createnew": {.. "message": "CREA NUOVO".. },.. "explanationofflinedisabled": {.. "message": "Sei offline. Per utilizzare Documenti Google senza una connessione Internet, apri le impostazioni nella home page di Documenti Google e attiva la sincronizzazione offline la prossima volta che ti colleghi a Internet.".. },.. "explanationofflineenabled": {.. "message": "Sei offline, ma puoi comunque modificare i file disponibili o crearne di nuovi.".. },.. "extdesc": {.. "message": "Modifica, crea e visualizza documenti, fogli di lavoro e presentazioni, senza accesso a Internet.".. },.. "extname": {.. "message": "Documenti Google offline".. },.. "learnmore": {.. "message": "Ulteriori informazioni".. },.. "popuphelptext": {.. "message": "Scrivi, modifica e collabora ovunque ti trovi, con o senza una connessione Internet.".. }..}..

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir6460_1866555910\CRX_INSTALL\_locales\iw\messages.json

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):2230
                                                              Entropy (8bit):3.8239097369647634
                                                              Encrypted:false
                                                              SSDEEP:24:YIiTVLrLD1MEzMEH82LBLjO5YaQEqLytLLBm3dnA5LcqLWAU75yxFLcx+UxWRJLI:YfTFf589rZNgNA12Qzt4/zRz2vc
                                                              MD5:26B1533C0852EE4661EC1A27BD87D6BF
                                                              SHA1:18234E3ABAF702DF9330552780C2F33B83A1188A
                                                              SHA-256:BBB81C32F482BA3216C9B1189C70CEF39CA8C2181AF3538FFA07B4C6AD52F06A
                                                              SHA-512:450BFAF0E8159A4FAE309737EA69CA8DD91CAAFD27EF662087C4E7716B2DCAD3172555898E75814D6F11487F4F254DE8625EF0CFEA8DF0133FC49E18EC7FD5D2
                                                              Malicious:false
                                                              Preview:{"createnew":{"message":"\u05d9\u05e6\u05d9\u05e8\u05ea \u05d7\u05d3\u05e9"},"explanationofflinedisabled":{"message":"\u05d0\u05d9\u05df \u05dc\u05da \u05d7\u05d9\u05d1\u05d5\u05e8 \u05dc\u05d0\u05d9\u05e0\u05d8\u05e8\u05e0\u05d8. \u05db\u05d3\u05d9 \u05dc\u05d4\u05e9\u05ea\u05de\u05e9 \u05d1-Google Docs \u05dc\u05dc\u05d0 \u05d7\u05d9\u05d1\u05d5\u05e8 \u05dc\u05d0\u05d9\u05e0\u05d8\u05e8\u05e0\u05d8, \u05d1\u05d4\u05ea\u05d7\u05d1\u05e8\u05d5\u05ea \u05d4\u05d1\u05d0\u05d4 \u05dc\u05d0\u05d9\u05e0\u05d8\u05e8\u05e0\u05d8, \u05d9\u05e9 \u05dc\u05e2\u05d1\u05d5\u05e8 \u05dc\u05e7\u05d8\u05e2 \u05d4\u05d4\u05d2\u05d3\u05e8\u05d5\u05ea \u05d1\u05d3\u05e3 \u05d4\u05d1\u05d9\u05ea \u05e9\u05dc Google Docs \u05d5\u05dc\u05d4\u05e4\u05e2\u05d9\u05dc \u05e1\u05e0\u05db\u05e8\u05d5\u05df \u05d1\u05de\u05e6\u05d1 \u05d0\u05d5\u05e4\u05dc\u05d9\u05d9\u05df."},"explanationofflineenabled":{"message":"\u05d0\u05d9\u05df \u05dc\u05da \u05d7\u05d9\u05d1\u05d5\u05e8 \u05dc\u05d0\u05d9\u05e0\u05d8\u05e

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir6460_1866555910\CRX_INSTALL\_locales\ja\messages.json

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):1160
                                                              Entropy (8bit):5.292894989863142
                                                              Encrypted:false
                                                              SSDEEP:24:1HAoc3IiRF1viQ1RF3CMP3rnicCCAFrr1Oo0Y5ReXCCQkb:Dc3zF7F3CMTnOCAFVLHXCFb
                                                              MD5:15EC1963FC113D4AD6E7E59AE5DE7C0A
                                                              SHA1:4017FC6D8B302335469091B91D063B07C9E12109
                                                              SHA-256:34AC08F3C4F2D42962A3395508818B48CA323D22F498738CC9F09E78CB197D73
                                                              SHA-512:427251F471FA3B759CA1555E9600C10F755BC023701D058FF661BEC605B6AB94CFB3456C1FEA68D12B4D815FFBAFABCEB6C12311DD1199FC783ED6863AF97C0F
                                                              Malicious:false
                                                              Preview:{.. "createnew": {.. "message": "....".. },.. "explanationofflinedisabled": {.. "message": "....................... Google ............................... Google .............. [..] .......[.......] ...........".. },.. "explanationofflineenabled": {.. "message": ".............................................".. },.. "extdesc": {.. "message": ".........................................................".. },.. "extname": {.. "message": "Google ..... ......".. },.. "learnmore": {.. "message": "..".. },.. "popuphelp

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir6460_1866555910\CRX_INSTALL\_locales\ka\messages.json

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):3264
                                                              Entropy (8bit):3.586016059431306
                                                              Encrypted:false
                                                              SSDEEP:48:YGFbhVhVn0nM/XGbQTvxnItVJW/476CFdqaxWNlR:HFbhV/n0MfGbw875FkaANlR
                                                              MD5:83F81D30913DC4344573D7A58BD20D85
                                                              SHA1:5AD0E91EA18045232A8F9DF1627007FE506A70E0
                                                              SHA-256:30898BBF51BDD58DB397FF780F061E33431A38EF5CFC288B5177ECF76B399F26
                                                              SHA-512:85F97F12AD4482B5D9A6166BB2AE3C4458A582CF575190C71C1D8E0FB87C58482F8C0EFEAD56E3A70EDD42BED945816DB5E07732AD27B8FFC93F4093710DD58F
                                                              Malicious:false
                                                              Preview:{"createnew":{"message":"\u10d0\u10ee\u10da\u10d8\u10e1 \u10e8\u10d4\u10e5\u10db\u10dc\u10d0"},"explanationofflinedisabled":{"message":"\u10d7\u10e5\u10d5\u10d4\u10dc \u10ee\u10d0\u10d6\u10d2\u10d0\u10e0\u10d4\u10e8\u10d4 \u10ee\u10d0\u10e0\u10d7. Google Docs-\u10d8\u10e1 \u10d8\u10dc\u10e2\u10d4\u10e0\u10dc\u10d4\u10e2\u10d7\u10d0\u10dc \u10d9\u10d0\u10d5\u10e8\u10d8\u10e0\u10d8\u10e1 \u10d2\u10d0\u10e0\u10d4\u10e8\u10d4 \u10d2\u10d0\u10db\u10dd\u10e1\u10d0\u10e7\u10d4\u10dc\u10d4\u10d1\u10da\u10d0\u10d3 \u10d2\u10d0\u10d3\u10d0\u10d3\u10d8\u10d7 \u10de\u10d0\u10e0\u10d0\u10db\u10d4\u10e2\u10e0\u10d4\u10d1\u10d6\u10d4 Google Docs-\u10d8\u10e1 \u10db\u10d7\u10d0\u10d5\u10d0\u10e0 \u10d2\u10d5\u10d4\u10e0\u10d3\u10d6\u10d4 \u10d3\u10d0 \u10e9\u10d0\u10e0\u10d7\u10d4\u10d7 \u10ee\u10d0\u10d6\u10d2\u10d0\u10e0\u10d4\u10e8\u10d4 \u10e1\u10d8\u10dc\u10e5\u10e0\u10dd\u10dc\u10d8\u10d6\u10d0\u10ea\u10d8\u10d0, \u10e0\u10dd\u10d3\u10d4\u10e1\u10d0\u10ea \u10e8\u10d4\u10db\u10d3\u10d2\u10dd\u10

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir6460_1866555910\CRX_INSTALL\_locales\kk\messages.json

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):3235
                                                              Entropy (8bit):3.6081439490236464
                                                              Encrypted:false
                                                              SSDEEP:96:H3E+6rOEAbeHTln2EQ77Uayg45RjhCSj+OyRdM7AE9qdV:HXcR/nQXUayYV
                                                              MD5:2D94A58795F7B1E6E43C9656A147AD3C
                                                              SHA1:E377DB505C6924B6BFC9D73DC7C02610062F674E
                                                              SHA-256:548DC6C96E31A16CE355DC55C64833B08EF3FBA8BF33149031B4A685959E3AF4
                                                              SHA-512:F51CC857E4CF2D4545C76A2DCE7D837381CE59016E250319BF8D39718BE79F9F6EE74EA5A56DE0E8759E4E586D93430D51651FC902376D8A5698628E54A0F2D8
                                                              Malicious:false
                                                              Preview:{"createnew":{"message":"\u0416\u0410\u04a2\u0410\u0421\u042b\u041d \u0416\u0410\u0421\u0410\u0423"},"explanationofflinedisabled":{"message":"\u0421\u0456\u0437 \u043e\u0444\u043b\u0430\u0439\u043d \u0440\u0435\u0436\u0438\u043c\u0456\u043d\u0434\u0435\u0441\u0456\u0437. Google Docs \u049b\u043e\u043b\u0434\u0430\u043d\u0431\u0430\u0441\u044b\u043d \u0436\u0435\u043b\u0456 \u0431\u0430\u0439\u043b\u0430\u043d\u044b\u0441\u044b\u043d\u0441\u044b\u0437 \u049b\u043e\u043b\u0434\u0430\u043d\u0443 \u04af\u0448\u0456\u043d, \u043a\u0435\u043b\u0435\u0441\u0456 \u0436\u043e\u043b\u044b \u0436\u0435\u043b\u0456\u0433\u0435 \u049b\u043e\u0441\u044b\u043b\u0493\u0430\u043d\u0434\u0430, Google Docs \u043d\u0435\u0433\u0456\u0437\u0433\u0456 \u0431\u0435\u0442\u0456\u043d\u0435\u043d \u043f\u0430\u0440\u0430\u043c\u0435\u0442\u0440\u043b\u0435\u0440 \u0431\u04e9\u043b\u0456\u043c\u0456\u043d \u043a\u0456\u0440\u0456\u043f, \u043e\u0444\u043b\u0430\u0439\u043d \u0440\u0435\u0436\u0438\u043c\u0456\u

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir6460_1866555910\CRX_INSTALL\_locales\km\messages.json

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):3122
                                                              Entropy (8bit):3.891443295908904
                                                              Encrypted:false
                                                              SSDEEP:96:/OOrssRU6Bg7VSdL+zsCfoZiWssriWqo2gx7RRCos2sEeBkS7Zesg:H5GRZlXsGdo
                                                              MD5:B3699C20A94776A5C2F90AEF6EB0DAD9
                                                              SHA1:1F9B968B0679A20FA097624C9ABFA2B96C8C0BEA
                                                              SHA-256:A6118F0A0DE329E07C01F53CD6FB4FED43E54C5F53DB4CD1C7F5B2B4D9FB10E6
                                                              SHA-512:1E8D15B8BFF1D289434A244172F9ED42B4BB6BCB6372C1F300B01ACEA5A88167E97FEDABA0A7AE3BEB5E24763D1B09046AE8E30745B80E2E2FE785C94DF362F6
                                                              Malicious:false
                                                              Preview:{"createnew":{"message":"\u1794\u1784\u17d2\u1780\u17be\u178f\u200b\u1790\u17d2\u1798\u17b8"},"explanationofflinedisabled":{"message":"\u17a2\u17d2\u1793\u1780\u200b\u1782\u17d2\u1798\u17b6\u1793\u200b\u17a2\u17ca\u17b8\u1793\u1792\u17ba\u178e\u17b7\u178f\u17d4 \u178a\u17be\u1798\u17d2\u1794\u17b8\u200b\u1794\u17d2\u179a\u17be Google \u17af\u1780\u179f\u17b6\u179a\u200b\u1794\u17b6\u1793\u200b\u200b\u178a\u17c4\u1799\u200b\u200b\u1798\u17b7\u1793\u1798\u17b6\u1793\u200b\u200b\u200b\u17a2\u17ca\u17b8\u1793\u1792\u17ba\u178e\u17b7\u178f \u179f\u17bc\u1798\u200b\u200b\u1791\u17c5\u200b\u1780\u17b6\u1793\u17cb\u200b\u1780\u17b6\u179a\u200b\u1780\u17c6\u178e\u178f\u17cb\u200b\u1793\u17c5\u200b\u179b\u17be\u200b\u1782\u17c1\u17a0\u1791\u17c6\u1796\u17d0\u179a Google \u17af\u1780\u179f\u17b6\u179a \u1793\u17b7\u1784\u200b\u1794\u17be\u1780\u200b\u1780\u17b6\u179a\u1792\u17d2\u179c\u17be\u200b\u179f\u1798\u1780\u17b6\u179b\u1780\u1798\u17d2\u1798\u200b\u200b\u200b\u1782\u17d2\u1798\u17b6\u1793

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir6460_1866555910\CRX_INSTALL\_locales\kn\messages.json

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):1880
                                                              Entropy (8bit):4.295185867329351
                                                              Encrypted:false
                                                              SSDEEP:48:SHYGuEETiuF6OX5tCYFZt5GurMRRevsY4tVZIGnZRxlKT6/UGG:yYG8iuF6yTCYFH5GjLPtVZVZRxOZZ
                                                              MD5:8E16966E815C3C274EEB8492B1EA6648
                                                              SHA1:7482ED9F1C9FD9F6F9BA91AB15921B19F64C9687
                                                              SHA-256:418FF53FCA505D54268413C796E4DF80E947A09F399AB222A90B81E93113D5B5
                                                              SHA-512:85B28202E874B1CF45B37BA05B87B3D8D6FE38E89C6011C4240CF6B563EA6DA60181D712CCE20D07C364F4A266A4EC90C4934CC8B7BB2013CB3B22D755796E38
                                                              Malicious:false
                                                              Preview:{.. "createnew": {.. "message": "........ .....".. },.. "explanationofflinedisabled": {.. "message": ".... ..................... ......... ............. Google ...... ....., Google ...... ............ ............... .... ..... ...... .... .... ............ ............. ........ ..... ... .....".. },.. "explanationofflineenabled": {.. "message": ".... ...................., .... .... .... ......... ........... ............ .... ........ .........."..

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir6460_1866555910\CRX_INSTALL\_locales\ko\messages.json

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):1042
                                                              Entropy (8bit):5.3945675025513955
                                                              Encrypted:false
                                                              SSDEEP:24:1HAWYsF4dqNfBQH49Hk8YfIhYzTJ+6WJBtl/u4s+6:ZF4wNfvm87mX4LF6
                                                              MD5:F3E59EEEB007144EA26306C20E04C292
                                                              SHA1:83E7BDFA1F18F4C7534208493C3FF6B1F2F57D90
                                                              SHA-256:C52D9B955D229373725A6E713334BBB31EA72EFA9B5CF4FBD76A566417B12CAC
                                                              SHA-512:7808CB5FF041B002CBD78171EC5A0B4DBA3E017E21F7E8039084C2790F395B839BEE04AD6C942EED47CCB53E90F6DE818A725D1450BF81BA2990154AFD3763AF
                                                              Malicious:false
                                                              Preview:{.. "createnew": {.. "message": ".. ...".. },.. "explanationofflinedisabled": {.. "message": ".... ...... ... .. .. Google Docs. ..... Google Docs .... .... .... .... .... ..... . .... .... ..... ......".. },.. "explanationofflineenabled": {.. "message": ".... ...... ... .. ... ... ..... ... ... .. . .....".. },.. "extdesc": {.. "message": ".... .... ... .., ...... . ....... .., .., ......".. },.. "extname": {.. "message": "Google Docs ....".. },.. "learnmore": {.. "message": "... ....".. },.. "popuphelptext": {.. "message": "... .. ... .... ..... .... .... .....

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir6460_1866555910\CRX_INSTALL\_locales\lo\messages.json

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):2535
                                                              Entropy (8bit):3.8479764584971368
                                                              Encrypted:false
                                                              SSDEEP:48:YRcHe/4raK1EIlZt1wg62FIOg+xGaF8guI5EP9I2yC:+cs4raK1xlZtOgviOfGaF8RI5EP95b
                                                              MD5:E20D6C27840B406555E2F5091B118FC5
                                                              SHA1:0DCECC1A58CEB4936E255A64A2830956BFA6EC14
                                                              SHA-256:89082FB05229826BC222F5D22C158235F025F0E6DF67FF135A18BD899E13BB8F
                                                              SHA-512:AD53FC0B153005F47F9F4344DF6C4804049FAC94932D895FD02EEBE75222CFE77EEDD9CD3FDC4C88376D18C5972055B00190507AA896488499D64E884F84F093
                                                              Malicious:false
                                                              Preview:{"createnew":{"message":"\u0eaa\u0ec9\u0eb2\u0e87\u0ec3\u0edd\u0ec8"},"explanationofflinedisabled":{"message":"\u0e97\u0ec8\u0eb2\u0e99\u0ead\u0ead\u0e9a\u0ea5\u0eb2\u0e8d\u0ea2\u0eb9\u0ec8. \u0ec0\u0e9e\u0eb7\u0ec8\u0ead\u0ec3\u0e8a\u0ec9 Google Docs \u0ec2\u0e94\u0e8d\u0e9a\u0ecd\u0ec8\u0ec0\u0e8a\u0eb7\u0ec8\u0ead\u0ea1\u0e95\u0ecd\u0ec8\u0ead\u0eb4\u0e99\u0ec0\u0e95\u0eb5\u0ec0\u0e99\u0eb1\u0e94, \u0ec3\u0eab\u0ec9\u0ec4\u0e9b\u0e97\u0eb5\u0ec8\u0e81\u0eb2\u0e99\u0e95\u0eb1\u0ec9\u0e87\u0e84\u0ec8\u0eb2\u0ec3\u0e99\u0edc\u0ec9\u0eb2 Google Docs \u0ec1\u0ea5\u0ec9\u0ea7\u0ec0\u0e9b\u0eb5\u0e94\u0ec3\u0e8a\u0ec9\u0e81\u0eb2\u0e99\u0e8a\u0eb4\u0ec9\u0e87\u0ec1\u0e9a\u0e9a\u0ead\u0ead\u0e9a\u0ea5\u0eb2\u0e8d\u0ec3\u0e99\u0ec0\u0e97\u0eb7\u0ec8\u0ead\u0e95\u0ecd\u0ec8\u0ec4\u0e9b\u0e97\u0eb5\u0ec8\u0e97\u0ec8\u0eb2\u0e99\u0ec0\u0e8a\u0eb7\u0ec8\u0ead\u0ea1\u0e95\u0ecd\u0ec8\u0ead\u0eb4\u0e99\u0ec0\u0e95\u0eb5\u0ec0\u0e99\u0eb1\u0e94."},"explanationofflineenabled":{"message":"\u0e97\u0ec

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir6460_1866555910\CRX_INSTALL\_locales\lt\messages.json

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):1028
                                                              Entropy (8bit):4.797571191712988
                                                              Encrypted:false
                                                              SSDEEP:24:1HAivZZaJ3Rje394+k7IKgpAJjUpSkiQjuRBMd:fZZahBeu7IKgqeMg
                                                              MD5:970544AB4622701FFDF66DC556847652
                                                              SHA1:14BEE2B77EE74C5E38EBD1DB09E8D8104CF75317
                                                              SHA-256:5DFCBD4DFEAEC3ABE973A78277D3BD02CD77AE635D5C8CD1F816446C61808F59
                                                              SHA-512:CC12D00C10B970189E90D47390EEB142359A8D6F3A9174C2EF3AE0118F09C88AB9B689D9773028834839A7DFAF3AAC6747BC1DCB23794A9F067281E20B8DC6EA
                                                              Malicious:false
                                                              Preview:{.. "createnew": {.. "message": "SUKURTI NAUJ.".. },.. "explanationofflinedisabled": {.. "message": "Esate neprisijung.. Jei norite naudoti .Google. dokumentus be interneto ry.io, pagrindiniame .Google. dokument. puslapyje eikite . nustatym. skilt. ir .junkite sinchronizavim. neprisijungus, kai kit. kart. b.site prisijung. prie interneto.".. },.. "explanationofflineenabled": {.. "message": "Esate neprisijung., bet vis tiek galite redaguoti pasiekiamus failus arba sukurti nauj..".. },.. "extdesc": {.. "message": "Redaguokite, kurkite ir per.i.r.kite savo dokumentus, skai.iuokles ir pristatymus . visk. darykite be prieigos prie interneto.".. },.. "extname": {.. "message": ".Google. dokumentai neprisijungus".. },.. "learnmore": {.. "message": "Su.inoti daugiau".. },.. "popuphelptext": {.. "message": "Ra.ykite, redaguokite ir bendradarbiaukite bet kurioje vietoje naudodami interneto ry.. arba

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir6460_1866555910\CRX_INSTALL\_locales\lv\messages.json

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):994
                                                              Entropy (8bit):4.700308832360794
                                                              Encrypted:false
                                                              SSDEEP:24:1HAaJ7a/uNpoB/Y4vPnswSPkDzLKFQHpp//BpPDB:7J7a/uzQ/Y4vvswhDzDr/LDB
                                                              MD5:A568A58817375590007D1B8ABCAEBF82
                                                              SHA1:B0F51FE6927BB4975FC6EDA7D8A631BF0C1AB597
                                                              SHA-256:0621DE9161748F45D53052ED8A430962139D7F19074C7FFE7223ECB06B0B87DB
                                                              SHA-512:FCFBADEC9F73975301AB404DB6B09D31457FAC7CCAD2FA5BE348E1CAD6800F87CB5B56DE50880C55BBADB3C40423351A6B5C2D03F6A327D898E35F517B1C628C
                                                              Malicious:false
                                                              Preview:{.. "createnew": {.. "message": "IZVEIDOT JAUNU".. },.. "explanationofflinedisabled": {.. "message": "J.s esat bezsaist.. Lai lietotu pakalpojumu Google dokumenti bez interneta savienojuma, n.kamaj. reiz., kad ir izveidots savienojums ar internetu, atveriet Google dokumentu s.kumlapas iestat.jumu izv.lni un iesl.dziet sinhroniz.ciju bezsaist..".. },.. "explanationofflineenabled": {.. "message": "J.s esat bezsaist., ta.u varat redi..t pieejamos failus un izveidot jaunus.".. },.. "extdesc": {.. "message": "Redi..jiet, veidojiet un skatiet savus dokumentus, izkl.jlapas un prezent.cijas, neizmantojot savienojumu ar internetu.".. },.. "extname": {.. "message": "Google dokumenti bezsaist.".. },.. "learnmore": {.. "message": "Uzziniet vair.k".. },.. "popuphelptext": {.. "message": "Rakstiet, redi..jiet un sadarbojieties ar interneta savienojumu vai bez t. neatkar.gi no t., kur atrodaties.".. }..}..

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir6460_1866555910\CRX_INSTALL\_locales\ml\messages.json

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):2091
                                                              Entropy (8bit):4.358252286391144
                                                              Encrypted:false
                                                              SSDEEP:24:1HAnHdGc4LtGxVY6IuVzJkeNL5kP13a67wNcYP8j5PIaSTIjPU4ELFPCWJjMupV/:idGcyYPVtkAUl7wqziBsg9DbpN6XoN/
                                                              MD5:4717EFE4651F94EFF6ACB6653E868D1A
                                                              SHA1:B8A7703152767FBE1819808876D09D9CC1C44450
                                                              SHA-256:22CA9415E294D9C3EC3384B9D08CDAF5164AF73B4E4C251559E09E529C843EA6
                                                              SHA-512:487EAB4938F6BC47B1D77DD47A5E2A389B94E01D29849E38E96C95CABC7BD98679451F0E22D3FEA25C045558CD69FDDB6C4FEF7C581141F1C53C4AA17578D7F7
                                                              Malicious:false
                                                              Preview:{.. "createnew": {.. "message": "....... ............".. },.. "explanationofflinedisabled": {.. "message": "...... ........... ........... ............. ..... Google ....... ..........., Google ....... .......... ............. .... ...... ...... ... ............... .................... '.......... ................' .........".. },.. "explanationofflineenabled": {.. "message": "................., .......... ......... ....... ...... ..............

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir6460_1866555910\CRX_INSTALL\_locales\mn\messages.json

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):2778
                                                              Entropy (8bit):3.595196082412897
                                                              Encrypted:false
                                                              SSDEEP:48:Y943BFU1LQ4HwQLQ4LQhlmVQL3QUm6H6ZgFIcwn6Rs2ShpQ3IwjGLQSJ/PYoEQj8:I43BCymz8XNcfuQDXYN2sum
                                                              MD5:83E7A14B7FC60D4C66BF313C8A2BEF0B
                                                              SHA1:1CCF1D79CDED5D65439266DB58480089CC110B18
                                                              SHA-256:613D8751F6CC9D3FA319F4B7EA8B2BD3BED37FD077482CA825929DD7C12A69A8
                                                              SHA-512:3742E24FFC4B5283E6EE496813C1BDC6835630D006E8647D427C3DE8B8E7BF814201ADF9A27BFAB3ABD130B6FEC64EBB102AC0EB8DEDFE7B63D82D3E1233305D
                                                              Malicious:false
                                                              Preview:{"createnew":{"message":"\u0428\u0418\u041d\u0418\u0419\u0413 \u04ae\u04ae\u0421\u0413\u042d\u0425"},"explanationofflinedisabled":{"message":"\u0422\u0430 \u043e\u0444\u043b\u0430\u0439\u043d \u0431\u0430\u0439\u043d\u0430. Google \u0414\u043e\u043a\u044b\u0433 \u0438\u043d\u0442\u0435\u0440\u043d\u044d\u0442\u0433\u04af\u0439\u0433\u044d\u044d\u0440 \u0430\u0448\u0438\u0433\u043b\u0430\u0445\u044b\u043d \u0442\u0443\u043b\u0434 \u0434\u0430\u0440\u0430\u0430\u0433\u0438\u0439\u043d \u0443\u0434\u0430\u0430 \u0438\u043d\u0442\u0435\u0440\u043d\u044d\u0442\u044d\u0434 \u0445\u043e\u043b\u0431\u043e\u0433\u0434\u043e\u0445\u0434\u043e\u043e Google \u0414\u043e\u043a\u044b\u043d \u043d\u04af\u04af\u0440 \u0445\u0443\u0443\u0434\u0430\u0441\u043d\u0430\u0430\u0441 \u0442\u043e\u0445\u0438\u0440\u0433\u043e\u043e \u0434\u043e\u0442\u043e\u0440\u0445 \u043e\u0444\u043b\u0430\u0439\u043d \u0441\u0438\u043d\u043a\u0438\u0439\u0433 \u0438\u0434\u044d\u0432\u0445\u0436\u04af\u04af\u043b\u043d\u0

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir6460_1866555910\CRX_INSTALL\_locales\mr\messages.json

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):1719
                                                              Entropy (8bit):4.287702203591075
                                                              Encrypted:false
                                                              SSDEEP:48:65/5EKaDMw6pEf4I5+jSksOTJqQyrFO8C:65/5EKaAw6pEf4I5+vsOVqQyFO8C
                                                              MD5:3B98C4ED8874A160C3789FEAD5553CFA
                                                              SHA1:5550D0EC548335293D962AAA96B6443DD8ABB9F6
                                                              SHA-256:ADEB082A9C754DFD5A9D47340A3DDCC19BF9C7EFA6E629A2F1796305F1C9A66F
                                                              SHA-512:5139B6C6DF9459C7B5CDC08A98348891499408CD75B46519BA3AC29E99AAAFCC5911A1DEE6C3A57E3413DBD0FAE72D7CBC676027248DCE6364377982B5CE4151
                                                              Malicious:false
                                                              Preview:{.. "createnew": {.. "message": ".... .... ...".. },.. "explanationofflinedisabled": {.. "message": "...... ...... ..... ......... ....... ....... ..... Google ....... ............, Google ....... .............. .......... .. ... ..... .... ...... ......... ...... ...... ...... .... .... ....".. },.. "explanationofflineenabled": {.. "message": "...... ...... ...., ..... ...... ...... ...... .... ....... ... ..... .... .... ... .....".. },.. "extdesc": {.. "message": "..... ..

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir6460_1866555910\CRX_INSTALL\_locales\ms\messages.json

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):936
                                                              Entropy (8bit):4.457879437756106
                                                              Encrypted:false
                                                              SSDEEP:24:1HARXIqhmemNKsE27rhdfNLChtyo2JJ/YgTgin:iIqFC7lrDfNLCIBRzn
                                                              MD5:7D273824B1E22426C033FF5D8D7162B7
                                                              SHA1:EADBE9DBE5519BD60458B3551BDFC36A10049DD1
                                                              SHA-256:2824CF97513DC3ECC261F378BFD595AE95A5997E9D1C63F5731A58B1F8CD54F9
                                                              SHA-512:E5B611BBFAB24C9924D1D5E1774925433C65C322769E1F3B116254B1E9C69B6DF1BE7828141EEBBF7524DD179875D40C1D8F29C4FB86D663B8A365C6C60421A7
                                                              Malicious:false
                                                              Preview:{.. "createnew": {.. "message": "BUAT BAHARU".. },.. "explanationofflinedisabled": {.. "message": "Anda berada di luar talian. Untuk menggunakan Google Docs tanpa sambungan Internet, pergi ke tetapan di halaman utama Google Docs dan hidupkan penyegerakan luar talian apabila anda disambungkan ke Internet selepas ini.".. },.. "explanationofflineenabled": {.. "message": "Anda berada di luar talian, tetapi anda masih boleh mengedit fail yang tersedia atau buat fail baharu.".. },.. "extdesc": {.. "message": "Edit, buat dan lihat dokumen, hamparan dan pembentangan anda . kesemuanya tanpa akses Internet.".. },.. "extname": {.. "message": "Google Docs Luar Talian".. },.. "learnmore": {.. "message": "Ketahui Lebih Lanjut".. },.. "popuphelptext": {.. "message": "Tulis, edit dan bekerjasama di mana-mana sahaja anda berada, dengan atau tanpa sambungan Internet.".. }..}..

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir6460_1866555910\CRX_INSTALL\_locales\my\messages.json

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):3830
                                                              Entropy (8bit):3.5483353063347587
                                                              Encrypted:false
                                                              SSDEEP:48:Ya+Ivxy6ur1+j3P7Xgr5ELkpeCgygyOxONHO3pj6H57ODyOXOVp6:8Uspsj3P3ty2a66xl09
                                                              MD5:342335A22F1886B8BC92008597326B24
                                                              SHA1:2CB04F892E430DCD7705C02BF0A8619354515513
                                                              SHA-256:243BEFBD6B67A21433DCC97DC1A728896D3A070DC20055EB04D644E1BB955FE7
                                                              SHA-512:CD344D060E30242E5A4705547E807CE3CE2231EE983BB9A8AD22B3E7598A7EC87399094B04A80245AD51D039370F09D74FE54C0B0738583884A73F0C7E888AD8
                                                              Malicious:false
                                                              Preview:{"createnew":{"message":"\u1021\u101e\u1005\u103a \u1015\u103c\u102f\u101c\u102f\u1015\u103a\u101b\u1014\u103a"},"explanationofflinedisabled":{"message":"\u101e\u1004\u103a \u1021\u1031\u102c\u1037\u1016\u103a\u101c\u102d\u102f\u1004\u103a\u1038\u1016\u103c\u1005\u103a\u1014\u1031\u1015\u102b\u101e\u100a\u103a\u104b \u1021\u1004\u103a\u1010\u102c\u1014\u1000\u103a\u1001\u103b\u102d\u1010\u103a\u1006\u1000\u103a\u1019\u103e\u102f \u1019\u101b\u103e\u102d\u1018\u1032 Google Docs \u1000\u102d\u102f \u1021\u101e\u102f\u1036\u1038\u1015\u103c\u102f\u101b\u1014\u103a \u1014\u1031\u102c\u1000\u103a\u1010\u1005\u103a\u1000\u103c\u102d\u1019\u103a \u101e\u1004\u103a\u1021\u1004\u103a\u1010\u102c\u1014\u1000\u103a\u1001\u103b\u102d\u1010\u103a\u1006\u1000\u103a\u101e\u100a\u1037\u103a\u1021\u1001\u102b Google Docs \u1015\u1004\u103a\u1019\u1005\u102c\u1019\u103b\u1000\u103a\u1014\u103e\u102c\u101b\u103e\u102d \u1006\u1000\u103a\u1010\u1004\u103a\u1019\u103b\u102c\u1038\u101e\u102d\u102f\u1037\u1

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir6460_1866555910\CRX_INSTALL\_locales\ne\messages.json

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):1898
                                                              Entropy (8bit):4.187050294267571
                                                              Encrypted:false
                                                              SSDEEP:24:1HAmQ6ZSWfAx6fLMr48tE/cAbJtUZJScSIQoAfboFMiQ9pdvz48YgqG:TQ6W6MbkcAltUJxQdfbqQ9pp0gqG
                                                              MD5:B1083DA5EC718D1F2F093BD3D1FB4F37
                                                              SHA1:74B6F050D918448396642765DEF1AD5390AB5282
                                                              SHA-256:E6ED0A023EF31705CCCBAF1E07F2B4B2279059296B5CA973D2070417BA16F790
                                                              SHA-512:7102B90ABBE2C811E8EE2F1886A73B1298D4F3D5D05F0FFDB57CF78B9A49A25023A290B255BAA4895BB150B388BAFD9F8432650B8C70A1A9A75083FFFCD74F1A
                                                              Malicious:false
                                                              Preview:{.. "createnew": {.. "message": ".... ....... .........".. },.. "explanationofflinedisabled": {.. "message": "..... ...... .......... .... ........ .... .... Google ........ ...... .... ..... ..... ... .......... ....... .... Google ........ .......... ..... .......... .. ...... ..... .... ..... ......... .. ..........".. },.. "explanationofflineenabled": {.. "message": "..... ...... ........., .. ..... ... ... ...... ....... ....... .. .... ....... ....

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir6460_1866555910\CRX_INSTALL\_locales\nl\messages.json

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):914
                                                              Entropy (8bit):4.513485418448461
                                                              Encrypted:false
                                                              SSDEEP:12:1HASvgFARCBxNBv52/fXjOXl6W6ICBxeBvMzU1CSUJAO6SFAIVIbCBhZHdb1tvz+:1HABJx4X6QDwEzlm2uGvYzKU
                                                              MD5:32DF72F14BE59A9BC9777113A8B21DE6
                                                              SHA1:2A8D9B9A998453144307DD0B700A76E783062AD0
                                                              SHA-256:F3FE1FFCB182183B76E1B46C4463168C746A38E461FD25CA91FF2A40846F1D61
                                                              SHA-512:E0966F5CCA5A8A6D91C58D716E662E892D1C3441DAA5D632E5E843839BB989F620D8AC33ED3EDBAFE18D7306B40CD0C4639E5A4E04DA2C598331DACEC2112AAD
                                                              Malicious:false
                                                              Preview:{.. "createnew": {.. "message": "NIEUW MAKEN".. },.. "explanationofflinedisabled": {.. "message": "Je bent offline. Wil je Google Documenten zonder internetverbinding gebruiken, ga dan de volgende keer dat je verbinding met internet hebt naar 'Instellingen' op de homepage van Google Documenten en zet 'Offline synchronisatie' aan.".. },.. "explanationofflineenabled": {.. "message": "Je bent offline, maar je kunt nog wel beschikbare bestanden bewerken of nieuwe bestanden maken.".. },.. "extdesc": {.. "message": "Bewerk, maak en bekijk je documenten, spreadsheets en presentaties. Allemaal zonder internettoegang.".. },.. "extname": {.. "message": "Offline Documenten".. },.. "learnmore": {.. "message": "Meer informatie".. },.. "popuphelptext": {.. "message": "Overal schrijven, bewerken en samenwerken, met of zonder internetverbinding.".. }..}..

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir6460_1866555910\CRX_INSTALL\_locales\no\messages.json

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):878
                                                              Entropy (8bit):4.4541485835627475
                                                              Encrypted:false
                                                              SSDEEP:24:1HAqwwrJ6wky68uk+NILxRGJwBvDyrj9V:nwwQwky6W+NwswVyT
                                                              MD5:A1744B0F53CCF889955B95108367F9C8
                                                              SHA1:6A5A6771DFF13DCB4FD425ED839BA100B7123DE0
                                                              SHA-256:21CEFF02B45A4BFD60D144879DFA9F427949A027DD49A3EB0E9E345BD0B7C9A8
                                                              SHA-512:F55E43F14514EECB89F6727A0D3C234149609020A516B193542B5964D2536D192F40CC12D377E70C683C269A1BDCDE1C6A0E634AA84A164775CFFE776536A961
                                                              Malicious:false
                                                              Preview:{.. "createnew": {.. "message": "OPPRETT NYTT".. },.. "explanationofflinedisabled": {.. "message": "Du er uten nett. For . bruke Google Dokumenter uten internettilkobling, g. til innstillingene p. Google Dokumenter-nettsiden og sl. p. synkronisering uten nett neste gang du er koblet til Internett.".. },.. "explanationofflineenabled": {.. "message": "Du er uten nett, men du kan likevel endre tilgjengelige filer eller opprette nye.".. },.. "extdesc": {.. "message": "Rediger, opprett og se dokumentene, regnearkene og presentasjonene dine . uten nettilgang.".. },.. "extname": {.. "message": "Google Dokumenter uten nett".. },.. "learnmore": {.. "message": "Finn ut mer".. },.. "popuphelptext": {.. "message": "Skriv, rediger eller samarbeid uansett hvor du er, med eller uten internettilkobling.".. }..}..

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir6460_1866555910\CRX_INSTALL\_locales\pa\messages.json

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):2766
                                                              Entropy (8bit):3.839730779948262
                                                              Encrypted:false
                                                              SSDEEP:48:YEH6/o0iZbNCbDMUcipdkNtQjsGKIhO9aBjj/nxt9o5nDAj3:p6wbZbEbvJ8jQkIhO9aBjb/90Ab
                                                              MD5:97F769F51B83D35C260D1F8CFD7990AF
                                                              SHA1:0D59A76564B0AEE31D0A074305905472F740CECA
                                                              SHA-256:BBD37D41B7DE6F93948FA2437A7699D4C30A3C39E736179702F212CB36A3133C
                                                              SHA-512:D91F5E2D22FC2D7F73C1F1C4AF79DB98FCFD1C7804069AE9B2348CBC729A6D2DFF7FB6F44D152B0BDABA6E0D05DFF54987E8472C081C4D39315CEC2CBC593816
                                                              Malicious:false
                                                              Preview:{"createnew":{"message":"\u0a28\u0a35\u0a3e\u0a02 \u0a2c\u0a23\u0a3e\u0a13"},"explanationofflinedisabled":{"message":"\u0a24\u0a41\u0a38\u0a40\u0a02 \u0a06\u0a2b\u0a3c\u0a32\u0a3e\u0a08\u0a28 \u0a39\u0a4b\u0964 \u0a07\u0a70\u0a1f\u0a30\u0a28\u0a48\u0a71\u0a1f \u0a15\u0a28\u0a48\u0a15\u0a36\u0a28 \u0a26\u0a47 \u0a2c\u0a3f\u0a28\u0a3e\u0a02 Google Docs \u0a28\u0a42\u0a70 \u0a35\u0a30\u0a24\u0a23 \u0a32\u0a08, \u0a05\u0a17\u0a32\u0a40 \u0a35\u0a3e\u0a30 \u0a1c\u0a26\u0a4b\u0a02 \u0a24\u0a41\u0a38\u0a40\u0a02 \u0a07\u0a70\u0a1f\u0a30\u0a28\u0a48\u0a71\u0a1f \u0a26\u0a47 \u0a28\u0a3e\u0a32 \u0a15\u0a28\u0a48\u0a15\u0a1f \u0a39\u0a4b\u0a35\u0a4b \u0a24\u0a3e\u0a02 Google Docs \u0a2e\u0a41\u0a71\u0a16 \u0a2a\u0a70\u0a28\u0a47 '\u0a24\u0a47 \u0a38\u0a48\u0a1f\u0a3f\u0a70\u0a17\u0a3e\u0a02 \u0a35\u0a3f\u0a71\u0a1a \u0a1c\u0a3e\u0a13 \u0a05\u0a24\u0a47 \u0a06\u0a2b\u0a3c\u0a32\u0a3e\u0a08\u0a28 \u0a38\u0a3f\u0a70\u0a15 \u0a28\u0a42\u0a70 \u0a1a\u0a3e\u0a32\u0a42 \u0a15\u0a30\u0a4b\u0964"},"expla

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir6460_1866555910\CRX_INSTALL\_locales\pl\messages.json

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):978
                                                              Entropy (8bit):4.879137540019932
                                                              Encrypted:false
                                                              SSDEEP:24:1HApiJiRelvm3wi8QAYcbm24sK+tFJaSDD:FJMx3whxYcbNp
                                                              MD5:B8D55E4E3B9619784AECA61BA15C9C0F
                                                              SHA1:B4A9C9885FBEB78635957296FDDD12579FEFA033
                                                              SHA-256:E00FF20437599A5C184CA0C79546CB6500171A95E5F24B9B5535E89A89D3EC3D
                                                              SHA-512:266589116EEE223056391C65808255EDAE10EB6DC5C26655D96F8178A41E283B06360AB8E08AC3857D172023C4F616EF073D0BEA770A3B3DD3EE74F5FFB2296B
                                                              Malicious:false
                                                              Preview:{.. "createnew": {.. "message": "UTW.RZ NOWY".. },.. "explanationofflinedisabled": {.. "message": "Jeste. offline. Aby korzysta. z Dokument.w Google bez po..czenia internetowego, otw.rz ustawienia na stronie g..wnej Dokument.w Google i w..cz synchronizacj. offline nast.pnym razem, gdy b.dziesz mie. dost.p do internetu.".. },.. "explanationofflineenabled": {.. "message": "Jeste. offline, ale nadal mo.esz edytowa. dost.pne pliki i tworzy. nowe.".. },.. "extdesc": {.. "message": "Edytuj, tw.rz i wy.wietlaj swoje dokumenty, arkusze kalkulacyjne oraz prezentacje bez konieczno.ci ..czenia si. z internetem.".. },.. "extname": {.. "message": "Dokumenty Google offline".. },.. "learnmore": {.. "message": "Wi.cej informacji".. },.. "popuphelptext": {.. "message": "Pisz, edytuj i wsp..pracuj, gdziekolwiek jeste. . niezale.nie od tego, czy masz po..czenie z internetem.".. }..}..

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir6460_1866555910\CRX_INSTALL\_locales\pt_BR\messages.json

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):907
                                                              Entropy (8bit):4.599411354657937
                                                              Encrypted:false
                                                              SSDEEP:12:1HASvgU30CBxNd6GwXOK1styCJ02OK9+4KbCBxed6X4LBAt4rXgUCSUuYDHIIQka:1HAcXlyCJ5+Tsz4LY4rXSw/Q+ftkC
                                                              MD5:608551F7026E6BA8C0CF85D9AC11F8E3
                                                              SHA1:87B017B2D4DA17E322AF6384F82B57B807628617
                                                              SHA-256:A73EEA087164620FA2260D3910D3FBE302ED85F454EDB1493A4F287D42FC882F
                                                              SHA-512:82F52F8591DB3C0469CC16D7CBFDBF9116F6D5B5D2AD02A3D8FA39CE1378C64C0EA80AB8509519027F71A89EB8BBF38A8702D9AD26C8E6E0F499BF7DA18BF747
                                                              Malicious:false
                                                              Preview:{.. "createnew": {.. "message": "CRIAR NOVO".. },.. "explanationofflinedisabled": {.. "message": "Voc. est. off-line. Para usar o Documentos Google sem conex.o com a Internet, na pr.xima vez que se conectar, acesse as configura..es na p.gina inicial do Documentos Google e ative a sincroniza..o off-line.".. },.. "explanationofflineenabled": {.. "message": "Voc. est. off-line, mas mesmo assim pode editar os arquivos dispon.veis ou criar novos arquivos.".. },.. "extdesc": {.. "message": "Edite, crie e veja seus documentos, planilhas e apresenta..es sem precisar de acesso . Internet.".. },.. "extname": {.. "message": "Documentos Google off-line".. },.. "learnmore": {.. "message": "Saiba mais".. },.. "popuphelptext": {.. "message": "Escreva, edite e colabore onde voc. estiver, com ou sem conex.o com a Internet.".. }..}..

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir6460_1866555910\CRX_INSTALL\_locales\pt_PT\messages.json

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):914
                                                              Entropy (8bit):4.604761241355716
                                                              Encrypted:false
                                                              SSDEEP:24:1HAcXzw8M+N0STDIjxX+qxCjKw5BKriEQFMJXkETs:zXzw0pKXbxqKw5BKri3aNY
                                                              MD5:0963F2F3641A62A78B02825F6FA3941C
                                                              SHA1:7E6972BEAB3D18E49857079A24FB9336BC4D2D48
                                                              SHA-256:E93B8E7FB86D2F7DFAE57416BB1FB6EE0EEA25629B972A5922940F0023C85F90
                                                              SHA-512:22DD42D967124DA5A2209DD05FB6AD3F5D0D2687EA956A22BA1E31C56EC09DEB53F0711CD5B24D672405358502E9D1C502659BB36CED66CAF83923B021CA0286
                                                              Malicious:false
                                                              Preview:{.. "createnew": {.. "message": "CRIAR NOVO".. },.. "explanationofflinedisabled": {.. "message": "Est. offline. Para utilizar o Google Docs sem uma liga..o . Internet, aceda .s defini..es na p.gina inicial do Google Docs e ative a sincroniza..o offline da pr.xima vez que estiver ligado . Internet.".. },.. "explanationofflineenabled": {.. "message": "Est. offline, mas continua a poder editar os ficheiros dispon.veis ou criar novos ficheiros.".. },.. "extdesc": {.. "message": "Edite, crie e veja os documentos, as folhas de c.lculo e as apresenta..es, tudo sem precisar de aceder . Internet.".. },.. "extname": {.. "message": "Google Docs offline".. },.. "learnmore": {.. "message": "Saber mais".. },.. "popuphelptext": {.. "message": "Escreva edite e colabore onde quer que esteja, com ou sem uma liga..o . Internet.".. }..}..

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir6460_1866555910\CRX_INSTALL\_locales\ro\messages.json

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):937
                                                              Entropy (8bit):4.686555713975264
                                                              Encrypted:false
                                                              SSDEEP:24:1HA8dC6e6w+uFPHf2TFMMlecFpweWV4RE:pC6KvHf4plVweCx
                                                              MD5:BED8332AB788098D276B448EC2B33351
                                                              SHA1:6084124A2B32F386967DA980CBE79DD86742859E
                                                              SHA-256:085787999D78FADFF9600C9DC5E3FF4FB4EB9BE06D6BB19DF2EEF8C284BE7B20
                                                              SHA-512:22596584D10707CC1C8179ED3ABE46EF2C314CF9C3D0685921475944B8855AAB660590F8FA1CFDCE7976B4BB3BD9ABBBF053F61F1249A325FD0094E1C95692ED
                                                              Malicious:false
                                                              Preview:{.. "createnew": {.. "message": "CREEAZ. UN DOCUMENT".. },.. "explanationofflinedisabled": {.. "message": "E.ti offline. Pentru a utiliza Documente Google f.r. conexiune la internet, intr. .n set.rile din pagina principal. Documente Google .i activeaz. sincronizarea offline data viitoare c.nd e.ti conectat(.) la internet.".. },.. "explanationofflineenabled": {.. "message": "E.ti offline, dar po.i .nc. s. editezi fi.ierele disponibile sau s. creezi altele.".. },.. "extdesc": {.. "message": "Editeaz., creeaz. .i acceseaz. documente, foi de calcul .i prezent.ri - totul f.r. acces la internet.".. },.. "extname": {.. "message": "Documente Google Offline".. },.. "learnmore": {.. "message": "Afl. mai multe".. },.. "popuphelptext": {.. "message": "Scrie, editeaz. .i colaboreaz. oriunde ai fi, cu sau f.r. conexiune la internet.".. }..}..

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir6460_1866555910\CRX_INSTALL\_locales\ru\messages.json

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):1337
                                                              Entropy (8bit):4.69531415794894
                                                              Encrypted:false
                                                              SSDEEP:24:1HABEapHTEmxUomjsfDVs8THjqBK8/hHUg41v+Lph5eFTHQ:I/VdxUomjsre8Kh4Riph5eFU
                                                              MD5:51D34FE303D0C90EE409A2397FCA437D
                                                              SHA1:B4B9A7B19C62D0AA95D1F10640A5FBA628CCCA12
                                                              SHA-256:BE733625ACD03158103D62BC0EEF272CA3F265AC30C87A6A03467481A177DAE3
                                                              SHA-512:E8670DED44DC6EE30E5F41C8B2040CF8A463CD9A60FC31FA70EB1D4C9AC1A3558369792B5B86FA761A21F5266D5A35E5C2C39297F367DAA84159585C19EC492A
                                                              Malicious:false
                                                              Preview:{.. "createnew": {.. "message": ".......".. },.. "explanationofflinedisabled": {.. "message": "..... ............ Google ......... ... ........., ............ . .... . ......... ............. . ......-...... . .......... .. ......... .........".. },.. "explanationofflineenabled": {.. "message": "... ........... . .......... .. ...... ......... ..... ..... . ............. .., . ....... ........ ......-.......".. },.. "extdesc": {.. "message": ".........., .............. . ............ ........., ....... . ........... ... ....... . ..........".. },.. "extname": {.. "message": "Google.......... ......".. },.. "learnmore": {.

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir6460_1866555910\CRX_INSTALL\_locales\si\messages.json

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):2846
                                                              Entropy (8bit):3.7416822879702547
                                                              Encrypted:false
                                                              SSDEEP:48:YWi+htQTKEQb3aXQYJLSWy7sTQThQTnQtQTrEmQ6kiLsegQSJFwsQGaiPn779I+S:zhiTK5b3tUGVjTGTnQiTryOLpyaxYf/S
                                                              MD5:B8A4FD612534A171A9A03C1984BB4BDD
                                                              SHA1:F513F7300827FE352E8ECB5BD4BB1729F3A0E22A
                                                              SHA-256:54241EBE651A8344235CC47AFD274C080ABAEBC8C3A25AFB95D8373B6A5670A2
                                                              SHA-512:C03E35BFDE546AEB3245024EF721E7E606327581EFE9EAF8C5B11989D9033BDB58437041A5CB6D567BAA05466B6AAF054C47F976FD940EEEDF69FDF80D79095B
                                                              Malicious:false
                                                              Preview:{"createnew":{"message":"\u0db1\u0dc0 \u0dbd\u0dda\u0d9b\u0db1\u0dba\u0d9a\u0dca \u0dc3\u0dcf\u0daf\u0db1\u0dca\u0db1"},"explanationofflinedisabled":{"message":"\u0d94\u0db6 \u0db1\u0ddc\u0db6\u0dd0\u0db3\u0dd2\u0dba. \u0d85\u0db1\u0dca\u0dad\u0dbb\u0dca\u0da2\u0dcf\u0dbd \u0dc3\u0db8\u0dca\u0db6\u0db1\u0dca\u0db0\u0dad\u0dcf\u0dc0\u0d9a\u0dca \u0db1\u0ddc\u0db8\u0dd0\u0dad\u0dd2\u0dc0 Google Docs \u0db7\u0dcf\u0dc0\u0dd2\u0dad \u0d9a\u0dd2\u0dbb\u0dd3\u0db8\u0da7, Google Docs \u0db8\u0dd4\u0dbd\u0dca \u0db4\u0dd2\u0da7\u0dd4\u0dc0 \u0db8\u0dad \u0dc3\u0dd0\u0d9a\u0dc3\u0dd3\u0db8\u0dca \u0dc0\u0dd9\u0dad \u0d9c\u0ddc\u0dc3\u0dca \u0d94\u0db6 \u0d8a\u0dc5\u0d9f \u0d85\u0dc0\u0dc3\u0dca\u0dae\u0dcf\u0dc0\u0dda \u0d85\u0db1\u0dca\u0dad\u0dbb\u0dca\u0da2\u0dcf\u0dbd\u0dba\u0da7 \u0dc3\u0db6\u0dd0\u0db3\u0dd2 \u0dc0\u0dd2\u0da7 \u0db1\u0ddc\u0db6\u0dd0\u0db3\u0dd2 \u0dc3\u0db8\u0db8\u0dd4\u0dc4\u0dd4\u0dbb\u0dca\u0dad \u0d9a\u0dd2\u0dbb\u0dd3\u0db8 \u0d9a\u0dca\u200d\u0dbb\u0dd2\u0dba\u0dc

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir6460_1866555910\CRX_INSTALL\_locales\sk\messages.json

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):934
                                                              Entropy (8bit):4.882122893545996
                                                              Encrypted:false
                                                              SSDEEP:24:1HAF8pMv1RS4LXL22IUjdh8uJwpPqLDEtxKLhSS:hyv1RS4LXx38u36QsS
                                                              MD5:8E55817BF7A87052F11FE554A61C52D5
                                                              SHA1:9ABDC0725FE27967F6F6BE0DF5D6C46E2957F455
                                                              SHA-256:903060EC9E76040B46DEB47BBB041D0B28A6816CB9B892D7342FC7DC6782F87C
                                                              SHA-512:EFF9EC7E72B272DDE5F29123653BC056A4BC2C3C662AE3C448F8CB6A4D1865A0679B7E74C1B3189F3E262109ED6BC8F8D2BDE14AEFC8E87E0F785AE4837D01C7
                                                              Malicious:false
                                                              Preview:{.. "createnew": {.. "message": "VYTVORI. NOV.".. },.. "explanationofflinedisabled": {.. "message": "Ste offline. Ak chcete pou.i. Dokumenty Google bez pripojenia na internet, po najbli..om pripojen. na internet prejdite do nastaven. na domovskej str.nke Dokumentov Google a.zapnite offline synchroniz.ciu.".. },.. "explanationofflineenabled": {.. "message": "Ste offline, no st.le m..ete upravova. dostupn. s.bory a.vytv.ra. nov..".. },.. "extdesc": {.. "message": ".prava, tvorba a.zobrazenie dokumentov, tabuliek a.prezent.ci.. To v.etko bez pr.stupu na internet.".. },.. "extname": {.. "message": "Dokumenty Google v re.ime offline".. },.. "learnmore": {.. "message": ".al.ie inform.cie".. },.. "popuphelptext": {.. "message": "P..te, upravujte a.spolupracuje, kdeko.vek ste, a.to s.pripojen.m na internet aj bez neho.".. }..}..

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir6460_1866555910\CRX_INSTALL\_locales\sl\messages.json

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):963
                                                              Entropy (8bit):4.6041913416245
                                                              Encrypted:false
                                                              SSDEEP:12:1HASvgfECBxNFCEuKXowwJrpvPwNgEcPJJJEfWOCBxeFCJuGuU4KYXCSUXKDxX4A:1HAXMKYw8VYNLcaeDmKYLdX2zJBG5
                                                              MD5:BFAEFEFF32813DF91C56B71B79EC2AF4
                                                              SHA1:F8EDA2B632610972B581724D6B2F9782AC37377B
                                                              SHA-256:AAB9CF9098294A46DC0F2FA468AFFF7CA7C323A1A0EFA70C9DB1E3A4DA05D1D4
                                                              SHA-512:971F2BBF5E9C84DE3D31E5F2A4D1A00D891A2504F8AF6D3F75FC19056BFD059A270C4C9836AF35258ABA586A1888133FB22B484F260C1CBC2D1D17BC3B4451AA
                                                              Malicious:false
                                                              Preview:{.. "createnew": {.. "message": "USTVARI NOVO".. },.. "explanationofflinedisabled": {.. "message": "Nimate vzpostavljene povezave. .e .elite uporabljati Google Dokumente brez internetne povezave, odprite nastavitve na doma.i strani Google Dokumentov in vklopite sinhronizacijo brez povezave, ko naslednji. vzpostavite internetno povezavo.".. },.. "explanationofflineenabled": {.. "message": "Nimate vzpostavljene povezave, vendar lahko .e vedno urejate razpolo.ljive datoteke ali ustvarjate nove.".. },.. "extdesc": {.. "message": "Urejajte, ustvarjajte in si ogledujte dokumente, preglednice in predstavitve . vse to brez internetnega dostopa.".. },.. "extname": {.. "message": "Google Dokumenti brez povezave".. },.. "learnmore": {.. "message": "Ve. o tem".. },.. "popuphelptext": {.. "message": "Pi.ite, urejajte in sodelujte, kjer koli ste, z internetno povezavo ali brez nje.".. }..}..

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir6460_1866555910\CRX_INSTALL\_locales\sr\messages.json

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):1320
                                                              Entropy (8bit):4.569671329405572
                                                              Encrypted:false
                                                              SSDEEP:24:1HArg/fjQg2JwrfZtUWTrw1P4epMnRGi5TBmuPDRxZQ/XtiCw/Rwh/Q9EVz:ogUg2JwDZe6rwKI8VTP9xK1CwhI94
                                                              MD5:7F5F8933D2D078618496C67526A2B066
                                                              SHA1:B7050E3EFA4D39548577CF47CB119FA0E246B7A4
                                                              SHA-256:4E8B69E864F57CDDD4DC4E4FAF2C28D496874D06016BC22E8D39E0CB69552769
                                                              SHA-512:0FBAB56629368EEF87DEEF2977CA51831BEB7DEAE98E02504E564218425C751853C4FDEAA40F51ECFE75C633128B56AE105A6EB308FD5B4A2E983013197F5DBA
                                                              Malicious:false
                                                              Preview:{.. "createnew": {.. "message": "....... ....".. },.. "explanationofflinedisabled": {.. "message": "...... .... .. ..... ......... Google ......... ... ........ ...., ..... . .......... .. ........ ........ Google .......... . ........ ...... .............. ... ....... ... ...... ........ .. ...........".. },.. "explanationofflineenabled": {.. "message": "...... ..., ... . .... ...... .. ....... ...... . ........ ........ ... .. ....... .....".. },.. "extdesc": {.. "message": "....... . ........... ........., ...... . ............ . ....... ...... . ... . ... .. ... ........ .........".. },.. "extname": {.. "message

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir6460_1866555910\CRX_INSTALL\_locales\sv\messages.json

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):884
                                                              Entropy (8bit):4.627108704340797
                                                              Encrypted:false
                                                              SSDEEP:24:1HA0NOYT/6McbnX/yzklyOIPRQrJlvDymvBd:vNOcyHnX/yg0P4Bymn
                                                              MD5:90D8FB448CE9C0B9BA3D07FB8DE6D7EE
                                                              SHA1:D8688CAC0245FD7B886D0DEB51394F5DF8AE7E84
                                                              SHA-256:64B1E422B346AB77C5D1C77142685B3FF7661D498767D104B0C24CB36D0EB859
                                                              SHA-512:6D58F49EE3EF0D3186EA036B868B2203FE936CE30DC8E246C32E90B58D9B18C624825419346B62AF8F7D61767DBE9721957280AA3C524D3A5DFB1A3A76C00742
                                                              Malicious:false
                                                              Preview:{.. "createnew": {.. "message": "SKAPA NYTT".. },.. "explanationofflinedisabled": {.. "message": "Du .r offline. Om du vill anv.nda Google Dokument utan internetuppkoppling, .ppna inst.llningarna p. Google Dokuments startsida och aktivera offlinesynkronisering n.sta g.ng du .r ansluten till internet.".. },.. "explanationofflineenabled": {.. "message": "Du .r offline, men det g.r fortfarande att redigera tillg.ngliga filer eller skapa nya.".. },.. "extdesc": {.. "message": "Redigera, skapa och visa dina dokument, kalkylark och presentationer . helt utan internet.tkomst.".. },.. "extname": {.. "message": "Google Dokument Offline".. },.. "learnmore": {.. "message": "L.s mer".. },.. "popuphelptext": {.. "message": "Skriv, redigera och samarbeta .verallt, med eller utan internetanslutning.".. }..}..

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir6460_1866555910\CRX_INSTALL\_locales\sw\messages.json

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):980
                                                              Entropy (8bit):4.50673686618174
                                                              Encrypted:false
                                                              SSDEEP:12:1HASvgNHCBxNx1HMHyMhybK7QGU78oCuafIvfCBxex6EYPE5E1pOCSUJqONtCBh8:1HAGDQ3y0Q/Kjp/zhDoKMkeAT6dBaX
                                                              MD5:D0579209686889E079D87C23817EDDD5
                                                              SHA1:C4F99E66A5891973315D7F2BC9C1DAA524CB30DC
                                                              SHA-256:0D20680B74AF10EF8C754FCDE259124A438DCE3848305B0CAF994D98E787D263
                                                              SHA-512:D59911F91ED6C8FF78FD158389B4D326DAF4C031B940C399569FE210F6985E23897E7F404B7014FC7B0ACEC086C01CC5F76354F7E5D3A1E0DEDEF788C23C2978
                                                              Malicious:false
                                                              Preview:{.. "createnew": {.. "message": "FUNGUA MPYA".. },.. "explanationofflinedisabled": {.. "message": "Haupo mtandaoni. Ili uweze kutumia Hati za Google bila muunganisho wa intaneti, wakati utakuwa umeunganishwa kwenye intaneti, nenda kwenye sehemu ya mipangilio kwenye ukurasa wa kwanza wa Hati za Google kisha uwashe kipengele cha usawazishaji nje ya mtandao.".. },.. "explanationofflineenabled": {.. "message": "Haupo mtandaoni, lakini bado unaweza kubadilisha faili zilizopo au uunde mpya.".. },.. "extdesc": {.. "message": "Badilisha, unda na uangalie hati, malahajedwali na mawasilisho yako . yote bila kutumia muunganisho wa intaneti.".. },.. "extname": {.. "message": "Hati za Google Nje ya Mtandao".. },.. "learnmore": {.. "message": "Pata Maelezo Zaidi".. },.. "popuphelptext": {.. "message": "Andika hati, zibadilishe na ushirikiane na wengine popote ulipo, iwe una muunganisho wa intaneti au huna.".. }..}..

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir6460_1866555910\CRX_INSTALL\_locales\ta\messages.json

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):1941
                                                              Entropy (8bit):4.132139619026436
                                                              Encrypted:false
                                                              SSDEEP:24:1HAoTZwEj3YfVLiANpx96zjlXTwB4uNJDZwq3CP1B2xIZiIH1CYFIZ03SoFyxrph:JCEjWiAD0ZXkyYFyPND1L/I
                                                              MD5:DCC0D1725AEAEAAF1690EF8053529601
                                                              SHA1:BB9D31859469760AC93E84B70B57909DCC02EA65
                                                              SHA-256:6282BF9DF12AD453858B0B531C8999D5FD6251EB855234546A1B30858462231A
                                                              SHA-512:6243982D764026D342B3C47C706D822BB2B0CAFFA51F0591D8C878F981EEF2A7FC68B76D012630B1C1EB394AF90EB782E2B49329EB6538DD5608A7F0791FDCF5
                                                              Malicious:false
                                                              Preview:{.. "createnew": {.. "message": "..... ....... .........".. },.. "explanationofflinedisabled": {.. "message": ".......... ........... .... ....... ..... Google ......... .........., ...... .... ........... ......... ...., Google ... ................... ................ ......, ........ ......... ..........".. },.. "explanationofflineenabled": {.. "message": ".......... ..........., .......... .......... .......... ......... ........... ...... .....

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir6460_1866555910\CRX_INSTALL\_locales\te\messages.json

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):1969
                                                              Entropy (8bit):4.327258153043599
                                                              Encrypted:false
                                                              SSDEEP:48:R7jQrEONienBcFNBNieCyOBw0/kCcj+sEf24l+Q+u1LU4ljCj55ONipR41ssrNix:RjQJN1nBcFNBNlCyGcj+RXl+Q+u1LU4s
                                                              MD5:385E65EF723F1C4018EEE6E4E56BC03F
                                                              SHA1:0CEA195638A403FD99BAEF88A360BD746C21DF42
                                                              SHA-256:026C164BAE27DBB36A564888A796AA3F188AAD9E0C37176D48910395CF772CEA
                                                              SHA-512:E55167CB5638E04DF3543D57C8027B86B9483BFCAFA8E7C148EDED66454AEBF554B4C1CF3C33E93EC63D73E43800D6A6E7B9B1A1B0798B6BDB2F699D3989B052
                                                              Malicious:false
                                                              Preview:{.. "createnew": {.. "message": "..... ...... ........ ......".. },.. "explanationofflinedisabled": {.. "message": ".... ........... ........ ......... ........ ....... Google Docs... .............., .... ............ ....... ..... ...... .... Google Docs .... ...... ............. ......, ........ ........ ... .......".. },.. "explanationofflineenabled": {.. "message": ".... ........... ......., .... .... ........ .......... .... ....... ..... ....... .... ..

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir6460_1866555910\CRX_INSTALL\_locales\th\messages.json

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):1674
                                                              Entropy (8bit):4.343724179386811
                                                              Encrypted:false
                                                              SSDEEP:48:fcGjnU3UnGKD1GeU3pktOggV1tL2ggG7Q:f3jnDG1eUk0g6RLE
                                                              MD5:64077E3D186E585A8BEA86FF415AA19D
                                                              SHA1:73A861AC810DABB4CE63AD052E6E1834F8CA0E65
                                                              SHA-256:D147631B2334A25B8AA4519E4A30FB3A1A85B6A0396BC688C68DC124EC387D58
                                                              SHA-512:56DD389EB9DD335A6214E206B3BF5D63562584394D1DE1928B67D369E548477004146E6CB2AD19D291CB06564676E2B2AC078162356F6BC9278B04D29825EF0C
                                                              Malicious:false
                                                              Preview:{.. "createnew": {.. "message": ".........".. },.. "explanationofflinedisabled": {.. "message": ".............. ............. Google .................................... ............................... Google ...... .................................................................".. },.. "explanationofflineenabled": {.. "message": "................................................................".. },.. "extdesc": {.. "message": "..... ..... ........

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir6460_1866555910\CRX_INSTALL\_locales\tr\messages.json

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):1063
                                                              Entropy (8bit):4.853399816115876
                                                              Encrypted:false
                                                              SSDEEP:24:1HAowYuBPgoMC4AGehrgGm7tJ3ckwFrXnRs5m:GYsPgrCtGehkGc3cvXr
                                                              MD5:76B59AAACC7B469792694CF3855D3F4C
                                                              SHA1:7C04A2C1C808FA57057A4CCEEE66855251A3C231
                                                              SHA-256:B9066A162BEE00FD50DC48C71B32B69DFFA362A01F84B45698B017A624F46824
                                                              SHA-512:2E507CA6874DE8028DC769F3D9DFD9E5494C268432BA41B51568D56F7426F8A5F2E5B111DDD04259EB8D9A036BB4E3333863A8FC65AAB793BCEF39EDFE41403B
                                                              Malicious:false
                                                              Preview:{.. "createnew": {.. "message": "YEN. OLU.TUR".. },.. "explanationofflinedisabled": {.. "message": ".nternet'e ba.l. de.ilsiniz. Google Dok.manlar'. .nternet ba.lant.s. olmadan kullanmak i.in, .nternet'e ba.lanabildi.inizde Google Dok.manlar ana sayfas.nda Ayarlar'a gidin ve .evrimd... senkronizasyonu etkinle.tirin.".. },.. "explanationofflineenabled": {.. "message": ".nternet'e ba.l. de.ilsiniz. Ancak, yine de mevcut dosyalar. d.zenleyebilir veya yeni dosyalar olu.turabilirsiniz.".. },.. "extdesc": {.. "message": "Dok.man, e-tablo ve sunu olu.turun, bunlar. d.zenleyin ve g.r.nt.leyin. T.m bu i.lemleri internet eri.imi olmadan yapabilirsiniz.".. },.. "extname": {.. "message": "Google Dok.manlar .evrimd...".. },.. "learnmore": {.. "message": "Daha Fazla Bilgi".. },.. "popuphelptext": {.. "message": ".nternet ba.lant.n.z olsun veya olmas.n, nerede olursan.z olun yaz.n, d.zenl

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir6460_1866555910\CRX_INSTALL\_locales\uk\messages.json

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):1333
                                                              Entropy (8bit):4.686760246306605
                                                              Encrypted:false
                                                              SSDEEP:24:1HAk9oxkm6H4KyGGB9GeGoxPEYMQhpARezTtHUN97zlwpEH7:VKU1GB9GeBc/OARETt+9/WCb
                                                              MD5:970963C25C2CEF16BB6F60952E103105
                                                              SHA1:BBDDACFEEE60E22FB1C130E1EE8EFDA75EA600AA
                                                              SHA-256:9FA26FF09F6ACDE2457ED366C0C4124B6CAC1435D0C4FD8A870A0C090417DA19
                                                              SHA-512:1BED9FE4D4ADEED3D0BC8258D9F2FD72C6A177C713C3B03FC6F5452B6D6C2CB2236C54EA972ECE7DBFD756733805EB2352CAE44BAB93AA8EA73BB80460349504
                                                              Malicious:false
                                                              Preview:{.. "createnew": {.. "message": "........".. },.. "explanationofflinedisabled": {.. "message": ".. . ...... ....... ... ............. Google ........... ... ......... . .........., ......... . ............ .. ........ ........ Google .......... . ......... ......-............., .... ...... . .......".. },.. "explanationofflineenabled": {.. "message": ".. . ...... ......, ..... ... .... ...... .......... ........ ..... ... .......... .....".. },.. "extdesc": {.. "message": "........., ......... . ............ ........., .......... ....... .. ........... ... ....... .. ..........".. },.. "extname": {.. "message": "Goo

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir6460_1866555910\CRX_INSTALL\_locales\ur\messages.json

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):1263
                                                              Entropy (8bit):4.861856182762435
                                                              Encrypted:false
                                                              SSDEEP:24:1HAl3zNEUhN3mNjkSIkmdNpInuUVsqNtOJDhY8Dvp/IkLzx:e3uUhQKvkmd+s11Lp1F
                                                              MD5:8B4DF6A9281333341C939C244DDB7648
                                                              SHA1:382C80CAD29BCF8AAF52D9A24CA5A6ECF1941C6B
                                                              SHA-256:5DA836224D0F3A96F1C5EB5063061AAD837CA9FC6FED15D19C66DA25CF56F8AC
                                                              SHA-512:FA1C015D4EA349F73468C78FDB798D462EEF0F73C1A762298798E19F825E968383B0A133E0A2CE3B3DF95F24C71992235BFC872C69DC98166B44D3183BF8A9E5
                                                              Malicious:false
                                                              Preview:{.. "createnew": {.. "message": "... ......".. },.. "explanationofflinedisabled": {.. "message": ".. .. .... .... Google Docs .. .... ....... ..... ....... .... ..... .... ... .. .. ....... .. ..... ... .. Google Docs ... ... .. ....... .. ..... ... .. .... ...... ..... .. .. .....".. },.. "explanationofflineenabled": {.. "message": ".. .. .... ... .... .. ... ... ...... ..... ... ..... .. .... ... .. ... ..... ... .... ....".. },.. "extdesc": {.. "message": ".......... .......... ... ....... . .... ... ....... .. ..... .. .... ...... ..... .... ... ..... .......".. },.. "extname": {.. "message": "Google Docs .. ....".. },.. "learnmore": {..

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir6460_1866555910\CRX_INSTALL\_locales\vi\messages.json

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):1074
                                                              Entropy (8bit):5.062722522759407
                                                              Encrypted:false
                                                              SSDEEP:24:1HAhBBLEBOVUSUfE+eDFmj4BLErQ7e2CIer32KIxqJ/HtNiE5nIGeU+KCVT:qHCDheDFmjDQgX32/S/hI9jh
                                                              MD5:773A3B9E708D052D6CBAA6D55C8A5438
                                                              SHA1:5617235844595D5C73961A2C0A4AC66D8EA5F90F
                                                              SHA-256:597C5F32BC999746BC5C2ED1E5115C523B7EB1D33F81B042203E1C1DF4BBCAFE
                                                              SHA-512:E5F906729E38B23F64D7F146FA48F3ABF6BAED9AAFC0E5F6FA59F369DC47829DBB4BFA94448580BD61A34E844241F590B8D7AEC7091861105D8EBB2590A3BEE9
                                                              Malicious:false
                                                              Preview:{.. "createnew": {.. "message": "T.O M.I".. },.. "explanationofflinedisabled": {.. "message": "B.n .ang ngo.i tuy.n. .. s. d.ng Google T.i li.u m. kh.ng c.n k.t n.i Internet, .i ..n c.i ..t tr.n trang ch. c.a Google T.i li.u v. b.t ..ng b. h.a ngo.i tuy.n v.o l.n ti.p theo b.n ...c k.t n.i v.i m.ng Internet.".. },.. "explanationofflineenabled": {.. "message": "B.n .ang ngo.i tuy.n, tuy nhi.n b.n v.n c. th. ch.nh s.a c.c t.p c. s.n ho.c t.o c.c t.p m.i.".. },.. "extdesc": {.. "message": "Ch.nh s.a, t.o v. xem t.i li.u, b.ng t.nh v. b.n tr.nh b.y . t.t c. m. kh.ng c.n truy c.p Internet.".. },.. "extname": {.. "message": "Google T.i li.u ngo.i tuy.n".. },.. "learnmore": {.. "message": "Ti.m hi..u th.m".. },.. "popuphelptext": {.. "message": "Vi.t, ch.nh s.a v. c.ng t.c

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir6460_1866555910\CRX_INSTALL\_locales\zh_CN\messages.json

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):879
                                                              Entropy (8bit):5.7905809868505544
                                                              Encrypted:false
                                                              SSDEEP:12:1HASvgteHCBxNtSBXuetOrgIkA2OrWjMOCBxetSBXK01fg/SOiCSUEQ27e1CBhUj:1HAFsHtrIkA2jqldI/727eggcLk9pf
                                                              MD5:3E76788E17E62FB49FB5ED5F4E7A3DCE
                                                              SHA1:6904FFA0D13D45496F126E58C886C35366EFCC11
                                                              SHA-256:E72D0BB08CC3005556E95A498BD737E7783BB0E56DCC202E7D27A536616F5EE0
                                                              SHA-512:F431E570AB5973C54275C9EEF05E49E6FE2D6C17000F98D672DD31F9A1FAD98E0D50B5B0B9CF85D5BBD3B655B93FD69768C194C8C1688CB962AA75FF1AF9BDB6
                                                              Malicious:false
                                                              Preview:{.. "createnew": {.. "message": "..".. },.. "explanationofflinedisabled": {.. "message": "....................... Google ................ Google ....................".. },.. "explanationofflineenabled": {.. "message": ".............................".. },.. "extdesc": {.. "message": "...................... - ........".. },.. "extname": {.. "message": "Google .......".. },.. "learnmore": {.. "message": "....".. },.. "popuphelptext": {.. "message": "...............................".. }..}..

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir6460_1866555910\CRX_INSTALL\_locales\zh_HK\messages.json

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):1205
                                                              Entropy (8bit):4.50367724745418
                                                              Encrypted:false
                                                              SSDEEP:24:YWvqB0f7Cr591AhI9Ah8U1F4rw4wtB9G976d6BY9scKUrPoAhNehIrI/uIXS1:YWvl7Cr5JHrw7k7u6BY9trW+rHR
                                                              MD5:524E1B2A370D0E71342D05DDE3D3E774
                                                              SHA1:60D1F59714F9E8F90EF34138D33FBFF6DD39E85A
                                                              SHA-256:30F44CFAD052D73D86D12FA20CFC111563A3B2E4523B43F7D66D934BA8DACE91
                                                              SHA-512:D2225CF2FA94B01A7B0F70A933E1FDCF69CDF92F76C424CE4F9FCC86510C481C9A87A7B71F907C836CBB1CA41A8BEBBD08F68DBC90710984CA738D293F905272
                                                              Malicious:false
                                                              Preview:{"createnew":{"message":"\u5efa\u7acb\u65b0\u9805\u76ee"},"explanationofflinedisabled":{"message":"\u60a8\u8655\u65bc\u96e2\u7dda\u72c0\u614b\u3002\u5982\u8981\u5728\u6c92\u6709\u4e92\u806f\u7db2\u9023\u7dda\u7684\u60c5\u6cc1\u4e0b\u4f7f\u7528\u300cGoogle \u6587\u4ef6\u300d\uff0c\u8acb\u524d\u5f80\u300cGoogle \u6587\u4ef6\u300d\u9996\u9801\u7684\u8a2d\u5b9a\uff0c\u4e26\u5728\u4e0b\u6b21\u9023\u63a5\u4e92\u806f\u7db2\u6642\u958b\u555f\u96e2\u7dda\u540c\u6b65\u529f\u80fd\u3002"},"explanationofflineenabled":{"message":"\u60a8\u8655\u65bc\u96e2\u7dda\u72c0\u614b\uff0c\u4f46\u60a8\u4ecd\u53ef\u4ee5\u7de8\u8f2f\u53ef\u7528\u6a94\u6848\u6216\u5efa\u7acb\u65b0\u6a94\u6848\u3002"},"extdesc":{"message":"\u7de8\u8f2f\u3001\u5efa\u7acb\u53ca\u67e5\u770b\u60a8\u7684\u6587\u4ef6\u3001\u8a66\u7b97\u8868\u548c\u7c21\u5831\uff0c\u5b8c\u5168\u4e0d\u9700\u4f7f\u7528\u4e92\u806f\u7db2\u3002"},"extname":{"message":"\u300cGoogle \u6587\u4ef6\u300d\u96e2\u7dda\u7248"},"learnmore":{"message":"\u77ad\u89e3\u8a

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir6460_1866555910\CRX_INSTALL\_locales\zh_TW\messages.json

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):843
                                                              Entropy (8bit):5.76581227215314
                                                              Encrypted:false
                                                              SSDEEP:12:1HASvgmaCBxNtBtA24ZOuAeOEHGOCBxetBtMHQIJECSUnLRNocPNy6CBhU5OGg1O:1HAEfQkekYyLvRmcPGgzcL2kx5U
                                                              MD5:0E60627ACFD18F44D4DF469D8DCE6D30
                                                              SHA1:2BFCB0C3CA6B50D69AD5745FA692BAF0708DB4B5
                                                              SHA-256:F94C6DDEDF067642A1AF18D629778EC65E02B6097A8532B7E794502747AEB008
                                                              SHA-512:6FF517EED4381A61075AC7C8E80C73FAFAE7C0583BA4FA7F4951DD7DBE183C253702DEE44B3276EFC566F295DAC1592271BE5E0AC0C7D2C9F6062054418C7C27
                                                              Malicious:false
                                                              Preview:{.. "createnew": {.. "message": ".....".. },.. "explanationofflinedisabled": {.. "message": ".................. Google ................ Google .................".. },.. "explanationofflineenabled": {.. "message": ".........................".. },.. "extdesc": {.. "message": ".............................".. },.. "extname": {.. "message": "Google .....".. },.. "learnmore": {.. "message": "....".. },.. "popuphelptext": {.. "message": "................................".. }..}..

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir6460_1866555910\CRX_INSTALL\_locales\zu\messages.json

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):912
                                                              Entropy (8bit):4.65963951143349
                                                              Encrypted:false
                                                              SSDEEP:24:YlMBKqLnI7EgBLWFQbTQIF+j4h3OadMJzLWnCieqgwLeOvKrCRPE:YlMBKqjI7EQOQb0Pj4heOWqeyaBrMPE
                                                              MD5:71F916A64F98B6D1B5D1F62D297FDEC1
                                                              SHA1:9386E8F723C3F42DA5B3F7E0B9970D2664EA0BAA
                                                              SHA-256:EC78DDD4CCF32B5D76EC701A20167C3FBD146D79A505E4FB0421FC1E5CF4AA63
                                                              SHA-512:30FA4E02120AF1BE6E7CC7DBB15FAE5D50825BD6B3CF28EF21D2F2E217B14AF5B76CFCC165685C3EDC1D09536BFCB10CA07E1E2CC0DA891CEC05E19394AD7144
                                                              Malicious:false
                                                              Preview:{"createnew":{"message":"DALA ENTSHA"},"explanationofflinedisabled":{"message":"Awuxhunyiwe ku-inthanethi. Ukuze usebenzise i-Google Amadokhumenti ngaphandle koxhumano lwe-inthanethi, iya kokuthi izilungiselelo ekhasini lasekhaya le-Google Amadokhumenti bese uvula ukuvumelanisa okungaxhunyiwe ku-inthanethi ngesikhathi esilandelayo lapho uxhunywe ku-inthanethi."},"explanationofflineenabled":{"message":"Awuxhunyiwe ku-inthanethi, kodwa usangakwazi ukuhlela amafayela atholakalayo noma udale amasha."},"extdesc":{"message":"Hlela, dala, futhi ubuke amadokhumenti akho, amaspredishithi, namaphrezentheshini \u2014 konke ngaphandle kokufinyelela kwe-inthanethi."},"extname":{"message":"I-Google Amadokhumenti engaxhumekile ku-intanethi"},"learnmore":{"message":"Funda kabanzi"},"popuphelptext":{"message":"Bhala, hlela, futhi hlanganyela noma yikuphi lapho okhona, unalo noma ungenalo uxhumano lwe-inthanethi."}}.

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir6460_1866555910\CRX_INSTALL\_metadata\verified_contents.json

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):11280
                                                              Entropy (8bit):5.754230909218899
                                                              Encrypted:false
                                                              SSDEEP:192:RBG1G1UPkUj/86Op//Ier/2nsN9Jtwg1MK8HNnswuHEIIMuuqd7CKqv+pccW5SJ+:m8IGIEu8RfW+
                                                              MD5:BE5DB35513DDEF454CE3502B6418B9B4
                                                              SHA1:C82B23A82F745705AA6BCBBEFEB6CE3DBCC71CB1
                                                              SHA-256:C6F623BE1112C2FDE6BE8941848A82B2292FCD2B475FBD363CC2FD4DF25049B5
                                                              SHA-512:38C48E67631FAF0594D44525423C6EDC08F5A65F04288F0569B7CF8C71C359924069212462B0A2BFA38356F93708143EE1CBD42295D7317E8670D0A0CD10BAFD
                                                              Malicious:false
                                                              Preview:[{"description":"treehash per file","signed_content":{"payload":"eyJjb250ZW50X2hhc2hlcyI6W3siYmxvY2tfc2l6ZSI6NDA5NiwiZGlnZXN0Ijoic2hhMjU2IiwiZmlsZXMiOlt7InBhdGgiOiIxMjgucG5nIiwicm9vdF9oYXNoIjoiZ2NWZy0xWWgySktRNVFtUmtjZGNmamU1dzVIc1JNN1ZCTmJyaHJ4eGZ5ZyJ9LHsicGF0aCI6Il9sb2NhbGVzL2FmL21lc3NhZ2VzLmpzb24iLCJyb290X2hhc2giOiJxaElnV3hDSFVNLWZvSmVFWWFiWWlCNU9nTm9ncUViWUpOcEFhZG5KR0VjIn0seyJwYXRoIjoiX2xvY2FsZXMvYW0vbWVzc2FnZXMuanNvbiIsInJvb3RfaGFzaCI6IlpPQWJ3cEs2THFGcGxYYjh4RVUyY0VkU0R1aVY0cERNN2lEQ1RKTTIyTzgifSx7InBhdGgiOiJfbG9jYWxlcy9hci9tZXNzYWdlcy5qc29uIiwicm9vdF9oYXNoIjoiUjJVaEZjdTVFcEJfUUZtU19QeGstWWRrSVZqd3l6WEoxdURVZEMyRE9BSSJ9LHsicGF0aCI6Il9sb2NhbGVzL2F6L21lc3NhZ2VzLmpzb24iLCJyb290X2hhc2giOiJZVVJ3Mmp4UU5Lem1TZkY0YS1xcTBzbFBSSFc4eUlXRGtMY2g4Ry0zdjJRIn0seyJwYXRoIjoiX2xvY2FsZXMvYmUvbWVzc2FnZXMuanNvbiIsInJvb3RfaGFzaCI6IjNmRm9XYUZmUHJNelRXSkJsMXlqbUlyRDZ2dzlsa1VxdzZTdjAyUk1oVkEifSx7InBhdGgiOiJfbG9jYWxlcy9iZy9tZXNzYWdlcy5qc29uIiwicm9vdF9oYXNoIjoiSXJ3M3RIem9xREx6bHdGa0hjTllOWFoyNmI0WWVwT2t4ZFN

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir6460_1866555910\CRX_INSTALL\dasherSettingSchema.json

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):854
                                                              Entropy (8bit):4.284628987131403
                                                              Encrypted:false
                                                              SSDEEP:12:ont+QByTwnnGNcMbyWM+Q9TZldnnnGGxlF/S0WOtUL0M0r:vOrGe4dDCVGOjWJ0nr
                                                              MD5:4EC1DF2DA46182103D2FFC3B92D20CA5
                                                              SHA1:FB9D1BA3710CF31A87165317C6EDC110E98994CE
                                                              SHA-256:6C69CE0FE6FAB14F1990A320D704FEE362C175C00EB6C9224AA6F41108918CA6
                                                              SHA-512:939D81E6A82B10FF73A35C931052D8D53D42D915E526665079EEB4820DF4D70F1C6AEBAB70B59519A0014A48514833FEFD687D5A3ED1B06482223A168292105D
                                                              Malicious:false
                                                              Preview:{. "type": "object",. "properties": {. "allowedDocsOfflineDomains": {. "type": "array",. "items": {. "type": "string". },. "title": "Allow users to enable Docs offline for the specified managed domains.",. "description": "Users on managed devices will be able to enable docs offline if they are part of the specified managed domains.". },. "autoEnabledDocsOfflineDomains": {. "type": "array",. "items": {. "type": "string". },. "title": "Auto enable Docs offline for the specified managed domains in certain eligible situations.",. "description": "Users on managed devices, in certain eligible situations, will be able to automatically access and edit recent files offline for the managed domains set in this property. They can still disable it from Drive settings.". }. }.}.

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir6460_1866555910\CRX_INSTALL\manifest.json

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):2525
                                                              Entropy (8bit):5.417689528134667
                                                              Encrypted:false
                                                              SSDEEP:24:1HEZ4WPoolELb/KxktGw3VwELb/4iL2QDkUpvdz1xxy/Atj1e9yiVvQe:WdP5aLTKQGwlTLT4oRvvxs/APegiVb
                                                              MD5:10FF8E5B674311683D27CE1879384954
                                                              SHA1:9C269C14E067BB86642EB9F4816D75CF1B9B9158
                                                              SHA-256:17363162A321625358255EE939F447E9363FF2284BD35AE15470FD5318132CA9
                                                              SHA-512:4D3EB89D398A595FEA8B59AC6269A57CC96C4A0E5A5DB8C5FE70AB762E8144A5DF9AFC8756CA2E798E50778CD817CC9B0826FC2942DE31397E858DBFA1B06830
                                                              Malicious:false
                                                              Preview:{.. "author": {.. "email": "docs-hosted-app-own@google.com".. },.. "background": {.. "service_worker": "service_worker_bin_prod.js".. },.. "content_capabilities": {.. "matches": [ "https://docs.google.com/*", "https://drive.google.com/*", "https://drive-autopush.corp.google.com/*", "https://drive-daily-0.corp.google.com/*", "https://drive-daily-1.corp.google.com/*", "https://drive-daily-2.corp.google.com/*", "https://drive-daily-3.corp.google.com/*", "https://drive-daily-4.corp.google.com/*", "https://drive-daily-5.corp.google.com/*", "https://drive-daily-6.corp.google.com/*", "https://drive-preprod.corp.google.com/*", "https://drive-staging.corp.google.com/*" ],.. "permissions": [ "clipboardRead", "clipboardWrite", "unlimitedStorage" ].. },.. "content_security_policy": {.. "extension_pages": "script-src 'self'; object-src 'self'".. },.. "default_locale": "en_US",.. "description": "__MSG_extDesc__",.. "externally_connectable": {.. "ma

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir6460_1866555910\CRX_INSTALL\offscreendocument.html

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:HTML document, ASCII text
                                                              Category:dropped
                                                              Size (bytes):97
                                                              Entropy (8bit):4.862433271815736
                                                              Encrypted:false
                                                              SSDEEP:3:PouV7uJL5XL/oGLvLAAJR90bZNGXIL0Hac4NGb:hxuJL5XsOv0EmNV4HX4Qb
                                                              MD5:B747B5922A0BC74BBF0A9BC59DF7685F
                                                              SHA1:7BF124B0BE8EE2CFCD2506C1C6FFC74D1650108C
                                                              SHA-256:B9FA2D52A4FFABB438B56184131B893B04655B01F336066415D4FE839EFE64E7
                                                              SHA-512:7567761BE4054FCB31885E16D119CD4E419A423FFB83C3B3ED80BFBF64E78A73C2E97AAE4E24AB25486CD1E43877842DB0836DB58FBFBCEF495BC53F9B2A20EC
                                                              Malicious:false
                                                              Preview:<!DOCTYPE html>.<html>.<body>. <script src="offscreendocument_main.js"></script>.</body>.</html>

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir6460_1866555910\CRX_INSTALL\offscreendocument_main.js

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:ASCII text, with very long lines (4369)
                                                              Category:dropped
                                                              Size (bytes):95567
                                                              Entropy (8bit):5.4016395763198135
                                                              Encrypted:false
                                                              SSDEEP:1536:Ftd/mjDC/Hass/jCKLwPOPO2MCeYHxU2/NjAGHChg3JOzZ8:YfjCKdHm2/NbHCIJo8
                                                              MD5:09AF2D8CFA8BF1078101DA78D09C4174
                                                              SHA1:F2369551E2CDD86258062BEB0729EE4D93FCA050
                                                              SHA-256:39D113C44D45AE3609B9509ED099680CC5FCEF182FD9745B303A76E164D8BCEC
                                                              SHA-512:F791434B053FA2A5B731C60F22A4579F19FE741134EF0146E8BAC7DECAC78DE65915B3188093DBBE00F389A7F15B80172053FABB64E636DD4A945DBE3C2CF2E6
                                                              Malicious:false
                                                              Preview:'use strict';function aa(){return function(){}}function l(a){return function(){return this[a]}}var n;function ba(a){var b=0;return function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}}}var ca="function"==typeof Object.defineProperties?Object.defineProperty:function(a,b,c){if(a==Array.prototype||a==Object.prototype)return a;a[b]=c.value;return a};.function da(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("Cannot find global object");}var q=da(this);function r(a,b){if(b)a:{var c=q;a=a.split(".");for(var d=0;d<a.length-1;d++){var e=a[d];if(!(e in c))break a;c=c[e]}a=a[a.length-1];d=c[a];b=b(d);b!=d&&null!=b&&ca(c,a,{configurable:!0,writable:!0,value:b})}}.r("Symbol",function(a){function b(f){if(this instanceof b)throw new TypeError("Symbol is not a constructor");return new c(d+(f||"")+"_"+e++,f)}function c(f,

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir6460_1866555910\CRX_INSTALL\page_embed_script.js

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:ASCII text
                                                              Category:dropped
                                                              Size (bytes):291
                                                              Entropy (8bit):4.65176400421739
                                                              Encrypted:false
                                                              SSDEEP:6:2LGX86tj66rU8j6D3bWq2un/XBtzHrH9Mnj63LK603:2Q8KVqb2u/Rt3Onj1
                                                              MD5:3AB0CD0F493B1B185B42AD38AE2DD572
                                                              SHA1:079B79C2ED6F67B5A5BD9BC8C85801F96B1B0F4B
                                                              SHA-256:73E3888CCBC8E0425C3D2F8D1E6A7211F7910800EEDE7B1E23AD43D3B21173F7
                                                              SHA-512:32F9DB54654F29F39D49F7A24A1FC800DBC0D4A8A1BAB2369C6F9799BC6ADE54962EFF6010EF6D6419AE51D5B53EC4B26B6E2CDD98DEF7CC0D2ADC3A865F37D3
                                                              Malicious:false
                                                              Preview:(function(){window._docs_chrome_extension_exists=!0;window._docs_chrome_extension_features_version=2;window._docs_chrome_extension_permissions="alarms clipboardRead clipboardWrite storage unlimitedStorage offscreen".split(" ");window._docs_chrome_extension_manifest_version=3;}).call(this);.

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir6460_1866555910\CRX_INSTALL\service_worker_bin_prod.js

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:ASCII text, with very long lines (4369)
                                                              Category:dropped
                                                              Size (bytes):103988
                                                              Entropy (8bit):5.389407461078688
                                                              Encrypted:false
                                                              SSDEEP:1536:oXWJmOMsz9UqqRtjWLqj74SJf2VsxJ5BGOzr61SfwKmWGMJOaAFlObQ/x0BGm:yRqr6v3JnVzr6wwfMtkFSYm
                                                              MD5:EA946F110850F17E637B15CF22B82837
                                                              SHA1:8D27C963E76E3D2F5B8634EE66706F95F000FCAF
                                                              SHA-256:029DFE87536E8907A612900B26EEAA72C63EDF28458A7227B295AE6D4E2BD94C
                                                              SHA-512:5E8E61E648740FEF2E89A035A4349B2E4E5E4E88150EE1BDA9D4AD8D75827DC67C1C95A2CA41DF5B89DE8F575714E1A4D23BDE2DC3CF21D55DB3A39907B8F820
                                                              Malicious:false
                                                              Preview:'use strict';function k(){return function(){}}function n(a){return function(){return this[a]}}var q;function aa(a){var b=0;return function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}}}var ba="function"==typeof Object.defineProperties?Object.defineProperty:function(a,b,c){if(a==Array.prototype||a==Object.prototype)return a;a[b]=c.value;return a};.function da(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("Cannot find global object");}var r=da(this);function t(a,b){if(b)a:{var c=r;a=a.split(".");for(var d=0;d<a.length-1;d++){var e=a[d];if(!(e in c))break a;c=c[e]}a=a[a.length-1];d=c[a];b=b(d);b!=d&&null!=b&&ba(c,a,{configurable:!0,writable:!0,value:b})}}.t("Symbol",function(a){function b(f){if(this instanceof b)throw new TypeError("Symbol is not a constructor");return new c(d+(f||"")+"_"+e++,f)}function c(f,g

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir6460_220966862\CRX_INSTALL\_metadata\verified_contents.json

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):1753
                                                              Entropy (8bit):5.8889033066924155
                                                              Encrypted:false
                                                              SSDEEP:48:Pxpr7Xka2NXDpfsBJODI19Kg1JqcJW9O//JE3ZBDcpu/x:L3XgNSz9/4kIO3u3Xgpq
                                                              MD5:738E757B92939B24CDBBD0EFC2601315
                                                              SHA1:77058CBAFA625AAFBEA867052136C11AD3332143
                                                              SHA-256:D23B2BA94BA22BBB681E6362AE5870ACD8A3280FA9E7241B86A9E12982968947
                                                              SHA-512:DCA3E12DD5A9F1802DB6D11B009FCE2B787E79B9F730094367C9F26D1D87AF1EA072FF5B10888648FB1231DD83475CF45594BB0C9915B655EE363A3127A5FFC2
                                                              Malicious:false
                                                              Preview:[.. {.. "description": "treehash per file",.. "signed_content": {.. "payload": "eyJpdGVtX2lkIjoiam1qZmxnanBjcGVwZWFmbW1nZHBma29na2doY3BpaGEiLCJpdGVtX3ZlcnNpb24iOiIxLjIuMSIsInByb3RvY29sX3ZlcnNpb24iOjEsImNvbnRlbnRfaGFzaGVzIjpbeyJmb3JtYXQiOiJ0cmVlaGFzaCIsImRpZ2VzdCI6InNoYTI1NiIsImJsb2NrX3NpemUiOjQwOTYsImhhc2hfYmxvY2tfc2l6ZSI6NDA5NiwiZmlsZXMiOlt7InBhdGgiOiJjb250ZW50LmpzIiwicm9vdF9oYXNoIjoiQS13R1JtV0VpM1lybmxQNktneUdrVWJ5Q0FoTG9JZnRRZGtHUnBEcnp1QSJ9LHsicGF0aCI6ImNvbnRlbnRfbmV3LmpzIiwicm9vdF9oYXNoIjoiVU00WVRBMHc5NFlqSHVzVVJaVTFlU2FBSjFXVENKcHhHQUtXMGxhcDIzUSJ9LHsicGF0aCI6Im1hbmlmZXN0Lmpzb24iLCJyb290X2hhc2giOiJKNXYwVTkwRmN0ejBveWJMZmZuNm5TbHFLU0h2bHF2YkdWYW9FeWFOZU1zIn1dfV19",.. "signatures": [.. {.. "header": {.. "kid": "publisher".. },.. "protected": "eyJhbGciOiJSUzI1NiJ9",.. "signature": "UglEEilkOml5P1W0X6wc-_dB87PQB73uMir11923av57zPKujb4IUe_lbGpn7cRZsy6x-8i9eEKxAW7L2TSmYqrcp4XtiON6ppcf27FWACXOUJDax9wlMr-EOtyZhykCnB9vR

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir6460_220966862\CRX_INSTALL\content.js

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:Unicode text, UTF-8 text, with very long lines (8031), with no line terminators
                                                              Category:dropped
                                                              Size (bytes):9815
                                                              Entropy (8bit):6.1716321262973315
                                                              Encrypted:false
                                                              SSDEEP:192:+ThBV4L3npstQp6VRtROQGZ0UyVg4jq4HWeGBnUi65Ep4HdlyKyjFN3zEScQZBMX:+ThBVq3npozftROQIyVfjRZGB365Ey97
                                                              MD5:3D20584F7F6C8EAC79E17CCA4207FB79
                                                              SHA1:3C16DCC27AE52431C8CDD92FBAAB0341524D3092
                                                              SHA-256:0D40A5153CB66B5BDE64906CA3AE750494098F68AD0B4D091256939EEA243643
                                                              SHA-512:315D1B4CC2E70C72D7EB7D51E0F304F6E64AC13AE301FD2E46D585243A6C936B2AD35A0964745D291AE9B317C316A29760B9B9782C88CC6A68599DB531F87D59
                                                              Malicious:false
                                                              Preview:(()=>{"use strict";var e={1:(e,o)=>{Object.defineProperty(o,"__esModule",{value:!0}),o.newCwsPromotionalButtonCta=o.chromeToEdgeCwsButtonCtaMapping=void 0,o.chromeToEdgeCwsButtonCtaMapping={"...... ... Chrome":"...... ....","........ .. Chrome":".....",........:"..........",".......... .. Chrome":"..........","Chrome . .....":"...","Chrome .... ....":"....","Afegeix a Chrome":"Obt.n","Suprimeix de Chrome":"Suprimeix","P.idat do Chromu":"Z.skat","Odstranit z Chromu":"Odebrat","F.j til Chrome":"F.","Fjern fra Chrome":"Fjerne",Hinzuf.gen:"Abrufen","Aus Chrome entfernen":"Entfernen","Add to Chrome":"Get","Remove from Chrome":"Remove","A.adir a Chrome":"Obtener",Desinstalar:"Quitar","Agregar a Chrome":"Obtener","Eliminar de Chrome":"Quitar","Lisa Chrome'i":"Hangi","Chrome'ist eemaldamine":"Eemalda",.......H:"........","......... ... .. Chr

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir6460_220966862\CRX_INSTALL\content_new.js

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:Unicode text, UTF-8 text, with very long lines (8604), with no line terminators
                                                              Category:dropped
                                                              Size (bytes):10388
                                                              Entropy (8bit):6.174387413738973
                                                              Encrypted:false
                                                              SSDEEP:192:+ThBV4L3npstQp6VRtROQGZ0UyVg4jq4HWeGBnUi65Ep4HdlyKyjFN3EbmE1F4fn:+ThBVq3npozftROQIyVfjRZGB365Ey9+
                                                              MD5:3DE1E7D989C232FC1B58F4E32DE15D64
                                                              SHA1:42B152EA7E7F31A964914F344543B8BF14B5F558
                                                              SHA-256:D4AA4602A1590A4B8A1BCE8B8D670264C9FB532ADC97A72BC10C43343650385A
                                                              SHA-512:177E5BDF3A1149B0229B6297BAF7B122602F7BD753F96AA41CCF2D15B2BCF6AF368A39BB20336CCCE121645EC097F6BEDB94666C74ACB6174EB728FBFC43BC2A
                                                              Malicious:false
                                                              Preview:(()=>{"use strict";var e={1:(e,o)=>{Object.defineProperty(o,"__esModule",{value:!0}),o.newCwsPromotionalButtonCta=o.chromeToEdgeCwsButtonCtaMapping=void 0,o.chromeToEdgeCwsButtonCtaMapping={"...... ... Chrome":"...... ....","........ .. Chrome":".....",........:"..........",".......... .. Chrome":"..........","Chrome . .....":"...","Chrome .... ....":"....","Afegeix a Chrome":"Obt.n","Suprimeix de Chrome":"Suprimeix","P.idat do Chromu":"Z.skat","Odstranit z Chromu":"Odebrat","F.j til Chrome":"F.","Fjern fra Chrome":"Fjerne",Hinzuf.gen:"Abrufen","Aus Chrome entfernen":"Entfernen","Add to Chrome":"Get","Remove from Chrome":"Remove","A.adir a Chrome":"Obtener",Desinstalar:"Quitar","Agregar a Chrome":"Obtener","Eliminar de Chrome":"Quitar","Lisa Chrome'i":"Hangi","Chrome'ist eemaldamine":"Eemalda",.......H:"........","......... ... .. Chr

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir6460_220966862\CRX_INSTALL\manifest.json

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):962
                                                              Entropy (8bit):5.698567446030411
                                                              Encrypted:false
                                                              SSDEEP:24:1Hg9+D3DRnbuF2+sUrzUu+Y9VwE+Fg41T1O:NBqY+6E+F7JO
                                                              MD5:E805E9E69FD6ECDCA65136957B1FB3BE
                                                              SHA1:2356F60884130C86A45D4B232A26062C7830E622
                                                              SHA-256:5694C91F7D165C6F25DAF0825C18B373B0A81EA122C89DA60438CD487455FD6A
                                                              SHA-512:049662EF470D2B9E030A06006894041AE6F787449E4AB1FBF4959ADCB88C6BB87A957490212697815BB3627763C01B7B243CF4E3C4620173A95795884D998A75
                                                              Malicious:false
                                                              Preview:{.. "content_scripts": [ {.. "js": [ "content.js" ],.. "matches": [ "https://chrome.google.com/webstore/*" ].. }, {.. "js": [ "content_new.js" ],.. "matches": [ "https://chromewebstore.google.com/*" ].. } ],.. "description": "Edge relevant text changes on select websites to improve user experience and precisely surfaces the action they want to take.",.. "key": "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu06p2Mjoy6yJDUUjCe8Hnqvtmjll73XqcbylxFZZWe+MCEAEK+1D0Nxrp0+IuWJL02CU3jbuR5KrJYoezA36M1oSGY5lIF/9NhXWEx5GrosxcBjxqEsdWv/eDoOOEbIvIO0ziMv7T1SUnmAA07wwq8DXWYuwlkZU/PA0Mxx0aNZ5+QyMfYqRmMpwxkwPG8gyU7kmacxgCY1v7PmmZo1vSIEOBYrxl064w5Q6s/dpalSJM9qeRnvRMLsszGY/J2bjQ1F0O2JfIlBjCOUg/89+U8ZJ1mObOFrKO4um8QnenXtH0WGmsvb5qBNrvbWNPuFgr2+w5JYlpSQ+O8zUCb8QZwIDAQAB",.. "manifest_version": 3,.. "name": "Edge relevant text changes",.. "update_url": "https://edge.microsoft.com/extensionwebstorebase/v1/crx",.. "version": "1.2.1"..}..

                                                              C:\Users\user\AppData\Local\Temp\scoped_dir6460_220966862\cf7397ca-e998-463e-bd03-9b85894aaa1a.tmp

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              File Type:Google Chrome extension, version 3
                                                              Category:dropped
                                                              Size (bytes):11185
                                                              Entropy (8bit):7.951995436832936
                                                              Encrypted:false
                                                              SSDEEP:192:YEKh1jNlwQbamjq6Bcykrs3kAVg55GzVQM5F+XwsxNv7/lsoltBq0WG4ZeJTmrRb:fKT/BAzA05Gn5F+XV7NNltrWG4kJTm1b
                                                              MD5:78E47DDA17341BED7BE45DCCFD89AC87
                                                              SHA1:1AFDE30E46997452D11E4A2ADBBF35CCE7A1404F
                                                              SHA-256:67D161098BE68CD24FEBC0C7B48F515F199DDA72F20AE3BBB97FCF2542BB0550
                                                              SHA-512:9574A66D3756540479DC955C4057144283E09CAE11CE11EBCE801053BB48E536E67DC823B91895A9E3EE8D3CB27C065D5E9030C39A26CBF3F201348385B418A5
                                                              Malicious:false
                                                              Preview:Cr24..............0.."0...*.H.............0.........N.......E#......9e.u.q...VYY..@.+.C..k.O..bK.`..6.G..%.....3Z...e _.6....F..1p..K.Z......./ .3...OT..`..0...Y...FT..43.th.y...}....p.L...2S.&i.`..o...f.oH.....N..:..ijT.3.F{.0.,.f?'f.CQt;b_"Pc.. ..~S.I.c.8Z.;.....{G.a......k...>.`.o..%.$>;.....g.............jg?.R..@.:..........&..{...x@.Py..;kT....%F".S..w...N....9...A..@X.t!i.@..1;......1E..X.....[.~$....J......;=T.;)k..Y...$......S......M.P..P..>..=..u.....2p...w.9..1qw.a\A..Vj .C.....A..Cf1.r6.A...L. _m...[..l.Wr_../.. .B..9!.!+..ZG.K.......0.."0...*.H.............0.........^SUd%Q.L].......Cl2o...\[.....'*...;R=....N.C5....d. .....J.C>u.kr..Y..syJC.XS.q..E.n?....(G.5..)2.G..!.M.SS.{..U....!.EE..M[.#qs.A.1...g)nQ.c..G....Bd..7... .O.BI..KXQ..4.d.K.0......g.....-p....Z.E{...M&.~n.TE7..{0....5.#.C+3.y)pd9.e.........@..3.9..B.....I....2nX........2.?.~..S....]G.N.....Lr.O.Ve....9..D1.G..W)...P.?=.#..7.R.lz..a.wX.e..h.h.~....v..RP.@X....d.G

                                                              C:\Users\user\AppData\Local\Temp\tmpaddon

                                                              Download File
                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                              File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                                              Category:dropped
                                                              Size (bytes):453023
                                                              Entropy (8bit):7.997718157581587
                                                              Encrypted:true
                                                              SSDEEP:12288:tESTeqTI2r4ZbCgUKWKNeRcPMb6qlV7hVZe3:tEsed2Xh9/bdzZe3
                                                              MD5:85430BAED3398695717B0263807CF97C
                                                              SHA1:FFFBEE923CEA216F50FCE5D54219A188A5100F41
                                                              SHA-256:A9F4281F82B3579581C389E8583DC9F477C7FD0E20C9DFC91A2E611E21E3407E
                                                              SHA-512:06511F1F6C6D44D076B3C593528C26A602348D9C41689DBF5FF716B671C3CA5756B12CB2E5869F836DEDCE27B1A5CFE79B93C707FD01F8E84B620923BB61B5F1
                                                              Malicious:false
                                                              Preview:PK.........bN...R..........gmpopenh264.dll..|.E.0.=..I.....1....4f1q.`.........q.....'+....h*m{.z..o_.{w........$..($A!...|L...B&A2.s.{..Dd......c.U.U..9u.S...K.l`...../.d.-....|.....&....9......wn..x......i.#O.+.Y.l......+....,3.3f..\..c.SSS,............N...GG...F.'.&.:'.K.Z&.>.@.g..M...M.`...*.........ZR....^jg.G.Kb.o~va.....<Z..1.#.O.e.....D..X..i..$imBW..Q&.......P.....,M.,..:.c...-...\......*.....-i.K.I..4.a..6..*...Ov=...W..F.CH.>...a.'.x...#@f...d..u.1....OV.1o}....g.5.._.3.J.Hi.Z.ipM....b.Z....%.G..F................/..3.q..J.....o...%.g.N.*.}..).3.N%.!..q*........^I.m..~...6.#.~+.....A...I]r...x..*.<IYj....p0..`S.M@.E..f.=.;!.@.....E..E....... .0.n....Jd..d......uM.-.qI.lR..z..=}..r.D.XLZ....x.$..|c.1.cUkM.&.Qn]..a]t.h..*.!.6 7..Jd.DvKJ"Wgd*%n...w...Jni.inmr.@M.$'Z.s....#)%..Rs..:.h....R....\..t.6..'.g.........Uj+F.cr:|..!..K.W.Y...17......,....r.....>.N..3.R.Y.._\...Ir.DNJdM... .k...&V-....z.%...-...D..i..&...6....7.2T).>..0..%.&.

                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\addons.json (copy)

                                                              Download File
                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):24
                                                              Entropy (8bit):3.91829583405449
                                                              Encrypted:false
                                                              SSDEEP:3:YWGifTJE6iHQ:YWGif9EE
                                                              MD5:3088F0272D29FAA42ED452C5E8120B08
                                                              SHA1:C72AA542EF60AFA3DF5DFE1F9FCC06C0B135BE23
                                                              SHA-256:D587CEC944023447DC91BC5F71E2291711BA5ADD337464837909A26F34BC5A06
                                                              SHA-512:B662414EDD6DEF8589304904263584847586ECCA0B0E6296FB3ADB2192D92FB48697C99BD27C4375D192150E3F99102702AF2391117FFF50A9763C74C193D798
                                                              Malicious:false
                                                              Preview:{"schema":6,"addons":[]}

                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\addons.json.tmp

                                                              Download File
                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):24
                                                              Entropy (8bit):3.91829583405449
                                                              Encrypted:false
                                                              SSDEEP:3:YWGifTJE6iHQ:YWGif9EE
                                                              MD5:3088F0272D29FAA42ED452C5E8120B08
                                                              SHA1:C72AA542EF60AFA3DF5DFE1F9FCC06C0B135BE23
                                                              SHA-256:D587CEC944023447DC91BC5F71E2291711BA5ADD337464837909A26F34BC5A06
                                                              SHA-512:B662414EDD6DEF8589304904263584847586ECCA0B0E6296FB3ADB2192D92FB48697C99BD27C4375D192150E3F99102702AF2391117FFF50A9763C74C193D798
                                                              Malicious:false
                                                              Preview:{"schema":6,"addons":[]}

                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\crashes\store.json.mozlz4 (copy)

                                                              Download File
                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                              File Type:Mozilla lz4 compressed data, originally 56 bytes
                                                              Category:dropped
                                                              Size (bytes):66
                                                              Entropy (8bit):4.837595020998689
                                                              Encrypted:false
                                                              SSDEEP:3:3fX/xH8IXl/I3v0lb7iioW:vXpH1RPXt
                                                              MD5:A6338865EB252D0EF8FCF11FA9AF3F0D
                                                              SHA1:CECDD4C4DCAE10C2FFC8EB938121B6231DE48CD3
                                                              SHA-256:078648C042B9B08483CE246B7F01371072541A2E90D1BEB0C8009A6118CBD965
                                                              SHA-512:D950227AC83F4E8246D73F9F35C19E88CE65D0CA5F1EF8CCBB02ED6EFC66B1B7E683E2BA0200279D7CA4B49831FD8C3CEB0584265B10ACCFF2611EC1CA8C0C6C
                                                              Malicious:false
                                                              Preview:mozLz40.8.....{"v":1,"crashes":{},"countsByDay....rruptDate":null}

                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\crashes\store.json.mozlz4.tmp

                                                              Download File
                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                              File Type:Mozilla lz4 compressed data, originally 56 bytes
                                                              Category:dropped
                                                              Size (bytes):66
                                                              Entropy (8bit):4.837595020998689
                                                              Encrypted:false
                                                              SSDEEP:3:3fX/xH8IXl/I3v0lb7iioW:vXpH1RPXt
                                                              MD5:A6338865EB252D0EF8FCF11FA9AF3F0D
                                                              SHA1:CECDD4C4DCAE10C2FFC8EB938121B6231DE48CD3
                                                              SHA-256:078648C042B9B08483CE246B7F01371072541A2E90D1BEB0C8009A6118CBD965
                                                              SHA-512:D950227AC83F4E8246D73F9F35C19E88CE65D0CA5F1EF8CCBB02ED6EFC66B1B7E683E2BA0200279D7CA4B49831FD8C3CEB0584265B10ACCFF2611EC1CA8C0C6C
                                                              Malicious:false
                                                              Preview:mozLz40.8.....{"v":1,"crashes":{},"countsByDay....rruptDate":null}

                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\extensions.json (copy)

                                                              Download File
                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):36830
                                                              Entropy (8bit):5.185924656884556
                                                              Encrypted:false
                                                              SSDEEP:768:wI43DvfWXf4E6C4p4EC4Y4QfEWvM4B4QS4z4444XQ4U:wUfdvk
                                                              MD5:5656BA69BD2966108A461AAE35F60226
                                                              SHA1:9C2E5AE52D82CEA43C4A5FFF205A7700CF54D61C
                                                              SHA-256:587596712960B26EAC18CB354CCD633FFDB218E374A9D59EFEA843914D7AB299
                                                              SHA-512:38F715AD9156558B5D57CA2E75FB0FFE0C5C6728BD94484B8F15E090120DDD02DCE42DBC9CC7143AD6552460A5F3A40E577FAF1D76D5D40B25CDBE636F250054
                                                              Malicious:false
                                                              Preview:{"schemaVersion":35,"addons":[{"id":"formautofill@mozilla.org","syncGUID":"{60024e8e-cfd0-41e5-965d-7128c7dcf0e8}","version":"1.0.1","type":"extension","loader":null,"updateURL":null,"installOrigins":null,"manifestVersion":2,"optionsURL":null,"optionsType":null,"optionsBrowserStyle":true,"aboutURL":null,"defaultLocale":{"name":"Form Autofill","creator":null,"developers":null,"translators":null,"contributors":null},"visible":true,"active":true,"userDisabled":false,"appDisabled":false,"embedderDisabled":false,"installDate":1695865283000,"updateDate":1695865283000,"applyBackgroundUpdates":1,"path":"C:\\Program Files\\Mozilla Firefox\\browser\\features\\formautofill@mozilla.org.xpi","skinnable":false,"sourceURI":null,"releaseNotesURI":null,"softDisabled":false,"foreignInstall":false,"strictCompatibility":true,"locales":[],"targetApplications":[{"id":"toolkit@mozilla.org","minVersion":null,"maxVersion":null}],"targetPlatforms":[],"signedDate":null,"seen":true,"dependencies":[],"incognito":"

                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\extensions.json.tmp

                                                              Download File
                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):36830
                                                              Entropy (8bit):5.185924656884556
                                                              Encrypted:false
                                                              SSDEEP:768:wI43DvfWXf4E6C4p4EC4Y4QfEWvM4B4QS4z4444XQ4U:wUfdvk
                                                              MD5:5656BA69BD2966108A461AAE35F60226
                                                              SHA1:9C2E5AE52D82CEA43C4A5FFF205A7700CF54D61C
                                                              SHA-256:587596712960B26EAC18CB354CCD633FFDB218E374A9D59EFEA843914D7AB299
                                                              SHA-512:38F715AD9156558B5D57CA2E75FB0FFE0C5C6728BD94484B8F15E090120DDD02DCE42DBC9CC7143AD6552460A5F3A40E577FAF1D76D5D40B25CDBE636F250054
                                                              Malicious:false
                                                              Preview:{"schemaVersion":35,"addons":[{"id":"formautofill@mozilla.org","syncGUID":"{60024e8e-cfd0-41e5-965d-7128c7dcf0e8}","version":"1.0.1","type":"extension","loader":null,"updateURL":null,"installOrigins":null,"manifestVersion":2,"optionsURL":null,"optionsType":null,"optionsBrowserStyle":true,"aboutURL":null,"defaultLocale":{"name":"Form Autofill","creator":null,"developers":null,"translators":null,"contributors":null},"visible":true,"active":true,"userDisabled":false,"appDisabled":false,"embedderDisabled":false,"installDate":1695865283000,"updateDate":1695865283000,"applyBackgroundUpdates":1,"path":"C:\\Program Files\\Mozilla Firefox\\browser\\features\\formautofill@mozilla.org.xpi","skinnable":false,"sourceURI":null,"releaseNotesURI":null,"softDisabled":false,"foreignInstall":false,"strictCompatibility":true,"locales":[],"targetApplications":[{"id":"toolkit@mozilla.org","minVersion":null,"maxVersion":null}],"targetPlatforms":[],"signedDate":null,"seen":true,"dependencies":[],"incognito":"

                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll (copy)

                                                              Download File
                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                              Category:dropped
                                                              Size (bytes):1021904
                                                              Entropy (8bit):6.648417932394748
                                                              Encrypted:false
                                                              SSDEEP:12288:vYLdTfFKbNSjv92eFN+3wH+NYriA0Iq6lh6VawYIpAvwHN/Uf1h47HAfg1oet:vYLdTZ923NYrjwNpgwef1hzfg1x
                                                              MD5:FE3355639648C417E8307C6D051E3E37
                                                              SHA1:F54602D4B4778DA21BC97C7238FC66AA68C8EE34
                                                              SHA-256:1ED7877024BE63A049DA98733FD282C16BD620530A4FB580DACEC3A78ACE914E
                                                              SHA-512:8F4030BB2464B98ECCBEA6F06EB186D7216932702D94F6B84C56419E9CF65A18309711AB342D1513BF85AED402BC3535A70DB4395874828F0D35C278DD2EAC9C
                                                              Malicious:false
                                                              Antivirus:
                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                              Joe Sandbox View:
                                                              • Filename: file.exe, Detection: malicious, Browse
                                                              • Filename: file.exe, Detection: malicious, Browse
                                                              • Filename: file.exe, Detection: malicious, Browse
                                                              • Filename: file.exe, Detection: malicious, Browse
                                                              • Filename: file.exe, Detection: malicious, Browse
                                                              • Filename: file.exe, Detection: malicious, Browse
                                                              • Filename: file.exe, Detection: malicious, Browse
                                                              • Filename: MDE_File_Sample_775c04b737da218ea8e0cf00c15e7212960dd200.zip, Detection: malicious, Browse
                                                              • Filename: file.exe, Detection: malicious, Browse
                                                              • Filename: SecuriteInfo.com.Win32.Evo-gen.18513.13360.exe, Detection: malicious, Browse
                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......NH...)...)...)..eM...)..eM...)..eM..)..eM...)...)..i)..XA...)..XA..;)..XA...)...)..g)..cA...)..cA...)..Rich.)..........PE..d....z\.........." .....t................................................................`.........................................P...,...|...(............P...H...z.................T...........................0...................p............................text...$s.......t.................. ..`.rdata...~...........x..............@..@.data....3..........................@....pdata...H...P...J..................@..@.rodata..............^..............@..@.reloc...............j..............@..B........................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll.tmp

                                                              Download File
                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                              Category:dropped
                                                              Size (bytes):1021904
                                                              Entropy (8bit):6.648417932394748
                                                              Encrypted:false
                                                              SSDEEP:12288:vYLdTfFKbNSjv92eFN+3wH+NYriA0Iq6lh6VawYIpAvwHN/Uf1h47HAfg1oet:vYLdTZ923NYrjwNpgwef1hzfg1x
                                                              MD5:FE3355639648C417E8307C6D051E3E37
                                                              SHA1:F54602D4B4778DA21BC97C7238FC66AA68C8EE34
                                                              SHA-256:1ED7877024BE63A049DA98733FD282C16BD620530A4FB580DACEC3A78ACE914E
                                                              SHA-512:8F4030BB2464B98ECCBEA6F06EB186D7216932702D94F6B84C56419E9CF65A18309711AB342D1513BF85AED402BC3535A70DB4395874828F0D35C278DD2EAC9C
                                                              Malicious:false
                                                              Antivirus:
                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                              Joe Sandbox View:
                                                              • Filename: file.exe, Detection: malicious, Browse
                                                              • Filename: file.exe, Detection: malicious, Browse
                                                              • Filename: file.exe, Detection: malicious, Browse
                                                              • Filename: file.exe, Detection: malicious, Browse
                                                              • Filename: file.exe, Detection: malicious, Browse
                                                              • Filename: file.exe, Detection: malicious, Browse
                                                              • Filename: file.exe, Detection: malicious, Browse
                                                              • Filename: MDE_File_Sample_775c04b737da218ea8e0cf00c15e7212960dd200.zip, Detection: malicious, Browse
                                                              • Filename: file.exe, Detection: malicious, Browse
                                                              • Filename: SecuriteInfo.com.Win32.Evo-gen.18513.13360.exe, Detection: malicious, Browse
                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......NH...)...)...)..eM...)..eM...)..eM..)..eM...)...)..i)..XA...)..XA..;)..XA...)...)..g)..cA...)..cA...)..Rich.)..........PE..d....z\.........." .....t................................................................`.........................................P...,...|...(............P...H...z.................T...........................0...................p............................text...$s.......t.................. ..`.rdata...~...........x..............@..@.data....3..........................@....pdata...H...P...J..................@..@.rodata..............^..............@..@.reloc...............j..............@..B........................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info (copy)

                                                              Download File
                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                              File Type:ASCII text
                                                              Category:dropped
                                                              Size (bytes):116
                                                              Entropy (8bit):4.968220104601006
                                                              Encrypted:false
                                                              SSDEEP:3:C3OuN9RAM7VDXcEzq+rEakOvTMBv+FdBAIABv+FEn:0BDUmHlvAWeWEn
                                                              MD5:3D33CDC0B3D281E67DD52E14435DD04F
                                                              SHA1:4DB88689282FD4F9E9E6AB95FCBB23DF6E6485DB
                                                              SHA-256:F526E9F98841D987606EFEAFF7F3E017BA9FD516C4BE83890C7F9A093EA4C47B
                                                              SHA-512:A4A96743332CC8EF0F86BC2E6122618BFC75ED46781DADBAC9E580CD73DF89E74738638A2CCCB4CAA4CBBF393D771D7F2C73F825737CDB247362450A0D4A4BC1
                                                              Malicious:false
                                                              Preview:Name: gmpopenh264.Description: GMP Plugin for OpenH264..Version: 1.8.1.APIs: encode-video[h264], decode-video[h264].

                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info.tmp

                                                              Download File
                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                              File Type:ASCII text
                                                              Category:dropped
                                                              Size (bytes):116
                                                              Entropy (8bit):4.968220104601006
                                                              Encrypted:false
                                                              SSDEEP:3:C3OuN9RAM7VDXcEzq+rEakOvTMBv+FdBAIABv+FEn:0BDUmHlvAWeWEn
                                                              MD5:3D33CDC0B3D281E67DD52E14435DD04F
                                                              SHA1:4DB88689282FD4F9E9E6AB95FCBB23DF6E6485DB
                                                              SHA-256:F526E9F98841D987606EFEAFF7F3E017BA9FD516C4BE83890C7F9A093EA4C47B
                                                              SHA-512:A4A96743332CC8EF0F86BC2E6122618BFC75ED46781DADBAC9E580CD73DF89E74738638A2CCCB4CAA4CBBF393D771D7F2C73F825737CDB247362450A0D4A4BC1
                                                              Malicious:false
                                                              Preview:Name: gmpopenh264.Description: GMP Plugin for OpenH264..Version: 1.8.1.APIs: encode-video[h264], decode-video[h264].

                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\prefs-1.js

                                                              Download File
                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                              File Type:ASCII text, with very long lines (1809), with CRLF line terminators
                                                              Category:dropped
                                                              Size (bytes):11292
                                                              Entropy (8bit):5.5272886172174545
                                                              Encrypted:false
                                                              SSDEEP:192:TnaRtZYbBp6ihj4qyaaXx6KLWkfGNBw8rYSl:+egqvI7cwp0
                                                              MD5:FA6120F66F53BAE9CBD2390543FF958C
                                                              SHA1:D48EAF3EC0735EA9ADD5F193D0A41C3E8D1F56E6
                                                              SHA-256:0AEBDDC6A5711A5DB1E7B7DC9844996D62F2C7E17EA2A10ECB124E0F9443E05F
                                                              SHA-512:84B07C5C334CC819947113B367922F3EC2A044E68BCB4BD0EA7ACBF6B34DBDE6D21C8CCFCE1ABDD3164375C68D32E7D717C894652B6D997ED9C48FAB7426B0B7
                                                              Malicious:false
                                                              Preview:// Mozilla User Preferences....// DO NOT EDIT THIS FILE...//..// If you make changes to this file while the application is running,..// the changes will be overwritten when the application exits...//..// To change a preference value, you can either:..// - modify it via the UI (e.g. via about:config in the browser); or..// - set it within a user.js file in your profile.....user_pref("app.normandy.first_run", false);..user_pref("app.normandy.migrationsApplied", 12);..user_pref("app.normandy.user_id", "57f16a19-e119-4073-bf01-28f88011f783");..user_pref("app.update.auto.migrated", true);..user_pref("app.update.background.rolledout", true);..user_pref("app.update.backgroundErrors", 1);..user_pref("app.update.lastUpdateTime.addon-background-update-timer", 1725222219);..user_pref("app.update.lastUpdateTime.background-update-timer", 1725222219);..user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 0);..user_pref("app.update.lastUpdateTime.recipe-client-addon-run", 1696333830);..u

                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\prefs.js (copy)

                                                              Download File
                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                              File Type:ASCII text, with very long lines (1809), with CRLF line terminators
                                                              Category:dropped
                                                              Size (bytes):11292
                                                              Entropy (8bit):5.5272886172174545
                                                              Encrypted:false
                                                              SSDEEP:192:TnaRtZYbBp6ihj4qyaaXx6KLWkfGNBw8rYSl:+egqvI7cwp0
                                                              MD5:FA6120F66F53BAE9CBD2390543FF958C
                                                              SHA1:D48EAF3EC0735EA9ADD5F193D0A41C3E8D1F56E6
                                                              SHA-256:0AEBDDC6A5711A5DB1E7B7DC9844996D62F2C7E17EA2A10ECB124E0F9443E05F
                                                              SHA-512:84B07C5C334CC819947113B367922F3EC2A044E68BCB4BD0EA7ACBF6B34DBDE6D21C8CCFCE1ABDD3164375C68D32E7D717C894652B6D997ED9C48FAB7426B0B7
                                                              Malicious:false
                                                              Preview:// Mozilla User Preferences....// DO NOT EDIT THIS FILE...//..// If you make changes to this file while the application is running,..// the changes will be overwritten when the application exits...//..// To change a preference value, you can either:..// - modify it via the UI (e.g. via about:config in the browser); or..// - set it within a user.js file in your profile.....user_pref("app.normandy.first_run", false);..user_pref("app.normandy.migrationsApplied", 12);..user_pref("app.normandy.user_id", "57f16a19-e119-4073-bf01-28f88011f783");..user_pref("app.update.auto.migrated", true);..user_pref("app.update.background.rolledout", true);..user_pref("app.update.backgroundErrors", 1);..user_pref("app.update.lastUpdateTime.addon-background-update-timer", 1725222219);..user_pref("app.update.lastUpdateTime.background-update-timer", 1725222219);..user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 0);..user_pref("app.update.lastUpdateTime.recipe-client-addon-run", 1696333830);..u

                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\sessionCheckpoints.json (copy)

                                                              Download File
                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):53
                                                              Entropy (8bit):4.136624295551173
                                                              Encrypted:false
                                                              SSDEEP:3:YVXKQJAyiVLQwJtJDBA+AY:Y9KQOy6Lb1BA+9
                                                              MD5:EA8B62857DFDBD3D0BE7D7E4A954EC9A
                                                              SHA1:B43BC4B3EA206A02EF8F63D5BFAD0C96BF2A3B2A
                                                              SHA-256:792955295AE9C382986222C6731C5870BD0E921E7F7E34CC4615F5CD67F225DA
                                                              SHA-512:076EE83534F42563046D25086166F82E1A3EC61840C113AEC67ABE2D8195DAA247D827D0C54E7E8F8A1BBF2D082A3763577587E84342EC160FF97905243E6D19
                                                              Malicious:false
                                                              Preview:{"profile-after-change":true,"final-ui-startup":true}

                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\sessionCheckpoints.json.tmp

                                                              Download File
                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):53
                                                              Entropy (8bit):4.136624295551173
                                                              Encrypted:false
                                                              SSDEEP:3:YVXKQJAyiVLQwJtJDBA+AY:Y9KQOy6Lb1BA+9
                                                              MD5:EA8B62857DFDBD3D0BE7D7E4A954EC9A
                                                              SHA1:B43BC4B3EA206A02EF8F63D5BFAD0C96BF2A3B2A
                                                              SHA-256:792955295AE9C382986222C6731C5870BD0E921E7F7E34CC4615F5CD67F225DA
                                                              SHA-512:076EE83534F42563046D25086166F82E1A3EC61840C113AEC67ABE2D8195DAA247D827D0C54E7E8F8A1BBF2D082A3763577587E84342EC160FF97905243E6D19
                                                              Malicious:false
                                                              Preview:{"profile-after-change":true,"final-ui-startup":true}

                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\sessionstore-backups\recovery.jsonlz4 (copy)

                                                              Download File
                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                              File Type:Mozilla lz4 compressed data, originally 301 bytes
                                                              Category:dropped
                                                              Size (bytes):272
                                                              Entropy (8bit):5.479272213636878
                                                              Encrypted:false
                                                              SSDEEP:6:vXDvz2SzHs/udk+eDAWrZCMNRoGO/QqCRwbffnK3S0EhRntVD+qNzdDdCQ:vLz2S+EWDDoWqC+bfPK32hdDrd9
                                                              MD5:4A2BF1292372A7472A66DF225121AEBF
                                                              SHA1:DEB3A59AA61EE9262E138A02BFF8EABA6A8C9EFE
                                                              SHA-256:6CA0C9F1B8275544F8E63FA65E96BE057A70C890809F74AC5277EBCF65E1B60E
                                                              SHA-512:A5105470C07491BAD11731A91E3B8113DE1E703AABCDC0DE8DE1472EE9CE2570E6C09B2E1F1C1B05C36F50847DC298C62ACFA82A23B992E53E25CF1238698140
                                                              Malicious:false
                                                              Preview:mozLz40.-.....{"version":["ses....restore",1],"windows":[{"tab....],"selected":0,"_closedT..d_lastC...&GroupCount":-1,"busy":false,"chromeFlags":2167541758}d..W..5":1j..........@":{"w...Update":1725222207717,"startTim...$188386,"recentCrashes":0},"global":{},"cookies":[]}

                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\sessionstore-backups\recovery.jsonlz4.tmp

                                                              Download File
                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                              File Type:Mozilla lz4 compressed data, originally 301 bytes
                                                              Category:dropped
                                                              Size (bytes):272
                                                              Entropy (8bit):5.479272213636878
                                                              Encrypted:false
                                                              SSDEEP:6:vXDvz2SzHs/udk+eDAWrZCMNRoGO/QqCRwbffnK3S0EhRntVD+qNzdDdCQ:vLz2S+EWDDoWqC+bfPK32hdDrd9
                                                              MD5:4A2BF1292372A7472A66DF225121AEBF
                                                              SHA1:DEB3A59AA61EE9262E138A02BFF8EABA6A8C9EFE
                                                              SHA-256:6CA0C9F1B8275544F8E63FA65E96BE057A70C890809F74AC5277EBCF65E1B60E
                                                              SHA-512:A5105470C07491BAD11731A91E3B8113DE1E703AABCDC0DE8DE1472EE9CE2570E6C09B2E1F1C1B05C36F50847DC298C62ACFA82A23B992E53E25CF1238698140
                                                              Malicious:false
                                                              Preview:mozLz40.-.....{"version":["ses....restore",1],"windows":[{"tab....],"selected":0,"_closedT..d_lastC...&GroupCount":-1,"busy":false,"chromeFlags":2167541758}d..W..5":1j..........@":{"w...Update":1725222207717,"startTim...$188386,"recentCrashes":0},"global":{},"cookies":[]}

                                                              Static File Info

                                                              General

                                                              File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                              Entropy (8bit):6.579613843028075
                                                              TrID:
                                                              • Win32 Executable (generic) a (10002005/4) 99.96%
                                                              • Generic Win/DOS Executable (2004/3) 0.02%
                                                              • DOS Executable Generic (2002/1) 0.02%
                                                              • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                              File name:file.exe
                                                              File size:917'504 bytes
                                                              MD5:a80f8369905a553004098607dec0751a
                                                              SHA1:8b8e2d5a28541c1cf7bc28437470fcbb4ca3b61f
                                                              SHA256:38211db68d53f159f161beb3ae76d14437309e23d15766c14e65125b09534042
                                                              SHA512:4975d71400b7120144a9a1668b2a76155669628f65f3371cef0e3954e8dc6eeb68680b243231c5ad4826911673286d0e7817587ce218eb8aa3f989750f9fb216
                                                              SSDEEP:12288:7qDEvFo+yo4DdbbMWu/jrQu4M9lBAlKhQcDGB3cuBNGE6iOrpfe4JdaDgarTv:7qDEvCTbMWu7rQYlBQcBiT6rprG8avv
                                                              TLSH:CD159E0273D1C062FF9B92334B5AF6515BBC69260123E61F13981DB9BE701B1563E7A3
                                                              File Content Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......................j:......j:..C...j:......@.*...............................n.......~.............{.......{.......{.........z....

                                                              File Icon

                                                              Icon Hash:aaf3e3e3938382a0

                                                              Static PE Info

                                                              General

                                                              Entrypoint:0x420577
                                                              Entrypoint Section:.text
                                                              Digitally signed:false
                                                              Imagebase:0x400000
                                                              Subsystem:windows gui
                                                              Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
                                                              DLL Characteristics:DYNAMIC_BASE, TERMINAL_SERVER_AWARE
                                                              Time Stamp:0x66D4BC7D [Sun Sep 1 19:11:57 2024 UTC]
                                                              TLS Callbacks:
                                                              CLR (.Net) Version:
                                                              OS Version Major:5
                                                              OS Version Minor:1
                                                              File Version Major:5
                                                              File Version Minor:1
                                                              Subsystem Version Major:5
                                                              Subsystem Version Minor:1
                                                              Import Hash:948cc502fe9226992dce9417f952fce3

                                                              Entrypoint Preview

                                                              Instruction
                                                              call 00007F4E68B304B3h
                                                              jmp 00007F4E68B2FDBFh
                                                              push ebp
                                                              mov ebp, esp
                                                              push esi
                                                              push dword ptr [ebp+08h]
                                                              mov esi, ecx
                                                              call 00007F4E68B2FF9Dh
                                                              mov dword ptr [esi], 0049FDF0h
                                                              mov eax, esi
                                                              pop esi
                                                              pop ebp
                                                              retn 0004h
                                                              and dword ptr [ecx+04h], 00000000h
                                                              mov eax, ecx
                                                              and dword ptr [ecx+08h], 00000000h
                                                              mov dword ptr [ecx+04h], 0049FDF8h
                                                              mov dword ptr [ecx], 0049FDF0h
                                                              ret
                                                              push ebp
                                                              mov ebp, esp
                                                              push esi
                                                              push dword ptr [ebp+08h]
                                                              mov esi, ecx
                                                              call 00007F4E68B2FF6Ah
                                                              mov dword ptr [esi], 0049FE0Ch
                                                              mov eax, esi
                                                              pop esi
                                                              pop ebp
                                                              retn 0004h
                                                              and dword ptr [ecx+04h], 00000000h
                                                              mov eax, ecx
                                                              and dword ptr [ecx+08h], 00000000h
                                                              mov dword ptr [ecx+04h], 0049FE14h
                                                              mov dword ptr [ecx], 0049FE0Ch
                                                              ret
                                                              push ebp
                                                              mov ebp, esp
                                                              push esi
                                                              mov esi, ecx
                                                              lea eax, dword ptr [esi+04h]
                                                              mov dword ptr [esi], 0049FDD0h
                                                              and dword ptr [eax], 00000000h
                                                              and dword ptr [eax+04h], 00000000h
                                                              push eax
                                                              mov eax, dword ptr [ebp+08h]
                                                              add eax, 04h
                                                              push eax
                                                              call 00007F4E68B32B5Dh
                                                              pop ecx
                                                              pop ecx
                                                              mov eax, esi
                                                              pop esi
                                                              pop ebp
                                                              retn 0004h
                                                              lea eax, dword ptr [ecx+04h]
                                                              mov dword ptr [ecx], 0049FDD0h
                                                              push eax
                                                              call 00007F4E68B32BA8h
                                                              pop ecx
                                                              ret
                                                              push ebp
                                                              mov ebp, esp
                                                              push esi
                                                              mov esi, ecx
                                                              lea eax, dword ptr [esi+04h]
                                                              mov dword ptr [esi], 0049FDD0h
                                                              push eax
                                                              call 00007F4E68B32B91h
                                                              test byte ptr [ebp+08h], 00000001h
                                                              pop ecx

                                                              Rich Headers

                                                              Programming Language:
                                                              • [ C ] VS2008 SP1 build 30729
                                                              • [IMP] VS2008 SP1 build 30729

                                                              Data Directories

                                                              NameVirtual AddressVirtual Size Is in Section
                                                              IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                              IMAGE_DIRECTORY_ENTRY_IMPORT0xc8e640x17c.rdata
                                                              IMAGE_DIRECTORY_ENTRY_RESOURCE0xd40000x9500.rsrc
                                                              IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                              IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                              IMAGE_DIRECTORY_ENTRY_BASERELOC0xde0000x7594.reloc
                                                              IMAGE_DIRECTORY_ENTRY_DEBUG0xb0ff00x1c.rdata
                                                              IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                              IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                              IMAGE_DIRECTORY_ENTRY_TLS0xc34000x18.rdata
                                                              IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0xb10100x40.rdata
                                                              IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                              IMAGE_DIRECTORY_ENTRY_IAT0x9c0000x894.rdata
                                                              IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                              IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                              IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                              Sections

                                                              NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                              .text0x10000x9ab1d0x9ac000a1473f3064dcbc32ef93c5c8a90f3a6False0.565500681542811data6.668273581389308IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                              .rdata0x9c0000x2fb820x2fc00c9cf2468b60bf4f80f136ed54b3989fbFalse0.35289185209424084data5.691811547483722IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                              .data0xcc0000x706c0x480053b9025d545d65e23295e30afdbd16d9False0.04356553819444445DOS executable (block device driver @\273\)0.5846666986982398IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                              .rsrc0xd40000x95000x9600628e1763e1773fed59db05a1ee781dd9False0.28109375data5.162269031193131IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                              .reloc0xde0000x75940x7600c68ee8931a32d45eb82dc450ee40efc3False0.7628111758474576data6.7972128181359786IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                              Resources

                                                              NameRVASizeTypeLanguageCountryZLIB Complexity
                                                              RT_ICON0xd45a80x128Device independent bitmap graphic, 16 x 32 x 4, image size 192EnglishGreat Britain0.7466216216216216
                                                              RT_ICON0xd46d00x128Device independent bitmap graphic, 16 x 32 x 4, image size 128, 16 important colorsEnglishGreat Britain0.3277027027027027
                                                              RT_ICON0xd47f80x128Device independent bitmap graphic, 16 x 32 x 4, image size 192EnglishGreat Britain0.3885135135135135
                                                              RT_ICON0xd49200x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 0EnglishGreat Britain0.3333333333333333
                                                              RT_ICON0xd4c080x128Device independent bitmap graphic, 16 x 32 x 4, image size 0EnglishGreat Britain0.5
                                                              RT_ICON0xd4d300xea8Device independent bitmap graphic, 48 x 96 x 8, image size 0EnglishGreat Britain0.2835820895522388
                                                              RT_ICON0xd5bd80x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 0EnglishGreat Britain0.37906137184115524
                                                              RT_ICON0xd64800x568Device independent bitmap graphic, 16 x 32 x 8, image size 0EnglishGreat Britain0.23699421965317918
                                                              RT_ICON0xd69e80x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 0EnglishGreat Britain0.13858921161825727
                                                              RT_ICON0xd8f900x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 0EnglishGreat Britain0.25070356472795496
                                                              RT_ICON0xda0380x468Device independent bitmap graphic, 16 x 32 x 32, image size 0EnglishGreat Britain0.3173758865248227
                                                              RT_MENU0xda4a00x50dataEnglishGreat Britain0.9
                                                              RT_STRING0xda4f00x594dataEnglishGreat Britain0.3333333333333333
                                                              RT_STRING0xdaa840x68adataEnglishGreat Britain0.2735961768219833
                                                              RT_STRING0xdb1100x490dataEnglishGreat Britain0.3715753424657534
                                                              RT_STRING0xdb5a00x5fcdataEnglishGreat Britain0.3087467362924282
                                                              RT_STRING0xdbb9c0x65cdataEnglishGreat Britain0.34336609336609336
                                                              RT_STRING0xdc1f80x466dataEnglishGreat Britain0.3605683836589698
                                                              RT_STRING0xdc6600x158Matlab v4 mat-file (little endian) n, numeric, rows 0, columns 0EnglishGreat Britain0.502906976744186
                                                              RT_RCDATA0xdc7b80x7c6data1.0055276381909548
                                                              RT_GROUP_ICON0xdcf800x76dataEnglishGreat Britain0.6610169491525424
                                                              RT_GROUP_ICON0xdcff80x14dataEnglishGreat Britain1.25
                                                              RT_GROUP_ICON0xdd00c0x14dataEnglishGreat Britain1.15
                                                              RT_GROUP_ICON0xdd0200x14dataEnglishGreat Britain1.25
                                                              RT_VERSION0xdd0340xdcdataEnglishGreat Britain0.6181818181818182
                                                              RT_MANIFEST0xdd1100x3efASCII text, with CRLF line terminatorsEnglishGreat Britain0.5074478649453823

                                                              Imports

                                                              DLLImport
                                                              WSOCK32.dllgethostbyname, recv, send, socket, inet_ntoa, setsockopt, ntohs, WSACleanup, WSAStartup, sendto, htons, __WSAFDIsSet, select, accept, listen, bind, inet_addr, ioctlsocket, recvfrom, WSAGetLastError, closesocket, gethostname, connect
                                                              VERSION.dllGetFileVersionInfoW, VerQueryValueW, GetFileVersionInfoSizeW
                                                              WINMM.dlltimeGetTime, waveOutSetVolume, mciSendStringW
                                                              COMCTL32.dllImageList_ReplaceIcon, ImageList_Destroy, ImageList_Remove, ImageList_SetDragCursorImage, ImageList_BeginDrag, ImageList_DragEnter, ImageList_DragLeave, ImageList_EndDrag, ImageList_DragMove, InitCommonControlsEx, ImageList_Create
                                                              MPR.dllWNetGetConnectionW, WNetCancelConnection2W, WNetUseConnectionW, WNetAddConnection2W
                                                              WININET.dllHttpOpenRequestW, InternetCloseHandle, InternetOpenW, InternetSetOptionW, InternetCrackUrlW, HttpQueryInfoW, InternetQueryOptionW, InternetConnectW, HttpSendRequestW, FtpOpenFileW, FtpGetFileSize, InternetOpenUrlW, InternetReadFile, InternetQueryDataAvailable
                                                              PSAPI.DLLGetProcessMemoryInfo
                                                              IPHLPAPI.DLLIcmpSendEcho, IcmpCloseHandle, IcmpCreateFile
                                                              USERENV.dllDestroyEnvironmentBlock, LoadUserProfileW, CreateEnvironmentBlock, UnloadUserProfile
                                                              UxTheme.dllIsThemeActive
                                                              KERNEL32.dllDuplicateHandle, CreateThread, WaitForSingleObject, HeapAlloc, GetProcessHeap, HeapFree, Sleep, GetCurrentThreadId, MultiByteToWideChar, MulDiv, GetVersionExW, IsWow64Process, GetSystemInfo, FreeLibrary, LoadLibraryA, GetProcAddress, SetErrorMode, GetModuleFileNameW, WideCharToMultiByte, lstrcpyW, lstrlenW, GetModuleHandleW, QueryPerformanceCounter, VirtualFreeEx, OpenProcess, VirtualAllocEx, WriteProcessMemory, ReadProcessMemory, CreateFileW, SetFilePointerEx, SetEndOfFile, ReadFile, WriteFile, FlushFileBuffers, TerminateProcess, CreateToolhelp32Snapshot, Process32FirstW, Process32NextW, SetFileTime, GetFileAttributesW, FindFirstFileW, FindClose, GetLongPathNameW, GetShortPathNameW, DeleteFileW, IsDebuggerPresent, CopyFileExW, MoveFileW, CreateDirectoryW, RemoveDirectoryW, SetSystemPowerState, QueryPerformanceFrequency, LoadResource, LockResource, SizeofResource, OutputDebugStringW, GetTempPathW, GetTempFileNameW, DeviceIoControl, LoadLibraryW, GetLocalTime, CompareStringW, GetCurrentThread, EnterCriticalSection, LeaveCriticalSection, GetStdHandle, CreatePipe, InterlockedExchange, TerminateThread, LoadLibraryExW, FindResourceExW, CopyFileW, VirtualFree, FormatMessageW, GetExitCodeProcess, GetPrivateProfileStringW, WritePrivateProfileStringW, GetPrivateProfileSectionW, WritePrivateProfileSectionW, GetPrivateProfileSectionNamesW, FileTimeToLocalFileTime, FileTimeToSystemTime, SystemTimeToFileTime, LocalFileTimeToFileTime, GetDriveTypeW, GetDiskFreeSpaceExW, GetDiskFreeSpaceW, GetVolumeInformationW, SetVolumeLabelW, CreateHardLinkW, SetFileAttributesW, CreateEventW, SetEvent, GetEnvironmentVariableW, SetEnvironmentVariableW, GlobalLock, GlobalUnlock, GlobalAlloc, GetFileSize, GlobalFree, GlobalMemoryStatusEx, Beep, GetSystemDirectoryW, HeapReAlloc, HeapSize, GetComputerNameW, GetWindowsDirectoryW, GetCurrentProcessId, GetProcessIoCounters, CreateProcessW, GetProcessId, SetPriorityClass, VirtualAlloc, GetCurrentDirectoryW, lstrcmpiW, DecodePointer, GetLastError, RaiseException, InitializeCriticalSectionAndSpinCount, DeleteCriticalSection, InterlockedDecrement, InterlockedIncrement, ResetEvent, WaitForSingleObjectEx, IsProcessorFeaturePresent, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetCurrentProcess, CloseHandle, GetFullPathNameW, GetStartupInfoW, GetSystemTimeAsFileTime, InitializeSListHead, RtlUnwind, SetLastError, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, EncodePointer, ExitProcess, GetModuleHandleExW, ExitThread, ResumeThread, FreeLibraryAndExitThread, GetACP, GetDateFormatW, GetTimeFormatW, LCMapStringW, GetStringTypeW, GetFileType, SetStdHandle, GetConsoleCP, GetConsoleMode, ReadConsoleW, GetTimeZoneInformation, FindFirstFileExW, IsValidCodePage, GetOEMCP, GetCPInfo, GetCommandLineA, GetCommandLineW, GetEnvironmentStringsW, FreeEnvironmentStringsW, SetEnvironmentVariableA, SetCurrentDirectoryW, FindNextFileW, WriteConsoleW
                                                              USER32.dllGetKeyboardLayoutNameW, IsCharAlphaW, IsCharAlphaNumericW, IsCharLowerW, IsCharUpperW, GetMenuStringW, GetSubMenu, GetCaretPos, IsZoomed, GetMonitorInfoW, SetWindowLongW, SetLayeredWindowAttributes, FlashWindow, GetClassLongW, TranslateAcceleratorW, IsDialogMessageW, GetSysColor, InflateRect, DrawFocusRect, DrawTextW, FrameRect, DrawFrameControl, FillRect, PtInRect, DestroyAcceleratorTable, CreateAcceleratorTableW, SetCursor, GetWindowDC, GetSystemMetrics, GetActiveWindow, CharNextW, wsprintfW, RedrawWindow, DrawMenuBar, DestroyMenu, SetMenu, GetWindowTextLengthW, CreateMenu, IsDlgButtonChecked, DefDlgProcW, CallWindowProcW, ReleaseCapture, SetCapture, PeekMessageW, GetInputState, UnregisterHotKey, CharLowerBuffW, MonitorFromPoint, MonitorFromRect, LoadImageW, mouse_event, ExitWindowsEx, SetActiveWindow, FindWindowExW, EnumThreadWindows, SetMenuDefaultItem, InsertMenuItemW, IsMenu, ClientToScreen, GetCursorPos, DeleteMenu, CheckMenuRadioItem, GetMenuItemID, GetMenuItemCount, SetMenuItemInfoW, GetMenuItemInfoW, SetForegroundWindow, IsIconic, FindWindowW, SystemParametersInfoW, LockWindowUpdate, SendInput, GetAsyncKeyState, SetKeyboardState, GetKeyboardState, GetKeyState, VkKeyScanW, LoadStringW, DialogBoxParamW, MessageBeep, EndDialog, SendDlgItemMessageW, GetDlgItem, SetWindowTextW, CopyRect, ReleaseDC, GetDC, EndPaint, BeginPaint, GetClientRect, GetMenu, DestroyWindow, EnumWindows, GetDesktopWindow, IsWindow, IsWindowEnabled, IsWindowVisible, EnableWindow, InvalidateRect, GetWindowLongW, GetWindowThreadProcessId, AttachThreadInput, GetFocus, GetWindowTextW, SendMessageTimeoutW, EnumChildWindows, CharUpperBuffW, GetClassNameW, GetParent, GetDlgCtrlID, SendMessageW, MapVirtualKeyW, PostMessageW, GetWindowRect, SetUserObjectSecurity, CloseDesktop, CloseWindowStation, OpenDesktopW, RegisterHotKey, GetCursorInfo, SetWindowPos, CopyImage, AdjustWindowRectEx, SetRect, SetClipboardData, EmptyClipboard, CountClipboardFormats, CloseClipboard, GetClipboardData, IsClipboardFormatAvailable, OpenClipboard, BlockInput, TrackPopupMenuEx, GetMessageW, SetProcessWindowStation, GetProcessWindowStation, OpenWindowStationW, GetUserObjectSecurity, MessageBoxW, DefWindowProcW, MoveWindow, SetFocus, PostQuitMessage, KillTimer, CreatePopupMenu, RegisterWindowMessageW, SetTimer, ShowWindow, CreateWindowExW, RegisterClassExW, LoadIconW, LoadCursorW, GetSysColorBrush, GetForegroundWindow, MessageBoxA, DestroyIcon, DispatchMessageW, keybd_event, TranslateMessage, ScreenToClient
                                                              GDI32.dllEndPath, DeleteObject, GetTextExtentPoint32W, ExtCreatePen, StrokeAndFillPath, GetDeviceCaps, SetPixel, CloseFigure, LineTo, AngleArc, MoveToEx, Ellipse, CreateCompatibleBitmap, CreateCompatibleDC, PolyDraw, BeginPath, Rectangle, SetViewportOrgEx, GetObjectW, SetBkMode, RoundRect, SetBkColor, CreatePen, SelectObject, StretchBlt, CreateSolidBrush, SetTextColor, CreateFontW, GetTextFaceW, GetStockObject, CreateDCW, GetPixel, DeleteDC, GetDIBits, StrokePath
                                                              COMDLG32.dllGetSaveFileNameW, GetOpenFileNameW
                                                              ADVAPI32.dllGetAce, RegEnumValueW, RegDeleteValueW, RegDeleteKeyW, RegEnumKeyExW, RegSetValueExW, RegOpenKeyExW, RegCloseKey, RegQueryValueExW, RegConnectRegistryW, InitializeSecurityDescriptor, InitializeAcl, AdjustTokenPrivileges, OpenThreadToken, OpenProcessToken, LookupPrivilegeValueW, DuplicateTokenEx, CreateProcessAsUserW, CreateProcessWithLogonW, GetLengthSid, CopySid, LogonUserW, AllocateAndInitializeSid, CheckTokenMembership, FreeSid, GetTokenInformation, RegCreateKeyExW, GetSecurityDescriptorDacl, GetAclInformation, GetUserNameW, AddAce, SetSecurityDescriptorDacl, InitiateSystemShutdownExW
                                                              SHELL32.dllDragFinish, DragQueryPoint, ShellExecuteExW, DragQueryFileW, SHEmptyRecycleBinW, SHGetPathFromIDListW, SHBrowseForFolderW, SHCreateShellItem, SHGetDesktopFolder, SHGetSpecialFolderLocation, SHGetFolderPathW, SHFileOperationW, ExtractIconExW, Shell_NotifyIconW, ShellExecuteW
                                                              ole32.dllCoTaskMemAlloc, CoTaskMemFree, CLSIDFromString, ProgIDFromCLSID, CLSIDFromProgID, OleSetMenuDescriptor, MkParseDisplayName, OleSetContainedObject, CoCreateInstance, IIDFromString, StringFromGUID2, CreateStreamOnHGlobal, OleInitialize, OleUninitialize, CoInitialize, CoUninitialize, GetRunningObjectTable, CoGetInstanceFromFile, CoGetObject, CoInitializeSecurity, CoCreateInstanceEx, CoSetProxyBlanket
                                                              OLEAUT32.dllCreateStdDispatch, CreateDispTypeInfo, UnRegisterTypeLib, UnRegisterTypeLibForUser, RegisterTypeLibForUser, RegisterTypeLib, LoadTypeLibEx, VariantCopyInd, SysReAllocString, SysFreeString, VariantChangeType, SafeArrayDestroyData, SafeArrayUnaccessData, SafeArrayAccessData, SafeArrayAllocData, SafeArrayAllocDescriptorEx, SafeArrayCreateVector, SysStringLen, QueryPathOfRegTypeLib, SysAllocString, VariantInit, VariantClear, DispCallFunc, VariantTimeToSystemTime, VarR8FromDec, SafeArrayGetVartype, SafeArrayDestroyDescriptor, VariantCopy, OleLoadPicture

                                                              Possible Origin

                                                              Language of compilation systemCountry where language is spokenMap
                                                              EnglishGreat Britain

                                                              Network Behavior

                                                              Network Port Distribution

                                                              TCP Packets

                                                              TimestampSource PortDest PortSource IPDest IP
                                                              Sep 1, 2024 21:18:50.252549887 CEST49675443192.168.2.4173.222.162.32
                                                              Sep 1, 2024 21:18:59.862040043 CEST49675443192.168.2.4173.222.162.32
                                                              Sep 1, 2024 21:19:00.653254032 CEST49743443192.168.2.4142.250.185.161
                                                              Sep 1, 2024 21:19:00.653296947 CEST44349743142.250.185.161192.168.2.4
                                                              Sep 1, 2024 21:19:00.653485060 CEST49743443192.168.2.4142.250.185.161
                                                              Sep 1, 2024 21:19:00.653759956 CEST49743443192.168.2.4142.250.185.161
                                                              Sep 1, 2024 21:19:00.653775930 CEST44349743142.250.185.161192.168.2.4
                                                              Sep 1, 2024 21:19:01.265141010 CEST44349743142.250.185.161192.168.2.4
                                                              Sep 1, 2024 21:19:01.265608072 CEST49743443192.168.2.4142.250.185.161
                                                              Sep 1, 2024 21:19:01.265631914 CEST44349743142.250.185.161192.168.2.4
                                                              Sep 1, 2024 21:19:01.266011000 CEST44349743142.250.185.161192.168.2.4
                                                              Sep 1, 2024 21:19:01.266022921 CEST44349743142.250.185.161192.168.2.4
                                                              Sep 1, 2024 21:19:01.266072035 CEST49743443192.168.2.4142.250.185.161
                                                              Sep 1, 2024 21:19:01.266078949 CEST44349743142.250.185.161192.168.2.4
                                                              Sep 1, 2024 21:19:01.266118050 CEST49743443192.168.2.4142.250.185.161
                                                              Sep 1, 2024 21:19:01.266730070 CEST44349743142.250.185.161192.168.2.4
                                                              Sep 1, 2024 21:19:01.271034002 CEST49743443192.168.2.4142.250.185.161
                                                              Sep 1, 2024 21:19:01.271095037 CEST44349743142.250.185.161192.168.2.4
                                                              Sep 1, 2024 21:19:01.271320105 CEST49743443192.168.2.4142.250.185.161
                                                              Sep 1, 2024 21:19:01.271326065 CEST44349743142.250.185.161192.168.2.4
                                                              Sep 1, 2024 21:19:01.377007008 CEST49743443192.168.2.4142.250.185.161
                                                              Sep 1, 2024 21:19:01.517436981 CEST44349743142.250.185.161192.168.2.4
                                                              Sep 1, 2024 21:19:01.517993927 CEST44349743142.250.185.161192.168.2.4
                                                              Sep 1, 2024 21:19:01.518053055 CEST49743443192.168.2.4142.250.185.161
                                                              Sep 1, 2024 21:19:01.518074036 CEST44349743142.250.185.161192.168.2.4
                                                              Sep 1, 2024 21:19:01.525536060 CEST44349743142.250.185.161192.168.2.4
                                                              Sep 1, 2024 21:19:01.525574923 CEST49743443192.168.2.4142.250.185.161
                                                              Sep 1, 2024 21:19:01.525583029 CEST44349743142.250.185.161192.168.2.4
                                                              Sep 1, 2024 21:19:01.527158022 CEST44349743142.250.185.161192.168.2.4
                                                              Sep 1, 2024 21:19:01.527201891 CEST49743443192.168.2.4142.250.185.161
                                                              Sep 1, 2024 21:19:01.527208090 CEST44349743142.250.185.161192.168.2.4
                                                              Sep 1, 2024 21:19:01.532171965 CEST44349743142.250.185.161192.168.2.4
                                                              Sep 1, 2024 21:19:01.532215118 CEST49743443192.168.2.4142.250.185.161
                                                              Sep 1, 2024 21:19:01.532219887 CEST44349743142.250.185.161192.168.2.4
                                                              Sep 1, 2024 21:19:01.538237095 CEST44349743142.250.185.161192.168.2.4
                                                              Sep 1, 2024 21:19:01.539731979 CEST49743443192.168.2.4142.250.185.161
                                                              Sep 1, 2024 21:19:01.539738894 CEST44349743142.250.185.161192.168.2.4
                                                              Sep 1, 2024 21:19:01.544671059 CEST44349743142.250.185.161192.168.2.4
                                                              Sep 1, 2024 21:19:01.545134068 CEST49743443192.168.2.4142.250.185.161
                                                              Sep 1, 2024 21:19:01.545140982 CEST44349743142.250.185.161192.168.2.4
                                                              Sep 1, 2024 21:19:01.550226927 CEST44349743142.250.185.161192.168.2.4
                                                              Sep 1, 2024 21:19:01.550270081 CEST49743443192.168.2.4142.250.185.161
                                                              Sep 1, 2024 21:19:01.550276995 CEST44349743142.250.185.161192.168.2.4
                                                              Sep 1, 2024 21:19:01.556185961 CEST44349743142.250.185.161192.168.2.4
                                                              Sep 1, 2024 21:19:01.556224108 CEST49743443192.168.2.4142.250.185.161
                                                              Sep 1, 2024 21:19:01.556231976 CEST44349743142.250.185.161192.168.2.4
                                                              Sep 1, 2024 21:19:01.600337029 CEST44349743142.250.185.161192.168.2.4
                                                              Sep 1, 2024 21:19:01.601732969 CEST49743443192.168.2.4142.250.185.161
                                                              Sep 1, 2024 21:19:01.601743937 CEST44349743142.250.185.161192.168.2.4
                                                              Sep 1, 2024 21:19:01.603121042 CEST44349743142.250.185.161192.168.2.4
                                                              Sep 1, 2024 21:19:01.603182077 CEST49743443192.168.2.4142.250.185.161
                                                              Sep 1, 2024 21:19:01.603188992 CEST44349743142.250.185.161192.168.2.4
                                                              Sep 1, 2024 21:19:01.608462095 CEST44349743142.250.185.161192.168.2.4
                                                              Sep 1, 2024 21:19:01.608500957 CEST49743443192.168.2.4142.250.185.161
                                                              Sep 1, 2024 21:19:01.608508110 CEST44349743142.250.185.161192.168.2.4
                                                              Sep 1, 2024 21:19:01.614578009 CEST44349743142.250.185.161192.168.2.4
                                                              Sep 1, 2024 21:19:01.614708900 CEST49743443192.168.2.4142.250.185.161
                                                              Sep 1, 2024 21:19:01.614716053 CEST44349743142.250.185.161192.168.2.4
                                                              Sep 1, 2024 21:19:01.620474100 CEST44349743142.250.185.161192.168.2.4
                                                              Sep 1, 2024 21:19:01.623245955 CEST49743443192.168.2.4142.250.185.161
                                                              Sep 1, 2024 21:19:01.623255014 CEST44349743142.250.185.161192.168.2.4
                                                              Sep 1, 2024 21:19:01.626841068 CEST44349743142.250.185.161192.168.2.4
                                                              Sep 1, 2024 21:19:01.626882076 CEST49743443192.168.2.4142.250.185.161
                                                              Sep 1, 2024 21:19:01.626888990 CEST44349743142.250.185.161192.168.2.4
                                                              Sep 1, 2024 21:19:01.632420063 CEST44349743142.250.185.161192.168.2.4
                                                              Sep 1, 2024 21:19:01.632909060 CEST49743443192.168.2.4142.250.185.161
                                                              Sep 1, 2024 21:19:01.632915020 CEST44349743142.250.185.161192.168.2.4
                                                              Sep 1, 2024 21:19:01.638885021 CEST44349743142.250.185.161192.168.2.4
                                                              Sep 1, 2024 21:19:01.641122103 CEST49743443192.168.2.4142.250.185.161
                                                              Sep 1, 2024 21:19:01.641129017 CEST44349743142.250.185.161192.168.2.4
                                                              Sep 1, 2024 21:19:01.644325018 CEST44349743142.250.185.161192.168.2.4
                                                              Sep 1, 2024 21:19:01.647661924 CEST49743443192.168.2.4142.250.185.161
                                                              Sep 1, 2024 21:19:01.647666931 CEST44349743142.250.185.161192.168.2.4
                                                              Sep 1, 2024 21:19:01.650629997 CEST44349743142.250.185.161192.168.2.4
                                                              Sep 1, 2024 21:19:01.651398897 CEST49743443192.168.2.4142.250.185.161
                                                              Sep 1, 2024 21:19:01.651403904 CEST44349743142.250.185.161192.168.2.4
                                                              Sep 1, 2024 21:19:01.655858994 CEST44349743142.250.185.161192.168.2.4
                                                              Sep 1, 2024 21:19:01.655934095 CEST49743443192.168.2.4142.250.185.161
                                                              Sep 1, 2024 21:19:01.655940056 CEST44349743142.250.185.161192.168.2.4
                                                              Sep 1, 2024 21:19:01.660825014 CEST44349743142.250.185.161192.168.2.4
                                                              Sep 1, 2024 21:19:01.660868883 CEST49743443192.168.2.4142.250.185.161
                                                              Sep 1, 2024 21:19:01.660875082 CEST44349743142.250.185.161192.168.2.4
                                                              Sep 1, 2024 21:19:01.665785074 CEST44349743142.250.185.161192.168.2.4
                                                              Sep 1, 2024 21:19:01.667244911 CEST49743443192.168.2.4142.250.185.161
                                                              Sep 1, 2024 21:19:01.667251110 CEST44349743142.250.185.161192.168.2.4
                                                              Sep 1, 2024 21:19:01.671226025 CEST44349743142.250.185.161192.168.2.4
                                                              Sep 1, 2024 21:19:01.671286106 CEST49743443192.168.2.4142.250.185.161
                                                              Sep 1, 2024 21:19:01.671293020 CEST44349743142.250.185.161192.168.2.4
                                                              Sep 1, 2024 21:19:01.676057100 CEST44349743142.250.185.161192.168.2.4
                                                              Sep 1, 2024 21:19:01.676112890 CEST49743443192.168.2.4142.250.185.161
                                                              Sep 1, 2024 21:19:01.676120043 CEST44349743142.250.185.161192.168.2.4
                                                              Sep 1, 2024 21:19:01.681240082 CEST44349743142.250.185.161192.168.2.4
                                                              Sep 1, 2024 21:19:01.681298971 CEST49743443192.168.2.4142.250.185.161
                                                              Sep 1, 2024 21:19:01.681307077 CEST44349743142.250.185.161192.168.2.4
                                                              Sep 1, 2024 21:19:01.686425924 CEST44349743142.250.185.161192.168.2.4
                                                              Sep 1, 2024 21:19:01.686477900 CEST49743443192.168.2.4142.250.185.161
                                                              Sep 1, 2024 21:19:01.686486959 CEST44349743142.250.185.161192.168.2.4
                                                              Sep 1, 2024 21:19:01.690291882 CEST44349743142.250.185.161192.168.2.4
                                                              Sep 1, 2024 21:19:01.690335989 CEST49743443192.168.2.4142.250.185.161
                                                              Sep 1, 2024 21:19:01.690345049 CEST44349743142.250.185.161192.168.2.4
                                                              Sep 1, 2024 21:19:01.693948984 CEST44349743142.250.185.161192.168.2.4
                                                              Sep 1, 2024 21:19:01.693998098 CEST49743443192.168.2.4142.250.185.161
                                                              Sep 1, 2024 21:19:01.694005013 CEST44349743142.250.185.161192.168.2.4
                                                              Sep 1, 2024 21:19:01.697844028 CEST44349743142.250.185.161192.168.2.4
                                                              Sep 1, 2024 21:19:01.697886944 CEST49743443192.168.2.4142.250.185.161
                                                              Sep 1, 2024 21:19:01.697891951 CEST44349743142.250.185.161192.168.2.4
                                                              Sep 1, 2024 21:19:01.701042891 CEST44349743142.250.185.161192.168.2.4
                                                              Sep 1, 2024 21:19:01.701112032 CEST49743443192.168.2.4142.250.185.161
                                                              Sep 1, 2024 21:19:01.701116085 CEST44349743142.250.185.161192.168.2.4
                                                              Sep 1, 2024 21:19:01.704104900 CEST44349743142.250.185.161192.168.2.4
                                                              Sep 1, 2024 21:19:01.704153061 CEST49743443192.168.2.4142.250.185.161
                                                              Sep 1, 2024 21:19:01.704159021 CEST44349743142.250.185.161192.168.2.4
                                                              Sep 1, 2024 21:19:01.707422972 CEST44349743142.250.185.161192.168.2.4
                                                              Sep 1, 2024 21:19:01.707468987 CEST49743443192.168.2.4142.250.185.161
                                                              Sep 1, 2024 21:19:01.707475901 CEST44349743142.250.185.161192.168.2.4
                                                              Sep 1, 2024 21:19:01.710998058 CEST44349743142.250.185.161192.168.2.4
                                                              Sep 1, 2024 21:19:01.711047888 CEST49743443192.168.2.4142.250.185.161
                                                              Sep 1, 2024 21:19:01.711052895 CEST44349743142.250.185.161192.168.2.4
                                                              Sep 1, 2024 21:19:01.714344978 CEST44349743142.250.185.161192.168.2.4
                                                              Sep 1, 2024 21:19:01.716164112 CEST49743443192.168.2.4142.250.185.161
                                                              Sep 1, 2024 21:19:01.716171980 CEST44349743142.250.185.161192.168.2.4
                                                              Sep 1, 2024 21:19:01.717497110 CEST44349743142.250.185.161192.168.2.4
                                                              Sep 1, 2024 21:19:01.720554113 CEST44349743142.250.185.161192.168.2.4
                                                              Sep 1, 2024 21:19:01.720607996 CEST49743443192.168.2.4142.250.185.161
                                                              Sep 1, 2024 21:19:01.720618010 CEST44349743142.250.185.161192.168.2.4
                                                              Sep 1, 2024 21:19:01.720659018 CEST49743443192.168.2.4142.250.185.161
                                                              Sep 1, 2024 21:19:01.720714092 CEST44349743142.250.185.161192.168.2.4
                                                              Sep 1, 2024 21:19:01.724126101 CEST44349743142.250.185.161192.168.2.4
                                                              Sep 1, 2024 21:19:01.725141048 CEST49743443192.168.2.4142.250.185.161
                                                              Sep 1, 2024 21:19:01.725150108 CEST44349743142.250.185.161192.168.2.4
                                                              Sep 1, 2024 21:19:01.727557898 CEST44349743142.250.185.161192.168.2.4
                                                              Sep 1, 2024 21:19:01.728142977 CEST49743443192.168.2.4142.250.185.161
                                                              Sep 1, 2024 21:19:01.728148937 CEST44349743142.250.185.161192.168.2.4
                                                              Sep 1, 2024 21:19:01.730726957 CEST44349743142.250.185.161192.168.2.4
                                                              Sep 1, 2024 21:19:01.733930111 CEST44349743142.250.185.161192.168.2.4
                                                              Sep 1, 2024 21:19:01.733982086 CEST49743443192.168.2.4142.250.185.161
                                                              Sep 1, 2024 21:19:01.733989000 CEST44349743142.250.185.161192.168.2.4
                                                              Sep 1, 2024 21:19:01.734045029 CEST49743443192.168.2.4142.250.185.161
                                                              Sep 1, 2024 21:19:01.734107971 CEST44349743142.250.185.161192.168.2.4
                                                              Sep 1, 2024 21:19:01.737397909 CEST44349743142.250.185.161192.168.2.4
                                                              Sep 1, 2024 21:19:01.738133907 CEST49743443192.168.2.4142.250.185.161
                                                              Sep 1, 2024 21:19:01.738146067 CEST44349743142.250.185.161192.168.2.4
                                                              Sep 1, 2024 21:19:01.740631104 CEST44349743142.250.185.161192.168.2.4
                                                              Sep 1, 2024 21:19:01.740925074 CEST49743443192.168.2.4142.250.185.161
                                                              Sep 1, 2024 21:19:01.740931034 CEST44349743142.250.185.161192.168.2.4
                                                              Sep 1, 2024 21:19:01.744316101 CEST44349743142.250.185.161192.168.2.4
                                                              Sep 1, 2024 21:19:01.744388103 CEST49743443192.168.2.4142.250.185.161
                                                              Sep 1, 2024 21:19:01.744395018 CEST44349743142.250.185.161192.168.2.4
                                                              Sep 1, 2024 21:19:01.748287916 CEST44349743142.250.185.161192.168.2.4
                                                              Sep 1, 2024 21:19:01.748364925 CEST49743443192.168.2.4142.250.185.161
                                                              Sep 1, 2024 21:19:01.748373032 CEST44349743142.250.185.161192.168.2.4
                                                              Sep 1, 2024 21:19:01.750696898 CEST44349743142.250.185.161192.168.2.4
                                                              Sep 1, 2024 21:19:01.750760078 CEST49743443192.168.2.4142.250.185.161
                                                              Sep 1, 2024 21:19:01.750766039 CEST44349743142.250.185.161192.168.2.4
                                                              Sep 1, 2024 21:19:01.754452944 CEST44349743142.250.185.161192.168.2.4
                                                              Sep 1, 2024 21:19:01.754720926 CEST49743443192.168.2.4142.250.185.161
                                                              Sep 1, 2024 21:19:01.754729033 CEST44349743142.250.185.161192.168.2.4
                                                              Sep 1, 2024 21:19:01.757164955 CEST44349743142.250.185.161192.168.2.4
                                                              Sep 1, 2024 21:19:01.757230997 CEST49743443192.168.2.4142.250.185.161
                                                              Sep 1, 2024 21:19:01.757236958 CEST44349743142.250.185.161192.168.2.4
                                                              Sep 1, 2024 21:19:01.760202885 CEST44349743142.250.185.161192.168.2.4
                                                              Sep 1, 2024 21:19:01.760267973 CEST49743443192.168.2.4142.250.185.161
                                                              Sep 1, 2024 21:19:01.760273933 CEST44349743142.250.185.161192.168.2.4
                                                              Sep 1, 2024 21:19:01.762964010 CEST44349743142.250.185.161192.168.2.4
                                                              Sep 1, 2024 21:19:01.763027906 CEST49743443192.168.2.4142.250.185.161
                                                              Sep 1, 2024 21:19:01.763034105 CEST44349743142.250.185.161192.168.2.4
                                                              Sep 1, 2024 21:19:01.766026974 CEST44349743142.250.185.161192.168.2.4
                                                              Sep 1, 2024 21:19:01.766066074 CEST49743443192.168.2.4142.250.185.161
                                                              Sep 1, 2024 21:19:01.766069889 CEST44349743142.250.185.161192.168.2.4
                                                              Sep 1, 2024 21:19:01.768811941 CEST44349743142.250.185.161192.168.2.4
                                                              Sep 1, 2024 21:19:01.768872023 CEST49743443192.168.2.4142.250.185.161
                                                              Sep 1, 2024 21:19:01.768877029 CEST44349743142.250.185.161192.168.2.4
                                                              Sep 1, 2024 21:19:01.768964052 CEST44349743142.250.185.161192.168.2.4
                                                              Sep 1, 2024 21:19:01.769011021 CEST49743443192.168.2.4142.250.185.161
                                                              Sep 1, 2024 21:19:02.052695036 CEST49743443192.168.2.4142.250.185.161
                                                              Sep 1, 2024 21:19:02.060015917 CEST49743443192.168.2.4142.250.185.161
                                                              Sep 1, 2024 21:19:02.060031891 CEST44349743142.250.185.161192.168.2.4
                                                              Sep 1, 2024 21:19:03.357208014 CEST49754443192.168.2.4172.64.41.3
                                                              Sep 1, 2024 21:19:03.357289076 CEST44349754172.64.41.3192.168.2.4
                                                              Sep 1, 2024 21:19:03.357512951 CEST49755443192.168.2.4172.64.41.3
                                                              Sep 1, 2024 21:19:03.357548952 CEST44349755172.64.41.3192.168.2.4
                                                              Sep 1, 2024 21:19:03.359363079 CEST49754443192.168.2.4172.64.41.3
                                                              Sep 1, 2024 21:19:03.359399080 CEST49755443192.168.2.4172.64.41.3
                                                              Sep 1, 2024 21:19:03.359528065 CEST49755443192.168.2.4172.64.41.3
                                                              Sep 1, 2024 21:19:03.359539032 CEST44349755172.64.41.3192.168.2.4
                                                              Sep 1, 2024 21:19:03.359659910 CEST49754443192.168.2.4172.64.41.3
                                                              Sep 1, 2024 21:19:03.359677076 CEST44349754172.64.41.3192.168.2.4
                                                              Sep 1, 2024 21:19:03.360275984 CEST49757443192.168.2.435.190.72.216
                                                              Sep 1, 2024 21:19:03.360305071 CEST4434975735.190.72.216192.168.2.4
                                                              Sep 1, 2024 21:19:03.361486912 CEST49757443192.168.2.435.190.72.216
                                                              Sep 1, 2024 21:19:03.368227005 CEST49757443192.168.2.435.190.72.216
                                                              Sep 1, 2024 21:19:03.368237972 CEST4434975735.190.72.216192.168.2.4
                                                              Sep 1, 2024 21:19:03.518294096 CEST49758443192.168.2.4172.64.41.3
                                                              Sep 1, 2024 21:19:03.518335104 CEST44349758172.64.41.3192.168.2.4
                                                              Sep 1, 2024 21:19:03.518646955 CEST49758443192.168.2.4172.64.41.3
                                                              Sep 1, 2024 21:19:03.519447088 CEST49758443192.168.2.4172.64.41.3
                                                              Sep 1, 2024 21:19:03.519460917 CEST44349758172.64.41.3192.168.2.4
                                                              Sep 1, 2024 21:19:03.796051979 CEST44349754172.64.41.3192.168.2.4
                                                              Sep 1, 2024 21:19:03.797621965 CEST44349755172.64.41.3192.168.2.4
                                                              Sep 1, 2024 21:19:03.801983118 CEST49754443192.168.2.4172.64.41.3
                                                              Sep 1, 2024 21:19:03.801995993 CEST44349754172.64.41.3192.168.2.4
                                                              Sep 1, 2024 21:19:03.803066015 CEST44349754172.64.41.3192.168.2.4
                                                              Sep 1, 2024 21:19:03.804510117 CEST49755443192.168.2.4172.64.41.3
                                                              Sep 1, 2024 21:19:03.804517984 CEST44349755172.64.41.3192.168.2.4
                                                              Sep 1, 2024 21:19:03.805383921 CEST44349755172.64.41.3192.168.2.4
                                                              Sep 1, 2024 21:19:03.805644035 CEST49754443192.168.2.4172.64.41.3
                                                              Sep 1, 2024 21:19:03.806051970 CEST49755443192.168.2.4172.64.41.3
                                                              Sep 1, 2024 21:19:03.817450047 CEST49755443192.168.2.4172.64.41.3
                                                              Sep 1, 2024 21:19:03.817524910 CEST44349755172.64.41.3192.168.2.4
                                                              Sep 1, 2024 21:19:03.818095922 CEST49754443192.168.2.4172.64.41.3
                                                              Sep 1, 2024 21:19:03.818183899 CEST44349754172.64.41.3192.168.2.4
                                                              Sep 1, 2024 21:19:03.818218946 CEST49755443192.168.2.4172.64.41.3
                                                              Sep 1, 2024 21:19:03.818260908 CEST49754443192.168.2.4172.64.41.3
                                                              Sep 1, 2024 21:19:03.824706078 CEST4434975735.190.72.216192.168.2.4
                                                              Sep 1, 2024 21:19:03.833467960 CEST49757443192.168.2.435.190.72.216
                                                              Sep 1, 2024 21:19:03.843584061 CEST49757443192.168.2.435.190.72.216
                                                              Sep 1, 2024 21:19:03.843600988 CEST4434975735.190.72.216192.168.2.4
                                                              Sep 1, 2024 21:19:03.843719959 CEST49757443192.168.2.435.190.72.216
                                                              Sep 1, 2024 21:19:03.843916893 CEST4434975735.190.72.216192.168.2.4
                                                              Sep 1, 2024 21:19:03.846450090 CEST49757443192.168.2.435.190.72.216
                                                              Sep 1, 2024 21:19:03.860503912 CEST44349754172.64.41.3192.168.2.4
                                                              Sep 1, 2024 21:19:03.864499092 CEST44349755172.64.41.3192.168.2.4
                                                              Sep 1, 2024 21:19:03.879580021 CEST49755443192.168.2.4172.64.41.3
                                                              Sep 1, 2024 21:19:03.879585028 CEST44349755172.64.41.3192.168.2.4
                                                              Sep 1, 2024 21:19:03.918291092 CEST44349755172.64.41.3192.168.2.4
                                                              Sep 1, 2024 21:19:03.918517113 CEST44349754172.64.41.3192.168.2.4
                                                              Sep 1, 2024 21:19:03.920614958 CEST49755443192.168.2.4172.64.41.3
                                                              Sep 1, 2024 21:19:03.920831919 CEST49755443192.168.2.4172.64.41.3
                                                              Sep 1, 2024 21:19:03.920845985 CEST44349755172.64.41.3192.168.2.4
                                                              Sep 1, 2024 21:19:03.920896053 CEST49754443192.168.2.4172.64.41.3
                                                              Sep 1, 2024 21:19:03.921341896 CEST49754443192.168.2.4172.64.41.3
                                                              Sep 1, 2024 21:19:03.921351910 CEST44349754172.64.41.3192.168.2.4
                                                              Sep 1, 2024 21:19:03.951620102 CEST44349758172.64.41.3192.168.2.4
                                                              Sep 1, 2024 21:19:03.952162981 CEST49758443192.168.2.4172.64.41.3
                                                              Sep 1, 2024 21:19:03.952169895 CEST44349758172.64.41.3192.168.2.4
                                                              Sep 1, 2024 21:19:03.953037024 CEST44349758172.64.41.3192.168.2.4
                                                              Sep 1, 2024 21:19:03.953228951 CEST49758443192.168.2.4172.64.41.3
                                                              Sep 1, 2024 21:19:03.954031944 CEST49758443192.168.2.4172.64.41.3
                                                              Sep 1, 2024 21:19:03.954086065 CEST44349758172.64.41.3192.168.2.4
                                                              Sep 1, 2024 21:19:03.954175949 CEST49758443192.168.2.4172.64.41.3
                                                              Sep 1, 2024 21:19:03.997159958 CEST49758443192.168.2.4172.64.41.3
                                                              Sep 1, 2024 21:19:03.997169971 CEST44349758172.64.41.3192.168.2.4
                                                              Sep 1, 2024 21:19:04.079371929 CEST44349758172.64.41.3192.168.2.4
                                                              Sep 1, 2024 21:19:04.082398891 CEST49758443192.168.2.4172.64.41.3
                                                              Sep 1, 2024 21:19:04.082443953 CEST49758443192.168.2.4172.64.41.3
                                                              Sep 1, 2024 21:19:04.082453966 CEST44349758172.64.41.3192.168.2.4
                                                              Sep 1, 2024 21:19:04.311723948 CEST49759443192.168.2.4172.64.41.3
                                                              Sep 1, 2024 21:19:04.311750889 CEST44349759172.64.41.3192.168.2.4
                                                              Sep 1, 2024 21:19:04.311928988 CEST49760443192.168.2.4172.64.41.3
                                                              Sep 1, 2024 21:19:04.311944008 CEST44349760172.64.41.3192.168.2.4
                                                              Sep 1, 2024 21:19:04.313801050 CEST49760443192.168.2.4172.64.41.3
                                                              Sep 1, 2024 21:19:04.313801050 CEST49759443192.168.2.4172.64.41.3
                                                              Sep 1, 2024 21:19:04.314274073 CEST49760443192.168.2.4172.64.41.3
                                                              Sep 1, 2024 21:19:04.314289093 CEST44349760172.64.41.3192.168.2.4
                                                              Sep 1, 2024 21:19:04.314486980 CEST49759443192.168.2.4172.64.41.3
                                                              Sep 1, 2024 21:19:04.314497948 CEST44349759172.64.41.3192.168.2.4
                                                              Sep 1, 2024 21:19:04.698209047 CEST49761443192.168.2.420.96.153.111
                                                              Sep 1, 2024 21:19:04.698235035 CEST4434976120.96.153.111192.168.2.4
                                                              Sep 1, 2024 21:19:04.698874950 CEST49762443192.168.2.413.107.246.40
                                                              Sep 1, 2024 21:19:04.698911905 CEST4434976213.107.246.40192.168.2.4
                                                              Sep 1, 2024 21:19:04.699014902 CEST49763443192.168.2.413.107.246.40
                                                              Sep 1, 2024 21:19:04.699043989 CEST4434976313.107.246.40192.168.2.4
                                                              Sep 1, 2024 21:19:04.699117899 CEST49764443192.168.2.413.107.246.40
                                                              Sep 1, 2024 21:19:04.699125051 CEST4434976413.107.246.40192.168.2.4
                                                              Sep 1, 2024 21:19:04.699143887 CEST49761443192.168.2.420.96.153.111
                                                              Sep 1, 2024 21:19:04.699151039 CEST49762443192.168.2.413.107.246.40
                                                              Sep 1, 2024 21:19:04.699223995 CEST49763443192.168.2.413.107.246.40
                                                              Sep 1, 2024 21:19:04.699372053 CEST49761443192.168.2.420.96.153.111
                                                              Sep 1, 2024 21:19:04.699383974 CEST4434976120.96.153.111192.168.2.4
                                                              Sep 1, 2024 21:19:04.699464083 CEST49762443192.168.2.413.107.246.40
                                                              Sep 1, 2024 21:19:04.699474096 CEST4434976213.107.246.40192.168.2.4
                                                              Sep 1, 2024 21:19:04.699551105 CEST49763443192.168.2.413.107.246.40
                                                              Sep 1, 2024 21:19:04.699563980 CEST4434976313.107.246.40192.168.2.4
                                                              Sep 1, 2024 21:19:04.701152086 CEST49764443192.168.2.413.107.246.40
                                                              Sep 1, 2024 21:19:04.701456070 CEST49764443192.168.2.413.107.246.40
                                                              Sep 1, 2024 21:19:04.701462984 CEST4434976413.107.246.40192.168.2.4
                                                              Sep 1, 2024 21:19:04.742844105 CEST6038053192.168.2.41.1.1.1
                                                              Sep 1, 2024 21:19:04.747622013 CEST53603801.1.1.1192.168.2.4
                                                              Sep 1, 2024 21:19:04.750951052 CEST44349759172.64.41.3192.168.2.4
                                                              Sep 1, 2024 21:19:04.753614902 CEST6038053192.168.2.41.1.1.1
                                                              Sep 1, 2024 21:19:04.756984949 CEST49759443192.168.2.4172.64.41.3
                                                              Sep 1, 2024 21:19:04.756994963 CEST44349759172.64.41.3192.168.2.4
                                                              Sep 1, 2024 21:19:04.757430077 CEST44349759172.64.41.3192.168.2.4
                                                              Sep 1, 2024 21:19:04.766381979 CEST44349760172.64.41.3192.168.2.4
                                                              Sep 1, 2024 21:19:04.768539906 CEST49759443192.168.2.4172.64.41.3
                                                              Sep 1, 2024 21:19:04.768620968 CEST44349759172.64.41.3192.168.2.4
                                                              Sep 1, 2024 21:19:04.771294117 CEST49760443192.168.2.4172.64.41.3
                                                              Sep 1, 2024 21:19:04.771305084 CEST44349760172.64.41.3192.168.2.4
                                                              Sep 1, 2024 21:19:04.771716118 CEST44349760172.64.41.3192.168.2.4
                                                              Sep 1, 2024 21:19:04.776675940 CEST49760443192.168.2.4172.64.41.3
                                                              Sep 1, 2024 21:19:04.776751995 CEST44349760172.64.41.3192.168.2.4
                                                              Sep 1, 2024 21:19:04.788692951 CEST60381443192.168.2.4184.28.90.27
                                                              Sep 1, 2024 21:19:04.788719893 CEST44360381184.28.90.27192.168.2.4
                                                              Sep 1, 2024 21:19:04.789107084 CEST6038053192.168.2.41.1.1.1
                                                              Sep 1, 2024 21:19:04.790185928 CEST60381443192.168.2.4184.28.90.27
                                                              Sep 1, 2024 21:19:04.792465925 CEST60381443192.168.2.4184.28.90.27
                                                              Sep 1, 2024 21:19:04.792478085 CEST44360381184.28.90.27192.168.2.4
                                                              Sep 1, 2024 21:19:04.793875933 CEST53603801.1.1.1192.168.2.4
                                                              Sep 1, 2024 21:19:04.876765966 CEST49759443192.168.2.4172.64.41.3
                                                              Sep 1, 2024 21:19:04.876771927 CEST49760443192.168.2.4172.64.41.3
                                                              Sep 1, 2024 21:19:05.198847055 CEST53603801.1.1.1192.168.2.4
                                                              Sep 1, 2024 21:19:05.217611074 CEST6038053192.168.2.41.1.1.1
                                                              Sep 1, 2024 21:19:05.223366022 CEST53603801.1.1.1192.168.2.4
                                                              Sep 1, 2024 21:19:05.223531961 CEST6038053192.168.2.41.1.1.1
                                                              Sep 1, 2024 21:19:05.277179003 CEST4434976120.96.153.111192.168.2.4
                                                              Sep 1, 2024 21:19:05.280389071 CEST49761443192.168.2.420.96.153.111
                                                              Sep 1, 2024 21:19:05.280395985 CEST4434976120.96.153.111192.168.2.4
                                                              Sep 1, 2024 21:19:05.281464100 CEST4434976120.96.153.111192.168.2.4
                                                              Sep 1, 2024 21:19:05.283565044 CEST49761443192.168.2.420.96.153.111
                                                              Sep 1, 2024 21:19:05.284651041 CEST49761443192.168.2.420.96.153.111
                                                              Sep 1, 2024 21:19:05.284715891 CEST4434976120.96.153.111192.168.2.4
                                                              Sep 1, 2024 21:19:05.285078049 CEST49761443192.168.2.420.96.153.111
                                                              Sep 1, 2024 21:19:05.307790995 CEST4434976413.107.246.40192.168.2.4
                                                              Sep 1, 2024 21:19:05.308300018 CEST49764443192.168.2.413.107.246.40
                                                              Sep 1, 2024 21:19:05.308320045 CEST4434976413.107.246.40192.168.2.4
                                                              Sep 1, 2024 21:19:05.309334993 CEST4434976413.107.246.40192.168.2.4
                                                              Sep 1, 2024 21:19:05.309508085 CEST49764443192.168.2.413.107.246.40
                                                              Sep 1, 2024 21:19:05.310436964 CEST49764443192.168.2.413.107.246.40
                                                              Sep 1, 2024 21:19:05.310494900 CEST4434976413.107.246.40192.168.2.4
                                                              Sep 1, 2024 21:19:05.310589075 CEST49764443192.168.2.413.107.246.40
                                                              Sep 1, 2024 21:19:05.318348885 CEST4434976313.107.246.40192.168.2.4
                                                              Sep 1, 2024 21:19:05.320597887 CEST49763443192.168.2.413.107.246.40
                                                              Sep 1, 2024 21:19:05.320620060 CEST4434976313.107.246.40192.168.2.4
                                                              Sep 1, 2024 21:19:05.321770906 CEST4434976313.107.246.40192.168.2.4
                                                              Sep 1, 2024 21:19:05.321892977 CEST49763443192.168.2.413.107.246.40
                                                              Sep 1, 2024 21:19:05.322165012 CEST49763443192.168.2.413.107.246.40
                                                              Sep 1, 2024 21:19:05.322232962 CEST4434976313.107.246.40192.168.2.4
                                                              Sep 1, 2024 21:19:05.322284937 CEST49763443192.168.2.413.107.246.40
                                                              Sep 1, 2024 21:19:05.328510046 CEST4434976120.96.153.111192.168.2.4
                                                              Sep 1, 2024 21:19:05.352514029 CEST4434976413.107.246.40192.168.2.4
                                                              Sep 1, 2024 21:19:05.363086939 CEST49764443192.168.2.413.107.246.40
                                                              Sep 1, 2024 21:19:05.363095999 CEST4434976413.107.246.40192.168.2.4
                                                              Sep 1, 2024 21:19:05.364507914 CEST4434976313.107.246.40192.168.2.4
                                                              Sep 1, 2024 21:19:05.365228891 CEST4434976213.107.246.40192.168.2.4
                                                              Sep 1, 2024 21:19:05.365550041 CEST49762443192.168.2.413.107.246.40
                                                              Sep 1, 2024 21:19:05.365557909 CEST4434976213.107.246.40192.168.2.4
                                                              Sep 1, 2024 21:19:05.366592884 CEST4434976213.107.246.40192.168.2.4
                                                              Sep 1, 2024 21:19:05.366651058 CEST49762443192.168.2.413.107.246.40
                                                              Sep 1, 2024 21:19:05.367012978 CEST49762443192.168.2.413.107.246.40
                                                              Sep 1, 2024 21:19:05.367069960 CEST4434976213.107.246.40192.168.2.4
                                                              Sep 1, 2024 21:19:05.367146969 CEST49762443192.168.2.413.107.246.40
                                                              Sep 1, 2024 21:19:05.377926111 CEST49763443192.168.2.413.107.246.40
                                                              Sep 1, 2024 21:19:05.377935886 CEST4434976313.107.246.40192.168.2.4
                                                              Sep 1, 2024 21:19:05.377939939 CEST49761443192.168.2.420.96.153.111
                                                              Sep 1, 2024 21:19:05.377948999 CEST4434976120.96.153.111192.168.2.4
                                                              Sep 1, 2024 21:19:05.402367115 CEST4434976120.96.153.111192.168.2.4
                                                              Sep 1, 2024 21:19:05.402478933 CEST4434976120.96.153.111192.168.2.4
                                                              Sep 1, 2024 21:19:05.402827978 CEST49761443192.168.2.420.96.153.111
                                                              Sep 1, 2024 21:19:05.403570890 CEST49761443192.168.2.420.96.153.111
                                                              Sep 1, 2024 21:19:05.403582096 CEST4434976120.96.153.111192.168.2.4
                                                              Sep 1, 2024 21:19:05.406044006 CEST4434976413.107.246.40192.168.2.4
                                                              Sep 1, 2024 21:19:05.406052113 CEST4434976413.107.246.40192.168.2.4
                                                              Sep 1, 2024 21:19:05.406071901 CEST4434976413.107.246.40192.168.2.4
                                                              Sep 1, 2024 21:19:05.406080008 CEST4434976413.107.246.40192.168.2.4
                                                              Sep 1, 2024 21:19:05.406090975 CEST4434976413.107.246.40192.168.2.4
                                                              Sep 1, 2024 21:19:05.406116962 CEST49764443192.168.2.413.107.246.40
                                                              Sep 1, 2024 21:19:05.406126976 CEST4434976413.107.246.40192.168.2.4
                                                              Sep 1, 2024 21:19:05.406161070 CEST4434976413.107.246.40192.168.2.4
                                                              Sep 1, 2024 21:19:05.406162024 CEST49764443192.168.2.413.107.246.40
                                                              Sep 1, 2024 21:19:05.406198025 CEST49764443192.168.2.413.107.246.40
                                                              Sep 1, 2024 21:19:05.408504009 CEST4434976213.107.246.40192.168.2.4
                                                              Sep 1, 2024 21:19:05.418772936 CEST4434976313.107.246.40192.168.2.4
                                                              Sep 1, 2024 21:19:05.418782949 CEST4434976313.107.246.40192.168.2.4
                                                              Sep 1, 2024 21:19:05.418797970 CEST4434976313.107.246.40192.168.2.4
                                                              Sep 1, 2024 21:19:05.418803930 CEST4434976313.107.246.40192.168.2.4
                                                              Sep 1, 2024 21:19:05.418828011 CEST4434976313.107.246.40192.168.2.4
                                                              Sep 1, 2024 21:19:05.418880939 CEST4434976313.107.246.40192.168.2.4
                                                              Sep 1, 2024 21:19:05.419552088 CEST49763443192.168.2.413.107.246.40
                                                              Sep 1, 2024 21:19:05.421260118 CEST49763443192.168.2.413.107.246.40
                                                              Sep 1, 2024 21:19:05.421787024 CEST49763443192.168.2.413.107.246.40
                                                              Sep 1, 2024 21:19:05.421797991 CEST4434976313.107.246.40192.168.2.4
                                                              Sep 1, 2024 21:19:05.446043015 CEST44360381184.28.90.27192.168.2.4
                                                              Sep 1, 2024 21:19:05.446129084 CEST60381443192.168.2.4184.28.90.27
                                                              Sep 1, 2024 21:19:05.449325085 CEST60381443192.168.2.4184.28.90.27
                                                              Sep 1, 2024 21:19:05.449330091 CEST44360381184.28.90.27192.168.2.4
                                                              Sep 1, 2024 21:19:05.449670076 CEST44360381184.28.90.27192.168.2.4
                                                              Sep 1, 2024 21:19:05.467330933 CEST4434976213.107.246.40192.168.2.4
                                                              Sep 1, 2024 21:19:05.467349052 CEST4434976213.107.246.40192.168.2.4
                                                              Sep 1, 2024 21:19:05.467842102 CEST49762443192.168.2.413.107.246.40
                                                              Sep 1, 2024 21:19:05.467852116 CEST4434976213.107.246.40192.168.2.4
                                                              Sep 1, 2024 21:19:05.467890978 CEST4434976213.107.246.40192.168.2.4
                                                              Sep 1, 2024 21:19:05.469057083 CEST49762443192.168.2.413.107.246.40
                                                              Sep 1, 2024 21:19:05.470397949 CEST49764443192.168.2.413.107.246.40
                                                              Sep 1, 2024 21:19:05.487188101 CEST4434976413.107.246.40192.168.2.4
                                                              Sep 1, 2024 21:19:05.487196922 CEST4434976413.107.246.40192.168.2.4
                                                              Sep 1, 2024 21:19:05.487224102 CEST4434976413.107.246.40192.168.2.4
                                                              Sep 1, 2024 21:19:05.487234116 CEST4434976413.107.246.40192.168.2.4
                                                              Sep 1, 2024 21:19:05.487246990 CEST4434976413.107.246.40192.168.2.4
                                                              Sep 1, 2024 21:19:05.487252951 CEST4434976413.107.246.40192.168.2.4
                                                              Sep 1, 2024 21:19:05.487557888 CEST49764443192.168.2.413.107.246.40
                                                              Sep 1, 2024 21:19:05.488611937 CEST49764443192.168.2.413.107.246.40
                                                              Sep 1, 2024 21:19:05.489407063 CEST4434976413.107.246.40192.168.2.4
                                                              Sep 1, 2024 21:19:05.489414930 CEST4434976413.107.246.40192.168.2.4
                                                              Sep 1, 2024 21:19:05.489437103 CEST4434976413.107.246.40192.168.2.4
                                                              Sep 1, 2024 21:19:05.489444017 CEST4434976413.107.246.40192.168.2.4
                                                              Sep 1, 2024 21:19:05.489456892 CEST4434976413.107.246.40192.168.2.4
                                                              Sep 1, 2024 21:19:05.489463091 CEST4434976413.107.246.40192.168.2.4
                                                              Sep 1, 2024 21:19:05.489823103 CEST49764443192.168.2.413.107.246.40
                                                              Sep 1, 2024 21:19:05.490528107 CEST49764443192.168.2.413.107.246.40
                                                              Sep 1, 2024 21:19:05.490550041 CEST49764443192.168.2.413.107.246.40
                                                              Sep 1, 2024 21:19:05.552741051 CEST4434976213.107.246.40192.168.2.4
                                                              Sep 1, 2024 21:19:05.552750111 CEST4434976213.107.246.40192.168.2.4
                                                              Sep 1, 2024 21:19:05.552778959 CEST4434976213.107.246.40192.168.2.4
                                                              Sep 1, 2024 21:19:05.552791119 CEST4434976213.107.246.40192.168.2.4
                                                              Sep 1, 2024 21:19:05.553224087 CEST49762443192.168.2.413.107.246.40
                                                              Sep 1, 2024 21:19:05.553236008 CEST4434976213.107.246.40192.168.2.4
                                                              Sep 1, 2024 21:19:05.554157019 CEST49762443192.168.2.413.107.246.40
                                                              Sep 1, 2024 21:19:05.554606915 CEST4434976213.107.246.40192.168.2.4
                                                              Sep 1, 2024 21:19:05.554615021 CEST4434976213.107.246.40192.168.2.4
                                                              Sep 1, 2024 21:19:05.554639101 CEST4434976213.107.246.40192.168.2.4
                                                              Sep 1, 2024 21:19:05.554769993 CEST49762443192.168.2.413.107.246.40
                                                              Sep 1, 2024 21:19:05.554781914 CEST4434976213.107.246.40192.168.2.4
                                                              Sep 1, 2024 21:19:05.555782080 CEST49762443192.168.2.413.107.246.40
                                                              Sep 1, 2024 21:19:05.570027113 CEST4434976413.107.246.40192.168.2.4
                                                              Sep 1, 2024 21:19:05.570035934 CEST4434976413.107.246.40192.168.2.4
                                                              Sep 1, 2024 21:19:05.570065022 CEST4434976413.107.246.40192.168.2.4
                                                              Sep 1, 2024 21:19:05.570072889 CEST4434976413.107.246.40192.168.2.4
                                                              Sep 1, 2024 21:19:05.570352077 CEST4434976413.107.246.40192.168.2.4
                                                              Sep 1, 2024 21:19:05.570386887 CEST4434976413.107.246.40192.168.2.4
                                                              Sep 1, 2024 21:19:05.570435047 CEST4434976413.107.246.40192.168.2.4
                                                              Sep 1, 2024 21:19:05.579988956 CEST49764443192.168.2.413.107.246.40
                                                              Sep 1, 2024 21:19:05.586240053 CEST60381443192.168.2.4184.28.90.27
                                                              Sep 1, 2024 21:19:05.594958067 CEST49764443192.168.2.413.107.246.40
                                                              Sep 1, 2024 21:19:05.607928038 CEST49764443192.168.2.413.107.246.40
                                                              Sep 1, 2024 21:19:05.607950926 CEST4434976413.107.246.40192.168.2.4
                                                              Sep 1, 2024 21:19:05.632489920 CEST44360381184.28.90.27192.168.2.4
                                                              Sep 1, 2024 21:19:05.638849020 CEST4434976213.107.246.40192.168.2.4
                                                              Sep 1, 2024 21:19:05.638866901 CEST4434976213.107.246.40192.168.2.4
                                                              Sep 1, 2024 21:19:05.640248060 CEST4434976213.107.246.40192.168.2.4
                                                              Sep 1, 2024 21:19:05.640279055 CEST4434976213.107.246.40192.168.2.4
                                                              Sep 1, 2024 21:19:05.641099930 CEST4434976213.107.246.40192.168.2.4
                                                              Sep 1, 2024 21:19:05.643323898 CEST49762443192.168.2.413.107.246.40
                                                              Sep 1, 2024 21:19:05.643335104 CEST4434976213.107.246.40192.168.2.4
                                                              Sep 1, 2024 21:19:05.658298016 CEST49762443192.168.2.413.107.246.40
                                                              Sep 1, 2024 21:19:05.658307076 CEST4434976213.107.246.40192.168.2.4
                                                              Sep 1, 2024 21:19:05.658318043 CEST4434976213.107.246.40192.168.2.4
                                                              Sep 1, 2024 21:19:05.666745901 CEST49762443192.168.2.413.107.246.40
                                                              Sep 1, 2024 21:19:05.666750908 CEST4434976213.107.246.40192.168.2.4
                                                              Sep 1, 2024 21:19:05.666831017 CEST49762443192.168.2.413.107.246.40
                                                              Sep 1, 2024 21:19:05.666963100 CEST49762443192.168.2.413.107.246.40
                                                              Sep 1, 2024 21:19:05.666999102 CEST49762443192.168.2.413.107.246.40
                                                              Sep 1, 2024 21:19:05.667030096 CEST49762443192.168.2.413.107.246.40
                                                              Sep 1, 2024 21:19:05.725807905 CEST4434976213.107.246.40192.168.2.4
                                                              Sep 1, 2024 21:19:05.725824118 CEST4434976213.107.246.40192.168.2.4
                                                              Sep 1, 2024 21:19:05.726699114 CEST4434976213.107.246.40192.168.2.4
                                                              Sep 1, 2024 21:19:05.726728916 CEST4434976213.107.246.40192.168.2.4
                                                              Sep 1, 2024 21:19:05.727643967 CEST49762443192.168.2.413.107.246.40
                                                              Sep 1, 2024 21:19:05.727653980 CEST4434976213.107.246.40192.168.2.4
                                                              Sep 1, 2024 21:19:05.728183985 CEST49762443192.168.2.413.107.246.40
                                                              Sep 1, 2024 21:19:05.728329897 CEST4434976213.107.246.40192.168.2.4
                                                              Sep 1, 2024 21:19:05.728346109 CEST4434976213.107.246.40192.168.2.4
                                                              Sep 1, 2024 21:19:05.729136944 CEST49762443192.168.2.413.107.246.40
                                                              Sep 1, 2024 21:19:05.729144096 CEST4434976213.107.246.40192.168.2.4
                                                              Sep 1, 2024 21:19:05.729213953 CEST49762443192.168.2.413.107.246.40
                                                              Sep 1, 2024 21:19:05.729247093 CEST4434976213.107.246.40192.168.2.4
                                                              Sep 1, 2024 21:19:05.729260921 CEST4434976213.107.246.40192.168.2.4
                                                              Sep 1, 2024 21:19:05.729317904 CEST49762443192.168.2.413.107.246.40
                                                              Sep 1, 2024 21:19:05.729324102 CEST4434976213.107.246.40192.168.2.4
                                                              Sep 1, 2024 21:19:05.729379892 CEST49762443192.168.2.413.107.246.40
                                                              Sep 1, 2024 21:19:05.730803967 CEST4434976213.107.246.40192.168.2.4
                                                              Sep 1, 2024 21:19:05.730818033 CEST4434976213.107.246.40192.168.2.4
                                                              Sep 1, 2024 21:19:05.731764078 CEST4434976213.107.246.40192.168.2.4
                                                              Sep 1, 2024 21:19:05.731796026 CEST4434976213.107.246.40192.168.2.4
                                                              Sep 1, 2024 21:19:05.732713938 CEST4434976213.107.246.40192.168.2.4
                                                              Sep 1, 2024 21:19:05.732728958 CEST4434976213.107.246.40192.168.2.4
                                                              Sep 1, 2024 21:19:05.733025074 CEST49762443192.168.2.413.107.246.40
                                                              Sep 1, 2024 21:19:05.733333111 CEST49762443192.168.2.413.107.246.40
                                                              Sep 1, 2024 21:19:05.733336926 CEST4434976213.107.246.40192.168.2.4
                                                              Sep 1, 2024 21:19:05.733428955 CEST49762443192.168.2.413.107.246.40
                                                              Sep 1, 2024 21:19:05.733478069 CEST49762443192.168.2.413.107.246.40
                                                              Sep 1, 2024 21:19:05.760466099 CEST44360381184.28.90.27192.168.2.4
                                                              Sep 1, 2024 21:19:05.760519981 CEST44360381184.28.90.27192.168.2.4
                                                              Sep 1, 2024 21:19:05.761920929 CEST60381443192.168.2.4184.28.90.27
                                                              Sep 1, 2024 21:19:05.762346983 CEST60381443192.168.2.4184.28.90.27
                                                              Sep 1, 2024 21:19:05.762360096 CEST44360381184.28.90.27192.168.2.4
                                                              Sep 1, 2024 21:19:05.762370110 CEST60381443192.168.2.4184.28.90.27
                                                              Sep 1, 2024 21:19:05.762375116 CEST44360381184.28.90.27192.168.2.4
                                                              Sep 1, 2024 21:19:05.810112000 CEST60385443192.168.2.4184.28.90.27
                                                              Sep 1, 2024 21:19:05.810149908 CEST44360385184.28.90.27192.168.2.4
                                                              Sep 1, 2024 21:19:05.812279940 CEST4434976213.107.246.40192.168.2.4
                                                              Sep 1, 2024 21:19:05.812299013 CEST60385443192.168.2.4184.28.90.27
                                                              Sep 1, 2024 21:19:05.812300920 CEST4434976213.107.246.40192.168.2.4
                                                              Sep 1, 2024 21:19:05.813349009 CEST4434976213.107.246.40192.168.2.4
                                                              Sep 1, 2024 21:19:05.813364983 CEST4434976213.107.246.40192.168.2.4
                                                              Sep 1, 2024 21:19:05.814131021 CEST4434976213.107.246.40192.168.2.4
                                                              Sep 1, 2024 21:19:05.814165115 CEST4434976213.107.246.40192.168.2.4
                                                              Sep 1, 2024 21:19:05.815131903 CEST4434976213.107.246.40192.168.2.4
                                                              Sep 1, 2024 21:19:05.815146923 CEST4434976213.107.246.40192.168.2.4
                                                              Sep 1, 2024 21:19:05.815520048 CEST60385443192.168.2.4184.28.90.27
                                                              Sep 1, 2024 21:19:05.815532923 CEST44360385184.28.90.27192.168.2.4
                                                              Sep 1, 2024 21:19:05.815584898 CEST49762443192.168.2.413.107.246.40
                                                              Sep 1, 2024 21:19:05.815598965 CEST4434976213.107.246.40192.168.2.4
                                                              Sep 1, 2024 21:19:05.816004038 CEST4434976213.107.246.40192.168.2.4
                                                              Sep 1, 2024 21:19:05.816034079 CEST4434976213.107.246.40192.168.2.4
                                                              Sep 1, 2024 21:19:05.816078901 CEST4434976213.107.246.40192.168.2.4
                                                              Sep 1, 2024 21:19:05.816158056 CEST49762443192.168.2.413.107.246.40
                                                              Sep 1, 2024 21:19:05.819607019 CEST49762443192.168.2.413.107.246.40
                                                              Sep 1, 2024 21:19:05.821729898 CEST49762443192.168.2.413.107.246.40
                                                              Sep 1, 2024 21:19:05.827198029 CEST49762443192.168.2.413.107.246.40
                                                              Sep 1, 2024 21:19:05.830826044 CEST49762443192.168.2.413.107.246.40
                                                              Sep 1, 2024 21:19:05.831063986 CEST49762443192.168.2.413.107.246.40
                                                              Sep 1, 2024 21:19:05.831074953 CEST4434976213.107.246.40192.168.2.4
                                                              Sep 1, 2024 21:19:05.923170090 CEST60386443192.168.2.413.107.246.40
                                                              Sep 1, 2024 21:19:05.923187971 CEST4436038613.107.246.40192.168.2.4
                                                              Sep 1, 2024 21:19:05.923480034 CEST60387443192.168.2.413.107.246.40
                                                              Sep 1, 2024 21:19:05.923496962 CEST4436038713.107.246.40192.168.2.4
                                                              Sep 1, 2024 21:19:05.923830032 CEST60388443192.168.2.413.107.246.40
                                                              Sep 1, 2024 21:19:05.923835993 CEST4436038813.107.246.40192.168.2.4
                                                              Sep 1, 2024 21:19:05.924252987 CEST60389443192.168.2.413.107.246.40
                                                              Sep 1, 2024 21:19:05.924258947 CEST4436038913.107.246.40192.168.2.4
                                                              Sep 1, 2024 21:19:05.924526930 CEST60390443192.168.2.413.107.246.40
                                                              Sep 1, 2024 21:19:05.924531937 CEST4436039013.107.246.40192.168.2.4
                                                              Sep 1, 2024 21:19:05.924859047 CEST60391443192.168.2.413.107.246.40
                                                              Sep 1, 2024 21:19:05.924865007 CEST4436039113.107.246.40192.168.2.4
                                                              Sep 1, 2024 21:19:05.925700903 CEST60387443192.168.2.413.107.246.40
                                                              Sep 1, 2024 21:19:05.925700903 CEST60389443192.168.2.413.107.246.40
                                                              Sep 1, 2024 21:19:05.925700903 CEST60390443192.168.2.413.107.246.40
                                                              Sep 1, 2024 21:19:05.925704956 CEST60386443192.168.2.413.107.246.40
                                                              Sep 1, 2024 21:19:05.925704956 CEST60388443192.168.2.413.107.246.40
                                                              Sep 1, 2024 21:19:05.925705910 CEST60391443192.168.2.413.107.246.40
                                                              Sep 1, 2024 21:19:05.938328981 CEST60391443192.168.2.413.107.246.40
                                                              Sep 1, 2024 21:19:05.938342094 CEST4436039113.107.246.40192.168.2.4
                                                              Sep 1, 2024 21:19:05.938441038 CEST60390443192.168.2.413.107.246.40
                                                              Sep 1, 2024 21:19:05.938456059 CEST4436039013.107.246.40192.168.2.4
                                                              Sep 1, 2024 21:19:05.938550949 CEST60389443192.168.2.413.107.246.40
                                                              Sep 1, 2024 21:19:05.938561916 CEST4436038913.107.246.40192.168.2.4
                                                              Sep 1, 2024 21:19:05.938653946 CEST60388443192.168.2.413.107.246.40
                                                              Sep 1, 2024 21:19:05.938666105 CEST4436038813.107.246.40192.168.2.4
                                                              Sep 1, 2024 21:19:05.938743114 CEST60387443192.168.2.413.107.246.40
                                                              Sep 1, 2024 21:19:05.938754082 CEST4436038713.107.246.40192.168.2.4
                                                              Sep 1, 2024 21:19:05.939060926 CEST60386443192.168.2.413.107.246.40
                                                              Sep 1, 2024 21:19:05.939070940 CEST4436038613.107.246.40192.168.2.4
                                                              Sep 1, 2024 21:19:06.243071079 CEST6039280192.168.2.434.107.221.82
                                                              Sep 1, 2024 21:19:06.247951031 CEST806039234.107.221.82192.168.2.4
                                                              Sep 1, 2024 21:19:06.253842115 CEST6039280192.168.2.434.107.221.82
                                                              Sep 1, 2024 21:19:06.255985975 CEST60393443192.168.2.4142.251.40.206
                                                              Sep 1, 2024 21:19:06.256007910 CEST44360393142.251.40.206192.168.2.4
                                                              Sep 1, 2024 21:19:06.256093979 CEST60394443192.168.2.4142.251.40.206
                                                              Sep 1, 2024 21:19:06.256100893 CEST44360394142.251.40.206192.168.2.4
                                                              Sep 1, 2024 21:19:06.256251097 CEST6039280192.168.2.434.107.221.82
                                                              Sep 1, 2024 21:19:06.261049032 CEST806039234.107.221.82192.168.2.4
                                                              Sep 1, 2024 21:19:06.269202948 CEST60393443192.168.2.4142.251.40.206
                                                              Sep 1, 2024 21:19:06.269325972 CEST60394443192.168.2.4142.251.40.206
                                                              Sep 1, 2024 21:19:06.274189949 CEST60394443192.168.2.4142.251.40.206
                                                              Sep 1, 2024 21:19:06.274207115 CEST44360394142.251.40.206192.168.2.4
                                                              Sep 1, 2024 21:19:06.274363041 CEST60393443192.168.2.4142.251.40.206
                                                              Sep 1, 2024 21:19:06.274373055 CEST44360393142.251.40.206192.168.2.4
                                                              Sep 1, 2024 21:19:06.538952112 CEST44360385184.28.90.27192.168.2.4
                                                              Sep 1, 2024 21:19:06.548501968 CEST44360385184.28.90.27192.168.2.4
                                                              Sep 1, 2024 21:19:06.548815966 CEST60385443192.168.2.4184.28.90.27
                                                              Sep 1, 2024 21:19:06.688364983 CEST806039234.107.221.82192.168.2.4
                                                              Sep 1, 2024 21:19:06.715877056 CEST44360393142.251.40.206192.168.2.4
                                                              Sep 1, 2024 21:19:06.717103004 CEST4436038713.107.246.40192.168.2.4
                                                              Sep 1, 2024 21:19:06.721169949 CEST4436038613.107.246.40192.168.2.4
                                                              Sep 1, 2024 21:19:06.721417904 CEST4436038813.107.246.40192.168.2.4
                                                              Sep 1, 2024 21:19:06.726428986 CEST4436038913.107.246.40192.168.2.4
                                                              Sep 1, 2024 21:19:06.727451086 CEST4436039113.107.246.40192.168.2.4
                                                              Sep 1, 2024 21:19:06.729304075 CEST44360394142.251.40.206192.168.2.4
                                                              Sep 1, 2024 21:19:06.732146978 CEST4436039013.107.246.40192.168.2.4
                                                              Sep 1, 2024 21:19:06.768502951 CEST6039280192.168.2.434.107.221.82
                                                              Sep 1, 2024 21:19:06.768820047 CEST60393443192.168.2.4142.251.40.206
                                                              Sep 1, 2024 21:19:06.811415911 CEST60390443192.168.2.413.107.246.40
                                                              Sep 1, 2024 21:19:06.811425924 CEST4436039013.107.246.40192.168.2.4
                                                              Sep 1, 2024 21:19:06.811513901 CEST60394443192.168.2.4142.251.40.206
                                                              Sep 1, 2024 21:19:06.811527967 CEST44360394142.251.40.206192.168.2.4
                                                              Sep 1, 2024 21:19:06.811604023 CEST60391443192.168.2.413.107.246.40
                                                              Sep 1, 2024 21:19:06.811615944 CEST4436039113.107.246.40192.168.2.4
                                                              Sep 1, 2024 21:19:06.811692953 CEST60389443192.168.2.413.107.246.40
                                                              Sep 1, 2024 21:19:06.811700106 CEST4436038913.107.246.40192.168.2.4
                                                              Sep 1, 2024 21:19:06.811779976 CEST60388443192.168.2.413.107.246.40
                                                              Sep 1, 2024 21:19:06.811793089 CEST4436038813.107.246.40192.168.2.4
                                                              Sep 1, 2024 21:19:06.811866999 CEST60386443192.168.2.413.107.246.40
                                                              Sep 1, 2024 21:19:06.811872959 CEST4436038613.107.246.40192.168.2.4
                                                              Sep 1, 2024 21:19:06.811953068 CEST60387443192.168.2.413.107.246.40
                                                              Sep 1, 2024 21:19:06.811954021 CEST4436039013.107.246.40192.168.2.4
                                                              Sep 1, 2024 21:19:06.811959028 CEST4436038713.107.246.40192.168.2.4
                                                              Sep 1, 2024 21:19:06.811974049 CEST4436039113.107.246.40192.168.2.4
                                                              Sep 1, 2024 21:19:06.812043905 CEST60393443192.168.2.4142.251.40.206
                                                              Sep 1, 2024 21:19:06.812047005 CEST44360393142.251.40.206192.168.2.4
                                                              Sep 1, 2024 21:19:06.812386990 CEST44360394142.251.40.206192.168.2.4
                                                              Sep 1, 2024 21:19:06.812398911 CEST44360394142.251.40.206192.168.2.4
                                                              Sep 1, 2024 21:19:06.812422991 CEST44360393142.251.40.206192.168.2.4
                                                              Sep 1, 2024 21:19:06.812431097 CEST44360393142.251.40.206192.168.2.4
                                                              Sep 1, 2024 21:19:06.812835932 CEST4436038613.107.246.40192.168.2.4
                                                              Sep 1, 2024 21:19:06.812845945 CEST4436038613.107.246.40192.168.2.4
                                                              Sep 1, 2024 21:19:06.812944889 CEST4436038813.107.246.40192.168.2.4
                                                              Sep 1, 2024 21:19:06.812956095 CEST4436038813.107.246.40192.168.2.4
                                                              Sep 1, 2024 21:19:06.813059092 CEST44360393142.251.40.206192.168.2.4
                                                              Sep 1, 2024 21:19:06.813134909 CEST44360394142.251.40.206192.168.2.4
                                                              Sep 1, 2024 21:19:06.813230038 CEST4436038913.107.246.40192.168.2.4
                                                              Sep 1, 2024 21:19:06.813240051 CEST4436038913.107.246.40192.168.2.4
                                                              Sep 1, 2024 21:19:06.813250065 CEST4436038713.107.246.40192.168.2.4
                                                              Sep 1, 2024 21:19:06.813261986 CEST4436038713.107.246.40192.168.2.4
                                                              Sep 1, 2024 21:19:06.815895081 CEST60394443192.168.2.4142.251.40.206
                                                              Sep 1, 2024 21:19:06.815905094 CEST44360394142.251.40.206192.168.2.4
                                                              Sep 1, 2024 21:19:06.815932989 CEST60393443192.168.2.4142.251.40.206
                                                              Sep 1, 2024 21:19:06.815937996 CEST44360393142.251.40.206192.168.2.4
                                                              Sep 1, 2024 21:19:06.815979004 CEST60386443192.168.2.413.107.246.40
                                                              Sep 1, 2024 21:19:06.815979004 CEST60388443192.168.2.413.107.246.40
                                                              Sep 1, 2024 21:19:06.816065073 CEST60393443192.168.2.4142.251.40.206
                                                              Sep 1, 2024 21:19:06.816065073 CEST60394443192.168.2.4142.251.40.206
                                                              Sep 1, 2024 21:19:06.816127062 CEST60389443192.168.2.413.107.246.40
                                                              Sep 1, 2024 21:19:06.816127062 CEST60387443192.168.2.413.107.246.40
                                                              Sep 1, 2024 21:19:06.816687107 CEST60386443192.168.2.413.107.246.40
                                                              Sep 1, 2024 21:19:06.816740036 CEST4436038613.107.246.40192.168.2.4
                                                              Sep 1, 2024 21:19:06.818056107 CEST60391443192.168.2.413.107.246.40
                                                              Sep 1, 2024 21:19:06.818110943 CEST4436039113.107.246.40192.168.2.4
                                                              Sep 1, 2024 21:19:06.818300962 CEST60390443192.168.2.413.107.246.40
                                                              Sep 1, 2024 21:19:06.818372965 CEST4436039013.107.246.40192.168.2.4
                                                              Sep 1, 2024 21:19:06.818451881 CEST60393443192.168.2.4142.251.40.206
                                                              Sep 1, 2024 21:19:06.818506002 CEST44360393142.251.40.206192.168.2.4
                                                              Sep 1, 2024 21:19:06.818510056 CEST60394443192.168.2.4142.251.40.206
                                                              Sep 1, 2024 21:19:06.818574905 CEST44360394142.251.40.206192.168.2.4
                                                              Sep 1, 2024 21:19:06.819385052 CEST60385443192.168.2.4184.28.90.27
                                                              Sep 1, 2024 21:19:06.819395065 CEST44360385184.28.90.27192.168.2.4
                                                              Sep 1, 2024 21:19:06.819663048 CEST60389443192.168.2.413.107.246.40
                                                              Sep 1, 2024 21:19:06.819663048 CEST44360385184.28.90.27192.168.2.4
                                                              Sep 1, 2024 21:19:06.819777012 CEST4436038913.107.246.40192.168.2.4
                                                              Sep 1, 2024 21:19:06.819997072 CEST60388443192.168.2.413.107.246.40
                                                              Sep 1, 2024 21:19:06.820060968 CEST4436038813.107.246.40192.168.2.4
                                                              Sep 1, 2024 21:19:06.820322990 CEST60387443192.168.2.413.107.246.40
                                                              Sep 1, 2024 21:19:06.820391893 CEST4436038713.107.246.40192.168.2.4
                                                              Sep 1, 2024 21:19:06.820672035 CEST60386443192.168.2.413.107.246.40
                                                              Sep 1, 2024 21:19:06.820677042 CEST4436038613.107.246.40192.168.2.4
                                                              Sep 1, 2024 21:19:06.820713043 CEST60391443192.168.2.413.107.246.40
                                                              Sep 1, 2024 21:19:06.820745945 CEST60390443192.168.2.413.107.246.40
                                                              Sep 1, 2024 21:19:06.820796967 CEST60385443192.168.2.4184.28.90.27
                                                              Sep 1, 2024 21:19:06.820877075 CEST60393443192.168.2.4142.251.40.206
                                                              Sep 1, 2024 21:19:06.820884943 CEST44360393142.251.40.206192.168.2.4
                                                              Sep 1, 2024 21:19:06.821064949 CEST60394443192.168.2.4142.251.40.206
                                                              Sep 1, 2024 21:19:06.821070910 CEST44360394142.251.40.206192.168.2.4
                                                              Sep 1, 2024 21:19:06.821111917 CEST60389443192.168.2.413.107.246.40
                                                              Sep 1, 2024 21:19:06.821122885 CEST4436038913.107.246.40192.168.2.4
                                                              Sep 1, 2024 21:19:06.821166992 CEST60388443192.168.2.413.107.246.40
                                                              Sep 1, 2024 21:19:06.821208954 CEST60387443192.168.2.413.107.246.40
                                                              Sep 1, 2024 21:19:06.843414068 CEST6039580192.168.2.434.107.221.82
                                                              Sep 1, 2024 21:19:06.848273039 CEST806039534.107.221.82192.168.2.4
                                                              Sep 1, 2024 21:19:06.850354910 CEST6039580192.168.2.434.107.221.82
                                                              Sep 1, 2024 21:19:06.850580931 CEST6039580192.168.2.434.107.221.82
                                                              Sep 1, 2024 21:19:06.855727911 CEST806039534.107.221.82192.168.2.4
                                                              Sep 1, 2024 21:19:06.864500046 CEST4436039113.107.246.40192.168.2.4
                                                              Sep 1, 2024 21:19:06.864506960 CEST4436038713.107.246.40192.168.2.4
                                                              Sep 1, 2024 21:19:06.864507914 CEST4436038813.107.246.40192.168.2.4
                                                              Sep 1, 2024 21:19:06.864516973 CEST44360385184.28.90.27192.168.2.4
                                                              Sep 1, 2024 21:19:06.864526987 CEST4436039013.107.246.40192.168.2.4
                                                              Sep 1, 2024 21:19:06.865329981 CEST60387443192.168.2.413.107.246.40
                                                              Sep 1, 2024 21:19:06.865340948 CEST4436038713.107.246.40192.168.2.4
                                                              Sep 1, 2024 21:19:06.865354061 CEST60389443192.168.2.413.107.246.40
                                                              Sep 1, 2024 21:19:06.880888939 CEST60386443192.168.2.413.107.246.40
                                                              Sep 1, 2024 21:19:06.880904913 CEST60388443192.168.2.413.107.246.40
                                                              Sep 1, 2024 21:19:06.880908012 CEST60394443192.168.2.4142.251.40.206
                                                              Sep 1, 2024 21:19:06.880908012 CEST60393443192.168.2.4142.251.40.206
                                                              Sep 1, 2024 21:19:06.880911112 CEST4436038813.107.246.40192.168.2.4
                                                              Sep 1, 2024 21:19:06.912787914 CEST4436038713.107.246.40192.168.2.4
                                                              Sep 1, 2024 21:19:06.912867069 CEST4436038713.107.246.40192.168.2.4
                                                              Sep 1, 2024 21:19:06.913212061 CEST4436038613.107.246.40192.168.2.4
                                                              Sep 1, 2024 21:19:06.913227081 CEST4436038613.107.246.40192.168.2.4
                                                              Sep 1, 2024 21:19:06.913304090 CEST4436038613.107.246.40192.168.2.4
                                                              Sep 1, 2024 21:19:06.913840055 CEST4436038813.107.246.40192.168.2.4
                                                              Sep 1, 2024 21:19:06.913958073 CEST4436038813.107.246.40192.168.2.4
                                                              Sep 1, 2024 21:19:06.915153980 CEST60386443192.168.2.413.107.246.40
                                                              Sep 1, 2024 21:19:06.915153980 CEST60388443192.168.2.413.107.246.40
                                                              Sep 1, 2024 21:19:06.915158033 CEST60387443192.168.2.413.107.246.40
                                                              Sep 1, 2024 21:19:06.916992903 CEST4436038913.107.246.40192.168.2.4
                                                              Sep 1, 2024 21:19:06.917011023 CEST4436038913.107.246.40192.168.2.4
                                                              Sep 1, 2024 21:19:06.917169094 CEST4436039113.107.246.40192.168.2.4
                                                              Sep 1, 2024 21:19:06.917191029 CEST4436039113.107.246.40192.168.2.4
                                                              Sep 1, 2024 21:19:06.917213917 CEST4436038913.107.246.40192.168.2.4
                                                              Sep 1, 2024 21:19:06.917809963 CEST4436039113.107.246.40192.168.2.4
                                                              Sep 1, 2024 21:19:06.918462038 CEST4436039013.107.246.40192.168.2.4
                                                              Sep 1, 2024 21:19:06.918486118 CEST4436039013.107.246.40192.168.2.4
                                                              Sep 1, 2024 21:19:06.918525934 CEST4436039013.107.246.40192.168.2.4
                                                              Sep 1, 2024 21:19:06.923738003 CEST44360393142.251.40.206192.168.2.4
                                                              Sep 1, 2024 21:19:06.923856974 CEST44360393142.251.40.206192.168.2.4
                                                              Sep 1, 2024 21:19:06.925579071 CEST44360394142.251.40.206192.168.2.4
                                                              Sep 1, 2024 21:19:06.926049948 CEST44360394142.251.40.206192.168.2.4
                                                              Sep 1, 2024 21:19:06.930104017 CEST60389443192.168.2.413.107.246.40
                                                              Sep 1, 2024 21:19:06.930118084 CEST60391443192.168.2.413.107.246.40
                                                              Sep 1, 2024 21:19:06.941330910 CEST60390443192.168.2.413.107.246.40
                                                              Sep 1, 2024 21:19:06.941349983 CEST60393443192.168.2.4142.251.40.206
                                                              Sep 1, 2024 21:19:06.941349983 CEST60394443192.168.2.4142.251.40.206
                                                              Sep 1, 2024 21:19:06.979549885 CEST60394443192.168.2.4142.251.40.206
                                                              Sep 1, 2024 21:19:06.979561090 CEST44360394142.251.40.206192.168.2.4
                                                              Sep 1, 2024 21:19:06.980180025 CEST60393443192.168.2.4142.251.40.206
                                                              Sep 1, 2024 21:19:06.980184078 CEST44360393142.251.40.206192.168.2.4
                                                              Sep 1, 2024 21:19:06.994438887 CEST44360385184.28.90.27192.168.2.4
                                                              Sep 1, 2024 21:19:06.994534016 CEST44360385184.28.90.27192.168.2.4
                                                              Sep 1, 2024 21:19:06.999515057 CEST60390443192.168.2.413.107.246.40
                                                              Sep 1, 2024 21:19:06.999538898 CEST4436039013.107.246.40192.168.2.4
                                                              Sep 1, 2024 21:19:06.999759912 CEST60396443192.168.2.413.107.246.40
                                                              Sep 1, 2024 21:19:06.999775887 CEST4436039613.107.246.40192.168.2.4
                                                              Sep 1, 2024 21:19:07.001385927 CEST60391443192.168.2.413.107.246.40
                                                              Sep 1, 2024 21:19:07.001394987 CEST4436039113.107.246.40192.168.2.4
                                                              Sep 1, 2024 21:19:07.002109051 CEST60385443192.168.2.4184.28.90.27
                                                              Sep 1, 2024 21:19:07.004304886 CEST60396443192.168.2.413.107.246.40
                                                              Sep 1, 2024 21:19:07.005522013 CEST60396443192.168.2.413.107.246.40
                                                              Sep 1, 2024 21:19:07.005536079 CEST4436039613.107.246.40192.168.2.4
                                                              Sep 1, 2024 21:19:07.005963087 CEST60389443192.168.2.413.107.246.40
                                                              Sep 1, 2024 21:19:07.005970001 CEST4436038913.107.246.40192.168.2.4
                                                              Sep 1, 2024 21:19:07.008466005 CEST60388443192.168.2.413.107.246.40
                                                              Sep 1, 2024 21:19:07.008471966 CEST4436038813.107.246.40192.168.2.4
                                                              Sep 1, 2024 21:19:07.010817051 CEST60386443192.168.2.413.107.246.40
                                                              Sep 1, 2024 21:19:07.010822058 CEST4436038613.107.246.40192.168.2.4
                                                              Sep 1, 2024 21:19:07.012185097 CEST60387443192.168.2.413.107.246.40
                                                              Sep 1, 2024 21:19:07.012191057 CEST4436038713.107.246.40192.168.2.4
                                                              Sep 1, 2024 21:19:07.032197952 CEST60385443192.168.2.4184.28.90.27
                                                              Sep 1, 2024 21:19:07.032205105 CEST44360385184.28.90.27192.168.2.4
                                                              Sep 1, 2024 21:19:07.032234907 CEST60385443192.168.2.4184.28.90.27
                                                              Sep 1, 2024 21:19:07.032243967 CEST44360385184.28.90.27192.168.2.4
                                                              Sep 1, 2024 21:19:07.286382914 CEST60397443192.168.2.4142.251.40.206
                                                              Sep 1, 2024 21:19:07.286405087 CEST44360397142.251.40.206192.168.2.4
                                                              Sep 1, 2024 21:19:07.286566019 CEST60398443192.168.2.4142.251.40.206
                                                              Sep 1, 2024 21:19:07.286573887 CEST44360398142.251.40.206192.168.2.4
                                                              Sep 1, 2024 21:19:07.286595106 CEST60397443192.168.2.4142.251.40.206
                                                              Sep 1, 2024 21:19:07.286668062 CEST60398443192.168.2.4142.251.40.206
                                                              Sep 1, 2024 21:19:07.286799908 CEST60397443192.168.2.4142.251.40.206
                                                              Sep 1, 2024 21:19:07.286815882 CEST44360397142.251.40.206192.168.2.4
                                                              Sep 1, 2024 21:19:07.286906958 CEST60398443192.168.2.4142.251.40.206
                                                              Sep 1, 2024 21:19:07.286914110 CEST44360398142.251.40.206192.168.2.4
                                                              Sep 1, 2024 21:19:07.294820070 CEST806039534.107.221.82192.168.2.4
                                                              Sep 1, 2024 21:19:07.371088982 CEST6039580192.168.2.434.107.221.82
                                                              Sep 1, 2024 21:19:07.476507902 CEST60399443192.168.2.4142.251.40.228
                                                              Sep 1, 2024 21:19:07.476545095 CEST44360399142.251.40.228192.168.2.4
                                                              Sep 1, 2024 21:19:07.476604939 CEST60399443192.168.2.4142.251.40.228
                                                              Sep 1, 2024 21:19:07.476764917 CEST60399443192.168.2.4142.251.40.228
                                                              Sep 1, 2024 21:19:07.476778030 CEST44360399142.251.40.228192.168.2.4
                                                              Sep 1, 2024 21:19:07.639370918 CEST4436039613.107.246.40192.168.2.4
                                                              Sep 1, 2024 21:19:07.639626980 CEST60396443192.168.2.413.107.246.40
                                                              Sep 1, 2024 21:19:07.639645100 CEST4436039613.107.246.40192.168.2.4
                                                              Sep 1, 2024 21:19:07.639978886 CEST4436039613.107.246.40192.168.2.4
                                                              Sep 1, 2024 21:19:07.640330076 CEST60396443192.168.2.413.107.246.40
                                                              Sep 1, 2024 21:19:07.640391111 CEST4436039613.107.246.40192.168.2.4
                                                              Sep 1, 2024 21:19:07.640472889 CEST60396443192.168.2.413.107.246.40
                                                              Sep 1, 2024 21:19:07.680504084 CEST4436039613.107.246.40192.168.2.4
                                                              Sep 1, 2024 21:19:07.691520929 CEST60400443192.168.2.4142.250.81.234
                                                              Sep 1, 2024 21:19:07.691546917 CEST44360400142.250.81.234192.168.2.4
                                                              Sep 1, 2024 21:19:07.691612005 CEST60400443192.168.2.4142.250.81.234
                                                              Sep 1, 2024 21:19:07.691772938 CEST60400443192.168.2.4142.250.81.234
                                                              Sep 1, 2024 21:19:07.691783905 CEST44360400142.250.81.234192.168.2.4
                                                              Sep 1, 2024 21:19:07.742826939 CEST4436039613.107.246.40192.168.2.4
                                                              Sep 1, 2024 21:19:07.743396997 CEST4436039613.107.246.40192.168.2.4
                                                              Sep 1, 2024 21:19:07.744683981 CEST60396443192.168.2.413.107.246.40
                                                              Sep 1, 2024 21:19:07.745480061 CEST60396443192.168.2.413.107.246.40
                                                              Sep 1, 2024 21:19:07.745488882 CEST4436039613.107.246.40192.168.2.4
                                                              Sep 1, 2024 21:19:07.782227993 CEST44360398142.251.40.206192.168.2.4
                                                              Sep 1, 2024 21:19:07.782716990 CEST44360397142.251.40.206192.168.2.4
                                                              Sep 1, 2024 21:19:07.783263922 CEST60398443192.168.2.4142.251.40.206
                                                              Sep 1, 2024 21:19:07.783276081 CEST44360398142.251.40.206192.168.2.4
                                                              Sep 1, 2024 21:19:07.783358097 CEST60397443192.168.2.4142.251.40.206
                                                              Sep 1, 2024 21:19:07.783368111 CEST44360397142.251.40.206192.168.2.4
                                                              Sep 1, 2024 21:19:07.783627987 CEST44360398142.251.40.206192.168.2.4
                                                              Sep 1, 2024 21:19:07.783674002 CEST60398443192.168.2.4142.251.40.206
                                                              Sep 1, 2024 21:19:07.783739090 CEST44360397142.251.40.206192.168.2.4
                                                              Sep 1, 2024 21:19:07.784238100 CEST44360398142.251.40.206192.168.2.4
                                                              Sep 1, 2024 21:19:07.784451008 CEST44360397142.251.40.206192.168.2.4
                                                              Sep 1, 2024 21:19:07.785584927 CEST60397443192.168.2.4142.251.40.206
                                                              Sep 1, 2024 21:19:07.785592079 CEST44360397142.251.40.206192.168.2.4
                                                              Sep 1, 2024 21:19:07.785621881 CEST60398443192.168.2.4142.251.40.206
                                                              Sep 1, 2024 21:19:07.785701990 CEST60398443192.168.2.4142.251.40.206
                                                              Sep 1, 2024 21:19:07.785748005 CEST44360398142.251.40.206192.168.2.4
                                                              Sep 1, 2024 21:19:07.785953999 CEST60397443192.168.2.4142.251.40.206
                                                              Sep 1, 2024 21:19:07.786017895 CEST44360397142.251.40.206192.168.2.4
                                                              Sep 1, 2024 21:19:07.886697054 CEST60398443192.168.2.4142.251.40.206
                                                              Sep 1, 2024 21:19:07.886708021 CEST44360398142.251.40.206192.168.2.4
                                                              Sep 1, 2024 21:19:07.886735916 CEST60397443192.168.2.4142.251.40.206
                                                              Sep 1, 2024 21:19:07.886744022 CEST44360397142.251.40.206192.168.2.4
                                                              Sep 1, 2024 21:19:07.942576885 CEST44360399142.251.40.228192.168.2.4
                                                              Sep 1, 2024 21:19:07.942835093 CEST60399443192.168.2.4142.251.40.228
                                                              Sep 1, 2024 21:19:07.942852974 CEST44360399142.251.40.228192.168.2.4
                                                              Sep 1, 2024 21:19:07.943815947 CEST44360399142.251.40.228192.168.2.4
                                                              Sep 1, 2024 21:19:07.943871975 CEST60399443192.168.2.4142.251.40.228
                                                              Sep 1, 2024 21:19:07.944873095 CEST60399443192.168.2.4142.251.40.228
                                                              Sep 1, 2024 21:19:07.944956064 CEST44360399142.251.40.228192.168.2.4
                                                              Sep 1, 2024 21:19:07.945048094 CEST60399443192.168.2.4142.251.40.228
                                                              Sep 1, 2024 21:19:07.945055008 CEST44360399142.251.40.228192.168.2.4
                                                              Sep 1, 2024 21:19:07.987004995 CEST60399443192.168.2.4142.251.40.228
                                                              Sep 1, 2024 21:19:08.065135002 CEST60398443192.168.2.4142.251.40.206
                                                              Sep 1, 2024 21:19:08.065217018 CEST60397443192.168.2.4142.251.40.206
                                                              Sep 1, 2024 21:19:08.083228111 CEST44360399142.251.40.228192.168.2.4
                                                              Sep 1, 2024 21:19:08.083336115 CEST44360399142.251.40.228192.168.2.4
                                                              Sep 1, 2024 21:19:08.083369017 CEST44360399142.251.40.228192.168.2.4
                                                              Sep 1, 2024 21:19:08.083399057 CEST44360399142.251.40.228192.168.2.4
                                                              Sep 1, 2024 21:19:08.083543062 CEST60399443192.168.2.4142.251.40.228
                                                              Sep 1, 2024 21:19:08.083561897 CEST44360399142.251.40.228192.168.2.4
                                                              Sep 1, 2024 21:19:08.083861113 CEST44360399142.251.40.228192.168.2.4
                                                              Sep 1, 2024 21:19:08.084510088 CEST60399443192.168.2.4142.251.40.228
                                                              Sep 1, 2024 21:19:08.084518909 CEST44360399142.251.40.228192.168.2.4
                                                              Sep 1, 2024 21:19:08.087191105 CEST60399443192.168.2.4142.251.40.228
                                                              Sep 1, 2024 21:19:08.087209940 CEST60399443192.168.2.4142.251.40.228
                                                              Sep 1, 2024 21:19:08.194753885 CEST44360400142.250.81.234192.168.2.4
                                                              Sep 1, 2024 21:19:08.195149899 CEST60400443192.168.2.4142.250.81.234
                                                              Sep 1, 2024 21:19:08.195166111 CEST44360400142.250.81.234192.168.2.4
                                                              Sep 1, 2024 21:19:08.196120977 CEST44360400142.250.81.234192.168.2.4
                                                              Sep 1, 2024 21:19:08.196224928 CEST60400443192.168.2.4142.250.81.234
                                                              Sep 1, 2024 21:19:08.197444916 CEST60400443192.168.2.4142.250.81.234
                                                              Sep 1, 2024 21:19:08.197506905 CEST44360400142.250.81.234192.168.2.4
                                                              Sep 1, 2024 21:19:08.197753906 CEST60400443192.168.2.4142.250.81.234
                                                              Sep 1, 2024 21:19:08.240509033 CEST44360400142.250.81.234192.168.2.4
                                                              Sep 1, 2024 21:19:08.265722036 CEST60400443192.168.2.4142.250.81.234
                                                              Sep 1, 2024 21:19:08.265737057 CEST44360400142.250.81.234192.168.2.4
                                                              Sep 1, 2024 21:19:08.338570118 CEST44360400142.250.81.234192.168.2.4
                                                              Sep 1, 2024 21:19:08.338634014 CEST60400443192.168.2.4142.250.81.234
                                                              Sep 1, 2024 21:19:08.339291096 CEST60400443192.168.2.4142.250.81.234
                                                              Sep 1, 2024 21:19:08.339306116 CEST44360400142.250.81.234192.168.2.4
                                                              Sep 1, 2024 21:19:12.398318052 CEST60401443192.168.2.452.165.165.26
                                                              Sep 1, 2024 21:19:12.398356915 CEST4436040152.165.165.26192.168.2.4
                                                              Sep 1, 2024 21:19:12.398919106 CEST60401443192.168.2.452.165.165.26
                                                              Sep 1, 2024 21:19:12.400147915 CEST60401443192.168.2.452.165.165.26
                                                              Sep 1, 2024 21:19:12.400161028 CEST4436040152.165.165.26192.168.2.4
                                                              Sep 1, 2024 21:19:13.077734947 CEST4436040152.165.165.26192.168.2.4
                                                              Sep 1, 2024 21:19:13.077812910 CEST60401443192.168.2.452.165.165.26
                                                              Sep 1, 2024 21:19:13.080091000 CEST60401443192.168.2.452.165.165.26
                                                              Sep 1, 2024 21:19:13.080097914 CEST4436040152.165.165.26192.168.2.4
                                                              Sep 1, 2024 21:19:13.080308914 CEST4436040152.165.165.26192.168.2.4
                                                              Sep 1, 2024 21:19:13.121877909 CEST60401443192.168.2.452.165.165.26
                                                              Sep 1, 2024 21:19:14.146748066 CEST60401443192.168.2.452.165.165.26
                                                              Sep 1, 2024 21:19:14.192507029 CEST4436040152.165.165.26192.168.2.4
                                                              Sep 1, 2024 21:19:14.371129036 CEST4436040152.165.165.26192.168.2.4
                                                              Sep 1, 2024 21:19:14.371151924 CEST4436040152.165.165.26192.168.2.4
                                                              Sep 1, 2024 21:19:14.371157885 CEST4436040152.165.165.26192.168.2.4
                                                              Sep 1, 2024 21:19:14.371170044 CEST4436040152.165.165.26192.168.2.4
                                                              Sep 1, 2024 21:19:14.371201992 CEST4436040152.165.165.26192.168.2.4
                                                              Sep 1, 2024 21:19:14.371237993 CEST60401443192.168.2.452.165.165.26
                                                              Sep 1, 2024 21:19:14.371263027 CEST4436040152.165.165.26192.168.2.4
                                                              Sep 1, 2024 21:19:14.371431112 CEST60401443192.168.2.452.165.165.26
                                                              Sep 1, 2024 21:19:14.375804901 CEST4436040152.165.165.26192.168.2.4
                                                              Sep 1, 2024 21:19:14.375979900 CEST60401443192.168.2.452.165.165.26
                                                              Sep 1, 2024 21:19:14.375986099 CEST4436040152.165.165.26192.168.2.4
                                                              Sep 1, 2024 21:19:14.376130104 CEST4436040152.165.165.26192.168.2.4
                                                              Sep 1, 2024 21:19:14.378833055 CEST60401443192.168.2.452.165.165.26
                                                              Sep 1, 2024 21:19:15.468607903 CEST60401443192.168.2.452.165.165.26
                                                              Sep 1, 2024 21:19:15.468652964 CEST4436040152.165.165.26192.168.2.4
                                                              Sep 1, 2024 21:19:15.468669891 CEST60401443192.168.2.452.165.165.26
                                                              Sep 1, 2024 21:19:15.468676090 CEST4436040152.165.165.26192.168.2.4
                                                              Sep 1, 2024 21:19:16.704539061 CEST6039280192.168.2.434.107.221.82
                                                              Sep 1, 2024 21:19:16.710059881 CEST806039234.107.221.82192.168.2.4
                                                              Sep 1, 2024 21:19:17.295171976 CEST6039580192.168.2.434.107.221.82
                                                              Sep 1, 2024 21:19:17.300038099 CEST806039534.107.221.82192.168.2.4
                                                              Sep 1, 2024 21:19:18.450342894 CEST4972380192.168.2.493.184.221.240
                                                              Sep 1, 2024 21:19:18.455509901 CEST804972393.184.221.240192.168.2.4
                                                              Sep 1, 2024 21:19:18.455677032 CEST4972380192.168.2.493.184.221.240
                                                              Sep 1, 2024 21:19:19.269423962 CEST60407443192.168.2.4152.195.19.97
                                                              Sep 1, 2024 21:19:19.269460917 CEST44360407152.195.19.97192.168.2.4
                                                              Sep 1, 2024 21:19:19.269532919 CEST60407443192.168.2.4152.195.19.97
                                                              Sep 1, 2024 21:19:19.269714117 CEST60407443192.168.2.4152.195.19.97
                                                              Sep 1, 2024 21:19:19.269727945 CEST44360407152.195.19.97192.168.2.4
                                                              Sep 1, 2024 21:19:19.879430056 CEST44349760172.64.41.3192.168.2.4
                                                              Sep 1, 2024 21:19:19.879432917 CEST44349759172.64.41.3192.168.2.4
                                                              Sep 1, 2024 21:19:19.879511118 CEST44349760172.64.41.3192.168.2.4
                                                              Sep 1, 2024 21:19:19.879641056 CEST49760443192.168.2.4172.64.41.3
                                                              Sep 1, 2024 21:19:19.879703045 CEST44349759172.64.41.3192.168.2.4
                                                              Sep 1, 2024 21:19:19.879751921 CEST49759443192.168.2.4172.64.41.3
                                                              Sep 1, 2024 21:19:19.976850033 CEST44360407152.195.19.97192.168.2.4
                                                              Sep 1, 2024 21:19:19.977113008 CEST60407443192.168.2.4152.195.19.97
                                                              Sep 1, 2024 21:19:19.977129936 CEST44360407152.195.19.97192.168.2.4
                                                              Sep 1, 2024 21:19:19.977979898 CEST44360407152.195.19.97192.168.2.4
                                                              Sep 1, 2024 21:19:19.978030920 CEST60407443192.168.2.4152.195.19.97
                                                              Sep 1, 2024 21:19:19.979039907 CEST60407443192.168.2.4152.195.19.97
                                                              Sep 1, 2024 21:19:19.979090929 CEST44360407152.195.19.97192.168.2.4
                                                              Sep 1, 2024 21:19:19.979193926 CEST60407443192.168.2.4152.195.19.97
                                                              Sep 1, 2024 21:19:19.979199886 CEST44360407152.195.19.97192.168.2.4
                                                              Sep 1, 2024 21:19:20.029920101 CEST60407443192.168.2.4152.195.19.97
                                                              Sep 1, 2024 21:19:20.071844101 CEST44360407152.195.19.97192.168.2.4
                                                              Sep 1, 2024 21:19:20.072474957 CEST44360407152.195.19.97192.168.2.4
                                                              Sep 1, 2024 21:19:20.072487116 CEST44360407152.195.19.97192.168.2.4
                                                              Sep 1, 2024 21:19:20.072500944 CEST44360407152.195.19.97192.168.2.4
                                                              Sep 1, 2024 21:19:20.072537899 CEST44360407152.195.19.97192.168.2.4
                                                              Sep 1, 2024 21:19:20.072756052 CEST60407443192.168.2.4152.195.19.97
                                                              Sep 1, 2024 21:19:20.072947025 CEST60407443192.168.2.4152.195.19.97
                                                              Sep 1, 2024 21:19:20.072958946 CEST44360407152.195.19.97192.168.2.4
                                                              Sep 1, 2024 21:19:20.310838938 CEST49759443192.168.2.4172.64.41.3
                                                              Sep 1, 2024 21:19:20.310867071 CEST44349759172.64.41.3192.168.2.4
                                                              Sep 1, 2024 21:19:20.310874939 CEST49760443192.168.2.4172.64.41.3
                                                              Sep 1, 2024 21:19:20.310899019 CEST44349760172.64.41.3192.168.2.4
                                                              Sep 1, 2024 21:19:20.313404083 CEST60408443192.168.2.4172.64.41.3
                                                              Sep 1, 2024 21:19:20.313430071 CEST44360408172.64.41.3192.168.2.4
                                                              Sep 1, 2024 21:19:20.313549042 CEST60409443192.168.2.4172.64.41.3
                                                              Sep 1, 2024 21:19:20.313581944 CEST44360409172.64.41.3192.168.2.4
                                                              Sep 1, 2024 21:19:20.314337015 CEST60409443192.168.2.4172.64.41.3
                                                              Sep 1, 2024 21:19:20.314340115 CEST60408443192.168.2.4172.64.41.3
                                                              Sep 1, 2024 21:19:20.314637899 CEST60408443192.168.2.4172.64.41.3
                                                              Sep 1, 2024 21:19:20.314637899 CEST60409443192.168.2.4172.64.41.3
                                                              Sep 1, 2024 21:19:20.314650059 CEST44360408172.64.41.3192.168.2.4
                                                              Sep 1, 2024 21:19:20.314650059 CEST44360409172.64.41.3192.168.2.4
                                                              Sep 1, 2024 21:19:20.765907049 CEST44360409172.64.41.3192.168.2.4
                                                              Sep 1, 2024 21:19:20.771624088 CEST44360408172.64.41.3192.168.2.4
                                                              Sep 1, 2024 21:19:20.778923988 CEST60409443192.168.2.4172.64.41.3
                                                              Sep 1, 2024 21:19:20.778942108 CEST44360409172.64.41.3192.168.2.4
                                                              Sep 1, 2024 21:19:20.779237032 CEST44360409172.64.41.3192.168.2.4
                                                              Sep 1, 2024 21:19:20.797894001 CEST60409443192.168.2.4172.64.41.3
                                                              Sep 1, 2024 21:19:20.797961950 CEST44360409172.64.41.3192.168.2.4
                                                              Sep 1, 2024 21:19:20.798091888 CEST60408443192.168.2.4172.64.41.3
                                                              Sep 1, 2024 21:19:20.798109055 CEST44360408172.64.41.3192.168.2.4
                                                              Sep 1, 2024 21:19:20.798518896 CEST44360408172.64.41.3192.168.2.4
                                                              Sep 1, 2024 21:19:20.810702085 CEST60408443192.168.2.4172.64.41.3
                                                              Sep 1, 2024 21:19:20.810771942 CEST44360408172.64.41.3192.168.2.4
                                                              Sep 1, 2024 21:19:20.852164984 CEST60409443192.168.2.4172.64.41.3
                                                              Sep 1, 2024 21:19:20.854181051 CEST60408443192.168.2.4172.64.41.3
                                                              Sep 1, 2024 21:19:26.714242935 CEST6039280192.168.2.434.107.221.82
                                                              Sep 1, 2024 21:19:26.719140053 CEST806039234.107.221.82192.168.2.4
                                                              Sep 1, 2024 21:19:27.319868088 CEST6039580192.168.2.434.107.221.82
                                                              Sep 1, 2024 21:19:27.334897041 CEST806039534.107.221.82192.168.2.4
                                                              Sep 1, 2024 21:19:32.202816010 CEST60412443192.168.2.435.244.181.201
                                                              Sep 1, 2024 21:19:32.202841997 CEST4436041235.244.181.201192.168.2.4
                                                              Sep 1, 2024 21:19:32.203830957 CEST60413443192.168.2.435.190.72.216
                                                              Sep 1, 2024 21:19:32.203836918 CEST4436041335.190.72.216192.168.2.4
                                                              Sep 1, 2024 21:19:32.204406023 CEST60412443192.168.2.435.244.181.201
                                                              Sep 1, 2024 21:19:32.204499960 CEST60413443192.168.2.435.190.72.216
                                                              Sep 1, 2024 21:19:32.204567909 CEST60412443192.168.2.435.244.181.201
                                                              Sep 1, 2024 21:19:32.204581022 CEST4436041235.244.181.201192.168.2.4
                                                              Sep 1, 2024 21:19:32.206053972 CEST60413443192.168.2.435.190.72.216
                                                              Sep 1, 2024 21:19:32.206065893 CEST4436041335.190.72.216192.168.2.4
                                                              Sep 1, 2024 21:19:32.211208105 CEST60414443192.168.2.434.149.100.209
                                                              Sep 1, 2024 21:19:32.211215019 CEST4436041434.149.100.209192.168.2.4
                                                              Sep 1, 2024 21:19:32.211303949 CEST60414443192.168.2.434.149.100.209
                                                              Sep 1, 2024 21:19:32.211440086 CEST60414443192.168.2.434.149.100.209
                                                              Sep 1, 2024 21:19:32.211448908 CEST4436041434.149.100.209192.168.2.4
                                                              Sep 1, 2024 21:19:32.272242069 CEST60415443192.168.2.452.222.236.80
                                                              Sep 1, 2024 21:19:32.272289038 CEST4436041552.222.236.80192.168.2.4
                                                              Sep 1, 2024 21:19:32.272434950 CEST60415443192.168.2.452.222.236.80
                                                              Sep 1, 2024 21:19:32.272550106 CEST60415443192.168.2.452.222.236.80
                                                              Sep 1, 2024 21:19:32.272562027 CEST4436041552.222.236.80192.168.2.4
                                                              Sep 1, 2024 21:19:32.652357101 CEST4436041235.244.181.201192.168.2.4
                                                              Sep 1, 2024 21:19:32.652426958 CEST60412443192.168.2.435.244.181.201
                                                              Sep 1, 2024 21:19:32.655761957 CEST60412443192.168.2.435.244.181.201
                                                              Sep 1, 2024 21:19:32.655767918 CEST4436041235.244.181.201192.168.2.4
                                                              Sep 1, 2024 21:19:32.655994892 CEST4436041235.244.181.201192.168.2.4
                                                              Sep 1, 2024 21:19:32.658587933 CEST60412443192.168.2.435.244.181.201
                                                              Sep 1, 2024 21:19:32.658693075 CEST60412443192.168.2.435.244.181.201
                                                              Sep 1, 2024 21:19:32.658735991 CEST4436041235.244.181.201192.168.2.4
                                                              Sep 1, 2024 21:19:32.658840895 CEST60412443192.168.2.435.244.181.201
                                                              Sep 1, 2024 21:19:32.660008907 CEST6039580192.168.2.434.107.221.82
                                                              Sep 1, 2024 21:19:32.660041094 CEST6039280192.168.2.434.107.221.82
                                                              Sep 1, 2024 21:19:32.664558887 CEST6041680192.168.2.434.107.221.82
                                                              Sep 1, 2024 21:19:32.667871952 CEST806039534.107.221.82192.168.2.4
                                                              Sep 1, 2024 21:19:32.667884111 CEST806039234.107.221.82192.168.2.4
                                                              Sep 1, 2024 21:19:32.667918921 CEST6039580192.168.2.434.107.221.82
                                                              Sep 1, 2024 21:19:32.667932034 CEST6039280192.168.2.434.107.221.82
                                                              Sep 1, 2024 21:19:32.668068886 CEST4436041434.149.100.209192.168.2.4
                                                              Sep 1, 2024 21:19:32.668134928 CEST60414443192.168.2.434.149.100.209
                                                              Sep 1, 2024 21:19:32.671242952 CEST60414443192.168.2.434.149.100.209
                                                              Sep 1, 2024 21:19:32.671247005 CEST4436041434.149.100.209192.168.2.4
                                                              Sep 1, 2024 21:19:32.671477079 CEST4436041434.149.100.209192.168.2.4
                                                              Sep 1, 2024 21:19:32.672665119 CEST806041634.107.221.82192.168.2.4
                                                              Sep 1, 2024 21:19:32.672741890 CEST6041680192.168.2.434.107.221.82
                                                              Sep 1, 2024 21:19:32.672940016 CEST6041680192.168.2.434.107.221.82
                                                              Sep 1, 2024 21:19:32.674160957 CEST60414443192.168.2.434.149.100.209
                                                              Sep 1, 2024 21:19:32.674247026 CEST60414443192.168.2.434.149.100.209
                                                              Sep 1, 2024 21:19:32.674300909 CEST4436041434.149.100.209192.168.2.4
                                                              Sep 1, 2024 21:19:32.674367905 CEST60414443192.168.2.434.149.100.209
                                                              Sep 1, 2024 21:19:32.681849003 CEST806041634.107.221.82192.168.2.4
                                                              Sep 1, 2024 21:19:32.683307886 CEST4436041335.190.72.216192.168.2.4
                                                              Sep 1, 2024 21:19:32.683378935 CEST60413443192.168.2.435.190.72.216
                                                              Sep 1, 2024 21:19:32.688102007 CEST60413443192.168.2.435.190.72.216
                                                              Sep 1, 2024 21:19:32.688106060 CEST4436041335.190.72.216192.168.2.4
                                                              Sep 1, 2024 21:19:32.688190937 CEST60413443192.168.2.435.190.72.216
                                                              Sep 1, 2024 21:19:32.688263893 CEST4436041335.190.72.216192.168.2.4
                                                              Sep 1, 2024 21:19:32.688366890 CEST60413443192.168.2.435.190.72.216
                                                              Sep 1, 2024 21:19:32.996323109 CEST4436041552.222.236.80192.168.2.4
                                                              Sep 1, 2024 21:19:32.996423006 CEST60415443192.168.2.452.222.236.80
                                                              Sep 1, 2024 21:19:32.999468088 CEST60415443192.168.2.452.222.236.80
                                                              Sep 1, 2024 21:19:32.999475956 CEST4436041552.222.236.80192.168.2.4
                                                              Sep 1, 2024 21:19:32.999676943 CEST4436041552.222.236.80192.168.2.4
                                                              Sep 1, 2024 21:19:33.001883030 CEST60415443192.168.2.452.222.236.80
                                                              Sep 1, 2024 21:19:33.002008915 CEST4436041552.222.236.80192.168.2.4
                                                              Sep 1, 2024 21:19:33.002033949 CEST60415443192.168.2.452.222.236.80
                                                              Sep 1, 2024 21:19:33.002042055 CEST4436041552.222.236.80192.168.2.4
                                                              Sep 1, 2024 21:19:33.010416985 CEST60417443192.168.2.435.244.181.201
                                                              Sep 1, 2024 21:19:33.010457993 CEST4436041735.244.181.201192.168.2.4
                                                              Sep 1, 2024 21:19:33.010799885 CEST60417443192.168.2.435.244.181.201
                                                              Sep 1, 2024 21:19:33.010888100 CEST60417443192.168.2.435.244.181.201
                                                              Sep 1, 2024 21:19:33.010895967 CEST4436041735.244.181.201192.168.2.4
                                                              Sep 1, 2024 21:19:33.022568941 CEST60418443192.168.2.435.244.181.201
                                                              Sep 1, 2024 21:19:33.022577047 CEST4436041835.244.181.201192.168.2.4
                                                              Sep 1, 2024 21:19:33.022639036 CEST60418443192.168.2.435.244.181.201
                                                              Sep 1, 2024 21:19:33.022707939 CEST60419443192.168.2.435.244.181.201
                                                              Sep 1, 2024 21:19:33.022723913 CEST4436041935.244.181.201192.168.2.4
                                                              Sep 1, 2024 21:19:33.022784948 CEST60418443192.168.2.435.244.181.201
                                                              Sep 1, 2024 21:19:33.022794962 CEST4436041835.244.181.201192.168.2.4
                                                              Sep 1, 2024 21:19:33.022955894 CEST60419443192.168.2.435.244.181.201
                                                              Sep 1, 2024 21:19:33.023350954 CEST60419443192.168.2.435.244.181.201
                                                              Sep 1, 2024 21:19:33.023360968 CEST4436041935.244.181.201192.168.2.4
                                                              Sep 1, 2024 21:19:33.116806984 CEST806041634.107.221.82192.168.2.4
                                                              Sep 1, 2024 21:19:33.119497061 CEST6042080192.168.2.434.107.221.82
                                                              Sep 1, 2024 21:19:33.124317884 CEST806042034.107.221.82192.168.2.4
                                                              Sep 1, 2024 21:19:33.124502897 CEST6042080192.168.2.434.107.221.82
                                                              Sep 1, 2024 21:19:33.124619961 CEST6042080192.168.2.434.107.221.82
                                                              Sep 1, 2024 21:19:33.129846096 CEST806042034.107.221.82192.168.2.4
                                                              Sep 1, 2024 21:19:33.161217928 CEST6041680192.168.2.434.107.221.82
                                                              Sep 1, 2024 21:19:33.212498903 CEST4436041552.222.236.80192.168.2.4
                                                              Sep 1, 2024 21:19:33.212965012 CEST60415443192.168.2.452.222.236.80
                                                              Sep 1, 2024 21:19:33.456393957 CEST4436041735.244.181.201192.168.2.4
                                                              Sep 1, 2024 21:19:33.456458092 CEST60417443192.168.2.435.244.181.201
                                                              Sep 1, 2024 21:19:33.459146976 CEST60417443192.168.2.435.244.181.201
                                                              Sep 1, 2024 21:19:33.459155083 CEST4436041735.244.181.201192.168.2.4
                                                              Sep 1, 2024 21:19:33.459383011 CEST4436041735.244.181.201192.168.2.4
                                                              Sep 1, 2024 21:19:33.460227966 CEST4436041835.244.181.201192.168.2.4
                                                              Sep 1, 2024 21:19:33.460329056 CEST60418443192.168.2.435.244.181.201
                                                              Sep 1, 2024 21:19:33.460772991 CEST4436041935.244.181.201192.168.2.4
                                                              Sep 1, 2024 21:19:33.462649107 CEST60418443192.168.2.435.244.181.201
                                                              Sep 1, 2024 21:19:33.462654114 CEST4436041835.244.181.201192.168.2.4
                                                              Sep 1, 2024 21:19:33.462815046 CEST60419443192.168.2.435.244.181.201
                                                              Sep 1, 2024 21:19:33.462871075 CEST4436041835.244.181.201192.168.2.4
                                                              Sep 1, 2024 21:19:33.465346098 CEST60419443192.168.2.435.244.181.201
                                                              Sep 1, 2024 21:19:33.465352058 CEST4436041935.244.181.201192.168.2.4
                                                              Sep 1, 2024 21:19:33.465569019 CEST4436041935.244.181.201192.168.2.4
                                                              Sep 1, 2024 21:19:33.467051029 CEST60417443192.168.2.435.244.181.201
                                                              Sep 1, 2024 21:19:33.467212915 CEST4436041735.244.181.201192.168.2.4
                                                              Sep 1, 2024 21:19:33.467231035 CEST60417443192.168.2.435.244.181.201
                                                              Sep 1, 2024 21:19:33.467236042 CEST4436041735.244.181.201192.168.2.4
                                                              Sep 1, 2024 21:19:33.469718933 CEST60418443192.168.2.435.244.181.201
                                                              Sep 1, 2024 21:19:33.469775915 CEST60418443192.168.2.435.244.181.201
                                                              Sep 1, 2024 21:19:33.469871998 CEST4436041835.244.181.201192.168.2.4
                                                              Sep 1, 2024 21:19:33.470233917 CEST60419443192.168.2.435.244.181.201
                                                              Sep 1, 2024 21:19:33.470282078 CEST60419443192.168.2.435.244.181.201
                                                              Sep 1, 2024 21:19:33.470371008 CEST4436041935.244.181.201192.168.2.4
                                                              Sep 1, 2024 21:19:33.471606970 CEST60418443192.168.2.435.244.181.201
                                                              Sep 1, 2024 21:19:33.471621037 CEST60419443192.168.2.435.244.181.201
                                                              Sep 1, 2024 21:19:33.473427057 CEST6041680192.168.2.434.107.221.82
                                                              Sep 1, 2024 21:19:33.478247881 CEST806041634.107.221.82192.168.2.4
                                                              Sep 1, 2024 21:19:33.554275036 CEST806042034.107.221.82192.168.2.4
                                                              Sep 1, 2024 21:19:33.565031052 CEST806041634.107.221.82192.168.2.4
                                                              Sep 1, 2024 21:19:33.567173958 CEST6042080192.168.2.434.107.221.82
                                                              Sep 1, 2024 21:19:33.571965933 CEST806042034.107.221.82192.168.2.4
                                                              Sep 1, 2024 21:19:33.618874073 CEST6041680192.168.2.434.107.221.82
                                                              Sep 1, 2024 21:19:33.659749985 CEST806042034.107.221.82192.168.2.4
                                                              Sep 1, 2024 21:19:33.672503948 CEST4436041735.244.181.201192.168.2.4
                                                              Sep 1, 2024 21:19:33.672553062 CEST60417443192.168.2.435.244.181.201
                                                              Sep 1, 2024 21:19:33.703538895 CEST6042080192.168.2.434.107.221.82
                                                              Sep 1, 2024 21:19:35.677742958 CEST44360409172.64.41.3192.168.2.4
                                                              Sep 1, 2024 21:19:35.677813053 CEST44360409172.64.41.3192.168.2.4
                                                              Sep 1, 2024 21:19:35.677872896 CEST60409443192.168.2.4172.64.41.3
                                                              Sep 1, 2024 21:19:35.682113886 CEST44360408172.64.41.3192.168.2.4
                                                              Sep 1, 2024 21:19:35.682212114 CEST44360408172.64.41.3192.168.2.4
                                                              Sep 1, 2024 21:19:35.682307005 CEST60408443192.168.2.4172.64.41.3
                                                              Sep 1, 2024 21:19:43.576416969 CEST6041680192.168.2.434.107.221.82
                                                              Sep 1, 2024 21:19:43.584316969 CEST806041634.107.221.82192.168.2.4
                                                              Sep 1, 2024 21:19:43.661115885 CEST6042080192.168.2.434.107.221.82
                                                              Sep 1, 2024 21:19:43.665896893 CEST806042034.107.221.82192.168.2.4
                                                              Sep 1, 2024 21:19:52.611774921 CEST60422443192.168.2.452.165.165.26
                                                              Sep 1, 2024 21:19:52.611819983 CEST4436042252.165.165.26192.168.2.4
                                                              Sep 1, 2024 21:19:52.611891031 CEST60422443192.168.2.452.165.165.26
                                                              Sep 1, 2024 21:19:52.612319946 CEST60422443192.168.2.452.165.165.26
                                                              Sep 1, 2024 21:19:52.612339973 CEST4436042252.165.165.26192.168.2.4
                                                              Sep 1, 2024 21:19:52.893670082 CEST60398443192.168.2.4142.251.40.206
                                                              Sep 1, 2024 21:19:52.893687010 CEST44360398142.251.40.206192.168.2.4
                                                              Sep 1, 2024 21:19:52.893716097 CEST60397443192.168.2.4142.251.40.206
                                                              Sep 1, 2024 21:19:52.893722057 CEST44360397142.251.40.206192.168.2.4
                                                              Sep 1, 2024 21:19:53.279154062 CEST4436042252.165.165.26192.168.2.4
                                                              Sep 1, 2024 21:19:53.279226065 CEST60422443192.168.2.452.165.165.26
                                                              Sep 1, 2024 21:19:53.282800913 CEST60422443192.168.2.452.165.165.26
                                                              Sep 1, 2024 21:19:53.282825947 CEST4436042252.165.165.26192.168.2.4
                                                              Sep 1, 2024 21:19:53.283087969 CEST4436042252.165.165.26192.168.2.4
                                                              Sep 1, 2024 21:19:53.291614056 CEST60422443192.168.2.452.165.165.26
                                                              Sep 1, 2024 21:19:53.336503983 CEST4436042252.165.165.26192.168.2.4
                                                              Sep 1, 2024 21:19:53.558676004 CEST4436042252.165.165.26192.168.2.4
                                                              Sep 1, 2024 21:19:53.558696032 CEST4436042252.165.165.26192.168.2.4
                                                              Sep 1, 2024 21:19:53.558710098 CEST4436042252.165.165.26192.168.2.4
                                                              Sep 1, 2024 21:19:53.558990002 CEST60422443192.168.2.452.165.165.26
                                                              Sep 1, 2024 21:19:53.559021950 CEST4436042252.165.165.26192.168.2.4
                                                              Sep 1, 2024 21:19:53.559264898 CEST60422443192.168.2.452.165.165.26
                                                              Sep 1, 2024 21:19:53.559751034 CEST4436042252.165.165.26192.168.2.4
                                                              Sep 1, 2024 21:19:53.559794903 CEST4436042252.165.165.26192.168.2.4
                                                              Sep 1, 2024 21:19:53.559827089 CEST60422443192.168.2.452.165.165.26
                                                              Sep 1, 2024 21:19:53.559839964 CEST4436042252.165.165.26192.168.2.4
                                                              Sep 1, 2024 21:19:53.559860945 CEST4436042252.165.165.26192.168.2.4
                                                              Sep 1, 2024 21:19:53.559885025 CEST60422443192.168.2.452.165.165.26
                                                              Sep 1, 2024 21:19:53.559905052 CEST60422443192.168.2.452.165.165.26
                                                              Sep 1, 2024 21:19:53.563394070 CEST60422443192.168.2.452.165.165.26
                                                              Sep 1, 2024 21:19:53.563422918 CEST4436042252.165.165.26192.168.2.4
                                                              Sep 1, 2024 21:19:53.563453913 CEST60422443192.168.2.452.165.165.26
                                                              Sep 1, 2024 21:19:53.563467979 CEST4436042252.165.165.26192.168.2.4
                                                              Sep 1, 2024 21:19:53.595730066 CEST6041680192.168.2.434.107.221.82
                                                              Sep 1, 2024 21:19:53.600625038 CEST806041634.107.221.82192.168.2.4
                                                              Sep 1, 2024 21:19:53.672867060 CEST6042080192.168.2.434.107.221.82
                                                              Sep 1, 2024 21:19:53.677835941 CEST806042034.107.221.82192.168.2.4
                                                              Sep 1, 2024 21:19:57.792948008 CEST60409443192.168.2.4172.64.41.3
                                                              Sep 1, 2024 21:19:57.792973995 CEST44360409172.64.41.3192.168.2.4
                                                              Sep 1, 2024 21:19:57.792993069 CEST60408443192.168.2.4172.64.41.3
                                                              Sep 1, 2024 21:19:57.793023109 CEST44360408172.64.41.3192.168.2.4
                                                              Sep 1, 2024 21:20:01.057579994 CEST60424443192.168.2.423.44.133.38
                                                              Sep 1, 2024 21:20:01.057607889 CEST4436042423.44.133.38192.168.2.4
                                                              Sep 1, 2024 21:20:01.057709932 CEST60424443192.168.2.423.44.133.38
                                                              Sep 1, 2024 21:20:01.057928085 CEST60424443192.168.2.423.44.133.38
                                                              Sep 1, 2024 21:20:01.057940006 CEST4436042423.44.133.38192.168.2.4
                                                              Sep 1, 2024 21:20:01.530978918 CEST4436042423.44.133.38192.168.2.4
                                                              Sep 1, 2024 21:20:01.541344881 CEST60424443192.168.2.423.44.133.38
                                                              Sep 1, 2024 21:20:01.541361094 CEST4436042423.44.133.38192.168.2.4
                                                              Sep 1, 2024 21:20:01.541714907 CEST4436042423.44.133.38192.168.2.4
                                                              Sep 1, 2024 21:20:01.548619032 CEST60424443192.168.2.423.44.133.38
                                                              Sep 1, 2024 21:20:01.548682928 CEST4436042423.44.133.38192.168.2.4
                                                              Sep 1, 2024 21:20:01.548754930 CEST60424443192.168.2.423.44.133.38
                                                              Sep 1, 2024 21:20:01.592504025 CEST4436042423.44.133.38192.168.2.4
                                                              Sep 1, 2024 21:20:01.599890947 CEST60424443192.168.2.423.44.133.38
                                                              Sep 1, 2024 21:20:01.697537899 CEST4436042423.44.133.38192.168.2.4
                                                              Sep 1, 2024 21:20:01.697587967 CEST4436042423.44.133.38192.168.2.4
                                                              Sep 1, 2024 21:20:01.697731018 CEST60424443192.168.2.423.44.133.38
                                                              Sep 1, 2024 21:20:01.697771072 CEST60424443192.168.2.423.44.133.38
                                                              Sep 1, 2024 21:20:01.697781086 CEST4436042423.44.133.38192.168.2.4
                                                              Sep 1, 2024 21:20:01.697814941 CEST60424443192.168.2.423.44.133.38
                                                              Sep 1, 2024 21:20:01.697839975 CEST60424443192.168.2.423.44.133.38
                                                              Sep 1, 2024 21:20:03.605331898 CEST6041680192.168.2.434.107.221.82
                                                              Sep 1, 2024 21:20:03.610208988 CEST806041634.107.221.82192.168.2.4
                                                              Sep 1, 2024 21:20:03.653693914 CEST60425443192.168.2.434.120.208.123
                                                              Sep 1, 2024 21:20:03.653693914 CEST60426443192.168.2.434.120.208.123
                                                              Sep 1, 2024 21:20:03.653727055 CEST4436042534.120.208.123192.168.2.4
                                                              Sep 1, 2024 21:20:03.653737068 CEST4436042634.120.208.123192.168.2.4
                                                              Sep 1, 2024 21:20:03.654206038 CEST60427443192.168.2.434.120.208.123
                                                              Sep 1, 2024 21:20:03.654238939 CEST4436042734.120.208.123192.168.2.4
                                                              Sep 1, 2024 21:20:03.656085014 CEST60425443192.168.2.434.120.208.123
                                                              Sep 1, 2024 21:20:03.656085968 CEST60426443192.168.2.434.120.208.123
                                                              Sep 1, 2024 21:20:03.656186104 CEST60427443192.168.2.434.120.208.123
                                                              Sep 1, 2024 21:20:03.656389952 CEST60425443192.168.2.434.120.208.123
                                                              Sep 1, 2024 21:20:03.656400919 CEST4436042534.120.208.123192.168.2.4
                                                              Sep 1, 2024 21:20:03.656434059 CEST60426443192.168.2.434.120.208.123
                                                              Sep 1, 2024 21:20:03.656441927 CEST4436042634.120.208.123192.168.2.4
                                                              Sep 1, 2024 21:20:03.656719923 CEST60427443192.168.2.434.120.208.123
                                                              Sep 1, 2024 21:20:03.656734943 CEST4436042734.120.208.123192.168.2.4
                                                              Sep 1, 2024 21:20:03.683518887 CEST6042080192.168.2.434.107.221.82
                                                              Sep 1, 2024 21:20:03.688381910 CEST806042034.107.221.82192.168.2.4
                                                              Sep 1, 2024 21:20:04.098337889 CEST4436042634.120.208.123192.168.2.4
                                                              Sep 1, 2024 21:20:04.098383904 CEST4436042534.120.208.123192.168.2.4
                                                              Sep 1, 2024 21:20:04.098543882 CEST60426443192.168.2.434.120.208.123
                                                              Sep 1, 2024 21:20:04.098543882 CEST60425443192.168.2.434.120.208.123
                                                              Sep 1, 2024 21:20:04.101447105 CEST60426443192.168.2.434.120.208.123
                                                              Sep 1, 2024 21:20:04.101457119 CEST4436042634.120.208.123192.168.2.4
                                                              Sep 1, 2024 21:20:04.101660967 CEST4436042634.120.208.123192.168.2.4
                                                              Sep 1, 2024 21:20:04.101876974 CEST4436042734.120.208.123192.168.2.4
                                                              Sep 1, 2024 21:20:04.102205038 CEST60427443192.168.2.434.120.208.123
                                                              Sep 1, 2024 21:20:04.104981899 CEST60425443192.168.2.434.120.208.123
                                                              Sep 1, 2024 21:20:04.104986906 CEST4436042534.120.208.123192.168.2.4
                                                              Sep 1, 2024 21:20:04.105187893 CEST4436042534.120.208.123192.168.2.4
                                                              Sep 1, 2024 21:20:04.106522083 CEST60427443192.168.2.434.120.208.123
                                                              Sep 1, 2024 21:20:04.106532097 CEST4436042734.120.208.123192.168.2.4
                                                              Sep 1, 2024 21:20:04.106832027 CEST4436042734.120.208.123192.168.2.4
                                                              Sep 1, 2024 21:20:04.110817909 CEST60426443192.168.2.434.120.208.123
                                                              Sep 1, 2024 21:20:04.110817909 CEST60426443192.168.2.434.120.208.123
                                                              Sep 1, 2024 21:20:04.110948086 CEST4436042634.120.208.123192.168.2.4
                                                              Sep 1, 2024 21:20:04.112026930 CEST60425443192.168.2.434.120.208.123
                                                              Sep 1, 2024 21:20:04.112027884 CEST60425443192.168.2.434.120.208.123
                                                              Sep 1, 2024 21:20:04.112163067 CEST4436042534.120.208.123192.168.2.4
                                                              Sep 1, 2024 21:20:04.112595081 CEST60427443192.168.2.434.120.208.123
                                                              Sep 1, 2024 21:20:04.112595081 CEST60427443192.168.2.434.120.208.123
                                                              Sep 1, 2024 21:20:04.112797022 CEST4436042734.120.208.123192.168.2.4
                                                              Sep 1, 2024 21:20:04.113095999 CEST60426443192.168.2.434.120.208.123
                                                              Sep 1, 2024 21:20:04.113116026 CEST60427443192.168.2.434.120.208.123
                                                              Sep 1, 2024 21:20:04.113116980 CEST60425443192.168.2.434.120.208.123
                                                              Sep 1, 2024 21:20:04.451900959 CEST6041680192.168.2.434.107.221.82
                                                              Sep 1, 2024 21:20:04.456816912 CEST806041634.107.221.82192.168.2.4
                                                              Sep 1, 2024 21:20:04.542826891 CEST806041634.107.221.82192.168.2.4
                                                              Sep 1, 2024 21:20:04.545310974 CEST6042080192.168.2.434.107.221.82
                                                              Sep 1, 2024 21:20:04.550369024 CEST806042034.107.221.82192.168.2.4
                                                              Sep 1, 2024 21:20:04.598197937 CEST6041680192.168.2.434.107.221.82
                                                              Sep 1, 2024 21:20:04.636888027 CEST806042034.107.221.82192.168.2.4
                                                              Sep 1, 2024 21:20:04.689080954 CEST6042080192.168.2.434.107.221.82
                                                              Sep 1, 2024 21:20:07.175327063 CEST4972480192.168.2.493.184.221.240
                                                              Sep 1, 2024 21:20:07.181230068 CEST804972493.184.221.240192.168.2.4
                                                              Sep 1, 2024 21:20:07.181293964 CEST4972480192.168.2.493.184.221.240
                                                              Sep 1, 2024 21:20:14.554819107 CEST6041680192.168.2.434.107.221.82
                                                              Sep 1, 2024 21:20:14.560008049 CEST806041634.107.221.82192.168.2.4
                                                              Sep 1, 2024 21:20:14.639476061 CEST6042080192.168.2.434.107.221.82
                                                              Sep 1, 2024 21:20:14.644442081 CEST806042034.107.221.82192.168.2.4
                                                              Sep 1, 2024 21:20:24.574470043 CEST6041680192.168.2.434.107.221.82
                                                              Sep 1, 2024 21:20:24.579390049 CEST806041634.107.221.82192.168.2.4
                                                              Sep 1, 2024 21:20:24.659116983 CEST6042080192.168.2.434.107.221.82
                                                              Sep 1, 2024 21:20:24.663930893 CEST806042034.107.221.82192.168.2.4
                                                              Sep 1, 2024 21:20:34.581032991 CEST6041680192.168.2.434.107.221.82
                                                              Sep 1, 2024 21:20:34.586271048 CEST806041634.107.221.82192.168.2.4
                                                              Sep 1, 2024 21:20:34.676054001 CEST6042080192.168.2.434.107.221.82
                                                              Sep 1, 2024 21:20:34.681127071 CEST806042034.107.221.82192.168.2.4
                                                              Sep 1, 2024 21:20:37.897151947 CEST60398443192.168.2.4142.251.40.206
                                                              Sep 1, 2024 21:20:37.897167921 CEST44360398142.251.40.206192.168.2.4
                                                              Sep 1, 2024 21:20:37.897227049 CEST60397443192.168.2.4142.251.40.206
                                                              Sep 1, 2024 21:20:37.897233009 CEST44360397142.251.40.206192.168.2.4
                                                              Sep 1, 2024 21:20:44.597547054 CEST6041680192.168.2.434.107.221.82
                                                              Sep 1, 2024 21:20:44.602489948 CEST806041634.107.221.82192.168.2.4
                                                              Sep 1, 2024 21:20:44.682254076 CEST6042080192.168.2.434.107.221.82
                                                              Sep 1, 2024 21:20:44.687201023 CEST806042034.107.221.82192.168.2.4
                                                              Sep 1, 2024 21:20:54.616028070 CEST6041680192.168.2.434.107.221.82
                                                              Sep 1, 2024 21:20:54.621256113 CEST806041634.107.221.82192.168.2.4
                                                              Sep 1, 2024 21:20:54.709732056 CEST6042080192.168.2.434.107.221.82
                                                              Sep 1, 2024 21:20:54.716021061 CEST806042034.107.221.82192.168.2.4

                                                              UDP Packets

                                                              TimestampSource PortDest PortSource IPDest IP
                                                              Sep 1, 2024 21:18:58.601366043 CEST53579461.1.1.1192.168.2.4
                                                              Sep 1, 2024 21:19:00.370553970 CEST5219253192.168.2.41.1.1.1
                                                              Sep 1, 2024 21:19:00.370942116 CEST6460053192.168.2.41.1.1.1
                                                              Sep 1, 2024 21:19:00.626432896 CEST5010253192.168.2.41.1.1.1
                                                              Sep 1, 2024 21:19:00.626576900 CEST6525353192.168.2.41.1.1.1
                                                              Sep 1, 2024 21:19:00.635668993 CEST53501021.1.1.1192.168.2.4
                                                              Sep 1, 2024 21:19:00.651532888 CEST53652531.1.1.1192.168.2.4
                                                              Sep 1, 2024 21:19:02.064088106 CEST53576801.1.1.1192.168.2.4
                                                              Sep 1, 2024 21:19:02.204113007 CEST53654161.1.1.1192.168.2.4
                                                              Sep 1, 2024 21:19:03.224608898 CEST4977653192.168.2.41.1.1.1
                                                              Sep 1, 2024 21:19:03.245552063 CEST6096953192.168.2.41.1.1.1
                                                              Sep 1, 2024 21:19:03.245960951 CEST6443153192.168.2.41.1.1.1
                                                              Sep 1, 2024 21:19:03.246093035 CEST5566153192.168.2.41.1.1.1
                                                              Sep 1, 2024 21:19:03.355561972 CEST53556611.1.1.1192.168.2.4
                                                              Sep 1, 2024 21:19:03.355570078 CEST53644311.1.1.1192.168.2.4
                                                              Sep 1, 2024 21:19:03.355581045 CEST53609691.1.1.1192.168.2.4
                                                              Sep 1, 2024 21:19:03.355590105 CEST53497761.1.1.1192.168.2.4
                                                              Sep 1, 2024 21:19:03.361321926 CEST6494453192.168.2.41.1.1.1
                                                              Sep 1, 2024 21:19:03.369105101 CEST53649441.1.1.1192.168.2.4
                                                              Sep 1, 2024 21:19:03.381120920 CEST6027953192.168.2.41.1.1.1
                                                              Sep 1, 2024 21:19:03.389374018 CEST53602791.1.1.1192.168.2.4
                                                              Sep 1, 2024 21:19:03.494395971 CEST5837453192.168.2.41.1.1.1
                                                              Sep 1, 2024 21:19:03.494515896 CEST6130153192.168.2.41.1.1.1
                                                              Sep 1, 2024 21:19:03.501516104 CEST53613011.1.1.1192.168.2.4
                                                              Sep 1, 2024 21:19:03.501718044 CEST53583741.1.1.1192.168.2.4
                                                              Sep 1, 2024 21:19:04.010330915 CEST54365443192.168.2.4172.64.41.3
                                                              Sep 1, 2024 21:19:04.311234951 CEST54365443192.168.2.4172.64.41.3
                                                              Sep 1, 2024 21:19:04.577020884 CEST44354365172.64.41.3192.168.2.4
                                                              Sep 1, 2024 21:19:04.577040911 CEST44354365172.64.41.3192.168.2.4
                                                              Sep 1, 2024 21:19:04.577053070 CEST44354365172.64.41.3192.168.2.4
                                                              Sep 1, 2024 21:19:04.577152967 CEST44354365172.64.41.3192.168.2.4
                                                              Sep 1, 2024 21:19:04.577164888 CEST44354365172.64.41.3192.168.2.4
                                                              Sep 1, 2024 21:19:04.579797029 CEST54365443192.168.2.4172.64.41.3
                                                              Sep 1, 2024 21:19:04.581582069 CEST54365443192.168.2.4172.64.41.3
                                                              Sep 1, 2024 21:19:04.581717968 CEST54365443192.168.2.4172.64.41.3
                                                              Sep 1, 2024 21:19:04.582087040 CEST54365443192.168.2.4172.64.41.3
                                                              Sep 1, 2024 21:19:04.598067045 CEST54365443192.168.2.4172.64.41.3
                                                              Sep 1, 2024 21:19:04.614253044 CEST54365443192.168.2.4172.64.41.3
                                                              Sep 1, 2024 21:19:04.672744036 CEST44354365172.64.41.3192.168.2.4
                                                              Sep 1, 2024 21:19:04.672759056 CEST44354365172.64.41.3192.168.2.4
                                                              Sep 1, 2024 21:19:04.672768116 CEST44354365172.64.41.3192.168.2.4
                                                              Sep 1, 2024 21:19:04.672779083 CEST44354365172.64.41.3192.168.2.4
                                                              Sep 1, 2024 21:19:04.672868967 CEST44354365172.64.41.3192.168.2.4
                                                              Sep 1, 2024 21:19:04.674216032 CEST54365443192.168.2.4172.64.41.3
                                                              Sep 1, 2024 21:19:04.674447060 CEST54365443192.168.2.4172.64.41.3
                                                              Sep 1, 2024 21:19:04.674771070 CEST44354365172.64.41.3192.168.2.4
                                                              Sep 1, 2024 21:19:04.693869114 CEST44354365172.64.41.3192.168.2.4
                                                              Sep 1, 2024 21:19:04.694502115 CEST44354365172.64.41.3192.168.2.4
                                                              Sep 1, 2024 21:19:04.695312977 CEST44354365172.64.41.3192.168.2.4
                                                              Sep 1, 2024 21:19:04.695445061 CEST44354365172.64.41.3192.168.2.4
                                                              Sep 1, 2024 21:19:04.695455074 CEST44354365172.64.41.3192.168.2.4
                                                              Sep 1, 2024 21:19:04.695525885 CEST44354365172.64.41.3192.168.2.4
                                                              Sep 1, 2024 21:19:04.696572065 CEST54365443192.168.2.4172.64.41.3
                                                              Sep 1, 2024 21:19:04.696887970 CEST54365443192.168.2.4172.64.41.3
                                                              Sep 1, 2024 21:19:04.698302984 CEST54365443192.168.2.4172.64.41.3
                                                              Sep 1, 2024 21:19:04.705432892 CEST44354365172.64.41.3192.168.2.4
                                                              Sep 1, 2024 21:19:04.706545115 CEST44354365172.64.41.3192.168.2.4
                                                              Sep 1, 2024 21:19:04.706665993 CEST44354365172.64.41.3192.168.2.4
                                                              Sep 1, 2024 21:19:04.706965923 CEST54365443192.168.2.4172.64.41.3
                                                              Sep 1, 2024 21:19:04.729166031 CEST5246053192.168.2.41.1.1.1
                                                              Sep 1, 2024 21:19:04.736314058 CEST53524601.1.1.1192.168.2.4
                                                              Sep 1, 2024 21:19:04.765201092 CEST44354365172.64.41.3192.168.2.4
                                                              Sep 1, 2024 21:19:04.805048943 CEST54365443192.168.2.4172.64.41.3
                                                              Sep 1, 2024 21:19:05.825536013 CEST54365443192.168.2.4172.64.41.3
                                                              Sep 1, 2024 21:19:05.825756073 CEST54365443192.168.2.4172.64.41.3
                                                              Sep 1, 2024 21:19:05.917047024 CEST44354365172.64.41.3192.168.2.4
                                                              Sep 1, 2024 21:19:05.917958021 CEST44354365172.64.41.3192.168.2.4
                                                              Sep 1, 2024 21:19:05.918174982 CEST44354365172.64.41.3192.168.2.4
                                                              Sep 1, 2024 21:19:05.921278954 CEST54365443192.168.2.4172.64.41.3
                                                              Sep 1, 2024 21:19:06.151843071 CEST54365443192.168.2.4172.64.41.3
                                                              Sep 1, 2024 21:19:06.152040005 CEST54365443192.168.2.4172.64.41.3
                                                              Sep 1, 2024 21:19:06.243597984 CEST44354365172.64.41.3192.168.2.4
                                                              Sep 1, 2024 21:19:06.243968010 CEST44354365172.64.41.3192.168.2.4
                                                              Sep 1, 2024 21:19:06.244561911 CEST44354365172.64.41.3192.168.2.4
                                                              Sep 1, 2024 21:19:06.252265930 CEST5023753192.168.2.41.1.1.1
                                                              Sep 1, 2024 21:19:06.255522013 CEST54365443192.168.2.4172.64.41.3
                                                              Sep 1, 2024 21:19:06.258949995 CEST53502371.1.1.1192.168.2.4
                                                              Sep 1, 2024 21:19:06.275799990 CEST5608853192.168.2.41.1.1.1
                                                              Sep 1, 2024 21:19:06.282756090 CEST53560881.1.1.1192.168.2.4
                                                              Sep 1, 2024 21:19:06.747765064 CEST5892053192.168.2.41.1.1.1
                                                              Sep 1, 2024 21:19:06.754498959 CEST53589201.1.1.1192.168.2.4
                                                              Sep 1, 2024 21:19:06.789760113 CEST5570353192.168.2.41.1.1.1
                                                              Sep 1, 2024 21:19:06.798106909 CEST53557031.1.1.1192.168.2.4
                                                              Sep 1, 2024 21:19:06.806220055 CEST5090353192.168.2.41.1.1.1
                                                              Sep 1, 2024 21:19:06.983675003 CEST58800443192.168.2.4142.251.40.206
                                                              Sep 1, 2024 21:19:07.286073923 CEST58800443192.168.2.4142.251.40.206
                                                              Sep 1, 2024 21:19:07.382198095 CEST54365443192.168.2.4172.64.41.3
                                                              Sep 1, 2024 21:19:07.382302999 CEST54365443192.168.2.4172.64.41.3
                                                              Sep 1, 2024 21:19:07.422239065 CEST44358800142.251.40.206192.168.2.4
                                                              Sep 1, 2024 21:19:07.422295094 CEST44358800142.251.40.206192.168.2.4
                                                              Sep 1, 2024 21:19:07.424834967 CEST58800443192.168.2.4142.251.40.206
                                                              Sep 1, 2024 21:19:07.429203987 CEST44358800142.251.40.206192.168.2.4
                                                              Sep 1, 2024 21:19:07.429291010 CEST44358800142.251.40.206192.168.2.4
                                                              Sep 1, 2024 21:19:07.429303885 CEST44358800142.251.40.206192.168.2.4
                                                              Sep 1, 2024 21:19:07.429424047 CEST44358800142.251.40.206192.168.2.4
                                                              Sep 1, 2024 21:19:07.429493904 CEST58800443192.168.2.4142.251.40.206
                                                              Sep 1, 2024 21:19:07.430059910 CEST58800443192.168.2.4142.251.40.206
                                                              Sep 1, 2024 21:19:07.430988073 CEST58800443192.168.2.4142.251.40.206
                                                              Sep 1, 2024 21:19:07.431097984 CEST58800443192.168.2.4142.251.40.206
                                                              Sep 1, 2024 21:19:07.431410074 CEST58800443192.168.2.4142.251.40.206
                                                              Sep 1, 2024 21:19:07.431422949 CEST58800443192.168.2.4142.251.40.206
                                                              Sep 1, 2024 21:19:07.431618929 CEST58800443192.168.2.4142.251.40.206
                                                              Sep 1, 2024 21:19:07.474968910 CEST44354365172.64.41.3192.168.2.4
                                                              Sep 1, 2024 21:19:07.475533962 CEST44354365172.64.41.3192.168.2.4
                                                              Sep 1, 2024 21:19:07.475936890 CEST44354365172.64.41.3192.168.2.4
                                                              Sep 1, 2024 21:19:07.476089954 CEST54365443192.168.2.4172.64.41.3
                                                              Sep 1, 2024 21:19:07.525820017 CEST44358800142.251.40.206192.168.2.4
                                                              Sep 1, 2024 21:19:07.525830030 CEST44358800142.251.40.206192.168.2.4
                                                              Sep 1, 2024 21:19:07.526072025 CEST58800443192.168.2.4142.251.40.206
                                                              Sep 1, 2024 21:19:07.526243925 CEST44358800142.251.40.206192.168.2.4
                                                              Sep 1, 2024 21:19:07.526623964 CEST44358800142.251.40.206192.168.2.4
                                                              Sep 1, 2024 21:19:07.526782036 CEST58800443192.168.2.4142.251.40.206
                                                              Sep 1, 2024 21:19:07.541305065 CEST44358800142.251.40.206192.168.2.4
                                                              Sep 1, 2024 21:19:07.541557074 CEST58800443192.168.2.4142.251.40.206
                                                              Sep 1, 2024 21:19:07.552877903 CEST44358800142.251.40.206192.168.2.4
                                                              Sep 1, 2024 21:19:07.553096056 CEST58800443192.168.2.4142.251.40.206
                                                              Sep 1, 2024 21:19:07.597776890 CEST54365443192.168.2.4172.64.41.3
                                                              Sep 1, 2024 21:19:07.597989082 CEST54365443192.168.2.4172.64.41.3
                                                              Sep 1, 2024 21:19:07.647006989 CEST44358800142.251.40.206192.168.2.4
                                                              Sep 1, 2024 21:19:07.689596891 CEST44354365172.64.41.3192.168.2.4
                                                              Sep 1, 2024 21:19:07.690438986 CEST44354365172.64.41.3192.168.2.4
                                                              Sep 1, 2024 21:19:07.690606117 CEST44354365172.64.41.3192.168.2.4
                                                              Sep 1, 2024 21:19:07.691088915 CEST54365443192.168.2.4172.64.41.3
                                                              Sep 1, 2024 21:19:15.642659903 CEST58800443192.168.2.4142.251.40.206
                                                              Sep 1, 2024 21:19:15.642699003 CEST58800443192.168.2.4142.251.40.206
                                                              Sep 1, 2024 21:19:15.742764950 CEST44358800142.251.40.206192.168.2.4
                                                              Sep 1, 2024 21:19:15.785331011 CEST44358800142.251.40.206192.168.2.4
                                                              Sep 1, 2024 21:19:15.785454988 CEST44358800142.251.40.206192.168.2.4
                                                              Sep 1, 2024 21:19:15.817980051 CEST58800443192.168.2.4142.251.40.206
                                                              Sep 1, 2024 21:19:15.846366882 CEST58800443192.168.2.4142.251.40.206
                                                              Sep 1, 2024 21:19:15.937773943 CEST44358800142.251.40.206192.168.2.4
                                                              Sep 1, 2024 21:19:18.774869919 CEST138138192.168.2.4192.168.2.255
                                                              Sep 1, 2024 21:19:19.144926071 CEST54365443192.168.2.4172.64.41.3
                                                              Sep 1, 2024 21:19:19.145059109 CEST54365443192.168.2.4172.64.41.3
                                                              Sep 1, 2024 21:19:19.236907005 CEST44354365172.64.41.3192.168.2.4
                                                              Sep 1, 2024 21:19:19.238508940 CEST44354365172.64.41.3192.168.2.4
                                                              Sep 1, 2024 21:19:19.268739939 CEST44354365172.64.41.3192.168.2.4
                                                              Sep 1, 2024 21:19:19.268918037 CEST54365443192.168.2.4172.64.41.3
                                                              Sep 1, 2024 21:19:20.311502934 CEST54365443192.168.2.4172.64.41.3
                                                              Sep 1, 2024 21:19:20.311894894 CEST54365443192.168.2.4172.64.41.3
                                                              Sep 1, 2024 21:19:20.312918901 CEST58476443192.168.2.4172.64.41.3
                                                              Sep 1, 2024 21:19:20.403446913 CEST44354365172.64.41.3192.168.2.4
                                                              Sep 1, 2024 21:19:20.404232025 CEST44354365172.64.41.3192.168.2.4
                                                              Sep 1, 2024 21:19:20.404398918 CEST44354365172.64.41.3192.168.2.4
                                                              Sep 1, 2024 21:19:20.405659914 CEST54365443192.168.2.4172.64.41.3
                                                              Sep 1, 2024 21:19:20.630709887 CEST58476443192.168.2.4172.64.41.3
                                                              Sep 1, 2024 21:19:20.741709948 CEST44358476172.64.41.3192.168.2.4
                                                              Sep 1, 2024 21:19:20.741745949 CEST44358476172.64.41.3192.168.2.4
                                                              Sep 1, 2024 21:19:20.741761923 CEST44358476172.64.41.3192.168.2.4
                                                              Sep 1, 2024 21:19:20.741826057 CEST44358476172.64.41.3192.168.2.4
                                                              Sep 1, 2024 21:19:20.756620884 CEST58476443192.168.2.4172.64.41.3
                                                              Sep 1, 2024 21:19:20.766609907 CEST58476443192.168.2.4172.64.41.3
                                                              Sep 1, 2024 21:19:20.775749922 CEST58476443192.168.2.4172.64.41.3
                                                              Sep 1, 2024 21:19:20.775867939 CEST58476443192.168.2.4172.64.41.3
                                                              Sep 1, 2024 21:19:20.782052994 CEST58476443192.168.2.4172.64.41.3
                                                              Sep 1, 2024 21:19:20.782205105 CEST58476443192.168.2.4172.64.41.3
                                                              Sep 1, 2024 21:19:20.869282961 CEST44358476172.64.41.3192.168.2.4
                                                              Sep 1, 2024 21:19:20.869294882 CEST44358476172.64.41.3192.168.2.4
                                                              Sep 1, 2024 21:19:20.869302034 CEST44358476172.64.41.3192.168.2.4
                                                              Sep 1, 2024 21:19:20.869309902 CEST44358476172.64.41.3192.168.2.4
                                                              Sep 1, 2024 21:19:20.870075941 CEST58476443192.168.2.4172.64.41.3
                                                              Sep 1, 2024 21:19:20.870188951 CEST58476443192.168.2.4172.64.41.3
                                                              Sep 1, 2024 21:19:20.898818016 CEST44358476172.64.41.3192.168.2.4
                                                              Sep 1, 2024 21:19:20.899363041 CEST44358476172.64.41.3192.168.2.4
                                                              Sep 1, 2024 21:19:20.899681091 CEST44358476172.64.41.3192.168.2.4
                                                              Sep 1, 2024 21:19:20.915112972 CEST58476443192.168.2.4172.64.41.3
                                                              Sep 1, 2024 21:19:20.963373899 CEST44358476172.64.41.3192.168.2.4
                                                              Sep 1, 2024 21:19:20.990004063 CEST58476443192.168.2.4172.64.41.3
                                                              Sep 1, 2024 21:19:32.203494072 CEST5028753192.168.2.41.1.1.1
                                                              Sep 1, 2024 21:19:32.204210997 CEST5245753192.168.2.41.1.1.1
                                                              Sep 1, 2024 21:19:32.210493088 CEST53502871.1.1.1192.168.2.4
                                                              Sep 1, 2024 21:19:32.211570024 CEST4952053192.168.2.41.1.1.1
                                                              Sep 1, 2024 21:19:32.213830948 CEST53524571.1.1.1192.168.2.4
                                                              Sep 1, 2024 21:19:32.214803934 CEST5661353192.168.2.41.1.1.1
                                                              Sep 1, 2024 21:19:32.218636036 CEST53495201.1.1.1192.168.2.4
                                                              Sep 1, 2024 21:19:32.219187021 CEST5609753192.168.2.41.1.1.1
                                                              Sep 1, 2024 21:19:32.221532106 CEST53566131.1.1.1192.168.2.4
                                                              Sep 1, 2024 21:19:32.226478100 CEST53560971.1.1.1192.168.2.4
                                                              Sep 1, 2024 21:19:32.257555962 CEST4959253192.168.2.41.1.1.1
                                                              Sep 1, 2024 21:19:32.271306038 CEST53495921.1.1.1192.168.2.4
                                                              Sep 1, 2024 21:19:32.272572994 CEST5176553192.168.2.41.1.1.1
                                                              Sep 1, 2024 21:19:32.301773071 CEST53517651.1.1.1192.168.2.4
                                                              Sep 1, 2024 21:19:32.302345037 CEST5078953192.168.2.41.1.1.1
                                                              Sep 1, 2024 21:19:32.310441017 CEST53507891.1.1.1192.168.2.4
                                                              Sep 1, 2024 21:19:32.664237022 CEST5489753192.168.2.41.1.1.1
                                                              Sep 1, 2024 21:19:36.894589901 CEST58800443192.168.2.4142.251.40.206
                                                              Sep 1, 2024 21:19:37.006345034 CEST44358800142.251.40.206192.168.2.4
                                                              Sep 1, 2024 21:19:37.006516933 CEST44358800142.251.40.206192.168.2.4
                                                              Sep 1, 2024 21:19:37.006686926 CEST58800443192.168.2.4142.251.40.206
                                                              Sep 1, 2024 21:19:37.044460058 CEST58800443192.168.2.4142.251.40.206
                                                              Sep 1, 2024 21:19:37.125267029 CEST44358800142.251.40.206192.168.2.4
                                                              Sep 1, 2024 21:20:00.362196922 CEST61557443192.168.2.4172.64.41.3
                                                              Sep 1, 2024 21:20:00.362344027 CEST61557443192.168.2.4172.64.41.3
                                                              Sep 1, 2024 21:20:00.362550974 CEST61557443192.168.2.4172.64.41.3
                                                              Sep 1, 2024 21:20:00.362632990 CEST61557443192.168.2.4172.64.41.3
                                                              Sep 1, 2024 21:20:00.775599003 CEST61557443192.168.2.4172.64.41.3
                                                              Sep 1, 2024 21:20:00.804614067 CEST44361557172.64.41.3192.168.2.4
                                                              Sep 1, 2024 21:20:00.805161953 CEST61557443192.168.2.4172.64.41.3
                                                              Sep 1, 2024 21:20:00.844527960 CEST61557443192.168.2.4172.64.41.3
                                                              Sep 1, 2024 21:20:00.867662907 CEST44361557172.64.41.3192.168.2.4
                                                              Sep 1, 2024 21:20:00.867724895 CEST44361557172.64.41.3192.168.2.4
                                                              Sep 1, 2024 21:20:00.867733002 CEST44361557172.64.41.3192.168.2.4
                                                              Sep 1, 2024 21:20:00.867743015 CEST44361557172.64.41.3192.168.2.4
                                                              Sep 1, 2024 21:20:00.867934942 CEST61557443192.168.2.4172.64.41.3
                                                              Sep 1, 2024 21:20:00.868114948 CEST61557443192.168.2.4172.64.41.3
                                                              Sep 1, 2024 21:20:00.897156000 CEST44361557172.64.41.3192.168.2.4
                                                              Sep 1, 2024 21:20:00.929194927 CEST61557443192.168.2.4172.64.41.3
                                                              Sep 1, 2024 21:20:00.960333109 CEST44361557172.64.41.3192.168.2.4
                                                              Sep 1, 2024 21:20:00.960594893 CEST61557443192.168.2.4172.64.41.3
                                                              Sep 1, 2024 21:20:01.053251028 CEST44361557172.64.41.3192.168.2.4
                                                              Sep 1, 2024 21:20:01.054804087 CEST44361557172.64.41.3192.168.2.4
                                                              Sep 1, 2024 21:20:01.055253029 CEST44361557172.64.41.3192.168.2.4
                                                              Sep 1, 2024 21:20:01.056952000 CEST61557443192.168.2.4172.64.41.3
                                                              Sep 1, 2024 21:20:02.152750015 CEST61557443192.168.2.4172.64.41.3
                                                              Sep 1, 2024 21:20:02.152885914 CEST61557443192.168.2.4172.64.41.3
                                                              Sep 1, 2024 21:20:02.245526075 CEST44361557172.64.41.3192.168.2.4
                                                              Sep 1, 2024 21:20:02.247598886 CEST44361557172.64.41.3192.168.2.4
                                                              Sep 1, 2024 21:20:02.247876883 CEST44361557172.64.41.3192.168.2.4
                                                              Sep 1, 2024 21:20:02.248404026 CEST61557443192.168.2.4172.64.41.3
                                                              Sep 1, 2024 21:20:02.249399900 CEST53872443192.168.2.423.44.201.5
                                                              Sep 1, 2024 21:20:02.554177046 CEST53872443192.168.2.423.44.201.5
                                                              Sep 1, 2024 21:20:02.683011055 CEST4435387223.44.201.5192.168.2.4
                                                              Sep 1, 2024 21:20:02.687005997 CEST4435387223.44.201.5192.168.2.4
                                                              Sep 1, 2024 21:20:02.687043905 CEST4435387223.44.201.5192.168.2.4
                                                              Sep 1, 2024 21:20:02.687056065 CEST4435387223.44.201.5192.168.2.4
                                                              Sep 1, 2024 21:20:02.687141895 CEST4435387223.44.201.5192.168.2.4
                                                              Sep 1, 2024 21:20:02.687421083 CEST53872443192.168.2.423.44.201.5
                                                              Sep 1, 2024 21:20:02.689568043 CEST53872443192.168.2.423.44.201.5
                                                              Sep 1, 2024 21:20:02.689675093 CEST53872443192.168.2.423.44.201.5
                                                              Sep 1, 2024 21:20:02.808868885 CEST4435387223.44.201.5192.168.2.4
                                                              Sep 1, 2024 21:20:02.812889099 CEST4435387223.44.201.5192.168.2.4
                                                              Sep 1, 2024 21:20:02.812899113 CEST4435387223.44.201.5192.168.2.4
                                                              Sep 1, 2024 21:20:02.812931061 CEST4435387223.44.201.5192.168.2.4
                                                              Sep 1, 2024 21:20:02.812941074 CEST4435387223.44.201.5192.168.2.4
                                                              Sep 1, 2024 21:20:02.813157082 CEST53872443192.168.2.423.44.201.5
                                                              Sep 1, 2024 21:20:02.813345909 CEST53872443192.168.2.423.44.201.5
                                                              Sep 1, 2024 21:20:02.923969984 CEST4435387223.44.201.5192.168.2.4
                                                              Sep 1, 2024 21:20:03.656050920 CEST5700753192.168.2.41.1.1.1
                                                              Sep 1, 2024 21:20:03.663216114 CEST53570071.1.1.1192.168.2.4
                                                              Sep 1, 2024 21:20:03.667160988 CEST5632453192.168.2.41.1.1.1
                                                              Sep 1, 2024 21:20:03.674557924 CEST53563241.1.1.1192.168.2.4
                                                              Sep 1, 2024 21:20:04.543719053 CEST5461453192.168.2.41.1.1.1
                                                              Sep 1, 2024 21:20:04.551033974 CEST53546141.1.1.1192.168.2.4
                                                              Sep 1, 2024 21:20:05.647419930 CEST61557443192.168.2.4172.64.41.3
                                                              Sep 1, 2024 21:20:05.647533894 CEST61557443192.168.2.4172.64.41.3
                                                              Sep 1, 2024 21:20:05.740927935 CEST44361557172.64.41.3192.168.2.4
                                                              Sep 1, 2024 21:20:05.741477013 CEST44361557172.64.41.3192.168.2.4
                                                              Sep 1, 2024 21:20:05.741564035 CEST44361557172.64.41.3192.168.2.4
                                                              Sep 1, 2024 21:20:05.752675056 CEST61557443192.168.2.4172.64.41.3
                                                              Sep 1, 2024 21:20:05.753477097 CEST62095443192.168.2.4172.253.115.84
                                                              Sep 1, 2024 21:20:05.753583908 CEST62095443192.168.2.4172.253.115.84
                                                              Sep 1, 2024 21:20:05.753782988 CEST62095443192.168.2.4172.253.115.84
                                                              Sep 1, 2024 21:20:06.217139006 CEST44362095172.253.115.84192.168.2.4
                                                              Sep 1, 2024 21:20:06.217710018 CEST44362095172.253.115.84192.168.2.4
                                                              Sep 1, 2024 21:20:06.217750072 CEST44362095172.253.115.84192.168.2.4
                                                              Sep 1, 2024 21:20:06.217761040 CEST44362095172.253.115.84192.168.2.4
                                                              Sep 1, 2024 21:20:06.217874050 CEST44362095172.253.115.84192.168.2.4
                                                              Sep 1, 2024 21:20:06.218004942 CEST62095443192.168.2.4172.253.115.84
                                                              Sep 1, 2024 21:20:06.218584061 CEST62095443192.168.2.4172.253.115.84
                                                              Sep 1, 2024 21:20:06.320355892 CEST44362095172.253.115.84192.168.2.4
                                                              Sep 1, 2024 21:20:06.320369005 CEST44362095172.253.115.84192.168.2.4
                                                              Sep 1, 2024 21:20:06.320674896 CEST62095443192.168.2.4172.253.115.84
                                                              Sep 1, 2024 21:20:06.341762066 CEST44362095172.253.115.84192.168.2.4
                                                              Sep 1, 2024 21:20:06.341780901 CEST44362095172.253.115.84192.168.2.4
                                                              Sep 1, 2024 21:20:06.341790915 CEST44362095172.253.115.84192.168.2.4
                                                              Sep 1, 2024 21:20:06.345249891 CEST62095443192.168.2.4172.253.115.84
                                                              Sep 1, 2024 21:20:06.372987986 CEST62095443192.168.2.4172.253.115.84
                                                              Sep 1, 2024 21:20:06.476723909 CEST44362095172.253.115.84192.168.2.4
                                                              Sep 1, 2024 21:20:08.652267933 CEST62095443192.168.2.4172.253.115.84
                                                              Sep 1, 2024 21:20:08.779170990 CEST44362095172.253.115.84192.168.2.4
                                                              Sep 1, 2024 21:20:08.816905975 CEST62095443192.168.2.4172.253.115.84
                                                              Sep 1, 2024 21:20:08.818999052 CEST44362095172.253.115.84192.168.2.4
                                                              Sep 1, 2024 21:20:08.819008112 CEST44362095172.253.115.84192.168.2.4
                                                              Sep 1, 2024 21:20:08.819061995 CEST44362095172.253.115.84192.168.2.4
                                                              Sep 1, 2024 21:20:08.832844019 CEST62095443192.168.2.4172.253.115.84
                                                              Sep 1, 2024 21:20:08.832915068 CEST62095443192.168.2.4172.253.115.84
                                                              Sep 1, 2024 21:20:08.960334063 CEST44362095172.253.115.84192.168.2.4
                                                              Sep 1, 2024 21:20:22.826767921 CEST4435387223.44.201.5192.168.2.4
                                                              Sep 1, 2024 21:20:22.856200933 CEST53872443192.168.2.423.44.201.5
                                                              Sep 1, 2024 21:20:23.327047110 CEST4435387223.44.201.5192.168.2.4
                                                              Sep 1, 2024 21:20:23.357712030 CEST53872443192.168.2.423.44.201.5
                                                              Sep 1, 2024 21:20:32.825067997 CEST4435387223.44.201.5192.168.2.4

                                                              DNS Queries

                                                              TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                              Sep 1, 2024 21:19:00.370553970 CEST192.168.2.41.1.1.10x6069Standard query (0)bzib.nelreports.netA (IP address)IN (0x0001)false
                                                              Sep 1, 2024 21:19:00.370942116 CEST192.168.2.41.1.1.10x85bcStandard query (0)bzib.nelreports.net65IN (0x0001)false
                                                              Sep 1, 2024 21:19:00.626432896 CEST192.168.2.41.1.1.10x9025Standard query (0)clients2.googleusercontent.comA (IP address)IN (0x0001)false
                                                              Sep 1, 2024 21:19:00.626576900 CEST192.168.2.41.1.1.10x9932Standard query (0)clients2.googleusercontent.com65IN (0x0001)false
                                                              Sep 1, 2024 21:19:03.224608898 CEST192.168.2.41.1.1.10x367eStandard query (0)chrome.cloudflare-dns.comA (IP address)IN (0x0001)false
                                                              Sep 1, 2024 21:19:03.245552063 CEST192.168.2.41.1.1.10x71b8Standard query (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                                              Sep 1, 2024 21:19:03.245960951 CEST192.168.2.41.1.1.10xac23Standard query (0)chrome.cloudflare-dns.comA (IP address)IN (0x0001)false
                                                              Sep 1, 2024 21:19:03.246093035 CEST192.168.2.41.1.1.10xb7ddStandard query (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                                              Sep 1, 2024 21:19:03.361321926 CEST192.168.2.41.1.1.10x74ddStandard query (0)prod.classify-client.prod.webservices.mozgcp.netA (IP address)IN (0x0001)false
                                                              Sep 1, 2024 21:19:03.381120920 CEST192.168.2.41.1.1.10x3f2bStandard query (0)prod.classify-client.prod.webservices.mozgcp.net28IN (0x0001)false
                                                              Sep 1, 2024 21:19:03.494395971 CEST192.168.2.41.1.1.10x59acStandard query (0)chrome.cloudflare-dns.comA (IP address)IN (0x0001)false
                                                              Sep 1, 2024 21:19:03.494515896 CEST192.168.2.41.1.1.10x27adStandard query (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                                              Sep 1, 2024 21:19:04.729166031 CEST192.168.2.41.1.1.10xa31Standard query (0)detectportal.firefox.comA (IP address)IN (0x0001)false
                                                              Sep 1, 2024 21:19:04.789107084 CEST192.168.2.41.1.1.10x1Standard query (0)detectportal.firefox.comA (IP address)IN (0x0001)false
                                                              Sep 1, 2024 21:19:06.252265930 CEST192.168.2.41.1.1.10xda72Standard query (0)prod.detectportal.prod.cloudops.mozgcp.netA (IP address)IN (0x0001)false
                                                              Sep 1, 2024 21:19:06.275799990 CEST192.168.2.41.1.1.10x4811Standard query (0)prod.detectportal.prod.cloudops.mozgcp.net28IN (0x0001)false
                                                              Sep 1, 2024 21:19:06.747765064 CEST192.168.2.41.1.1.10x85faStandard query (0)example.orgA (IP address)IN (0x0001)false
                                                              Sep 1, 2024 21:19:06.789760113 CEST192.168.2.41.1.1.10x764fStandard query (0)ipv4only.arpaA (IP address)IN (0x0001)false
                                                              Sep 1, 2024 21:19:06.806220055 CEST192.168.2.41.1.1.10xc327Standard query (0)detectportal.firefox.comA (IP address)IN (0x0001)false
                                                              Sep 1, 2024 21:19:32.203494072 CEST192.168.2.41.1.1.10xdcc9Standard query (0)firefox.settings.services.mozilla.comA (IP address)IN (0x0001)false
                                                              Sep 1, 2024 21:19:32.204210997 CEST192.168.2.41.1.1.10x8b29Standard query (0)prod.balrog.prod.cloudops.mozgcp.netA (IP address)IN (0x0001)false
                                                              Sep 1, 2024 21:19:32.211570024 CEST192.168.2.41.1.1.10x5efeStandard query (0)prod.remote-settings.prod.webservices.mozgcp.netA (IP address)IN (0x0001)false
                                                              Sep 1, 2024 21:19:32.214803934 CEST192.168.2.41.1.1.10x9ca3Standard query (0)prod.balrog.prod.cloudops.mozgcp.net28IN (0x0001)false
                                                              Sep 1, 2024 21:19:32.219187021 CEST192.168.2.41.1.1.10x3293Standard query (0)prod.remote-settings.prod.webservices.mozgcp.net28IN (0x0001)false
                                                              Sep 1, 2024 21:19:32.257555962 CEST192.168.2.41.1.1.10x6872Standard query (0)services.addons.mozilla.orgA (IP address)IN (0x0001)false
                                                              Sep 1, 2024 21:19:32.272572994 CEST192.168.2.41.1.1.10x555dStandard query (0)services.addons.mozilla.orgA (IP address)IN (0x0001)false
                                                              Sep 1, 2024 21:19:32.302345037 CEST192.168.2.41.1.1.10x48f0Standard query (0)services.addons.mozilla.org28IN (0x0001)false
                                                              Sep 1, 2024 21:19:32.664237022 CEST192.168.2.41.1.1.10x3c2bStandard query (0)detectportal.firefox.comA (IP address)IN (0x0001)false
                                                              Sep 1, 2024 21:20:03.656050920 CEST192.168.2.41.1.1.10x37a3Standard query (0)telemetry-incoming.r53-2.services.mozilla.comA (IP address)IN (0x0001)false
                                                              Sep 1, 2024 21:20:03.667160988 CEST192.168.2.41.1.1.10x83b7Standard query (0)telemetry-incoming.r53-2.services.mozilla.com28IN (0x0001)false
                                                              Sep 1, 2024 21:20:04.543719053 CEST192.168.2.41.1.1.10xaae1Standard query (0)example.orgA (IP address)IN (0x0001)false

                                                              DNS Answers

                                                              TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                              Sep 1, 2024 21:18:58.484970093 CEST1.1.1.1192.168.2.40xb4cNo error (0)svc.ha-teams.office.comsvc.ms-acdc-teams.office.comCNAME (Canonical name)IN (0x0001)false
                                                              Sep 1, 2024 21:19:00.379584074 CEST1.1.1.1192.168.2.40x85bcNo error (0)bzib.nelreports.netbzib.nelreports.net.akamaized.netCNAME (Canonical name)IN (0x0001)false
                                                              Sep 1, 2024 21:19:00.380000114 CEST1.1.1.1192.168.2.40x6069No error (0)bzib.nelreports.netbzib.nelreports.net.akamaized.netCNAME (Canonical name)IN (0x0001)false
                                                              Sep 1, 2024 21:19:00.635668993 CEST1.1.1.1192.168.2.40x9025No error (0)clients2.googleusercontent.comgooglehosted.l.googleusercontent.comCNAME (Canonical name)IN (0x0001)false
                                                              Sep 1, 2024 21:19:00.635668993 CEST1.1.1.1192.168.2.40x9025No error (0)googlehosted.l.googleusercontent.com142.250.185.161A (IP address)IN (0x0001)false
                                                              Sep 1, 2024 21:19:00.651532888 CEST1.1.1.1192.168.2.40x9932No error (0)clients2.googleusercontent.comgooglehosted.l.googleusercontent.comCNAME (Canonical name)IN (0x0001)false
                                                              Sep 1, 2024 21:19:02.084981918 CEST1.1.1.1192.168.2.40x1923No error (0)scdn1f005.wpc.ad629.nucdn.netsni1gl.wpc.nucdn.netCNAME (Canonical name)IN (0x0001)false
                                                              Sep 1, 2024 21:19:02.084981918 CEST1.1.1.1192.168.2.40x1923No error (0)sni1gl.wpc.nucdn.net152.199.21.175A (IP address)IN (0x0001)false
                                                              Sep 1, 2024 21:19:02.086116076 CEST1.1.1.1192.168.2.40xf496No error (0)scdn1f005.wpc.ad629.nucdn.netsni1gl.wpc.nucdn.netCNAME (Canonical name)IN (0x0001)false
                                                              Sep 1, 2024 21:19:03.355561972 CEST1.1.1.1192.168.2.40xb7ddNo error (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                                              Sep 1, 2024 21:19:03.355570078 CEST1.1.1.1192.168.2.40xac23No error (0)chrome.cloudflare-dns.com172.64.41.3A (IP address)IN (0x0001)false
                                                              Sep 1, 2024 21:19:03.355570078 CEST1.1.1.1192.168.2.40xac23No error (0)chrome.cloudflare-dns.com162.159.61.3A (IP address)IN (0x0001)false
                                                              Sep 1, 2024 21:19:03.355581045 CEST1.1.1.1192.168.2.40x71b8No error (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                                              Sep 1, 2024 21:19:03.355590105 CEST1.1.1.1192.168.2.40x367eNo error (0)chrome.cloudflare-dns.com172.64.41.3A (IP address)IN (0x0001)false
                                                              Sep 1, 2024 21:19:03.355590105 CEST1.1.1.1192.168.2.40x367eNo error (0)chrome.cloudflare-dns.com162.159.61.3A (IP address)IN (0x0001)false
                                                              Sep 1, 2024 21:19:03.355609894 CEST1.1.1.1192.168.2.40x7985No error (0)prod.classify-client.prod.webservices.mozgcp.net35.190.72.216A (IP address)IN (0x0001)false
                                                              Sep 1, 2024 21:19:03.366849899 CEST1.1.1.1192.168.2.40xd0cdNo error (0)scdn1f005.wpc.ad629.nucdn.netsni1gl.wpc.nucdn.netCNAME (Canonical name)IN (0x0001)false
                                                              Sep 1, 2024 21:19:03.369105101 CEST1.1.1.1192.168.2.40x74ddNo error (0)prod.classify-client.prod.webservices.mozgcp.net35.190.72.216A (IP address)IN (0x0001)false
                                                              Sep 1, 2024 21:19:03.391735077 CEST1.1.1.1192.168.2.40x7c5bNo error (0)scdn1f005.wpc.ad629.nucdn.netsni1gl.wpc.nucdn.netCNAME (Canonical name)IN (0x0001)false
                                                              Sep 1, 2024 21:19:03.391735077 CEST1.1.1.1192.168.2.40x7c5bNo error (0)sni1gl.wpc.nucdn.net152.199.21.175A (IP address)IN (0x0001)false
                                                              Sep 1, 2024 21:19:03.501516104 CEST1.1.1.1192.168.2.40x27adNo error (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                                              Sep 1, 2024 21:19:03.501718044 CEST1.1.1.1192.168.2.40x59acNo error (0)chrome.cloudflare-dns.com172.64.41.3A (IP address)IN (0x0001)false
                                                              Sep 1, 2024 21:19:03.501718044 CEST1.1.1.1192.168.2.40x59acNo error (0)chrome.cloudflare-dns.com162.159.61.3A (IP address)IN (0x0001)false
                                                              Sep 1, 2024 21:19:05.133829117 CEST1.1.1.1192.168.2.40xf885No error (0)scdn1f005.wpc.ad629.nucdn.netsni1gl.wpc.nucdn.netCNAME (Canonical name)IN (0x0001)false
                                                              Sep 1, 2024 21:19:05.133829117 CEST1.1.1.1192.168.2.40xf885No error (0)sni1gl.wpc.nucdn.net152.199.21.175A (IP address)IN (0x0001)false
                                                              Sep 1, 2024 21:19:05.198847055 CEST1.1.1.1192.168.2.40x1No error (0)detectportal.firefox.comdetectportal.prod.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                              Sep 1, 2024 21:19:05.198847055 CEST1.1.1.1192.168.2.40x1No error (0)prod.detectportal.prod.cloudops.mozgcp.net34.107.221.82A (IP address)IN (0x0001)false
                                                              Sep 1, 2024 21:19:06.258949995 CEST1.1.1.1192.168.2.40xda72No error (0)prod.detectportal.prod.cloudops.mozgcp.net34.107.221.82A (IP address)IN (0x0001)false
                                                              Sep 1, 2024 21:19:06.282756090 CEST1.1.1.1192.168.2.40x4811No error (0)prod.detectportal.prod.cloudops.mozgcp.net28IN (0x0001)false
                                                              Sep 1, 2024 21:19:06.297951937 CEST1.1.1.1192.168.2.40xf885No error (0)scdn1f005.wpc.ad629.nucdn.netsni1gl.wpc.nucdn.netCNAME (Canonical name)IN (0x0001)false
                                                              Sep 1, 2024 21:19:06.297951937 CEST1.1.1.1192.168.2.40xf885No error (0)sni1gl.wpc.nucdn.net152.199.21.175A (IP address)IN (0x0001)false
                                                              Sep 1, 2024 21:19:06.754498959 CEST1.1.1.1192.168.2.40x85faNo error (0)example.org93.184.215.14A (IP address)IN (0x0001)false
                                                              Sep 1, 2024 21:19:06.798106909 CEST1.1.1.1192.168.2.40x764fNo error (0)ipv4only.arpa192.0.0.171A (IP address)IN (0x0001)false
                                                              Sep 1, 2024 21:19:06.798106909 CEST1.1.1.1192.168.2.40x764fNo error (0)ipv4only.arpa192.0.0.170A (IP address)IN (0x0001)false
                                                              Sep 1, 2024 21:19:06.813141108 CEST1.1.1.1192.168.2.40xc327No error (0)detectportal.firefox.comdetectportal.prod.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                              Sep 1, 2024 21:19:06.813141108 CEST1.1.1.1192.168.2.40xc327No error (0)prod.detectportal.prod.cloudops.mozgcp.net34.107.221.82A (IP address)IN (0x0001)false
                                                              Sep 1, 2024 21:19:07.309024096 CEST1.1.1.1192.168.2.40xf885No error (0)scdn1f005.wpc.ad629.nucdn.netsni1gl.wpc.nucdn.netCNAME (Canonical name)IN (0x0001)false
                                                              Sep 1, 2024 21:19:07.309024096 CEST1.1.1.1192.168.2.40xf885No error (0)sni1gl.wpc.nucdn.net152.199.21.175A (IP address)IN (0x0001)false
                                                              Sep 1, 2024 21:19:09.324050903 CEST1.1.1.1192.168.2.40xf885No error (0)scdn1f005.wpc.ad629.nucdn.netsni1gl.wpc.nucdn.netCNAME (Canonical name)IN (0x0001)false
                                                              Sep 1, 2024 21:19:09.324050903 CEST1.1.1.1192.168.2.40xf885No error (0)sni1gl.wpc.nucdn.net152.199.21.175A (IP address)IN (0x0001)false
                                                              Sep 1, 2024 21:19:13.329673052 CEST1.1.1.1192.168.2.40xf885No error (0)scdn1f005.wpc.ad629.nucdn.netsni1gl.wpc.nucdn.netCNAME (Canonical name)IN (0x0001)false
                                                              Sep 1, 2024 21:19:13.329673052 CEST1.1.1.1192.168.2.40xf885No error (0)sni1gl.wpc.nucdn.net152.199.21.175A (IP address)IN (0x0001)false
                                                              Sep 1, 2024 21:19:32.095819950 CEST1.1.1.1192.168.2.40xbed6No error (0)balrog-aus5.r53-2.services.mozilla.comprod.balrog.prod.cloudops.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                              Sep 1, 2024 21:19:32.095819950 CEST1.1.1.1192.168.2.40xbed6No error (0)prod.balrog.prod.cloudops.mozgcp.net35.244.181.201A (IP address)IN (0x0001)false
                                                              Sep 1, 2024 21:19:32.210493088 CEST1.1.1.1192.168.2.40xdcc9No error (0)firefox.settings.services.mozilla.comprod.remote-settings.prod.webservices.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                              Sep 1, 2024 21:19:32.210493088 CEST1.1.1.1192.168.2.40xdcc9No error (0)prod.remote-settings.prod.webservices.mozgcp.net34.149.100.209A (IP address)IN (0x0001)false
                                                              Sep 1, 2024 21:19:32.213830948 CEST1.1.1.1192.168.2.40x8b29No error (0)prod.balrog.prod.cloudops.mozgcp.net35.244.181.201A (IP address)IN (0x0001)false
                                                              Sep 1, 2024 21:19:32.218636036 CEST1.1.1.1192.168.2.40x5efeNo error (0)prod.remote-settings.prod.webservices.mozgcp.net34.149.100.209A (IP address)IN (0x0001)false
                                                              Sep 1, 2024 21:19:32.271306038 CEST1.1.1.1192.168.2.40x6872No error (0)services.addons.mozilla.org52.222.236.80A (IP address)IN (0x0001)false
                                                              Sep 1, 2024 21:19:32.271306038 CEST1.1.1.1192.168.2.40x6872No error (0)services.addons.mozilla.org52.222.236.23A (IP address)IN (0x0001)false
                                                              Sep 1, 2024 21:19:32.271306038 CEST1.1.1.1192.168.2.40x6872No error (0)services.addons.mozilla.org52.222.236.48A (IP address)IN (0x0001)false
                                                              Sep 1, 2024 21:19:32.271306038 CEST1.1.1.1192.168.2.40x6872No error (0)services.addons.mozilla.org52.222.236.120A (IP address)IN (0x0001)false
                                                              Sep 1, 2024 21:19:32.301773071 CEST1.1.1.1192.168.2.40x555dNo error (0)services.addons.mozilla.org52.222.236.23A (IP address)IN (0x0001)false
                                                              Sep 1, 2024 21:19:32.301773071 CEST1.1.1.1192.168.2.40x555dNo error (0)services.addons.mozilla.org52.222.236.80A (IP address)IN (0x0001)false
                                                              Sep 1, 2024 21:19:32.301773071 CEST1.1.1.1192.168.2.40x555dNo error (0)services.addons.mozilla.org52.222.236.120A (IP address)IN (0x0001)false
                                                              Sep 1, 2024 21:19:32.301773071 CEST1.1.1.1192.168.2.40x555dNo error (0)services.addons.mozilla.org52.222.236.48A (IP address)IN (0x0001)false
                                                              Sep 1, 2024 21:19:32.679668903 CEST1.1.1.1192.168.2.40x3c2bNo error (0)detectportal.firefox.comdetectportal.prod.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                              Sep 1, 2024 21:19:32.679668903 CEST1.1.1.1192.168.2.40x3c2bNo error (0)prod.detectportal.prod.cloudops.mozgcp.net34.107.221.82A (IP address)IN (0x0001)false
                                                              Sep 1, 2024 21:19:33.021876097 CEST1.1.1.1192.168.2.40xa00fNo error (0)balrog-aus5.r53-2.services.mozilla.comprod.balrog.prod.cloudops.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                              Sep 1, 2024 21:19:33.021876097 CEST1.1.1.1192.168.2.40xa00fNo error (0)prod.balrog.prod.cloudops.mozgcp.net35.244.181.201A (IP address)IN (0x0001)false
                                                              Sep 1, 2024 21:19:33.488631964 CEST1.1.1.1192.168.2.40x7ebbNo error (0)a21ed24aedde648804e7-228765c84088fef4ff5e70f2710398e9.r17.cf1.rackcdn.coma17.rackcdn.comCNAME (Canonical name)IN (0x0001)false
                                                              Sep 1, 2024 21:19:33.488631964 CEST1.1.1.1192.168.2.40x7ebbNo error (0)a17.rackcdn.coma17.rackcdn.com.mdc.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                              Sep 1, 2024 21:20:03.577737093 CEST1.1.1.1192.168.2.40xeb86No error (0)telemetry-incoming.r53-2.services.mozilla.com34.120.208.123A (IP address)IN (0x0001)false
                                                              Sep 1, 2024 21:20:03.663216114 CEST1.1.1.1192.168.2.40x37a3No error (0)telemetry-incoming.r53-2.services.mozilla.com34.120.208.123A (IP address)IN (0x0001)false
                                                              Sep 1, 2024 21:20:04.551033974 CEST1.1.1.1192.168.2.40xaae1No error (0)example.org93.184.215.14A (IP address)IN (0x0001)false

                                                              HTTP Request Dependency Graph

                                                              • clients2.googleusercontent.com
                                                              • chrome.cloudflare-dns.com
                                                              • arc.msn.com
                                                              • edgeassetservice.azureedge.net
                                                              • fs.microsoft.com
                                                              • https:
                                                                • www.google.com
                                                              • www.googleapis.com
                                                              • slscr.update.microsoft.com
                                                              • msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.com
                                                              • detectportal.firefox.com

                                                              HTTP Packets

                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              0192.168.2.46039234.107.221.8280480C:\Program Files\Mozilla Firefox\firefox.exe
                                                              TimestampBytes transferredDirectionData
                                                              Sep 1, 2024 21:19:06.256251097 CEST303OUTGET /canonical.html HTTP/1.1
                                                              Host: detectportal.firefox.com
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                              Accept: */*
                                                              Accept-Language: en-US,en;q=0.5
                                                              Accept-Encoding: gzip, deflate
                                                              Cache-Control: no-cache
                                                              Pragma: no-cache
                                                              Connection: keep-alive
                                                              Sep 1, 2024 21:19:06.688364983 CEST298INHTTP/1.1 200 OK
                                                              Server: nginx
                                                              Content-Length: 90
                                                              Via: 1.1 google
                                                              Date: Sun, 01 Sep 2024 01:51:44 GMT
                                                              Age: 62842
                                                              Content-Type: text/html
                                                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                              Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                              Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                              Sep 1, 2024 21:19:16.704539061 CEST6OUTData Raw: 00
                                                              Data Ascii:
                                                              Sep 1, 2024 21:19:26.714242935 CEST6OUTData Raw: 00
                                                              Data Ascii:


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              1192.168.2.46039534.107.221.8280480C:\Program Files\Mozilla Firefox\firefox.exe
                                                              TimestampBytes transferredDirectionData
                                                              Sep 1, 2024 21:19:06.850580931 CEST305OUTGET /success.txt?ipv4 HTTP/1.1
                                                              Host: detectportal.firefox.com
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                              Accept: */*
                                                              Accept-Language: en-US,en;q=0.5
                                                              Accept-Encoding: gzip, deflate
                                                              Connection: keep-alive
                                                              Pragma: no-cache
                                                              Cache-Control: no-cache
                                                              Sep 1, 2024 21:19:07.294820070 CEST216INHTTP/1.1 200 OK
                                                              Server: nginx
                                                              Content-Length: 8
                                                              Via: 1.1 google
                                                              Date: Sun, 01 Sep 2024 03:45:53 GMT
                                                              Age: 55994
                                                              Content-Type: text/plain
                                                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                              Data Raw: 73 75 63 63 65 73 73 0a
                                                              Data Ascii: success
                                                              Sep 1, 2024 21:19:17.295171976 CEST6OUTData Raw: 00
                                                              Data Ascii:
                                                              Sep 1, 2024 21:19:27.319868088 CEST6OUTData Raw: 00
                                                              Data Ascii:


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              2192.168.2.46041634.107.221.8280480C:\Program Files\Mozilla Firefox\firefox.exe
                                                              TimestampBytes transferredDirectionData
                                                              Sep 1, 2024 21:19:32.672940016 CEST303OUTGET /canonical.html HTTP/1.1
                                                              Host: detectportal.firefox.com
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                              Accept: */*
                                                              Accept-Language: en-US,en;q=0.5
                                                              Accept-Encoding: gzip, deflate
                                                              Cache-Control: no-cache
                                                              Pragma: no-cache
                                                              Connection: keep-alive
                                                              Sep 1, 2024 21:19:33.116806984 CEST298INHTTP/1.1 200 OK
                                                              Server: nginx
                                                              Content-Length: 90
                                                              Via: 1.1 google
                                                              Date: Sun, 01 Sep 2024 01:51:44 GMT
                                                              Age: 62869
                                                              Content-Type: text/html
                                                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                              Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                              Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                              Sep 1, 2024 21:19:33.473427057 CEST303OUTGET /canonical.html HTTP/1.1
                                                              Host: detectportal.firefox.com
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                              Accept: */*
                                                              Accept-Language: en-US,en;q=0.5
                                                              Accept-Encoding: gzip, deflate
                                                              Cache-Control: no-cache
                                                              Pragma: no-cache
                                                              Connection: keep-alive
                                                              Sep 1, 2024 21:19:33.565031052 CEST298INHTTP/1.1 200 OK
                                                              Server: nginx
                                                              Content-Length: 90
                                                              Via: 1.1 google
                                                              Date: Sun, 01 Sep 2024 01:51:44 GMT
                                                              Age: 62869
                                                              Content-Type: text/html
                                                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                              Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                              Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                              Sep 1, 2024 21:19:43.576416969 CEST6OUTData Raw: 00
                                                              Data Ascii:
                                                              Sep 1, 2024 21:19:53.595730066 CEST6OUTData Raw: 00
                                                              Data Ascii:
                                                              Sep 1, 2024 21:20:03.605331898 CEST6OUTData Raw: 00
                                                              Data Ascii:
                                                              Sep 1, 2024 21:20:04.451900959 CEST303OUTGET /canonical.html HTTP/1.1
                                                              Host: detectportal.firefox.com
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                              Accept: */*
                                                              Accept-Language: en-US,en;q=0.5
                                                              Accept-Encoding: gzip, deflate
                                                              Cache-Control: no-cache
                                                              Pragma: no-cache
                                                              Connection: keep-alive
                                                              Sep 1, 2024 21:20:04.542826891 CEST298INHTTP/1.1 200 OK
                                                              Server: nginx
                                                              Content-Length: 90
                                                              Via: 1.1 google
                                                              Date: Sun, 01 Sep 2024 01:51:44 GMT
                                                              Age: 62900
                                                              Content-Type: text/html
                                                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                              Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                              Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                              Sep 1, 2024 21:20:14.554819107 CEST6OUTData Raw: 00
                                                              Data Ascii:
                                                              Sep 1, 2024 21:20:24.574470043 CEST6OUTData Raw: 00
                                                              Data Ascii:
                                                              Sep 1, 2024 21:20:34.581032991 CEST6OUTData Raw: 00
                                                              Data Ascii:
                                                              Sep 1, 2024 21:20:44.597547054 CEST6OUTData Raw: 00
                                                              Data Ascii:
                                                              Sep 1, 2024 21:20:54.616028070 CEST6OUTData Raw: 00
                                                              Data Ascii:


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              3192.168.2.46042034.107.221.8280480C:\Program Files\Mozilla Firefox\firefox.exe
                                                              TimestampBytes transferredDirectionData
                                                              Sep 1, 2024 21:19:33.124619961 CEST305OUTGET /success.txt?ipv4 HTTP/1.1
                                                              Host: detectportal.firefox.com
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                              Accept: */*
                                                              Accept-Language: en-US,en;q=0.5
                                                              Accept-Encoding: gzip, deflate
                                                              Connection: keep-alive
                                                              Pragma: no-cache
                                                              Cache-Control: no-cache
                                                              Sep 1, 2024 21:19:33.554275036 CEST216INHTTP/1.1 200 OK
                                                              Server: nginx
                                                              Content-Length: 8
                                                              Via: 1.1 google
                                                              Date: Sun, 01 Sep 2024 02:15:18 GMT
                                                              Age: 61455
                                                              Content-Type: text/plain
                                                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                              Data Raw: 73 75 63 63 65 73 73 0a
                                                              Data Ascii: success
                                                              Sep 1, 2024 21:19:33.567173958 CEST305OUTGET /success.txt?ipv4 HTTP/1.1
                                                              Host: detectportal.firefox.com
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                              Accept: */*
                                                              Accept-Language: en-US,en;q=0.5
                                                              Accept-Encoding: gzip, deflate
                                                              Connection: keep-alive
                                                              Pragma: no-cache
                                                              Cache-Control: no-cache
                                                              Sep 1, 2024 21:19:33.659749985 CEST216INHTTP/1.1 200 OK
                                                              Server: nginx
                                                              Content-Length: 8
                                                              Via: 1.1 google
                                                              Date: Sun, 01 Sep 2024 02:15:18 GMT
                                                              Age: 61455
                                                              Content-Type: text/plain
                                                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                              Data Raw: 73 75 63 63 65 73 73 0a
                                                              Data Ascii: success
                                                              Sep 1, 2024 21:19:43.661115885 CEST6OUTData Raw: 00
                                                              Data Ascii:
                                                              Sep 1, 2024 21:19:53.672867060 CEST6OUTData Raw: 00
                                                              Data Ascii:
                                                              Sep 1, 2024 21:20:03.683518887 CEST6OUTData Raw: 00
                                                              Data Ascii:
                                                              Sep 1, 2024 21:20:04.545310974 CEST305OUTGET /success.txt?ipv4 HTTP/1.1
                                                              Host: detectportal.firefox.com
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                              Accept: */*
                                                              Accept-Language: en-US,en;q=0.5
                                                              Accept-Encoding: gzip, deflate
                                                              Connection: keep-alive
                                                              Pragma: no-cache
                                                              Cache-Control: no-cache
                                                              Sep 1, 2024 21:20:04.636888027 CEST216INHTTP/1.1 200 OK
                                                              Server: nginx
                                                              Content-Length: 8
                                                              Via: 1.1 google
                                                              Date: Sun, 01 Sep 2024 02:15:18 GMT
                                                              Age: 61486
                                                              Content-Type: text/plain
                                                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                              Data Raw: 73 75 63 63 65 73 73 0a
                                                              Data Ascii: success
                                                              Sep 1, 2024 21:20:14.639476061 CEST6OUTData Raw: 00
                                                              Data Ascii:
                                                              Sep 1, 2024 21:20:24.659116983 CEST6OUTData Raw: 00
                                                              Data Ascii:
                                                              Sep 1, 2024 21:20:34.676054001 CEST6OUTData Raw: 00
                                                              Data Ascii:
                                                              Sep 1, 2024 21:20:44.682254076 CEST6OUTData Raw: 00
                                                              Data Ascii:
                                                              Sep 1, 2024 21:20:54.709732056 CEST6OUTData Raw: 00
                                                              Data Ascii:


                                                              HTTPS Proxied Packets

                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              0192.168.2.449743142.250.185.1614437524C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              TimestampBytes transferredDirectionData
                                                              2024-09-01 19:19:01 UTC594OUTGET /crx/blobs/AY4GWKBMNax_FQrZEVzNkO_0mu3UShnzR6AihR_EPjVIUOT_pwZzkWCpOk8YKIu0qnIq_YObWXuPyiJ7NA0nDjMHUEYIIEknsNvJHXuPd0MqxESzoxi9xiMyJKNwZiVV1yEAxlKa5UVe61sINARQ7fO9dE0bkfP_W4GG/GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_80_1_0.crx HTTP/1.1
                                                              Host: clients2.googleusercontent.com
                                                              Connection: keep-alive
                                                              Sec-Fetch-Site: none
                                                              Sec-Fetch-Mode: no-cors
                                                              Sec-Fetch-Dest: empty
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                              Accept-Encoding: gzip, deflate, br
                                                              Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                              2024-09-01 19:19:01 UTC565INHTTP/1.1 200 OK
                                                              Accept-Ranges: bytes
                                                              Content-Length: 135751
                                                              X-GUploader-UploadID: AD-8lju2LY-4SAGb0zhiQ4CEcEK30XwtxALHgJ-4n_1xB0a78B_nHHYy1P2l09WH_8SsWA131w
                                                              X-Goog-Hash: crc32c=IDdmTg==
                                                              Server: UploadServer
                                                              Date: Sat, 31 Aug 2024 19:26:09 GMT
                                                              Expires: Sun, 31 Aug 2025 19:26:09 GMT
                                                              Cache-Control: public, max-age=31536000
                                                              Last-Modified: Tue, 23 Jul 2024 15:56:28 GMT
                                                              ETag: 1d368626_ddaec042_86665b6c_28d780a0_b2065016
                                                              Content-Type: application/x-chrome-extension
                                                              Age: 85972
                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                              Connection: close
                                                              2024-09-01 19:19:01 UTC825INData Raw: 43 72 32 34 03 00 00 00 e8 15 00 00 12 ac 04 0a a6 02 30 82 01 22 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 82 01 0f 00 30 82 01 0a 02 82 01 01 00 9c 5e d1 18 b0 31 22 89 f4 fd 77 8d 67 83 0b 74 fd c3 32 4a 0e 47 31 00 29 58 34 b1 bf 3d 26 90 3f 5b 6a 2c 4c 7a fd d5 6a b0 75 cf 65 5b 49 85 71 2a 42 61 2f 58 dd ee dc 50 c1 68 fc cd 84 4c 04 88 b9 99 dc 32 25 33 5f 6f f4 ae b5 ad 19 0d d4 b8 48 f7 29 27 b9 3d d6 95 65 f8 ac c8 9c 3f 15 e6 ef 1f 08 ab 11 6a e1 a9 c8 33 55 48 fd 7c bf 58 8c 4d 06 e3 97 75 cc c2 9c 73 5b a6 2a f2 ea 3f 24 f3 9c db 8a 05 9f 46 25 11 1d 18 b4 49 08 19 94 80 29 08 f2 2c 2d c0 2f 90 65 35 29 a6 66 83 e7 4f e4 b2 71 14 5e ff 90 92 01 8d d3 bf ca a0 d0 39 a0 08 28 e3 d2 5f d5 70 68 32 fe 10 5e d5 59 42 50 58 66 5f 38 cc 0b 08
                                                              Data Ascii: Cr240"0*H0^1"wgt2JG1)X4=&?[j,Lzjue[Iq*Ba/XPhL2%3_oH)'=e?j3UH|XMus[*?$F%I),-/e5)fOq^9(_ph2^YBPXf_8
                                                              2024-09-01 19:19:01 UTC1390INData Raw: 30 5e ae fd 8f bf fc 18 3f ab aa ce 6f f5 9f 86 ea f3 4f e7 8b aa 7e fc f9 c7 ed f2 de 57 f2 ef e5 b5 1f ab 7e fc f1 97 7f fc 18 f2 a7 ba e6 52 7f be 7a 86 4d 61 da 86 e0 b6 91 9a 75 5d 9a b5 2a 9f 87 2d b7 6e 97 ac 9b be 32 73 3c 97 a6 da 8a e4 b0 45 fb 9f 36 ba 3c 2e c2 57 bd 48 91 71 68 ae 17 fd f9 3a 6a a8 79 f8 fe f7 4e dd 44 1a 5d 4e 6a fc f5 d0 bb b5 f4 df 2f a7 cb 61 8a 9a f7 7b e9 db fd f7 67 ca ce f9 92 d0 b9 66 29 ba 7e 7f 5f 98 88 8b a7 31 71 fe fe 4c da 11 23 06 47 da 8d 8d f0 51 97 77 14 c8 99 1d 4a 10 22 04 c4 8e 74 e1 33 0f c2 4d e5 0b 5b 3c 43 e7 18 dc 2e a5 0f 8d 7c 77 d8 1e 94 73 2b 4c 54 17 3e 9b 8f 26 ec 8e 26 50 a5 85 6a 61 ea eb 6e 98 0b 73 73 39 ee c2 67 61 3a ff 1e e7 f7 b3 85 53 ee a9 9e 59 f5 3e 81 0c 1d b9 f8 4a 3a 06 39 87 17
                                                              Data Ascii: 0^?oO~W~RzMau]*-n2s<E6<.WHqh:jyND]Nj/a{gf)~_1qL#GQwJ"t3M[<C.|ws+LT>&&Pjanss9ga:SY>J:9
                                                              2024-09-01 19:19:01 UTC1390INData Raw: 44 b0 b4 75 cd a2 45 f6 da fb af bc 3f ce 66 36 89 54 f7 7b 85 4d 64 18 16 65 30 97 1e f2 8b 3d 8c f3 00 e1 48 79 96 ec ea 1d f6 a0 d6 80 10 97 4f 10 60 43 7e 2d de bf 3f ac f5 dc 1b 32 87 63 d4 2b 25 8c c9 3d 52 f4 88 e8 d8 51 25 77 c5 5e 7a c9 5e 86 25 15 31 06 d8 2d 7b ad d1 54 eb 11 a3 53 14 2c cf 7d f9 ff d0 e0 b2 c1 43 66 d4 4a 06 e2 33 37 55 9a 78 d1 48 02 d7 8b 1b d1 0b 33 cc 70 a7 4b c1 72 2f c2 13 19 ed c4 5b a9 a0 8b 4d b9 59 5e 7b 72 2d ff 51 fb dc 0d f6 85 87 e6 ba 95 5e 68 12 00 3b 14 08 91 1b c3 91 cc 5a 03 7c cc a3 e0 a7 19 9b 8f 07 0b 70 9c 51 bc af ba f7 c7 22 7f 6b ed da 1b 3c a4 60 9b 5a c3 ab 54 de 7c 82 75 4b 00 a2 d8 aa 43 9d 31 12 d1 82 59 67 1d aa fb 81 1f 1b e0 15 11 e5 97 16 34 8b 65 ef 77 cd 57 b2 c7 ad ba 65 8d f2 aa de 35 a2
                                                              Data Ascii: DuE?f6T{Mde0=HyO`C~-?2c+%=RQ%w^z^%1-{TS,}CfJ37UxH3pKr/[MY^{r-Q^h;Z|pQ"k<`ZT|uKC1Yg4ewWe5
                                                              2024-09-01 19:19:01 UTC1390INData Raw: 3a 66 63 2b dc 55 dd f4 76 4a 8c 67 19 c8 cf dc c0 a9 f6 5c fb 04 0e 30 9f 45 2b 3a 9d 3b 96 d8 5b 6e bd d6 e7 9c e8 c6 a6 3c ec 04 3f 00 02 d8 07 6a 07 4f 70 bb e6 0d 44 84 8e 31 f6 ed 3b e9 6a c5 3d 68 26 0c d9 55 07 3f b0 ae cd 25 f6 a5 bf 92 bd 1a 68 de 40 51 36 ee a5 e4 ce 91 50 6c c6 16 de 88 4e bc 66 c4 fd 22 da f5 e3 d6 a9 11 77 9e cc c8 00 69 5f 40 62 95 20 df ff 5c 62 ff d0 7c 77 74 a5 ee 94 81 37 09 f8 6e 89 76 d0 cc c3 9e ed f1 98 74 e8 44 3c ad 43 b4 7d 7c ef 37 12 7f b8 65 96 f8 5e 7f 6d d6 87 cf c8 3f 3c ff 0f fe 46 0a 5c ba b6 fe 19 70 0e 32 75 0d ee 8d af b1 e1 04 85 42 3c 9e 59 9b c0 78 a6 b0 b5 39 1f b7 d1 de cd 12 22 41 49 d1 15 ab a1 11 33 5c d4 fd b2 5b d9 73 15 d6 f9 35 bc c7 cd bb 1d 79 b6 97 eb f1 e5 7e 9d 14 50 5d 28 7c 07 9c 0d
                                                              Data Ascii: :fc+UvJg\0E+:;[n<?jOpD1;j=h&U?%h@Q6PlNf"wi_@b \b|wt7nvtD<C}|7e^m?<F\p2uB<Yx9"AI3\[s5y~P](|
                                                              2024-09-01 19:19:01 UTC1390INData Raw: 82 39 aa e0 7a ec d0 f9 66 30 94 41 fc df ee db 1c a9 13 e6 2d 30 13 82 a1 ce 12 31 7d 82 53 e2 83 47 45 59 27 58 b8 8f 29 06 91 69 cf 5a f8 cc 88 c6 0f 64 a8 24 03 ce ef 34 a6 34 d9 53 76 aa d1 f7 b6 0a 2b fc d4 75 76 ce 3a 75 4f 2d 57 df f3 bf de ff fb dd 66 83 81 23 92 f4 b0 c9 4d 75 c1 14 7c 9e f8 b8 ab 3c 75 20 0d 34 51 a3 0e b9 57 8f 5c c9 54 10 9d 35 cc 9b 85 ba 8d ce d3 40 ea df eb f4 bd c6 2c 8d bf 7f cb f8 66 fe ef 5a ba 1d ba 7f 9e b7 3c ff e1 39 cb 7f 7d 77 90 3e 1b 53 53 b5 ff 3a 2b 59 eb 1a b5 ef 9a f3 97 e0 e3 a3 e0 8e ca 4c fb 5e 74 ea 56 74 b6 f6 9f d3 57 e1 d7 9f b9 df 5e fe f7 bb 96 ae e7 1e 0d df 6b e7 fb 2c e6 b1 79 7f 1c 1b ef fb ff 1f ba be 0c 5d 77 5f 05 74 4c cd 62 ce b9 d6 b7 e6 3a 9d e3 7f 1f 1a cd c7 fb 67 75 fb f1 97 bf fe e3
                                                              Data Ascii: 9zf0A-01}SGEY'X)iZd$44Sv+uv:uO-Wf#Mu|<u 4QW\T5@,fZ<9}w>SS:+YL^tVtW^k,y]w_tLb:gu
                                                              2024-09-01 19:19:01 UTC1390INData Raw: 33 4d c7 0c 67 6e 81 d6 1e 0c 0b 79 e1 e5 4a 9e 81 e8 0e 6d e9 ca e1 60 fa 07 7f fa d2 b1 1f f7 7b ac 3f 4a 13 55 ac f1 4c 7f 94 cf f0 fa f1 b6 7e 2d 9f 5f f6 86 cc fe f1 ec 09 fd 70 24 26 57 1c cf 8f 61 96 f1 4e 24 37 5b 2c f1 37 09 ff 3e 8d 4e e3 76 3b 30 89 99 dc ba 80 99 fa f5 86 7a ab 17 00 10 99 70 d6 78 75 3f ec 5d 26 c0 29 73 23 b1 4d 01 b1 bd 85 22 65 c6 ae 4d 05 29 bb 19 a4 97 d3 26 50 39 76 5a 02 7b 3b 5c cd 19 16 9a 34 6a ca 98 31 83 a3 30 c0 8d 8b 90 69 14 2e 18 a7 11 fc 43 a4 1b 50 25 a6 9a b3 38 b3 01 a7 ed 89 86 13 1f da e6 66 69 88 9b 9b cb a3 0e 88 10 49 34 ac c5 ac 87 cc 0e df 3a 83 59 3f 4a c7 9a 9c 4a 52 22 4a 73 50 10 93 5b 04 26 5d e4 1b 03 5e 57 1d b5 9f 07 15 ea 11 56 a2 32 1c 57 08 4b 8e 3a dd 14 09 a5 9a 54 87 09 2c df 70 99 49
                                                              Data Ascii: 3MgnyJm`{?JUL~-_p$&WaN$7[,7>Nv;0zpxu?]&)s#M"eM)&P9vZ{;\4j10i.CP%8fiI4:Y?JJR"JsP[&]^WV2WK:T,pI
                                                              2024-09-01 19:19:01 UTC1390INData Raw: 3d 97 d3 d8 25 32 96 b3 f5 13 f7 6e 04 c3 e8 d7 24 af 68 00 67 eb c3 66 e7 0c 80 f3 86 ed 66 61 be 93 2c c1 a2 81 5f 40 75 19 01 ec 81 b2 11 59 6b 02 01 7c 80 cd 06 9c b7 f6 39 2e 1b a2 d1 59 0b 31 ae 2b a8 f9 19 97 78 ba 9e 92 04 eb 38 0f b1 da 61 42 cf b8 b8 ab 80 50 16 da 7c e0 2a 5d 2e b6 61 3d 16 a7 f7 ad 25 37 09 0c 17 4a fa a3 b0 2f 74 b2 60 63 c4 b5 32 fd ca 4b dc 91 50 cd 08 cf a1 3e ef 10 50 75 05 0f a4 06 bb 61 21 1b 94 db 98 9a 6d 25 ee 69 db 2b 4b 9f 80 46 c6 7a 5d 13 fe 95 45 1a 44 be bd d3 f7 20 9f 7f 88 83 9f 5b 5b 41 3d 0c 7f 6e 6e 02 8a 0a a9 66 0f 64 38 ff 27 1a e0 86 95 3d 0e 65 8e 2a 9e ff b3 5a f5 13 b7 6b 4c e2 da dd 53 96 36 98 be 35 e0 8b a2 03 ec 6d 83 0f 98 a6 6a 9a 7d d4 30 cf b9 22 24 be 95 ed ae b5 82 4d 0c 6d 44 68 ea 50 61
                                                              Data Ascii: =%2n$hgffa,_@uYk|9.Y1+x8aBP|*].a=%7J/t`c2KP>Pua!m%i+KFz]ED [[A=nnfd8'=e*ZkLS65mj}0"$MmDhPa
                                                              2024-09-01 19:19:01 UTC1390INData Raw: c6 bc 81 e5 c6 01 f8 80 6e be 68 ae 8d 1a 92 d9 22 7c fb 47 cd 55 a8 b9 72 2b d4 f6 c4 b2 bb dd a3 21 3e c1 52 53 40 cc 0f 98 69 56 28 ab c0 b8 20 06 f5 02 9a 6f 68 bf 82 e6 8f 24 99 81 79 93 8e d4 f5 47 b4 3f 91 f0 93 e1 db ea 74 d9 df bc 02 e8 81 b4 53 49 59 03 c4 1b 90 6e de 93 27 17 a4 fa 97 68 50 4b ef a1 19 2a b3 8e 70 02 6b db 66 44 24 b0 33 79 cf de 43 b1 cd cd c3 41 86 8d 22 07 8e 36 37 b7 cc 9f 0b de bb 60 25 1c fe f7 ea 9b 07 c5 80 f6 9d 10 df 4c b8 27 ef 1c 14 d6 c4 c3 c8 1c ee dd 3d 4d da 8a 0c c4 52 71 54 0a cc 3d d5 5f 29 07 02 fd 8d 5b 75 1c 35 30 b0 47 f8 b3 f1 28 6e 46 7c 56 31 fc 89 c5 6c ca aa 76 67 10 f7 66 c9 bd 26 86 fd fd 33 5d db d6 b3 31 ae 67 3e af 13 4c ea cf 63 28 1c 73 d5 b7 cf 2e dd b8 9a fa 75 a8 12 83 1e ae 82 2c 32 d0 c3
                                                              Data Ascii: nh"|GUr+!>RS@iV( oh$yG?tSIYn'hPK*pkfD$3yCA"67`%L'=MRqT=_)[u50G(nF|V1lvgf&3]1g>Lc(s.u,2
                                                              2024-09-01 19:19:01 UTC1390INData Raw: 0c 27 c9 15 33 8e 4d 6d 30 cb db c6 1d 95 4b 44 47 2a fe 65 6d 62 82 56 4a e1 cb 97 55 fc 6d 2d fc d8 a1 69 e9 bd ea 7b 41 b9 d4 6c 30 29 3a d9 54 cc 2c 05 5e a2 02 b3 c5 bb 08 19 d8 62 b9 d7 a5 62 06 3c 34 40 2e 25 3c 2e c3 97 e2 9d d1 3b c2 71 73 13 d5 e3 35 1f 0d 77 bd 52 9b 9d 01 9b 76 ce d3 0a 52 52 c7 6b 5d b2 e6 95 0a ae bf 14 a3 21 ab aa 31 20 bd b4 d7 42 bf e6 ac e0 5e 40 6f ac 03 3a 6a 01 54 03 d6 36 21 06 2c ba 37 91 a3 0c 4f d2 f8 12 13 46 bb 84 e9 6e dd 4f 81 45 78 78 68 42 e3 13 1f ac 1d 5f 60 04 f8 9a c2 4f 39 8e dc 8c 8d 17 91 02 eb a3 e5 59 ed 20 d2 12 4f e2 a7 7e 66 86 b7 89 8d 5e 42 dd ad 6d cf 2f c2 ed a0 58 e6 a4 e8 94 cb 4f a1 44 3b d4 2c b4 50 44 ce 14 d0 d2 b6 82 1a 45 be 6a b8 a8 f3 70 b4 81 60 59 46 50 39 3d 99 b2 b8 fb 19 23 90
                                                              Data Ascii: '3Mm0KDG*embVJUm-i{Al0):T,^bb<4@.%<.;qs5wRvRRk]!1 B^@o:jT6!,7OFnOExxhB_`O9Y O~f^Bm/XOD;,PDEjp`YFP9=#
                                                              2024-09-01 19:19:01 UTC1390INData Raw: 4e 7f fd fa f3 8f 27 8f ff d8 06 aa 7b 8f 52 b0 a4 78 a6 f8 ce 72 c4 5f 39 36 74 23 3d a2 5e 64 ed 29 3c 87 d5 63 57 ef 41 05 40 38 0f e8 2f d0 e8 ee 60 78 31 a8 e0 aa 56 f0 9d a3 17 ab 1f c9 83 ee a5 c0 0c d4 43 84 42 20 54 19 07 77 89 e3 f9 04 05 67 92 9e a7 b0 83 ae 1c df b9 60 e3 01 68 2e f0 49 a9 c5 b0 3d 74 1f 03 d9 07 37 09 19 27 70 29 60 8f d4 1e 13 eb a4 2d 83 17 0b 58 58 65 0b 2b 09 80 2e 29 5a 5a 1e 7b 0b 46 a0 a2 7f e9 a8 77 64 98 5b 0e e4 3a 8a 11 91 76 32 04 ed 6a 28 4f 01 04 c6 70 85 84 f6 e7 b3 20 6e 41 39 10 d0 00 a9 42 a0 f8 c0 6e f0 6c 6d 44 a1 12 09 6c f4 67 bf 3f ab ff f1 f8 f1 1c 10 16 b7 35 9a 93 9f 70 5f e2 ca bd 60 c7 46 0f d8 18 13 66 58 1b 01 f9 88 5d 2a e3 a5 e8 eb b3 27 1a 94 30 a2 67 4f 44 be 18 97 0f cf c7 58 11 76 5a 6f 97
                                                              Data Ascii: N'{Rxr_96t#=^d)<cWA@8/`x1VCB Twg`h.I=t7'p)`-XXe+.)ZZ{Fwd[:v2j(Op nA9BnlmDlg?5p_`FfX]*'0gODXvZo


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              1192.168.2.449755172.64.41.34437524C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              TimestampBytes transferredDirectionData
                                                              2024-09-01 19:19:03 UTC245OUTPOST /dns-query HTTP/1.1
                                                              Host: chrome.cloudflare-dns.com
                                                              Connection: keep-alive
                                                              Content-Length: 128
                                                              Accept: application/dns-message
                                                              Accept-Language: *
                                                              User-Agent: Chrome
                                                              Accept-Encoding: identity
                                                              Content-Type: application/dns-message
                                                              2024-09-01 19:19:03 UTC128OUTData Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                              Data Ascii: wwwgstaticcom)TP
                                                              2024-09-01 19:19:03 UTC247INHTTP/1.1 200 OK
                                                              Server: cloudflare
                                                              Date: Sun, 01 Sep 2024 19:19:03 GMT
                                                              Content-Type: application/dns-message
                                                              Connection: close
                                                              Access-Control-Allow-Origin: *
                                                              Content-Length: 468
                                                              CF-RAY: 8bc79c193fd57292-EWR
                                                              alt-svc: h3=":443"; ma=86400
                                                              2024-09-01 19:19:03 UTC468INData Raw: 00 00 81 80 00 01 00 01 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 c0 0c 00 01 00 01 00 00 00 c7 00 04 8e fb 28 63 00 00 29 04 d0 00 00 00 00 01 98 00 0c 01 94 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                              Data Ascii: wwwgstaticcom(c)


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              2192.168.2.449754172.64.41.34437524C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              TimestampBytes transferredDirectionData
                                                              2024-09-01 19:19:03 UTC245OUTPOST /dns-query HTTP/1.1
                                                              Host: chrome.cloudflare-dns.com
                                                              Connection: keep-alive
                                                              Content-Length: 128
                                                              Accept: application/dns-message
                                                              Accept-Language: *
                                                              User-Agent: Chrome
                                                              Accept-Encoding: identity
                                                              Content-Type: application/dns-message
                                                              2024-09-01 19:19:03 UTC128OUTData Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                              Data Ascii: wwwgstaticcom)TP
                                                              2024-09-01 19:19:03 UTC247INHTTP/1.1 200 OK
                                                              Server: cloudflare
                                                              Date: Sun, 01 Sep 2024 19:19:03 GMT
                                                              Content-Type: application/dns-message
                                                              Connection: close
                                                              Access-Control-Allow-Origin: *
                                                              Content-Length: 468
                                                              CF-RAY: 8bc79c193e8d8c11-EWR
                                                              alt-svc: h3=":443"; ma=86400
                                                              2024-09-01 19:19:03 UTC468INData Raw: 00 00 81 80 00 01 00 01 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 c0 0c 00 01 00 01 00 00 01 2a 00 04 8e fb 29 03 00 00 29 04 d0 00 00 00 00 01 98 00 0c 01 94 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                              Data Ascii: wwwgstaticcom*))


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              3192.168.2.449758172.64.41.34437524C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              TimestampBytes transferredDirectionData
                                                              2024-09-01 19:19:03 UTC245OUTPOST /dns-query HTTP/1.1
                                                              Host: chrome.cloudflare-dns.com
                                                              Connection: keep-alive
                                                              Content-Length: 128
                                                              Accept: application/dns-message
                                                              Accept-Language: *
                                                              User-Agent: Chrome
                                                              Accept-Encoding: identity
                                                              Content-Type: application/dns-message
                                                              2024-09-01 19:19:03 UTC128OUTData Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                              Data Ascii: wwwgstaticcom)TP
                                                              2024-09-01 19:19:04 UTC247INHTTP/1.1 200 OK
                                                              Server: cloudflare
                                                              Date: Sun, 01 Sep 2024 19:19:04 GMT
                                                              Content-Type: application/dns-message
                                                              Connection: close
                                                              Access-Control-Allow-Origin: *
                                                              Content-Length: 468
                                                              CF-RAY: 8bc79c1a3be4436f-EWR
                                                              alt-svc: h3=":443"; ma=86400
                                                              2024-09-01 19:19:04 UTC468INData Raw: 00 00 81 80 00 01 00 01 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 c0 0c 00 01 00 01 00 00 01 27 00 04 8e fa 41 a3 00 00 29 04 d0 00 00 00 00 01 98 00 0c 01 94 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                              Data Ascii: wwwgstaticcom'A)


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              4192.168.2.44976120.96.153.1114437524C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              TimestampBytes transferredDirectionData
                                                              2024-09-01 19:19:05 UTC616OUTGET /v4/api/selection?placement=88000360&nct=1&fmt=json&ADEFAB=1&OPSYS=WIN10&locale=en-GB&country=CH&edgeid=8684241135348538038&ACHANNEL=4&ABUILD=117.0.5938.132&poptin=0&devosver=10.0.19045.2006&clr=esdk&UITHEME=light&EPCON=0&AMAJOR=117&AMINOR=0&ABLD=5938&APATCH=132 HTTP/1.1
                                                              Host: arc.msn.com
                                                              Connection: keep-alive
                                                              Sec-Fetch-Site: none
                                                              Sec-Fetch-Mode: no-cors
                                                              Sec-Fetch-Dest: empty
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                              Accept-Encoding: gzip, deflate, br
                                                              Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                              2024-09-01 19:19:05 UTC633INHTTP/1.1 200 OK
                                                              Cache-Control: max-age=86400, private
                                                              Content-Length: 2060
                                                              Content-Type: application/json; charset=utf-8
                                                              Expires: Mon, 01 Jan 0001 00:00:00 GMT
                                                              Server: Microsoft-IIS/10.0
                                                              ARC-RSP-DBG: [{"X-RADID":"P425775005-T700421790-C128000000003081749"},{"BATCH_REDIRECT_STORE":"B128000000003081749+P0+S0"},{"OPTOUTSTATE":"256"},{"REGIONALPOLICY":"0"}]
                                                              Accept-CH: UA, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform, UA-Platform-Version
                                                              X-AspNet-Version: 4.0.30319
                                                              X-Powered-By: ASP.NET
                                                              Strict-Transport-Security: max-age=31536000; includeSubDomains
                                                              Date: Sun, 01 Sep 2024 19:19:04 GMT
                                                              Connection: close
                                                              2024-09-01 19:19:05 UTC2060INData Raw: 7b 22 66 22 3a 22 72 61 66 22 2c 22 76 22 3a 22 31 2e 30 22 2c 22 72 64 72 22 3a 5b 7b 22 63 22 3a 22 41 6e 61 68 65 69 6d 20 50 61 73 73 77 6f 72 64 20 4d 6f 6e 69 74 6f 72 22 2c 22 75 22 3a 22 43 6f 6e 73 65 6e 74 20 53 61 76 65 20 50 61 73 73 77 6f 72 64 22 7d 5d 2c 22 61 64 22 3a 7b 22 54 49 54 4c 45 5f 53 41 56 45 22 3a 22 53 61 76 65 20 79 6f 75 72 20 70 61 73 73 77 6f 72 64 22 2c 22 54 49 54 4c 45 5f 55 50 44 41 54 45 22 3a 22 53 61 76 65 20 79 6f 75 72 20 70 61 73 73 77 6f 72 64 22 2c 22 54 49 54 4c 45 5f 53 41 56 45 44 5f 50 41 53 53 57 4f 52 44 22 3a 22 53 61 76 65 20 79 6f 75 72 20 70 61 73 73 77 6f 72 64 22 2c 22 54 49 54 4c 45 5f 4e 4f 5f 53 41 56 45 44 5f 50 41 53 53 57 4f 52 44 22 3a 22 53 61 76 65 20 79 6f 75 72 20 70 61 73 73 77 6f 72 64
                                                              Data Ascii: {"f":"raf","v":"1.0","rdr":[{"c":"Anaheim Password Monitor","u":"Consent Save Password"}],"ad":{"TITLE_SAVE":"Save your password","TITLE_UPDATE":"Save your password","TITLE_SAVED_PASSWORD":"Save your password","TITLE_NO_SAVED_PASSWORD":"Save your password


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              5192.168.2.44976413.107.246.404437524C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              TimestampBytes transferredDirectionData
                                                              2024-09-01 19:19:05 UTC711OUTGET /assets/domains_config_gz/2.8.76/asset?assetgroup=EntityExtractionDomainsConfig HTTP/1.1
                                                              Host: edgeassetservice.azureedge.net
                                                              Connection: keep-alive
                                                              Edge-Asset-Group: EntityExtractionDomainsConfig
                                                              Sec-Mesh-Client-Edge-Version: 117.0.2045.47
                                                              Sec-Mesh-Client-Edge-Channel: stable
                                                              Sec-Mesh-Client-OS: Windows
                                                              Sec-Mesh-Client-OS-Version: 10.0.19045
                                                              Sec-Mesh-Client-Arch: x86_64
                                                              Sec-Mesh-Client-WebView: 0
                                                              Sec-Fetch-Site: none
                                                              Sec-Fetch-Mode: no-cors
                                                              Sec-Fetch-Dest: empty
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                              Accept-Encoding: gzip, deflate, br
                                                              Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                              2024-09-01 19:19:05 UTC583INHTTP/1.1 200 OK
                                                              Date: Sun, 01 Sep 2024 19:19:05 GMT
                                                              Content-Type: application/octet-stream
                                                              Content-Length: 70207
                                                              Connection: close
                                                              Content-Encoding: gzip
                                                              Last-Modified: Fri, 02 Aug 2024 18:10:35 GMT
                                                              ETag: 0x8DCB31E67C22927
                                                              x-ms-request-id: 66f87118-601e-001a-2116-f94768000000
                                                              x-ms-version: 2009-09-19
                                                              x-ms-lease-status: unlocked
                                                              x-ms-blob-type: BlockBlob
                                                              x-azure-ref: 20240901T191905Z-16579567576xfl5xzh7yws029s00000006x00000000018vf
                                                              Cache-Control: public, max-age=604800
                                                              x-fd-int-roxy-purgeid: 69316365
                                                              X-Cache: TCP_HIT
                                                              X-Cache-Info: L1_T2
                                                              Accept-Ranges: bytes
                                                              2024-09-01 19:19:05 UTC15801INData Raw: 1f 8b 08 08 1a 21 ad 66 02 ff 61 73 73 65 74 00 ec bd 0b 97 db 36 b2 30 f8 57 b2 b9 33 b3 dd 89 d5 d6 5b dd d9 cd fa f4 d3 f1 f8 39 6d 3b 19 db f1 d5 01 49 48 a2 45 91 0c 1f 6a ab c3 be bf 7d 0b 05 80 00 08 50 52 db ce 77 ef b7 67 67 9c 16 09 14 0a 40 a1 50 a8 2a 14 c0 3f bf f7 93 78 16 ce bf ff e9 bb 3f bf 2f 92 25 8d a7 51 b8 0a 0b 78 ef 8d bb dd 07 df 7d 9f 92 39 9d fa 65 91 cc 66 90 38 1c f4 59 62 40 67 a4 8c 8a 69 94 f8 24 a2 d3 15 49 11 81 c7 f0 c0 df 0e 3c 00 94 97 e3 6b de f1 08 7b a5 11 7b a5 51 67 9e e1 6b 8c af 71 a7 cc f1 15 81 69 de 59 7d c6 d7 02 5f 8b 0e a5 ec d5 c7 5c 3f ef f8 b7 ec 35 20 ec 35 20 9d 60 89 af 14 5f 69 27 40 e0 19 e6 ce 48 27 c4 8a 66 21 be 86 1d 78 60 af 19 be 66 9d 19 e6 2e b0 ec 82 76 c2 08 5f 31 77 91 75 16 3c b7 c4 d7
                                                              Data Ascii: !fasset60W3[9m;IHEj}PRwgg@P*?x?/%Qx}9ef8Yb@gi$I<k{{QgkqiY}_\?5 5 `_i'@H'f!x`f.v_1wu<
                                                              2024-09-01 19:19:05 UTC16384INData Raw: 4a b0 09 cb 82 45 ac c5 f3 e8 07 bb 82 71 ba da 2a 0b c7 62 2c 30 96 c2 52 09 74 65 c0 2a 8a c3 88 95 9c 7c 3e a9 79 09 d4 fa 9a 9f 30 4a 49 28 2b d7 97 ff 7a 7b f9 fa cd f4 c9 05 68 2b 37 9c c1 08 01 cb 2f 28 f3 02 34 de 08 0c a6 34 da 38 c6 ec 48 27 33 28 96 9f 45 d9 4f 9f 12 f7 54 d2 47 a6 39 87 08 81 e9 6d 4f c1 43 97 10 bf ad 59 55 67 39 13 fe 1e 05 67 65 16 87 6c 9b f5 cb 90 60 eb 3d ea 25 09 33 8b f9 4a fb 10 ef 11 3b 7c e8 61 60 14 a0 60 b9 7c 16 e7 69 54 b1 c3 22 c0 e0 29 df c2 05 4c 8f bc f0 67 5e 04 75 33 51 9a b7 e1 61 1a 61 48 f5 c3 30 f7 62 91 d5 a8 34 39 2a 97 ff 2d f5 aa c1 c2 6c 78 e0 35 33 d1 42 b3 75 c4 be 3b f4 d0 68 83 51 a7 81 2d a0 ff 0d 5d 10 62 ed 7f 55 a5 99 9f 25 2b 2f a4 4d 09 21 65 43 c7 04 cf 93 19 f3 c1 d0 b6 e9 14 38 59 31
                                                              Data Ascii: JEq*b,0Rte*|>y0JI(+z{h+7/(448H'3(EOTG9mOCYUg9gel`=%3J;|a``|iT")Lg^u3QaaH0b49*-lx53Bu;hQ-]bU%+/M!eC8Y1
                                                              2024-09-01 19:19:05 UTC16384INData Raw: 2f 4d 35 19 b9 3f d5 c1 f4 52 a7 67 b3 99 ff bc b7 c2 8e 7c d3 4d 9a a5 bf dc f0 20 15 b1 bc 1f 82 9a 8d 98 a7 af db 80 6b 74 e7 ab 7c e6 18 7d 9a 2b 3e 34 2d 1a e7 c0 d5 e8 b4 a0 0e d4 7d 19 bb 69 52 58 a2 33 32 78 db 4b 2d cd 54 dd d2 2b 9c a0 29 69 1a ba 4a ee 0a 4d 33 5a 7b a7 1a 83 5f f3 f7 fe 2c 2f 84 3b 39 d0 56 82 ef 75 a4 f3 69 57 af 58 09 8c 2a 1d 24 b9 4e 6b cf 63 d0 74 99 e3 02 0f 26 7f 1a 86 a9 a8 69 fa 5a d8 25 83 c1 ea f8 fd 12 62 16 86 38 17 5a 19 6f 13 03 00 e6 6a 07 a4 40 be bb 20 de a6 de bf d1 06 75 32 1f c3 4f 67 41 ad 31 bd b0 9c ee 44 47 33 2a 92 9c d3 f6 35 64 a9 b1 d3 f6 b1 c7 a7 b4 80 af ea c1 2a 6c dd 81 a0 0b 67 ca d2 b2 11 7c 8d dc 39 47 56 d1 bd 08 e8 ec 3e 4f c9 56 d6 7a d3 9a 56 4d 17 50 41 9b 17 9b 37 36 da 2e 7c a4 ba 63
                                                              Data Ascii: /M5?Rg|M kt|}+>4-}iRX32xK-T+)iJM3Z{_,/;9VuiWX*$Nkct&iZ%b8Zoj@ u2OgA1DG3*5d*lg|9GV>OVzVMPA76.|c
                                                              2024-09-01 19:19:05 UTC16384INData Raw: 99 dc 5a 2e 69 cf 52 41 9e 48 c8 71 d7 39 94 dd f7 b6 3f 2a 48 d1 b5 2e 37 a4 97 5f 43 54 c9 8d d7 76 7a 14 e4 6f 3b 80 f7 6a 61 e8 6f 47 e9 2d cb 60 84 66 2b c0 b9 77 09 1b c0 32 5c aa 6c 0e 25 81 ed a0 5e 61 25 37 6f 3c a5 bc 1f 04 1a dd b1 04 1d c9 73 16 3a 58 a8 69 4d 12 c1 5e e9 66 5f 14 6c e4 9e d4 61 25 e1 2f c3 fc b8 ed df 80 5d 2b 3a 5b 4c 56 c9 72 1f 59 1d 6a 72 0b d2 b0 4c 8e d5 67 db 16 79 41 90 65 4f 4b 68 63 f6 d1 e5 db b6 6a 18 e6 ca 5f 04 79 2e 71 69 5d 0e 19 cc d9 f6 58 27 58 af 1c 18 04 f1 98 d2 bf 15 1e 37 ce e0 1e 88 54 83 3c 82 f8 a8 05 5f b0 1b 3f 2f 02 8f 31 a4 e9 1d ed 45 e6 e4 85 e6 b9 66 4c fd cd 8d e4 58 f7 79 73 8b 47 40 25 b6 0d 7f 78 ff a8 fe e7 7d 69 4a fc 00 c7 b0 37 a9 44 f0 40 1e e8 bd 41 8a b4 0a 5d 5a 2c 0e 60 f7 fb 81
                                                              Data Ascii: Z.iRAHq9?*H.7_CTvzo;jaoG-`f+w2\l%^a%7o<s:XiM^f_la%/]+:[LVrYjrLgyAeOKhcj_y.qi]X'X7T<_?/1EfLXysG@%x}iJ7D@A]Z,`
                                                              2024-09-01 19:19:05 UTC5254INData Raw: 29 50 5f 50 34 9a d3 9a 2a 83 ab 27 93 58 c5 2b d2 9c af 2b 4e 0f 79 ac a9 56 57 20 b1 61 ca d2 f5 ed 38 df 10 b9 60 88 4c 48 ac b1 cd 10 b5 8f 76 49 19 f2 b6 d5 54 1d d1 9c b1 20 7a d3 64 f7 91 a2 0c 4d 73 6d e0 da be ee e6 87 03 9f 5e f7 4f 98 9c 12 cd 88 68 4c 2e b1 48 00 60 c3 31 74 31 8d 87 b4 32 56 02 4f bf e1 a9 3b c0 40 d6 24 8e 10 55 c7 c3 e7 8c f3 78 28 78 d3 94 de b0 5a 4d 22 eb 28 5c 22 00 98 8e 15 1a f8 ab ac 54 f4 5d 80 d0 a5 aa 6e 87 83 fd d6 f1 b0 c0 82 f7 f4 5e ef 2f 2b b8 62 a2 13 a1 4d ae 60 cf 59 3c b1 b1 f4 40 4d 41 74 7c ac 2c 5a 9e ef f4 d2 81 6d 69 e1 d3 8b 73 2c 84 2c 06 37 fd 72 38 10 a5 b2 13 51 f1 a0 a2 06 7d 3f 89 8f 72 35 a0 58 a0 46 79 2f b7 1f cc 57 92 ec c8 b4 b5 f2 5c 65 e7 30 5a 93 e3 b1 8e 5f f5 91 44 87 44 19 1d 59 83
                                                              Data Ascii: )P_P4*'X++NyVW a8`LHvIT zdMsm^OhL.H`1t12VO;@$Ux(xZM"(\"T]n^/+bM`Y<@MAt|,Zmis,,7r8Q}?r5XFy/W\e0Z_DDY


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              6192.168.2.44976313.107.246.404437524C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              TimestampBytes transferredDirectionData
                                                              2024-09-01 19:19:05 UTC486OUTGET /assets/arbitration_priority_list/4.0.5/asset?assetgroup=ArbitrationService HTTP/1.1
                                                              Host: edgeassetservice.azureedge.net
                                                              Connection: keep-alive
                                                              Edge-Asset-Group: ArbitrationService
                                                              Sec-Fetch-Site: none
                                                              Sec-Fetch-Mode: no-cors
                                                              Sec-Fetch-Dest: empty
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                              Accept-Encoding: gzip, deflate, br
                                                              Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                              2024-09-01 19:19:05 UTC559INHTTP/1.1 200 OK
                                                              Date: Sun, 01 Sep 2024 19:19:05 GMT
                                                              Content-Type: application/octet-stream
                                                              Content-Length: 11989
                                                              Connection: close
                                                              Last-Modified: Fri, 23 Aug 2024 00:10:35 GMT
                                                              ETag: 0x8DCC30802EF150E
                                                              x-ms-request-id: 903262f1-801e-001b-4826-f94695000000
                                                              x-ms-version: 2009-09-19
                                                              x-ms-lease-status: unlocked
                                                              x-ms-blob-type: BlockBlob
                                                              x-azure-ref: 20240901T191905Z-16579567576h266g9d6dee9ff800000007200000000043m0
                                                              Cache-Control: public, max-age=604800
                                                              x-fd-int-roxy-purgeid: 69316365
                                                              X-Cache: TCP_HIT
                                                              X-Cache-Info: L1_T2
                                                              Accept-Ranges: bytes
                                                              2024-09-01 19:19:05 UTC11989INData Raw: 7b 0d 0a 20 20 22 63 6f 6e 66 69 67 56 65 72 73 69 6f 6e 22 3a 20 33 32 2c 0d 0a 20 20 22 50 72 69 76 69 6c 65 67 65 64 45 78 70 65 72 69 65 6e 63 65 73 22 3a 20 5b 0d 0a 20 20 20 20 22 53 68 6f 72 65 6c 69 6e 65 50 72 69 76 69 6c 65 67 65 64 45 78 70 65 72 69 65 6e 63 65 49 44 22 2c 0d 0a 20 20 20 20 22 53 48 4f 50 50 49 4e 47 5f 41 55 54 4f 5f 53 48 4f 57 5f 43 4f 55 50 4f 4e 53 5f 43 48 45 43 4b 4f 55 54 22 2c 0d 0a 20 20 20 20 22 53 48 4f 50 50 49 4e 47 5f 41 55 54 4f 5f 53 48 4f 57 5f 4c 4f 57 45 52 5f 50 52 49 43 45 5f 46 4f 55 4e 44 22 2c 0d 0a 20 20 20 20 22 53 48 4f 50 50 49 4e 47 5f 41 55 54 4f 5f 53 48 4f 57 5f 42 49 4e 47 5f 53 45 41 52 43 48 22 2c 0d 0a 20 20 20 20 22 53 48 4f 50 50 49 4e 47 5f 41 55 54 4f 5f 53 48 4f 57 5f 52 45 42 41 54 45
                                                              Data Ascii: { "configVersion": 32, "PrivilegedExperiences": [ "ShorelinePrivilegedExperienceID", "SHOPPING_AUTO_SHOW_COUPONS_CHECKOUT", "SHOPPING_AUTO_SHOW_LOWER_PRICE_FOUND", "SHOPPING_AUTO_SHOW_BING_SEARCH", "SHOPPING_AUTO_SHOW_REBATE


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              7192.168.2.44976213.107.246.404437524C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              TimestampBytes transferredDirectionData
                                                              2024-09-01 19:19:05 UTC470OUTGET /assets/edge_hub_apps_manifest_gz/4.7.107/asset?assetgroup=Shoreline HTTP/1.1
                                                              Host: edgeassetservice.azureedge.net
                                                              Connection: keep-alive
                                                              Edge-Asset-Group: Shoreline
                                                              Sec-Fetch-Site: none
                                                              Sec-Fetch-Mode: no-cors
                                                              Sec-Fetch-Dest: empty
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                              Accept-Encoding: gzip, deflate, br
                                                              Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                              2024-09-01 19:19:05 UTC577INHTTP/1.1 200 OK
                                                              Date: Sun, 01 Sep 2024 19:19:05 GMT
                                                              Content-Type: application/octet-stream
                                                              Content-Length: 306698
                                                              Connection: close
                                                              Content-Encoding: gzip
                                                              Last-Modified: Tue, 10 Oct 2023 17:24:31 GMT
                                                              ETag: 0x8DBC9B5C40EBFF4
                                                              x-ms-request-id: c3ea0861-301e-0002-54a0-fc6afd000000
                                                              x-ms-version: 2009-09-19
                                                              x-ms-lease-status: unlocked
                                                              x-ms-blob-type: BlockBlob
                                                              x-azure-ref: 20240901T191905Z-165795675767hwjqv3v00bvq3400000006sg00000000m316
                                                              Cache-Control: public, max-age=604800
                                                              x-fd-int-roxy-purgeid: 0
                                                              X-Cache: TCP_HIT
                                                              X-Cache-Info: L1_T2
                                                              Accept-Ranges: bytes
                                                              2024-09-01 19:19:05 UTC15807INData Raw: 1f 8b 08 08 cf 88 25 65 02 ff 61 73 73 65 74 00 ec 7d 69 93 db 46 92 e8 5f a9 f0 97 fd e0 96 05 10 00 09 4c c4 8b 17 2d f9 92 6d f9 92 6d 8d fd 66 43 51 00 0a 24 9a 20 40 e1 60 ab 7b 76 fe fb ab cc 2c 10 09 82 07 c8 a6 bc 9e 8d 0d 5b 68 b0 8e bc eb 44 55 e6 3f 3f 59 c9 3c 4d 54 55 bf db a8 b2 4a 8b fc 93 bf 89 4f dc cf ac cf ac 4f 6e c4 27 8b 26 7c 27 d7 eb 4a 27 fe bf 7f 7e 92 c6 90 19 c5 ee d4 f7 65 f0 4c f9 be ff cc f5 95 7c 26 63 df 7e 36 9b da 81 13 7b d3 d0 0e 15 d4 cd e5 4a 41 f9 77 ef 5e bf f9 ea 1d fc 7a f7 0e d2 19 1e fb 33 fd df 0c 12 63 55 45 65 ba ae 4d 06 d5 61 89 54 75 a9 1e 20 f7 f5 ab 57 2f 5e dd dd 7e ff 62 be 7c bf 58 a6 5f 05 f7 d6 8b db 9f be f8 f2 f6 f6 87 97 b7 3f f9 b7 90 ff 72 fe ad 7e ff e2 76 9d 58 77 ee 57 8b 1f de ff 14 f9 fe
                                                              Data Ascii: %easset}iF_L-mmfCQ$ @`{v,[hDU??Y<MTUJOOn'&|'J'~eL|&c~6{JAw^z3cUEeMaTu W/^~b|X_?r~vXwW
                                                              2024-09-01 19:19:05 UTC16384INData Raw: 04 ba b8 75 26 ce 55 c2 08 bf 5c 90 e7 68 0d 8c 7c 07 bb 14 ee 07 cf ac 5b ca 81 54 5b 25 f6 36 51 93 15 e8 c2 2b 22 50 fc 52 36 6d 55 35 59 19 67 e4 56 be d8 2d df fd 8c 1c b1 48 e9 85 d8 d5 6f a1 88 16 05 b8 ea d5 42 20 2f c6 fa c5 ab 21 ae b4 7e 71 4c 7c 69 3b da be 2c c4 3c 45 31 58 f6 5a d0 75 29 2d 10 91 2f b6 81 a8 f1 77 27 4d cb 46 c3 d1 f2 cb e7 17 7d 3c d0 6a 30 b1 ed 19 11 24 85 30 ed b3 77 98 0a a3 d3 4d 8a a4 58 a6 1a 92 6f 39 a0 66 5b a9 58 c4 f8 d7 db 13 a4 38 9f 53 18 72 e3 d6 58 c9 9c 2a 85 f1 21 3d 9d 12 35 51 d6 f4 74 9e 6e f9 3a 6f 4c fc e5 2c 53 f9 7a 94 a9 7c 50 ab 8e d8 56 01 86 95 11 92 ce 4d 82 a9 12 26 c6 7f 9c 55 b4 0d eb a8 c4 4f 75 f1 df 12 7e 7b 85 2d 18 bd 99 6f 4d 95 18 8d 35 7f b9 51 da bc b3 17 f2 61 66 41 16 70 9d 0a 0c
                                                              Data Ascii: u&U\h|[T[%6Q+"PR6mU5YgV-HoB /!~qL|i;,<E1XZu)-/w'MF}<j0$0wMXo9f[X8SrX*!=5Qtn:oL,Sz|PVM&UOu~{-oM5QafAp
                                                              2024-09-01 19:19:05 UTC16384INData Raw: b7 2c 9c d4 28 cd 82 09 ad 54 24 d2 ae 26 b9 4f 37 c4 67 1e 9d 6b d1 e4 03 44 91 0f c7 24 3e 9c a5 f8 80 ce e1 c3 bd 55 1f 7c 0d 7d f0 d6 f4 e1 f6 6d f9 6c 42 78 a7 7a 8f cf 80 2a 42 b1 ca af 46 95 01 06 85 53 be 7a 50 c8 12 ce 7e 7c 44 29 29 63 83 14 66 50 e5 69 9e ba 94 a2 14 a9 44 53 56 22 78 06 d0 d3 7d 25 3d 51 7e fc 63 e8 77 69 11 9c 24 cb 92 42 e9 e0 d4 ac cc c6 c2 0a 92 55 72 f4 61 88 91 31 1f 4c 69 b4 9b 0f a5 64 32 91 6a 99 5a 87 05 9b b8 18 4d b6 69 0c 05 60 46 80 c2 34 75 85 d5 88 cf a4 31 10 78 28 99 44 01 7e 6d 51 37 26 3d f1 aa c8 64 77 98 90 c3 4a 88 b9 d5 8c 73 bc 9b 5c 69 65 23 a6 fb 16 9b 26 25 05 ac fc cc 1e 87 56 e3 bd 7f 86 8d d9 de 4d 93 29 aa 7c fe d1 06 5b da c5 90 55 b0 c9 33 35 1b d9 51 ad b2 ea c6 9a c4 a2 90 04 54 de 86 42 2d
                                                              Data Ascii: ,(T$&O7gkD$>U|}mlBxz*BFSzP~|D))cfPiDSV"x}%=Q~cwi$BUra1Lid2jZMi`F4u1x(D~mQ7&=dwJs\ie#&%VM)|[U35QTB-
                                                              2024-09-01 19:19:05 UTC16384INData Raw: 2a 42 7f 7e 14 be 1b ef d2 39 b9 d3 a0 0f a6 db fd c0 cf 6a 73 b5 e6 a0 67 39 bd 50 cf ce e5 f5 33 b4 5b f6 96 18 f6 1d 3d 5b 1c 62 ee 08 9c b4 27 31 5c bf 95 0d 07 a0 cf bc bf ec e9 f3 e3 25 7d d1 cd 7e e8 fe 69 3f 94 32 74 6d 41 40 30 f4 9d 21 ef 18 ab 09 e0 e5 30 bf 56 97 43 99 8d fb 5c b1 3a 15 2a 0c 9d 5f c9 d3 47 70 60 b0 6e 17 9c 16 bc 33 94 8f dc 87 1c 2e 65 5f 80 b0 c7 e2 bb 6a f4 3b c8 60 00 83 b2 83 02 16 e1 3f 69 68 e4 62 45 17 99 ba 9d 9d b7 00 7d 2a 5a 5f 88 af 8b 22 5d 84 79 61 b8 38 c9 2f d4 62 3c 2f ee 0a 38 04 98 69 d8 af 45 cf 43 a8 9b 3e 6e dd 69 b8 01 0b 4d c5 2a d4 d8 5d 7a b1 5f 94 d0 5d 79 e7 c9 87 c6 d5 b9 5d 89 1b 44 f3 5a 14 67 85 e9 1a ef c2 74 b9 63 86 3e c2 71 a7 08 94 eb 44 58 ad 1a 5c 09 02 5c 4d 1b c8 2c 53 c1 71 b8 50 80
                                                              Data Ascii: *B~9jsg9P3[=[b'1\%}~i?2tmA@0!0VC\:*_Gp`n3.e_j;`?ihbE}*Z_"]ya8/b</8iEC>niM*]z_]y]DZgtc>qDX\\M,SqP
                                                              2024-09-01 19:19:05 UTC16384INData Raw: c2 6b ad 8a 70 f5 34 6b b8 40 3f ab 6c ff 6b b9 2f c1 49 79 7f 7f fe e2 4d 8e 52 97 9f 5c d2 a4 d2 9b 7f 21 19 ca ff db 31 e3 e4 f2 51 b8 7c 74 b3 4c aa e5 59 09 49 a3 cf 51 d6 87 a5 4c 6d 23 e7 30 3b 3e ce a2 ff dd d2 a2 4d 1f 0e 14 fd d7 52 7f fd 1c ea cf 13 55 dc a3 6d 85 4b 4e 63 b4 12 03 65 33 26 36 bd 72 f4 19 04 1a d9 86 f6 84 1c dd 9e ee 21 e8 65 4d aa 2f f0 f8 0a fb d1 85 1e 53 4d 3f 5f a5 fc d4 0d f8 28 79 f7 b1 c1 a5 fc 51 df bc 30 df bf cb 6f cb 2a 09 d7 1f 99 f4 19 6a 7e d9 a5 f8 7e 7b c5 59 31 55 b2 99 9f 7d 02 06 e8 6e c6 98 ec a9 7c 3f 2a 1d 34 e5 bd 0a 8f e7 88 3e 74 c3 0b e7 6b 10 2c 4f 53 5d 7c 86 e2 09 77 99 7d ee 02 3a 9d f3 a7 29 a2 13 79 ee 15 d2 a7 37 fd 67 b6 f7 67 33 72 df b2 23 59 ef 55 5d e5 6f cb 55 7e 43 6c b7 99 fc 2e 56 9e
                                                              Data Ascii: kp4k@?lk/IyMR\!1Q|tLYIQLm#0;>MRUmKNce3&6r!eM/SM?_(yQ0o*j~~{Y1U}n|?*4>tk,OS]|w}:)y7gg3r#YU]oU~Cl.V
                                                              2024-09-01 19:19:05 UTC16384INData Raw: 1d c0 e5 f5 0e 81 86 cd d1 7b 9c 8b 16 07 4d 31 65 8e 49 77 c3 9c 0b 06 79 cd 66 e0 72 84 3b 54 b9 74 ef 35 53 7d 3b 8c b0 a9 fd 1b 50 a9 de 74 45 72 7e 1b f0 2a c4 ee 75 56 a9 f1 4f 0b e2 ef 4c 0e 04 e6 c1 13 43 d1 a3 91 83 19 d3 3d c4 08 0f b5 d5 e1 f0 41 7b 02 cf 94 80 35 8c 5f 5f 02 90 85 fa 86 bb ab e1 02 93 a8 c3 01 b8 10 ce 1a 84 70 ba 2a 74 48 e2 74 7c 83 87 f5 42 38 70 15 c2 ce 65 08 08 86 a0 47 21 98 5b b8 58 62 21 c8 96 0d 6c 09 61 e7 32 c4 b3 5e a1 8d a0 20 7d 39 b0 28 5c c6 6d 21 84 b7 80 4c dc 70 c4 2e c4 f3 19 21 9c 8e d6 1f 96 d8 f4 9d 32 40 37 a4 47 84 1e d1 c7 65 89 5f 63 82 1d d4 5a 86 2d e5 f8 15 59 45 61 ea 67 ab 2d d9 61 85 e3 91 0f 94 e7 67 25 02 3d 4f 28 55 ad 17 c6 a0 29 6a 5d 21 2a cd 7e af 45 5e 0b 01 e5 6c bb ed 07 fa bc 5c f7
                                                              Data Ascii: {M1eIwyfr;Tt5S};PtEr~*uVOLC=A{5__p*tHt|B8peG![Xb!la2^ }9(\m!Lp.!2@7Ge_cZ-YEag-ag%=O(U)j]!*~E^l\
                                                              2024-09-01 19:19:05 UTC16384INData Raw: b4 4f 20 01 c9 6e d7 8b d6 eb 26 ee 09 6d 06 c3 c0 20 42 f6 62 01 a8 b8 2e 41 68 d5 3e af 78 77 09 5e a1 a8 7e 3d bf 65 90 da ff 6d 58 c3 e3 86 29 f6 22 00 98 2a 9c 68 97 65 63 ac 5c ad 09 2b 23 82 8f 3f 2b 34 4c 1f 01 76 0d 06 ed 44 0f a9 a0 b1 63 30 c2 0d f2 ad 15 f9 9d a6 73 4a 64 c6 38 b2 91 d1 0a 38 ec f1 61 a5 51 a1 65 d6 96 da 34 5b b9 be df 70 92 06 98 c1 37 67 b8 7a fd 34 cd 5e 44 c0 aa b0 27 6e 0c f2 e2 f9 5e 7c 0a 17 b4 b4 16 73 66 52 b2 05 40 56 84 20 c3 90 88 0a 5a 8e f1 3d 96 59 b7 5f a7 63 31 3c 17 3a a9 04 30 4b 80 0e 09 8b 60 e1 5d df da 55 e1 6d 20 56 de 3a 5a 4e 4e 36 25 71 5c 12 7e f1 93 97 31 94 a1 29 89 f2 0a 40 a9 02 bf 55 03 2f 98 74 5f 78 73 cb c5 29 4c e9 ad ef d3 e0 e9 ec 15 b9 9a 03 cf 91 db 7e f5 f0 08 3e bd 4a a1 b3 a7 63 d1
                                                              Data Ascii: O n&m Bb.Ah>xw^~=emX)"*hec\+#?+4LvDc0sJd88aQe4[p7gz4^D'n^|sfR@V Z=Y_c1<:0K`]Um V:ZNN6%q\~1)@U/t_xs)L~>Jc
                                                              2024-09-01 19:19:05 UTC16384INData Raw: e6 2c b7 a9 5c 69 a3 75 af d9 ba f6 11 ea 58 64 70 1a 03 5a 75 5c b5 f2 6d d4 e3 16 ed 7d 0a 76 94 c1 8e a7 30 9e 08 64 07 27 9d 18 c0 52 7d e4 67 ff 5d dd ba 83 b1 dc 5d 98 95 9f fd f7 4f 5a 26 c7 8a 7a a4 2b 67 ea ac d1 ee 4b f3 ee 5b 7c 55 87 5f ce 64 5a d1 d6 85 f4 9d 84 43 1d a5 d1 4e 33 c2 52 b6 ac ef d9 7f de 15 61 44 a2 b6 4f fe 03 39 27 95 29 d1 71 16 47 ff 7e 40 2f ff 09 6e 49 c5 ba 2c 58 72 fd b4 fc 2b 2f d4 a3 80 7f e2 4e fd ca 3b f8 f4 09 87 9a 38 33 24 7f 45 a2 7e d3 4f 4e 87 8c cb 8b 02 7f df 7f ff 57 75 a1 22 3d 51 a9 78 41 7d 1b c5 f8 9b d0 7f 72 fc 7d ff 85 6a 70 ab 5e dc aa 41 ca 56 bd b0 55 00 76 02 c7 a0 ea 57 7d b2 c3 fb 0a b5 58 bd 1f ab f6 63 d5 ec bd 82 b3 c7 5f d5 89 ed 15 3f f6 0a e5 7d 86 bf 7b f2 4f 82 f3 1a ea 09 06 a9 c9 03
                                                              Data Ascii: ,\iuXdpZu\m}v0d'R}g]]OZ&z+gK[|U_dZCN3RaDO9')qG~@/nI,Xr+/N;83$E~ONWu"=QxA}r}jp^AVUvW}Xc_?}{O
                                                              2024-09-01 19:19:05 UTC16384INData Raw: 34 82 9b a9 e1 c3 b1 e1 46 87 99 95 55 9a b4 be 3b 59 b1 6b f9 9e 4a 6a 38 c3 9d 71 93 60 68 53 6d 70 93 f4 d8 cb 92 d6 1c 64 0c 55 29 d1 f7 86 61 3a 23 da d5 06 e4 b2 85 18 31 bb 0e 46 71 38 52 33 8f 24 f5 9e 43 1a 6d 32 5a be 90 91 0a d3 47 69 32 eb 74 ec 30 03 b3 0a 2f 45 60 14 c3 56 8c 9b d3 2c f6 4c cc 87 6e 54 d0 da 28 ed 5d 8d 3a 4d 4a aa f1 2e 74 2f 9f 56 e9 a4 49 86 4c 15 33 4f 70 79 ad 9c 27 57 fe 5f f1 b5 af dc 2b a5 7e 6a ff d6 06 bc 0c 5d f6 df fe e1 b9 f2 44 21 e0 ef 42 ef 50 c9 9d 6d c4 b7 e0 a2 c1 1c b4 2f 36 29 c7 0d cd c5 5f 01 b2 80 f3 b0 10 3b 89 01 c5 9d d8 7c 07 2e 18 db 27 d6 4f f2 63 9c b0 f6 f2 ae c9 8b 6c b2 c4 37 76 c1 ad 55 68 26 ab 9f 6e 0d f6 97 8b d0 7b ae f0 47 ed 5d 9f e5 af 8e d0 8d 25 c1 76 f1 dc 48 82 c0 c8 4e c8 12 40
                                                              Data Ascii: 4FU;YkJj8q`hSmpdU)a:#1Fq8R3$Cm2ZGi2t0/E`V,LnT(]:MJ.t/VIL3Opy'W_+~j]D!BPm/6)_;|.'Ocl7vUh&n{G]%vHN@
                                                              2024-09-01 19:19:05 UTC16384INData Raw: 14 85 b6 9f 56 47 3e e9 1b d3 5f a5 ac 50 c3 87 e4 2f 7d 48 49 98 d9 64 0e 08 ef 71 ff 50 b9 f3 86 37 4a 22 88 52 55 4a 91 92 53 0e 3c c2 3f 65 33 a3 28 fd 5a 9a 2e 91 76 ec f5 34 94 dc 1a 84 a2 be c1 0e 7a 8b 67 39 3e 58 c7 23 2c 7e 30 2a a9 04 8f 00 e5 ea b9 90 8e 19 22 31 4f 88 ac 1a 1f 76 bd 44 ab b4 23 ff 6a 0e 16 d3 4b 19 b1 5f 46 1a 8c 28 02 0b 82 4d 75 9f bc a7 ab d3 c0 ac 12 2c 1a e1 ca 61 62 a5 73 bf 90 ea 26 30 cc b6 60 ae a5 03 4b 60 ea 7c b9 bf 27 e4 0d 14 35 5a 3a 2d d3 09 b2 1d da a4 23 ee 1b c6 42 eb 6f 46 58 98 31 2d 33 81 d2 c7 b9 ea 4a e4 45 53 f8 1b 85 d6 9a f9 1c dd e5 4a cf 08 96 59 af e8 ce 28 b3 02 0e 0d ee 14 62 4a 58 2a 40 44 d3 12 5b 39 93 33 26 50 17 82 cc e2 88 1a 71 ab dd fe 3c 12 6a 79 40 5e 32 8d a6 25 53 15 5e 3f 60 3e a6
                                                              Data Ascii: VG>_P/}HIdqP7J"RUJS<?e3(Z.v4zg9>X#,~0*"1OvD#jK_F(Mu,abs&0`K`|'5Z:-#BoFX1-3JESJY(bJX*@D[93&Pq<jy@^2%S^?`>


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              8192.168.2.460381184.28.90.27443
                                                              TimestampBytes transferredDirectionData
                                                              2024-09-01 19:19:05 UTC161OUTHEAD /fs/windows/config.json HTTP/1.1
                                                              Connection: Keep-Alive
                                                              Accept: */*
                                                              Accept-Encoding: identity
                                                              User-Agent: Microsoft BITS/7.8
                                                              Host: fs.microsoft.com
                                                              2024-09-01 19:19:05 UTC467INHTTP/1.1 200 OK
                                                              Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json
                                                              Content-Type: application/octet-stream
                                                              ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7"
                                                              Last-Modified: Tue, 16 May 2017 22:58:00 GMT
                                                              Server: ECAcc (lpl/EF70)
                                                              X-CID: 11
                                                              X-Ms-ApiVersion: Distribute 1.2
                                                              X-Ms-Region: prod-neu-z1
                                                              Cache-Control: public, max-age=163595
                                                              Date: Sun, 01 Sep 2024 19:19:05 GMT
                                                              Connection: close
                                                              X-CID: 2


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              9192.168.2.46038613.107.246.404437524C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              TimestampBytes transferredDirectionData
                                                              2024-09-01 19:19:06 UTC431OUTGET /assets/edge_hub_apps_search_maximal_light.png/1.3.6/asset HTTP/1.1
                                                              Host: edgeassetservice.azureedge.net
                                                              Connection: keep-alive
                                                              Sec-Fetch-Site: none
                                                              Sec-Fetch-Mode: no-cors
                                                              Sec-Fetch-Dest: empty
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                              Accept-Encoding: gzip, deflate, br
                                                              Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                              2024-09-01 19:19:06 UTC536INHTTP/1.1 200 OK
                                                              Date: Sun, 01 Sep 2024 19:19:06 GMT
                                                              Content-Type: image/png
                                                              Content-Length: 1966
                                                              Connection: close
                                                              Last-Modified: Fri, 03 Nov 2023 21:43:31 GMT
                                                              ETag: 0x8DBDCB5EC122A94
                                                              x-ms-request-id: 25350ece-301e-002b-08d4-fa1cbf000000
                                                              x-ms-version: 2009-09-19
                                                              x-ms-lease-status: unlocked
                                                              x-ms-blob-type: BlockBlob
                                                              x-azure-ref: 20240901T191906Z-16579567576l4p9bs8an1npq1n00000006ng0000000065v4
                                                              Cache-Control: public, max-age=604800
                                                              x-fd-int-roxy-purgeid: 0
                                                              X-Cache-Info: L1_T2
                                                              X-Cache: TCP_HIT
                                                              Accept-Ranges: bytes
                                                              2024-09-01 19:19:06 UTC1966INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 28 00 00 00 28 08 06 00 00 00 8c fe b8 6d 00 00 00 09 70 48 59 73 00 00 16 25 00 00 16 25 01 49 52 24 f0 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 07 43 49 44 41 54 78 01 ed 97 5b 68 5c 75 1e c7 7f ff 73 f9 9f 49 d2 49 4f da 98 b4 6a d7 d9 c5 16 bc b0 4e c1 bd c8 6e d8 99 07 1f 74 1f 9a e0 2a 15 77 d7 06 0b 82 0f d5 3c 54 10 1f 3a 41 d0 2a 8a 2d 55 29 68 4d 14 1f 6a d3 92 3c 28 58 45 92 fa d0 0a 82 8e 48 14 6a 6b 53 d0 b4 21 4d e7 cc 64 6e 67 ce cd ef ef 64 4e 48 ed c5 74 d2 e8 4b 7f c3 9f ff b9 cd 39 9f f3 fd ff 6e 87 e8 ba 2d cd c4 62 2f 1c 1a 1a 4a 29 8a b2 c9 f3 bc 44 10 04 3c c8 71 1c 0b fb 59 8c af 71 6e a4 b7 b7 d7 a2 6b 6c bf 0a 38 3c 3c fc
                                                              Data Ascii: PNGIHDR((mpHYs%%IR$sRGBgAMAaCIDATx[h\usIIOjNnt*w<T:A*-U)hMj<(XEHjkS!MdngdNHtK9n-b/J)D<qYqnkl8<<


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              10192.168.2.46039113.107.246.404437524C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              TimestampBytes transferredDirectionData
                                                              2024-09-01 19:19:06 UTC433OUTGET /assets/edge_hub_apps_shopping_maximal_light.png/1.4.0/asset HTTP/1.1
                                                              Host: edgeassetservice.azureedge.net
                                                              Connection: keep-alive
                                                              Sec-Fetch-Site: none
                                                              Sec-Fetch-Mode: no-cors
                                                              Sec-Fetch-Dest: empty
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                              Accept-Encoding: gzip, deflate, br
                                                              Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                              2024-09-01 19:19:06 UTC536INHTTP/1.1 200 OK
                                                              Date: Sun, 01 Sep 2024 19:19:06 GMT
                                                              Content-Type: image/png
                                                              Content-Length: 1751
                                                              Connection: close
                                                              Last-Modified: Tue, 17 Oct 2023 00:34:33 GMT
                                                              ETag: 0x8DBCEA8D5AACC85
                                                              x-ms-request-id: dea807c8-f01e-005b-3b60-fa6f7b000000
                                                              x-ms-version: 2009-09-19
                                                              x-ms-lease-status: unlocked
                                                              x-ms-blob-type: BlockBlob
                                                              x-azure-ref: 20240901T191906Z-16579567576kv75wmks9m65qec00000006yg00000000dzxk
                                                              Cache-Control: public, max-age=604800
                                                              x-fd-int-roxy-purgeid: 0
                                                              X-Cache-Info: L1_T2
                                                              X-Cache: TCP_HIT
                                                              Accept-Ranges: bytes
                                                              2024-09-01 19:19:06 UTC1751INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 28 00 00 00 28 08 06 00 00 00 8c fe b8 6d 00 00 00 09 70 48 59 73 00 00 16 25 00 00 16 25 01 49 52 24 f0 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 06 6c 49 44 41 54 78 01 ed 98 4d 6c 54 55 14 c7 cf 9d ce b4 52 09 42 85 b8 40 ed f3 23 44 37 0a b8 32 71 01 71 a1 89 1b dc 08 3b ab 0b 64 87 b8 30 84 10 3a c3 c2 a5 1a 57 b8 52 16 26 6e 8c 10 3f 91 c5 a0 a2 21 0d d1 c6 18 63 34 9a 91 b8 c0 40 6c a1 ed cc 7b ef 7e 1c ff e7 de fb e6 4d 3f a0 1f d4 e8 a2 17 5e de eb ed 9b f7 7e f7 7f ce f9 9f 3b 25 5a 1b 6b e3 bf 1d 8a 56 71 d4 cf f2 2e 36 34 ca 44 bb d8 11 15 07 71 cf 19 ff 71 ad 08 3f 3b 4b 13 4e bb 3f 74 27 1f cf 3a d4 38 71 68 5d eb 5f 03 3c 76 86 9f c7
                                                              Data Ascii: PNGIHDR((mpHYs%%IR$sRGBgAMAalIDATxMlTURB@#D72qq;d0:WR&n?!c4@l{~M?^~;%ZkVq.64Dqq?;KN?t':8qh]_<v


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              11192.168.2.46039013.107.246.404437524C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              TimestampBytes transferredDirectionData
                                                              2024-09-01 19:19:06 UTC433OUTGET /assets/edge_hub_apps_toolbox_maximal_light.png/1.5.13/asset HTTP/1.1
                                                              Host: edgeassetservice.azureedge.net
                                                              Connection: keep-alive
                                                              Sec-Fetch-Site: none
                                                              Sec-Fetch-Mode: no-cors
                                                              Sec-Fetch-Dest: empty
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                              Accept-Encoding: gzip, deflate, br
                                                              Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                              2024-09-01 19:19:06 UTC536INHTTP/1.1 200 OK
                                                              Date: Sun, 01 Sep 2024 19:19:06 GMT
                                                              Content-Type: image/png
                                                              Content-Length: 1427
                                                              Connection: close
                                                              Last-Modified: Fri, 03 Nov 2023 21:43:36 GMT
                                                              ETag: 0x8DBDCB5EF021F8E
                                                              x-ms-request-id: 27316467-401e-0006-7b60-fa9f7f000000
                                                              x-ms-version: 2009-09-19
                                                              x-ms-lease-status: unlocked
                                                              x-ms-blob-type: BlockBlob
                                                              x-azure-ref: 20240901T191906Z-16579567576txfkctmnqv2e9c400000006dg00000000hzh2
                                                              Cache-Control: public, max-age=604800
                                                              x-fd-int-roxy-purgeid: 0
                                                              X-Cache-Info: L1_T2
                                                              X-Cache: TCP_HIT
                                                              Accept-Ranges: bytes
                                                              2024-09-01 19:19:06 UTC1427INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 28 00 00 00 28 08 06 00 00 00 8c fe b8 6d 00 00 00 09 70 48 59 73 00 00 16 25 00 00 16 25 01 49 52 24 f0 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 05 28 49 44 41 54 78 01 ed 57 cd 6b 24 45 14 7f af 67 86 c4 5d cd 8e 9b 05 d1 3d ec e8 1f 20 5e 3d 28 eb 41 04 41 44 10 3c 66 d1 53 92 d3 42 40 72 da 11 84 5c b3 7f 80 24 39 48 40 d4 8b 17 2f b2 e2 1f a0 1e 25 a7 01 11 16 17 35 1f f3 d1 dd d5 55 cf 57 df d5 d3 eb 4e 5a f0 22 53 a1 52 9d 57 5d ef fd de ef 7d 74 05 60 39 96 63 39 96 e3 3f 1d 08 ff 62 1c 1f 1f df e6 e5 9e 52 ea 15 5e fb bc 02 11 99 a9 9f f5 e4 41 52 4a 74 7b df f3 7a 77 7b 7b fb 67 68 39 5a 03 3c 3a 3a da 40 c4 43 0f ea 1f 56 3d 34 38 e2 89
                                                              Data Ascii: PNGIHDR((mpHYs%%IR$sRGBgAMAa(IDATxWk$Eg]= ^=(AAD<fSB@r\$9H@/%5UWNZ"SRW]}t`9c9?bR^ARJt{zw{{gh9Z<::@CV=48


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              12192.168.2.460385184.28.90.27443
                                                              TimestampBytes transferredDirectionData
                                                              2024-09-01 19:19:06 UTC239OUTGET /fs/windows/config.json HTTP/1.1
                                                              Connection: Keep-Alive
                                                              Accept: */*
                                                              Accept-Encoding: identity
                                                              If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT
                                                              Range: bytes=0-2147483646
                                                              User-Agent: Microsoft BITS/7.8
                                                              Host: fs.microsoft.com
                                                              2024-09-01 19:19:06 UTC515INHTTP/1.1 200 OK
                                                              ApiVersion: Distribute 1.1
                                                              Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json
                                                              Content-Type: application/octet-stream
                                                              ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7"
                                                              Last-Modified: Tue, 16 May 2017 22:58:00 GMT
                                                              Server: ECAcc (lpl/EF06)
                                                              X-CID: 11
                                                              X-Ms-ApiVersion: Distribute 1.2
                                                              X-Ms-Region: prod-weu-z1
                                                              Cache-Control: public, max-age=163594
                                                              Date: Sun, 01 Sep 2024 19:19:06 GMT
                                                              Content-Length: 55
                                                              Connection: close
                                                              X-CID: 2
                                                              2024-09-01 19:19:06 UTC55INData Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d
                                                              Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              13192.168.2.460393142.251.40.2064437524C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              TimestampBytes transferredDirectionData
                                                              2024-09-01 19:19:06 UTC579OUTOPTIONS /log?format=json&hasfast=true&authuser=0 HTTP/1.1
                                                              Host: play.google.com
                                                              Connection: keep-alive
                                                              Accept: */*
                                                              Access-Control-Request-Method: POST
                                                              Access-Control-Request-Headers: x-goog-authuser
                                                              Origin: https://accounts.google.com
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                              Sec-Fetch-Mode: cors
                                                              Sec-Fetch-Site: same-site
                                                              Sec-Fetch-Dest: empty
                                                              Referer: https://accounts.google.com/
                                                              Accept-Encoding: gzip, deflate, br
                                                              Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                              2024-09-01 19:19:06 UTC520INHTTP/1.1 200 OK
                                                              Access-Control-Allow-Origin: https://accounts.google.com
                                                              Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                              Access-Control-Max-Age: 86400
                                                              Access-Control-Allow-Credentials: true
                                                              Access-Control-Allow-Headers: X-Playlog-Web,authorization,origin,x-goog-authuser
                                                              Content-Type: text/plain; charset=UTF-8
                                                              Date: Sun, 01 Sep 2024 19:19:06 GMT
                                                              Server: Playlog
                                                              Content-Length: 0
                                                              X-XSS-Protection: 0
                                                              X-Frame-Options: SAMEORIGIN
                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                              Connection: close


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              14192.168.2.460394142.251.40.2064437524C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              TimestampBytes transferredDirectionData
                                                              2024-09-01 19:19:06 UTC579OUTOPTIONS /log?format=json&hasfast=true&authuser=0 HTTP/1.1
                                                              Host: play.google.com
                                                              Connection: keep-alive
                                                              Accept: */*
                                                              Access-Control-Request-Method: POST
                                                              Access-Control-Request-Headers: x-goog-authuser
                                                              Origin: https://accounts.google.com
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                              Sec-Fetch-Mode: cors
                                                              Sec-Fetch-Site: same-site
                                                              Sec-Fetch-Dest: empty
                                                              Referer: https://accounts.google.com/
                                                              Accept-Encoding: gzip, deflate, br
                                                              Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                              2024-09-01 19:19:06 UTC520INHTTP/1.1 200 OK
                                                              Access-Control-Allow-Origin: https://accounts.google.com
                                                              Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                              Access-Control-Max-Age: 86400
                                                              Access-Control-Allow-Credentials: true
                                                              Access-Control-Allow-Headers: X-Playlog-Web,authorization,origin,x-goog-authuser
                                                              Content-Type: text/plain; charset=UTF-8
                                                              Date: Sun, 01 Sep 2024 19:19:06 GMT
                                                              Server: Playlog
                                                              Content-Length: 0
                                                              X-XSS-Protection: 0
                                                              X-Frame-Options: SAMEORIGIN
                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                              Connection: close


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              15192.168.2.46038913.107.246.404437524C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              TimestampBytes transferredDirectionData
                                                              2024-09-01 19:19:06 UTC430OUTGET /assets/edge_hub_apps_games_maximal_light.png/1.7.1/asset HTTP/1.1
                                                              Host: edgeassetservice.azureedge.net
                                                              Connection: keep-alive
                                                              Sec-Fetch-Site: none
                                                              Sec-Fetch-Mode: no-cors
                                                              Sec-Fetch-Dest: empty
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                              Accept-Encoding: gzip, deflate, br
                                                              Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                              2024-09-01 19:19:06 UTC536INHTTP/1.1 200 OK
                                                              Date: Sun, 01 Sep 2024 19:19:06 GMT
                                                              Content-Type: image/png
                                                              Content-Length: 2008
                                                              Connection: close
                                                              Last-Modified: Tue, 10 Oct 2023 17:24:26 GMT
                                                              ETag: 0x8DBC9B5C0C17219
                                                              x-ms-request-id: 32a19201-701e-002c-2560-faea3a000000
                                                              x-ms-version: 2009-09-19
                                                              x-ms-lease-status: unlocked
                                                              x-ms-blob-type: BlockBlob
                                                              x-azure-ref: 20240901T191906Z-16579567576rt7gkm43y59pk3800000006k000000000nbxe
                                                              Cache-Control: public, max-age=604800
                                                              x-fd-int-roxy-purgeid: 0
                                                              X-Cache-Info: L1_T2
                                                              X-Cache: TCP_HIT
                                                              Accept-Ranges: bytes
                                                              2024-09-01 19:19:06 UTC2008INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 28 00 00 00 28 08 06 00 00 00 8c fe b8 6d 00 00 00 09 70 48 59 73 00 00 16 25 00 00 16 25 01 49 52 24 f0 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 07 6d 49 44 41 54 78 01 ed 98 bf 6f 14 47 14 c7 df ec 9d 11 48 48 5c aa 94 de 74 74 18 45 a9 59 24 0a d2 24 54 91 a0 f1 39 44 24 45 24 ec 32 0d be 28 05 44 14 98 2a e9 7c 96 50 e4 26 32 11 2d 02 47 91 02 4d 64 a3 08 25 92 a5 70 fc 05 18 ff 38 df ed af 97 ef 77 76 66 bd 36 07 67 9b 58 69 18 69 34 b3 b3 bb b3 9f fb ce 7b 6f de 9c c8 bb f2 76 c5 c8 21 95 bf 66 35 4c 33 59 8a 33 6d e0 33 53 1f 7e 69 66 38 fe 74 56 c7 b2 54 1e 26 a9 34 f2 4c a6 3e fa ba 18 ff e3 96 36 7b 89 cc 6e f5 45 92 2c 9b f8 b8 55 6f 73
                                                              Data Ascii: PNGIHDR((mpHYs%%IR$sRGBgAMAamIDATxoGHH\ttEY$$T9D$E$2(D*|P&2-GMd%p8wvf6gXii4{ov!f5L3Y3m3S~if8tVT&4L>6{nE,Uos


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              16192.168.2.46038813.107.246.404437524C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              TimestampBytes transferredDirectionData
                                                              2024-09-01 19:19:06 UTC422OUTGET /assets/edge_hub_apps_M365_light.png/1.7.32/asset HTTP/1.1
                                                              Host: edgeassetservice.azureedge.net
                                                              Connection: keep-alive
                                                              Sec-Fetch-Site: none
                                                              Sec-Fetch-Mode: no-cors
                                                              Sec-Fetch-Dest: empty
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                              Accept-Encoding: gzip, deflate, br
                                                              Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                              2024-09-01 19:19:06 UTC536INHTTP/1.1 200 OK
                                                              Date: Sun, 01 Sep 2024 19:19:06 GMT
                                                              Content-Type: image/png
                                                              Content-Length: 2229
                                                              Connection: close
                                                              Last-Modified: Wed, 25 Oct 2023 19:48:24 GMT
                                                              ETag: 0x8DBD59359A9E77B
                                                              x-ms-request-id: 453f1ddb-801e-005f-6ffe-fa9af9000000
                                                              x-ms-version: 2009-09-19
                                                              x-ms-lease-status: unlocked
                                                              x-ms-blob-type: BlockBlob
                                                              x-azure-ref: 20240901T191906Z-16579567576pgh4h94c7qn0kuc00000006x0000000000a2r
                                                              Cache-Control: public, max-age=604800
                                                              x-fd-int-roxy-purgeid: 0
                                                              X-Cache-Info: L1_T2
                                                              X-Cache: TCP_HIT
                                                              Accept-Ranges: bytes
                                                              2024-09-01 19:19:06 UTC2229INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 28 00 00 00 28 08 06 00 00 00 8c fe b8 6d 00 00 00 09 70 48 59 73 00 00 16 25 00 00 16 25 01 49 52 24 f0 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 08 4a 49 44 41 54 78 01 ed 98 6d 88 5c 57 19 c7 9f e7 dc 7b 37 89 49 9a dd 6c 5e d6 96 c0 c4 36 a1 d5 2f 49 a1 92 22 ea 06 ac a4 41 21 05 41 2a e8 ee 16 a4 82 e0 26 62 a5 b5 92 99 f1 8b 2f 68 b3 fd 92 16 ad 64 fb 29 16 62 53 6d 68 17 15 b2 a2 ed 07 b1 6c a8 95 d6 97 74 36 a9 35 69 d2 90 dd 6d bb 9b 99 7b ce 79 fc 3f e7 dc d9 8d 99 24 b3 2f f9 d8 03 77 9e 7b ce dc b9 e7 77 ff cf cb 39 77 88 3e 6c 4b 6b 4c 37 a8 f5 ee 1d 2b a5 44 25 c2 47 9a d2 f8 c8 8f b6 8f d3 0d 68 4b 06 dc f1 8d df f7 ae cc ba cb 6c a8
                                                              Data Ascii: PNGIHDR((mpHYs%%IR$sRGBgAMAaJIDATxm\W{7Il^6/I"A!A*&b/hd)bSmhlt65im{y?$/w{w9w>lKkL7+D%GhKl


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              17192.168.2.46038713.107.246.404437524C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              TimestampBytes transferredDirectionData
                                                              2024-09-01 19:19:06 UTC425OUTGET /assets/edge_hub_apps_outlook_light.png/1.9.10/asset HTTP/1.1
                                                              Host: edgeassetservice.azureedge.net
                                                              Connection: keep-alive
                                                              Sec-Fetch-Site: none
                                                              Sec-Fetch-Mode: no-cors
                                                              Sec-Fetch-Dest: empty
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                              Accept-Encoding: gzip, deflate, br
                                                              Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                              2024-09-01 19:19:06 UTC543INHTTP/1.1 200 OK
                                                              Date: Sun, 01 Sep 2024 19:19:06 GMT
                                                              Content-Type: image/png
                                                              Content-Length: 1154
                                                              Connection: close
                                                              Last-Modified: Wed, 25 Oct 2023 19:48:30 GMT
                                                              ETag: 0x8DBD5935D5B3965
                                                              x-ms-request-id: d224f29e-c01e-003e-65a0-fcde26000000
                                                              x-ms-version: 2009-09-19
                                                              x-ms-lease-status: unlocked
                                                              x-ms-blob-type: BlockBlob
                                                              x-azure-ref: 20240901T191906Z-165795675762gt5gbs4b9bazh800000006gg00000000gx92
                                                              Cache-Control: public, max-age=604800
                                                              x-fd-int-roxy-purgeid: 69316365
                                                              X-Cache: TCP_HIT
                                                              X-Cache-Info: L1_T2
                                                              Accept-Ranges: bytes
                                                              2024-09-01 19:19:06 UTC1154INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 28 00 00 00 28 08 06 00 00 00 8c fe b8 6d 00 00 00 09 70 48 59 73 00 00 16 25 00 00 16 25 01 49 52 24 f0 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 04 17 49 44 41 54 78 01 ed 97 cf 6f db 64 18 c7 bf 76 6a ea 34 69 e3 26 4b d4 b4 30 d2 f1 ab 4c 9a 96 c1 6e ed a1 30 0e 5c 10 4c b0 d3 0e ed 05 c1 05 35 3d ec 00 97 66 ff 41 72 43 02 a9 1a bb 70 03 c4 0d 6d 62 48 4c e2 f7 3a 0a 62 17 56 6b ab d6 aa cd 1a 37 4d 66 c7 89 fd ee 7d 9d 25 6b 1b 27 b1 1b 57 bd e4 23 39 f1 ef 7e fa 3c ef f3 bc 6f 80 1e 3d 8e 16 ce e9 8d c2 87 3f 24 4d 42 7e 04 88 04 2f e1 20 13 82 ac f9 e5 db 19 bb cb 3c 1c 62 10 73 d1 73 39 06 41 82 03 b7 80 d9 6f 6c df ed 38 82 13 5f 6f 10 b8
                                                              Data Ascii: PNGIHDR((mpHYs%%IR$sRGBgAMAaIDATxodvj4i&K0Ln0\L5=fArCpmbHL:bVk7Mf}%k'W#9~<o=?$MB~/ <bss9Aol8_o


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              18192.168.2.46039613.107.246.404437524C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              TimestampBytes transferredDirectionData
                                                              2024-09-01 19:19:07 UTC431OUTGET /assets/edge_hub_apps_edrop_maximal_light.png/1.1.12/asset HTTP/1.1
                                                              Host: edgeassetservice.azureedge.net
                                                              Connection: keep-alive
                                                              Sec-Fetch-Site: none
                                                              Sec-Fetch-Mode: no-cors
                                                              Sec-Fetch-Dest: empty
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                              Accept-Encoding: gzip, deflate, br
                                                              Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                              2024-09-01 19:19:07 UTC543INHTTP/1.1 200 OK
                                                              Date: Sun, 01 Sep 2024 19:19:07 GMT
                                                              Content-Type: image/png
                                                              Content-Length: 1468
                                                              Connection: close
                                                              Last-Modified: Fri, 03 Nov 2023 21:43:14 GMT
                                                              ETag: 0x8DBDCB5E23DFC43
                                                              x-ms-request-id: 7e487c98-101e-0051-6ba0-fc76f2000000
                                                              x-ms-version: 2009-09-19
                                                              x-ms-lease-status: unlocked
                                                              x-ms-blob-type: BlockBlob
                                                              x-azure-ref: 20240901T191907Z-165795675762h26c6ze2t4q76000000006x0000000009adk
                                                              Cache-Control: public, max-age=604800
                                                              x-fd-int-roxy-purgeid: 69316365
                                                              X-Cache: TCP_HIT
                                                              X-Cache-Info: L1_T2
                                                              Accept-Ranges: bytes
                                                              2024-09-01 19:19:07 UTC1468INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 28 00 00 00 28 08 06 00 00 00 8c fe b8 6d 00 00 00 09 70 48 59 73 00 00 16 25 00 00 16 25 01 49 52 24 f0 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 05 51 49 44 41 54 78 01 ed 97 4b 6c 54 55 18 c7 ff e7 4e 19 62 da e0 b0 a1 01 03 5c 82 51 7c 52 16 1a 6d 6b 42 57 c4 c7 c2 2e 8c 26 24 46 62 44 17 26 b4 04 62 5c a0 ad 1a 63 dc c8 82 85 89 26 b4 09 68 89 1a a7 18 79 24 1a c6 05 75 41 02 17 19 23 46 03 13 10 4a 35 c8 50 fa 9a b9 f7 9c cf ef 3c ee 74 a6 96 76 da a6 2b e6 4b 4f ef cc b9 e7 9e ef 77 ff df e3 de 01 6a 56 b3 9a d5 ec ce 36 81 45 b6 cd 67 28 85 89 89 14 22 f8 20 e9 4b 0f 29 41 22 25 3c ac 85 42 8a a4 f2 a9 a8 52 8d e1 c5 d4 d5 70 75 3e 49 de a6
                                                              Data Ascii: PNGIHDR((mpHYs%%IR$sRGBgAMAaQIDATxKlTUNb\Q|RmkBW.&$FbD&b\c&hy$uA#FJ5P<tv+KOwjV6Eg(" K)A"%<BRpu>I


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              19192.168.2.460399142.251.40.2284437524C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              TimestampBytes transferredDirectionData
                                                              2024-09-01 19:19:07 UTC899OUTGET /favicon.ico HTTP/1.1
                                                              Host: www.google.com
                                                              Connection: keep-alive
                                                              sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                              sec-ch-ua-mobile: ?0
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                              sec-ch-ua-arch: "x86"
                                                              sec-ch-ua-full-version: "117.0.2045.47"
                                                              sec-ch-ua-platform-version: "10.0.0"
                                                              sec-ch-ua-full-version-list: "Microsoft Edge";v="117.0.2045.47", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"
                                                              sec-ch-ua-bitness: "64"
                                                              sec-ch-ua-model: ""
                                                              sec-ch-ua-wow64: ?0
                                                              sec-ch-ua-platform: "Windows"
                                                              Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                              Sec-Fetch-Site: same-site
                                                              Sec-Fetch-Mode: no-cors
                                                              Sec-Fetch-Dest: image
                                                              Referer: https://accounts.google.com/
                                                              Accept-Encoding: gzip, deflate, br
                                                              Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                              2024-09-01 19:19:08 UTC705INHTTP/1.1 200 OK
                                                              Accept-Ranges: bytes
                                                              Cross-Origin-Resource-Policy: cross-origin
                                                              Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="static-on-bigtable"
                                                              Report-To: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
                                                              Content-Length: 5430
                                                              X-Content-Type-Options: nosniff
                                                              Server: sffe
                                                              X-XSS-Protection: 0
                                                              Date: Sun, 01 Sep 2024 18:20:24 GMT
                                                              Expires: Mon, 09 Sep 2024 18:20:24 GMT
                                                              Cache-Control: public, max-age=691200
                                                              Last-Modified: Tue, 22 Oct 2019 18:30:00 GMT
                                                              Content-Type: image/x-icon
                                                              Vary: Accept-Encoding
                                                              Age: 3524
                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                              Connection: close
                                                              2024-09-01 19:19:08 UTC685INData Raw: 00 00 01 00 02 00 10 10 00 00 01 00 20 00 68 04 00 00 26 00 00 00 20 20 00 00 01 00 20 00 a8 10 00 00 8e 04 00 00 28 00 00 00 10 00 00 00 20 00 00 00 01 00 20 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff 30 fd fd fd 96 fd fd fd d8 fd fd fd f9 fd fd fd f9 fd fd fd d7 fd fd fd 94 fe fe fe 2e 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fe fe fe 09 fd fd fd 99 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd 95 ff ff ff 08 00 00 00 00 00 00 00 00 00 00 00 00 fe fe fe 09 fd fd fd c1 ff ff ff ff fa fd f9 ff b4 d9 a7 ff 76 ba 5d ff 58 ab 3a ff 58 aa 3a ff 72 b8 59 ff ac d5 9d ff f8 fb f6 ff ff
                                                              Data Ascii: h& ( 0.v]X:X:rY
                                                              2024-09-01 19:19:08 UTC1390INData Raw: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd d8 fd fd fd 99 ff ff ff ff 92 cf fb ff 37 52 ec ff 38 46 ea ff d0 d4 fa ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd 96 fe fe fe 32 ff ff ff ff f9 f9 fe ff 56 62 ed ff 35 43 ea ff 3b 49 eb ff 95 9c f4 ff cf d2 fa ff d1 d4 fa ff 96 9d f4 ff 52 5e ed ff e1 e3 fc ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff 30 00 00 00 00 fd fd fd 9d ff ff ff ff e8 ea fd ff 58 63 ee ff 35 43 ea ff 35 43 ea ff 35 43 ea ff 35 43 ea ff 35 43 ea ff 35 43 ea ff 6c 76 f0 ff ff ff ff ff ff ff ff ff fd fd fd 98 00 00 00 00 00 00 00 00 ff ff ff 0a fd fd fd c3 ff ff ff ff f9 f9 fe ff a5 ac f6 ff 5d 69 ee ff 3c 4a
                                                              Data Ascii: 7R8F2Vb5C;IR^0Xc5C5C5C5C5C5Clv]i<J
                                                              2024-09-01 19:19:08 UTC1390INData Raw: ff ff ff ff ff ff ff ff ff ff ff fd fd fd d0 ff ff ff 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fd fd fd 8b ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff b1 d8 a3 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 60 a5 35 ff ca 8e 3e ff f9 c1 9f ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd 87 00 00 00 00 00 00 00 00 00 00 00 00 fe fe fe 25 fd fd fd fb ff ff ff ff ff ff ff ff ff ff ff ff c2 e0 b7 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 6e b6 54 ff 9f ce 8d ff b7 da aa ff b8 db ab ff a5 d2 95 ff 7b bc 64 ff 54 a8 35 ff 53 a8 34 ff 77 a0 37 ff e3 89 41 ff f4 85 42 ff f4 85 42 ff
                                                              Data Ascii: S4S4S4S4S4S4S4S4S4S4S4S4S4S4`5>%S4S4S4S4S4S4nT{dT5S4w7ABB
                                                              2024-09-01 19:19:08 UTC1390INData Raw: ff f4 85 42 ff f4 85 42 ff f4 85 42 ff f4 85 42 ff f4 85 42 ff f4 85 42 ff fb d5 bf ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd ea fd fd fd cb ff ff ff ff ff ff ff ff ff ff ff ff 46 cd fc ff 05 bc fb ff 05 bc fb ff 05 bc fb ff 21 ae f9 ff fb fb ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd c8 fd fd fd 9c ff ff ff ff ff ff ff ff ff ff ff ff 86 df fd ff 05 bc fb ff 05 bc fb ff 15 93 f5 ff 34 49 eb ff b3 b8 f7 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
                                                              Data Ascii: BBBBBBF!4I
                                                              2024-09-01 19:19:08 UTC575INData Raw: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd d2 fe fe fe 24 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff 0a fd fd fd 8d fd fd fd fc ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd fb fd fd fd 8b fe fe fe 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fe fe fe 27 fd fd fd 9f fd fd fd f7 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
                                                              Data Ascii: $'


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              20192.168.2.460400142.250.81.2344437524C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              TimestampBytes transferredDirectionData
                                                              2024-09-01 19:19:08 UTC448OUTPOST /chromewebstore/v1.1/items/verify HTTP/1.1
                                                              Host: www.googleapis.com
                                                              Connection: keep-alive
                                                              Content-Length: 119
                                                              Content-Type: application/json
                                                              Sec-Fetch-Site: none
                                                              Sec-Fetch-Mode: no-cors
                                                              Sec-Fetch-Dest: empty
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                              Accept-Encoding: gzip, deflate, br
                                                              Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                              2024-09-01 19:19:08 UTC119OUTData Raw: 7b 22 68 61 73 68 22 3a 22 4c 61 35 77 76 58 5a 6b 41 6b 4e 52 44 33 45 64 41 6a 6c 64 52 72 73 69 72 48 65 30 30 66 70 66 54 6e 6e 4b 34 75 4c 36 55 59 30 3d 22 2c 22 69 64 73 22 3a 5b 22 67 68 62 6d 6e 6e 6a 6f 6f 65 6b 70 6d 6f 65 63 6e 6e 6e 69 6c 6e 6e 62 64 6c 6f 6c 68 6b 68 69 22 5d 2c 22 70 72 6f 74 6f 63 6f 6c 5f 76 65 72 73 69 6f 6e 22 3a 31 7d
                                                              Data Ascii: {"hash":"La5wvXZkAkNRD3EdAjldRrsirHe00fpfTnnK4uL6UY0=","ids":["ghbmnnjooekpmoecnnnilnnbdlolhkhi"],"protocol_version":1}
                                                              2024-09-01 19:19:08 UTC341INHTTP/1.1 200 OK
                                                              Content-Type: application/json; charset=UTF-8
                                                              Vary: Origin
                                                              Vary: X-Origin
                                                              Vary: Referer
                                                              Date: Sun, 01 Sep 2024 19:19:08 GMT
                                                              Server: ESF
                                                              Content-Length: 483
                                                              X-XSS-Protection: 0
                                                              X-Frame-Options: SAMEORIGIN
                                                              X-Content-Type-Options: nosniff
                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                              Connection: close
                                                              2024-09-01 19:19:08 UTC483INData Raw: 7b 0a 20 20 22 70 72 6f 74 6f 63 6f 6c 5f 76 65 72 73 69 6f 6e 22 3a 20 31 2c 0a 20 20 22 73 69 67 6e 61 74 75 72 65 22 3a 20 22 52 4d 64 78 4d 57 79 78 67 6b 63 73 43 68 78 76 47 6d 65 47 52 48 39 51 2f 75 42 4f 59 76 55 33 31 4a 70 66 42 65 79 76 62 75 6c 7a 4e 51 34 36 78 53 32 76 41 78 6b 54 77 42 73 30 4b 33 48 6b 49 63 4d 6c 38 42 6c 2b 54 64 46 6e 47 6c 2f 36 71 2b 71 72 6c 50 31 30 42 76 4e 52 57 73 4d 53 64 5a 39 78 48 39 4f 76 48 4d 61 4f 33 38 56 68 7a 63 53 78 55 46 66 67 48 32 56 65 75 50 4a 47 7a 6e 2f 7a 59 71 7a 30 79 4c 76 39 4a 48 66 64 56 57 39 31 31 41 6c 73 77 71 69 49 38 62 34 50 54 39 65 67 6c 4d 6c 33 52 4e 69 78 6a 47 49 42 73 66 48 54 35 64 57 49 2b 39 58 46 68 66 75 33 79 51 56 68 65 2f 59 38 4f 77 6a 77 45 56 69 48 36 42 64 6c
                                                              Data Ascii: { "protocol_version": 1, "signature": "RMdxMWyxgkcsChxvGmeGRH9Q/uBOYvU31JpfBeyvbulzNQ46xS2vAxkTwBs0K3HkIcMl8Bl+TdFnGl/6q+qrlP10BvNRWsMSdZ9xH9OvHMaO38VhzcSxUFfgH2VeuPJGzn/zYqz0yLv9JHfdVW911AlswqiI8b4PT9eglMl3RNixjGIBsfHT5dWI+9XFhfu3yQVhe/Y8OwjwEViH6Bdl


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              21192.168.2.46040152.165.165.26443
                                                              TimestampBytes transferredDirectionData
                                                              2024-09-01 19:19:14 UTC306OUTGET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=fNaPcGodWzp8yb8&MD=UuuLbb9v HTTP/1.1
                                                              Connection: Keep-Alive
                                                              Accept: */*
                                                              User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33
                                                              Host: slscr.update.microsoft.com
                                                              2024-09-01 19:19:14 UTC560INHTTP/1.1 200 OK
                                                              Cache-Control: no-cache
                                                              Pragma: no-cache
                                                              Content-Type: application/octet-stream
                                                              Expires: -1
                                                              Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT
                                                              ETag: "XAopazV00XDWnJCwkmEWRv6JkbjRA9QSSZ2+e/3MzEk=_2880"
                                                              MS-CorrelationId: 13626d53-0be3-4309-9711-58c9db2040f1
                                                              MS-RequestId: 7576ed52-97c8-4074-8137-1f0b01087933
                                                              MS-CV: 1fx9JKExyEyDHIFI.0
                                                              X-Microsoft-SLSClientCache: 2880
                                                              Content-Disposition: attachment; filename=environment.cab
                                                              X-Content-Type-Options: nosniff
                                                              Date: Sun, 01 Sep 2024 19:19:14 GMT
                                                              Connection: close
                                                              Content-Length: 24490
                                                              2024-09-01 19:19:14 UTC15824INData Raw: 4d 53 43 46 00 00 00 00 92 1e 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 23 d0 00 00 14 00 00 00 00 00 10 00 92 1e 00 00 18 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 e6 42 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 78 cf 8d 5c 26 1e e6 42 43 4b ed 5c 07 54 13 db d6 4e a3 f7 2e d5 d0 3b 4c 42 af 4a 57 10 e9 20 bd 77 21 94 80 88 08 24 2a 02 02 d2 55 10 a4 a8 88 97 22 8a 0a d2 11 04 95 ae d2 8b 20 28 0a 88 20 45 05 f4 9f 80 05 bd ed dd f7 ff 77 dd f7 bf 65 d6 4a 66 ce 99 33 67 4e d9 7b 7f fb db 7b 56 f4 4d 34 b4 21 e0 a7 03 0a d9 fc 68 6e 1d 20 70 28 14 02 85 20 20 ad 61 10 08 e3 66 0d ed 66 9b 1d 6a 90 af 1f 17 f0 4b 68 35 01 83 6c fb 44 42 5c 7d 83 3d 03 30 be 3e ae be 58
                                                              Data Ascii: MSCFD#AdBenvironment.cabx\&BCK\TN.;LBJW w!$*U" ( EweJf3gN{{VM4!hn p( affjKh5lDB\}=0>X
                                                              2024-09-01 19:19:14 UTC8666INData Raw: 04 01 31 2f 30 2d 30 0a 02 05 00 e1 2b 8a 50 02 01 00 30 0a 02 01 00 02 02 12 fe 02 01 ff 30 07 02 01 00 02 02 11 e6 30 0a 02 05 00 e1 2c db d0 02 01 00 30 36 06 0a 2b 06 01 04 01 84 59 0a 04 02 31 28 30 26 30 0c 06 0a 2b 06 01 04 01 84 59 0a 03 02 a0 0a 30 08 02 01 00 02 03 07 a1 20 a1 0a 30 08 02 01 00 02 03 01 86 a0 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 03 81 81 00 0c d9 08 df 48 94 57 65 3e ad e7 f2 17 9c 1f ca 3d 4d 6c cd 51 e1 ed 9c 17 a5 52 35 0f fd de 4b bd 22 92 c5 69 e5 d7 9f 29 23 72 40 7a ca 55 9d 8d 11 ad d5 54 00 bb 53 b4 87 7b 72 84 da 2d f6 e3 2c 4f 7e ba 1a 58 88 6e d6 b9 6d 16 ae 85 5b b5 c2 81 a8 e0 ee 0a 9c 60 51 3a 7b e4 61 f8 c3 e4 38 bd 7d 28 17 d6 79 f0 c8 58 c6 ef 1f f7 88 65 b1 ea 0a c0 df f7 ee 5c 23 c2 27 fd 98 63 08 31
                                                              Data Ascii: 1/0-0+P000,06+Y1(0&0+Y0 00*HHWe>=MlQR5K"i)#r@zUTS{r-,O~Xnm[`Q:{a8}(yXe\#'c1


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              22192.168.2.460407152.195.19.974437524C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              TimestampBytes transferredDirectionData
                                                              2024-09-01 19:19:19 UTC616OUTGET /filestreamingservice/files/bdc392b9-6b81-4aaa-b3ee-2fffd9562edb?P1=1725823141&P2=404&P3=2&P4=FhdhZlXvFI6KtXAbNJlCnICAPPec6b1JTpnvn5TGI1P2wY0P96yCHvT1lzisj%2fbU1eqMKzk8g4C56M%2bhhvf0yQ%3d%3d HTTP/1.1
                                                              Host: msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.com
                                                              Connection: keep-alive
                                                              MS-CV: mGzAHmUqw4AeILS/Vm5P/R
                                                              Sec-Fetch-Site: none
                                                              Sec-Fetch-Mode: no-cors
                                                              Sec-Fetch-Dest: empty
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                              Accept-Encoding: gzip, deflate, br
                                                              Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                              2024-09-01 19:19:20 UTC632INHTTP/1.1 200 OK
                                                              Accept-Ranges: bytes
                                                              Age: 5144891
                                                              Cache-Control: public, max-age=17280000
                                                              Content-Type: application/x-chrome-extension
                                                              Date: Sun, 01 Sep 2024 19:19:20 GMT
                                                              Etag: "Gv3jDkaZdFLRHkoq2781zOehQE8="
                                                              Last-Modified: Wed, 24 Jan 2024 00:25:37 GMT
                                                              MS-CorrelationId: b4b4aabf-4d02-4629-96b1-a382405b6a31
                                                              MS-CV: 642I+iNy0Qp5KFcIV/sUKh.0
                                                              MS-RequestId: 5245ac9e-0afd-43ce-8780-5c7d0bedf1d4
                                                              Server: ECAcc (nyd/D11E)
                                                              X-AspNet-Version: 4.0.30319
                                                              X-AspNetMvc-Version: 5.3
                                                              X-Cache: HIT
                                                              X-CCC: US
                                                              X-CID: 11
                                                              X-Powered-By: ASP.NET
                                                              X-Powered-By: ARR/3.0
                                                              X-Powered-By: ASP.NET
                                                              Content-Length: 11185
                                                              Connection: close
                                                              2024-09-01 19:19:20 UTC11185INData Raw: 43 72 32 34 03 00 00 00 1d 05 00 00 12 ac 04 0a a6 02 30 82 01 22 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 82 01 0f 00 30 82 01 0a 02 82 01 01 00 bb 4e a9 d8 c8 e8 cb ac 89 0d 45 23 09 ef 07 9e ab ed 9a 39 65 ef 75 ea 71 bc a5 c4 56 59 59 ef 8c 08 40 04 2b ed 43 d0 dc 6b a7 4f 88 b9 62 4b d3 60 94 de 36 ee 47 92 ab 25 8a 1e cc 0d fa 33 5a 12 19 8e 65 20 5f fd 36 15 d6 13 1e 46 ae 8b 31 70 18 f1 a8 4b 1d 5a ff de 0e 83 8e 11 b2 2f 20 ed 33 88 cb fb 4f 54 94 9e 60 00 d3 bc 30 ab c0 d7 59 8b b0 96 46 54 fc f0 34 33 1c 74 68 d6 79 f9 0c 8c 7d 8a 91 98 ca 70 c6 4c 0f 1b c8 32 53 b9 26 69 cc 60 09 8d 6f ec f9 a6 66 8d 6f 48 81 0e 05 8a f1 97 4e b8 c3 94 3a b3 f7 69 6a 54 89 33 da 9e 46 7b d1 30 bb 2c cc 66 3f 27 66 e3 43 51 74 3b 62 5f 22 50 63 08 e5 20
                                                              Data Ascii: Cr240"0*H0NE#9euqVYY@+CkObK`6G%3Ze _6F1pKZ/ 3OT`0YFT43thy}pL2S&i`ofoHN:ijT3F{0,f?'fCQt;b_"Pc


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              23192.168.2.46042252.165.165.26443
                                                              TimestampBytes transferredDirectionData
                                                              2024-09-01 19:19:53 UTC306OUTGET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=fNaPcGodWzp8yb8&MD=UuuLbb9v HTTP/1.1
                                                              Connection: Keep-Alive
                                                              Accept: */*
                                                              User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33
                                                              Host: slscr.update.microsoft.com
                                                              2024-09-01 19:19:53 UTC560INHTTP/1.1 200 OK
                                                              Cache-Control: no-cache
                                                              Pragma: no-cache
                                                              Content-Type: application/octet-stream
                                                              Expires: -1
                                                              Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT
                                                              ETag: "vic+p1MiJJ+/WMnK08jaWnCBGDfvkGRzPk9f8ZadQHg=_1440"
                                                              MS-CorrelationId: 6471fc30-3b05-4afe-a1cb-dcadc9201a3e
                                                              MS-RequestId: 8dc5e8aa-a8c9-4214-92f2-34629f28aa8c
                                                              MS-CV: /h4MRG6IuUCcFxjZ.0
                                                              X-Microsoft-SLSClientCache: 1440
                                                              Content-Disposition: attachment; filename=environment.cab
                                                              X-Content-Type-Options: nosniff
                                                              Date: Sun, 01 Sep 2024 19:19:52 GMT
                                                              Connection: close
                                                              Content-Length: 30005
                                                              2024-09-01 19:19:53 UTC15824INData Raw: 4d 53 43 46 00 00 00 00 8d 2b 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 5b 49 00 00 14 00 00 00 00 00 10 00 8d 2b 00 00 a8 49 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 72 4d 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 fe f6 51 be 21 2b 72 4d 43 4b ed 7c 05 58 54 eb da f6 14 43 49 37 0a 02 d2 b9 86 0e 41 52 a4 1b 24 a5 bb 43 24 44 18 94 90 92 52 41 3a 05 09 95 ee 54 b0 00 91 2e e9 12 10 04 11 c9 6f 10 b7 a2 67 9f bd cf 3e ff b7 ff b3 bf 73 ed e1 9a 99 f5 c6 7a d7 bb de f5 3e cf fd 3c f7 dc 17 4a 1a 52 e7 41 a8 97 1e 14 f4 e5 25 7d f4 05 82 82 c1 20 30 08 06 ba c3 05 02 11 7f a9 c1 ff d2 87 5c 1e f4 ed 65 8e 7a 1f f6 0a 40 03 1d 7b f9 83 2c 1c 2f db b8 3a 39 3a 58 38 ba 73 5e
                                                              Data Ascii: MSCF+D[I+IdrMenvironment.cabQ!+rMCK|XTCI7AR$C$DRA:T.og>sz><JRA%} 0\ez@{,/:9:X8s^
                                                              2024-09-01 19:19:53 UTC14181INData Raw: 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 26 30 24 06 03 55 04 03 13 1d 4d 69 63 72 6f 73 6f 66 74 20 54 69 6d 65 2d 53 74 61 6d 70 20 50 43 41 20 32 30 31 30 30 1e 17 0d 32 33 31 30 31 32 31 39 30 37 32 35 5a 17 0d 32 35 30 31 31 30 31 39 30 37 32 35 5a 30 81 d2 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 2d 30 2b 06 03 55 04 0b 13 24 4d 69 63 72 6f
                                                              Data Ascii: UUS10UWashington10URedmond10UMicrosoft Corporation1&0$UMicrosoft Time-Stamp PCA 20100231012190725Z250110190725Z010UUS10UWashington10URedmond10UMicrosoft Corporation1-0+U$Micro


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              24192.168.2.46042423.44.133.384437524C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              TimestampBytes transferredDirectionData
                                                              2024-09-01 19:20:01 UTC442OUTOPTIONS /api/report?cat=bingbusiness HTTP/1.1
                                                              Host: bzib.nelreports.net
                                                              Connection: keep-alive
                                                              Origin: https://business.bing.com
                                                              Access-Control-Request-Method: POST
                                                              Access-Control-Request-Headers: content-type
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                              Accept-Encoding: gzip, deflate, br
                                                              Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                              2024-09-01 19:20:01 UTC379INHTTP/1.1 503 Service Unavailable
                                                              Content-Length: 326
                                                              Content-Type: text/html; charset=us-ascii
                                                              Date: Sun, 01 Sep 2024 19:20:01 GMT
                                                              Connection: close
                                                              PMUSER_FORMAT_QS:
                                                              X-CDN-TraceId: 0.26862c17.1725218401.1fe97490
                                                              Access-Control-Allow-Credentials: false
                                                              Access-Control-Allow-Methods: *
                                                              Access-Control-Allow-Methods: GET, OPTIONS, POST
                                                              Access-Control-Allow-Origin: *
                                                              2024-09-01 19:20:01 UTC326INData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e 53 65 72 76 69 63 65 20 55 6e 61 76 61 69 6c 61 62 6c 65 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 73 2d 61 73 63 69 69 22 3e 3c 2f 48 45 41 44 3e 0d 0a 3c 42 4f 44 59 3e 3c 68 32 3e 53 65 72 76 69 63 65 20 55 6e 61 76 61 69 6c 61 62 6c 65 3c 2f 68 32 3e 0d 0a 3c
                                                              Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>Service Unavailable</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD><BODY><h2>Service Unavailable</h2><


                                                              Statistics

                                                              CPU Usage

                                                              Click to jump to process

                                                              Memory Usage

                                                              Click to jump to process

                                                              High Level Behavior Distribution

                                                              Click to dive into process behavior distribution

                                                              Behavior

                                                              Click to jump to process

                                                              System Behavior

                                                              General

                                                              Target ID:0
                                                              Start time:15:18:53
                                                              Start date:01/09/2024
                                                              Path:C:\Users\user\Desktop\file.exe
                                                              Wow64 process (32bit):true
                                                              Commandline:"C:\Users\user\Desktop\file.exe"
                                                              Imagebase:0xfb0000
                                                              File size:917'504 bytes
                                                              MD5 hash:A80F8369905A553004098607DEC0751A
                                                              Has elevated privileges:true
                                                              Has administrator privileges:true
                                                              Programmed in:C, C++ or other language
                                                              Reputation:low
                                                              Has exited:true

                                                              General

                                                              Target ID:1
                                                              Start time:15:18:54
                                                              Start date:01/09/2024
                                                              Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              Wow64 process (32bit):false
                                                              Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd
                                                              Imagebase:0x7ff67dcd0000
                                                              File size:4'210'216 bytes
                                                              MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                              Has elevated privileges:true
                                                              Has administrator privileges:true
                                                              Programmed in:C, C++ or other language
                                                              Reputation:moderate
                                                              Has exited:true

                                                              General

                                                              Target ID:2
                                                              Start time:15:18:54
                                                              Start date:01/09/2024
                                                              Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                              Wow64 process (32bit):false
                                                              Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd
                                                              Imagebase:0x7ff6bf500000
                                                              File size:676'768 bytes
                                                              MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                              Has elevated privileges:true
                                                              Has administrator privileges:true
                                                              Programmed in:C, C++ or other language
                                                              Reputation:high
                                                              Has exited:true

                                                              General

                                                              Target ID:4
                                                              Start time:15:18:54
                                                              Start date:01/09/2024
                                                              Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                              Wow64 process (32bit):false
                                                              Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd --attempting-deelevation
                                                              Imagebase:0x7ff6bf500000
                                                              File size:676'768 bytes
                                                              MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                              Has elevated privileges:false
                                                              Has administrator privileges:false
                                                              Programmed in:C, C++ or other language
                                                              Reputation:high
                                                              Has exited:true

                                                              General

                                                              Target ID:5
                                                              Start time:15:18:54
                                                              Start date:01/09/2024
                                                              Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                              Wow64 process (32bit):false
                                                              Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd
                                                              Imagebase:0x7ff6bf500000
                                                              File size:676'768 bytes
                                                              MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                              Has elevated privileges:false
                                                              Has administrator privileges:false
                                                              Programmed in:C, C++ or other language
                                                              Reputation:high
                                                              Has exited:false

                                                              General

                                                              Target ID:6
                                                              Start time:15:18:54
                                                              Start date:01/09/2024
                                                              Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              Wow64 process (32bit):false
                                                              Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2100 --field-trial-handle=1944,i,1885108096133923708,5615008366606404031,262144 /prefetch:3
                                                              Imagebase:0x7ff67dcd0000
                                                              File size:4'210'216 bytes
                                                              MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                              Has elevated privileges:true
                                                              Has administrator privileges:true
                                                              Programmed in:C, C++ or other language
                                                              Reputation:moderate
                                                              Has exited:true

                                                              General

                                                              Target ID:7
                                                              Start time:15:18:54
                                                              Start date:01/09/2024
                                                              Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              Wow64 process (32bit):false
                                                              Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd
                                                              Imagebase:0x7ff67dcd0000
                                                              File size:4'210'216 bytes
                                                              MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                              Has elevated privileges:false
                                                              Has administrator privileges:false
                                                              Programmed in:C, C++ or other language
                                                              Reputation:moderate
                                                              Has exited:false

                                                              General

                                                              Target ID:8
                                                              Start time:15:18:56
                                                              Start date:01/09/2024
                                                              Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              Wow64 process (32bit):false
                                                              Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2176 --field-trial-handle=1948,i,16766255207364502604,7562736169763922936,262144 /prefetch:3
                                                              Imagebase:0x7ff67dcd0000
                                                              File size:4'210'216 bytes
                                                              MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                              Has elevated privileges:false
                                                              Has administrator privileges:false
                                                              Programmed in:C, C++ or other language
                                                              Reputation:moderate
                                                              Has exited:false

                                                              General

                                                              Target ID:10
                                                              Start time:15:18:59
                                                              Start date:01/09/2024
                                                              Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              Wow64 process (32bit):false
                                                              Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=6552 --field-trial-handle=1948,i,16766255207364502604,7562736169763922936,262144 /prefetch:8
                                                              Imagebase:0x7ff67dcd0000
                                                              File size:4'210'216 bytes
                                                              MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                              Has elevated privileges:false
                                                              Has administrator privileges:false
                                                              Programmed in:C, C++ or other language
                                                              Reputation:moderate
                                                              Has exited:true

                                                              General

                                                              Target ID:11
                                                              Start time:15:18:59
                                                              Start date:01/09/2024
                                                              Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              Wow64 process (32bit):false
                                                              Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=6800 --field-trial-handle=1948,i,16766255207364502604,7562736169763922936,262144 /prefetch:8
                                                              Imagebase:0x7ff67dcd0000
                                                              File size:4'210'216 bytes
                                                              MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                              Has elevated privileges:false
                                                              Has administrator privileges:false
                                                              Programmed in:C, C++ or other language
                                                              Reputation:moderate
                                                              Has exited:true

                                                              General

                                                              Target ID:12
                                                              Start time:15:19:00
                                                              Start date:01/09/2024
                                                              Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                              Wow64 process (32bit):false
                                                              Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2284 -parentBuildID 20230927232528 -prefsHandle 2220 -prefMapHandle 2228 -prefsLen 25359 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {983f46ee-0e12-4a53-bee0-8668e7f3c346} 480 "\\.\pipe\gecko-crash-server-pipe.480" 214b0670910 socket
                                                              Imagebase:0x7ff6bf500000
                                                              File size:676'768 bytes
                                                              MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                              Has elevated privileges:false
                                                              Has administrator privileges:false
                                                              Programmed in:C, C++ or other language
                                                              Reputation:high
                                                              Has exited:false

                                                              General

                                                              Target ID:14
                                                              Start time:15:19:01
                                                              Start date:01/09/2024
                                                              Path:C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe
                                                              Wow64 process (32bit):false
                                                              Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=6312 --field-trial-handle=1948,i,16766255207364502604,7562736169763922936,262144 /prefetch:8
                                                              Imagebase:0x7ff616410000
                                                              File size:1'255'976 bytes
                                                              MD5 hash:76C58E5BABFE4ACF0308AA646FC0F416
                                                              Has elevated privileges:false
                                                              Has administrator privileges:false
                                                              Programmed in:C, C++ or other language
                                                              Reputation:moderate
                                                              Has exited:true

                                                              General

                                                              Target ID:15
                                                              Start time:15:19:01
                                                              Start date:01/09/2024
                                                              Path:C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe
                                                              Wow64 process (32bit):false
                                                              Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=6312 --field-trial-handle=1948,i,16766255207364502604,7562736169763922936,262144 /prefetch:8
                                                              Imagebase:0x7ff616410000
                                                              File size:1'255'976 bytes
                                                              MD5 hash:76C58E5BABFE4ACF0308AA646FC0F416
                                                              Has elevated privileges:false
                                                              Has administrator privileges:false
                                                              Programmed in:C, C++ or other language
                                                              Has exited:true

                                                              General

                                                              Target ID:16
                                                              Start time:15:19:03
                                                              Start date:01/09/2024
                                                              Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                              Wow64 process (32bit):false
                                                              Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4048 -parentBuildID 20230927232528 -prefsHandle 3944 -prefMapHandle 3940 -prefsLen 26374 -prefMapSize 237879 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b05df780-e3db-4483-9c2e-582d825b99d8} 480 "\\.\pipe\gecko-crash-server-pipe.480" 214c06bf610 rdd
                                                              Imagebase:0x7ff6bf500000
                                                              File size:676'768 bytes
                                                              MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                              Has elevated privileges:false
                                                              Has administrator privileges:false
                                                              Programmed in:C, C++ or other language
                                                              Has exited:false

                                                              General

                                                              Target ID:18
                                                              Start time:15:19:14
                                                              Start date:01/09/2024
                                                              Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              Wow64 process (32bit):false
                                                              Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5
                                                              Imagebase:0x7ff67dcd0000
                                                              File size:4'210'216 bytes
                                                              MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                              Has elevated privileges:false
                                                              Has administrator privileges:false
                                                              Programmed in:C, C++ or other language
                                                              Has exited:true

                                                              General

                                                              Target ID:19
                                                              Start time:15:19:14
                                                              Start date:01/09/2024
                                                              Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              Wow64 process (32bit):false
                                                              Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2332 --field-trial-handle=2076,i,7221193845708721563,11522825552492207431,262144 /prefetch:3
                                                              Imagebase:0x7ff67dcd0000
                                                              File size:4'210'216 bytes
                                                              MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                              Has elevated privileges:false
                                                              Has administrator privileges:false
                                                              Programmed in:C, C++ or other language
                                                              Has exited:true

                                                              General

                                                              Target ID:22
                                                              Start time:15:19:22
                                                              Start date:01/09/2024
                                                              Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              Wow64 process (32bit):false
                                                              Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5
                                                              Imagebase:0x7ff67dcd0000
                                                              File size:4'210'216 bytes
                                                              MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                              Has elevated privileges:false
                                                              Has administrator privileges:false
                                                              Programmed in:C, C++ or other language
                                                              Has exited:true

                                                              General

                                                              Target ID:23
                                                              Start time:15:19:22
                                                              Start date:01/09/2024
                                                              Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              Wow64 process (32bit):false
                                                              Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2288 --field-trial-handle=1944,i,12137075612384507687,15765736089809574248,262144 /prefetch:3
                                                              Imagebase:0x7ff67dcd0000
                                                              File size:4'210'216 bytes
                                                              MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                              Has elevated privileges:false
                                                              Has administrator privileges:false
                                                              Programmed in:C, C++ or other language
                                                              Has exited:true

                                                              General

                                                              Target ID:25
                                                              Start time:15:19:56
                                                              Start date:01/09/2024
                                                              Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              Wow64 process (32bit):false
                                                              Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-GB --service-sandbox-type=search_indexer --message-loop-type-ui --mojo-platform-channel-handle=6928 --field-trial-handle=1948,i,16766255207364502604,7562736169763922936,262144 /prefetch:8
                                                              Imagebase:0x7ff67dcd0000
                                                              File size:4'210'216 bytes
                                                              MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                              Has elevated privileges:false
                                                              Has administrator privileges:false
                                                              Programmed in:C, C++ or other language
                                                              Has exited:false

                                                              Disassembly

                                                              Reset < >

                                                                Execution Graph

                                                                Execution Coverage:1.9%
                                                                Dynamic/Decrypted Code Coverage:0%
                                                                Signature Coverage:5.1%
                                                                Total number of Nodes:1403
                                                                Total number of Limit Nodes:43
                                                                execution_graph 94654 1002a00 94668 fbd7b0 ISource 94654->94668 94655 fbdb11 PeekMessageW 94655->94668 94656 fbd807 GetInputState 94656->94655 94656->94668 94658 1001cbe TranslateAcceleratorW 94658->94668 94659 fbda04 timeGetTime 94659->94668 94660 fbdb8f PeekMessageW 94660->94668 94661 fbdb73 TranslateMessage DispatchMessageW 94661->94660 94662 fbdbaf Sleep 94676 fbdbc0 94662->94676 94663 1002b74 Sleep 94663->94676 94664 fce551 timeGetTime 94664->94676 94665 1001dda timeGetTime 94804 fce300 23 API calls 94665->94804 94668->94655 94668->94656 94668->94658 94668->94659 94668->94660 94668->94661 94668->94662 94668->94663 94668->94665 94675 fbd9d5 94668->94675 94686 fbdd50 94668->94686 94693 fc1310 94668->94693 94744 fbdfd0 185 API calls 3 library calls 94668->94744 94745 fbbf40 94668->94745 94803 fcedf6 IsDialogMessageW GetClassLongW 94668->94803 94805 1023a2a 23 API calls 94668->94805 94806 fbec40 94668->94806 94830 102359c 82 API calls __wsopen_s 94668->94830 94669 1002c0b GetExitCodeProcess 94671 1002c21 WaitForSingleObject 94669->94671 94672 1002c37 CloseHandle 94669->94672 94671->94668 94671->94672 94672->94676 94673 1002a31 94673->94675 94674 10429bf GetForegroundWindow 94674->94676 94676->94664 94676->94668 94676->94669 94676->94673 94676->94674 94676->94675 94677 1002ca9 Sleep 94676->94677 94831 1035658 23 API calls 94676->94831 94832 101e97b QueryPerformanceCounter QueryPerformanceFrequency Sleep QueryPerformanceCounter Sleep 94676->94832 94833 101d4dc CreateToolhelp32Snapshot Process32FirstW 94676->94833 94677->94668 94687 fbdd6f 94686->94687 94688 fbdd83 94686->94688 94843 fbd260 94687->94843 94875 102359c 82 API calls __wsopen_s 94688->94875 94691 fbdd7a 94691->94668 94692 1002f75 94692->94692 94694 fc1376 94693->94694 94695 fc17b0 94693->94695 94697 1006331 94694->94697 94700 fc1940 9 API calls 94694->94700 94942 fd0242 5 API calls __Init_thread_wait 94695->94942 94953 103709c 185 API calls 94697->94953 94698 fc17ba 94706 fc17fb 94698->94706 94943 fb9cb3 94698->94943 94702 fc13a0 94700->94702 94701 100633d 94701->94668 94704 fc1940 9 API calls 94702->94704 94705 fc13b6 94704->94705 94705->94706 94708 fc13ec 94705->94708 94707 1006346 94706->94707 94709 fc182c 94706->94709 94954 102359c 82 API calls __wsopen_s 94707->94954 94708->94707 94732 fc1408 __fread_nolock 94708->94732 94950 fbaceb 23 API calls ISource 94709->94950 94712 fc1839 94951 fcd217 185 API calls 94712->94951 94713 fc17d4 94949 fd01f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 94713->94949 94716 100636e 94955 102359c 82 API calls __wsopen_s 94716->94955 94717 fc152f 94719 fc153c 94717->94719 94720 10063d1 94717->94720 94722 fc1940 9 API calls 94719->94722 94957 1035745 54 API calls _wcslen 94720->94957 94724 fc1549 94722->94724 94723 fcfddb 22 API calls 94723->94732 94727 fc1940 9 API calls 94724->94727 94739 fc15c7 ISource 94724->94739 94725 fc1872 94725->94697 94952 fcfaeb 23 API calls 94725->94952 94726 fcfe0b 22 API calls 94726->94732 94734 fc1563 94727->94734 94728 fc171d 94728->94668 94731 fbec40 185 API calls 94731->94732 94732->94712 94732->94716 94732->94717 94732->94723 94732->94726 94732->94731 94735 10063b2 94732->94735 94732->94739 94733 fc167b ISource 94733->94728 94941 fcce17 22 API calls ISource 94733->94941 94734->94739 94958 fba8c7 22 API calls __fread_nolock 94734->94958 94956 102359c 82 API calls __wsopen_s 94735->94956 94739->94725 94739->94733 94918 fc1940 94739->94918 94928 1025c5a 94739->94928 94933 103a2ea 94739->94933 94938 103ac5b 94739->94938 94959 102359c 82 API calls __wsopen_s 94739->94959 94744->94668 95033 fbadf0 94745->95033 94747 fbbf9d 94748 fbbfa9 94747->94748 94749 10004b6 94747->94749 94750 fbc01e 94748->94750 94751 10004c6 94748->94751 95052 102359c 82 API calls __wsopen_s 94749->95052 95038 fbac91 94750->95038 95053 102359c 82 API calls __wsopen_s 94751->95053 94755 10004f5 94757 100055a 94755->94757 95054 fcd217 185 API calls 94755->95054 94756 1017120 22 API calls 94799 fbc039 ISource __fread_nolock 94756->94799 94788 fbc603 94757->94788 95055 102359c 82 API calls __wsopen_s 94757->95055 94759 fbc7da 94763 fcfe0b 22 API calls 94759->94763 94762 fcfddb 22 API calls 94762->94799 94767 fbc808 __fread_nolock 94763->94767 94770 fcfe0b 22 API calls 94767->94770 94768 fbaf8a 22 API calls 94768->94799 94769 100091a 95065 1023209 23 API calls 94769->95065 94800 fbc350 ISource __fread_nolock 94770->94800 94773 fbec40 185 API calls 94773->94799 94774 10008a5 94775 fbec40 185 API calls 94774->94775 94777 10008cf 94775->94777 94777->94788 95063 fba81b 41 API calls 94777->95063 94778 1000591 95056 102359c 82 API calls __wsopen_s 94778->95056 94779 10008f6 95064 102359c 82 API calls __wsopen_s 94779->95064 94784 fbc237 94786 fbc253 94784->94786 95066 fba8c7 22 API calls __fread_nolock 94784->95066 94789 1000976 94786->94789 94792 fbc297 ISource 94786->94792 94788->94668 95067 fbaceb 23 API calls ISource 94789->95067 94794 10009bf 94792->94794 95049 fbaceb 23 API calls ISource 94792->95049 94794->94788 95068 102359c 82 API calls __wsopen_s 94794->95068 94795 fbc335 94795->94794 94796 fbc342 94795->94796 95050 fba704 22 API calls ISource 94796->95050 94797 fbbbe0 40 API calls 94797->94799 94799->94755 94799->94756 94799->94757 94799->94759 94799->94762 94799->94767 94799->94768 94799->94769 94799->94773 94799->94774 94799->94778 94799->94779 94799->94784 94799->94788 94799->94794 94799->94797 94801 fcfe0b 22 API calls 94799->94801 95042 fbad81 94799->95042 95057 1017099 22 API calls __fread_nolock 94799->95057 95058 1035745 54 API calls _wcslen 94799->95058 95059 fcaa42 22 API calls ISource 94799->95059 95060 101f05c 40 API calls 94799->95060 95061 fba993 41 API calls 94799->95061 95062 fbaceb 23 API calls ISource 94799->95062 94802 fbc3ac 94800->94802 95051 fcce17 22 API calls ISource 94800->95051 94801->94799 94802->94668 94803->94668 94804->94668 94805->94668 94825 fbec76 ISource 94806->94825 94808 fbfef7 94822 fbed9d ISource 94808->94822 95087 fba8c7 22 API calls __fread_nolock 94808->95087 94809 fcfddb 22 API calls 94809->94825 94811 1004b0b 95089 102359c 82 API calls __wsopen_s 94811->95089 94812 fba8c7 22 API calls 94812->94825 94813 1004600 94813->94822 95086 fba8c7 22 API calls __fread_nolock 94813->95086 94818 fd0242 EnterCriticalSection LeaveCriticalSection LeaveCriticalSection WaitForSingleObjectEx EnterCriticalSection 94818->94825 94820 fbfbe3 94820->94822 94824 1004bdc 94820->94824 94829 fbf3ae ISource 94820->94829 94821 fba961 22 API calls 94821->94825 94822->94668 94823 fd00a3 29 API calls pre_c_initialization 94823->94825 95090 102359c 82 API calls __wsopen_s 94824->95090 94825->94808 94825->94809 94825->94811 94825->94812 94825->94813 94825->94818 94825->94820 94825->94821 94825->94822 94825->94823 94827 fd01f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent __Init_thread_footer 94825->94827 94828 1004beb 94825->94828 94825->94829 95084 fc01e0 185 API calls 2 library calls 94825->95084 95085 fc06a0 41 API calls ISource 94825->95085 94827->94825 95091 102359c 82 API calls __wsopen_s 94828->95091 94829->94822 95088 102359c 82 API calls __wsopen_s 94829->95088 94830->94668 94831->94676 94832->94676 95092 101def7 94833->95092 94835 101d522 94836 101d529 Process32NextW 94835->94836 94837 101d5db FindCloseChangeNotification 94835->94837 94838 fba961 22 API calls 94835->94838 94839 fb9cb3 22 API calls 94835->94839 95098 fb525f 22 API calls 94835->95098 95099 fb6350 22 API calls 94835->95099 95100 fcce60 41 API calls 94835->95100 94836->94835 94836->94837 94837->94676 94838->94835 94839->94835 94844 fbec40 185 API calls 94843->94844 94864 fbd29d 94844->94864 94845 1001bc4 94902 102359c 82 API calls __wsopen_s 94845->94902 94847 fbd6d5 94849 fbd30b ISource 94847->94849 94858 fcfe0b 22 API calls 94847->94858 94848 fbd3c3 94848->94847 94850 fbd3ce 94848->94850 94849->94691 94876 fcfddb 94850->94876 94851 fbd5ff 94853 1001bb5 94851->94853 94854 fbd614 94851->94854 94901 1035705 23 API calls 94853->94901 94857 fcfddb 22 API calls 94854->94857 94855 fbd4b8 94887 fcfe0b 94855->94887 94867 fbd46a 94857->94867 94862 fbd3d5 __fread_nolock 94858->94862 94860 fcfddb 22 API calls 94861 fbd3f6 94860->94861 94870 fbd429 ISource __fread_nolock 94861->94870 94886 fbbec0 185 API calls 94861->94886 94862->94860 94862->94861 94863 fcfddb 22 API calls 94863->94864 94864->94845 94864->94847 94864->94848 94864->94849 94864->94855 94864->94863 94864->94870 94866 1001ba4 94900 102359c 82 API calls __wsopen_s 94866->94900 94867->94691 94870->94851 94870->94866 94870->94867 94871 1001b7f 94870->94871 94873 1001b5d 94870->94873 94897 fb1f6f 185 API calls 94870->94897 94899 102359c 82 API calls __wsopen_s 94871->94899 94898 102359c 82 API calls __wsopen_s 94873->94898 94875->94692 94879 fcfde0 94876->94879 94878 fcfdfa 94878->94862 94879->94878 94883 fcfdfc 94879->94883 94903 fdea0c 94879->94903 94910 fd4ead 7 API calls 2 library calls 94879->94910 94881 fd066d 94912 fd32a4 RaiseException 94881->94912 94883->94881 94911 fd32a4 RaiseException 94883->94911 94885 fd068a 94885->94862 94886->94870 94889 fcfddb 94887->94889 94888 fdea0c ___std_exception_copy 21 API calls 94888->94889 94889->94888 94890 fcfdfa 94889->94890 94892 fcfdfc 94889->94892 94915 fd4ead 7 API calls 2 library calls 94889->94915 94890->94870 94896 fd066d 94892->94896 94916 fd32a4 RaiseException 94892->94916 94895 fd068a 94895->94870 94917 fd32a4 RaiseException 94896->94917 94897->94870 94898->94867 94899->94867 94900->94867 94901->94845 94902->94849 94908 fe3820 __dosmaperr 94903->94908 94904 fe385e 94914 fdf2d9 20 API calls __dosmaperr 94904->94914 94905 fe3849 RtlAllocateHeap 94907 fe385c 94905->94907 94905->94908 94907->94879 94908->94904 94908->94905 94913 fd4ead 7 API calls 2 library calls 94908->94913 94910->94879 94911->94881 94912->94885 94913->94908 94914->94907 94915->94889 94916->94896 94917->94895 94919 fc195d 94918->94919 94920 fc1981 94918->94920 94927 fc196e 94919->94927 94962 fd0242 5 API calls __Init_thread_wait 94919->94962 94960 fd0242 5 API calls __Init_thread_wait 94920->94960 94922 fc198b 94922->94919 94961 fd01f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 94922->94961 94924 fc8727 94924->94927 94963 fd01f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 94924->94963 94927->94739 94964 fb7510 94928->94964 94932 1025c77 94932->94739 94934 fb7510 53 API calls 94933->94934 94935 103a306 94934->94935 94936 101d4dc 47 API calls 94935->94936 94937 103a315 94936->94937 94937->94739 94996 103ad64 94938->94996 94940 103ac6f 94940->94739 94941->94733 94942->94698 94944 fb9cc2 _wcslen 94943->94944 94945 fcfe0b 22 API calls 94944->94945 94946 fb9cea __fread_nolock 94945->94946 94947 fcfddb 22 API calls 94946->94947 94948 fb9d00 94947->94948 94948->94713 94949->94706 94950->94712 94951->94725 94952->94725 94953->94701 94954->94739 94955->94739 94956->94739 94957->94734 94958->94739 94959->94739 94960->94922 94961->94919 94962->94924 94963->94927 94965 fb7522 94964->94965 94966 fb7525 94964->94966 94987 101dbbe lstrlenW 94965->94987 94967 fb755b 94966->94967 94968 fb752d 94966->94968 94970 ff50f6 94967->94970 94973 fb756d 94967->94973 94978 ff500f 94967->94978 94992 fd51c6 26 API calls 94968->94992 94995 fd5183 26 API calls 94970->94995 94971 fb753d 94977 fcfddb 22 API calls 94971->94977 94993 fcfb21 51 API calls 94973->94993 94974 ff510e 94974->94974 94979 fb7547 94977->94979 94981 fcfe0b 22 API calls 94978->94981 94986 ff5088 94978->94986 94980 fb9cb3 22 API calls 94979->94980 94980->94965 94982 ff5058 94981->94982 94983 fcfddb 22 API calls 94982->94983 94984 ff507f 94983->94984 94985 fb9cb3 22 API calls 94984->94985 94985->94986 94994 fcfb21 51 API calls 94986->94994 94988 101dc06 94987->94988 94989 101dbdc GetFileAttributesW 94987->94989 94988->94932 94989->94988 94990 101dbe8 FindFirstFileW 94989->94990 94990->94988 94991 101dbf9 FindClose 94990->94991 94991->94988 94992->94971 94993->94971 94994->94970 94995->94974 95024 fba961 94996->95024 94998 103adce 95001 103adee 94998->95001 95004 fb7510 53 API calls 94998->95004 94999 103ad77 ___scrt_fastfail 94999->94998 95000 fb7510 53 API calls 94999->95000 95003 103adab 95000->95003 95002 103ae3a 95001->95002 95006 fb7510 53 API calls 95001->95006 95007 103ae4d ___scrt_fastfail 95002->95007 95032 fbb567 39 API calls 95002->95032 95003->94998 95009 fb7510 53 API calls 95003->95009 95005 103ade4 95004->95005 95030 fb7620 22 API calls _wcslen 95005->95030 95015 103ae04 95006->95015 95013 fb7510 53 API calls 95007->95013 95011 103adc4 95009->95011 95029 fb7620 22 API calls _wcslen 95011->95029 95014 103ae85 ShellExecuteExW 95013->95014 95020 103aeb0 95014->95020 95015->95002 95016 fb7510 53 API calls 95015->95016 95017 103ae28 95016->95017 95017->95002 95031 fba8c7 22 API calls __fread_nolock 95017->95031 95019 103aec8 95019->94940 95020->95019 95021 103af35 GetProcessId 95020->95021 95022 103af48 95021->95022 95023 103af58 CloseHandle 95022->95023 95023->95019 95025 fcfe0b 22 API calls 95024->95025 95026 fba976 95025->95026 95027 fcfddb 22 API calls 95026->95027 95028 fba984 95027->95028 95028->94999 95029->94998 95030->95001 95031->95002 95032->95007 95034 fbae01 95033->95034 95037 fbae1c ISource 95033->95037 95069 fbaec9 95034->95069 95036 fbae09 CharUpperBuffW 95036->95037 95037->94747 95040 fbacae 95038->95040 95039 fbacd1 95039->94799 95040->95039 95075 102359c 82 API calls __wsopen_s 95040->95075 95043 fffadb 95042->95043 95044 fbad92 95042->95044 95045 fcfddb 22 API calls 95044->95045 95046 fbad99 95045->95046 95076 fbadcd 95046->95076 95049->94795 95050->94800 95051->94800 95052->94751 95053->94788 95054->94757 95055->94788 95056->94788 95057->94799 95058->94799 95059->94799 95060->94799 95061->94799 95062->94799 95063->94779 95064->94788 95065->94784 95066->94786 95067->94794 95068->94788 95070 fbaed9 __fread_nolock 95069->95070 95071 fbaedc 95069->95071 95070->95036 95072 fcfddb 22 API calls 95071->95072 95073 fbaee7 95072->95073 95074 fcfe0b 22 API calls 95073->95074 95074->95070 95075->95039 95080 fbaddd 95076->95080 95077 fbadb6 95077->94799 95078 fcfddb 22 API calls 95078->95080 95079 fba961 22 API calls 95079->95080 95080->95077 95080->95078 95080->95079 95082 fbadcd 22 API calls 95080->95082 95083 fba8c7 22 API calls __fread_nolock 95080->95083 95082->95080 95083->95080 95084->94825 95085->94825 95086->94822 95087->94822 95088->94822 95089->94822 95090->94828 95091->94822 95096 101df02 95092->95096 95093 101df19 95102 fd62fb 39 API calls 95093->95102 95096->95093 95097 101df1f 95096->95097 95101 fd63b2 GetStringTypeW _strftime 95096->95101 95097->94835 95098->94835 95099->94835 95100->94835 95101->95096 95102->95097 95103 fb105b 95108 fb344d 95103->95108 95105 fb106a 95139 fd00a3 29 API calls __onexit 95105->95139 95107 fb1074 95109 fb345d __wsopen_s 95108->95109 95110 fba961 22 API calls 95109->95110 95111 fb3513 95110->95111 95140 fb3a5a 95111->95140 95113 fb351c 95147 fb3357 95113->95147 95120 fba961 22 API calls 95121 fb354d 95120->95121 95168 fba6c3 95121->95168 95124 ff3176 RegQueryValueExW 95125 ff320c RegCloseKey 95124->95125 95126 ff3193 95124->95126 95129 fb3578 95125->95129 95138 ff321e _wcslen 95125->95138 95127 fcfe0b 22 API calls 95126->95127 95128 ff31ac 95127->95128 95174 fb5722 95128->95174 95129->95105 95130 fb4c6d 22 API calls 95130->95138 95133 ff31d4 95177 fb6b57 95133->95177 95135 ff31ee ISource 95135->95125 95136 fb9cb3 22 API calls 95136->95138 95137 fb515f 22 API calls 95137->95138 95138->95129 95138->95130 95138->95136 95138->95137 95139->95107 95189 ff1f50 95140->95189 95143 fb9cb3 22 API calls 95144 fb3a8d 95143->95144 95191 fb3aa2 95144->95191 95146 fb3a97 95146->95113 95148 ff1f50 __wsopen_s 95147->95148 95149 fb3364 GetFullPathNameW 95148->95149 95150 fb3386 95149->95150 95151 fb6b57 22 API calls 95150->95151 95152 fb33a4 95151->95152 95153 fb33c6 95152->95153 95154 ff30bb 95153->95154 95155 fb33dd 95153->95155 95157 fcfddb 22 API calls 95154->95157 95209 fb33ee 95155->95209 95159 ff30c5 _wcslen 95157->95159 95158 fb33e8 95162 fb515f 95158->95162 95160 fcfe0b 22 API calls 95159->95160 95161 ff30fe __fread_nolock 95160->95161 95163 fb516e 95162->95163 95167 fb518f __fread_nolock 95162->95167 95165 fcfe0b 22 API calls 95163->95165 95164 fcfddb 22 API calls 95166 fb3544 95164->95166 95165->95167 95166->95120 95167->95164 95169 fba6dd 95168->95169 95173 fb3556 RegOpenKeyExW 95168->95173 95170 fcfddb 22 API calls 95169->95170 95171 fba6e7 95170->95171 95172 fcfe0b 22 API calls 95171->95172 95172->95173 95173->95124 95173->95129 95175 fcfddb 22 API calls 95174->95175 95176 fb5734 RegQueryValueExW 95175->95176 95176->95133 95176->95135 95178 fb6b67 _wcslen 95177->95178 95179 ff4ba1 95177->95179 95182 fb6b7d 95178->95182 95183 fb6ba2 95178->95183 95180 fb93b2 22 API calls 95179->95180 95181 ff4baa 95180->95181 95181->95181 95224 fb6f34 22 API calls 95182->95224 95185 fcfddb 22 API calls 95183->95185 95186 fb6bae 95185->95186 95188 fcfe0b 22 API calls 95186->95188 95187 fb6b85 __fread_nolock 95187->95135 95188->95187 95190 fb3a67 GetModuleFileNameW 95189->95190 95190->95143 95192 ff1f50 __wsopen_s 95191->95192 95193 fb3aaf GetFullPathNameW 95192->95193 95194 fb3ae9 95193->95194 95195 fb3ace 95193->95195 95197 fba6c3 22 API calls 95194->95197 95196 fb6b57 22 API calls 95195->95196 95198 fb3ada 95196->95198 95197->95198 95201 fb37a0 95198->95201 95202 fb37ae 95201->95202 95205 fb93b2 95202->95205 95204 fb37c2 95204->95146 95206 fb93c0 95205->95206 95207 fb93c9 __fread_nolock 95205->95207 95206->95207 95208 fbaec9 22 API calls 95206->95208 95207->95204 95207->95207 95208->95207 95210 fb33fe _wcslen 95209->95210 95211 ff311d 95210->95211 95212 fb3411 95210->95212 95214 fcfddb 22 API calls 95211->95214 95219 fba587 95212->95219 95216 ff3127 95214->95216 95215 fb341e __fread_nolock 95215->95158 95217 fcfe0b 22 API calls 95216->95217 95218 ff3157 __fread_nolock 95217->95218 95221 fba59d 95219->95221 95223 fba598 __fread_nolock 95219->95223 95220 fff80f 95221->95220 95222 fcfe0b 22 API calls 95221->95222 95222->95223 95223->95215 95224->95187 95225 fb1098 95230 fb42de 95225->95230 95229 fb10a7 95231 fba961 22 API calls 95230->95231 95232 fb42f5 GetVersionExW 95231->95232 95233 fb6b57 22 API calls 95232->95233 95234 fb4342 95233->95234 95235 fb93b2 22 API calls 95234->95235 95237 fb4378 95234->95237 95236 fb436c 95235->95236 95239 fb37a0 22 API calls 95236->95239 95238 fb441b GetCurrentProcess IsWow64Process 95237->95238 95243 ff37df 95237->95243 95240 fb4437 95238->95240 95239->95237 95241 fb444f LoadLibraryA 95240->95241 95242 ff3824 GetSystemInfo 95240->95242 95244 fb449c GetSystemInfo 95241->95244 95245 fb4460 GetProcAddress 95241->95245 95247 fb4476 95244->95247 95245->95244 95246 fb4470 GetNativeSystemInfo 95245->95246 95246->95247 95248 fb447a FreeLibrary 95247->95248 95249 fb109d 95247->95249 95248->95249 95250 fd00a3 29 API calls __onexit 95249->95250 95250->95229 95251 fbf7bf 95252 fbf7d3 95251->95252 95253 fbfcb6 95251->95253 95255 fbfcc2 95252->95255 95257 fcfddb 22 API calls 95252->95257 95288 fbaceb 23 API calls ISource 95253->95288 95289 fbaceb 23 API calls ISource 95255->95289 95258 fbf7e5 95257->95258 95258->95255 95259 fbf83e 95258->95259 95260 fbfd3d 95258->95260 95262 fc1310 185 API calls 95259->95262 95278 fbed9d ISource 95259->95278 95290 1021155 22 API calls 95260->95290 95284 fbec76 ISource 95262->95284 95263 1004beb 95296 102359c 82 API calls __wsopen_s 95263->95296 95265 fcfddb 22 API calls 95265->95284 95267 1004b0b 95294 102359c 82 API calls __wsopen_s 95267->95294 95268 fba8c7 22 API calls 95268->95284 95269 fbfef7 95269->95278 95292 fba8c7 22 API calls __fread_nolock 95269->95292 95270 1004600 95270->95278 95291 fba8c7 22 API calls __fread_nolock 95270->95291 95276 fd0242 EnterCriticalSection LeaveCriticalSection LeaveCriticalSection WaitForSingleObjectEx EnterCriticalSection 95276->95284 95277 fbfbe3 95277->95278 95281 1004bdc 95277->95281 95285 fbf3ae ISource 95277->95285 95279 fba961 22 API calls 95279->95284 95280 fd00a3 29 API calls pre_c_initialization 95280->95284 95295 102359c 82 API calls __wsopen_s 95281->95295 95283 fd01f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent __Init_thread_footer 95283->95284 95284->95263 95284->95265 95284->95267 95284->95268 95284->95269 95284->95270 95284->95276 95284->95277 95284->95278 95284->95279 95284->95280 95284->95283 95284->95285 95286 fc01e0 185 API calls 2 library calls 95284->95286 95287 fc06a0 41 API calls ISource 95284->95287 95285->95278 95293 102359c 82 API calls __wsopen_s 95285->95293 95286->95284 95287->95284 95288->95255 95289->95260 95290->95278 95291->95278 95292->95278 95293->95278 95294->95278 95295->95263 95296->95278 95297 fd03fb 95298 fd0407 CallCatchBlock 95297->95298 95326 fcfeb1 95298->95326 95300 fd040e 95301 fd0561 95300->95301 95304 fd0438 95300->95304 95356 fd083f IsProcessorFeaturePresent IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter ___scrt_fastfail 95301->95356 95303 fd0568 95349 fd4e52 95303->95349 95315 fd0477 ___scrt_is_nonwritable_in_current_image ___scrt_release_startup_lock 95304->95315 95337 fe247d 95304->95337 95311 fd0457 95313 fd04d8 95345 fd0959 95313->95345 95315->95313 95352 fd4e1a 38 API calls 3 library calls 95315->95352 95317 fd04de 95318 fd04f3 95317->95318 95353 fd0992 GetModuleHandleW 95318->95353 95320 fd04fa 95320->95303 95321 fd04fe 95320->95321 95322 fd0507 95321->95322 95354 fd4df5 28 API calls _abort 95321->95354 95355 fd0040 13 API calls 2 library calls 95322->95355 95325 fd050f 95325->95311 95327 fcfeba 95326->95327 95358 fd0698 IsProcessorFeaturePresent 95327->95358 95329 fcfec6 95359 fd2c94 10 API calls 3 library calls 95329->95359 95331 fcfecb 95332 fcfecf 95331->95332 95360 fe2317 95331->95360 95332->95300 95335 fcfee6 95335->95300 95340 fe2494 95337->95340 95338 fd0a8c CatchGuardHandler 5 API calls 95339 fd0451 95338->95339 95339->95311 95341 fe2421 95339->95341 95340->95338 95343 fe2450 95341->95343 95342 fd0a8c CatchGuardHandler 5 API calls 95344 fe2479 95342->95344 95343->95342 95344->95315 95435 fd2340 95345->95435 95348 fd097f 95348->95317 95437 fd4bcf 95349->95437 95352->95313 95353->95320 95354->95322 95355->95325 95356->95303 95358->95329 95359->95331 95364 fed1f6 95360->95364 95363 fd2cbd 8 API calls 3 library calls 95363->95332 95365 fed213 95364->95365 95368 fed20f 95364->95368 95365->95368 95370 fe4bfb 95365->95370 95367 fcfed8 95367->95335 95367->95363 95382 fd0a8c 95368->95382 95371 fe4c07 CallCatchBlock 95370->95371 95389 fe2f5e EnterCriticalSection 95371->95389 95373 fe4c0e 95390 fe50af 95373->95390 95375 fe4c1d 95381 fe4c2c 95375->95381 95403 fe4a8f 29 API calls 95375->95403 95378 fe4c27 95404 fe4b45 GetStdHandle GetFileType 95378->95404 95379 fe4c3d __wsopen_s 95379->95365 95405 fe4c48 LeaveCriticalSection _abort 95381->95405 95383 fd0a95 95382->95383 95384 fd0a97 IsProcessorFeaturePresent 95382->95384 95383->95367 95386 fd0c5d 95384->95386 95434 fd0c21 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 95386->95434 95388 fd0d40 95388->95367 95389->95373 95391 fe50bb CallCatchBlock 95390->95391 95392 fe50df 95391->95392 95393 fe50c8 95391->95393 95406 fe2f5e EnterCriticalSection 95392->95406 95414 fdf2d9 20 API calls __dosmaperr 95393->95414 95396 fe50cd 95415 fe27ec 26 API calls pre_c_initialization 95396->95415 95397 fe50eb 95402 fe5117 95397->95402 95407 fe5000 95397->95407 95399 fe50d7 __wsopen_s 95399->95375 95416 fe513e LeaveCriticalSection _abort 95402->95416 95403->95378 95404->95381 95405->95379 95406->95397 95417 fe4c7d 95407->95417 95409 fe501f 95425 fe29c8 95409->95425 95410 fe5012 95410->95409 95424 fe3405 11 API calls 2 library calls 95410->95424 95413 fe5071 95413->95397 95414->95396 95415->95399 95416->95399 95422 fe4c8a __dosmaperr 95417->95422 95418 fe4cca 95432 fdf2d9 20 API calls __dosmaperr 95418->95432 95419 fe4cb5 RtlAllocateHeap 95420 fe4cc8 95419->95420 95419->95422 95420->95410 95422->95418 95422->95419 95431 fd4ead 7 API calls 2 library calls 95422->95431 95424->95410 95426 fe29d3 RtlFreeHeap 95425->95426 95427 fe29fc __dosmaperr 95425->95427 95426->95427 95428 fe29e8 95426->95428 95427->95413 95433 fdf2d9 20 API calls __dosmaperr 95428->95433 95430 fe29ee GetLastError 95430->95427 95431->95422 95432->95420 95433->95430 95434->95388 95436 fd096c GetStartupInfoW 95435->95436 95436->95348 95438 fd4bdb IsInExceptionSpec 95437->95438 95439 fd4bf4 95438->95439 95440 fd4be2 95438->95440 95461 fe2f5e EnterCriticalSection 95439->95461 95476 fd4d29 GetModuleHandleW 95440->95476 95443 fd4be7 95443->95439 95477 fd4d6d GetModuleHandleExW 95443->95477 95444 fd4bfb 95448 fd4c70 95444->95448 95458 fd4c99 95444->95458 95462 fe21a8 95444->95462 95452 fd4c88 95448->95452 95457 fe2421 _abort 5 API calls 95448->95457 95450 fd4cb6 95468 fd4ce8 95450->95468 95451 fd4ce2 95485 ff1d29 5 API calls CatchGuardHandler 95451->95485 95453 fe2421 _abort 5 API calls 95452->95453 95453->95458 95457->95452 95465 fd4cd9 95458->95465 95461->95444 95486 fe1ee1 95462->95486 95505 fe2fa6 LeaveCriticalSection 95465->95505 95467 fd4cb2 95467->95450 95467->95451 95506 fe360c 95468->95506 95471 fd4d16 95474 fd4d6d _abort 8 API calls 95471->95474 95472 fd4cf6 GetPEB 95472->95471 95473 fd4d06 GetCurrentProcess TerminateProcess 95472->95473 95473->95471 95475 fd4d1e ExitProcess 95474->95475 95476->95443 95478 fd4dba 95477->95478 95479 fd4d97 GetProcAddress 95477->95479 95481 fd4dc9 95478->95481 95482 fd4dc0 FreeLibrary 95478->95482 95480 fd4dac 95479->95480 95480->95478 95483 fd0a8c CatchGuardHandler 5 API calls 95481->95483 95482->95481 95484 fd4bf3 95483->95484 95484->95439 95489 fe1e90 95486->95489 95488 fe1f05 95488->95448 95490 fe1e9c CallCatchBlock 95489->95490 95497 fe2f5e EnterCriticalSection 95490->95497 95492 fe1eaa 95498 fe1f31 95492->95498 95496 fe1ec8 __wsopen_s 95496->95488 95497->95492 95499 fe1f51 95498->95499 95502 fe1f59 95498->95502 95500 fd0a8c CatchGuardHandler 5 API calls 95499->95500 95501 fe1eb7 95500->95501 95504 fe1ed5 LeaveCriticalSection _abort 95501->95504 95502->95499 95503 fe29c8 _free 20 API calls 95502->95503 95503->95499 95504->95496 95505->95467 95507 fe3631 95506->95507 95508 fe3627 95506->95508 95513 fe2fd7 5 API calls 2 library calls 95507->95513 95510 fd0a8c CatchGuardHandler 5 API calls 95508->95510 95511 fd4cf2 95510->95511 95511->95471 95511->95472 95512 fe3648 95512->95508 95513->95512 95514 fb1033 95519 fb4c91 95514->95519 95518 fb1042 95520 fba961 22 API calls 95519->95520 95521 fb4cff 95520->95521 95527 fb3af0 95521->95527 95524 fb4d9c 95525 fb1038 95524->95525 95530 fb51f7 22 API calls __fread_nolock 95524->95530 95526 fd00a3 29 API calls __onexit 95525->95526 95526->95518 95531 fb3b1c 95527->95531 95530->95524 95532 fb3b0f 95531->95532 95533 fb3b29 95531->95533 95532->95524 95533->95532 95534 fb3b30 RegOpenKeyExW 95533->95534 95534->95532 95535 fb3b4a RegQueryValueExW 95534->95535 95536 fb3b6b 95535->95536 95537 fb3b80 RegCloseKey 95535->95537 95536->95537 95537->95532 95538 fb2e37 95539 fba961 22 API calls 95538->95539 95540 fb2e4d 95539->95540 95617 fb4ae3 95540->95617 95542 fb2e6b 95543 fb3a5a 24 API calls 95542->95543 95544 fb2e7f 95543->95544 95545 fb9cb3 22 API calls 95544->95545 95546 fb2e8c 95545->95546 95631 fb4ecb 95546->95631 95549 ff2cb0 95671 1022cf9 95549->95671 95551 ff2cc3 95553 ff2ccf 95551->95553 95697 fb4f39 95551->95697 95552 fb2ead 95653 fba8c7 22 API calls __fread_nolock 95552->95653 95558 fb4f39 68 API calls 95553->95558 95556 fb2ec3 95654 fb6f88 22 API calls 95556->95654 95561 ff2ce5 95558->95561 95559 fb2ecf 95560 fb9cb3 22 API calls 95559->95560 95562 fb2edc 95560->95562 95703 fb3084 22 API calls 95561->95703 95655 fba81b 41 API calls 95562->95655 95564 fb2eec 95567 fb9cb3 22 API calls 95564->95567 95566 ff2d02 95704 fb3084 22 API calls 95566->95704 95569 fb2f12 95567->95569 95656 fba81b 41 API calls 95569->95656 95570 ff2d1e 95572 fb3a5a 24 API calls 95570->95572 95573 ff2d44 95572->95573 95705 fb3084 22 API calls 95573->95705 95574 fb2f21 95577 fba961 22 API calls 95574->95577 95576 ff2d50 95706 fba8c7 22 API calls __fread_nolock 95576->95706 95579 fb2f3f 95577->95579 95657 fb3084 22 API calls 95579->95657 95581 ff2d5e 95707 fb3084 22 API calls 95581->95707 95582 fb2f4b 95658 fd4a28 40 API calls 3 library calls 95582->95658 95585 ff2d6d 95708 fba8c7 22 API calls __fread_nolock 95585->95708 95586 fb2f59 95586->95561 95587 fb2f63 95586->95587 95659 fd4a28 40 API calls 3 library calls 95587->95659 95590 ff2d83 95709 fb3084 22 API calls 95590->95709 95591 fb2f6e 95591->95566 95593 fb2f78 95591->95593 95660 fd4a28 40 API calls 3 library calls 95593->95660 95594 ff2d90 95596 fb2f83 95596->95570 95597 fb2f8d 95596->95597 95661 fd4a28 40 API calls 3 library calls 95597->95661 95599 fb2f98 95600 fb2fdc 95599->95600 95662 fb3084 22 API calls 95599->95662 95600->95585 95601 fb2fe8 95600->95601 95601->95594 95665 fb63eb 22 API calls 95601->95665 95603 fb2fbf 95663 fba8c7 22 API calls __fread_nolock 95603->95663 95606 fb2ff8 95666 fb6a50 22 API calls 95606->95666 95607 fb2fcd 95664 fb3084 22 API calls 95607->95664 95610 fb3006 95667 fb70b0 23 API calls 95610->95667 95614 fb3021 95615 fb3065 95614->95615 95668 fb6f88 22 API calls 95614->95668 95669 fb70b0 23 API calls 95614->95669 95670 fb3084 22 API calls 95614->95670 95618 fb4af0 __wsopen_s 95617->95618 95619 fb6b57 22 API calls 95618->95619 95620 fb4b22 95618->95620 95619->95620 95630 fb4b58 95620->95630 95710 fb4c6d 95620->95710 95622 fb9cb3 22 API calls 95623 fb4c52 95622->95623 95625 fb515f 22 API calls 95623->95625 95624 fb9cb3 22 API calls 95624->95630 95628 fb4c5e 95625->95628 95626 fb4c6d 22 API calls 95626->95630 95627 fb515f 22 API calls 95627->95630 95628->95542 95629 fb4c29 95629->95622 95629->95628 95630->95624 95630->95626 95630->95627 95630->95629 95713 fb4e90 LoadLibraryA 95631->95713 95636 ff3ccf 95638 fb4f39 68 API calls 95636->95638 95637 fb4ef6 LoadLibraryExW 95721 fb4e59 LoadLibraryA 95637->95721 95640 ff3cd6 95638->95640 95642 fb4e59 3 API calls 95640->95642 95644 ff3cde 95642->95644 95743 fb50f5 95644->95743 95645 fb4f20 95645->95644 95646 fb4f2c 95645->95646 95648 fb4f39 68 API calls 95646->95648 95650 fb2ea5 95648->95650 95650->95549 95650->95552 95652 ff3d05 95653->95556 95654->95559 95655->95564 95656->95574 95657->95582 95658->95586 95659->95591 95660->95596 95661->95599 95662->95603 95663->95607 95664->95600 95665->95606 95666->95610 95667->95614 95668->95614 95669->95614 95670->95614 95672 1022d15 95671->95672 95673 fb511f 64 API calls 95672->95673 95674 1022d29 95673->95674 95874 1022e66 95674->95874 95677 fb50f5 40 API calls 95678 1022d56 95677->95678 95679 fb50f5 40 API calls 95678->95679 95680 1022d66 95679->95680 95681 fb50f5 40 API calls 95680->95681 95682 1022d81 95681->95682 95683 fb50f5 40 API calls 95682->95683 95684 1022d9c 95683->95684 95685 fb511f 64 API calls 95684->95685 95686 1022db3 95685->95686 95687 fdea0c ___std_exception_copy 21 API calls 95686->95687 95688 1022dba 95687->95688 95689 fdea0c ___std_exception_copy 21 API calls 95688->95689 95690 1022dc4 95689->95690 95691 fb50f5 40 API calls 95690->95691 95692 1022dd8 95691->95692 95693 10228fe 27 API calls 95692->95693 95694 1022dee 95693->95694 95696 1022d3f 95694->95696 95880 10222ce 79 API calls 95694->95880 95696->95551 95698 fb4f4a 95697->95698 95699 fb4f43 95697->95699 95701 fb4f6a FreeLibrary 95698->95701 95702 fb4f59 95698->95702 95881 fde678 95699->95881 95701->95702 95702->95553 95703->95566 95704->95570 95705->95576 95706->95581 95707->95585 95708->95590 95709->95594 95711 fbaec9 22 API calls 95710->95711 95712 fb4c78 95711->95712 95712->95620 95714 fb4ea8 GetProcAddress 95713->95714 95715 fb4ec6 95713->95715 95716 fb4eb8 95714->95716 95718 fde5eb 95715->95718 95716->95715 95717 fb4ebf FreeLibrary 95716->95717 95717->95715 95751 fde52a 95718->95751 95720 fb4eea 95720->95636 95720->95637 95722 fb4e6e GetProcAddress 95721->95722 95723 fb4e8d 95721->95723 95724 fb4e7e 95722->95724 95726 fb4f80 95723->95726 95724->95723 95725 fb4e86 FreeLibrary 95724->95725 95725->95723 95727 fcfe0b 22 API calls 95726->95727 95728 fb4f95 95727->95728 95729 fb5722 22 API calls 95728->95729 95730 fb4fa1 __fread_nolock 95729->95730 95731 ff3d1d 95730->95731 95732 fb50a5 95730->95732 95739 fb4fdc 95730->95739 95814 102304d 74 API calls 95731->95814 95803 fb42a2 CreateStreamOnHGlobal 95732->95803 95735 ff3d22 95737 fb511f 64 API calls 95735->95737 95736 fb50f5 40 API calls 95736->95739 95738 ff3d45 95737->95738 95740 fb50f5 40 API calls 95738->95740 95739->95735 95739->95736 95742 fb506e ISource 95739->95742 95809 fb511f 95739->95809 95740->95742 95742->95645 95744 fb5107 95743->95744 95745 ff3d70 95743->95745 95836 fde8c4 95744->95836 95748 10228fe 95857 102274e 95748->95857 95750 1022919 95750->95652 95754 fde536 CallCatchBlock 95751->95754 95752 fde544 95776 fdf2d9 20 API calls __dosmaperr 95752->95776 95754->95752 95756 fde574 95754->95756 95755 fde549 95777 fe27ec 26 API calls pre_c_initialization 95755->95777 95758 fde579 95756->95758 95759 fde586 95756->95759 95778 fdf2d9 20 API calls __dosmaperr 95758->95778 95768 fe8061 95759->95768 95762 fde58f 95764 fde595 95762->95764 95765 fde5a2 95762->95765 95763 fde554 __wsopen_s 95763->95720 95779 fdf2d9 20 API calls __dosmaperr 95764->95779 95780 fde5d4 LeaveCriticalSection __fread_nolock 95765->95780 95769 fe806d CallCatchBlock 95768->95769 95781 fe2f5e EnterCriticalSection 95769->95781 95771 fe807b 95782 fe80fb 95771->95782 95775 fe80ac __wsopen_s 95775->95762 95776->95755 95777->95763 95778->95763 95779->95763 95780->95763 95781->95771 95791 fe811e 95782->95791 95783 fe8088 95795 fe80b7 95783->95795 95784 fe8177 95785 fe4c7d __dosmaperr 20 API calls 95784->95785 95786 fe8180 95785->95786 95788 fe29c8 _free 20 API calls 95786->95788 95789 fe8189 95788->95789 95789->95783 95800 fe3405 11 API calls 2 library calls 95789->95800 95791->95783 95791->95784 95798 fd918d EnterCriticalSection 95791->95798 95799 fd91a1 LeaveCriticalSection 95791->95799 95792 fe81a8 95801 fd918d EnterCriticalSection 95792->95801 95802 fe2fa6 LeaveCriticalSection 95795->95802 95797 fe80be 95797->95775 95798->95791 95799->95791 95800->95792 95801->95783 95802->95797 95804 fb42bc FindResourceExW 95803->95804 95808 fb42d9 95803->95808 95805 ff35ba LoadResource 95804->95805 95804->95808 95806 ff35cf SizeofResource 95805->95806 95805->95808 95807 ff35e3 LockResource 95806->95807 95806->95808 95807->95808 95808->95739 95810 fb512e 95809->95810 95811 ff3d90 95809->95811 95815 fdece3 95810->95815 95814->95735 95818 fdeaaa 95815->95818 95817 fb513c 95817->95739 95819 fdeab6 CallCatchBlock 95818->95819 95820 fdeac2 95819->95820 95822 fdeae8 95819->95822 95831 fdf2d9 20 API calls __dosmaperr 95820->95831 95833 fd918d EnterCriticalSection 95822->95833 95823 fdeac7 95832 fe27ec 26 API calls pre_c_initialization 95823->95832 95826 fdeaf4 95834 fdec0a 62 API calls 2 library calls 95826->95834 95828 fdeb08 95835 fdeb27 LeaveCriticalSection __fread_nolock 95828->95835 95830 fdead2 __wsopen_s 95830->95817 95831->95823 95832->95830 95833->95826 95834->95828 95835->95830 95839 fde8e1 95836->95839 95838 fb5118 95838->95748 95840 fde8ed CallCatchBlock 95839->95840 95841 fde92d 95840->95841 95842 fde900 ___scrt_fastfail 95840->95842 95843 fde925 __wsopen_s 95840->95843 95854 fd918d EnterCriticalSection 95841->95854 95852 fdf2d9 20 API calls __dosmaperr 95842->95852 95843->95838 95846 fde937 95855 fde6f8 38 API calls 4 library calls 95846->95855 95847 fde91a 95853 fe27ec 26 API calls pre_c_initialization 95847->95853 95850 fde94e 95856 fde96c LeaveCriticalSection __fread_nolock 95850->95856 95852->95847 95853->95843 95854->95846 95855->95850 95856->95843 95860 fde4e8 95857->95860 95859 102275d 95859->95750 95863 fde469 95860->95863 95862 fde505 95862->95859 95864 fde48c 95863->95864 95865 fde478 95863->95865 95870 fde488 __alldvrm 95864->95870 95873 fe333f 11 API calls 2 library calls 95864->95873 95871 fdf2d9 20 API calls __dosmaperr 95865->95871 95868 fde47d 95872 fe27ec 26 API calls pre_c_initialization 95868->95872 95870->95862 95871->95868 95872->95870 95873->95870 95875 1022e7a 95874->95875 95876 fb50f5 40 API calls 95875->95876 95877 1022d3b 95875->95877 95878 10228fe 27 API calls 95875->95878 95879 fb511f 64 API calls 95875->95879 95876->95875 95877->95677 95877->95696 95878->95875 95879->95875 95880->95696 95882 fde684 CallCatchBlock 95881->95882 95883 fde6aa 95882->95883 95884 fde695 95882->95884 95893 fde6a5 __wsopen_s 95883->95893 95894 fd918d EnterCriticalSection 95883->95894 95911 fdf2d9 20 API calls __dosmaperr 95884->95911 95886 fde69a 95912 fe27ec 26 API calls pre_c_initialization 95886->95912 95889 fde6c6 95895 fde602 95889->95895 95891 fde6d1 95913 fde6ee LeaveCriticalSection __fread_nolock 95891->95913 95893->95698 95894->95889 95896 fde60f 95895->95896 95897 fde624 95895->95897 95946 fdf2d9 20 API calls __dosmaperr 95896->95946 95902 fde61f 95897->95902 95914 fddc0b 95897->95914 95899 fde614 95947 fe27ec 26 API calls pre_c_initialization 95899->95947 95902->95891 95907 fde646 95931 fe862f 95907->95931 95910 fe29c8 _free 20 API calls 95910->95902 95911->95886 95912->95893 95913->95893 95915 fddc1f 95914->95915 95916 fddc23 95914->95916 95920 fe4d7a 95915->95920 95916->95915 95917 fdd955 __fread_nolock 26 API calls 95916->95917 95918 fddc43 95917->95918 95948 fe59be 62 API calls 4 library calls 95918->95948 95921 fe4d90 95920->95921 95923 fde640 95920->95923 95922 fe29c8 _free 20 API calls 95921->95922 95921->95923 95922->95923 95924 fdd955 95923->95924 95925 fdd976 95924->95925 95926 fdd961 95924->95926 95925->95907 95949 fdf2d9 20 API calls __dosmaperr 95926->95949 95928 fdd966 95950 fe27ec 26 API calls pre_c_initialization 95928->95950 95930 fdd971 95930->95907 95932 fe863e 95931->95932 95933 fe8653 95931->95933 95954 fdf2c6 20 API calls __dosmaperr 95932->95954 95934 fe868e 95933->95934 95939 fe867a 95933->95939 95956 fdf2c6 20 API calls __dosmaperr 95934->95956 95936 fe8643 95955 fdf2d9 20 API calls __dosmaperr 95936->95955 95951 fe8607 95939->95951 95940 fe8693 95957 fdf2d9 20 API calls __dosmaperr 95940->95957 95943 fde64c 95943->95902 95943->95910 95944 fe869b 95958 fe27ec 26 API calls pre_c_initialization 95944->95958 95946->95899 95947->95902 95948->95915 95949->95928 95950->95930 95959 fe8585 95951->95959 95953 fe862b 95953->95943 95954->95936 95955->95943 95956->95940 95957->95944 95958->95943 95960 fe8591 CallCatchBlock 95959->95960 95970 fe5147 EnterCriticalSection 95960->95970 95962 fe859f 95963 fe85c6 95962->95963 95964 fe85d1 95962->95964 95971 fe86ae 95963->95971 95986 fdf2d9 20 API calls __dosmaperr 95964->95986 95967 fe85cc 95987 fe85fb LeaveCriticalSection __wsopen_s 95967->95987 95969 fe85ee __wsopen_s 95969->95953 95970->95962 95988 fe53c4 95971->95988 95973 fe86c4 96001 fe5333 21 API calls 2 library calls 95973->96001 95974 fe86be 95974->95973 95976 fe53c4 __wsopen_s 26 API calls 95974->95976 95985 fe86f6 95974->95985 95979 fe86ed 95976->95979 95977 fe53c4 __wsopen_s 26 API calls 95980 fe8702 FindCloseChangeNotification 95977->95980 95978 fe871c 95984 fe873e 95978->95984 96002 fdf2a3 20 API calls __dosmaperr 95978->96002 95981 fe53c4 __wsopen_s 26 API calls 95979->95981 95980->95973 95982 fe870e GetLastError 95980->95982 95981->95985 95982->95973 95984->95967 95985->95973 95985->95977 95986->95967 95987->95969 95989 fe53e6 95988->95989 95990 fe53d1 95988->95990 95995 fe540b 95989->95995 96005 fdf2c6 20 API calls __dosmaperr 95989->96005 96003 fdf2c6 20 API calls __dosmaperr 95990->96003 95992 fe53d6 96004 fdf2d9 20 API calls __dosmaperr 95992->96004 95995->95974 95996 fe5416 96006 fdf2d9 20 API calls __dosmaperr 95996->96006 95998 fe541e 96007 fe27ec 26 API calls pre_c_initialization 95998->96007 95999 fe53de 95999->95974 96001->95978 96002->95984 96003->95992 96004->95999 96005->95996 96006->95998 96007->95999 96008 fb3156 96011 fb3170 96008->96011 96012 fb3187 96011->96012 96013 fb31eb 96012->96013 96014 fb318c 96012->96014 96052 fb31e9 96012->96052 96016 ff2dfb 96013->96016 96017 fb31f1 96013->96017 96018 fb3199 96014->96018 96019 fb3265 PostQuitMessage 96014->96019 96015 fb31d0 DefWindowProcW 96020 fb316a 96015->96020 96063 fb18e2 10 API calls 96016->96063 96021 fb31f8 96017->96021 96022 fb321d SetTimer RegisterWindowMessageW 96017->96022 96024 ff2e7c 96018->96024 96025 fb31a4 96018->96025 96019->96020 96030 ff2d9c 96021->96030 96031 fb3201 KillTimer 96021->96031 96022->96020 96026 fb3246 CreatePopupMenu 96022->96026 96077 101bf30 34 API calls ___scrt_fastfail 96024->96077 96027 fb31ae 96025->96027 96028 ff2e68 96025->96028 96026->96020 96034 ff2e4d 96027->96034 96035 fb31b9 96027->96035 96076 101c161 27 API calls ___scrt_fastfail 96028->96076 96037 ff2dd7 MoveWindow 96030->96037 96038 ff2da1 96030->96038 96056 fb30f2 96031->96056 96032 ff2e1c 96064 fce499 42 API calls 96032->96064 96034->96015 96075 1010ad7 22 API calls 96034->96075 96041 fb31c4 96035->96041 96042 fb3253 96035->96042 96036 ff2e8e 96036->96015 96036->96020 96037->96020 96043 ff2da7 96038->96043 96044 ff2dc6 SetFocus 96038->96044 96041->96015 96053 fb30f2 Shell_NotifyIconW 96041->96053 96061 fb326f 44 API calls ___scrt_fastfail 96042->96061 96043->96041 96048 ff2db0 96043->96048 96044->96020 96046 fb3263 96046->96020 96062 fb18e2 10 API calls 96048->96062 96052->96015 96054 ff2e41 96053->96054 96065 fb3837 96054->96065 96057 fb3154 96056->96057 96058 fb3104 ___scrt_fastfail 96056->96058 96060 fb3c50 DeleteObject DestroyWindow 96057->96060 96059 fb3123 Shell_NotifyIconW 96058->96059 96059->96057 96060->96020 96061->96046 96062->96020 96063->96032 96064->96041 96066 fb3862 ___scrt_fastfail 96065->96066 96078 fb4212 96066->96078 96069 fb38e8 96071 ff3386 Shell_NotifyIconW 96069->96071 96072 fb3906 Shell_NotifyIconW 96069->96072 96082 fb3923 96072->96082 96074 fb391c 96074->96052 96075->96052 96076->96046 96077->96036 96079 ff35a4 96078->96079 96080 fb38b7 96078->96080 96079->96080 96081 ff35ad DestroyIcon 96079->96081 96080->96069 96104 101c874 42 API calls _strftime 96080->96104 96081->96080 96083 fb393f 96082->96083 96102 fb3a13 96082->96102 96105 fb6270 96083->96105 96086 fb395a 96088 fb6b57 22 API calls 96086->96088 96087 ff3393 LoadStringW 96089 ff33ad 96087->96089 96090 fb396f 96088->96090 96097 fb3994 ___scrt_fastfail 96089->96097 96111 fba8c7 22 API calls __fread_nolock 96089->96111 96091 ff33c9 96090->96091 96092 fb397c 96090->96092 96112 fb6350 22 API calls 96091->96112 96092->96089 96095 fb3986 96092->96095 96110 fb6350 22 API calls 96095->96110 96100 fb39f9 Shell_NotifyIconW 96097->96100 96098 ff33d7 96098->96097 96099 fb33c6 22 API calls 96098->96099 96101 ff33f9 96099->96101 96100->96102 96103 fb33c6 22 API calls 96101->96103 96102->96074 96103->96097 96104->96069 96106 fcfe0b 22 API calls 96105->96106 96107 fb6295 96106->96107 96108 fcfddb 22 API calls 96107->96108 96109 fb394d 96108->96109 96109->96086 96109->96087 96110->96097 96111->96097 96112->96098 96113 1003f75 96124 fcceb1 96113->96124 96115 1003f8b 96123 1004006 96115->96123 96133 fce300 23 API calls 96115->96133 96117 fbbf40 185 API calls 96119 1004052 96117->96119 96121 1004a88 96119->96121 96135 102359c 82 API calls __wsopen_s 96119->96135 96120 1003fe6 96120->96119 96134 1021abf 22 API calls 96120->96134 96123->96117 96125 fccebf 96124->96125 96126 fcced2 96124->96126 96136 fbaceb 23 API calls ISource 96125->96136 96128 fccf05 96126->96128 96129 fcced7 96126->96129 96137 fbaceb 23 API calls ISource 96128->96137 96130 fcfddb 22 API calls 96129->96130 96132 fccec9 96130->96132 96132->96115 96133->96120 96134->96123 96135->96121 96136->96132 96137->96132 96138 fb1cad SystemParametersInfoW 96139 fb2de3 96140 fb2df0 __wsopen_s 96139->96140 96141 fb2e09 96140->96141 96142 ff2c2b ___scrt_fastfail 96140->96142 96143 fb3aa2 23 API calls 96141->96143 96145 ff2c47 GetOpenFileNameW 96142->96145 96144 fb2e12 96143->96144 96155 fb2da5 96144->96155 96146 ff2c96 96145->96146 96148 fb6b57 22 API calls 96146->96148 96150 ff2cab 96148->96150 96150->96150 96152 fb2e27 96173 fb44a8 96152->96173 96156 ff1f50 __wsopen_s 96155->96156 96157 fb2db2 GetLongPathNameW 96156->96157 96158 fb6b57 22 API calls 96157->96158 96159 fb2dda 96158->96159 96160 fb3598 96159->96160 96161 fba961 22 API calls 96160->96161 96162 fb35aa 96161->96162 96163 fb3aa2 23 API calls 96162->96163 96164 fb35b5 96163->96164 96165 ff32eb 96164->96165 96166 fb35c0 96164->96166 96171 ff330d 96165->96171 96208 fcce60 41 API calls 96165->96208 96167 fb515f 22 API calls 96166->96167 96169 fb35cc 96167->96169 96202 fb35f3 96169->96202 96172 fb35df 96172->96152 96174 fb4ecb 94 API calls 96173->96174 96175 fb44cd 96174->96175 96176 ff3833 96175->96176 96177 fb4ecb 94 API calls 96175->96177 96178 1022cf9 80 API calls 96176->96178 96180 fb44e1 96177->96180 96179 ff3848 96178->96179 96181 ff384c 96179->96181 96182 ff3869 96179->96182 96180->96176 96183 fb44e9 96180->96183 96184 fb4f39 68 API calls 96181->96184 96185 fcfe0b 22 API calls 96182->96185 96186 ff3854 96183->96186 96187 fb44f5 96183->96187 96184->96186 96195 ff38ae 96185->96195 96210 101da5a 82 API calls 96186->96210 96209 fb940c 136 API calls 2 library calls 96187->96209 96190 ff3862 96190->96182 96191 fb2e31 96192 fb4f39 68 API calls 96193 ff3a5f 96192->96193 96193->96192 96216 101989b 82 API calls __wsopen_s 96193->96216 96195->96193 96199 fb9cb3 22 API calls 96195->96199 96211 101967e 22 API calls __fread_nolock 96195->96211 96212 10195ad 42 API calls _wcslen 96195->96212 96213 1020b5a 22 API calls 96195->96213 96214 fba4a1 22 API calls __fread_nolock 96195->96214 96215 fb3ff7 22 API calls 96195->96215 96199->96195 96203 fb3605 96202->96203 96207 fb3624 __fread_nolock 96202->96207 96205 fcfe0b 22 API calls 96203->96205 96204 fcfddb 22 API calls 96206 fb363b 96204->96206 96205->96207 96206->96172 96207->96204 96208->96165 96209->96191 96210->96190 96211->96195 96212->96195 96213->96195 96214->96195 96215->96195 96216->96193 96217 ff2ba5 96218 ff2baf 96217->96218 96219 fb2b25 96217->96219 96221 fb3a5a 24 API calls 96218->96221 96245 fb2b83 7 API calls 96219->96245 96223 ff2bb8 96221->96223 96225 fb9cb3 22 API calls 96223->96225 96227 ff2bc6 96225->96227 96226 fb2b2f 96231 fb3837 49 API calls 96226->96231 96234 fb2b44 96226->96234 96228 ff2bce 96227->96228 96229 ff2bf5 96227->96229 96232 fb33c6 22 API calls 96228->96232 96230 fb33c6 22 API calls 96229->96230 96243 ff2bf1 GetForegroundWindow ShellExecuteW 96230->96243 96231->96234 96233 ff2bd9 96232->96233 96249 fb6350 22 API calls 96233->96249 96235 fb2b5f 96234->96235 96238 fb30f2 Shell_NotifyIconW 96234->96238 96242 fb2b66 SetCurrentDirectoryW 96235->96242 96238->96235 96239 ff2be7 96241 fb33c6 22 API calls 96239->96241 96240 ff2c26 96240->96235 96241->96243 96244 fb2b7a 96242->96244 96243->96240 96250 fb2cd4 7 API calls 96245->96250 96247 fb2b2a 96248 fb2c63 CreateWindowExW CreateWindowExW ShowWindow ShowWindow 96247->96248 96248->96226 96249->96239 96250->96247 96251 fe8402 96256 fe81be 96251->96256 96255 fe842a 96261 fe81ef try_get_first_available_module 96256->96261 96258 fe83ee 96275 fe27ec 26 API calls pre_c_initialization 96258->96275 96260 fe8343 96260->96255 96268 ff0984 96260->96268 96264 fe8338 96261->96264 96271 fd8e0b 40 API calls 2 library calls 96261->96271 96263 fe838c 96263->96264 96272 fd8e0b 40 API calls 2 library calls 96263->96272 96264->96260 96274 fdf2d9 20 API calls __dosmaperr 96264->96274 96266 fe83ab 96266->96264 96273 fd8e0b 40 API calls 2 library calls 96266->96273 96276 ff0081 96268->96276 96270 ff099f 96270->96255 96271->96263 96272->96266 96273->96264 96274->96258 96275->96260 96279 ff008d CallCatchBlock 96276->96279 96277 ff009b 96333 fdf2d9 20 API calls __dosmaperr 96277->96333 96279->96277 96280 ff00d4 96279->96280 96287 ff065b 96280->96287 96281 ff00a0 96334 fe27ec 26 API calls pre_c_initialization 96281->96334 96286 ff00aa __wsopen_s 96286->96270 96288 ff0678 96287->96288 96289 ff068d 96288->96289 96290 ff06a6 96288->96290 96350 fdf2c6 20 API calls __dosmaperr 96289->96350 96336 fe5221 96290->96336 96293 ff0692 96351 fdf2d9 20 API calls __dosmaperr 96293->96351 96294 ff06ab 96295 ff06cb 96294->96295 96296 ff06b4 96294->96296 96349 ff039a CreateFileW 96295->96349 96352 fdf2c6 20 API calls __dosmaperr 96296->96352 96300 ff00f8 96335 ff0121 LeaveCriticalSection __wsopen_s 96300->96335 96301 ff06b9 96353 fdf2d9 20 API calls __dosmaperr 96301->96353 96302 ff0781 GetFileType 96305 ff078c GetLastError 96302->96305 96306 ff07d3 96302->96306 96304 ff0756 GetLastError 96355 fdf2a3 20 API calls __dosmaperr 96304->96355 96356 fdf2a3 20 API calls __dosmaperr 96305->96356 96358 fe516a 21 API calls 2 library calls 96306->96358 96307 ff0704 96307->96302 96307->96304 96354 ff039a CreateFileW 96307->96354 96311 ff079a CloseHandle 96311->96293 96314 ff07c3 96311->96314 96313 ff0749 96313->96302 96313->96304 96357 fdf2d9 20 API calls __dosmaperr 96314->96357 96315 ff07f4 96317 ff0840 96315->96317 96359 ff05ab 72 API calls 3 library calls 96315->96359 96322 ff086d 96317->96322 96360 ff014d 72 API calls 4 library calls 96317->96360 96318 ff07c8 96318->96293 96321 ff0866 96321->96322 96323 ff087e 96321->96323 96324 fe86ae __wsopen_s 29 API calls 96322->96324 96323->96300 96325 ff08fc CloseHandle 96323->96325 96324->96300 96361 ff039a CreateFileW 96325->96361 96327 ff0927 96328 ff0931 GetLastError 96327->96328 96332 ff095d 96327->96332 96362 fdf2a3 20 API calls __dosmaperr 96328->96362 96330 ff093d 96363 fe5333 21 API calls 2 library calls 96330->96363 96332->96300 96333->96281 96334->96286 96335->96286 96337 fe522d CallCatchBlock 96336->96337 96364 fe2f5e EnterCriticalSection 96337->96364 96339 fe527b 96365 fe532a 96339->96365 96340 fe5234 96340->96339 96341 fe5259 96340->96341 96346 fe52c7 EnterCriticalSection 96340->96346 96343 fe5000 __wsopen_s 21 API calls 96341->96343 96345 fe525e 96343->96345 96344 fe52a4 __wsopen_s 96344->96294 96345->96339 96368 fe5147 EnterCriticalSection 96345->96368 96346->96339 96347 fe52d4 LeaveCriticalSection 96346->96347 96347->96340 96349->96307 96350->96293 96351->96300 96352->96301 96353->96293 96354->96313 96355->96293 96356->96311 96357->96318 96358->96315 96359->96317 96360->96321 96361->96327 96362->96330 96363->96332 96364->96340 96369 fe2fa6 LeaveCriticalSection 96365->96369 96367 fe5331 96367->96344 96368->96339 96369->96367 96370 ff2402 96373 fb1410 96370->96373 96374 fb144f mciSendStringW 96373->96374 96375 ff24b8 DestroyWindow 96373->96375 96376 fb146b 96374->96376 96377 fb16c6 96374->96377 96387 ff24c4 96375->96387 96378 fb1479 96376->96378 96376->96387 96377->96376 96379 fb16d5 UnregisterHotKey 96377->96379 96406 fb182e 96378->96406 96379->96377 96381 ff24d8 96381->96387 96412 fb6246 CloseHandle 96381->96412 96382 ff24e2 FindClose 96382->96387 96384 ff2509 96388 ff252d 96384->96388 96389 ff251c FreeLibrary 96384->96389 96386 fb148e 96386->96388 96396 fb149c 96386->96396 96387->96381 96387->96382 96387->96384 96390 ff2541 VirtualFree 96388->96390 96397 fb1509 96388->96397 96389->96384 96390->96388 96391 fb14f8 OleUninitialize 96391->96397 96392 ff2589 96400 ff2598 ISource 96392->96400 96413 10232eb 6 API calls ISource 96392->96413 96393 fb1514 96394 fb1524 96393->96394 96410 fb1944 VirtualFreeEx CloseHandle 96394->96410 96396->96391 96397->96392 96397->96393 96399 fb153a 96399->96400 96403 fb161f 96399->96403 96402 ff2627 96400->96402 96414 10164d4 22 API calls ISource 96400->96414 96402->96402 96403->96402 96411 fb1876 CloseHandle InternetCloseHandle InternetCloseHandle WaitForSingleObject 96403->96411 96405 fb16c1 96407 fb183b 96406->96407 96408 fb1480 96407->96408 96415 101702a 22 API calls 96407->96415 96408->96384 96408->96386 96410->96399 96411->96405 96412->96381 96413->96392 96414->96400 96415->96407 96416 fb1044 96421 fb10f3 96416->96421 96418 fb104a 96457 fd00a3 29 API calls __onexit 96418->96457 96420 fb1054 96458 fb1398 96421->96458 96425 fb116a 96426 fba961 22 API calls 96425->96426 96427 fb1174 96426->96427 96428 fba961 22 API calls 96427->96428 96429 fb117e 96428->96429 96430 fba961 22 API calls 96429->96430 96431 fb1188 96430->96431 96432 fba961 22 API calls 96431->96432 96433 fb11c6 96432->96433 96434 fba961 22 API calls 96433->96434 96435 fb1292 96434->96435 96468 fb171c 96435->96468 96439 fb12c4 96440 fba961 22 API calls 96439->96440 96441 fb12ce 96440->96441 96442 fc1940 9 API calls 96441->96442 96443 fb12f9 96442->96443 96489 fb1aab 96443->96489 96445 fb1315 96446 fb1325 GetStdHandle 96445->96446 96447 fb137a 96446->96447 96448 ff2485 96446->96448 96451 fb1387 OleInitialize 96447->96451 96448->96447 96449 ff248e 96448->96449 96450 fcfddb 22 API calls 96449->96450 96452 ff2495 96450->96452 96451->96418 96496 102011d InitializeCriticalSectionAndSpinCount InterlockedExchange GetCurrentProcess GetCurrentProcess DuplicateHandle 96452->96496 96454 ff249e 96497 1020944 CreateThread 96454->96497 96456 ff24aa CloseHandle 96456->96447 96457->96420 96498 fb13f1 96458->96498 96461 fb13f1 22 API calls 96462 fb13d0 96461->96462 96463 fba961 22 API calls 96462->96463 96464 fb13dc 96463->96464 96465 fb6b57 22 API calls 96464->96465 96466 fb1129 96465->96466 96467 fb1bc3 6 API calls 96466->96467 96467->96425 96469 fba961 22 API calls 96468->96469 96470 fb172c 96469->96470 96471 fba961 22 API calls 96470->96471 96472 fb1734 96471->96472 96473 fba961 22 API calls 96472->96473 96474 fb174f 96473->96474 96475 fcfddb 22 API calls 96474->96475 96476 fb129c 96475->96476 96477 fb1b4a 96476->96477 96478 fb1b58 96477->96478 96479 fba961 22 API calls 96478->96479 96480 fb1b63 96479->96480 96481 fba961 22 API calls 96480->96481 96482 fb1b6e 96481->96482 96483 fba961 22 API calls 96482->96483 96484 fb1b79 96483->96484 96485 fba961 22 API calls 96484->96485 96486 fb1b84 96485->96486 96487 fcfddb 22 API calls 96486->96487 96488 fb1b96 RegisterWindowMessageW 96487->96488 96488->96439 96490 fb1abb 96489->96490 96491 ff272d 96489->96491 96492 fcfddb 22 API calls 96490->96492 96505 1023209 23 API calls 96491->96505 96494 fb1ac3 96492->96494 96494->96445 96495 ff2738 96496->96454 96497->96456 96506 102092a 28 API calls 96497->96506 96499 fba961 22 API calls 96498->96499 96500 fb13fc 96499->96500 96501 fba961 22 API calls 96500->96501 96502 fb1404 96501->96502 96503 fba961 22 API calls 96502->96503 96504 fb13c6 96503->96504 96504->96461 96505->96495

                                                                Executed Functions

                                                                Function 00FB42DE Relevance: 21.2, APIs: 9, Strings: 3, Instructions: 235libraryloaderCOMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 234 fb42de-fb434d call fba961 GetVersionExW call fb6b57 239 ff3617-ff362a 234->239 240 fb4353 234->240 242 ff362b-ff362f 239->242 241 fb4355-fb4357 240->241 243 fb435d-fb43bc call fb93b2 call fb37a0 241->243 244 ff3656 241->244 245 ff3632-ff363e 242->245 246 ff3631 242->246 263 ff37df-ff37e6 243->263 264 fb43c2-fb43c4 243->264 250 ff365d-ff3660 244->250 245->242 248 ff3640-ff3642 245->248 246->245 248->241 249 ff3648-ff364f 248->249 249->239 252 ff3651 249->252 253 fb441b-fb4435 GetCurrentProcess IsWow64Process 250->253 254 ff3666-ff36a8 250->254 252->244 256 fb4437 253->256 257 fb4494-fb449a 253->257 254->253 258 ff36ae-ff36b1 254->258 260 fb443d-fb4449 256->260 257->260 261 ff36db-ff36e5 258->261 262 ff36b3-ff36bd 258->262 265 fb444f-fb445e LoadLibraryA 260->265 266 ff3824-ff3828 GetSystemInfo 260->266 270 ff36f8-ff3702 261->270 271 ff36e7-ff36f3 261->271 267 ff36bf-ff36c5 262->267 268 ff36ca-ff36d6 262->268 272 ff37e8 263->272 273 ff3806-ff3809 263->273 264->250 269 fb43ca-fb43dd 264->269 276 fb449c-fb44a6 GetSystemInfo 265->276 277 fb4460-fb446e GetProcAddress 265->277 267->253 268->253 278 fb43e3-fb43e5 269->278 279 ff3726-ff372f 269->279 281 ff3715-ff3721 270->281 282 ff3704-ff3710 270->282 271->253 280 ff37ee 272->280 274 ff380b-ff381a 273->274 275 ff37f4-ff37fc 273->275 274->280 285 ff381c-ff3822 274->285 275->273 287 fb4476-fb4478 276->287 277->276 286 fb4470-fb4474 GetNativeSystemInfo 277->286 288 fb43eb-fb43ee 278->288 289 ff374d-ff3762 278->289 283 ff373c-ff3748 279->283 284 ff3731-ff3737 279->284 280->275 281->253 282->253 283->253 284->253 285->275 286->287 292 fb447a-fb447b FreeLibrary 287->292 293 fb4481-fb4493 287->293 294 ff3791-ff3794 288->294 295 fb43f4-fb440f 288->295 290 ff376f-ff377b 289->290 291 ff3764-ff376a 289->291 290->253 291->253 292->293 294->253 296 ff379a-ff37c1 294->296 297 fb4415 295->297 298 ff3780-ff378c 295->298 299 ff37ce-ff37da 296->299 300 ff37c3-ff37c9 296->300 297->253 298->253 299->253 300->253
                                                                APIs
                                                                • GetVersionExW.KERNEL32(?), ref: 00FB430D
                                                                  • Part of subcall function 00FB6B57: _wcslen.LIBCMT ref: 00FB6B6A
                                                                • GetCurrentProcess.KERNEL32(?,0104CB64,00000000,?,?), ref: 00FB4422
                                                                • IsWow64Process.KERNEL32(00000000,?,?), ref: 00FB4429
                                                                • LoadLibraryA.KERNEL32(kernel32.dll,?,?), ref: 00FB4454
                                                                • GetProcAddress.KERNEL32(00000000,GetNativeSystemInfo), ref: 00FB4466
                                                                • GetNativeSystemInfo.KERNEL32(?,?,?), ref: 00FB4474
                                                                • FreeLibrary.KERNEL32(00000000,?,?), ref: 00FB447B
                                                                • GetSystemInfo.KERNEL32(?,?,?), ref: 00FB44A0
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1653254072.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                • Associated: 00000000.00000002.1653140766.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653761657.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653855110.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                Similarity
                                                                • API ID: InfoLibraryProcessSystem$AddressCurrentFreeLoadNativeProcVersionWow64_wcslen
                                                                • String ID: GetNativeSystemInfo$kernel32.dll$|O
                                                                • API String ID: 3290436268-3101561225
                                                                • Opcode ID: 0a1b127b1bdc3d2bd63358ad9ce2a18c36060f5f6256971568631e1d1193203f
                                                                • Instruction ID: 6859cad03b5dea153378e9071c39d8632e765cdad9135644c9eceb64304931fd
                                                                • Opcode Fuzzy Hash: 0a1b127b1bdc3d2bd63358ad9ce2a18c36060f5f6256971568631e1d1193203f
                                                                • Instruction Fuzzy Hash: A5A1C576D0E2D4DFC731D76AB1806ED7FA46F26710B08C899D4C1A3A0AD27E4506EFA1
                                                                Function 00FB42A2 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 61COMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 638 fb42a2-fb42ba CreateStreamOnHGlobal 639 fb42da-fb42dd 638->639 640 fb42bc-fb42d3 FindResourceExW 638->640 641 fb42d9 640->641 642 ff35ba-ff35c9 LoadResource 640->642 641->639 642->641 643 ff35cf-ff35dd SizeofResource 642->643 643->641 644 ff35e3-ff35ee LockResource 643->644 644->641 645 ff35f4-ff3612 644->645 645->641
                                                                APIs
                                                                • CreateStreamOnHGlobal.OLE32(00000000,00000001,?,?,?,?,?,00FB50AA,?,?,00000000,00000000), ref: 00FB42B2
                                                                • FindResourceExW.KERNEL32(?,0000000A,SCRIPT,00000000,?,?,00FB50AA,?,?,00000000,00000000), ref: 00FB42C9
                                                                • LoadResource.KERNEL32(?,00000000,?,?,00FB50AA,?,?,00000000,00000000,?,?,?,?,?,?,00FB4F20), ref: 00FF35BE
                                                                • SizeofResource.KERNEL32(?,00000000,?,?,00FB50AA,?,?,00000000,00000000,?,?,?,?,?,?,00FB4F20), ref: 00FF35D3
                                                                • LockResource.KERNEL32(00FB50AA,?,?,00FB50AA,?,?,00000000,00000000,?,?,?,?,?,?,00FB4F20,?), ref: 00FF35E6
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1653254072.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                • Associated: 00000000.00000002.1653140766.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653761657.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653855110.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                Similarity
                                                                • API ID: Resource$CreateFindGlobalLoadLockSizeofStream
                                                                • String ID: SCRIPT
                                                                • API String ID: 3051347437-3967369404
                                                                • Opcode ID: 14b5ff9088eb1140d1266704a69fa86ae0d0d25ab84920a73ce2e3e44dededc0
                                                                • Instruction ID: 3b7d98ccdad3cced64a54caf232b0a86c90f338852ef37b41d7d6c788703b9bf
                                                                • Opcode Fuzzy Hash: 14b5ff9088eb1140d1266704a69fa86ae0d0d25ab84920a73ce2e3e44dededc0
                                                                • Instruction Fuzzy Hash: 0F11A0B4301700BFE7218FA6DE89F677BB9EBC5B51F14416DB84686150DB71EC00AA30
                                                                Function 00FF2BA5 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 62COMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                APIs
                                                                • SetCurrentDirectoryW.KERNEL32(?), ref: 00FB2B6B
                                                                  • Part of subcall function 00FB3A5A: GetModuleFileNameW.KERNEL32(00000000,?,00007FFF,01081418,?,00FB2E7F,?,?,?,00000000), ref: 00FB3A78
                                                                  • Part of subcall function 00FB9CB3: _wcslen.LIBCMT ref: 00FB9CBD
                                                                • GetForegroundWindow.USER32(runas,?,?,?,?,?,01072224), ref: 00FF2C10
                                                                • ShellExecuteW.SHELL32(00000000,?,?,01072224), ref: 00FF2C17
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1653254072.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                • Associated: 00000000.00000002.1653140766.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653761657.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653855110.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                Similarity
                                                                • API ID: CurrentDirectoryExecuteFileForegroundModuleNameShellWindow_wcslen
                                                                • String ID: runas
                                                                • API String ID: 448630720-4000483414
                                                                • Opcode ID: e829a11112def7254f821fdc14d3fd1f37812b70703e3e126c9f855815405f9a
                                                                • Instruction ID: 55b7b9e9257df595bc8c7fc487501799741bcf576927728ebf4291019599ff51
                                                                • Opcode Fuzzy Hash: e829a11112def7254f821fdc14d3fd1f37812b70703e3e126c9f855815405f9a
                                                                • Instruction Fuzzy Hash: EB11DF316083056AC714FF66DC919EE7BA4AFD5310F48541DF2C2060A2CF398A4AAB12
                                                                Function 0101D4DC Relevance: 6.1, APIs: 4, Instructions: 86processCOMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                APIs
                                                                • CreateToolhelp32Snapshot.KERNEL32 ref: 0101D501
                                                                • Process32FirstW.KERNEL32(00000000,?), ref: 0101D50F
                                                                • Process32NextW.KERNEL32(00000000,?), ref: 0101D52F
                                                                • FindCloseChangeNotification.KERNEL32(00000000), ref: 0101D5DC
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1653254072.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                • Associated: 00000000.00000002.1653140766.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653761657.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653855110.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                Similarity
                                                                • API ID: Process32$ChangeCloseCreateFindFirstNextNotificationSnapshotToolhelp32
                                                                • String ID:
                                                                • API String ID: 3243318325-0
                                                                • Opcode ID: d4daa3da64387a85b4e2f2be782cf8d3e5f4129c67453156938c402c2498f58f
                                                                • Instruction ID: 89fecb4b90579034d8db62ae748eb383cd3a83790058b4d3d1ea56d69c560e90
                                                                • Opcode Fuzzy Hash: d4daa3da64387a85b4e2f2be782cf8d3e5f4129c67453156938c402c2498f58f
                                                                • Instruction Fuzzy Hash: 8B31BF711083009FD311EF94CC85AAFBBF8EF99354F14092DF6C1821A1EB799A48DB92
                                                                Function 0101DBBE Relevance: 6.0, APIs: 4, Instructions: 29filestringCOMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 907 101dbbe-101dbda lstrlenW 908 101dc06 907->908 909 101dbdc-101dbe6 GetFileAttributesW 907->909 910 101dc09-101dc0d 908->910 909->910 911 101dbe8-101dbf7 FindFirstFileW 909->911 911->908 912 101dbf9-101dc04 FindClose 911->912 912->910
                                                                APIs
                                                                • lstrlenW.KERNEL32(?,00FF5222), ref: 0101DBCE
                                                                • GetFileAttributesW.KERNEL32(?), ref: 0101DBDD
                                                                • FindFirstFileW.KERNEL32(?,?), ref: 0101DBEE
                                                                • FindClose.KERNEL32(00000000), ref: 0101DBFA
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1653254072.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                • Associated: 00000000.00000002.1653140766.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653761657.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653855110.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                Similarity
                                                                • API ID: FileFind$AttributesCloseFirstlstrlen
                                                                • String ID:
                                                                • API String ID: 2695905019-0
                                                                • Opcode ID: df650e0f555a96af76f05aba5ffacf151418927b0df3577da346f669a1e525d8
                                                                • Instruction ID: 4750fe9ef2a02a01df119dff16373beb5f5f390ab9f715962a9852cad36d92ac
                                                                • Opcode Fuzzy Hash: df650e0f555a96af76f05aba5ffacf151418927b0df3577da346f669a1e525d8
                                                                • Instruction Fuzzy Hash: 9FF0EC7441191597A3306BBC9F4D4AA37AC9F01334B104B42F5F5C10E4EBF9595487D5
                                                                Function 00FD4CE8 Relevance: 4.5, APIs: 3, Instructions: 20COMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                • GetCurrentProcess.KERNEL32(00FE28E9,?,00FD4CBE,00FE28E9,010788B8,0000000C,00FD4E15,00FE28E9,00000002,00000000,?,00FE28E9), ref: 00FD4D09
                                                                • TerminateProcess.KERNEL32(00000000,?,00FD4CBE,00FE28E9,010788B8,0000000C,00FD4E15,00FE28E9,00000002,00000000,?,00FE28E9), ref: 00FD4D10
                                                                • ExitProcess.KERNEL32 ref: 00FD4D22
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1653254072.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                • Associated: 00000000.00000002.1653140766.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653761657.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653855110.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                Similarity
                                                                • API ID: Process$CurrentExitTerminate
                                                                • String ID:
                                                                • API String ID: 1703294689-0
                                                                • Opcode ID: f691986d55b6cec82ea160ccf03058a3f0f835667d2d1bd8010292e9d01e3f6d
                                                                • Instruction ID: 3d989a3454ff7be35789f0a0da5303f7ee374aa34a756082bf43ad076c5dd96c
                                                                • Opcode Fuzzy Hash: f691986d55b6cec82ea160ccf03058a3f0f835667d2d1bd8010292e9d01e3f6d
                                                                • Instruction Fuzzy Hash: 99E0BF75401148ABDF216F54DF49A583B6BEB41752B184015FC458B226CB3AEE41DF40
                                                                Function 00FBD730 Relevance: 21.6, APIs: 14, Instructions: 625windowsleeptimeCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetInputState.USER32 ref: 00FBD807
                                                                • timeGetTime.WINMM ref: 00FBDA07
                                                                • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00FBDB28
                                                                • TranslateMessage.USER32(?), ref: 00FBDB7B
                                                                • DispatchMessageW.USER32(?), ref: 00FBDB89
                                                                • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00FBDB9F
                                                                • Sleep.KERNEL32(0000000A), ref: 00FBDBB1
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1653254072.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                • Associated: 00000000.00000002.1653140766.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653761657.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653855110.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                Similarity
                                                                • API ID: Message$Peek$DispatchInputSleepStateTimeTranslatetime
                                                                • String ID:
                                                                • API String ID: 2189390790-0
                                                                • Opcode ID: cadae4a6743e59a265f8a8144676498d2b91a9c2a01167551defeb06fa5a3e5d
                                                                • Instruction ID: fe8b1fb6ecd66bee2dbe6925207ae2133e8fd652d9cb2bdfd06f7f5acbdbc70b
                                                                • Opcode Fuzzy Hash: cadae4a6743e59a265f8a8144676498d2b91a9c2a01167551defeb06fa5a3e5d
                                                                • Instruction Fuzzy Hash: 1C420370608242EFE72ACF25C888BAABBE0BF85314F14855DE4D587291E775E844DF92
                                                                Function 00FB2CD4 Relevance: 19.3, APIs: 7, Strings: 4, Instructions: 53windowregistryCOMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                APIs
                                                                • GetSysColorBrush.USER32(0000000F), ref: 00FB2D07
                                                                • RegisterClassExW.USER32(00000030), ref: 00FB2D31
                                                                • RegisterWindowMessageW.USER32(TaskbarCreated), ref: 00FB2D42
                                                                • InitCommonControlsEx.COMCTL32(?), ref: 00FB2D5F
                                                                • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000001,00000001), ref: 00FB2D6F
                                                                • LoadIconW.USER32(000000A9), ref: 00FB2D85
                                                                • ImageList_ReplaceIcon.COMCTL32(000000FF,00000000), ref: 00FB2D94
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1653254072.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                • Associated: 00000000.00000002.1653140766.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653761657.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653855110.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                Similarity
                                                                • API ID: IconImageList_Register$BrushClassColorCommonControlsCreateInitLoadMessageReplaceWindow
                                                                • String ID: +$0$AutoIt v3 GUI$TaskbarCreated
                                                                • API String ID: 2914291525-1005189915
                                                                • Opcode ID: 55dca9242f0cb2da827a2a9e9a61967a1f52a0db53d9cb9ab087b2fdda2155df
                                                                • Instruction ID: f5100ae5c95c06c5dc6b0909c7bb5f16191c003559461e4d15ef46d38a611763
                                                                • Opcode Fuzzy Hash: 55dca9242f0cb2da827a2a9e9a61967a1f52a0db53d9cb9ab087b2fdda2155df
                                                                • Instruction Fuzzy Hash: 52211DB5D06308AFEB20DF94EA89BDD7BB4FB08700F00411AF5D1A6284D7BA0541CF50
                                                                Function 00FF065B Relevance: 17.8, APIs: 9, Strings: 1, Instructions: 272COMMONLIBRARYCODE
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 302 ff065b-ff068b call ff042f 305 ff068d-ff0698 call fdf2c6 302->305 306 ff06a6-ff06b2 call fe5221 302->306 311 ff069a-ff06a1 call fdf2d9 305->311 312 ff06cb-ff0714 call ff039a 306->312 313 ff06b4-ff06c9 call fdf2c6 call fdf2d9 306->313 322 ff097d-ff0983 311->322 320 ff0716-ff071f 312->320 321 ff0781-ff078a GetFileType 312->321 313->311 324 ff0756-ff077c GetLastError call fdf2a3 320->324 325 ff0721-ff0725 320->325 326 ff078c-ff07bd GetLastError call fdf2a3 CloseHandle 321->326 327 ff07d3-ff07d6 321->327 324->311 325->324 331 ff0727-ff0754 call ff039a 325->331 326->311 341 ff07c3-ff07ce call fdf2d9 326->341 329 ff07df-ff07e5 327->329 330 ff07d8-ff07dd 327->330 334 ff07e9-ff0837 call fe516a 329->334 335 ff07e7 329->335 330->334 331->321 331->324 344 ff0839-ff0845 call ff05ab 334->344 345 ff0847-ff086b call ff014d 334->345 335->334 341->311 344->345 351 ff086f-ff0879 call fe86ae 344->351 352 ff087e-ff08c1 345->352 353 ff086d 345->353 351->322 354 ff08c3-ff08c7 352->354 355 ff08e2-ff08f0 352->355 353->351 354->355 357 ff08c9-ff08dd 354->357 358 ff097b 355->358 359 ff08f6-ff08fa 355->359 357->355 358->322 359->358 361 ff08fc-ff092f CloseHandle call ff039a 359->361 364 ff0963-ff0977 361->364 365 ff0931-ff095d GetLastError call fdf2a3 call fe5333 361->365 364->358 365->364
                                                                APIs
                                                                  • Part of subcall function 00FF039A: CreateFileW.KERNEL32(00000000,00000000,?,00FF0704,?,?,00000000,?,00FF0704,00000000,0000000C), ref: 00FF03B7
                                                                • GetLastError.KERNEL32 ref: 00FF076F
                                                                • __dosmaperr.LIBCMT ref: 00FF0776
                                                                • GetFileType.KERNEL32(00000000), ref: 00FF0782
                                                                • GetLastError.KERNEL32 ref: 00FF078C
                                                                • __dosmaperr.LIBCMT ref: 00FF0795
                                                                • CloseHandle.KERNEL32(00000000), ref: 00FF07B5
                                                                • CloseHandle.KERNEL32(?), ref: 00FF08FF
                                                                • GetLastError.KERNEL32 ref: 00FF0931
                                                                • __dosmaperr.LIBCMT ref: 00FF0938
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1653254072.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                • Associated: 00000000.00000002.1653140766.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653761657.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653855110.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                Similarity
                                                                • API ID: ErrorLast__dosmaperr$CloseFileHandle$CreateType
                                                                • String ID: H
                                                                • API String ID: 4237864984-2852464175
                                                                • Opcode ID: 8edfa7b03dcf0479a3263f6c3cef784981b6abd05ae5f5f24ea6f73e8ae00ed9
                                                                • Instruction ID: d326fb06b4027cd46e0d7bd29020ef97df315792cce728fd10d3db573c9daee8
                                                                • Opcode Fuzzy Hash: 8edfa7b03dcf0479a3263f6c3cef784981b6abd05ae5f5f24ea6f73e8ae00ed9
                                                                • Instruction Fuzzy Hash: 45A16A32A041088FDF28AF68DC51BBD7BA1AF06320F140159F951DF3A2DB358D16EB91
                                                                Function 00FB344D Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 201registryCOMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                APIs
                                                                  • Part of subcall function 00FB3A5A: GetModuleFileNameW.KERNEL32(00000000,?,00007FFF,01081418,?,00FB2E7F,?,?,?,00000000), ref: 00FB3A78
                                                                  • Part of subcall function 00FB3357: GetFullPathNameW.KERNEL32(?,00007FFF,?,?), ref: 00FB3379
                                                                • RegOpenKeyExW.KERNEL32(80000001,Software\AutoIt v3\AutoIt,00000000,00000001,?,?,\Include\), ref: 00FB356A
                                                                • RegQueryValueExW.ADVAPI32(?,Include,00000000,00000000,00000000,?), ref: 00FF318D
                                                                • RegQueryValueExW.ADVAPI32(?,Include,00000000,00000000,?,?,00000000), ref: 00FF31CE
                                                                • RegCloseKey.ADVAPI32(?), ref: 00FF3210
                                                                • _wcslen.LIBCMT ref: 00FF3277
                                                                • _wcslen.LIBCMT ref: 00FF3286
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1653254072.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                • Associated: 00000000.00000002.1653140766.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653761657.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653855110.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                Similarity
                                                                • API ID: NameQueryValue_wcslen$CloseFileFullModuleOpenPath
                                                                • String ID: Include$Software\AutoIt v3\AutoIt$\$\Include\
                                                                • API String ID: 98802146-2727554177
                                                                • Opcode ID: f1601489101eac69d938ddbc6f24f0e884e299fb7947899ddc26133393a95073
                                                                • Instruction ID: bda101b1985c7d382c5712cd1ad91126928c683063c04f8ed71a43cf5e420d80
                                                                • Opcode Fuzzy Hash: f1601489101eac69d938ddbc6f24f0e884e299fb7947899ddc26133393a95073
                                                                • Instruction Fuzzy Hash: 3D71BDB14083019EC324EF66EC919AFBBE8FF85750F40842EF5C593164EB799A48DB52
                                                                Function 00FB2B83 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 63windowregistryCOMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                APIs
                                                                • GetSysColorBrush.USER32(0000000F), ref: 00FB2B8E
                                                                • LoadCursorW.USER32(00000000,00007F00), ref: 00FB2B9D
                                                                • LoadIconW.USER32(00000063), ref: 00FB2BB3
                                                                • LoadIconW.USER32(000000A4), ref: 00FB2BC5
                                                                • LoadIconW.USER32(000000A2), ref: 00FB2BD7
                                                                • LoadImageW.USER32(00000063,00000001,00000010,00000010,00000000), ref: 00FB2BEF
                                                                • RegisterClassExW.USER32(?), ref: 00FB2C40
                                                                  • Part of subcall function 00FB2CD4: GetSysColorBrush.USER32(0000000F), ref: 00FB2D07
                                                                  • Part of subcall function 00FB2CD4: RegisterClassExW.USER32(00000030), ref: 00FB2D31
                                                                  • Part of subcall function 00FB2CD4: RegisterWindowMessageW.USER32(TaskbarCreated), ref: 00FB2D42
                                                                  • Part of subcall function 00FB2CD4: InitCommonControlsEx.COMCTL32(?), ref: 00FB2D5F
                                                                  • Part of subcall function 00FB2CD4: ImageList_Create.COMCTL32(00000010,00000010,00000021,00000001,00000001), ref: 00FB2D6F
                                                                  • Part of subcall function 00FB2CD4: LoadIconW.USER32(000000A9), ref: 00FB2D85
                                                                  • Part of subcall function 00FB2CD4: ImageList_ReplaceIcon.COMCTL32(000000FF,00000000), ref: 00FB2D94
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1653254072.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                • Associated: 00000000.00000002.1653140766.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653761657.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653855110.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                Similarity
                                                                • API ID: Load$Icon$ImageRegister$BrushClassColorList_$CommonControlsCreateCursorInitMessageReplaceWindow
                                                                • String ID: #$0$AutoIt v3
                                                                • API String ID: 423443420-4155596026
                                                                • Opcode ID: a56d8045ba2bd6ba624394af854d2975f1c1826c73637f06c311f7962e5ebd03
                                                                • Instruction ID: a6f8cb13488f407fc2861dd46cd2e62d87a04ef6d822bc1da432b545bc7443c0
                                                                • Opcode Fuzzy Hash: a56d8045ba2bd6ba624394af854d2975f1c1826c73637f06c311f7962e5ebd03
                                                                • Instruction Fuzzy Hash: 82214CB4E05314AFDB20DFA6E985ADD7FB5FF08B50F00801AE580A6694D7BA0541DF90
                                                                Function 00FB3170 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 145windowtimeregistryCOMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 443 fb3170-fb3185 444 fb3187-fb318a 443->444 445 fb31e5-fb31e7 443->445 447 fb31eb 444->447 448 fb318c-fb3193 444->448 445->444 446 fb31e9 445->446 449 fb31d0-fb31d8 DefWindowProcW 446->449 450 ff2dfb-ff2e23 call fb18e2 call fce499 447->450 451 fb31f1-fb31f6 447->451 452 fb3199-fb319e 448->452 453 fb3265-fb326d PostQuitMessage 448->453 454 fb31de-fb31e4 449->454 486 ff2e28-ff2e2f 450->486 456 fb31f8-fb31fb 451->456 457 fb321d-fb3244 SetTimer RegisterWindowMessageW 451->457 459 ff2e7c-ff2e90 call 101bf30 452->459 460 fb31a4-fb31a8 452->460 455 fb3219-fb321b 453->455 455->454 465 ff2d9c-ff2d9f 456->465 466 fb3201-fb320f KillTimer call fb30f2 456->466 457->455 461 fb3246-fb3251 CreatePopupMenu 457->461 459->455 479 ff2e96 459->479 462 fb31ae-fb31b3 460->462 463 ff2e68-ff2e77 call 101c161 460->463 461->455 469 ff2e4d-ff2e54 462->469 470 fb31b9-fb31be 462->470 463->455 472 ff2dd7-ff2df6 MoveWindow 465->472 473 ff2da1-ff2da5 465->473 483 fb3214 call fb3c50 466->483 469->449 482 ff2e5a-ff2e63 call 1010ad7 469->482 477 fb3253-fb3263 call fb326f 470->477 478 fb31c4-fb31ca 470->478 472->455 480 ff2da7-ff2daa 473->480 481 ff2dc6-ff2dd2 SetFocus 473->481 477->455 478->449 478->486 479->449 480->478 487 ff2db0-ff2dc1 call fb18e2 480->487 481->455 482->449 483->455 486->449 491 ff2e35-ff2e48 call fb30f2 call fb3837 486->491 487->455 491->449
                                                                APIs
                                                                • DefWindowProcW.USER32(?,?,?,?,?,?,?,?,?,00FB316A,?,?), ref: 00FB31D8
                                                                • KillTimer.USER32(?,00000001,?,?,?,?,?,00FB316A,?,?), ref: 00FB3204
                                                                • SetTimer.USER32(?,00000001,000002EE,00000000), ref: 00FB3227
                                                                • RegisterWindowMessageW.USER32(TaskbarCreated,?,?,?,?,?,00FB316A,?,?), ref: 00FB3232
                                                                • CreatePopupMenu.USER32 ref: 00FB3246
                                                                • PostQuitMessage.USER32(00000000), ref: 00FB3267
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1653254072.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                • Associated: 00000000.00000002.1653140766.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653761657.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653855110.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                Similarity
                                                                • API ID: MessageTimerWindow$CreateKillMenuPopupPostProcQuitRegister
                                                                • String ID: TaskbarCreated
                                                                • API String ID: 129472671-2362178303
                                                                • Opcode ID: efdb0cf4738ba195bd55c0b757c50efdd26ac0f67479b8c07d2ba52db98128de
                                                                • Instruction ID: b7d8a6a2f82ef0343541df37678944850c15dd26cccbc8a88805b128e9aa9a48
                                                                • Opcode Fuzzy Hash: efdb0cf4738ba195bd55c0b757c50efdd26ac0f67479b8c07d2ba52db98128de
                                                                • Instruction Fuzzy Hash: 84412B36AC8204ABDB246B7DDE4ABFD3A1DFF05350F044119F5C2C5295CB7A8A41BB61
                                                                Function 00FB1410 Relevance: 14.3, APIs: 7, Strings: 1, Instructions: 332comCOMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 499 fb1410-fb1449 500 fb144f-fb1465 mciSendStringW 499->500 501 ff24b8-ff24b9 DestroyWindow 499->501 502 fb146b-fb1473 500->502 503 fb16c6-fb16d3 500->503 505 ff24c4-ff24d1 501->505 504 fb1479-fb1488 call fb182e 502->504 502->505 506 fb16f8-fb16ff 503->506 507 fb16d5-fb16f0 UnregisterHotKey 503->507 520 ff250e-ff251a 504->520 521 fb148e-fb1496 504->521 508 ff24d3-ff24d6 505->508 509 ff2500-ff2507 505->509 506->502 512 fb1705 506->512 507->506 511 fb16f2-fb16f3 call fb10d0 507->511 513 ff24d8-ff24e0 call fb6246 508->513 514 ff24e2-ff24e5 FindClose 508->514 509->505 517 ff2509 509->517 511->506 512->503 519 ff24eb-ff24f8 513->519 514->519 517->520 519->509 523 ff24fa-ff24fb call 10232b1 519->523 526 ff251c-ff251e FreeLibrary 520->526 527 ff2524-ff252b 520->527 524 fb149c-fb14c1 call fbcfa0 521->524 525 ff2532-ff253f 521->525 523->509 537 fb14f8-fb1503 OleUninitialize 524->537 538 fb14c3 524->538 528 ff2566-ff256d 525->528 529 ff2541-ff255e VirtualFree 525->529 526->527 527->520 532 ff252d 527->532 528->525 534 ff256f 528->534 529->528 533 ff2560-ff2561 call 1023317 529->533 532->525 533->528 540 ff2574-ff2578 534->540 539 fb1509-fb150e 537->539 537->540 541 fb14c6-fb14f6 call fb1a05 call fb19ae 538->541 542 ff2589-ff2596 call 10232eb 539->542 543 fb1514-fb151e 539->543 540->539 544 ff257e-ff2584 540->544 541->537 557 ff2598 542->557 546 fb1707-fb1714 call fcf80e 543->546 547 fb1524-fb15a5 call fb988f call fb1944 call fb17d5 call fcfe14 call fb177c call fb988f call fbcfa0 call fb17fe call fcfe14 543->547 544->539 546->547 560 fb171a 546->560 561 ff259d-ff25bf call fcfdcd 547->561 588 fb15ab-fb15cf call fcfe14 547->588 557->561 560->546 567 ff25c1 561->567 570 ff25c6-ff25e8 call fcfdcd 567->570 576 ff25ea 570->576 580 ff25ef-ff2611 call fcfdcd 576->580 586 ff2613 580->586 589 ff2618-ff2625 call 10164d4 586->589 588->570 595 fb15d5-fb15f9 call fcfe14 588->595 594 ff2627 589->594 597 ff262c-ff2639 call fcac64 594->597 595->580 600 fb15ff-fb1619 call fcfe14 595->600 603 ff263b 597->603 600->589 605 fb161f-fb1643 call fb17d5 call fcfe14 600->605 606 ff2640-ff264d call 1023245 603->606 605->597 614 fb1649-fb1651 605->614 613 ff264f 606->613 616 ff2654-ff2661 call 10232cc 613->616 614->606 615 fb1657-fb1675 call fb988f call fb190a 614->615 615->616 625 fb167b-fb1689 615->625 621 ff2663 616->621 624 ff2668-ff2675 call 10232cc 621->624 630 ff2677 624->630 625->624 627 fb168f-fb16c5 call fb988f * 3 call fb1876 625->627 630->630
                                                                APIs
                                                                • mciSendStringW.WINMM(close all,00000000,00000000,00000000), ref: 00FB1459
                                                                • OleUninitialize.OLE32(?,00000000), ref: 00FB14F8
                                                                • UnregisterHotKey.USER32(?), ref: 00FB16DD
                                                                • DestroyWindow.USER32(?), ref: 00FF24B9
                                                                • FreeLibrary.KERNEL32(?), ref: 00FF251E
                                                                • VirtualFree.KERNEL32(?,00000000,00008000), ref: 00FF254B
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1653254072.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                • Associated: 00000000.00000002.1653140766.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653761657.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653855110.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                Similarity
                                                                • API ID: Free$DestroyLibrarySendStringUninitializeUnregisterVirtualWindow
                                                                • String ID: close all
                                                                • API String ID: 469580280-3243417748
                                                                • Opcode ID: 0f7099c3d98da2acedef8db01107bc07bbc61304664a41979aeb0299dfb2d683
                                                                • Instruction ID: 7c9b9b19b913af0a14a7eabb4c3c2479231597fb8f4e303f563b4d915a34ea99
                                                                • Opcode Fuzzy Hash: 0f7099c3d98da2acedef8db01107bc07bbc61304664a41979aeb0299dfb2d683
                                                                • Instruction Fuzzy Hash: 73D1C231702212CFDB29EF15C9A9B69F7A1BF05710F5841ADE54AAB261CB34EC12EF50
                                                                Function 00FB2C63 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 44COMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 648 fb2c63-fb2cd3 CreateWindowExW * 2 ShowWindow * 2
                                                                APIs
                                                                • CreateWindowExW.USER32(00000000,AutoIt v3,AutoIt v3,00CF0000,80000000,80000000,0000012C,00000064,00000000,00000000,00000000,00000001), ref: 00FB2C91
                                                                • CreateWindowExW.USER32(00000000,edit,00000000,50B008C4,00000000,00000000,00000000,00000000,00000000,00000001,00000000), ref: 00FB2CB2
                                                                • ShowWindow.USER32(00000000,?,?,?,?,?,?,00FB1CAD,?), ref: 00FB2CC6
                                                                • ShowWindow.USER32(00000000,?,?,?,?,?,?,00FB1CAD,?), ref: 00FB2CCF
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1653254072.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                • Associated: 00000000.00000002.1653140766.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653761657.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653855110.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                Similarity
                                                                • API ID: Window$CreateShow
                                                                • String ID: AutoIt v3$edit
                                                                • API String ID: 1584632944-3779509399
                                                                • Opcode ID: 9b652c30a58f513b57dee2ab85593c0ad60f7877e2449ec92202fc697cce22a5
                                                                • Instruction ID: 9eef1ebefd3428ece72a3636da0b4b6219304289dce549b90863c9c8fc02daf1
                                                                • Opcode Fuzzy Hash: 9b652c30a58f513b57dee2ab85593c0ad60f7877e2449ec92202fc697cce22a5
                                                                • Instruction Fuzzy Hash: A8F03AB95443907FEB300713AC4CEBB2EBDEBC6F50B00806EF980A2154C27A0842DBB0
                                                                Function 0103AD64 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 176COMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 763 103ad64-103ad9c call fba961 call fd2340 768 103add1-103add5 763->768 769 103ad9e-103adb5 call fb7510 763->769 771 103adf1-103adf5 768->771 772 103add7-103adee call fb7510 call fb7620 768->772 769->768 780 103adb7-103adce call fb7510 call fb7620 769->780 773 103adf7-103ae0e call fb7510 771->773 774 103ae3a 771->774 772->771 777 103ae3c-103ae40 773->777 789 103ae10-103ae21 call fb9b47 773->789 774->777 781 103ae53-103aeae call fd2340 call fb7510 ShellExecuteExW 777->781 782 103ae42-103ae50 call fbb567 777->782 780->768 800 103aeb0-103aeb6 call fcfe14 781->800 801 103aeb7-103aeb9 781->801 782->781 789->774 799 103ae23-103ae2e call fb7510 789->799 799->774 810 103ae30-103ae35 call fba8c7 799->810 800->801 805 103aec2-103aec6 801->805 806 103aebb-103aec1 call fcfe14 801->806 807 103af0a-103af0e 805->807 808 103aec8-103aed6 805->808 806->805 814 103af10-103af19 807->814 815 103af1b-103af33 call fbcfa0 807->815 812 103aedb-103aeeb 808->812 813 103aed8 808->813 810->774 818 103aef0-103af08 call fbcfa0 812->818 819 103aeed 812->819 813->812 820 103af6d-103af7b call fb988f 814->820 815->820 827 103af35-103af46 GetProcessId 815->827 818->820 819->818 828 103af48 827->828 829 103af4e-103af67 call fbcfa0 CloseHandle 827->829 828->829 829->820
                                                                APIs
                                                                • ShellExecuteExW.SHELL32(0000003C), ref: 0103AEA3
                                                                  • Part of subcall function 00FB7620: _wcslen.LIBCMT ref: 00FB7625
                                                                • GetProcessId.KERNEL32(00000000), ref: 0103AF38
                                                                • CloseHandle.KERNEL32(00000000), ref: 0103AF67
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1653254072.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                • Associated: 00000000.00000002.1653140766.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653761657.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653855110.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                Similarity
                                                                • API ID: CloseExecuteHandleProcessShell_wcslen
                                                                • String ID: <$@
                                                                • API String ID: 146682121-1426351568
                                                                • Opcode ID: cfc354c0662069842e02040741004d12a5e2e252e0c8c925e377221eaf583177
                                                                • Instruction ID: ced488e218bc70876247ea3c5bf38dc06c70f72b7882175a85531e67d09f8734
                                                                • Opcode Fuzzy Hash: cfc354c0662069842e02040741004d12a5e2e252e0c8c925e377221eaf583177
                                                                • Instruction Fuzzy Hash: D5717A74A00215DFCB14EF55C885A9EBBF4BF48310F048499E896AB392C779ED45CFA0
                                                                Function 00FB3B1C Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 58registryCOMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 868 fb3b1c-fb3b27 869 fb3b99-fb3b9b 868->869 870 fb3b29-fb3b2e 868->870 871 fb3b8c-fb3b8f 869->871 870->869 872 fb3b30-fb3b48 RegOpenKeyExW 870->872 872->869 873 fb3b4a-fb3b69 RegQueryValueExW 872->873 874 fb3b6b-fb3b76 873->874 875 fb3b80-fb3b8b RegCloseKey 873->875 876 fb3b78-fb3b7a 874->876 877 fb3b90-fb3b97 874->877 875->871 878 fb3b7e 876->878 877->878 878->875
                                                                APIs
                                                                • RegOpenKeyExW.KERNEL32(80000001,Control Panel\Mouse,00000000,00000001,00000000,?,?,80000001,80000001,?,00FB3B0F,SwapMouseButtons,00000004,?), ref: 00FB3B40
                                                                • RegQueryValueExW.KERNEL32(00000000,00000000,00000000,00000000,?,?,?,?,?,80000001,80000001,?,00FB3B0F,SwapMouseButtons,00000004,?), ref: 00FB3B61
                                                                • RegCloseKey.KERNEL32(00000000,?,?,?,80000001,80000001,?,00FB3B0F,SwapMouseButtons,00000004,?), ref: 00FB3B83
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1653254072.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                • Associated: 00000000.00000002.1653140766.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653761657.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653855110.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                Similarity
                                                                • API ID: CloseOpenQueryValue
                                                                • String ID: Control Panel\Mouse
                                                                • API String ID: 3677997916-824357125
                                                                • Opcode ID: 1cfe87a2388660b91f32fb4392ed20af733bc1c2f6dc9684dace6ae2700a6c7f
                                                                • Instruction ID: 04be811b27ecdde99211f09479afb64f1152d386757e5b8690442a7fbfafa312
                                                                • Opcode Fuzzy Hash: 1cfe87a2388660b91f32fb4392ed20af733bc1c2f6dc9684dace6ae2700a6c7f
                                                                • Instruction Fuzzy Hash: 26115AB5551208FFDB208FA6DD84AEEB7B8EF41750B108559B801D7118D6319E40AB60
                                                                Function 00FB3923 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 94windowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • LoadStringW.USER32(00000065,?,0000007F,00000104), ref: 00FF33A2
                                                                  • Part of subcall function 00FB6B57: _wcslen.LIBCMT ref: 00FB6B6A
                                                                • Shell_NotifyIconW.SHELL32(00000001,?), ref: 00FB3A04
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1653254072.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                • Associated: 00000000.00000002.1653140766.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653761657.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653855110.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                Similarity
                                                                • API ID: IconLoadNotifyShell_String_wcslen
                                                                • String ID: Line:
                                                                • API String ID: 2289894680-1585850449
                                                                • Opcode ID: 42c9c3b45566642cba5f4578f952788b6188207fba15a32f67273c503afca492
                                                                • Instruction ID: 6654dbb603b4d90e8a5defa777c19e7bba614eec129ca972a1b7ebcc2953e8c8
                                                                • Opcode Fuzzy Hash: 42c9c3b45566642cba5f4578f952788b6188207fba15a32f67273c503afca492
                                                                • Instruction Fuzzy Hash: D631C071848304AFD725EB21DC45BEFB7E8AF40720F14452AF5D982185EF789A49EBC2
                                                                Function 00FCFDDB Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 43COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • __CxxThrowException@8.LIBVCRUNTIME ref: 00FD0668
                                                                  • Part of subcall function 00FD32A4: RaiseException.KERNEL32(?,?,?,00FD068A,?,01081444,?,?,?,?,?,?,00FD068A,00FB1129,01078738,00FB1129), ref: 00FD3304
                                                                • __CxxThrowException@8.LIBVCRUNTIME ref: 00FD0685
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1653254072.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                • Associated: 00000000.00000002.1653140766.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653761657.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653855110.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                Similarity
                                                                • API ID: Exception@8Throw$ExceptionRaise
                                                                • String ID: Unknown exception
                                                                • API String ID: 3476068407-410509341
                                                                • Opcode ID: f7026ede1d9945a7df80ca1ce0c5c6b2e2c133a9301f9afab841c507753f0fa9
                                                                • Instruction ID: 36285d33cfe3879bed652e2163e5be638c66d7f92c0e407da3e3769c28c03b45
                                                                • Opcode Fuzzy Hash: f7026ede1d9945a7df80ca1ce0c5c6b2e2c133a9301f9afab841c507753f0fa9
                                                                • Instruction Fuzzy Hash: 91F02834C0020E73CB00B664EC4AF5DB76F6E00320F584037B91586691EF34DA29E580
                                                                Function 00FB10F3 Relevance: 4.7, APIs: 3, Instructions: 153comCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 00FB1BC3: MapVirtualKeyW.USER32(0000005B,00000000), ref: 00FB1BF4
                                                                  • Part of subcall function 00FB1BC3: MapVirtualKeyW.USER32(00000010,00000000), ref: 00FB1BFC
                                                                  • Part of subcall function 00FB1BC3: MapVirtualKeyW.USER32(000000A0,00000000), ref: 00FB1C07
                                                                  • Part of subcall function 00FB1BC3: MapVirtualKeyW.USER32(000000A1,00000000), ref: 00FB1C12
                                                                  • Part of subcall function 00FB1BC3: MapVirtualKeyW.USER32(00000011,00000000), ref: 00FB1C1A
                                                                  • Part of subcall function 00FB1BC3: MapVirtualKeyW.USER32(00000012,00000000), ref: 00FB1C22
                                                                  • Part of subcall function 00FB1B4A: RegisterWindowMessageW.USER32(00000004,?,00FB12C4), ref: 00FB1BA2
                                                                • GetStdHandle.KERNEL32(000000F6,00000000,00000000), ref: 00FB136A
                                                                • OleInitialize.OLE32 ref: 00FB1388
                                                                • CloseHandle.KERNEL32(00000000,00000000), ref: 00FF24AB
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1653254072.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                • Associated: 00000000.00000002.1653140766.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653761657.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653855110.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                Similarity
                                                                • API ID: Virtual$Handle$CloseInitializeMessageRegisterWindow
                                                                • String ID:
                                                                • API String ID: 1986988660-0
                                                                • Opcode ID: ba29892502f8b4b90d9544cc1bf5c5d012158cc4918daf8cceac746a6d8cf0f0
                                                                • Instruction ID: 4acd64185be5f98dd889e5059016266c154f4862c332e709b64d0b742039d089
                                                                • Opcode Fuzzy Hash: ba29892502f8b4b90d9544cc1bf5c5d012158cc4918daf8cceac746a6d8cf0f0
                                                                • Instruction Fuzzy Hash: 9B71BCB491D200DFC3A4EF7AE9566993AE0BF48344758822AD0CAC7349EB3A4403DF64
                                                                Function 00FE86AE Relevance: 4.6, APIs: 3, Instructions: 61COMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                • FindCloseChangeNotification.KERNEL32(00000000,00000000,?,?,00FE85CC,?,01078CC8,0000000C), ref: 00FE8704
                                                                • GetLastError.KERNEL32(?,00FE85CC,?,01078CC8,0000000C), ref: 00FE870E
                                                                • __dosmaperr.LIBCMT ref: 00FE8739
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1653254072.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                • Associated: 00000000.00000002.1653140766.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653761657.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653855110.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                Similarity
                                                                • API ID: ChangeCloseErrorFindLastNotification__dosmaperr
                                                                • String ID:
                                                                • API String ID: 490808831-0
                                                                • Opcode ID: 783ab2411e2fd6be9bf16170863f722d3459e235338bf653bd40801df04d6f16
                                                                • Instruction ID: 2c7a6fad6f749b1421dc1127bc27971ac8479d564b0c0252f2dac04160d4f8ca
                                                                • Opcode Fuzzy Hash: 783ab2411e2fd6be9bf16170863f722d3459e235338bf653bd40801df04d6f16
                                                                • Instruction Fuzzy Hash: 70012B33E056E02AD7347236A945B7E774A4B81BF8F390119F81C9B1D3DEA98C82B251
                                                                Function 00FC1310 Relevance: 4.0, APIs: 1, Strings: 1, Instructions: 531COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • __Init_thread_footer.LIBCMT ref: 00FC17F6
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1653254072.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                • Associated: 00000000.00000002.1653140766.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653761657.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653855110.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                Similarity
                                                                • API ID: Init_thread_footer
                                                                • String ID: CALL
                                                                • API String ID: 1385522511-4196123274
                                                                • Opcode ID: a08cb3c94e8ce89d62cc0d942e66aaf3520150ce1284af52df475ec156b36215
                                                                • Instruction ID: 39837e2781d8f52cd3dd4ce7cccd64a073c5035d090c8cf5b5e9ae0352dcbd08
                                                                • Opcode Fuzzy Hash: a08cb3c94e8ce89d62cc0d942e66aaf3520150ce1284af52df475ec156b36215
                                                                • Instruction Fuzzy Hash: B4228E705082029FD714DF14C981F2ABBF2BF86314F18895DF4968B392D736E865DB92
                                                                Function 00FB2DE3 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 64COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetOpenFileNameW.COMDLG32(?), ref: 00FF2C8C
                                                                  • Part of subcall function 00FB3AA2: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00FB3A97,?,?,00FB2E7F,?,?,?,00000000), ref: 00FB3AC2
                                                                  • Part of subcall function 00FB2DA5: GetLongPathNameW.KERNEL32(?,?,00007FFF), ref: 00FB2DC4
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1653254072.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                • Associated: 00000000.00000002.1653140766.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653761657.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653855110.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                Similarity
                                                                • API ID: Name$Path$FileFullLongOpen
                                                                • String ID: X
                                                                • API String ID: 779396738-3081909835
                                                                • Opcode ID: 66d792267aaac53cfe796c0951cc60e0565ba82f09427e3f49dcf5f8e56cbab2
                                                                • Instruction ID: da95d987334e758308e8e0857df53b78302a6f50d1afca7ae3f94128068d6fe9
                                                                • Opcode Fuzzy Hash: 66d792267aaac53cfe796c0951cc60e0565ba82f09427e3f49dcf5f8e56cbab2
                                                                • Instruction Fuzzy Hash: 9B21F071E002489FDB41EF95CC45BEE7BF8AF48310F00801AE545A7281DBB89A899FA1
                                                                Function 00FB3837 Relevance: 3.1, APIs: 2, Instructions: 77windowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • Shell_NotifyIconW.SHELL32(00000000,?), ref: 00FB3908
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1653254072.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                • Associated: 00000000.00000002.1653140766.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653761657.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653855110.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                Similarity
                                                                • API ID: IconNotifyShell_
                                                                • String ID:
                                                                • API String ID: 1144537725-0
                                                                • Opcode ID: 53c8255c3cb495a6b538bf21962e196a238bf6fe5cda1c71030c2104e82eef42
                                                                • Instruction ID: 96cd740c46ba613721d9ad0044aa47d78b73189b9a05044113bffe3c521daecb
                                                                • Opcode Fuzzy Hash: 53c8255c3cb495a6b538bf21962e196a238bf6fe5cda1c71030c2104e82eef42
                                                                • Instruction Fuzzy Hash: 63317AB19443019FE320DF25D58479ABBE8FB49718F00092EE5DA83240E776AA44DB52
                                                                Function 00FB4ECB Relevance: 1.6, APIs: 1, Instructions: 65libraryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 00FB4E90: LoadLibraryA.KERNEL32(kernel32.dll,?,?,00FB4EDD,?,01081418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00FB4E9C
                                                                  • Part of subcall function 00FB4E90: GetProcAddress.KERNEL32(00000000,Wow64DisableWow64FsRedirection), ref: 00FB4EAE
                                                                  • Part of subcall function 00FB4E90: FreeLibrary.KERNEL32(00000000,?,?,00FB4EDD,?,01081418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00FB4EC0
                                                                • LoadLibraryExW.KERNEL32(?,00000000,00000002,?,01081418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00FB4EFD
                                                                  • Part of subcall function 00FB4E59: LoadLibraryA.KERNEL32(kernel32.dll,?,?,00FF3CDE,?,01081418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00FB4E62
                                                                  • Part of subcall function 00FB4E59: GetProcAddress.KERNEL32(00000000,Wow64RevertWow64FsRedirection), ref: 00FB4E74
                                                                  • Part of subcall function 00FB4E59: FreeLibrary.KERNEL32(00000000,?,?,00FF3CDE,?,01081418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00FB4E87
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1653254072.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                • Associated: 00000000.00000002.1653140766.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653761657.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653855110.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                Similarity
                                                                • API ID: Library$Load$AddressFreeProc
                                                                • String ID:
                                                                • API String ID: 2632591731-0
                                                                • Opcode ID: eef8c7f1d735b931be025cb49d91ef1cd520b0d8e1c1e7ec2e2cc200d606453f
                                                                • Instruction ID: f1197d086b067dd8a7a219fa3e6aea813014a579548c5db1c085bebe73029bb2
                                                                • Opcode Fuzzy Hash: eef8c7f1d735b931be025cb49d91ef1cd520b0d8e1c1e7ec2e2cc200d606453f
                                                                • Instruction Fuzzy Hash: 2A11C432600205ABDB14BB66DE12BED77A59F40B10F10442DF582AB1D2DE79EA45BF50
                                                                Function 00FE8402 Relevance: 1.6, APIs: 1, Instructions: 54COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1653254072.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                • Associated: 00000000.00000002.1653140766.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653761657.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653855110.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                Similarity
                                                                • API ID: __wsopen_s
                                                                • String ID:
                                                                • API String ID: 3347428461-0
                                                                • Opcode ID: 15127d39d69e2b889b8cdde5e7dcec624484c499b6545426ca566077e45a09e8
                                                                • Instruction ID: 457297c24c14debe1e5dbc9bf67888c4e496f37d6f1d012afd7f960a2db6507a
                                                                • Opcode Fuzzy Hash: 15127d39d69e2b889b8cdde5e7dcec624484c499b6545426ca566077e45a09e8
                                                                • Instruction Fuzzy Hash: E811487190410AAFCB15DF59E9409DE7BF4EF48310F104059F808AB352DA31DA12DBA4
                                                                Function 00FE5000 Relevance: 1.6, APIs: 1, Instructions: 52COMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 00FE4C7D: RtlAllocateHeap.NTDLL(00000008,00FB1129,00000000,?,00FE2E29,00000001,00000364,?,?,?,00FDF2DE,00FE3863,01081444,?,00FCFDF5,?), ref: 00FE4CBE
                                                                • _free.LIBCMT ref: 00FE506C
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1653254072.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                • Associated: 00000000.00000002.1653140766.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653761657.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653855110.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                Similarity
                                                                • API ID: AllocateHeap_free
                                                                • String ID:
                                                                • API String ID: 614378929-0
                                                                • Opcode ID: 9ba45ce058d1080761d5af908226540236078fd1fc19e2e0238d0ad147f07c6e
                                                                • Instruction ID: 2f8bc668e807b379a321d451a00c0a1fb8ec51e418a24d07d612265820cea7a0
                                                                • Opcode Fuzzy Hash: 9ba45ce058d1080761d5af908226540236078fd1fc19e2e0238d0ad147f07c6e
                                                                • Instruction Fuzzy Hash: BB0126726047456BE3218E6A9C85A5AFBEDFB89370F25051DF284832C0EA70A805C6B4
                                                                Function 00FDE602 Relevance: 1.5, APIs: 1, Instructions: 46COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1653254072.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                • Associated: 00000000.00000002.1653140766.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653761657.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653855110.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: d6c69ec2a70ac845cc05b5f137181c3f07394ab8b33ef369e8c7ef627d5c9574
                                                                • Instruction ID: d4799f8d2652ab9252e78d002943ba0ed7cc5d456ab89455dcfed4f29d48fcb4
                                                                • Opcode Fuzzy Hash: d6c69ec2a70ac845cc05b5f137181c3f07394ab8b33ef369e8c7ef627d5c9574
                                                                • Instruction Fuzzy Hash: C0F02D32521A1496C7313A6ACC05B5A339E9F52375F18071BF425973D2DB7CE802B9A6
                                                                Function 00FE4C7D Relevance: 1.5, APIs: 1, Instructions: 39memoryCOMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                • RtlAllocateHeap.NTDLL(00000008,00FB1129,00000000,?,00FE2E29,00000001,00000364,?,?,?,00FDF2DE,00FE3863,01081444,?,00FCFDF5,?), ref: 00FE4CBE
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1653254072.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                • Associated: 00000000.00000002.1653140766.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653761657.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653855110.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                Similarity
                                                                • API ID: AllocateHeap
                                                                • String ID:
                                                                • API String ID: 1279760036-0
                                                                • Opcode ID: 55a6b2d496a5650680c94da0641fac8c51f7a6874b101c520c13630b7a4b3355
                                                                • Instruction ID: a71da4327185e7545ff85a513fb66a574dd7c81abc2ef147df6958792852d035
                                                                • Opcode Fuzzy Hash: 55a6b2d496a5650680c94da0641fac8c51f7a6874b101c520c13630b7a4b3355
                                                                • Instruction Fuzzy Hash: D1F05932A032B067DB205F6B9C05F5A3789BF413B0B38411AB80AE7680CA34F800B2F0
                                                                Function 00FE3820 Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                • RtlAllocateHeap.NTDLL(00000000,?,01081444,?,00FCFDF5,?,?,00FBA976,00000010,01081440,00FB13FC,?,00FB13C6,?,00FB1129), ref: 00FE3852
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1653254072.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                • Associated: 00000000.00000002.1653140766.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653761657.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653855110.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                Similarity
                                                                • API ID: AllocateHeap
                                                                • String ID:
                                                                • API String ID: 1279760036-0
                                                                • Opcode ID: 6b4b52790ec55a5f1e68b3bb77e15c1be7d470a834ea269d91c001c04d472894
                                                                • Instruction ID: b0f3d810b4ebbea906cab380615ed64d8450a594ce036a6332459f45bc7f8119
                                                                • Opcode Fuzzy Hash: 6b4b52790ec55a5f1e68b3bb77e15c1be7d470a834ea269d91c001c04d472894
                                                                • Instruction Fuzzy Hash: C2E0E5339012A467E73126679C0DB9A3749AF827B0F090122BC4593580CB25EF01B2E0
                                                                Function 00FB4F39 Relevance: 1.5, APIs: 1, Instructions: 28COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • FreeLibrary.KERNEL32(?,?,01081418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00FB4F6D
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1653254072.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                • Associated: 00000000.00000002.1653140766.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653761657.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653855110.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                Similarity
                                                                • API ID: FreeLibrary
                                                                • String ID:
                                                                • API String ID: 3664257935-0
                                                                • Opcode ID: 1baedd62199d1856567f1a4fb5ac92b8c2af5c3abb35860fa65455906474eb69
                                                                • Instruction ID: 0040c522b8600feeb0e9167b6cd8951d06f55cf8a0ca4b95aa7e84a11ae02fb0
                                                                • Opcode Fuzzy Hash: 1baedd62199d1856567f1a4fb5ac92b8c2af5c3abb35860fa65455906474eb69
                                                                • Instruction Fuzzy Hash: B7F03071505751CFDB349F65D590962B7F4EF14329314897EE1EA83612C731A844EF10
                                                                Function 00FB30F2 Relevance: 1.5, APIs: 1, Instructions: 24windowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • Shell_NotifyIconW.SHELL32(00000002,?), ref: 00FB314E
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1653254072.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                • Associated: 00000000.00000002.1653140766.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653761657.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653855110.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                Similarity
                                                                • API ID: IconNotifyShell_
                                                                • String ID:
                                                                • API String ID: 1144537725-0
                                                                • Opcode ID: 086a0e34011a30f66a0c7a30c50ce0599851a3a695225edf5f2cea2593874e3a
                                                                • Instruction ID: 9ab68a42aa1137cd82b8d2ed49c943067a6d03b77b3cced7eb9c9b8083b88b4e
                                                                • Opcode Fuzzy Hash: 086a0e34011a30f66a0c7a30c50ce0599851a3a695225edf5f2cea2593874e3a
                                                                • Instruction Fuzzy Hash: 76F0A7709043049FE7629B24D8467D97BBCAB01708F0000E5A1C896285DB794789CF41
                                                                Function 00FB2DA5 Relevance: 1.5, APIs: 1, Instructions: 23COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetLongPathNameW.KERNEL32(?,?,00007FFF), ref: 00FB2DC4
                                                                  • Part of subcall function 00FB6B57: _wcslen.LIBCMT ref: 00FB6B6A
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1653254072.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                • Associated: 00000000.00000002.1653140766.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653761657.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653855110.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                Similarity
                                                                • API ID: LongNamePath_wcslen
                                                                • String ID:
                                                                • API String ID: 541455249-0
                                                                • Opcode ID: 01ba094a58b4bad517a5672440bd9afcaf9fa1279bb7ea914fa0895def6f4f2b
                                                                • Instruction ID: 74eb3525a45df9afba405ddf22f6e75de80f04af22ec627e5b7426c1b8c34258
                                                                • Opcode Fuzzy Hash: 01ba094a58b4bad517a5672440bd9afcaf9fa1279bb7ea914fa0895def6f4f2b
                                                                • Instruction Fuzzy Hash: DEE0CD766011245BC72092599C05FEA77EDDFC8790F044071FD09D7248D968AD808650
                                                                Function 00FB2B3D Relevance: 1.5, APIs: 1, Instructions: 22COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 00FB3837: Shell_NotifyIconW.SHELL32(00000000,?), ref: 00FB3908
                                                                  • Part of subcall function 00FBD730: GetInputState.USER32 ref: 00FBD807
                                                                • SetCurrentDirectoryW.KERNEL32(?), ref: 00FB2B6B
                                                                  • Part of subcall function 00FB30F2: Shell_NotifyIconW.SHELL32(00000002,?), ref: 00FB314E
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1653254072.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                • Associated: 00000000.00000002.1653140766.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653761657.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653855110.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                Similarity
                                                                • API ID: IconNotifyShell_$CurrentDirectoryInputState
                                                                • String ID:
                                                                • API String ID: 3667716007-0
                                                                • Opcode ID: 40256d08d8bacabdb6721b8a66076e8d2f28625aa3100c79ebaa93d786160902
                                                                • Instruction ID: d32cf88fef08981a17ddede301699b7559cb8a7e1d88786637acd3e812c59d70
                                                                • Opcode Fuzzy Hash: 40256d08d8bacabdb6721b8a66076e8d2f28625aa3100c79ebaa93d786160902
                                                                • Instruction Fuzzy Hash: 26E0263270820407CA04BA769C524EDB3599FD5351F40153EF1C243153CE3D86465B12
                                                                Function 00FF039A Relevance: 1.5, APIs: 1, Instructions: 15fileCOMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                • CreateFileW.KERNEL32(00000000,00000000,?,00FF0704,?,?,00000000,?,00FF0704,00000000,0000000C), ref: 00FF03B7
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1653254072.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                • Associated: 00000000.00000002.1653140766.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653761657.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653855110.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                Similarity
                                                                • API ID: CreateFile
                                                                • String ID:
                                                                • API String ID: 823142352-0
                                                                • Opcode ID: e5a7739800f3358c31eab8966c3c27af218d3e20f3266ec135ed848f63bf5c0f
                                                                • Instruction ID: be86c52b115530e6335bf60115650b5bac3866bc8edfe67ccb29003750b09e4d
                                                                • Opcode Fuzzy Hash: e5a7739800f3358c31eab8966c3c27af218d3e20f3266ec135ed848f63bf5c0f
                                                                • Instruction Fuzzy Hash: CDD06C3204010DBBDF128E84DE46EDA3BAAFB48714F014000BE5856020C736E821AB90
                                                                Function 00FB1CAD Relevance: 1.5, APIs: 1, Instructions: 8COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • SystemParametersInfoW.USER32(00002001,00000000,00000002), ref: 00FB1CBC
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1653254072.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                • Associated: 00000000.00000002.1653140766.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653761657.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653855110.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                Similarity
                                                                • API ID: InfoParametersSystem
                                                                • String ID:
                                                                • API String ID: 3098949447-0
                                                                • Opcode ID: 793c338a1396127c276ee940f99be6d58a528001c9b7890417b9dda3d2bd9aa3
                                                                • Instruction ID: e3aa617f0a668cb88f703380e477c1dc95acb5cd09c013c59e36674bb0f8bdf7
                                                                • Opcode Fuzzy Hash: 793c338a1396127c276ee940f99be6d58a528001c9b7890417b9dda3d2bd9aa3
                                                                • Instruction Fuzzy Hash: 3AC04C352842049FF2244680B94AF587755A748B00F048001F6C9555C782B71450D750

                                                                Non-executed Functions

                                                                Function 01049576 Relevance: 72.4, APIs: 39, Strings: 2, Instructions: 625windowkeyboardCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 00FC9BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00FC9BB2
                                                                • DefDlgProcW.USER32(?,0000004E,?,?,?,?,?,?), ref: 0104961A
                                                                • SendMessageW.USER32(?,0000130B,00000000,00000000), ref: 0104965B
                                                                • GetWindowLongW.USER32(FFFFFDD9,000000F0), ref: 0104969F
                                                                • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 010496C9
                                                                • SendMessageW.USER32 ref: 010496F2
                                                                • GetKeyState.USER32(00000011), ref: 0104978B
                                                                • GetKeyState.USER32(00000009), ref: 01049798
                                                                • SendMessageW.USER32(?,0000130B,00000000,00000000), ref: 010497AE
                                                                • GetKeyState.USER32(00000010), ref: 010497B8
                                                                • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 010497E9
                                                                • SendMessageW.USER32 ref: 01049810
                                                                • SendMessageW.USER32(?,00001030,?,01047E95), ref: 01049918
                                                                • ImageList_SetDragCursorImage.COMCTL32(00000000,00000000,00000000,?,?,?), ref: 0104992E
                                                                • ImageList_BeginDrag.COMCTL32(00000000,000000F8,000000F0), ref: 01049941
                                                                • SetCapture.USER32(?), ref: 0104994A
                                                                • ClientToScreen.USER32(?,?), ref: 010499AF
                                                                • ImageList_DragEnter.COMCTL32(00000000,?,?), ref: 010499BC
                                                                • InvalidateRect.USER32(?,00000000,00000001,?,?,?), ref: 010499D6
                                                                • ReleaseCapture.USER32 ref: 010499E1
                                                                • GetCursorPos.USER32(?), ref: 01049A19
                                                                • ScreenToClient.USER32(?,?), ref: 01049A26
                                                                • SendMessageW.USER32(?,00001012,00000000,?), ref: 01049A80
                                                                • SendMessageW.USER32 ref: 01049AAE
                                                                • SendMessageW.USER32(?,00001111,00000000,?), ref: 01049AEB
                                                                • SendMessageW.USER32 ref: 01049B1A
                                                                • SendMessageW.USER32(?,0000110B,00000009,00000000), ref: 01049B3B
                                                                • SendMessageW.USER32(?,0000110B,00000009,?), ref: 01049B4A
                                                                • GetCursorPos.USER32(?), ref: 01049B68
                                                                • ScreenToClient.USER32(?,?), ref: 01049B75
                                                                • GetParent.USER32(?), ref: 01049B93
                                                                • SendMessageW.USER32(?,00001012,00000000,?), ref: 01049BFA
                                                                • SendMessageW.USER32 ref: 01049C2B
                                                                • ClientToScreen.USER32(?,?), ref: 01049C84
                                                                • TrackPopupMenuEx.USER32(?,00000000,?,?,?,00000000), ref: 01049CB4
                                                                • SendMessageW.USER32(?,00001111,00000000,?), ref: 01049CDE
                                                                • SendMessageW.USER32 ref: 01049D01
                                                                • ClientToScreen.USER32(?,?), ref: 01049D4E
                                                                • TrackPopupMenuEx.USER32(?,00000080,?,?,?,00000000), ref: 01049D82
                                                                  • Part of subcall function 00FC9944: GetWindowLongW.USER32(?,000000EB), ref: 00FC9952
                                                                • GetWindowLongW.USER32(?,000000F0), ref: 01049E05
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1653254072.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                • Associated: 00000000.00000002.1653140766.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653761657.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653855110.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                Similarity
                                                                • API ID: MessageSend$ClientScreen$ImageLongWindow$CursorDragList_State$CaptureMenuPopupTrack$BeginEnterInvalidateParentProcRectRelease
                                                                • String ID: @GUI_DRAGID$F
                                                                • API String ID: 3429851547-4164748364
                                                                • Opcode ID: 4ab1b4107d27025f14378ed74766237ff186e1dd418e11c8b073439af98d43f1
                                                                • Instruction ID: 52462a60ca60c2129865e3eb71b27db0d11e55dc59113314d1df29dd816dd05c
                                                                • Opcode Fuzzy Hash: 4ab1b4107d27025f14378ed74766237ff186e1dd418e11c8b073439af98d43f1
                                                                • Instruction Fuzzy Hash: F0428BB4208201AFE725CF28C985EABBBE5FF4C318F004669F6D9872A1D735A851CF51
                                                                Function 01044873 Relevance: 60.1, APIs: 33, Strings: 1, Instructions: 566windowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • SendMessageW.USER32(00000000,00000408,00000000,00000000), ref: 010448F3
                                                                • SendMessageW.USER32(00000000,00000188,00000000,00000000), ref: 01044908
                                                                • SendMessageW.USER32(00000000,0000018A,00000000,00000000), ref: 01044927
                                                                • SendMessageW.USER32(?,00000148,00000000,00000000), ref: 0104494B
                                                                • SendMessageW.USER32(00000000,00000147,00000000,00000000), ref: 0104495C
                                                                • SendMessageW.USER32(00000000,00000149,00000000,00000000), ref: 0104497B
                                                                • SendMessageW.USER32(00000000,0000130B,00000000,00000000), ref: 010449AE
                                                                • SendMessageW.USER32(00000000,0000133C,00000000,?), ref: 010449D4
                                                                • SendMessageW.USER32(00000000,0000110A,00000009,00000000), ref: 01044A0F
                                                                • SendMessageW.USER32(00000000,0000113E,00000000,00000004), ref: 01044A56
                                                                • SendMessageW.USER32(00000000,0000113E,00000000,00000004), ref: 01044A7E
                                                                • IsMenu.USER32(?), ref: 01044A97
                                                                • GetMenuItemInfoW.USER32(?,?,00000000,?), ref: 01044AF2
                                                                • GetMenuItemInfoW.USER32(?,?,00000000,?), ref: 01044B20
                                                                • GetWindowLongW.USER32(?,000000F0), ref: 01044B94
                                                                • SendMessageW.USER32(?,0000113E,00000000,00000008), ref: 01044BE3
                                                                • SendMessageW.USER32(00000000,00001001,00000000,?), ref: 01044C82
                                                                • wsprintfW.USER32 ref: 01044CAE
                                                                • SendMessageW.USER32(00000000,0000000E,00000000,00000000), ref: 01044CC9
                                                                • GetWindowTextW.USER32(?,00000000,00000001), ref: 01044CF1
                                                                • SendMessageW.USER32(00000000,000000F0,00000000,00000000), ref: 01044D13
                                                                • SendMessageW.USER32(00000000,0000000E,00000000,00000000), ref: 01044D33
                                                                • GetWindowTextW.USER32(?,00000000,00000001), ref: 01044D5A
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1653254072.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                • Associated: 00000000.00000002.1653140766.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653761657.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653855110.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                Similarity
                                                                • API ID: MessageSend$MenuWindow$InfoItemText$Longwsprintf
                                                                • String ID: %d/%02d/%02d
                                                                • API String ID: 4054740463-328681919
                                                                • Opcode ID: d37aa98cd499dbb64650c3513a15d932718975481c978b75fbd29b030e7ea6ae
                                                                • Instruction ID: 389448c5fe15bfeea23462ebce3e58827f5089a862b873f5b7526c5786c16c0e
                                                                • Opcode Fuzzy Hash: d37aa98cd499dbb64650c3513a15d932718975481c978b75fbd29b030e7ea6ae
                                                                • Instruction Fuzzy Hash: 4812F2B1600214ABFB259F28CD89FAE7BF8EF45310F044169F996DB2D1DB789941CB50
                                                                Function 00FCF98E Relevance: 43.9, APIs: 24, Strings: 1, Instructions: 130keyboardthreadwindowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetForegroundWindow.USER32(00000000,00000000,00000000), ref: 00FCF998
                                                                • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 0100F474
                                                                • IsIconic.USER32(00000000), ref: 0100F47D
                                                                • ShowWindow.USER32(00000000,00000009), ref: 0100F48A
                                                                • SetForegroundWindow.USER32(00000000), ref: 0100F494
                                                                • GetWindowThreadProcessId.USER32(00000000,00000000), ref: 0100F4AA
                                                                • GetCurrentThreadId.KERNEL32 ref: 0100F4B1
                                                                • GetWindowThreadProcessId.USER32(00000000,00000000), ref: 0100F4BD
                                                                • AttachThreadInput.USER32(?,00000000,00000001), ref: 0100F4CE
                                                                • AttachThreadInput.USER32(?,00000000,00000001), ref: 0100F4D6
                                                                • AttachThreadInput.USER32(00000000,000000FF,00000001), ref: 0100F4DE
                                                                • SetForegroundWindow.USER32(00000000), ref: 0100F4E1
                                                                • MapVirtualKeyW.USER32(00000012,00000000), ref: 0100F4F6
                                                                • keybd_event.USER32(00000012,00000000), ref: 0100F501
                                                                • MapVirtualKeyW.USER32(00000012,00000000), ref: 0100F50B
                                                                • keybd_event.USER32(00000012,00000000), ref: 0100F510
                                                                • MapVirtualKeyW.USER32(00000012,00000000), ref: 0100F519
                                                                • keybd_event.USER32(00000012,00000000), ref: 0100F51E
                                                                • MapVirtualKeyW.USER32(00000012,00000000), ref: 0100F528
                                                                • keybd_event.USER32(00000012,00000000), ref: 0100F52D
                                                                • SetForegroundWindow.USER32(00000000), ref: 0100F530
                                                                • AttachThreadInput.USER32(?,000000FF,00000000), ref: 0100F557
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1653254072.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                • Associated: 00000000.00000002.1653140766.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653761657.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653855110.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                Similarity
                                                                • API ID: Window$Thread$AttachForegroundInputVirtualkeybd_event$Process$CurrentFindIconicShow
                                                                • String ID: Shell_TrayWnd
                                                                • API String ID: 4125248594-2988720461
                                                                • Opcode ID: bfea92310dff228cfbca8442b924b244774dd4c1e50b94e43c89620948200999
                                                                • Instruction ID: 400e3ff5b6c68aab3f786f50adaded5487d2308a038c80fb5d30bec5104101ae
                                                                • Opcode Fuzzy Hash: bfea92310dff228cfbca8442b924b244774dd4c1e50b94e43c89620948200999
                                                                • Instruction Fuzzy Hash: 343194B5A41218BBFB316BB54E8AFBF7E6CEB44B50F100055FB40E61C1C7B65940ABA0
                                                                Function 01011201 Relevance: 38.7, APIs: 19, Strings: 3, Instructions: 241COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 010116C3: LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 0101170D
                                                                  • Part of subcall function 010116C3: AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 0101173A
                                                                  • Part of subcall function 010116C3: GetLastError.KERNEL32 ref: 0101174A
                                                                • LogonUserW.ADVAPI32(?,?,?,00000000,00000000,?), ref: 01011286
                                                                • DuplicateTokenEx.ADVAPI32(?,00000000,00000000,00000002,00000001,?), ref: 010112A8
                                                                • CloseHandle.KERNEL32(?), ref: 010112B9
                                                                • OpenWindowStationW.USER32(winsta0,00000000,00060000), ref: 010112D1
                                                                • GetProcessWindowStation.USER32 ref: 010112EA
                                                                • SetProcessWindowStation.USER32(00000000), ref: 010112F4
                                                                • OpenDesktopW.USER32(default,00000000,00000000,00060081), ref: 01011310
                                                                  • Part of subcall function 010110BF: AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000,?,010111FC), ref: 010110D4
                                                                  • Part of subcall function 010110BF: CloseHandle.KERNEL32(?,?,010111FC), ref: 010110E9
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1653254072.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                • Associated: 00000000.00000002.1653140766.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653761657.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653855110.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                Similarity
                                                                • API ID: StationTokenWindow$AdjustCloseHandleOpenPrivilegesProcess$DesktopDuplicateErrorLastLogonLookupPrivilegeUserValue
                                                                • String ID: $default$winsta0
                                                                • API String ID: 22674027-1027155976
                                                                • Opcode ID: 38d098848d3278d9f72a0db3f3b9462b3fb53d43bfb170baf62cb958e4bbfade
                                                                • Instruction ID: 9be07ae51160f52ffe56f472c6f2b3a6c7347c44f31f897d78a40952f25d318a
                                                                • Opcode Fuzzy Hash: 38d098848d3278d9f72a0db3f3b9462b3fb53d43bfb170baf62cb958e4bbfade
                                                                • Instruction Fuzzy Hash: 4781B1B1900209AFEF259FA8DD49FEE7FB9EF08700F044069FB90A6154CB399944CB61
                                                                Function 01010B62 Relevance: 31.7, APIs: 21, Instructions: 202memoryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 010110F9: GetUserObjectSecurity.USER32(?,00000004,?,00000000,?), ref: 01011114
                                                                  • Part of subcall function 010110F9: GetLastError.KERNEL32(?,00000000,00000000,?,?,01010B9B,?,?,?), ref: 01011120
                                                                  • Part of subcall function 010110F9: GetProcessHeap.KERNEL32(00000008,?,?,00000000,00000000,?,?,01010B9B,?,?,?), ref: 0101112F
                                                                  • Part of subcall function 010110F9: HeapAlloc.KERNEL32(00000000,?,00000000,00000000,?,?,01010B9B,?,?,?), ref: 01011136
                                                                  • Part of subcall function 010110F9: GetUserObjectSecurity.USER32(?,00000004,00000000,?,?), ref: 0101114D
                                                                • GetSecurityDescriptorDacl.ADVAPI32(?,?,?,?), ref: 01010BCC
                                                                • GetAclInformation.ADVAPI32(?,?,0000000C,00000002), ref: 01010C00
                                                                • GetLengthSid.ADVAPI32(?), ref: 01010C17
                                                                • GetAce.ADVAPI32(?,00000000,?), ref: 01010C51
                                                                • AddAce.ADVAPI32(?,00000002,000000FF,?,?), ref: 01010C6D
                                                                • GetLengthSid.ADVAPI32(?), ref: 01010C84
                                                                • GetProcessHeap.KERNEL32(00000008,00000008), ref: 01010C8C
                                                                • HeapAlloc.KERNEL32(00000000), ref: 01010C93
                                                                • GetLengthSid.ADVAPI32(?,00000008,?), ref: 01010CB4
                                                                • CopySid.ADVAPI32(00000000), ref: 01010CBB
                                                                • AddAce.ADVAPI32(?,00000002,000000FF,00000000,?), ref: 01010CEA
                                                                • SetSecurityDescriptorDacl.ADVAPI32(?,00000001,?,00000000), ref: 01010D0C
                                                                • SetUserObjectSecurity.USER32(?,00000004,?), ref: 01010D1E
                                                                • GetProcessHeap.KERNEL32(00000000,00000000), ref: 01010D45
                                                                • HeapFree.KERNEL32(00000000), ref: 01010D4C
                                                                • GetProcessHeap.KERNEL32(00000000,00000000), ref: 01010D55
                                                                • HeapFree.KERNEL32(00000000), ref: 01010D5C
                                                                • GetProcessHeap.KERNEL32(00000000,00000000), ref: 01010D65
                                                                • HeapFree.KERNEL32(00000000), ref: 01010D6C
                                                                • GetProcessHeap.KERNEL32(00000000,?), ref: 01010D78
                                                                • HeapFree.KERNEL32(00000000), ref: 01010D7F
                                                                  • Part of subcall function 01011193: GetProcessHeap.KERNEL32(00000008,01010BB1,?,00000000,?,01010BB1,?), ref: 010111A1
                                                                  • Part of subcall function 01011193: HeapAlloc.KERNEL32(00000000,?,00000000,?,01010BB1,?), ref: 010111A8
                                                                  • Part of subcall function 01011193: InitializeSecurityDescriptor.ADVAPI32(00000000,00000001,?,00000000,?,01010BB1,?), ref: 010111B7
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1653254072.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                • Associated: 00000000.00000002.1653140766.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653761657.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653855110.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                Similarity
                                                                • API ID: Heap$Process$Security$Free$AllocDescriptorLengthObjectUser$Dacl$CopyErrorInformationInitializeLast
                                                                • String ID:
                                                                • API String ID: 4175595110-0
                                                                • Opcode ID: f47b0c6f280f7378acd8333d6dc857d3796eadc9d85797ca065db7080dd0acb7
                                                                • Instruction ID: b672d2b158bc3b2308c7eb4b17303fe093551d7a7a39254fb6fe9d151e69f773
                                                                • Opcode Fuzzy Hash: f47b0c6f280f7378acd8333d6dc857d3796eadc9d85797ca065db7080dd0acb7
                                                                • Instruction Fuzzy Hash: D1718EB590120AABEF20DFA4DD84BEEBBB8BF05300F044155FA94A6188D779A945CB60
                                                                Function 0102EAFF Relevance: 30.2, APIs: 20, Instructions: 191clipboardfileCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • OpenClipboard.USER32(0104CC08), ref: 0102EB29
                                                                • IsClipboardFormatAvailable.USER32(0000000D), ref: 0102EB37
                                                                • GetClipboardData.USER32(0000000D), ref: 0102EB43
                                                                • CloseClipboard.USER32 ref: 0102EB4F
                                                                • GlobalLock.KERNEL32(00000000), ref: 0102EB87
                                                                • CloseClipboard.USER32 ref: 0102EB91
                                                                • GlobalUnlock.KERNEL32(00000000,00000000), ref: 0102EBBC
                                                                • IsClipboardFormatAvailable.USER32(00000001), ref: 0102EBC9
                                                                • GetClipboardData.USER32(00000001), ref: 0102EBD1
                                                                • GlobalLock.KERNEL32(00000000), ref: 0102EBE2
                                                                • GlobalUnlock.KERNEL32(00000000,?), ref: 0102EC22
                                                                • IsClipboardFormatAvailable.USER32(0000000F), ref: 0102EC38
                                                                • GetClipboardData.USER32(0000000F), ref: 0102EC44
                                                                • GlobalLock.KERNEL32(00000000), ref: 0102EC55
                                                                • DragQueryFileW.SHELL32(00000000,000000FF,00000000,00000000), ref: 0102EC77
                                                                • DragQueryFileW.SHELL32(00000000,?,?,00000104), ref: 0102EC94
                                                                • DragQueryFileW.SHELL32(00000000,?,?,00000104), ref: 0102ECD2
                                                                • GlobalUnlock.KERNEL32(00000000,?,?), ref: 0102ECF3
                                                                • CountClipboardFormats.USER32 ref: 0102ED14
                                                                • CloseClipboard.USER32 ref: 0102ED59
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1653254072.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                • Associated: 00000000.00000002.1653140766.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653761657.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653855110.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                Similarity
                                                                • API ID: Clipboard$Global$AvailableCloseDataDragFileFormatLockQueryUnlock$CountFormatsOpen
                                                                • String ID:
                                                                • API String ID: 420908878-0
                                                                • Opcode ID: 7cbf5d20d7217e42b3df862a640e67f4e1a78592563b632d17143f3c9db9f899
                                                                • Instruction ID: 2983c88d30530794d0a664058de0386636881da3c433a122ed157a82a428fbc9
                                                                • Opcode Fuzzy Hash: 7cbf5d20d7217e42b3df862a640e67f4e1a78592563b632d17143f3c9db9f899
                                                                • Instruction Fuzzy Hash: 3961F3782443019FE311EF28CA84F6A7BE4EF84714F18455DF5D687292CB76E905CB62
                                                                Function 0102698F Relevance: 21.4, APIs: 7, Strings: 5, Instructions: 363timefileCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • FindFirstFileW.KERNEL32(?,?), ref: 010269BE
                                                                • FindClose.KERNEL32(00000000), ref: 01026A12
                                                                • FileTimeToLocalFileTime.KERNEL32(?,?), ref: 01026A4E
                                                                • FileTimeToLocalFileTime.KERNEL32(?,?), ref: 01026A75
                                                                  • Part of subcall function 00FB9CB3: _wcslen.LIBCMT ref: 00FB9CBD
                                                                • FileTimeToSystemTime.KERNEL32(?,?), ref: 01026AB2
                                                                • FileTimeToSystemTime.KERNEL32(?,?), ref: 01026ADF
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1653254072.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                • Associated: 00000000.00000002.1653140766.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653761657.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653855110.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                Similarity
                                                                • API ID: Time$File$FindLocalSystem$CloseFirst_wcslen
                                                                • String ID: %02d$%03d$%4d$%4d%02d%02d%02d%02d%02d$%4d%02d%02d%02d%02d%02d%03d
                                                                • API String ID: 3830820486-3289030164
                                                                • Opcode ID: eb7c6a3da7833b83b21bc9c57f8fc36c27c8e91002e223b4e2fbeb50a81f7a2e
                                                                • Instruction ID: da18783933ad18cacfcaf783b2b986d5206bca76be8508481c3595e20b63bf2e
                                                                • Opcode Fuzzy Hash: eb7c6a3da7833b83b21bc9c57f8fc36c27c8e91002e223b4e2fbeb50a81f7a2e
                                                                • Instruction Fuzzy Hash: 07D162B1508300AFC710EBA5CD92EABB7ECAF88704F44491DF989C7151EB79DA44DB62
                                                                Function 01029642 Relevance: 21.1, APIs: 11, Strings: 1, Instructions: 118fileCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • FindFirstFileW.KERNEL32(?,?,74DE8FB0,?,00000000), ref: 01029663
                                                                • GetFileAttributesW.KERNEL32(?), ref: 010296A1
                                                                • SetFileAttributesW.KERNEL32(?,?), ref: 010296BB
                                                                • FindNextFileW.KERNEL32(00000000,?), ref: 010296D3
                                                                • FindClose.KERNEL32(00000000), ref: 010296DE
                                                                • FindFirstFileW.KERNEL32(*.*,?), ref: 010296FA
                                                                • SetCurrentDirectoryW.KERNEL32(?), ref: 0102974A
                                                                • SetCurrentDirectoryW.KERNEL32(01076B7C), ref: 01029768
                                                                • FindNextFileW.KERNEL32(00000000,00000010), ref: 01029772
                                                                • FindClose.KERNEL32(00000000), ref: 0102977F
                                                                • FindClose.KERNEL32(00000000), ref: 0102978F
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1653254072.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                • Associated: 00000000.00000002.1653140766.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653761657.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653855110.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                Similarity
                                                                • API ID: Find$File$Close$AttributesCurrentDirectoryFirstNext
                                                                • String ID: *.*
                                                                • API String ID: 1409584000-438819550
                                                                • Opcode ID: 61701949f08a40e52e0d223639dcb40aad0a0921929d2ce2d39f237b522d2537
                                                                • Instruction ID: f6e79525d3946f0a811b4043733744778127a5ec2b6cd476c57f454013593269
                                                                • Opcode Fuzzy Hash: 61701949f08a40e52e0d223639dcb40aad0a0921929d2ce2d39f237b522d2537
                                                                • Instruction Fuzzy Hash: 643128715016396BFB20AEB9DE4CADE37ECAF09225F00409AF585E2080D735C984CB14
                                                                Function 0102979D Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 111fileCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • FindFirstFileW.KERNEL32(?,?,74DE8FB0,?,00000000), ref: 010297BE
                                                                • FindNextFileW.KERNEL32(00000000,?), ref: 01029819
                                                                • FindClose.KERNEL32(00000000), ref: 01029824
                                                                • FindFirstFileW.KERNEL32(*.*,?), ref: 01029840
                                                                • SetCurrentDirectoryW.KERNEL32(?), ref: 01029890
                                                                • SetCurrentDirectoryW.KERNEL32(01076B7C), ref: 010298AE
                                                                • FindNextFileW.KERNEL32(00000000,00000010), ref: 010298B8
                                                                • FindClose.KERNEL32(00000000), ref: 010298C5
                                                                • FindClose.KERNEL32(00000000), ref: 010298D5
                                                                  • Part of subcall function 0101DAE5: CreateFileW.KERNEL32(?,40000000,00000001,00000000,00000003,02000080,00000000), ref: 0101DB00
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1653254072.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                • Associated: 00000000.00000002.1653140766.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653761657.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653855110.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                Similarity
                                                                • API ID: Find$File$Close$CurrentDirectoryFirstNext$Create
                                                                • String ID: *.*
                                                                • API String ID: 2640511053-438819550
                                                                • Opcode ID: facaafa5869e58cd475a16abcaed1489dac33a9088f3119a86e3e9b9897301fd
                                                                • Instruction ID: 16f4d1888ad2b8a8f7bcaef28b51fc57bea7c1405021467de1b5e1326830c761
                                                                • Opcode Fuzzy Hash: facaafa5869e58cd475a16abcaed1489dac33a9088f3119a86e3e9b9897301fd
                                                                • Instruction Fuzzy Hash: ED312C31501639AFFF24EFB9DD489DE37BCAF05224F18409AE5C4A2190D775D944CB24
                                                                Function 0103BE44 Relevance: 17.0, APIs: 11, Instructions: 456registryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 0103C998: CharUpperBuffW.USER32(?,?,?,?,?,?,?,0103B6AE,?,?), ref: 0103C9B5
                                                                  • Part of subcall function 0103C998: _wcslen.LIBCMT ref: 0103C9F1
                                                                  • Part of subcall function 0103C998: _wcslen.LIBCMT ref: 0103CA68
                                                                  • Part of subcall function 0103C998: _wcslen.LIBCMT ref: 0103CA9E
                                                                • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 0103BF3E
                                                                • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?,?,?), ref: 0103BFA9
                                                                • RegCloseKey.ADVAPI32(00000000), ref: 0103BFCD
                                                                • RegQueryValueExW.ADVAPI32(?,?,00000000,?,00000000,?), ref: 0103C02C
                                                                • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,00000008), ref: 0103C0E7
                                                                • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,?,?,00000000), ref: 0103C154
                                                                • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,?,?,00000000), ref: 0103C1E9
                                                                • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,00000000,?,?,?,00000000), ref: 0103C23A
                                                                • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,?,?,00000000), ref: 0103C2E3
                                                                • RegCloseKey.ADVAPI32(?,?,00000000), ref: 0103C382
                                                                • RegCloseKey.ADVAPI32(00000000), ref: 0103C38F
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1653254072.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                • Associated: 00000000.00000002.1653140766.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653761657.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653855110.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                Similarity
                                                                • API ID: QueryValue$Close_wcslen$BuffCharConnectOpenRegistryUpper
                                                                • String ID:
                                                                • API String ID: 3102970594-0
                                                                • Opcode ID: 177085597506a7493ed6066729863722eb0968633f0cd913634d5968420f03a6
                                                                • Instruction ID: e18092dd480c8a4d6f7b6b71f92e6233fd50de120f3838f2afe334f650be24c2
                                                                • Opcode Fuzzy Hash: 177085597506a7493ed6066729863722eb0968633f0cd913634d5968420f03a6
                                                                • Instruction Fuzzy Hash: FC026F716042009FE754DF28C995E2ABBE9EF89308F08C49DF48ADB2A2D735ED45CB51
                                                                Function 01028195 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 186timeCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetLocalTime.KERNEL32(?), ref: 01028257
                                                                • SystemTimeToFileTime.KERNEL32(?,?), ref: 01028267
                                                                • LocalFileTimeToFileTime.KERNEL32(?,?), ref: 01028273
                                                                • GetCurrentDirectoryW.KERNEL32(00007FFF,?), ref: 01028310
                                                                • SetCurrentDirectoryW.KERNEL32(?), ref: 01028324
                                                                • SetCurrentDirectoryW.KERNEL32(?), ref: 01028356
                                                                • SetCurrentDirectoryW.KERNEL32(?,?,?,?,?), ref: 0102838C
                                                                • SetCurrentDirectoryW.KERNEL32(?), ref: 01028395
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1653254072.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                • Associated: 00000000.00000002.1653140766.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653761657.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653855110.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                Similarity
                                                                • API ID: CurrentDirectoryTime$File$Local$System
                                                                • String ID: *.*
                                                                • API String ID: 1464919966-438819550
                                                                • Opcode ID: f1c0ab3f7cbec30c31d1ec0cf4467f8eda3907df8a6dcd1fb8abeb582a131b17
                                                                • Instruction ID: e4eb3b45567e0e7479ce3fe904b5145174d796d567b715f05283f5a83e08698e
                                                                • Opcode Fuzzy Hash: f1c0ab3f7cbec30c31d1ec0cf4467f8eda3907df8a6dcd1fb8abeb582a131b17
                                                                • Instruction Fuzzy Hash: 6D617BB65083159FD710EF64C8849AEB3E8FF89310F04895EF98987251EB39E945CF92
                                                                Function 0101D076 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 172fileCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 00FB3AA2: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00FB3A97,?,?,00FB2E7F,?,?,?,00000000), ref: 00FB3AC2
                                                                  • Part of subcall function 0101E199: GetFileAttributesW.KERNEL32(?,0101CF95), ref: 0101E19A
                                                                • FindFirstFileW.KERNEL32(?,?), ref: 0101D122
                                                                • DeleteFileW.KERNEL32(?,?,?,?,?,00000000,?,?,?), ref: 0101D1DD
                                                                • MoveFileW.KERNEL32(?,?), ref: 0101D1F0
                                                                • DeleteFileW.KERNEL32(?,?,?,?), ref: 0101D20D
                                                                • FindNextFileW.KERNEL32(00000000,00000010), ref: 0101D237
                                                                  • Part of subcall function 0101D29C: CopyFileExW.KERNEL32(?,?,00000000,00000000,00000000,00000008,?,?,0101D21C,?,?), ref: 0101D2B2
                                                                • FindClose.KERNEL32(00000000,?,?,?), ref: 0101D253
                                                                • FindClose.KERNEL32(00000000), ref: 0101D264
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1653254072.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                • Associated: 00000000.00000002.1653140766.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653761657.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653855110.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                Similarity
                                                                • API ID: File$Find$CloseDelete$AttributesCopyFirstFullMoveNameNextPath
                                                                • String ID: \*.*
                                                                • API String ID: 1946585618-1173974218
                                                                • Opcode ID: 55bae44131d3e5ec9609c535f1a8937678190db4dcfae612a9ca40066854e5d7
                                                                • Instruction ID: b709127d25255e65580f4e451d8a45eae9aeca14505fd7950514486d2768a65e
                                                                • Opcode Fuzzy Hash: 55bae44131d3e5ec9609c535f1a8937678190db4dcfae612a9ca40066854e5d7
                                                                • Instruction Fuzzy Hash: 5C61BC3180510DABDF05EBE5CE969EDBBB5AF21300F6440A5E48273195EB39AF09DF60
                                                                Function 0102ED6A Relevance: 13.6, APIs: 9, Instructions: 102clipboardmemoryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1653254072.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                • Associated: 00000000.00000002.1653140766.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653761657.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653855110.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                Similarity
                                                                • API ID: Clipboard$AllocCloseEmptyGlobalOpen
                                                                • String ID:
                                                                • API String ID: 1737998785-0
                                                                • Opcode ID: 170e9ce573434552f090110c0607145c518a600fa1799902c794a4a36d2c2b0b
                                                                • Instruction ID: ce5bb36b5124c816e440c5e406bcbb5f1c93ec6c5e3dd1b7b1706bccbec7ae8e
                                                                • Opcode Fuzzy Hash: 170e9ce573434552f090110c0607145c518a600fa1799902c794a4a36d2c2b0b
                                                                • Instruction Fuzzy Hash: C141B1752056219FE720DF19D588B19BBE5FF44318F04C099E49A8B762C77AFC41CB90
                                                                Function 0101E8F6 Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 57shutdownCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 010116C3: LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 0101170D
                                                                  • Part of subcall function 010116C3: AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 0101173A
                                                                  • Part of subcall function 010116C3: GetLastError.KERNEL32 ref: 0101174A
                                                                • ExitWindowsEx.USER32(?,00000000), ref: 0101E932
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1653254072.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                • Associated: 00000000.00000002.1653140766.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653761657.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653855110.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                Similarity
                                                                • API ID: AdjustErrorExitLastLookupPrivilegePrivilegesTokenValueWindows
                                                                • String ID: $ $@$SeShutdownPrivilege
                                                                • API String ID: 2234035333-3163812486
                                                                • Opcode ID: 082a78e72ede3c779087bf741de895e0704d24cc2117d50e89bdf8e358dbec02
                                                                • Instruction ID: 8d7965e5fab195ea5c8befd5c48e50b912f173b2dc4d811c172e58e3a0e0dcfe
                                                                • Opcode Fuzzy Hash: 082a78e72ede3c779087bf741de895e0704d24cc2117d50e89bdf8e358dbec02
                                                                • Instruction Fuzzy Hash: 80014972A10311ABFB6622B8DD85FFF729DAB18740F040822FDC3E20C5D5AE5C4082A4
                                                                Function 01031204 Relevance: 12.1, APIs: 8, Instructions: 113networkCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • socket.WSOCK32(00000002,00000001,00000006,?,00000002,00000000), ref: 01031276
                                                                • WSAGetLastError.WSOCK32 ref: 01031283
                                                                • bind.WSOCK32(00000000,?,00000010), ref: 010312BA
                                                                • WSAGetLastError.WSOCK32 ref: 010312C5
                                                                • closesocket.WSOCK32(00000000), ref: 010312F4
                                                                • listen.WSOCK32(00000000,00000005), ref: 01031303
                                                                • WSAGetLastError.WSOCK32 ref: 0103130D
                                                                • closesocket.WSOCK32(00000000), ref: 0103133C
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1653254072.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                • Associated: 00000000.00000002.1653140766.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653761657.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653855110.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                Similarity
                                                                • API ID: ErrorLast$closesocket$bindlistensocket
                                                                • String ID:
                                                                • API String ID: 540024437-0
                                                                • Opcode ID: 27eb58b121116f5bcf0cdb7cdc06c5a6a1bf6644f6b5e0a9ac528cdaba4efdb0
                                                                • Instruction ID: 57681a1459f29723688fd94c92e32a3af677d52dc03ece6867e1f1d76badd4a0
                                                                • Opcode Fuzzy Hash: 27eb58b121116f5bcf0cdb7cdc06c5a6a1bf6644f6b5e0a9ac528cdaba4efdb0
                                                                • Instruction Fuzzy Hash: B94174756001009FE720DF68C584B69BBE9AF8A314F1881D8D9969F296C775EC81CBE1
                                                                Function 0101D3A9 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 91fileCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 00FB3AA2: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00FB3A97,?,?,00FB2E7F,?,?,?,00000000), ref: 00FB3AC2
                                                                  • Part of subcall function 0101E199: GetFileAttributesW.KERNEL32(?,0101CF95), ref: 0101E19A
                                                                • FindFirstFileW.KERNEL32(?,?), ref: 0101D420
                                                                • DeleteFileW.KERNEL32(?,?,?,?), ref: 0101D470
                                                                • FindNextFileW.KERNEL32(00000000,00000010), ref: 0101D481
                                                                • FindClose.KERNEL32(00000000), ref: 0101D498
                                                                • FindClose.KERNEL32(00000000), ref: 0101D4A1
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1653254072.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                • Associated: 00000000.00000002.1653140766.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653761657.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653855110.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                Similarity
                                                                • API ID: FileFind$Close$AttributesDeleteFirstFullNameNextPath
                                                                • String ID: \*.*
                                                                • API String ID: 2649000838-1173974218
                                                                • Opcode ID: ea9446d548e9e2e3efdd7b13659b7ac7ed50b6690e601d1566d7273192b19d54
                                                                • Instruction ID: 14245ac66da7f797f750bd2509420cd7a553ce117dd0b7a06f7514006e16265b
                                                                • Opcode Fuzzy Hash: ea9446d548e9e2e3efdd7b13659b7ac7ed50b6690e601d1566d7273192b19d54
                                                                • Instruction Fuzzy Hash: D631CE71048341ABC301EFA5CD958EFB7E8BE91200F844A1DF4D583191EF28EA09DB63
                                                                Function 00FEE4FF Relevance: 10.1, APIs: 1, Strings: 4, Instructions: 1381COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1653254072.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                • Associated: 00000000.00000002.1653140766.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653761657.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653855110.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                Similarity
                                                                • API ID: __floor_pentium4
                                                                • String ID: 1#IND$1#INF$1#QNAN$1#SNAN
                                                                • API String ID: 4168288129-2761157908
                                                                • Opcode ID: fb2fba032dcd31ed223f15a0b151ce5829953f7eb94ff37bcfede494ad11d160
                                                                • Instruction ID: 0c572fc91ca07f5a8f9a6e7029b674f6ba382b50af06c05b4823156c002fa39e
                                                                • Opcode Fuzzy Hash: fb2fba032dcd31ed223f15a0b151ce5829953f7eb94ff37bcfede494ad11d160
                                                                • Instruction Fuzzy Hash: 86C26D72E046688FDB25CF29DD407EAB7B5EB88314F1441EAD44DE7240E778AE859F40
                                                                Function 0102648E Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 367comCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • _wcslen.LIBCMT ref: 010264DC
                                                                • CoInitialize.OLE32(00000000), ref: 01026639
                                                                • CoCreateInstance.OLE32(0104FCF8,00000000,00000001,0104FB68,?), ref: 01026650
                                                                • CoUninitialize.OLE32 ref: 010268D4
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1653254072.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                • Associated: 00000000.00000002.1653140766.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653761657.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653855110.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                Similarity
                                                                • API ID: CreateInitializeInstanceUninitialize_wcslen
                                                                • String ID: .lnk
                                                                • API String ID: 886957087-24824748
                                                                • Opcode ID: 2f2386f607ede22d918b2559b83e9e03c18cb429e00c8fed8e03d8ec69d63cd3
                                                                • Instruction ID: 2bad5379ee06c184e10ff9ef8fd3686820bfe3d40367ede82c37e577ecd184ad
                                                                • Opcode Fuzzy Hash: 2f2386f607ede22d918b2559b83e9e03c18cb429e00c8fed8e03d8ec69d63cd3
                                                                • Instruction Fuzzy Hash: 15D16A71508311AFD314EF25C881EABBBE8FF98304F10496DF5958B291EB75E905CBA2
                                                                Function 01029B2B Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 119filesleepCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 00FB9CB3: _wcslen.LIBCMT ref: 00FB9CBD
                                                                • FindFirstFileW.KERNEL32(00000001,?,*.*,?,?,00000000,00000000), ref: 01029B78
                                                                • FindClose.KERNEL32(00000000,?,00000000,00000000), ref: 01029C8B
                                                                  • Part of subcall function 01023874: GetInputState.USER32 ref: 010238CB
                                                                  • Part of subcall function 01023874: PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 01023966
                                                                • Sleep.KERNEL32(0000000A,?,00000000,00000000), ref: 01029BA8
                                                                • FindNextFileW.KERNEL32(?,?,?,00000000,00000000), ref: 01029C75
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1653254072.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                • Associated: 00000000.00000002.1653140766.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653761657.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653855110.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                Similarity
                                                                • API ID: Find$File$CloseFirstInputMessageNextPeekSleepState_wcslen
                                                                • String ID: *.*
                                                                • API String ID: 1972594611-438819550
                                                                • Opcode ID: 217cdf113ff61ad54d28ecdb207320200e6aa2276af1acf1bf375ec7f1a917ab
                                                                • Instruction ID: 2e0369adc3cd862838fcfbba907f2a928e8eba06d2ecb68b97ce7eefe433a004
                                                                • Opcode Fuzzy Hash: 217cdf113ff61ad54d28ecdb207320200e6aa2276af1acf1bf375ec7f1a917ab
                                                                • Instruction Fuzzy Hash: A241D27190022EAFEF51DF64C985AEE7BF8FF05304F24409AE945A3191EB309A84CF60
                                                                Function 00FC997D Relevance: 7.9, APIs: 5, Instructions: 375COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 00FC9BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00FC9BB2
                                                                • DefDlgProcW.USER32(?,?,?,?,?), ref: 00FC9A4E
                                                                • GetSysColor.USER32(0000000F), ref: 00FC9B23
                                                                • SetBkColor.GDI32(?,00000000), ref: 00FC9B36
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1653254072.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                • Associated: 00000000.00000002.1653140766.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653761657.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653855110.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                Similarity
                                                                • API ID: Color$LongProcWindow
                                                                • String ID:
                                                                • API String ID: 3131106179-0
                                                                • Opcode ID: 9e855eff11f10b20e127b6ecfc0c963a333850f41ddba7926ea039accc6403f5
                                                                • Instruction ID: 0cfb2d5f68cc08db747fd0a5292e42f8b513c8d5c661b6a3bff64fba80273d71
                                                                • Opcode Fuzzy Hash: 9e855eff11f10b20e127b6ecfc0c963a333850f41ddba7926ea039accc6403f5
                                                                • Instruction Fuzzy Hash: 4CA107B150C046BEF7299A2C8E8EFBF399DEB46350F14015DF1C2965C5CAAD9D01E271
                                                                Function 01031806 Relevance: 7.7, APIs: 5, Instructions: 153networkCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 0103304E: inet_addr.WSOCK32(?,?,?,?,?,00000000), ref: 0103307A
                                                                  • Part of subcall function 0103304E: _wcslen.LIBCMT ref: 0103309B
                                                                • socket.WSOCK32(00000002,00000002,00000011,?,?,00000000), ref: 0103185D
                                                                • WSAGetLastError.WSOCK32 ref: 01031884
                                                                • bind.WSOCK32(00000000,?,00000010), ref: 010318DB
                                                                • WSAGetLastError.WSOCK32 ref: 010318E6
                                                                • closesocket.WSOCK32(00000000), ref: 01031915
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1653254072.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                • Associated: 00000000.00000002.1653140766.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653761657.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653855110.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                Similarity
                                                                • API ID: ErrorLast$_wcslenbindclosesocketinet_addrsocket
                                                                • String ID:
                                                                • API String ID: 1601658205-0
                                                                • Opcode ID: 35c5c0fb6b9b2b90555d0a2b5382b6d52aa15aea56f89d1f22e7a7a42f251ca8
                                                                • Instruction ID: f054d06d3f756f28639abf46a1af8cda090f1646102056bd7710bc1b5656295b
                                                                • Opcode Fuzzy Hash: 35c5c0fb6b9b2b90555d0a2b5382b6d52aa15aea56f89d1f22e7a7a42f251ca8
                                                                • Instruction Fuzzy Hash: 46519875A002109FE710EF24C986F6A77E59B88718F08849CF9455F3C7C779AD418BE1
                                                                Function 0102CF1A Relevance: 7.6, APIs: 5, Instructions: 93networkfileCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • InternetQueryDataAvailable.WININET(?,?,00000000,00000000), ref: 0102CF38
                                                                • InternetReadFile.WININET(?,00000000,?,?), ref: 0102CF6F
                                                                • GetLastError.KERNEL32(?,00000000,?,?,?,0102C21E,00000000), ref: 0102CFB4
                                                                • SetEvent.KERNEL32(?,?,00000000,?,?,?,0102C21E,00000000), ref: 0102CFC8
                                                                • SetEvent.KERNEL32(?,?,00000000,?,?,?,0102C21E,00000000), ref: 0102CFF2
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1653254072.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                • Associated: 00000000.00000002.1653140766.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653761657.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653855110.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                Similarity
                                                                • API ID: EventInternet$AvailableDataErrorFileLastQueryRead
                                                                • String ID:
                                                                • API String ID: 3191363074-0
                                                                • Opcode ID: 88daad5fc77b3be93b6092250d82a9164b3552f5e17955e6ed4f9d09122648b6
                                                                • Instruction ID: 528852196e3a52e0fe373598d6067e7251f1d6426e0185d71739df9c492270ec
                                                                • Opcode Fuzzy Hash: 88daad5fc77b3be93b6092250d82a9164b3552f5e17955e6ed4f9d09122648b6
                                                                • Instruction Fuzzy Hash: 43318EB1500615EFFBA0DFA9CA84EAFBBF8EF04350B10446EF596D2141DB34AA45DB60
                                                                Function 01041C41 Relevance: 7.6, APIs: 5, Instructions: 83windowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1653254072.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                • Associated: 00000000.00000002.1653140766.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653761657.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653855110.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                Similarity
                                                                • API ID: Window$EnabledForegroundIconicVisibleZoomed
                                                                • String ID:
                                                                • API String ID: 292994002-0
                                                                • Opcode ID: 18b75485c7a56137b7b90ed25d2c72ab5927d67e7a5db5f12b6348ef3fb4b3ae
                                                                • Instruction ID: 0c7f8554864299479850b9bf938ef867280de0b4adb41c56585d8f515e09e4a0
                                                                • Opcode Fuzzy Hash: 18b75485c7a56137b7b90ed25d2c72ab5927d67e7a5db5f12b6348ef3fb4b3ae
                                                                • Instruction Fuzzy Hash: E321D6B17012055FE7209F1AD9C4B6A7BE5EF89315F1880B8E8C98B341C776F882CB94
                                                                Function 00FB8060 Relevance: 7.4, Strings: 5, Instructions: 1151COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1653254072.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                • Associated: 00000000.00000002.1653140766.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653761657.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653855110.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: ERCP$VUUU$VUUU$VUUU$VUUU
                                                                • API String ID: 0-1546025612
                                                                • Opcode ID: d270e174050309dc2360b6d72472cfd92d785ffcbe21d7b453c724c2363f4cbe
                                                                • Instruction ID: 299b0f01062941b78e92fea72956a549a9f060c9ec9ff328a09c7ac26a27de93
                                                                • Opcode Fuzzy Hash: d270e174050309dc2360b6d72472cfd92d785ffcbe21d7b453c724c2363f4cbe
                                                                • Instruction Fuzzy Hash: A8A27B71E0021ACBDF24CF59C8407FDB7B5AF94764F2481AADA15A7294DB309D82EF90
                                                                Function 0101AB9C Relevance: 6.1, APIs: 4, Instructions: 103keyboardwindowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetKeyboardState.USER32(?,75C0C0D0,?,00008000), ref: 0101ABF1
                                                                • SetKeyboardState.USER32(00000080,?,00008000), ref: 0101AC0D
                                                                • PostMessageW.USER32(00000000,00000101,00000000), ref: 0101AC74
                                                                • SendInput.USER32(00000001,?,0000001C,75C0C0D0,?,00008000), ref: 0101ACC6
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1653254072.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                • Associated: 00000000.00000002.1653140766.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653761657.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653855110.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                Similarity
                                                                • API ID: KeyboardState$InputMessagePostSend
                                                                • String ID:
                                                                • API String ID: 432972143-0
                                                                • Opcode ID: 2f30d33ffb5f2dcd955031d2cf66efbbd1f3fdb4063a9e962ac19c98474737ea
                                                                • Instruction ID: 1287e0e7cdc60f8d93d43670a2d9a3fb39d2edfab8ab083887bcf755f3a50fc7
                                                                • Opcode Fuzzy Hash: 2f30d33ffb5f2dcd955031d2cf66efbbd1f3fdb4063a9e962ac19c98474737ea
                                                                • Instruction Fuzzy Hash: 1D311470B0129CEFFF358A6988147FE7AE5AB89320F04425AE4C5932D9D37D85858791
                                                                Function 00FEBB6F Relevance: 6.1, APIs: 4, Instructions: 90timeCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • _free.LIBCMT ref: 00FEBB7F
                                                                  • Part of subcall function 00FE29C8: RtlFreeHeap.NTDLL(00000000,00000000,?,00FED7D1,00000000,00000000,00000000,00000000,?,00FED7F8,00000000,00000007,00000000,?,00FEDBF5,00000000), ref: 00FE29DE
                                                                  • Part of subcall function 00FE29C8: GetLastError.KERNEL32(00000000,?,00FED7D1,00000000,00000000,00000000,00000000,?,00FED7F8,00000000,00000007,00000000,?,00FEDBF5,00000000,00000000), ref: 00FE29F0
                                                                • GetTimeZoneInformation.KERNEL32 ref: 00FEBB91
                                                                • WideCharToMultiByte.KERNEL32(00000000,?,0108121C,000000FF,?,0000003F,?,?), ref: 00FEBC09
                                                                • WideCharToMultiByte.KERNEL32(00000000,?,01081270,000000FF,?,0000003F,?,?,?,0108121C,000000FF,?,0000003F,?,?), ref: 00FEBC36
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1653254072.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                • Associated: 00000000.00000002.1653140766.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653761657.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653855110.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                Similarity
                                                                • API ID: ByteCharMultiWide$ErrorFreeHeapInformationLastTimeZone_free
                                                                • String ID:
                                                                • API String ID: 806657224-0
                                                                • Opcode ID: 71ca21a603c42bc940fd43b5eed74ab34d5847a3f785a8e994bf9bd509b7c5ee
                                                                • Instruction ID: 3aa04fe6f5a930c4b223f9f19fd3a21f93bfa5d89213eaae68d4aff2dd6efe41
                                                                • Opcode Fuzzy Hash: 71ca21a603c42bc940fd43b5eed74ab34d5847a3f785a8e994bf9bd509b7c5ee
                                                                • Instruction Fuzzy Hash: FD31A5B1D08285DFCB21DF6ADC8156EBBB8FF45320714425AE0D0D72A5D7359D11EB50
                                                                Function 01018298 Relevance: 5.1, APIs: 1, Strings: 2, Instructions: 568stringCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • lstrlenW.KERNEL32(?,?,?,00000000), ref: 010182AA
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1653254072.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                • Associated: 00000000.00000002.1653140766.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653761657.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653855110.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                Similarity
                                                                • API ID: lstrlen
                                                                • String ID: ($|
                                                                • API String ID: 1659193697-1631851259
                                                                • Opcode ID: 0c9f092f67374a515146692532f868158a15ceeed18ab35cde732a94dc976c6b
                                                                • Instruction ID: 8867a19adc1518d5011fb31ad30748ee444769a254c286ee101210e22c423ba1
                                                                • Opcode Fuzzy Hash: 0c9f092f67374a515146692532f868158a15ceeed18ab35cde732a94dc976c6b
                                                                • Instruction Fuzzy Hash: 6B323674A007059FDB28CF59C481A6AB7F0FF48310B15C5AEE99ADB3A5E774EA41CB40
                                                                Function 01025C97 Relevance: 4.6, APIs: 3, Instructions: 138fileCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • FindFirstFileW.KERNEL32(?,?), ref: 01025CC1
                                                                • FindNextFileW.KERNEL32(00000000,?), ref: 01025D17
                                                                • FindClose.KERNEL32(?), ref: 01025D5F
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1653254072.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                • Associated: 00000000.00000002.1653140766.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653761657.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653855110.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                Similarity
                                                                • API ID: Find$File$CloseFirstNext
                                                                • String ID:
                                                                • API String ID: 3541575487-0
                                                                • Opcode ID: a497527ad515021c0dac5025e5faf432ef73e1c264a02a41837c07dcf0987874
                                                                • Instruction ID: cdd90ca96e01d2c00d38ca6e0499fe8a019ce1ea9896f9b2b481df7545bc4c6f
                                                                • Opcode Fuzzy Hash: a497527ad515021c0dac5025e5faf432ef73e1c264a02a41837c07dcf0987874
                                                                • Instruction Fuzzy Hash: A551BB746046019FD324DF28C894E9AB7E4FF49314F14859EEA9A8B3A2CB34E905CF91
                                                                Function 00FE2622 Relevance: 4.6, APIs: 3, Instructions: 78COMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                • IsDebuggerPresent.KERNEL32 ref: 00FE271A
                                                                • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 00FE2724
                                                                • UnhandledExceptionFilter.KERNEL32(?), ref: 00FE2731
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1653254072.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                • Associated: 00000000.00000002.1653140766.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653761657.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653855110.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                Similarity
                                                                • API ID: ExceptionFilterUnhandled$DebuggerPresent
                                                                • String ID:
                                                                • API String ID: 3906539128-0
                                                                • Opcode ID: ff05fe2eee98c580520ca5c81a6a0c0f2b12e6da27534f7527f36860ec4b8832
                                                                • Instruction ID: 1a4fc8bb68a32aa02cbc7686de97eabf21585f41107b70d6d36397afb3446d33
                                                                • Opcode Fuzzy Hash: ff05fe2eee98c580520ca5c81a6a0c0f2b12e6da27534f7527f36860ec4b8832
                                                                • Instruction Fuzzy Hash: 0331D57490121CABCB61DF64DD8879CB7B8AF08310F5041EAE40CA7260EB349F819F44
                                                                Function 010251CD Relevance: 4.6, APIs: 3, Instructions: 76COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • SetErrorMode.KERNEL32(00000001), ref: 010251DA
                                                                • GetDiskFreeSpaceExW.KERNEL32(?,?,?,?), ref: 01025238
                                                                • SetErrorMode.KERNEL32(00000000), ref: 010252A1
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1653254072.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                • Associated: 00000000.00000002.1653140766.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653761657.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653855110.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                Similarity
                                                                • API ID: ErrorMode$DiskFreeSpace
                                                                • String ID:
                                                                • API String ID: 1682464887-0
                                                                • Opcode ID: 0afb903a804c613a31441ce3e2c42c3a1b962efd3d344149b9d4493aca5c2108
                                                                • Instruction ID: 2a75db941b01b77ba401c4b69913703db0f4ab7728d99f79186b314c15157ff4
                                                                • Opcode Fuzzy Hash: 0afb903a804c613a31441ce3e2c42c3a1b962efd3d344149b9d4493aca5c2108
                                                                • Instruction Fuzzy Hash: 5B314B75A001189FDB00DF54D884EEDBBB4FF49314F188099E945AB396DB36E859CBA0
                                                                Function 010116C3 Relevance: 4.6, APIs: 3, Instructions: 68COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 00FCFDDB: __CxxThrowException@8.LIBVCRUNTIME ref: 00FD0668
                                                                  • Part of subcall function 00FCFDDB: __CxxThrowException@8.LIBVCRUNTIME ref: 00FD0685
                                                                • LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 0101170D
                                                                • AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 0101173A
                                                                • GetLastError.KERNEL32 ref: 0101174A
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1653254072.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                • Associated: 00000000.00000002.1653140766.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653761657.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653855110.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                Similarity
                                                                • API ID: Exception@8Throw$AdjustErrorLastLookupPrivilegePrivilegesTokenValue
                                                                • String ID:
                                                                • API String ID: 577356006-0
                                                                • Opcode ID: 9ef33d3902fcb9fb2414ea8596a666b2b01a35448c80d4fd8c39b6330e2e538c
                                                                • Instruction ID: 526310bb1d220b47d85e8ef2e27f37c50b88315f78f1109e87de01fd4f21ecaf
                                                                • Opcode Fuzzy Hash: 9ef33d3902fcb9fb2414ea8596a666b2b01a35448c80d4fd8c39b6330e2e538c
                                                                • Instruction Fuzzy Hash: C311CEB2400305AFE7289F64EDC6E6ABBF9FB04714B20852EF59653245EB75BC418B20
                                                                Function 0101D5EB Relevance: 4.6, APIs: 3, Instructions: 58fileCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • CreateFileW.KERNEL32(?,00000080,00000003,00000000,00000003,00000080,00000000), ref: 0101D608
                                                                • DeviceIoControl.KERNEL32(00000000,002D1400,?,0000000C,?,00000028,?,00000000), ref: 0101D645
                                                                • CloseHandle.KERNEL32(?,?,00000080,00000003,00000000,00000003,00000080,00000000), ref: 0101D650
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1653254072.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                • Associated: 00000000.00000002.1653140766.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653761657.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653855110.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                Similarity
                                                                • API ID: CloseControlCreateDeviceFileHandle
                                                                • String ID:
                                                                • API String ID: 33631002-0
                                                                • Opcode ID: 1aa9634148c7c479825d483d9c85ba6f73a0733b66ab23008dc67b78f3011171
                                                                • Instruction ID: 25adda8ae497e67ec2e4928290c3d9c53c4b70ec750698f318fa4540bb530ae2
                                                                • Opcode Fuzzy Hash: 1aa9634148c7c479825d483d9c85ba6f73a0733b66ab23008dc67b78f3011171
                                                                • Instruction Fuzzy Hash: 0D11A5B5E01228BFEB208F98DD48FAFBFBCEB49B50F104151F904E7284C2745A018BA1
                                                                Function 01011663 Relevance: 4.5, APIs: 3, Instructions: 40memoryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • AllocateAndInitializeSid.ADVAPI32(?,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?,?), ref: 0101168C
                                                                • CheckTokenMembership.ADVAPI32(00000000,?,?), ref: 010116A1
                                                                • FreeSid.ADVAPI32(?), ref: 010116B1
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1653254072.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                • Associated: 00000000.00000002.1653140766.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653761657.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653855110.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                Similarity
                                                                • API ID: AllocateCheckFreeInitializeMembershipToken
                                                                • String ID:
                                                                • API String ID: 3429775523-0
                                                                • Opcode ID: 649478a36e4aaf523900ecf54748ffd342b82e48950f9940c035adf34c883927
                                                                • Instruction ID: b0faec7228f12f0484c3ec79d49745ca66106dca07cbc4d0d1802485f5e4d5c4
                                                                • Opcode Fuzzy Hash: 649478a36e4aaf523900ecf54748ffd342b82e48950f9940c035adf34c883927
                                                                • Instruction Fuzzy Hash: C8F06D7594130CBBEF00CFE4CA89EAEBBBCFB08200F004860F500E2180D335AA048B50
                                                                Function 0100D27A Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetUserNameW.ADVAPI32(?,?), ref: 0100D28C
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1653254072.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                • Associated: 00000000.00000002.1653140766.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653761657.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653855110.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                Similarity
                                                                • API ID: NameUser
                                                                • String ID: X64
                                                                • API String ID: 2645101109-893830106
                                                                • Opcode ID: 7731a3ba950923721242b8eb4d7f405427b360f9639760b31bc6fcb86185c3d3
                                                                • Instruction ID: f0dd8843a02c8b805f4e0db9ebd637f4b98bb49a1bacb47f41cbfb9c01a90267
                                                                • Opcode Fuzzy Hash: 7731a3ba950923721242b8eb4d7f405427b360f9639760b31bc6fcb86185c3d3
                                                                • Instruction Fuzzy Hash: A4D0C9B580211DEBDB90CA90D9C8EDDB37CBB14315F000155F146A2040D73495488F20
                                                                Function 00FDCAA0 Relevance: 3.5, APIs: 2, Instructions: 464COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1653254072.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                • Associated: 00000000.00000002.1653140766.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653761657.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653855110.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 2fbdbeface8d474e65e3d830227d731b015bc4fe83c76ff0107a9da6199ccf29
                                                                • Instruction ID: 0ec09bfbf72540a9a835a91fdbcc500dca4054007af314270c8d849a4306da2f
                                                                • Opcode Fuzzy Hash: 2fbdbeface8d474e65e3d830227d731b015bc4fe83c76ff0107a9da6199ccf29
                                                                • Instruction Fuzzy Hash: F1021E71E0011A9BDF14CFA9C9806ADFBF2FF48324F29426AD919E7384D731A941DB94
                                                                Function 010268EE Relevance: 3.1, APIs: 2, Instructions: 57fileCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • FindFirstFileW.KERNEL32(?,?), ref: 01026918
                                                                • FindClose.KERNEL32(00000000), ref: 01026961
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1653254072.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                • Associated: 00000000.00000002.1653140766.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653761657.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653855110.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                Similarity
                                                                • API ID: Find$CloseFileFirst
                                                                • String ID:
                                                                • API String ID: 2295610775-0
                                                                • Opcode ID: 40a7716a254376e3936945a83ce23cc503ea04fe5927219d6bd2df71e65a0e8c
                                                                • Instruction ID: 8ac45eb550a19c07d12bb6cb7a2ca200bbb13d6b0dccc26fc99f7487b9113a2e
                                                                • Opcode Fuzzy Hash: 40a7716a254376e3936945a83ce23cc503ea04fe5927219d6bd2df71e65a0e8c
                                                                • Instruction Fuzzy Hash: 4F11D3756042109FD710DF2AC484A56BBE4FF85328F04C699F9A98F2A2CB35EC05CB90
                                                                Function 010237B5 Relevance: 3.0, APIs: 2, Instructions: 33windowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetLastError.KERNEL32(00000000,?,00000FFF,00000000,?,?,?,01034891,?,?,00000035,?), ref: 010237E4
                                                                • FormatMessageW.KERNEL32(00001000,00000000,?,00000000,?,00000FFF,00000000,?,?,?,01034891,?,?,00000035,?), ref: 010237F4
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1653254072.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                • Associated: 00000000.00000002.1653140766.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653761657.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653855110.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                Similarity
                                                                • API ID: ErrorFormatLastMessage
                                                                • String ID:
                                                                • API String ID: 3479602957-0
                                                                • Opcode ID: 856f33f9238aa253a15c7f904ce47533bca391007964fd58b389954c8bd2f67b
                                                                • Instruction ID: c4a1cf5b9420bf9a918e24786cd695d1065fddfbeb122f205aab211972864b81
                                                                • Opcode Fuzzy Hash: 856f33f9238aa253a15c7f904ce47533bca391007964fd58b389954c8bd2f67b
                                                                • Instruction Fuzzy Hash: 47F0ECB46052296BEB3016664D4DFEB3A9DFFC4761F000165F509D2185D5645904C7B0
                                                                Function 0101B226 Relevance: 3.0, APIs: 2, Instructions: 29keyboardCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • SendInput.USER32(00000001,?,0000001C,?,?,00000002), ref: 0101B25D
                                                                • keybd_event.USER32(?,75C0C0D0,?,00000000), ref: 0101B270
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1653254072.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                • Associated: 00000000.00000002.1653140766.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653761657.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653855110.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                Similarity
                                                                • API ID: InputSendkeybd_event
                                                                • String ID:
                                                                • API String ID: 3536248340-0
                                                                • Opcode ID: dae189ebb16458f75a4f2225401deae46132971060294723a1e3d19c5de79267
                                                                • Instruction ID: 55a05f3a71d5ecbbf4bb9aa5805449efb8ca92322e46e6b44d37b649ea165e0e
                                                                • Opcode Fuzzy Hash: dae189ebb16458f75a4f2225401deae46132971060294723a1e3d19c5de79267
                                                                • Instruction Fuzzy Hash: 56F06D7480424DABEB158FA0C805BEE7FB0FF04305F008009F991A5195C37D82058F94
                                                                Function 010110BF Relevance: 3.0, APIs: 2, Instructions: 24COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000,?,010111FC), ref: 010110D4
                                                                • CloseHandle.KERNEL32(?,?,010111FC), ref: 010110E9
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1653254072.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                • Associated: 00000000.00000002.1653140766.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653761657.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653855110.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                Similarity
                                                                • API ID: AdjustCloseHandlePrivilegesToken
                                                                • String ID:
                                                                • API String ID: 81990902-0
                                                                • Opcode ID: 749105cef049f10b86a818322a8d02ef21cee7dc56a2ff14ac58fe009ebe4982
                                                                • Instruction ID: 01fa13f55269a1594a00b28faeed41018438937d756e13779c0d37ea07b08d75
                                                                • Opcode Fuzzy Hash: 749105cef049f10b86a818322a8d02ef21cee7dc56a2ff14ac58fe009ebe4982
                                                                • Instruction Fuzzy Hash: 52E04F72005611AFF7352B21FE06F73BBE9EB04310B10882DF5A6804B5DB666C90EB10
                                                                Function 00FBCAF0 Relevance: 1.9, Strings: 1, Instructions: 659COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                • Variable is not of type 'Object'., xrefs: 01000C40
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1653254072.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                • Associated: 00000000.00000002.1653140766.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653761657.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653855110.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: Variable is not of type 'Object'.
                                                                • API String ID: 0-1840281001
                                                                • Opcode ID: 43420e5301220b535b7a6d4de09eb6cbb11c07e9c4c22d82a64db79cb0228191
                                                                • Instruction ID: 4e0cd668a339c98a4cf83ffebccfbb2c18efa8f522dc1b0f9279c97dde1748cd
                                                                • Opcode Fuzzy Hash: 43420e5301220b535b7a6d4de09eb6cbb11c07e9c4c22d82a64db79cb0228191
                                                                • Instruction Fuzzy Hash: BE32BF74900208DBDF15DF95C881BFEBBB5BF04344F1080A9E846AB286CB75AD45EFA0
                                                                Function 00FE676B Relevance: 1.8, APIs: 1, Instructions: 269COMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                • RaiseException.KERNEL32(C000000D,00000000,00000001,?,?,00000008,?,?,00FE6766,?,?,00000008,?,?,00FEFEFE,00000000), ref: 00FE6998
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1653254072.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                • Associated: 00000000.00000002.1653140766.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653761657.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653855110.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                Similarity
                                                                • API ID: ExceptionRaise
                                                                • String ID:
                                                                • API String ID: 3997070919-0
                                                                • Opcode ID: 1184fe288ff2e6785ed18563fe0dae6b52c7545844f449d0520eafadcd9d03ad
                                                                • Instruction ID: eae6ccfec06b48326eb75b1f31153e7824eebca2cf1b2b88d8a77087b52af0ad
                                                                • Opcode Fuzzy Hash: 1184fe288ff2e6785ed18563fe0dae6b52c7545844f449d0520eafadcd9d03ad
                                                                • Instruction Fuzzy Hash: F0B17D32A10648CFD715CF29C48AB647BE0FF153A4F258658E8D9CF2A2C335EA81DB40
                                                                Function 00FCB119 Relevance: 1.8, Strings: 1, Instructions: 511COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1653254072.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                • Associated: 00000000.00000002.1653140766.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653761657.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653855110.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID: 0-3916222277
                                                                • Opcode ID: e71effcd8ba3a6a3f436c07dc32c8579ac99806d616c431d43f7a95ab4097c91
                                                                • Instruction ID: 6bc4af39848ff12b81c46f21bd9cc5dede982e8ef4ee20e87b73372b62f28ae7
                                                                • Opcode Fuzzy Hash: e71effcd8ba3a6a3f436c07dc32c8579ac99806d616c431d43f7a95ab4097c91
                                                                • Instruction Fuzzy Hash: 27128E75D0022ADBDB15CF58C981BEEB7F5FF48310F1081AAE849EB295D7349A81DB90
                                                                Function 0102EAA2 Relevance: 1.5, APIs: 1, Instructions: 25keyboardCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • BlockInput.USER32(00000001), ref: 0102EABD
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1653254072.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                • Associated: 00000000.00000002.1653140766.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653761657.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653855110.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                Similarity
                                                                • API ID: BlockInput
                                                                • String ID:
                                                                • API String ID: 3456056419-0
                                                                • Opcode ID: 31dc09bb97396c2d21b6a6881b4cd506713f229b9efd343011509277378b20ea
                                                                • Instruction ID: 82979a56aefc2179cce6dde32deba2460c98714eda9790722853cbcbb960c44b
                                                                • Opcode Fuzzy Hash: 31dc09bb97396c2d21b6a6881b4cd506713f229b9efd343011509277378b20ea
                                                                • Instruction Fuzzy Hash: D3E04F352002149FD710EF5AD844E9AF7EDAF98764F00845AFC8AC7351DBB4F8408BA1
                                                                Function 0101E355 Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • mouse_event.USER32(00000002,00000000,00000000,00000000,00000000), ref: 0101E37E
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1653254072.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                • Associated: 00000000.00000002.1653140766.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653761657.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653855110.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                Similarity
                                                                • API ID: mouse_event
                                                                • String ID:
                                                                • API String ID: 2434400541-0
                                                                • Opcode ID: 27eb5ba48e83bb9c2a83add63fac3213c06026b2115b4995709e6a21abf316e2
                                                                • Instruction ID: 76cf4470b07f809d6ca9cc0efc76cdf218603079584217e542a97fe3fd53baa5
                                                                • Opcode Fuzzy Hash: 27eb5ba48e83bb9c2a83add63fac3213c06026b2115b4995709e6a21abf316e2
                                                                • Instruction Fuzzy Hash: 60D05BF69502013DF67F093CCA3FF7E3948E301540F40D789B9C18558DD58D95445011
                                                                Function 00FD09D5 Relevance: 1.5, APIs: 1, Instructions: 3COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • SetUnhandledExceptionFilter.KERNEL32(Function_000209E1,00FD03EE), ref: 00FD09DA
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1653254072.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                • Associated: 00000000.00000002.1653140766.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653761657.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653855110.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                Similarity
                                                                • API ID: ExceptionFilterUnhandled
                                                                • String ID:
                                                                • API String ID: 3192549508-0
                                                                • Opcode ID: e30b468dcd370fb597ce4eb0c9c979bb3df543af61a6ac2bee5615c2933c59bc
                                                                • Instruction ID: 29bc029ac08ff65445c1443ec37554059e21f33ccab96ce3ad1c12cf16d18755
                                                                • Opcode Fuzzy Hash: e30b468dcd370fb597ce4eb0c9c979bb3df543af61a6ac2bee5615c2933c59bc
                                                                • Instruction Fuzzy Hash:
                                                                Function 00FD781B Relevance: 1.5, Strings: 1, Instructions: 214COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1653254072.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                • Associated: 00000000.00000002.1653140766.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653761657.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653855110.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: 0
                                                                • API String ID: 0-4108050209
                                                                • Opcode ID: 9084b4e029052128895840c3c28e948f6724b1d83b91d22a18243ac96ad56844
                                                                • Instruction ID: 0bcec54859ad7e679b65416c172dfa5ec6e14ed46baba19462af35d8c1db25fc
                                                                • Opcode Fuzzy Hash: 9084b4e029052128895840c3c28e948f6724b1d83b91d22a18243ac96ad56844
                                                                • Instruction Fuzzy Hash: BB512572E0C7455ADB387568886A7BE73979B02360F2C050BD886DF382F619DE06F356
                                                                Function 00FE6DD9 Relevance: .6, Instructions: 637COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1653254072.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                • Associated: 00000000.00000002.1653140766.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653761657.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653855110.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: d58340813ae995f8a32acd47bbeb83919726482b623e3881532716577c3c5885
                                                                • Instruction ID: 84d44c8f69f79af992799ea23862d20a89d282e4049f3d1d8703eb6541053119
                                                                • Opcode Fuzzy Hash: d58340813ae995f8a32acd47bbeb83919726482b623e3881532716577c3c5885
                                                                • Instruction Fuzzy Hash: 54325732D29F818DD733A535D8223366249AFB73D5F25C737F81AB5999EB2AC4835200
                                                                Function 00FCCC39 Relevance: .6, Instructions: 635COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1653254072.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                • Associated: 00000000.00000002.1653140766.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653761657.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653855110.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: ad410da5bd3bebb3234123215b208b11da836efd24136b42fd274ebdc860aaab
                                                                • Instruction ID: c4fd43e1b6d05baba6e642a8de4521efb0ef5f332cb99a5371ba0aea5db6d792
                                                                • Opcode Fuzzy Hash: ad410da5bd3bebb3234123215b208b11da836efd24136b42fd274ebdc860aaab
                                                                • Instruction Fuzzy Hash: 7A32F731A001868BFF26CE2CC695BBD7BE1EB45314F1882EAD6C9DB2D1D6349D81E741
                                                                Function 00FB7920 Relevance: .6, Instructions: 563COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1653254072.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                • Associated: 00000000.00000002.1653140766.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653761657.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653855110.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 2aff04854b7a86d83edad2ddbbec12c6e4b739824e99dc7399ebecc971a29810
                                                                • Instruction ID: df34b0cdba744a7d7980f9d2c8b78e4afcc2f3e3c0daebb4dc7293aed475540e
                                                                • Opcode Fuzzy Hash: 2aff04854b7a86d83edad2ddbbec12c6e4b739824e99dc7399ebecc971a29810
                                                                • Instruction Fuzzy Hash: 7622C171E0460A9FDF14DF65C881BEEB3B6FF44710F148129E912AB2A1EB399914EF50
                                                                Function 00FB91C0 Relevance: .5, Instructions: 475COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1653254072.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                • Associated: 00000000.00000002.1653140766.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653761657.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653855110.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 9d9f948cfbf2051e522f987d7a94d27216cb40a5d3ca55053a9157f05f3f1e0b
                                                                • Instruction ID: 77d9a11414bd6c51d7a4c9e15a8aac8d9bbe17563f6b274e49b822eb791f04cd
                                                                • Opcode Fuzzy Hash: 9d9f948cfbf2051e522f987d7a94d27216cb40a5d3ca55053a9157f05f3f1e0b
                                                                • Instruction Fuzzy Hash: 3002E6B1E0020AEBDB14DF54D881BADB7B5FF44300F108169E9069B3A0EB35AE14EF91
                                                                Function 00FE9EEE Relevance: .3, Instructions: 294COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1653254072.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                • Associated: 00000000.00000002.1653140766.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653761657.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653855110.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: f23fc04bdfdf04037809f78004f8876fb01129860b7ad7afff9a00b8affd420b
                                                                • Instruction ID: dd070c1c981e252c5383d5eaf9418582bad1fd3ec475cee9c72a62292b6abacb
                                                                • Opcode Fuzzy Hash: f23fc04bdfdf04037809f78004f8876fb01129860b7ad7afff9a00b8affd420b
                                                                • Instruction Fuzzy Hash: 50B1DD30E2AF404DD72396398821337B65CBFBB6D5B91D71BFC6678E16EB2685834240
                                                                Function 00FD1C77 Relevance: .3, Instructions: 254COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1653254072.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                • Associated: 00000000.00000002.1653140766.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653761657.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653855110.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 93657a121f16255c59120ad0d08fdbba6372c273009ad596b4ecdf6e8f3c6909
                                                                • Instruction ID: de327eba4b9be7bbf82fb6790c97d8beb057792f55ff090eed8c67f93381cb6f
                                                                • Opcode Fuzzy Hash: 93657a121f16255c59120ad0d08fdbba6372c273009ad596b4ecdf6e8f3c6909
                                                                • Instruction Fuzzy Hash: DA915873A080A359DB294639857417EFFE36A923B131E079FD4F2CB2C5EE149554F620
                                                                Function 00FD1F32 Relevance: .2, Instructions: 244COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1653254072.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                • Associated: 00000000.00000002.1653140766.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653761657.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653855110.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 05e0b846b00456d0f1e87463b9d189974beed2fe63262d4392584e128a114ea2
                                                                • Instruction ID: bc268fc8ae12e701db64e41a8dc059e572a10273281a9c1b3f5609f0f6d9a1df
                                                                • Opcode Fuzzy Hash: 05e0b846b00456d0f1e87463b9d189974beed2fe63262d4392584e128a114ea2
                                                                • Instruction Fuzzy Hash: 139133736090A349DB694239857813EFFE35AA23B131E479FE4F2CB2C5EE248554F660
                                                                Function 00FD19B0 Relevance: .2, Instructions: 240COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1653254072.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                • Associated: 00000000.00000002.1653140766.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653761657.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653855110.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 40101273f58913c3cb3bc7eb54df01d47b4121c3e67d19f11ec2cb23d33ea445
                                                                • Instruction ID: 5ade836d50f2ba1a2e2700176c81c1f7ff226f23d3ed3932f0be03e06c472548
                                                                • Opcode Fuzzy Hash: 40101273f58913c3cb3bc7eb54df01d47b4121c3e67d19f11ec2cb23d33ea445
                                                                • Instruction Fuzzy Hash: 6D9143736090A35ADB2D427A857407EFFE26A923B131E079FD4F2CA2C5FD249564F620
                                                                Function 00FD7A4A Relevance: .2, Instructions: 237COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1653254072.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                • Associated: 00000000.00000002.1653140766.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653761657.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653855110.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 27a0e8338f4ae30d394ae593967e9a9e0a899335f3f4358955dadde2426327ec
                                                                • Instruction ID: 0044475403c1d031b7f600f15e44cabb12c3c20a0073e958e124c2a47b8735d7
                                                                • Opcode Fuzzy Hash: 27a0e8338f4ae30d394ae593967e9a9e0a899335f3f4358955dadde2426327ec
                                                                • Instruction Fuzzy Hash: 18617932A0870956DA34BA288C96BBE3397DF81760F1C091BE843DF395F6199E43B355
                                                                Function 00FD7CA7 Relevance: .2, Instructions: 237COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1653254072.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                • Associated: 00000000.00000002.1653140766.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653761657.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653855110.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 6881065cb1fca9e28be1ecf94750afcc7befb2ccbb9d147fc015b3291199af01
                                                                • Instruction ID: 5d0f5e1b21c5b005b7c5d6aa0435673f2387f18bca79bd88d46a8749373196d3
                                                                • Opcode Fuzzy Hash: 6881065cb1fca9e28be1ecf94750afcc7befb2ccbb9d147fc015b3291199af01
                                                                • Instruction Fuzzy Hash: 71617932E0870956DA387A288C52BBF73979F42764F1C095BE843DF381FA16ED42B255
                                                                Function 00FD1706 Relevance: .2, Instructions: 232COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1653254072.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                • Associated: 00000000.00000002.1653140766.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653761657.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653855110.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 70da388f96bbbf26b230a155b4728740b34f0d100ea60ab2bbadb9d7d0befbf0
                                                                • Instruction ID: b8c7e90210c7dae8e70810bc4190ebfa1ec5295057d372db13c03a4ad69e6ed5
                                                                • Opcode Fuzzy Hash: 70da388f96bbbf26b230a155b4728740b34f0d100ea60ab2bbadb9d7d0befbf0
                                                                • Instruction Fuzzy Hash: 7A815673A090A319EB698279853443EFFE37A923B131E079FD4F2CA2D1ED248554F620
                                                                Function 01022046 Relevance: .1, Instructions: 72COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1653254072.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                • Associated: 00000000.00000002.1653140766.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653761657.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653855110.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 008bf39707338cc9d983f86ebc8232bde26f408400f51856fa11cfb2ac2a7b53
                                                                • Instruction ID: ece4be69f79a78f07b7dc9b32499637644add3f7ba539005fa8f4667404510ca
                                                                • Opcode Fuzzy Hash: 008bf39707338cc9d983f86ebc8232bde26f408400f51856fa11cfb2ac2a7b53
                                                                • Instruction Fuzzy Hash: 4421B7326206118BD728CEB9C86267E73E5A754314F25866EE4E7C77C5DE3AA904CB80
                                                                Function 01032ADE Relevance: 77.5, APIs: 40, Strings: 4, Instructions: 486filecommemoryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • DeleteObject.GDI32(00000000), ref: 01032B30
                                                                • DeleteObject.GDI32(00000000), ref: 01032B43
                                                                • DestroyWindow.USER32 ref: 01032B52
                                                                • GetDesktopWindow.USER32 ref: 01032B6D
                                                                • GetWindowRect.USER32(00000000), ref: 01032B74
                                                                • SetRect.USER32(?,00000000,00000000,00000007,00000002), ref: 01032CA3
                                                                • AdjustWindowRectEx.USER32(?,88C00000,00000000,?), ref: 01032CB1
                                                                • CreateWindowExW.USER32(?,AutoIt v3,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 01032CF8
                                                                • GetClientRect.USER32(00000000,?), ref: 01032D04
                                                                • CreateWindowExW.USER32(00000000,static,00000000,5000000E,00000000,00000000,?,?,00000000,00000000,00000000), ref: 01032D40
                                                                • CreateFileW.KERNEL32(?,80000000,00000000,00000000,00000003,00000000,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 01032D62
                                                                • GetFileSize.KERNEL32(00000000,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 01032D75
                                                                • GlobalAlloc.KERNEL32(00000002,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 01032D80
                                                                • GlobalLock.KERNEL32(00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 01032D89
                                                                • ReadFile.KERNEL32(00000000,00000000,00000000,?,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 01032D98
                                                                • GlobalUnlock.KERNEL32(00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 01032DA1
                                                                • CloseHandle.KERNEL32(00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 01032DA8
                                                                • GlobalFree.KERNEL32(00000000), ref: 01032DB3
                                                                • CreateStreamOnHGlobal.OLE32(00000000,00000001,?,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 01032DC5
                                                                • OleLoadPicture.OLEAUT32(?,00000000,00000000,0104FC38,00000000), ref: 01032DDB
                                                                • GlobalFree.KERNEL32(00000000), ref: 01032DEB
                                                                • CopyImage.USER32(00000007,00000000,00000000,00000000,00002000), ref: 01032E11
                                                                • SendMessageW.USER32(00000000,00000172,00000000,00000007), ref: 01032E30
                                                                • SetWindowPos.USER32(00000000,00000000,00000000,00000000,?,?,00000020,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 01032E52
                                                                • ShowWindow.USER32(00000004,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 0103303F
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1653254072.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                • Associated: 00000000.00000002.1653140766.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653761657.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653855110.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                Similarity
                                                                • API ID: Window$Global$CreateRect$File$DeleteFreeObject$AdjustAllocClientCloseCopyDesktopDestroyHandleImageLoadLockMessagePictureReadSendShowSizeStreamUnlock
                                                                • String ID: $AutoIt v3$DISPLAY$static
                                                                • API String ID: 2211948467-2373415609
                                                                • Opcode ID: aefec44401f60c49a5288460d31846f3012a051cabca043dd429e7b944057986
                                                                • Instruction ID: b5d479a259b64884447a2c3a9223abab54f08cd9c661ff2c3e86b238aedc940a
                                                                • Opcode Fuzzy Hash: aefec44401f60c49a5288460d31846f3012a051cabca043dd429e7b944057986
                                                                • Instruction Fuzzy Hash: C6027EB5500204AFEB24DFA5CE89EAE7BB9FF49310F048158F955AB294C779AD01CF60
                                                                Function 010470D5 Relevance: 49.8, APIs: 33, Instructions: 273COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • SetTextColor.GDI32(?,00000000), ref: 0104712F
                                                                • GetSysColorBrush.USER32(0000000F), ref: 01047160
                                                                • GetSysColor.USER32(0000000F), ref: 0104716C
                                                                • SetBkColor.GDI32(?,000000FF), ref: 01047186
                                                                • SelectObject.GDI32(?,?), ref: 01047195
                                                                • InflateRect.USER32(?,000000FF,000000FF), ref: 010471C0
                                                                • GetSysColor.USER32(00000010), ref: 010471C8
                                                                • CreateSolidBrush.GDI32(00000000), ref: 010471CF
                                                                • FrameRect.USER32(?,?,00000000), ref: 010471DE
                                                                • DeleteObject.GDI32(00000000), ref: 010471E5
                                                                • InflateRect.USER32(?,000000FE,000000FE), ref: 01047230
                                                                • FillRect.USER32(?,?,?), ref: 01047262
                                                                • GetWindowLongW.USER32(?,000000F0), ref: 01047284
                                                                  • Part of subcall function 010473E8: GetSysColor.USER32(00000012), ref: 01047421
                                                                  • Part of subcall function 010473E8: SetTextColor.GDI32(?,?), ref: 01047425
                                                                  • Part of subcall function 010473E8: GetSysColorBrush.USER32(0000000F), ref: 0104743B
                                                                  • Part of subcall function 010473E8: GetSysColor.USER32(0000000F), ref: 01047446
                                                                  • Part of subcall function 010473E8: GetSysColor.USER32(00000011), ref: 01047463
                                                                  • Part of subcall function 010473E8: CreatePen.GDI32(00000000,00000001,00743C00), ref: 01047471
                                                                  • Part of subcall function 010473E8: SelectObject.GDI32(?,00000000), ref: 01047482
                                                                  • Part of subcall function 010473E8: SetBkColor.GDI32(?,00000000), ref: 0104748B
                                                                  • Part of subcall function 010473E8: SelectObject.GDI32(?,?), ref: 01047498
                                                                  • Part of subcall function 010473E8: InflateRect.USER32(?,000000FF,000000FF), ref: 010474B7
                                                                  • Part of subcall function 010473E8: RoundRect.GDI32(?,?,?,?,?,00000005,00000005), ref: 010474CE
                                                                  • Part of subcall function 010473E8: GetWindowLongW.USER32(00000000,000000F0), ref: 010474DB
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1653254072.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                • Associated: 00000000.00000002.1653140766.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653761657.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653855110.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                Similarity
                                                                • API ID: Color$Rect$Object$BrushInflateSelect$CreateLongTextWindow$DeleteFillFrameRoundSolid
                                                                • String ID:
                                                                • API String ID: 4124339563-0
                                                                • Opcode ID: df17967fc24d73baffa748ba34755209455ca6ff8f87e875dc731a76f57a4e4c
                                                                • Instruction ID: b28da65a062b6ad63ea76a2bd0bd16e51b913d0469267597c7c5ca89f9f9c0d7
                                                                • Opcode Fuzzy Hash: df17967fc24d73baffa748ba34755209455ca6ff8f87e875dc731a76f57a4e4c
                                                                • Instruction Fuzzy Hash: C8A1B2B6009301BFE7219F64DE88A5F7BE9FB49320F100A29FAE2961E0D735D444CB91
                                                                Function 00FC8D85 Relevance: 47.7, APIs: 26, Strings: 1, Instructions: 480windowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • DestroyWindow.USER32(?,?), ref: 00FC8E14
                                                                • SendMessageW.USER32(?,00001308,?,00000000), ref: 01006AC5
                                                                • ImageList_Remove.COMCTL32(?,000000FF,?), ref: 01006AFE
                                                                • MoveWindow.USER32(?,?,?,?,?,00000000), ref: 01006F43
                                                                  • Part of subcall function 00FC8F62: InvalidateRect.USER32(?,00000000,00000001,?,?,?,00FC8BE8,?,00000000,?,?,?,?,00FC8BBA,00000000,?), ref: 00FC8FC5
                                                                • SendMessageW.USER32(?,00001053), ref: 01006F7F
                                                                • SendMessageW.USER32(?,00001008,000000FF,00000000), ref: 01006F96
                                                                • ImageList_Destroy.COMCTL32(00000000,?), ref: 01006FAC
                                                                • ImageList_Destroy.COMCTL32(00000000,?), ref: 01006FB7
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1653254072.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                • Associated: 00000000.00000002.1653140766.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653761657.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653855110.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                Similarity
                                                                • API ID: DestroyImageList_MessageSend$Window$InvalidateMoveRectRemove
                                                                • String ID: 0
                                                                • API String ID: 2760611726-4108050209
                                                                • Opcode ID: ec40ef50dcfedb18bb22f091964a04790f381e869a3c59ccb634458a1349124a
                                                                • Instruction ID: 9c4554b7386448957ba313087cdbe2912f7b412b1e4fe6a47d48d1ee0bacc641
                                                                • Opcode Fuzzy Hash: ec40ef50dcfedb18bb22f091964a04790f381e869a3c59ccb634458a1349124a
                                                                • Instruction Fuzzy Hash: B812B070505202EFE726DF18CA85BA97BE2FF45300F1444ADF5D58B292CB37A8A2DB51
                                                                Function 01032711 Relevance: 45.8, APIs: 22, Strings: 4, Instructions: 330windowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • DestroyWindow.USER32(00000000), ref: 0103273E
                                                                • SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 0103286A
                                                                • SetRect.USER32(?,00000000,00000000,0000012C,?), ref: 010328A9
                                                                • AdjustWindowRectEx.USER32(?,88C00000,00000000,00000008), ref: 010328B9
                                                                • CreateWindowExW.USER32(00000008,AutoIt v3,?,88C00000,000000FF,?,?,?,00000000,00000000,00000000), ref: 01032900
                                                                • GetClientRect.USER32(00000000,?), ref: 0103290C
                                                                • CreateWindowExW.USER32(00000000,static,?,50000000,?,00000004,00000500,-00000017,00000000,00000000,00000000), ref: 01032955
                                                                • CreateDCW.GDI32(DISPLAY,00000000,00000000,00000000), ref: 01032964
                                                                • GetStockObject.GDI32(00000011), ref: 01032974
                                                                • SelectObject.GDI32(00000000,00000000), ref: 01032978
                                                                • GetTextFaceW.GDI32(00000000,00000040,?,?,50000000,?,00000004,00000500,-00000017,00000000,00000000,00000000,?,88C00000,000000FF,?), ref: 01032988
                                                                • GetDeviceCaps.GDI32(00000000,0000005A), ref: 01032991
                                                                • DeleteDC.GDI32(00000000), ref: 0103299A
                                                                • CreateFontW.GDI32(00000000,00000000,00000000,00000000,00000258,00000000,00000000,00000000,00000001,00000004,00000000,00000002,00000000,?), ref: 010329C6
                                                                • SendMessageW.USER32(00000030,00000000,00000001), ref: 010329DD
                                                                • CreateWindowExW.USER32(00000200,msctls_progress32,00000000,50000001,?,-0000001D,00000104,00000014,00000000,00000000,00000000), ref: 01032A1D
                                                                • SendMessageW.USER32(00000000,00000401,00000000,00640000), ref: 01032A31
                                                                • SendMessageW.USER32(00000404,00000001,00000000), ref: 01032A42
                                                                • CreateWindowExW.USER32(00000000,static,?,50000000,?,00000041,00000500,-00000027,00000000,00000000,00000000), ref: 01032A77
                                                                • GetStockObject.GDI32(00000011), ref: 01032A82
                                                                • SendMessageW.USER32(00000030,00000000,?,50000000), ref: 01032A8D
                                                                • ShowWindow.USER32(00000004,?,50000000,?,00000004,00000500,-00000017,00000000,00000000,00000000,?,88C00000,000000FF,?,?,?), ref: 01032A97
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1653254072.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                • Associated: 00000000.00000002.1653140766.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653761657.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653855110.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                Similarity
                                                                • API ID: Window$Create$MessageSend$ObjectRect$Stock$AdjustCapsClientDeleteDestroyDeviceFaceFontInfoParametersSelectShowSystemText
                                                                • String ID: AutoIt v3$DISPLAY$msctls_progress32$static
                                                                • API String ID: 2910397461-517079104
                                                                • Opcode ID: 55ff01a913bd90a3b79bd37f92180ac6e379334c834f58ee56fa88d8cee36b74
                                                                • Instruction ID: 48cd11d79c8aaad81508408f0ae8ca074b27f7e5b0ace4eff10c214d1cede332
                                                                • Opcode Fuzzy Hash: 55ff01a913bd90a3b79bd37f92180ac6e379334c834f58ee56fa88d8cee36b74
                                                                • Instruction Fuzzy Hash: 0DB18DB5A00205AFEB24DF68CD89FAE7BA9FF48710F008554FA55E7294D774E900CBA0
                                                                Function 01024ADF Relevance: 45.7, APIs: 3, Strings: 23, Instructions: 191COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • SetErrorMode.KERNEL32(00000001), ref: 01024AED
                                                                • GetDriveTypeW.KERNEL32(?,0104CB68,?,\\.\,0104CC08), ref: 01024BCA
                                                                • SetErrorMode.KERNEL32(00000000,0104CB68,?,\\.\,0104CC08), ref: 01024D36
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1653254072.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                • Associated: 00000000.00000002.1653140766.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653761657.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653855110.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                Similarity
                                                                • API ID: ErrorMode$DriveType
                                                                • String ID: 1394$ATA$ATAPI$CDROM$Fibre$FileBackedVirtual$Fixed$MMC$Network$PhysicalDrive$RAID$RAMDisk$Removable$SAS$SATA$SCSI$SSA$SSD$USB$Unknown$Virtual$\\.\$iSCSI
                                                                • API String ID: 2907320926-4222207086
                                                                • Opcode ID: ff32d91c60b4ca97d6bf4dd1bf94d9c084b316428ce4ed6bebef0c7458f50f6e
                                                                • Instruction ID: bad18a34a07917ca7e481d30c8cc9ce06b12fce817e9f859f33f80d67225d477
                                                                • Opcode Fuzzy Hash: ff32d91c60b4ca97d6bf4dd1bf94d9c084b316428ce4ed6bebef0c7458f50f6e
                                                                • Instruction Fuzzy Hash: 4A61C630A0451ADBDB55EF1DCA819BD7BE1AB04200B24405AF88BEB712DB76ED85CB45
                                                                Function 010473E8 Relevance: 39.2, APIs: 26, Instructions: 201windowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetSysColor.USER32(00000012), ref: 01047421
                                                                • SetTextColor.GDI32(?,?), ref: 01047425
                                                                • GetSysColorBrush.USER32(0000000F), ref: 0104743B
                                                                • GetSysColor.USER32(0000000F), ref: 01047446
                                                                • CreateSolidBrush.GDI32(?), ref: 0104744B
                                                                • GetSysColor.USER32(00000011), ref: 01047463
                                                                • CreatePen.GDI32(00000000,00000001,00743C00), ref: 01047471
                                                                • SelectObject.GDI32(?,00000000), ref: 01047482
                                                                • SetBkColor.GDI32(?,00000000), ref: 0104748B
                                                                • SelectObject.GDI32(?,?), ref: 01047498
                                                                • InflateRect.USER32(?,000000FF,000000FF), ref: 010474B7
                                                                • RoundRect.GDI32(?,?,?,?,?,00000005,00000005), ref: 010474CE
                                                                • GetWindowLongW.USER32(00000000,000000F0), ref: 010474DB
                                                                • SendMessageW.USER32(00000000,0000000E,00000000,00000000), ref: 0104752A
                                                                • GetWindowTextW.USER32(00000000,00000000,00000001), ref: 01047554
                                                                • InflateRect.USER32(?,000000FD,000000FD), ref: 01047572
                                                                • DrawFocusRect.USER32(?,?), ref: 0104757D
                                                                • GetSysColor.USER32(00000011), ref: 0104758E
                                                                • SetTextColor.GDI32(?,00000000), ref: 01047596
                                                                • DrawTextW.USER32(?,010470F5,000000FF,?,00000000), ref: 010475A8
                                                                • SelectObject.GDI32(?,?), ref: 010475BF
                                                                • DeleteObject.GDI32(?), ref: 010475CA
                                                                • SelectObject.GDI32(?,?), ref: 010475D0
                                                                • DeleteObject.GDI32(?), ref: 010475D5
                                                                • SetTextColor.GDI32(?,?), ref: 010475DB
                                                                • SetBkColor.GDI32(?,?), ref: 010475E5
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1653254072.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                • Associated: 00000000.00000002.1653140766.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653761657.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653855110.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                Similarity
                                                                • API ID: Color$Object$Text$RectSelect$BrushCreateDeleteDrawInflateWindow$FocusLongMessageRoundSendSolid
                                                                • String ID:
                                                                • API String ID: 1996641542-0
                                                                • Opcode ID: 63eab8edf8d25054fdf604f35af68f9e3908773871b8c60bffe3af78036b5468
                                                                • Instruction ID: 24a0412f4f5c1efd47d5acefa8e077d664d4e5ee7303c5405bffc6ba38c6d3c6
                                                                • Opcode Fuzzy Hash: 63eab8edf8d25054fdf604f35af68f9e3908773871b8c60bffe3af78036b5468
                                                                • Instruction Fuzzy Hash: 3661A1B6901218AFEF119FA4DD88EEE7FB9EB09320F104161FA51BB291D7759940CF90
                                                                Function 01040FF3 Relevance: 37.0, APIs: 18, Strings: 3, Instructions: 284windowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetCursorPos.USER32(?), ref: 01041128
                                                                • GetDesktopWindow.USER32 ref: 0104113D
                                                                • GetWindowRect.USER32(00000000), ref: 01041144
                                                                • GetWindowLongW.USER32(?,000000F0), ref: 01041199
                                                                • DestroyWindow.USER32(?), ref: 010411B9
                                                                • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,7FFFFFFD,80000000,80000000,80000000,80000000,00000000,00000000,00000000,00000000), ref: 010411ED
                                                                • SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 0104120B
                                                                • SendMessageW.USER32(00000000,00000418,00000000,?), ref: 0104121D
                                                                • SendMessageW.USER32(00000000,00000421,?,?), ref: 01041232
                                                                • SendMessageW.USER32(00000000,0000041D,00000000,00000000), ref: 01041245
                                                                • IsWindowVisible.USER32(00000000), ref: 010412A1
                                                                • SendMessageW.USER32(00000000,00000412,00000000,D8F0D8F0), ref: 010412BC
                                                                • SendMessageW.USER32(00000000,00000411,00000001,00000030), ref: 010412D0
                                                                • GetWindowRect.USER32(00000000,?), ref: 010412E8
                                                                • MonitorFromPoint.USER32(?,?,00000002), ref: 0104130E
                                                                • GetMonitorInfoW.USER32(00000000,?), ref: 01041328
                                                                • CopyRect.USER32(?,?), ref: 0104133F
                                                                • SendMessageW.USER32(00000000,00000412,00000000), ref: 010413AA
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1653254072.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                • Associated: 00000000.00000002.1653140766.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653761657.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653855110.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                Similarity
                                                                • API ID: MessageSendWindow$Rect$Monitor$CopyCreateCursorDesktopDestroyFromInfoLongPointVisible
                                                                • String ID: ($0$tooltips_class32
                                                                • API String ID: 698492251-4156429822
                                                                • Opcode ID: 145dbff08522e1cad3f708d7726876ff7b614dc3280b9784a4dd225dce911ee9
                                                                • Instruction ID: 834e1bfb2a6a118db15e5c360d55781cba71caf9f48b24f3767011f7b7b376dc
                                                                • Opcode Fuzzy Hash: 145dbff08522e1cad3f708d7726876ff7b614dc3280b9784a4dd225dce911ee9
                                                                • Instruction Fuzzy Hash: FAB18DB1604341AFE754DF65C984BAABBE4FF88350F008968F9999B261C771E844CF92
                                                                Function 00FC8891 Relevance: 33.5, APIs: 18, Strings: 1, Instructions: 282windowtimeCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • SystemParametersInfoW.USER32(00000030,00000000,000000FF,00000000), ref: 00FC8968
                                                                • GetSystemMetrics.USER32(00000007), ref: 00FC8970
                                                                • SystemParametersInfoW.USER32(00000030,00000000,000000FF,00000000), ref: 00FC899B
                                                                • GetSystemMetrics.USER32(00000008), ref: 00FC89A3
                                                                • GetSystemMetrics.USER32(00000004), ref: 00FC89C8
                                                                • SetRect.USER32(000000FF,00000000,00000000,000000FF,000000FF), ref: 00FC89E5
                                                                • AdjustWindowRectEx.USER32(000000FF,?,00000000,?), ref: 00FC89F5
                                                                • CreateWindowExW.USER32(?,AutoIt v3 GUI,?,?,?,000000FF,000000FF,000000FF,?,00000000,00000000), ref: 00FC8A28
                                                                • SetWindowLongW.USER32(00000000,000000EB,00000000), ref: 00FC8A3C
                                                                • GetClientRect.USER32(00000000,000000FF), ref: 00FC8A5A
                                                                • GetStockObject.GDI32(00000011), ref: 00FC8A76
                                                                • SendMessageW.USER32(00000000,00000030,00000000), ref: 00FC8A81
                                                                  • Part of subcall function 00FC912D: GetCursorPos.USER32(?), ref: 00FC9141
                                                                  • Part of subcall function 00FC912D: ScreenToClient.USER32(00000000,?), ref: 00FC915E
                                                                  • Part of subcall function 00FC912D: GetAsyncKeyState.USER32(00000001), ref: 00FC9183
                                                                  • Part of subcall function 00FC912D: GetAsyncKeyState.USER32(00000002), ref: 00FC919D
                                                                • SetTimer.USER32(00000000,00000000,00000028,00FC90FC), ref: 00FC8AA8
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1653254072.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                • Associated: 00000000.00000002.1653140766.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653761657.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653855110.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                Similarity
                                                                • API ID: System$MetricsRectWindow$AsyncClientInfoParametersState$AdjustCreateCursorLongMessageObjectScreenSendStockTimer
                                                                • String ID: AutoIt v3 GUI
                                                                • API String ID: 1458621304-248962490
                                                                • Opcode ID: 8642b79140f9ed9b9a00c597a62e47e87531e4521e9d0c01d777d676134ea509
                                                                • Instruction ID: 817778a743a0a5ce791869a222fc5affcb1ca780becdfff28d3a8dd1781feb07
                                                                • Opcode Fuzzy Hash: 8642b79140f9ed9b9a00c597a62e47e87531e4521e9d0c01d777d676134ea509
                                                                • Instruction Fuzzy Hash: 70B19375A0020AEFEB15DF68CA85FAE3BB5FB48310F004219FA95A72C4DB39D941CB50
                                                                Function 01010D8B Relevance: 31.7, APIs: 21, Instructions: 202memoryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 010110F9: GetUserObjectSecurity.USER32(?,00000004,?,00000000,?), ref: 01011114
                                                                  • Part of subcall function 010110F9: GetLastError.KERNEL32(?,00000000,00000000,?,?,01010B9B,?,?,?), ref: 01011120
                                                                  • Part of subcall function 010110F9: GetProcessHeap.KERNEL32(00000008,?,?,00000000,00000000,?,?,01010B9B,?,?,?), ref: 0101112F
                                                                  • Part of subcall function 010110F9: HeapAlloc.KERNEL32(00000000,?,00000000,00000000,?,?,01010B9B,?,?,?), ref: 01011136
                                                                  • Part of subcall function 010110F9: GetUserObjectSecurity.USER32(?,00000004,00000000,?,?), ref: 0101114D
                                                                • GetSecurityDescriptorDacl.ADVAPI32(?,?,?,?), ref: 01010DF5
                                                                • GetAclInformation.ADVAPI32(?,?,0000000C,00000002), ref: 01010E29
                                                                • GetLengthSid.ADVAPI32(?), ref: 01010E40
                                                                • GetAce.ADVAPI32(?,00000000,?), ref: 01010E7A
                                                                • AddAce.ADVAPI32(?,00000002,000000FF,?,?), ref: 01010E96
                                                                • GetLengthSid.ADVAPI32(?), ref: 01010EAD
                                                                • GetProcessHeap.KERNEL32(00000008,00000008), ref: 01010EB5
                                                                • HeapAlloc.KERNEL32(00000000), ref: 01010EBC
                                                                • GetLengthSid.ADVAPI32(?,00000008,?), ref: 01010EDD
                                                                • CopySid.ADVAPI32(00000000), ref: 01010EE4
                                                                • AddAce.ADVAPI32(?,00000002,000000FF,00000000,?), ref: 01010F13
                                                                • SetSecurityDescriptorDacl.ADVAPI32(?,00000001,?,00000000), ref: 01010F35
                                                                • SetUserObjectSecurity.USER32(?,00000004,?), ref: 01010F47
                                                                • GetProcessHeap.KERNEL32(00000000,00000000), ref: 01010F6E
                                                                • HeapFree.KERNEL32(00000000), ref: 01010F75
                                                                • GetProcessHeap.KERNEL32(00000000,00000000), ref: 01010F7E
                                                                • HeapFree.KERNEL32(00000000), ref: 01010F85
                                                                • GetProcessHeap.KERNEL32(00000000,00000000), ref: 01010F8E
                                                                • HeapFree.KERNEL32(00000000), ref: 01010F95
                                                                • GetProcessHeap.KERNEL32(00000000,?), ref: 01010FA1
                                                                • HeapFree.KERNEL32(00000000), ref: 01010FA8
                                                                  • Part of subcall function 01011193: GetProcessHeap.KERNEL32(00000008,01010BB1,?,00000000,?,01010BB1,?), ref: 010111A1
                                                                  • Part of subcall function 01011193: HeapAlloc.KERNEL32(00000000,?,00000000,?,01010BB1,?), ref: 010111A8
                                                                  • Part of subcall function 01011193: InitializeSecurityDescriptor.ADVAPI32(00000000,00000001,?,00000000,?,01010BB1,?), ref: 010111B7
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1653254072.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                • Associated: 00000000.00000002.1653140766.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653761657.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653855110.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                Similarity
                                                                • API ID: Heap$Process$Security$Free$AllocDescriptorLengthObjectUser$Dacl$CopyErrorInformationInitializeLast
                                                                • String ID:
                                                                • API String ID: 4175595110-0
                                                                • Opcode ID: 3a61fb9ed5fc9545b4d5619290c839e68bb4d41a31fd28cd272c79e823f7c891
                                                                • Instruction ID: 064c7c1203423fb2cc581cdf7d199a012fc6c49d5c8a69653a78f81ae9664576
                                                                • Opcode Fuzzy Hash: 3a61fb9ed5fc9545b4d5619290c839e68bb4d41a31fd28cd272c79e823f7c891
                                                                • Instruction Fuzzy Hash: 52718EB190120AABEB209FA5DD45FEEBBB8BF05300F044159FA99E7188D7399945CB60
                                                                Function 0103C3B7 Relevance: 30.2, APIs: 11, Strings: 6, Instructions: 495registryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 0103C4BD
                                                                • RegCreateKeyExW.ADVAPI32(?,?,00000000,0104CC08,00000000,?,00000000,?,?), ref: 0103C544
                                                                • RegCloseKey.ADVAPI32(00000000,00000000,00000000), ref: 0103C5A4
                                                                • _wcslen.LIBCMT ref: 0103C5F4
                                                                • _wcslen.LIBCMT ref: 0103C66F
                                                                • RegSetValueExW.ADVAPI32(00000001,?,00000000,00000001,?,?), ref: 0103C6B2
                                                                • RegSetValueExW.ADVAPI32(00000001,?,00000000,00000007,?,?), ref: 0103C7C1
                                                                • RegSetValueExW.ADVAPI32(00000001,?,00000000,0000000B,?,00000008), ref: 0103C84D
                                                                • RegCloseKey.ADVAPI32(?), ref: 0103C881
                                                                • RegCloseKey.ADVAPI32(00000000), ref: 0103C88E
                                                                • RegSetValueExW.ADVAPI32(00000001,?,00000000,00000003,00000000,00000000), ref: 0103C960
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1653254072.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                • Associated: 00000000.00000002.1653140766.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653761657.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653855110.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                Similarity
                                                                • API ID: Value$Close$_wcslen$ConnectCreateRegistry
                                                                • String ID: REG_BINARY$REG_DWORD$REG_EXPAND_SZ$REG_MULTI_SZ$REG_QWORD$REG_SZ
                                                                • API String ID: 9721498-966354055
                                                                • Opcode ID: d43ac45f048c9417e7b51ce5e435afefa38e8fd18752d84eff8dc1f6f1298e2e
                                                                • Instruction ID: 1d9f2ba5476e91c3473a98e3a5631da5325cb2826f06f1693db312dd1b0211fb
                                                                • Opcode Fuzzy Hash: d43ac45f048c9417e7b51ce5e435afefa38e8fd18752d84eff8dc1f6f1298e2e
                                                                • Instruction Fuzzy Hash: B8129D352042019FE714DF15C981A6AB7E5FF88314F08889DF88A9B3A2DB35ED41DB91
                                                                Function 0104091E Relevance: 30.1, APIs: 6, Strings: 11, Instructions: 372windowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • CharUpperBuffW.USER32(?,?), ref: 010409C6
                                                                • _wcslen.LIBCMT ref: 01040A01
                                                                • SendMessageW.USER32(?,00001105,00000000,00000000), ref: 01040A54
                                                                • _wcslen.LIBCMT ref: 01040A8A
                                                                • _wcslen.LIBCMT ref: 01040B06
                                                                • _wcslen.LIBCMT ref: 01040B81
                                                                  • Part of subcall function 00FCF9F2: _wcslen.LIBCMT ref: 00FCF9FD
                                                                  • Part of subcall function 01012BE8: SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 01012BFA
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1653254072.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                • Associated: 00000000.00000002.1653140766.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653761657.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653855110.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                Similarity
                                                                • API ID: _wcslen$MessageSend$BuffCharUpper
                                                                • String ID: CHECK$COLLAPSE$EXISTS$EXPAND$GETITEMCOUNT$GETSELECTED$GETTEXT$GETTOTALCOUNT$ISCHECKED$SELECT$UNCHECK
                                                                • API String ID: 1103490817-4258414348
                                                                • Opcode ID: 1bc875cd8d9bcc4176d3afa9f212057acfdf09164f9c30a79db41f665bf25a38
                                                                • Instruction ID: c2f18390bf77bf6a20c2500dc6508136719aa3580f18d336db57655ef950cc43
                                                                • Opcode Fuzzy Hash: 1bc875cd8d9bcc4176d3afa9f212057acfdf09164f9c30a79db41f665bf25a38
                                                                • Instruction Fuzzy Hash: 0AE1A0752083018FC714EF29C8909AEB7E1BF88354B0489ADF9D6AB366D735ED45CB81
                                                                Function 0103C998 Relevance: 30.0, APIs: 7, Strings: 10, Instructions: 242COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1653254072.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                • Associated: 00000000.00000002.1653140766.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653761657.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653855110.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                Similarity
                                                                • API ID: _wcslen$BuffCharUpper
                                                                • String ID: HKCC$HKCR$HKCU$HKEY_CLASSES_ROOT$HKEY_CURRENT_CONFIG$HKEY_CURRENT_USER$HKEY_LOCAL_MACHINE$HKEY_USERS$HKLM$HKU
                                                                • API String ID: 1256254125-909552448
                                                                • Opcode ID: ccb0398b03bd8f699c12bd887018aed7a65a93f82bc45fbc57e1262dc5cca5c2
                                                                • Instruction ID: abb7730dcf61cb7faf0b9e49bb08f61defc1c869a0e5702ac75ef0c1488f8a6d
                                                                • Opcode Fuzzy Hash: ccb0398b03bd8f699c12bd887018aed7a65a93f82bc45fbc57e1262dc5cca5c2
                                                                • Instruction Fuzzy Hash: 8E712632A0052A8BEB21DE3CCE515BE33D9AFD0694F15055AF8D2F7286E635CD46D3A0
                                                                Function 0104833C Relevance: 29.9, APIs: 14, Strings: 3, Instructions: 196windowlibraryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • _wcslen.LIBCMT ref: 0104835A
                                                                • _wcslen.LIBCMT ref: 0104836E
                                                                • _wcslen.LIBCMT ref: 01048391
                                                                • _wcslen.LIBCMT ref: 010483B4
                                                                • LoadImageW.USER32(00000000,?,00000001,?,?,00002010), ref: 010483F2
                                                                • LoadLibraryExW.KERNEL32(?,00000000,00000032,?,?,00000001,?,?,?,0104361A,?), ref: 0104844E
                                                                • LoadImageW.USER32(?,?,00000001,?,?,00000000), ref: 01048487
                                                                • LoadImageW.USER32(00000000,?,00000001,?,?,00000000), ref: 010484CA
                                                                • LoadImageW.USER32(?,?,00000001,?,?,00000000), ref: 01048501
                                                                • FreeLibrary.KERNEL32(?), ref: 0104850D
                                                                • ExtractIconExW.SHELL32(?,00000000,00000000,00000000,00000001), ref: 0104851D
                                                                • DestroyIcon.USER32(?), ref: 0104852C
                                                                • SendMessageW.USER32(?,00000170,00000000,00000000), ref: 01048549
                                                                • SendMessageW.USER32(?,00000064,00000172,00000001), ref: 01048555
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1653254072.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                • Associated: 00000000.00000002.1653140766.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653761657.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653855110.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                Similarity
                                                                • API ID: Load$Image_wcslen$IconLibraryMessageSend$DestroyExtractFree
                                                                • String ID: .dll$.exe$.icl
                                                                • API String ID: 799131459-1154884017
                                                                • Opcode ID: 944b5b08399b7ef7eee41967af3fe388b9fad84d5a25b8fbae69b18cd54975ef
                                                                • Instruction ID: d056396e30106776f8a75604908a11c3c17537e9ec230d124a8605a5c87b3850
                                                                • Opcode Fuzzy Hash: 944b5b08399b7ef7eee41967af3fe388b9fad84d5a25b8fbae69b18cd54975ef
                                                                • Instruction Fuzzy Hash: 356126B1900204BFEB24CFA4CDC1BBE77A8BF04711F00895AF995D61C1DB79A980DBA0
                                                                Function 00FB7778 Relevance: 28.3, APIs: 1, Strings: 15, Instructions: 273COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1653254072.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                • Associated: 00000000.00000002.1653140766.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653761657.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653855110.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: "$#OnAutoItStartRegister$#ce$#comments-end$#comments-start$#cs$#include$#include-once$#notrayicon$#pragma compile$#requireadmin$'$Bad directive syntax error$Cannot parse #include$Unterminated group of comments
                                                                • API String ID: 0-1645009161
                                                                • Opcode ID: d582ca0389c6bbc2bd52f9add26e507a029391eebdc8a3ce8ffb5f78ec4bc8fd
                                                                • Instruction ID: 923af481db5930e64d7bbd155a29cfb2040c028c8dc6cb51c28513675a97bf9f
                                                                • Opcode Fuzzy Hash: d582ca0389c6bbc2bd52f9add26e507a029391eebdc8a3ce8ffb5f78ec4bc8fd
                                                                • Instruction Fuzzy Hash: 228118B1A04709BBDB20BF62CC42FFE77A5AF55700F144025FA05AA192EB74D911FB91
                                                                Function 01023E79 Relevance: 28.2, APIs: 8, Strings: 8, Instructions: 205COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • CharLowerBuffW.USER32(?,?), ref: 01023EF8
                                                                • _wcslen.LIBCMT ref: 01023F03
                                                                • _wcslen.LIBCMT ref: 01023F5A
                                                                • _wcslen.LIBCMT ref: 01023F98
                                                                • GetDriveTypeW.KERNEL32(?), ref: 01023FD6
                                                                • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 0102401E
                                                                • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 01024059
                                                                • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 01024087
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1653254072.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                • Associated: 00000000.00000002.1653140766.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653761657.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653855110.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                Similarity
                                                                • API ID: SendString_wcslen$BuffCharDriveLowerType
                                                                • String ID: type cdaudio alias cd wait$ wait$close$close cd wait$closed$open$open $set cd door
                                                                • API String ID: 1839972693-4113822522
                                                                • Opcode ID: 5736fc855824b745eea5e1217562361171d61a0987c495d070cfdbc9ee5d0a5e
                                                                • Instruction ID: 905e8c4a786106b2965d6c118e1d74264bf4836feae10437b21c6c6a17740a6b
                                                                • Opcode Fuzzy Hash: 5736fc855824b745eea5e1217562361171d61a0987c495d070cfdbc9ee5d0a5e
                                                                • Instruction Fuzzy Hash: 8671E071A042119FD350EF29C8808AAB7F4FF88754F00496DF8D69B252EB39ED49CB91
                                                                Function 01015A1B Relevance: 27.2, APIs: 18, Instructions: 198windowtimeCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • LoadIconW.USER32(00000063), ref: 01015A2E
                                                                • SendMessageW.USER32(?,00000080,00000000,00000000), ref: 01015A40
                                                                • SetWindowTextW.USER32(?,?), ref: 01015A57
                                                                • GetDlgItem.USER32(?,000003EA), ref: 01015A6C
                                                                • SetWindowTextW.USER32(00000000,?), ref: 01015A72
                                                                • GetDlgItem.USER32(?,000003E9), ref: 01015A82
                                                                • SetWindowTextW.USER32(00000000,?), ref: 01015A88
                                                                • SendDlgItemMessageW.USER32(?,000003E9,000000CC,?,00000000), ref: 01015AA9
                                                                • SendDlgItemMessageW.USER32(?,000003E9,000000C5,00000000,00000000), ref: 01015AC3
                                                                • GetWindowRect.USER32(?,?), ref: 01015ACC
                                                                • _wcslen.LIBCMT ref: 01015B33
                                                                • SetWindowTextW.USER32(?,?), ref: 01015B6F
                                                                • GetDesktopWindow.USER32 ref: 01015B75
                                                                • GetWindowRect.USER32(00000000), ref: 01015B7C
                                                                • MoveWindow.USER32(?,?,00000080,00000000,?,00000000), ref: 01015BD3
                                                                • GetClientRect.USER32(?,?), ref: 01015BE0
                                                                • PostMessageW.USER32(?,00000005,00000000,?), ref: 01015C05
                                                                • SetTimer.USER32(?,0000040A,00000000,00000000), ref: 01015C2F
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1653254072.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                • Associated: 00000000.00000002.1653140766.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653761657.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653855110.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                Similarity
                                                                • API ID: Window$ItemMessageText$RectSend$ClientDesktopIconLoadMovePostTimer_wcslen
                                                                • String ID:
                                                                • API String ID: 895679908-0
                                                                • Opcode ID: 89d914ecc9f0c55888be6f3247fd1c93b10216dcdfcdcfe88d64eb8c89118adf
                                                                • Instruction ID: 6e6f5d4c0a09f237421ad572a5fabe5dbe847e77acc62d5c98e4101fd6ad29e3
                                                                • Opcode Fuzzy Hash: 89d914ecc9f0c55888be6f3247fd1c93b10216dcdfcdcfe88d64eb8c89118adf
                                                                • Instruction Fuzzy Hash: 41717C71900709AFEB20DFA8CE85AAEBBF5FF88704F104958E582A7594D779E940CF50
                                                                Function 0102FE0E Relevance: 27.1, APIs: 18, Instructions: 128COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • LoadCursorW.USER32(00000000,00007F89), ref: 0102FE27
                                                                • LoadCursorW.USER32(00000000,00007F8A), ref: 0102FE32
                                                                • LoadCursorW.USER32(00000000,00007F00), ref: 0102FE3D
                                                                • LoadCursorW.USER32(00000000,00007F03), ref: 0102FE48
                                                                • LoadCursorW.USER32(00000000,00007F8B), ref: 0102FE53
                                                                • LoadCursorW.USER32(00000000,00007F01), ref: 0102FE5E
                                                                • LoadCursorW.USER32(00000000,00007F81), ref: 0102FE69
                                                                • LoadCursorW.USER32(00000000,00007F88), ref: 0102FE74
                                                                • LoadCursorW.USER32(00000000,00007F80), ref: 0102FE7F
                                                                • LoadCursorW.USER32(00000000,00007F86), ref: 0102FE8A
                                                                • LoadCursorW.USER32(00000000,00007F83), ref: 0102FE95
                                                                • LoadCursorW.USER32(00000000,00007F85), ref: 0102FEA0
                                                                • LoadCursorW.USER32(00000000,00007F82), ref: 0102FEAB
                                                                • LoadCursorW.USER32(00000000,00007F84), ref: 0102FEB6
                                                                • LoadCursorW.USER32(00000000,00007F04), ref: 0102FEC1
                                                                • LoadCursorW.USER32(00000000,00007F02), ref: 0102FECC
                                                                • GetCursorInfo.USER32(?), ref: 0102FEDC
                                                                • GetLastError.KERNEL32 ref: 0102FF1E
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1653254072.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                • Associated: 00000000.00000002.1653140766.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653761657.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653855110.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                Similarity
                                                                • API ID: Cursor$Load$ErrorInfoLast
                                                                • String ID:
                                                                • API String ID: 3215588206-0
                                                                • Opcode ID: 420be01be405eab2fd04e63ec5996eef453137538ffe96d590d538387fa1579c
                                                                • Instruction ID: a72a705c1cbde5863a1443df0de8aef8140851d00756fba46b439bceeec13c3b
                                                                • Opcode Fuzzy Hash: 420be01be405eab2fd04e63ec5996eef453137538ffe96d590d538387fa1579c
                                                                • Instruction Fuzzy Hash: 614160B0D0431AAADB509FBA8C89C5EBFF8BF04354B50456AE15DE7281DB78A5018F90
                                                                Function 00FD00C6 Relevance: 26.3, APIs: 10, Strings: 5, Instructions: 81COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • __scrt_initialize_thread_safe_statics_platform_specific.LIBCMT ref: 00FD00C6
                                                                  • Part of subcall function 00FD00ED: InitializeCriticalSectionAndSpinCount.KERNEL32(0108070C,00000FA0,D9AA1F56,?,?,?,?,00FF23B3,000000FF), ref: 00FD011C
                                                                  • Part of subcall function 00FD00ED: GetModuleHandleW.KERNEL32(api-ms-win-core-synch-l1-2-0.dll,?,?,?,?,00FF23B3,000000FF), ref: 00FD0127
                                                                  • Part of subcall function 00FD00ED: GetModuleHandleW.KERNEL32(kernel32.dll,?,?,?,?,00FF23B3,000000FF), ref: 00FD0138
                                                                  • Part of subcall function 00FD00ED: GetProcAddress.KERNEL32(00000000,InitializeConditionVariable), ref: 00FD014E
                                                                  • Part of subcall function 00FD00ED: GetProcAddress.KERNEL32(00000000,SleepConditionVariableCS), ref: 00FD015C
                                                                  • Part of subcall function 00FD00ED: GetProcAddress.KERNEL32(00000000,WakeAllConditionVariable), ref: 00FD016A
                                                                  • Part of subcall function 00FD00ED: __crt_fast_encode_pointer.LIBVCRUNTIME ref: 00FD0195
                                                                  • Part of subcall function 00FD00ED: __crt_fast_encode_pointer.LIBVCRUNTIME ref: 00FD01A0
                                                                • ___scrt_fastfail.LIBCMT ref: 00FD00E7
                                                                  • Part of subcall function 00FD00A3: __onexit.LIBCMT ref: 00FD00A9
                                                                Strings
                                                                • InitializeConditionVariable, xrefs: 00FD0148
                                                                • WakeAllConditionVariable, xrefs: 00FD0162
                                                                • kernel32.dll, xrefs: 00FD0133
                                                                • SleepConditionVariableCS, xrefs: 00FD0154
                                                                • api-ms-win-core-synch-l1-2-0.dll, xrefs: 00FD0122
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1653254072.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                • Associated: 00000000.00000002.1653140766.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653761657.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653855110.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                Similarity
                                                                • API ID: AddressProc$HandleModule__crt_fast_encode_pointer$CountCriticalInitializeSectionSpin___scrt_fastfail__onexit__scrt_initialize_thread_safe_statics_platform_specific
                                                                • String ID: InitializeConditionVariable$SleepConditionVariableCS$WakeAllConditionVariable$api-ms-win-core-synch-l1-2-0.dll$kernel32.dll
                                                                • API String ID: 66158676-1714406822
                                                                • Opcode ID: ca32bff215e006c03162dd4f2890d317b80392504f70edf3281629bf9ac310ac
                                                                • Instruction ID: 4003dd124960342809d289a81138e6d6c6b073495ebfcf6bf00558d84cf42b96
                                                                • Opcode Fuzzy Hash: ca32bff215e006c03162dd4f2890d317b80392504f70edf3281629bf9ac310ac
                                                                • Instruction Fuzzy Hash: C1210AB2E457116BE7207B65AE46B6D7396EB05B61F04013FF8C196344DE798C009B90
                                                                Function 010130F7 Relevance: 24.9, APIs: 8, Strings: 6, Instructions: 400COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1653254072.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                • Associated: 00000000.00000002.1653140766.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653761657.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653855110.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                Similarity
                                                                • API ID: _wcslen
                                                                • String ID: CLASS$CLASSNN$INSTANCE$NAME$REGEXPCLASS$TEXT
                                                                • API String ID: 176396367-1603158881
                                                                • Opcode ID: 8ab1d09c43c97edd7421e581d4366c7c542dffcc632b95282a69947fbfbe2146
                                                                • Instruction ID: 88ac7a533297c9eeed562417c2a635ccba393f96ee726678ec8b67bc2f7b9c86
                                                                • Opcode Fuzzy Hash: 8ab1d09c43c97edd7421e581d4366c7c542dffcc632b95282a69947fbfbe2146
                                                                • Instruction Fuzzy Hash: 46E10332A001169BDB199FA8C841BFEFBB5BF04720F14815AE496EB244DF38A945DB90
                                                                Function 010244C0 Relevance: 24.8, APIs: 7, Strings: 7, Instructions: 309COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • CharLowerBuffW.USER32(00000000,00000000,0104CC08), ref: 01024527
                                                                • _wcslen.LIBCMT ref: 0102453B
                                                                • _wcslen.LIBCMT ref: 01024599
                                                                • _wcslen.LIBCMT ref: 010245F4
                                                                • _wcslen.LIBCMT ref: 0102463F
                                                                • _wcslen.LIBCMT ref: 010246A7
                                                                  • Part of subcall function 00FCF9F2: _wcslen.LIBCMT ref: 00FCF9FD
                                                                • GetDriveTypeW.KERNEL32(?,01076BF0,00000061), ref: 01024743
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1653254072.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                • Associated: 00000000.00000002.1653140766.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653761657.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653855110.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                Similarity
                                                                • API ID: _wcslen$BuffCharDriveLowerType
                                                                • String ID: all$cdrom$fixed$network$ramdisk$removable$unknown
                                                                • API String ID: 2055661098-1000479233
                                                                • Opcode ID: b90d188f1ed5a0ae63ed8ddf07b3c92cbc504693b0c91651c70a32165bacc450
                                                                • Instruction ID: 13f53743fbf4dd83bea2062eb0792287fb5b29f3210a1d075aed1e93228d345f
                                                                • Opcode Fuzzy Hash: b90d188f1ed5a0ae63ed8ddf07b3c92cbc504693b0c91651c70a32165bacc450
                                                                • Instruction Fuzzy Hash: 07B1EE716083229BC720DF29C890A6EB7E5BF99720F40495DF5E6C7292D774D884CAA2
                                                                Function 0103AFF9 Relevance: 24.4, APIs: 16, Instructions: 418processCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • _wcslen.LIBCMT ref: 0103B198
                                                                • GetSystemDirectoryW.KERNEL32(00000000,00000000), ref: 0103B1B0
                                                                • GetSystemDirectoryW.KERNEL32(00000000,00000000), ref: 0103B1D4
                                                                • _wcslen.LIBCMT ref: 0103B200
                                                                • GetCurrentDirectoryW.KERNEL32(00000000,00000000), ref: 0103B214
                                                                • GetCurrentDirectoryW.KERNEL32(00000000,00000000), ref: 0103B236
                                                                • _wcslen.LIBCMT ref: 0103B332
                                                                  • Part of subcall function 010205A7: GetStdHandle.KERNEL32(000000F6), ref: 010205C6
                                                                • _wcslen.LIBCMT ref: 0103B34B
                                                                • _wcslen.LIBCMT ref: 0103B366
                                                                • CreateProcessW.KERNEL32(00000000,?,00000000,00000000,?,?,00000000,?,?,?), ref: 0103B3B6
                                                                • GetLastError.KERNEL32(00000000), ref: 0103B407
                                                                • CloseHandle.KERNEL32(?), ref: 0103B439
                                                                • CloseHandle.KERNEL32(00000000), ref: 0103B44A
                                                                • CloseHandle.KERNEL32(00000000), ref: 0103B45C
                                                                • CloseHandle.KERNEL32(00000000), ref: 0103B46E
                                                                • CloseHandle.KERNEL32(?), ref: 0103B4E3
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1653254072.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                • Associated: 00000000.00000002.1653140766.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653761657.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653855110.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                Similarity
                                                                • API ID: Handle$Close_wcslen$Directory$CurrentSystem$CreateErrorLastProcess
                                                                • String ID:
                                                                • API String ID: 2178637699-0
                                                                • Opcode ID: d8f3a17356646138bfa1b9e3a76a6bfec3f6094cb4881447f87be4195148f8aa
                                                                • Instruction ID: e993674fb87aca36835344704f9b58eb36de894d020dfa1cad1d997067fe3e49
                                                                • Opcode Fuzzy Hash: d8f3a17356646138bfa1b9e3a76a6bfec3f6094cb4881447f87be4195148f8aa
                                                                • Instruction Fuzzy Hash: 04F1AE716083009FD724EF29C891B6EBBE9AFC5314F18855DF9958B2A6CB35E804CB52
                                                                Function 01033FE9 Relevance: 23.2, APIs: 11, Strings: 2, Instructions: 478libraryloaderCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • LoadLibraryA.KERNEL32(kernel32.dll,?,0104CC08), ref: 010340BB
                                                                • GetProcAddress.KERNEL32(00000000,GetModuleHandleExW), ref: 010340CD
                                                                • GetModuleFileNameW.KERNEL32(?,?,00000104,?,?,?,0104CC08), ref: 010340F2
                                                                • FreeLibrary.KERNEL32(00000000,?,0104CC08), ref: 0103413E
                                                                • StringFromGUID2.OLE32(?,?,00000028,?,0104CC08), ref: 010341A8
                                                                • SysFreeString.OLEAUT32(00000009), ref: 01034262
                                                                • QueryPathOfRegTypeLib.OLEAUT32(?,?,?,?,?), ref: 010342C8
                                                                • SysFreeString.OLEAUT32(?), ref: 010342F2
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1653254072.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                • Associated: 00000000.00000002.1653140766.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653761657.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653855110.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                Similarity
                                                                • API ID: FreeString$Library$AddressFileFromLoadModuleNamePathProcQueryType
                                                                • String ID: GetModuleHandleExW$kernel32.dll
                                                                • API String ID: 354098117-199464113
                                                                • Opcode ID: 6154e8b32c74ee0a0b582d07a7acc29316e581ab24443680b6e0c045cf4b47ee
                                                                • Instruction ID: 688844532894215188668280788a6d498e812a36324b93722d47ca3f0d5672f6
                                                                • Opcode Fuzzy Hash: 6154e8b32c74ee0a0b582d07a7acc29316e581ab24443680b6e0c045cf4b47ee
                                                                • Instruction Fuzzy Hash: DF122775A00105AFDB55CF98C984EAEBBB9FF85314F148098E945EF252CB31ED46CBA0
                                                                Function 00FB326F Relevance: 23.0, APIs: 12, Strings: 1, Instructions: 214windowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetMenuItemCount.USER32(01081990), ref: 00FF2F8D
                                                                • GetMenuItemCount.USER32(01081990), ref: 00FF303D
                                                                • GetCursorPos.USER32(?), ref: 00FF3081
                                                                • SetForegroundWindow.USER32(00000000), ref: 00FF308A
                                                                • TrackPopupMenuEx.USER32(01081990,00000000,?,00000000,00000000,00000000), ref: 00FF309D
                                                                • PostMessageW.USER32(00000000,00000000,00000000,00000000), ref: 00FF30A9
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1653254072.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                • Associated: 00000000.00000002.1653140766.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653761657.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653855110.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                Similarity
                                                                • API ID: Menu$CountItem$CursorForegroundMessagePopupPostTrackWindow
                                                                • String ID: 0
                                                                • API String ID: 36266755-4108050209
                                                                • Opcode ID: 8516ece18c2f20152dbba997ab758930598530243330083c72e5cc16900b365a
                                                                • Instruction ID: c30af7410b77cd70149d509aabcfb45e43655643bc4695a8f54e0692742fde6a
                                                                • Opcode Fuzzy Hash: 8516ece18c2f20152dbba997ab758930598530243330083c72e5cc16900b365a
                                                                • Instruction Fuzzy Hash: D271F771A40209BFFB218F65CD89FAABF64FF04324F204216F6156A1E0C7B5A950EB91
                                                                Function 01046CD9 Relevance: 22.9, APIs: 11, Strings: 2, Instructions: 194windowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • DestroyWindow.USER32(00000000,?), ref: 01046DEB
                                                                  • Part of subcall function 00FB6B57: _wcslen.LIBCMT ref: 00FB6B6A
                                                                • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,?,80000000,80000000,80000000,80000000,?,00000000,00000000,?), ref: 01046E5F
                                                                • SendMessageW.USER32(00000000,00000433,00000000,00000030), ref: 01046E81
                                                                • SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 01046E94
                                                                • DestroyWindow.USER32(?), ref: 01046EB5
                                                                • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,?,80000000,80000000,80000000,80000000,?,00000000,00FB0000,00000000), ref: 01046EE4
                                                                • SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 01046EFD
                                                                • GetDesktopWindow.USER32 ref: 01046F16
                                                                • GetWindowRect.USER32(00000000), ref: 01046F1D
                                                                • SendMessageW.USER32(00000000,00000418,00000000,?), ref: 01046F35
                                                                • SendMessageW.USER32(00000000,00000421,?,00000000), ref: 01046F4D
                                                                  • Part of subcall function 00FC9944: GetWindowLongW.USER32(?,000000EB), ref: 00FC9952
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1653254072.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                • Associated: 00000000.00000002.1653140766.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653761657.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653855110.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                Similarity
                                                                • API ID: Window$MessageSend$CreateDestroy$DesktopLongRect_wcslen
                                                                • String ID: 0$tooltips_class32
                                                                • API String ID: 2429346358-3619404913
                                                                • Opcode ID: bbb0b50e1f632782455bcc8e91b9e1bb59b94634b6d4f0c489de79130f295bae
                                                                • Instruction ID: dd479b368f5b0bdd0567b66aa81fc06395649c9fb3aa8a92a5268f62b5e15d70
                                                                • Opcode Fuzzy Hash: bbb0b50e1f632782455bcc8e91b9e1bb59b94634b6d4f0c489de79130f295bae
                                                                • Instruction Fuzzy Hash: 1D717BB4104340AFEB21CF1DC984EAABBF9FB8A300F44446DF9D987261D776A906CB11
                                                                Function 0104911E Relevance: 22.9, APIs: 10, Strings: 3, Instructions: 181windowfileCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 00FC9BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00FC9BB2
                                                                • DragQueryPoint.SHELL32(?,?), ref: 01049147
                                                                  • Part of subcall function 01047674: ClientToScreen.USER32(?,?), ref: 0104769A
                                                                  • Part of subcall function 01047674: GetWindowRect.USER32(?,?), ref: 01047710
                                                                  • Part of subcall function 01047674: PtInRect.USER32(?,?,01048B89), ref: 01047720
                                                                • SendMessageW.USER32(?,000000B0,?,?), ref: 010491B0
                                                                • DragQueryFileW.SHELL32(?,000000FF,00000000,00000000), ref: 010491BB
                                                                • DragQueryFileW.SHELL32(?,00000000,?,00000104), ref: 010491DE
                                                                • SendMessageW.USER32(?,000000C2,00000001,?), ref: 01049225
                                                                • SendMessageW.USER32(?,000000B0,?,?), ref: 0104923E
                                                                • SendMessageW.USER32(?,000000B1,?,?), ref: 01049255
                                                                • SendMessageW.USER32(?,000000B1,?,?), ref: 01049277
                                                                • DragFinish.SHELL32(?), ref: 0104927E
                                                                • DefDlgProcW.USER32(?,00000233,?,00000000,?,?,?), ref: 01049371
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1653254072.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                • Associated: 00000000.00000002.1653140766.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653761657.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653855110.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                Similarity
                                                                • API ID: MessageSend$Drag$Query$FileRectWindow$ClientFinishLongPointProcScreen
                                                                • String ID: @GUI_DRAGFILE$@GUI_DRAGID$@GUI_DROPID
                                                                • API String ID: 221274066-3440237614
                                                                • Opcode ID: 9fe190b1c894ba9b10b3f14c2da12487cabc6b3d570532734a6b666965f55ab6
                                                                • Instruction ID: ae2253eb6521e038e8b83200ec85c573cbeb3966af9fc62f12942e7770802f71
                                                                • Opcode Fuzzy Hash: 9fe190b1c894ba9b10b3f14c2da12487cabc6b3d570532734a6b666965f55ab6
                                                                • Instruction Fuzzy Hash: 84618AB1108301AFD311EF61DD85DAFBBE8EF88350F00092DF591931A0DB759A49CB52
                                                                Function 0102C476 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 143networkCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • InternetConnectW.WININET(?,?,?,?,?,?,00000000,00000000), ref: 0102C4B0
                                                                • GetLastError.KERNEL32(?,00000003,?,?,?,?,?,?), ref: 0102C4C3
                                                                • SetEvent.KERNEL32(?,?,00000003,?,?,?,?,?,?), ref: 0102C4D7
                                                                • HttpOpenRequestW.WININET(00000000,00000000,?,00000000,00000000,00000000,?,00000000), ref: 0102C4F0
                                                                • InternetQueryOptionW.WININET(00000000,0000001F,?,?), ref: 0102C533
                                                                • InternetSetOptionW.WININET(00000000,0000001F,00000100,00000004), ref: 0102C549
                                                                • HttpSendRequestW.WININET(00000000,00000000,00000000,00000000,00000000), ref: 0102C554
                                                                • HttpQueryInfoW.WININET(00000000,00000005,?,?,?), ref: 0102C584
                                                                • GetLastError.KERNEL32(?,00000003,?,?,?,?,?,?), ref: 0102C5DC
                                                                • SetEvent.KERNEL32(?,?,00000003,?,?,?,?,?,?), ref: 0102C5F0
                                                                • InternetCloseHandle.WININET(00000000), ref: 0102C5FB
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1653254072.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                • Associated: 00000000.00000002.1653140766.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653761657.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653855110.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                Similarity
                                                                • API ID: Internet$Http$ErrorEventLastOptionQueryRequest$CloseConnectHandleInfoOpenSend
                                                                • String ID:
                                                                • API String ID: 3800310941-3916222277
                                                                • Opcode ID: 012cd350f03d708f68900f2c6f273ff4812f5df9624e5cf7d7806dc948b381dc
                                                                • Instruction ID: 5885097def1df09894162358b9658b889fe87ac5b5a28770c298a016f4f7d28d
                                                                • Opcode Fuzzy Hash: 012cd350f03d708f68900f2c6f273ff4812f5df9624e5cf7d7806dc948b381dc
                                                                • Instruction Fuzzy Hash: 05515BB4501629BFFB218F64CB88AAF7BFCFF08744F004419F98696200DB39D9449B60
                                                                Function 0104856F Relevance: 22.6, APIs: 15, Instructions: 131filecommemoryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • CreateFileW.KERNEL32(?,80000000,00000000,00000000,00000003,00000000,00000000,?,00000000,?), ref: 01048592
                                                                • GetFileSize.KERNEL32(00000000,00000000), ref: 010485A2
                                                                • GlobalAlloc.KERNEL32(00000002,00000000), ref: 010485AD
                                                                • CloseHandle.KERNEL32(00000000), ref: 010485BA
                                                                • GlobalLock.KERNEL32(00000000), ref: 010485C8
                                                                • ReadFile.KERNEL32(00000000,00000000,00000000,?,00000000), ref: 010485D7
                                                                • GlobalUnlock.KERNEL32(00000000), ref: 010485E0
                                                                • CloseHandle.KERNEL32(00000000), ref: 010485E7
                                                                • CreateStreamOnHGlobal.OLE32(00000000,00000001,?), ref: 010485F8
                                                                • OleLoadPicture.OLEAUT32(?,00000000,00000000,0104FC38,?), ref: 01048611
                                                                • GlobalFree.KERNEL32(00000000), ref: 01048621
                                                                • GetObjectW.GDI32(?,00000018,000000FF), ref: 01048641
                                                                • CopyImage.USER32(?,00000000,00000000,?,00002000), ref: 01048671
                                                                • DeleteObject.GDI32(00000000), ref: 01048699
                                                                • SendMessageW.USER32(?,00000172,00000000,00000000), ref: 010486AF
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1653254072.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                • Associated: 00000000.00000002.1653140766.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653761657.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653855110.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                Similarity
                                                                • API ID: Global$File$CloseCreateHandleObject$AllocCopyDeleteFreeImageLoadLockMessagePictureReadSendSizeStreamUnlock
                                                                • String ID:
                                                                • API String ID: 3840717409-0
                                                                • Opcode ID: 17ccb7cb7495f71ef0177053ca538e0abb4b2e8c270cf10943bbcfc42efb0864
                                                                • Instruction ID: 665535d358d681a449629988a202187071508a0efedd70e84b77574a22e76ba5
                                                                • Opcode Fuzzy Hash: 17ccb7cb7495f71ef0177053ca538e0abb4b2e8c270cf10943bbcfc42efb0864
                                                                • Instruction Fuzzy Hash: D14151B5601204BFE721DFA9CE88EAE7BB8FF89711F008469F949E7250D7759901CB60
                                                                Function 010214BD Relevance: 21.4, APIs: 10, Strings: 2, Instructions: 360timeCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • VariantInit.OLEAUT32(00000000), ref: 01021502
                                                                • VariantCopy.OLEAUT32(?,?), ref: 0102150B
                                                                • VariantClear.OLEAUT32(?), ref: 01021517
                                                                • VariantTimeToSystemTime.OLEAUT32(?,?,?), ref: 010215FB
                                                                • VarR8FromDec.OLEAUT32(?,?), ref: 01021657
                                                                • VariantInit.OLEAUT32(?), ref: 01021708
                                                                • SysFreeString.OLEAUT32(?), ref: 0102178C
                                                                • VariantClear.OLEAUT32(?), ref: 010217D8
                                                                • VariantClear.OLEAUT32(?), ref: 010217E7
                                                                • VariantInit.OLEAUT32(00000000), ref: 01021823
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1653254072.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                • Associated: 00000000.00000002.1653140766.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653761657.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653855110.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                Similarity
                                                                • API ID: Variant$ClearInit$Time$CopyFreeFromStringSystem
                                                                • String ID: %4d%02d%02d%02d%02d%02d$Default
                                                                • API String ID: 1234038744-3931177956
                                                                • Opcode ID: bd490175fd534e8cbefa075c090bdbc5122ee2d15010375410fa42e1506ed9d9
                                                                • Instruction ID: f0b9a11fc2477efdb80679a070d03574731df128d0075117eb83fa9d5a23c5fa
                                                                • Opcode Fuzzy Hash: bd490175fd534e8cbefa075c090bdbc5122ee2d15010375410fa42e1506ed9d9
                                                                • Instruction Fuzzy Hash: CDD11571A00235DBEB149F65D985BBDBBF5BF04700F0880DAF596AB180DB38E845DBA1
                                                                Function 0103B60E Relevance: 21.3, APIs: 10, Strings: 2, Instructions: 285registrylibraryloaderCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 00FB9CB3: _wcslen.LIBCMT ref: 00FB9CBD
                                                                  • Part of subcall function 0103C998: CharUpperBuffW.USER32(?,?,?,?,?,?,?,0103B6AE,?,?), ref: 0103C9B5
                                                                  • Part of subcall function 0103C998: _wcslen.LIBCMT ref: 0103C9F1
                                                                  • Part of subcall function 0103C998: _wcslen.LIBCMT ref: 0103CA68
                                                                  • Part of subcall function 0103C998: _wcslen.LIBCMT ref: 0103CA9E
                                                                • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 0103B6F4
                                                                • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 0103B772
                                                                • RegDeleteValueW.ADVAPI32(?,?), ref: 0103B80A
                                                                • RegCloseKey.ADVAPI32(?), ref: 0103B87E
                                                                • RegCloseKey.ADVAPI32(?), ref: 0103B89C
                                                                • LoadLibraryA.KERNEL32(advapi32.dll), ref: 0103B8F2
                                                                • GetProcAddress.KERNEL32(00000000,RegDeleteKeyExW), ref: 0103B904
                                                                • RegDeleteKeyW.ADVAPI32(?,?), ref: 0103B922
                                                                • FreeLibrary.KERNEL32(00000000), ref: 0103B983
                                                                • RegCloseKey.ADVAPI32(00000000), ref: 0103B994
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1653254072.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                • Associated: 00000000.00000002.1653140766.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653761657.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653855110.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                Similarity
                                                                • API ID: _wcslen$Close$DeleteLibrary$AddressBuffCharConnectFreeLoadOpenProcRegistryUpperValue
                                                                • String ID: RegDeleteKeyExW$advapi32.dll
                                                                • API String ID: 146587525-4033151799
                                                                • Opcode ID: 9b5ba80e29ed811f4ede6cbc569f1d33f3662a5fe76a287463eb9b6e6ca76bc0
                                                                • Instruction ID: 3cf8cec51e34568a2c64647fd6a5d5f7743616e03835d620d5edd8d08c64fb38
                                                                • Opcode Fuzzy Hash: 9b5ba80e29ed811f4ede6cbc569f1d33f3662a5fe76a287463eb9b6e6ca76bc0
                                                                • Instruction Fuzzy Hash: 91C1AF34204201AFE720DF19C895F6ABBE5FF85308F18849DF59A8B292CB75E845CF91
                                                                Function 0103255C Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 169windowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetDC.USER32(00000000), ref: 010325D8
                                                                • CreateCompatibleBitmap.GDI32(00000000,?,?), ref: 010325E8
                                                                • CreateCompatibleDC.GDI32(?), ref: 010325F4
                                                                • SelectObject.GDI32(00000000,?), ref: 01032601
                                                                • StretchBlt.GDI32(?,00000000,00000000,?,?,?,00000006,?,?,?,00CC0020), ref: 0103266D
                                                                • GetDIBits.GDI32(?,?,00000000,00000000,00000000,00000028,00000000), ref: 010326AC
                                                                • GetDIBits.GDI32(?,?,00000000,?,00000000,00000028,00000000), ref: 010326D0
                                                                • SelectObject.GDI32(?,?), ref: 010326D8
                                                                • DeleteObject.GDI32(?), ref: 010326E1
                                                                • DeleteDC.GDI32(?), ref: 010326E8
                                                                • ReleaseDC.USER32(00000000,?), ref: 010326F3
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1653254072.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                • Associated: 00000000.00000002.1653140766.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653761657.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653855110.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                Similarity
                                                                • API ID: Object$BitsCompatibleCreateDeleteSelect$BitmapReleaseStretch
                                                                • String ID: (
                                                                • API String ID: 2598888154-3887548279
                                                                • Opcode ID: adb63ddcaf97927a0d65558594f4383267c0cbc87018eb6d58c168e4ec3b59c0
                                                                • Instruction ID: 81b8627f643561efed6c499d07a028b66fe24966f8cf57d4fccf47814520ae51
                                                                • Opcode Fuzzy Hash: adb63ddcaf97927a0d65558594f4383267c0cbc87018eb6d58c168e4ec3b59c0
                                                                • Instruction Fuzzy Hash: 9C6113B5D00219EFDF15CFA4C984AAEBBB9FF48310F208529E995A7250D775A940CF50
                                                                Function 00FEDA5D Relevance: 19.6, APIs: 13, Instructions: 114COMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                • ___free_lconv_mon.LIBCMT ref: 00FEDAA1
                                                                  • Part of subcall function 00FED63C: _free.LIBCMT ref: 00FED659
                                                                  • Part of subcall function 00FED63C: _free.LIBCMT ref: 00FED66B
                                                                  • Part of subcall function 00FED63C: _free.LIBCMT ref: 00FED67D
                                                                  • Part of subcall function 00FED63C: _free.LIBCMT ref: 00FED68F
                                                                  • Part of subcall function 00FED63C: _free.LIBCMT ref: 00FED6A1
                                                                  • Part of subcall function 00FED63C: _free.LIBCMT ref: 00FED6B3
                                                                  • Part of subcall function 00FED63C: _free.LIBCMT ref: 00FED6C5
                                                                  • Part of subcall function 00FED63C: _free.LIBCMT ref: 00FED6D7
                                                                  • Part of subcall function 00FED63C: _free.LIBCMT ref: 00FED6E9
                                                                  • Part of subcall function 00FED63C: _free.LIBCMT ref: 00FED6FB
                                                                  • Part of subcall function 00FED63C: _free.LIBCMT ref: 00FED70D
                                                                  • Part of subcall function 00FED63C: _free.LIBCMT ref: 00FED71F
                                                                  • Part of subcall function 00FED63C: _free.LIBCMT ref: 00FED731
                                                                • _free.LIBCMT ref: 00FEDA96
                                                                  • Part of subcall function 00FE29C8: RtlFreeHeap.NTDLL(00000000,00000000,?,00FED7D1,00000000,00000000,00000000,00000000,?,00FED7F8,00000000,00000007,00000000,?,00FEDBF5,00000000), ref: 00FE29DE
                                                                  • Part of subcall function 00FE29C8: GetLastError.KERNEL32(00000000,?,00FED7D1,00000000,00000000,00000000,00000000,?,00FED7F8,00000000,00000007,00000000,?,00FEDBF5,00000000,00000000), ref: 00FE29F0
                                                                • _free.LIBCMT ref: 00FEDAB8
                                                                • _free.LIBCMT ref: 00FEDACD
                                                                • _free.LIBCMT ref: 00FEDAD8
                                                                • _free.LIBCMT ref: 00FEDAFA
                                                                • _free.LIBCMT ref: 00FEDB0D
                                                                • _free.LIBCMT ref: 00FEDB1B
                                                                • _free.LIBCMT ref: 00FEDB26
                                                                • _free.LIBCMT ref: 00FEDB5E
                                                                • _free.LIBCMT ref: 00FEDB65
                                                                • _free.LIBCMT ref: 00FEDB82
                                                                • _free.LIBCMT ref: 00FEDB9A
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1653254072.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                • Associated: 00000000.00000002.1653140766.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653761657.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653855110.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                Similarity
                                                                • API ID: _free$ErrorFreeHeapLast___free_lconv_mon
                                                                • String ID:
                                                                • API String ID: 161543041-0
                                                                • Opcode ID: b4973bf0b097167acb3c3e063f432836509675b663a4bbe9793e3f268e849a77
                                                                • Instruction ID: 90c73366e794c1a2fd6da5dc857c3eed12fdfed3c76830ca41cc49df1f2d23b2
                                                                • Opcode Fuzzy Hash: b4973bf0b097167acb3c3e063f432836509675b663a4bbe9793e3f268e849a77
                                                                • Instruction Fuzzy Hash: 06319F31A043899FEB61AA3AEC42B5A77E8FF40320F114429E058D7592EF39ED40F721
                                                                Function 0101365B Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 267windowtimeCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetClassNameW.USER32(?,?,00000100), ref: 0101369C
                                                                • _wcslen.LIBCMT ref: 010136A7
                                                                • SendMessageTimeoutW.USER32(?,?,00000101,00000000,00000002,00001388,?), ref: 01013797
                                                                • GetClassNameW.USER32(?,?,00000400), ref: 0101380C
                                                                • GetDlgCtrlID.USER32(?), ref: 0101385D
                                                                • GetWindowRect.USER32(?,?), ref: 01013882
                                                                • GetParent.USER32(?), ref: 010138A0
                                                                • ScreenToClient.USER32(00000000), ref: 010138A7
                                                                • GetClassNameW.USER32(?,?,00000100), ref: 01013921
                                                                • GetWindowTextW.USER32(?,?,00000400), ref: 0101395D
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1653254072.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                • Associated: 00000000.00000002.1653140766.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653761657.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653855110.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                Similarity
                                                                • API ID: ClassName$Window$ClientCtrlMessageParentRectScreenSendTextTimeout_wcslen
                                                                • String ID: %s%u
                                                                • API String ID: 4010501982-679674701
                                                                • Opcode ID: faf3805b0603e55a9c9966c5b5f62f1c74efd95fa61ea7af93c5997e694a2903
                                                                • Instruction ID: 4c8188c995d83e03ec1b814bab1f14f32a656333890f7330b7e42a2e7afbfa59
                                                                • Opcode Fuzzy Hash: faf3805b0603e55a9c9966c5b5f62f1c74efd95fa61ea7af93c5997e694a2903
                                                                • Instruction Fuzzy Hash: 6491B171204206AFE719DF28C884BEAF7E9FF44360F008529FAD9D6184DB38A545CB91
                                                                Function 01014954 Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 253COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetClassNameW.USER32(?,?,00000400), ref: 01014994
                                                                • GetWindowTextW.USER32(?,?,00000400), ref: 010149DA
                                                                • _wcslen.LIBCMT ref: 010149EB
                                                                • CharUpperBuffW.USER32(?,00000000), ref: 010149F7
                                                                • _wcsstr.LIBVCRUNTIME ref: 01014A2C
                                                                • GetClassNameW.USER32(00000018,?,00000400), ref: 01014A64
                                                                • GetWindowTextW.USER32(?,?,00000400), ref: 01014A9D
                                                                • GetClassNameW.USER32(00000018,?,00000400), ref: 01014AE6
                                                                • GetClassNameW.USER32(?,?,00000400), ref: 01014B20
                                                                • GetWindowRect.USER32(?,?), ref: 01014B8B
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1653254072.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                • Associated: 00000000.00000002.1653140766.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653761657.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653855110.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                Similarity
                                                                • API ID: ClassName$Window$Text$BuffCharRectUpper_wcslen_wcsstr
                                                                • String ID: ThumbnailClass
                                                                • API String ID: 1311036022-1241985126
                                                                • Opcode ID: 3c97d3ac86eb7ebafa67fdaeae8a14f2bf23977036f5301e7bfa37471a29b74e
                                                                • Instruction ID: d08d1b6c3b7c9335ac261174cd3f325abfd0e266c89c57fac04e51c0bc067ac8
                                                                • Opcode Fuzzy Hash: 3c97d3ac86eb7ebafa67fdaeae8a14f2bf23977036f5301e7bfa37471a29b74e
                                                                • Instruction Fuzzy Hash: 2391B2710042059FEB15DF18C984BAA7BE9FF44314F0484A9FEC5DA1AADB38E945CBA1
                                                                Function 0101BF30 Relevance: 19.4, APIs: 10, Strings: 1, Instructions: 190windowsleepCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetMenuItemInfoW.USER32(01081990,000000FF,00000000,00000030), ref: 0101BFAC
                                                                • SetMenuItemInfoW.USER32(01081990,00000004,00000000,00000030), ref: 0101BFE1
                                                                • Sleep.KERNEL32(000001F4), ref: 0101BFF3
                                                                • GetMenuItemCount.USER32(?), ref: 0101C039
                                                                • GetMenuItemID.USER32(?,00000000), ref: 0101C056
                                                                • GetMenuItemID.USER32(?,-00000001), ref: 0101C082
                                                                • GetMenuItemID.USER32(?,?), ref: 0101C0C9
                                                                • CheckMenuRadioItem.USER32(?,00000000,?,00000000,00000400), ref: 0101C10F
                                                                • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 0101C124
                                                                • SetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 0101C145
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1653254072.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                • Associated: 00000000.00000002.1653140766.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653761657.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653855110.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                Similarity
                                                                • API ID: ItemMenu$Info$CheckCountRadioSleep
                                                                • String ID: 0
                                                                • API String ID: 1460738036-4108050209
                                                                • Opcode ID: 34e06f60d5d6d2152a2dfb5e7fb121c98e38049168c31cdfbb41012d1c4ea817
                                                                • Instruction ID: 405788cbb811c02dd9661faf74d3ca315d6810072feaba64ff389feb48f79115
                                                                • Opcode Fuzzy Hash: 34e06f60d5d6d2152a2dfb5e7fb121c98e38049168c31cdfbb41012d1c4ea817
                                                                • Instruction Fuzzy Hash: 066184B0940246AFFF21CF68CA88AEE7FB4FB46344F044155F991A3245C739E945CB60
                                                                Function 0103CC34 Relevance: 19.4, APIs: 9, Strings: 2, Instructions: 104registryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • RegEnumKeyExW.ADVAPI32(?,00000000,?,000000FF,00000000,00000000,00000000,?,?,?,00000000), ref: 0103CC64
                                                                • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?,?,?,00000000), ref: 0103CC8D
                                                                • FreeLibrary.KERNEL32(00000000,?,?,00000000), ref: 0103CD48
                                                                  • Part of subcall function 0103CC34: RegCloseKey.ADVAPI32(?,?,?,00000000), ref: 0103CCAA
                                                                  • Part of subcall function 0103CC34: LoadLibraryA.KERNEL32(advapi32.dll,?,?,00000000), ref: 0103CCBD
                                                                  • Part of subcall function 0103CC34: GetProcAddress.KERNEL32(00000000,RegDeleteKeyExW), ref: 0103CCCF
                                                                  • Part of subcall function 0103CC34: FreeLibrary.KERNEL32(00000000,?,?,00000000), ref: 0103CD05
                                                                  • Part of subcall function 0103CC34: RegEnumKeyExW.ADVAPI32(?,00000000,?,000000FF,00000000,00000000,00000000,?,?,?,00000000), ref: 0103CD28
                                                                • RegDeleteKeyW.ADVAPI32(?,?), ref: 0103CCF3
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1653254072.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                • Associated: 00000000.00000002.1653140766.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653761657.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653855110.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                Similarity
                                                                • API ID: Library$EnumFree$AddressCloseDeleteLoadOpenProc
                                                                • String ID: RegDeleteKeyExW$advapi32.dll
                                                                • API String ID: 2734957052-4033151799
                                                                • Opcode ID: 38fc5f615258d1eb852bbb363066371d299e778db7fd842e29edaf6154670a60
                                                                • Instruction ID: 060f28e66b44d27fc37b070ac37edd57ed40b400f54076f62488ccfc42254b21
                                                                • Opcode Fuzzy Hash: 38fc5f615258d1eb852bbb363066371d299e778db7fd842e29edaf6154670a60
                                                                • Instruction Fuzzy Hash: 813182B5902129BBF7319A55DE88EFFBFBCEF46640F000166F981E2104DA349A45DBA0
                                                                Function 01023D1E Relevance: 19.4, APIs: 8, Strings: 3, Instructions: 101fileCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetFullPathNameW.KERNEL32(?,00007FFF,?,?), ref: 01023D40
                                                                • _wcslen.LIBCMT ref: 01023D6D
                                                                • CreateDirectoryW.KERNEL32(?,00000000), ref: 01023D9D
                                                                • CreateFileW.KERNEL32(?,40000000,00000000,00000000,00000003,02200000,00000000), ref: 01023DBE
                                                                • RemoveDirectoryW.KERNEL32(?), ref: 01023DCE
                                                                • DeviceIoControl.KERNEL32(00000000,000900A4,?,?,00000000,00000000,?,00000000), ref: 01023E55
                                                                • CloseHandle.KERNEL32(00000000), ref: 01023E60
                                                                • CloseHandle.KERNEL32(00000000), ref: 01023E6B
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1653254072.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                • Associated: 00000000.00000002.1653140766.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653761657.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653855110.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                Similarity
                                                                • API ID: CloseCreateDirectoryHandle$ControlDeviceFileFullNamePathRemove_wcslen
                                                                • String ID: :$\$\??\%s
                                                                • API String ID: 1149970189-3457252023
                                                                • Opcode ID: 5675cdd8f49108b7ea4f6927b9acfbea62852f8dfc2f095afd5d94758c7ef34a
                                                                • Instruction ID: d39aca26f33015cf4123b197490a038a9052862d53daf4a3d6abcad91b84c09a
                                                                • Opcode Fuzzy Hash: 5675cdd8f49108b7ea4f6927b9acfbea62852f8dfc2f095afd5d94758c7ef34a
                                                                • Instruction Fuzzy Hash: BA31D6B6A00119ABEB219BA4DD85FEF37BDFF88700F1040B5F649D6154E77892448B24
                                                                Function 0101E6B0 Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 72sleepwindowtimeCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • timeGetTime.WINMM ref: 0101E6B4
                                                                  • Part of subcall function 00FCE551: timeGetTime.WINMM(?,?,0101E6D4), ref: 00FCE555
                                                                • Sleep.KERNEL32(0000000A), ref: 0101E6E1
                                                                • EnumThreadWindows.USER32(?,Function_0006E665,00000000), ref: 0101E705
                                                                • FindWindowExW.USER32(00000000,00000000,BUTTON,00000000), ref: 0101E727
                                                                • SetActiveWindow.USER32 ref: 0101E746
                                                                • SendMessageW.USER32(00000000,000000F5,00000000,00000000), ref: 0101E754
                                                                • SendMessageW.USER32(00000010,00000000,00000000), ref: 0101E773
                                                                • Sleep.KERNEL32(000000FA), ref: 0101E77E
                                                                • IsWindow.USER32 ref: 0101E78A
                                                                • EndDialog.USER32(00000000), ref: 0101E79B
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1653254072.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                • Associated: 00000000.00000002.1653140766.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653761657.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653855110.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                Similarity
                                                                • API ID: Window$MessageSendSleepTimetime$ActiveDialogEnumFindThreadWindows
                                                                • String ID: BUTTON
                                                                • API String ID: 1194449130-3405671355
                                                                • Opcode ID: 20ac09bf909059a9f895da78a0a079f1c91c4e51a717cf3cae03fd56d4402c6d
                                                                • Instruction ID: c09d88374141d1a6abcff21b339036f933603da3feded4289777ce888040d35b
                                                                • Opcode Fuzzy Hash: 20ac09bf909059a9f895da78a0a079f1c91c4e51a717cf3cae03fd56d4402c6d
                                                                • Instruction Fuzzy Hash: 382162B5205205AFFB225F64EEC9A2D3BA9FB49788B444424F9C18215DDB7FAC20CB54
                                                                Function 0101E9FC Relevance: 19.3, APIs: 5, Strings: 6, Instructions: 71COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 00FB9CB3: _wcslen.LIBCMT ref: 00FB9CBD
                                                                • mciSendStringW.WINMM(status PlayMe mode,?,00000100,00000000), ref: 0101EA5D
                                                                • mciSendStringW.WINMM(close PlayMe,00000000,00000000,00000000), ref: 0101EA73
                                                                • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 0101EA84
                                                                • mciSendStringW.WINMM(play PlayMe wait,00000000,00000000,00000000), ref: 0101EA96
                                                                • mciSendStringW.WINMM(play PlayMe,00000000,00000000,00000000), ref: 0101EAA7
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1653254072.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                • Associated: 00000000.00000002.1653140766.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653761657.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653855110.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                Similarity
                                                                • API ID: SendString$_wcslen
                                                                • String ID: alias PlayMe$close PlayMe$open $play PlayMe$play PlayMe wait$status PlayMe mode
                                                                • API String ID: 2420728520-1007645807
                                                                • Opcode ID: 3be55fac658cdf458ce7c172ebe534a306bcb6d99b62185193fa905eab7bfe2a
                                                                • Instruction ID: 6767a29330fd9ead0b54abb2502d828e945b6a6b000e608ea55fb31d5086e04c
                                                                • Opcode Fuzzy Hash: 3be55fac658cdf458ce7c172ebe534a306bcb6d99b62185193fa905eab7bfe2a
                                                                • Instruction Fuzzy Hash: 5111E331A8026979E720A3A7DC4ADFF7EBCEBC1F00F440429B842A6081EEA51905C9B0
                                                                Function 01019F91 Relevance: 18.2, APIs: 12, Instructions: 188keyboardCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetKeyboardState.USER32(?), ref: 0101A012
                                                                • SetKeyboardState.USER32(?), ref: 0101A07D
                                                                • GetAsyncKeyState.USER32(000000A0), ref: 0101A09D
                                                                • GetKeyState.USER32(000000A0), ref: 0101A0B4
                                                                • GetAsyncKeyState.USER32(000000A1), ref: 0101A0E3
                                                                • GetKeyState.USER32(000000A1), ref: 0101A0F4
                                                                • GetAsyncKeyState.USER32(00000011), ref: 0101A120
                                                                • GetKeyState.USER32(00000011), ref: 0101A12E
                                                                • GetAsyncKeyState.USER32(00000012), ref: 0101A157
                                                                • GetKeyState.USER32(00000012), ref: 0101A165
                                                                • GetAsyncKeyState.USER32(0000005B), ref: 0101A18E
                                                                • GetKeyState.USER32(0000005B), ref: 0101A19C
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1653254072.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                • Associated: 00000000.00000002.1653140766.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653761657.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653855110.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                Similarity
                                                                • API ID: State$Async$Keyboard
                                                                • String ID:
                                                                • API String ID: 541375521-0
                                                                • Opcode ID: a140e55a5d4be25cf1d51b789fe3814f43d0721dd8f25d8b3636ddab126c0696
                                                                • Instruction ID: fd3eaa2535e5730d019f2a1f7a73bcafc7878940b75b885ed367bbdf9494a612
                                                                • Opcode Fuzzy Hash: a140e55a5d4be25cf1d51b789fe3814f43d0721dd8f25d8b3636ddab126c0696
                                                                • Instruction Fuzzy Hash: 5451F670A057C86AFB76EBA48510BEABFF49F02284F0885CDD6C2571C6DA5CA64CC761
                                                                Function 01015CC6 Relevance: 18.2, APIs: 12, Instructions: 173COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetDlgItem.USER32(?,00000001), ref: 01015CE2
                                                                • GetWindowRect.USER32(00000000,?), ref: 01015CFB
                                                                • MoveWindow.USER32(?,0000000A,00000004,?,?,00000004,00000000), ref: 01015D59
                                                                • GetDlgItem.USER32(?,00000002), ref: 01015D69
                                                                • GetWindowRect.USER32(00000000,?), ref: 01015D7B
                                                                • MoveWindow.USER32(?,?,00000004,00000000,?,00000004,00000000), ref: 01015DCF
                                                                • GetDlgItem.USER32(?,000003E9), ref: 01015DDD
                                                                • GetWindowRect.USER32(00000000,?), ref: 01015DEF
                                                                • MoveWindow.USER32(?,0000000A,00000000,?,00000004,00000000), ref: 01015E31
                                                                • GetDlgItem.USER32(?,000003EA), ref: 01015E44
                                                                • MoveWindow.USER32(00000000,0000000A,0000000A,?,-00000005,00000000), ref: 01015E5A
                                                                • InvalidateRect.USER32(?,00000000,00000001), ref: 01015E67
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1653254072.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                • Associated: 00000000.00000002.1653140766.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653761657.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653855110.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                Similarity
                                                                • API ID: Window$ItemMoveRect$Invalidate
                                                                • String ID:
                                                                • API String ID: 3096461208-0
                                                                • Opcode ID: 6a8395f211012ff490f901d4a3970e94226c34a6adf3f03c293142b7b1fcec4c
                                                                • Instruction ID: f5fcf6b151477c091a3b9a05449170bd26e9c7c6364389e2f53e6e227d6b3fab
                                                                • Opcode Fuzzy Hash: 6a8395f211012ff490f901d4a3970e94226c34a6adf3f03c293142b7b1fcec4c
                                                                • Instruction Fuzzy Hash: 55511CB4B00205AFDB18DF68CE89AAEBBF5FB89300F508169F955E7294D775AD00CB50
                                                                Function 00FC8BCD Relevance: 18.2, APIs: 12, Instructions: 168timeCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 00FC8F62: InvalidateRect.USER32(?,00000000,00000001,?,?,?,00FC8BE8,?,00000000,?,?,?,?,00FC8BBA,00000000,?), ref: 00FC8FC5
                                                                • DestroyWindow.USER32(?), ref: 00FC8C81
                                                                • KillTimer.USER32(00000000,?,?,?,?,00FC8BBA,00000000,?), ref: 00FC8D1B
                                                                • DestroyAcceleratorTable.USER32(00000000), ref: 01006973
                                                                • ImageList_Destroy.COMCTL32(00000000,?,?,?,?,?,?,00000000,?,?,?,?,00FC8BBA,00000000,?), ref: 010069A1
                                                                • ImageList_Destroy.COMCTL32(?,?,?,?,?,?,?,00000000,?,?,?,?,00FC8BBA,00000000,?), ref: 010069B8
                                                                • ImageList_Destroy.COMCTL32(00000000,?,?,?,?,?,?,?,?,00000000,?,?,?,?,00FC8BBA,00000000), ref: 010069D4
                                                                • DeleteObject.GDI32(00000000), ref: 010069E6
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1653254072.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                • Associated: 00000000.00000002.1653140766.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653761657.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653855110.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                Similarity
                                                                • API ID: Destroy$ImageList_$AcceleratorDeleteInvalidateKillObjectRectTableTimerWindow
                                                                • String ID:
                                                                • API String ID: 641708696-0
                                                                • Opcode ID: 7ab3213d8a16c64b5c8f604fc3c34f538bfe73bd30b8415fcb112ee62cc265fa
                                                                • Instruction ID: f168de3497e9d3d258fc2dbc652c589944f3122488471a0bf1f0654e457e3ca2
                                                                • Opcode Fuzzy Hash: 7ab3213d8a16c64b5c8f604fc3c34f538bfe73bd30b8415fcb112ee62cc265fa
                                                                • Instruction Fuzzy Hash: EC618931506602DFEB36DF18DB4AB6977F2FF41352F14455CE0C286994CB3AA892EB90
                                                                Function 00FC9838 Relevance: 18.1, APIs: 12, Instructions: 137COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 00FC9944: GetWindowLongW.USER32(?,000000EB), ref: 00FC9952
                                                                • GetSysColor.USER32(0000000F), ref: 00FC9862
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1653254072.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                • Associated: 00000000.00000002.1653140766.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653761657.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653855110.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                Similarity
                                                                • API ID: ColorLongWindow
                                                                • String ID:
                                                                • API String ID: 259745315-0
                                                                • Opcode ID: 61a826c2e93bb0fcd80412a77e8d8d275921c2e663f3a8fb017f6696efa52286
                                                                • Instruction ID: 749bdb73eb1802dca3f6f05c13c2812a74dc0d172a0024b028670b36942aa436
                                                                • Opcode Fuzzy Hash: 61a826c2e93bb0fcd80412a77e8d8d275921c2e663f3a8fb017f6696efa52286
                                                                • Instruction Fuzzy Hash: BC413531504640AFEB314F389A89FB93BA5FB07331F544249FAE2871E1C7B69842EB10
                                                                Function 010196E2 Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 137windowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetModuleHandleW.KERNEL32(00000000,?,00000FFF,00000001,00000000,?,?,00FFF7F8,00000001,0000138C,00000001,?,00000001,00000000,?,?), ref: 01019717
                                                                • LoadStringW.USER32(00000000,?,00FFF7F8,00000001), ref: 01019720
                                                                  • Part of subcall function 00FB9CB3: _wcslen.LIBCMT ref: 00FB9CBD
                                                                • GetModuleHandleW.KERNEL32(00000000,00000001,?,00000FFF,?,?,00FFF7F8,00000001,0000138C,00000001,?,00000001,00000000,?,?,00000000), ref: 01019742
                                                                • LoadStringW.USER32(00000000,?,00FFF7F8,00000001), ref: 01019745
                                                                • MessageBoxW.USER32(00000000,00000000,?,00011010), ref: 01019866
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1653254072.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                • Associated: 00000000.00000002.1653140766.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653761657.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653855110.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                Similarity
                                                                • API ID: HandleLoadModuleString$Message_wcslen
                                                                • String ID: Error: $%s (%d) : ==> %s: %s %s$Line %d (File "%s"):$Line %d:$^ ERROR
                                                                • API String ID: 747408836-2268648507
                                                                • Opcode ID: b5f7fa3250b2f6b5fc0c45c4a1fc6867b66fae52ed93aaa8bc267024dd8c8448
                                                                • Instruction ID: d8b8e26d54bbc0402b87c42ddc18c42487c59a4eade9d7fdf12734ab0c4225ed
                                                                • Opcode Fuzzy Hash: b5f7fa3250b2f6b5fc0c45c4a1fc6867b66fae52ed93aaa8bc267024dd8c8448
                                                                • Instruction Fuzzy Hash: 1B418E7280420AABDB04EBE1CE92DEEB779AF14304F540025F60172096EB796F48DF60
                                                                Function 010106DE Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 127registryshareCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 00FB6B57: _wcslen.LIBCMT ref: 00FB6B6A
                                                                • WNetAddConnection2W.MPR(?,?,?,00000000), ref: 010107A2
                                                                • RegConnectRegistryW.ADVAPI32(?,80000002,?), ref: 010107BE
                                                                • RegOpenKeyExW.ADVAPI32(?,?,00000000,00020019,?,?,SOFTWARE\Classes\), ref: 010107DA
                                                                • RegQueryValueExW.ADVAPI32(?,00000000,00000000,00000000,?,?,?,SOFTWARE\Classes\), ref: 01010804
                                                                • CLSIDFromString.OLE32(?,000001FE,?,SOFTWARE\Classes\), ref: 0101082C
                                                                • RegCloseKey.ADVAPI32(?,?,SOFTWARE\Classes\), ref: 01010837
                                                                • RegCloseKey.ADVAPI32(?,?,SOFTWARE\Classes\), ref: 0101083C
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1653254072.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                • Associated: 00000000.00000002.1653140766.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653761657.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653855110.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                Similarity
                                                                • API ID: Close$ConnectConnection2FromOpenQueryRegistryStringValue_wcslen
                                                                • String ID: SOFTWARE\Classes\$\CLSID$\IPC$
                                                                • API String ID: 323675364-22481851
                                                                • Opcode ID: 79d383d82d86e687c17f52f18570dffeb38b0d85371a308565fbf2c56d928e93
                                                                • Instruction ID: 9eafbc7cb1b762f5424b174b7f1a98048391dadef0171a6f0bfefeafdb16ae05
                                                                • Opcode Fuzzy Hash: 79d383d82d86e687c17f52f18570dffeb38b0d85371a308565fbf2c56d928e93
                                                                • Instruction Fuzzy Hash: 20414672C00228ABDF21EBA5DC85CEEB7B8BF04340B444169F981A7155EB399A44DFA0
                                                                Function 01043F98 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 101windowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • MoveWindow.USER32(?,?,?,000000FF,000000FF,00000000,?,?,000000FF,000000FF,?,?,static,00000000,00000000,?), ref: 0104403B
                                                                • CreateCompatibleDC.GDI32(00000000), ref: 01044042
                                                                • SendMessageW.USER32(?,00000173,00000000,00000000), ref: 01044055
                                                                • SelectObject.GDI32(00000000,00000000), ref: 0104405D
                                                                • GetPixel.GDI32(00000000,00000000,00000000), ref: 01044068
                                                                • DeleteDC.GDI32(00000000), ref: 01044072
                                                                • GetWindowLongW.USER32(?,000000EC), ref: 0104407C
                                                                • SetLayeredWindowAttributes.USER32(?,?,00000000,00000001,?,00000000,?), ref: 01044092
                                                                • DestroyWindow.USER32(?,?,?,000000FF,000000FF,?,?,static,00000000,00000000,?,?,00000000,00000000,?), ref: 0104409E
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1653254072.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                • Associated: 00000000.00000002.1653140766.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653761657.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653855110.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                Similarity
                                                                • API ID: Window$AttributesCompatibleCreateDeleteDestroyLayeredLongMessageMoveObjectPixelSelectSend
                                                                • String ID: static
                                                                • API String ID: 2559357485-2160076837
                                                                • Opcode ID: 3d4ec5ea20c497022f8582e2cb85fc42270da2d5a58874625bf1fb66982ce08e
                                                                • Instruction ID: 70bb3ff37b65e95b5448aafa8ef4b07bf34f00d22258551019d97bed79ae718d
                                                                • Opcode Fuzzy Hash: 3d4ec5ea20c497022f8582e2cb85fc42270da2d5a58874625bf1fb66982ce08e
                                                                • Instruction Fuzzy Hash: DE3163B5101215AFEF229FA8DD84FDA3BA8FF0D324F010225FA98E6190C776D860DB54
                                                                Function 01033C30 Relevance: 16.8, APIs: 11, Instructions: 344fileCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • VariantInit.OLEAUT32(?), ref: 01033C5C
                                                                • CoInitialize.OLE32(00000000), ref: 01033C8A
                                                                • CoUninitialize.OLE32 ref: 01033C94
                                                                • _wcslen.LIBCMT ref: 01033D2D
                                                                • GetRunningObjectTable.OLE32(00000000,?), ref: 01033DB1
                                                                • SetErrorMode.KERNEL32(00000001,00000029), ref: 01033ED5
                                                                • CoGetInstanceFromFile.OLE32(00000000,?,00000000,00000015,00000002,?,00000001,?), ref: 01033F0E
                                                                • CoGetObject.OLE32(?,00000000,0104FB98,?), ref: 01033F2D
                                                                • SetErrorMode.KERNEL32(00000000), ref: 01033F40
                                                                • SetErrorMode.KERNEL32(00000000,00000000,00000000,00000000,00000000), ref: 01033FC4
                                                                • VariantClear.OLEAUT32(?), ref: 01033FD8
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1653254072.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                • Associated: 00000000.00000002.1653140766.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653761657.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653855110.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                Similarity
                                                                • API ID: ErrorMode$ObjectVariant$ClearFileFromInitInitializeInstanceRunningTableUninitialize_wcslen
                                                                • String ID:
                                                                • API String ID: 429561992-0
                                                                • Opcode ID: a73e65d80eb157bed77e4f0044ace232e172586b1f716f4524502542a261d381
                                                                • Instruction ID: 9b79e729b0a72f6c293053e31b9eff424417b3bd437ecaaed07699c2fd539351
                                                                • Opcode Fuzzy Hash: a73e65d80eb157bed77e4f0044ace232e172586b1f716f4524502542a261d381
                                                                • Instruction Fuzzy Hash: 15C130B1608205AFD700DF68C98496BBBE9FFC9748F00495DF98A9B250DB31ED05CB62
                                                                Function 01027A96 Relevance: 16.8, APIs: 11, Instructions: 298comCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • CoInitialize.OLE32(00000000), ref: 01027AF3
                                                                • SHGetSpecialFolderLocation.SHELL32(00000000,00000000,?), ref: 01027B8F
                                                                • SHGetDesktopFolder.SHELL32(?), ref: 01027BA3
                                                                • CoCreateInstance.OLE32(0104FD08,00000000,00000001,01076E6C,?), ref: 01027BEF
                                                                • SHCreateShellItem.SHELL32(00000000,00000000,?,00000003), ref: 01027C74
                                                                • CoTaskMemFree.OLE32(?,?), ref: 01027CCC
                                                                • SHBrowseForFolderW.SHELL32(?), ref: 01027D57
                                                                • SHGetPathFromIDListW.SHELL32(00000000,?), ref: 01027D7A
                                                                • CoTaskMemFree.OLE32(00000000), ref: 01027D81
                                                                • CoTaskMemFree.OLE32(00000000), ref: 01027DD6
                                                                • CoUninitialize.OLE32 ref: 01027DDC
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1653254072.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                • Associated: 00000000.00000002.1653140766.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653761657.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653855110.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                Similarity
                                                                • API ID: FolderFreeTask$Create$BrowseDesktopFromInitializeInstanceItemListLocationPathShellSpecialUninitialize
                                                                • String ID:
                                                                • API String ID: 2762341140-0
                                                                • Opcode ID: faaa12c54c813288ff9cdbc4ea704401269acad31ee863abb5bb1f1d4eb5f3cb
                                                                • Instruction ID: 130a4c421a298687c8f3bc3b71746e08d91dfa941b142d470b49b57c5af58be6
                                                                • Opcode Fuzzy Hash: faaa12c54c813288ff9cdbc4ea704401269acad31ee863abb5bb1f1d4eb5f3cb
                                                                • Instruction Fuzzy Hash: 3AC15A75A00119AFDB10DFA4C984DAEBBF9FF48304B148099E95ADB261DB35ED41CF90
                                                                Function 0104541D Relevance: 16.7, APIs: 11, Instructions: 191windowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • SendMessageW.USER32(?,00000158,000000FF,00000158), ref: 01045504
                                                                • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 01045515
                                                                • CharNextW.USER32(00000158), ref: 01045544
                                                                • SendMessageW.USER32(?,0000014B,00000000,00000000), ref: 01045585
                                                                • SendMessageW.USER32(?,00000158,000000FF,0000014E), ref: 0104559B
                                                                • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 010455AC
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1653254072.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                • Associated: 00000000.00000002.1653140766.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653761657.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653855110.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                Similarity
                                                                • API ID: MessageSend$CharNext
                                                                • String ID:
                                                                • API String ID: 1350042424-0
                                                                • Opcode ID: d5e9dbba1298d340e55499dc7edec87fc48e05251f1203dca0489d19ccb6fab5
                                                                • Instruction ID: c1812c1f21db25d5de79156116ff270b87f8f7a2ff096b1c1af1afeb10483791
                                                                • Opcode Fuzzy Hash: d5e9dbba1298d340e55499dc7edec87fc48e05251f1203dca0489d19ccb6fab5
                                                                • Instruction Fuzzy Hash: E361B4F4904209AFEF209F54CDC49FE7BB9EF0A724F008165FAA59B280D7759A41CB60
                                                                Function 0100FA88 Relevance: 16.6, APIs: 11, Instructions: 122memoryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • SafeArrayAllocDescriptorEx.OLEAUT32(0000000C,?,?), ref: 0100FAAF
                                                                • SafeArrayAllocData.OLEAUT32(?), ref: 0100FB08
                                                                • VariantInit.OLEAUT32(?), ref: 0100FB1A
                                                                • SafeArrayAccessData.OLEAUT32(?,?), ref: 0100FB3A
                                                                • VariantCopy.OLEAUT32(?,?), ref: 0100FB8D
                                                                • SafeArrayUnaccessData.OLEAUT32(?), ref: 0100FBA1
                                                                • VariantClear.OLEAUT32(?), ref: 0100FBB6
                                                                • SafeArrayDestroyData.OLEAUT32(?), ref: 0100FBC3
                                                                • SafeArrayDestroyDescriptor.OLEAUT32(?), ref: 0100FBCC
                                                                • VariantClear.OLEAUT32(?), ref: 0100FBDE
                                                                • SafeArrayDestroyDescriptor.OLEAUT32(?), ref: 0100FBE9
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1653254072.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                • Associated: 00000000.00000002.1653140766.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653761657.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653855110.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                Similarity
                                                                • API ID: ArraySafe$DataVariant$DescriptorDestroy$AllocClear$AccessCopyInitUnaccess
                                                                • String ID:
                                                                • API String ID: 2706829360-0
                                                                • Opcode ID: 55b9c58969ef0bb6115a652c3c31d6ea3e948f39b37748343c3ee0605afe8ab6
                                                                • Instruction ID: 0fb7250ec9d79f920c610c1dda6d305b7b43c31d270a36220388b26203e2e684
                                                                • Opcode Fuzzy Hash: 55b9c58969ef0bb6115a652c3c31d6ea3e948f39b37748343c3ee0605afe8ab6
                                                                • Instruction Fuzzy Hash: 6D419374A0021ADFEB11DF68CA949EEBBB9FF48344F008055E985A7250CB35E945DFA0
                                                                Function 01019C79 Relevance: 16.6, APIs: 11, Instructions: 119keyboardCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetKeyboardState.USER32(?), ref: 01019CA1
                                                                • GetAsyncKeyState.USER32(000000A0), ref: 01019D22
                                                                • GetKeyState.USER32(000000A0), ref: 01019D3D
                                                                • GetAsyncKeyState.USER32(000000A1), ref: 01019D57
                                                                • GetKeyState.USER32(000000A1), ref: 01019D6C
                                                                • GetAsyncKeyState.USER32(00000011), ref: 01019D84
                                                                • GetKeyState.USER32(00000011), ref: 01019D96
                                                                • GetAsyncKeyState.USER32(00000012), ref: 01019DAE
                                                                • GetKeyState.USER32(00000012), ref: 01019DC0
                                                                • GetAsyncKeyState.USER32(0000005B), ref: 01019DD8
                                                                • GetKeyState.USER32(0000005B), ref: 01019DEA
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1653254072.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                • Associated: 00000000.00000002.1653140766.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653761657.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653855110.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                Similarity
                                                                • API ID: State$Async$Keyboard
                                                                • String ID:
                                                                • API String ID: 541375521-0
                                                                • Opcode ID: e85e5f3924b5e8b33e3e1c7b323ce8604fad385ab3448b50f29f7937e5c9be41
                                                                • Instruction ID: 97c50702794176a24cc2477290094bbeda338ab6110f1063bf3855ca78200e98
                                                                • Opcode Fuzzy Hash: e85e5f3924b5e8b33e3e1c7b323ce8604fad385ab3448b50f29f7937e5c9be41
                                                                • Instruction Fuzzy Hash: 1C41E5346047C96AFFB29668C5643B5BEE06B01308F4880DEDAC6565C7DBAD91C8C7A2
                                                                Function 0103055B Relevance: 16.0, APIs: 8, Strings: 1, Instructions: 207networkfileCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • WSAStartup.WSOCK32(00000101,?), ref: 010305BC
                                                                • inet_addr.WSOCK32(?), ref: 0103061C
                                                                • gethostbyname.WSOCK32(?), ref: 01030628
                                                                • IcmpCreateFile.IPHLPAPI ref: 01030636
                                                                • IcmpSendEcho.IPHLPAPI(?,?,?,00000005,00000000,?,00000029,00000FA0), ref: 010306C6
                                                                • IcmpSendEcho.IPHLPAPI(00000000,00000000,?,00000005,00000000,?,00000029,00000FA0), ref: 010306E5
                                                                • IcmpCloseHandle.IPHLPAPI(?), ref: 010307B9
                                                                • WSACleanup.WSOCK32 ref: 010307BF
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1653254072.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                • Associated: 00000000.00000002.1653140766.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653761657.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653855110.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                Similarity
                                                                • API ID: Icmp$EchoSend$CleanupCloseCreateFileHandleStartupgethostbynameinet_addr
                                                                • String ID: Ping
                                                                • API String ID: 1028309954-2246546115
                                                                • Opcode ID: b1098ca5068141b310680dd628adec182be5fda11791302a3fcb0c734283eaaa
                                                                • Instruction ID: 92aadd0b4a5f84c0bb2fec145d83339d26804eff1dd95bc6fd5746a3e48379d1
                                                                • Opcode Fuzzy Hash: b1098ca5068141b310680dd628adec182be5fda11791302a3fcb0c734283eaaa
                                                                • Instruction Fuzzy Hash: 5691C3749052019FE321CF19C989F1ABBE4BF84318F048599F5AA8B7A6C735EC45CF91
                                                                Function 01038CD3 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 193COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1653254072.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                • Associated: 00000000.00000002.1653140766.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653761657.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653855110.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                Similarity
                                                                • API ID: _wcslen$BuffCharLower
                                                                • String ID: cdecl$none$stdcall$winapi
                                                                • API String ID: 707087890-567219261
                                                                • Opcode ID: 1abfc9e8a769c206ca23f5d985736cf79983ded89c6c4a6ee2a5c1e12aa5091d
                                                                • Instruction ID: bae8a822edfc28dc62f61076d3113e1f51b205a74666ba1fa50e950a179c98ba
                                                                • Opcode Fuzzy Hash: 1abfc9e8a769c206ca23f5d985736cf79983ded89c6c4a6ee2a5c1e12aa5091d
                                                                • Instruction Fuzzy Hash: 1351C431A001169BCF15EF6CC9508BEB7E9BF94720B2483AAF5A6E7285D735DD40C7A0
                                                                Function 0103372C Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 187comCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • CoInitialize.OLE32 ref: 01033774
                                                                • CoUninitialize.OLE32 ref: 0103377F
                                                                • CoCreateInstance.OLE32(?,00000000,00000017,0104FB78,?), ref: 010337D9
                                                                • IIDFromString.OLE32(?,?), ref: 0103384C
                                                                • VariantInit.OLEAUT32(?), ref: 010338E4
                                                                • VariantClear.OLEAUT32(?), ref: 01033936
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1653254072.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                • Associated: 00000000.00000002.1653140766.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653761657.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653855110.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                Similarity
                                                                • API ID: Variant$ClearCreateFromInitInitializeInstanceStringUninitialize
                                                                • String ID: Failed to create object$Invalid parameter$NULL Pointer assignment
                                                                • API String ID: 636576611-1287834457
                                                                • Opcode ID: 6c5b80bfadc5674af27718ea1df10a730d1f48af4b27ca43561171faaacf5421
                                                                • Instruction ID: 7f631f2afbb3b3618427e714c55ea0764ae0b66b6dcbadf35db226759cfda0ff
                                                                • Opcode Fuzzy Hash: 6c5b80bfadc5674af27718ea1df10a730d1f48af4b27ca43561171faaacf5421
                                                                • Instruction Fuzzy Hash: 80619C74608301AFD321DF54C989BAABBE8BF89714F00085DF9C59B291C774E948CB92
                                                                Function 01023388 Relevance: 15.9, APIs: 3, Strings: 6, Instructions: 149COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • LoadStringW.USER32(00000066,?,00000FFF,?), ref: 010233CF
                                                                  • Part of subcall function 00FB9CB3: _wcslen.LIBCMT ref: 00FB9CBD
                                                                • LoadStringW.USER32(00000072,?,00000FFF,?), ref: 010233F0
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1653254072.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                • Associated: 00000000.00000002.1653140766.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653761657.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653855110.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                Similarity
                                                                • API ID: LoadString$_wcslen
                                                                • String ID: Error: $"%s" (%d) : ==> %s:$"%s" (%d) : ==> %s:%s%s$Incorrect parameters to object property !$Line %d (File "%s"):$^ ERROR
                                                                • API String ID: 4099089115-3080491070
                                                                • Opcode ID: 91ef8fa22a7ec997fe138f5913c43d5b385bbc861f1725a8c2bf0ccaa2dba467
                                                                • Instruction ID: 1e27c79796ca1e095b1125224ff9423b2d1e3714426d4cc16bb2f94801398016
                                                                • Opcode Fuzzy Hash: 91ef8fa22a7ec997fe138f5913c43d5b385bbc861f1725a8c2bf0ccaa2dba467
                                                                • Instruction Fuzzy Hash: 1951AF7180021AABDF14EBA1CE42EEEB7B9AF18340F544065F14576051EB3A6F98EF60
                                                                Function 0101B5C8 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 142COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1653254072.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                • Associated: 00000000.00000002.1653140766.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653761657.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653855110.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                Similarity
                                                                • API ID: _wcslen$BuffCharUpper
                                                                • String ID: APPEND$EXISTS$KEYS$REMOVE
                                                                • API String ID: 1256254125-769500911
                                                                • Opcode ID: db5cc2f033e14e9ce3333a026d440e6e2570b5a327a8659431f671696be4f246
                                                                • Instruction ID: 344037a81e8ad4996cbbe34c8fae9f490b3d83c2d954e6abbb0ab0502a029b20
                                                                • Opcode Fuzzy Hash: db5cc2f033e14e9ce3333a026d440e6e2570b5a327a8659431f671696be4f246
                                                                • Instruction Fuzzy Hash: E7412932A000268BCB206F7DCC905BEBBF1BF78694B144569E5A1D7289F73DC881C790
                                                                Function 01025393 Relevance: 15.9, APIs: 4, Strings: 5, Instructions: 103COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • SetErrorMode.KERNEL32(00000001), ref: 010253A0
                                                                • GetDiskFreeSpaceW.KERNEL32(?,?,?,?,?,00000002,00000001), ref: 01025416
                                                                • GetLastError.KERNEL32 ref: 01025420
                                                                • SetErrorMode.KERNEL32(00000000,READY), ref: 010254A7
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1653254072.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                • Associated: 00000000.00000002.1653140766.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653761657.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653855110.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                Similarity
                                                                • API ID: Error$Mode$DiskFreeLastSpace
                                                                • String ID: INVALID$NOTREADY$READONLY$READY$UNKNOWN
                                                                • API String ID: 4194297153-14809454
                                                                • Opcode ID: 8bf968f0f3c3e940781094b82272a955aca0e891e095b49871db0132b5152493
                                                                • Instruction ID: 09bcd0a8200c8e2ae209060d5bab76cb7b44dae8602b93fb3a2c901d8677e1d1
                                                                • Opcode Fuzzy Hash: 8bf968f0f3c3e940781094b82272a955aca0e891e095b49871db0132b5152493
                                                                • Instruction Fuzzy Hash: B931A075A002149FE711DF68C984AEABBF4FF45309F048096E946CB292DB75ED46CB90
                                                                Function 01043C46 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 101windowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • CreateMenu.USER32 ref: 01043C79
                                                                • SetMenu.USER32(?,00000000), ref: 01043C88
                                                                • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 01043D10
                                                                • IsMenu.USER32(?), ref: 01043D24
                                                                • CreatePopupMenu.USER32 ref: 01043D2E
                                                                • InsertMenuItemW.USER32(?,?,00000001,00000030), ref: 01043D5B
                                                                • DrawMenuBar.USER32 ref: 01043D63
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1653254072.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                • Associated: 00000000.00000002.1653140766.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653761657.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653855110.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                Similarity
                                                                • API ID: Menu$CreateItem$DrawInfoInsertPopup
                                                                • String ID: 0$F
                                                                • API String ID: 161812096-3044882817
                                                                • Opcode ID: 80e646026f6307c884699bf949e28201bb044dfb89809b3146799fdf846f1287
                                                                • Instruction ID: 4f3265965213ce97a016f897a0070f44530edacb5266dcc77e4e031b1141f351
                                                                • Opcode Fuzzy Hash: 80e646026f6307c884699bf949e28201bb044dfb89809b3146799fdf846f1287
                                                                • Instruction Fuzzy Hash: BD418DB8A01219AFEB24DF64E984A9E7BF5FF49310F040068FAC69B350D735A910CF94
                                                                Function 01011EDF Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 78windowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 00FB9CB3: _wcslen.LIBCMT ref: 00FB9CBD
                                                                  • Part of subcall function 01013CA7: GetClassNameW.USER32(?,?,000000FF), ref: 01013CCA
                                                                • SendMessageW.USER32(?,0000018C,000000FF,00020000), ref: 01011F64
                                                                • GetDlgCtrlID.USER32 ref: 01011F6F
                                                                • GetParent.USER32 ref: 01011F8B
                                                                • SendMessageW.USER32(00000000,?,00000111,?), ref: 01011F8E
                                                                • GetDlgCtrlID.USER32(?), ref: 01011F97
                                                                • GetParent.USER32(?), ref: 01011FAB
                                                                • SendMessageW.USER32(00000000,?,00000111,?), ref: 01011FAE
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1653254072.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                • Associated: 00000000.00000002.1653140766.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653761657.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653855110.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                Similarity
                                                                • API ID: MessageSend$CtrlParent$ClassName_wcslen
                                                                • String ID: ComboBox$ListBox
                                                                • API String ID: 711023334-1403004172
                                                                • Opcode ID: aab1c4f8ae07fbdd5cab81270b21de60ec187e91888a0e7b587313c79e5cfd2e
                                                                • Instruction ID: f22e7ca799e536830bc0279e220bc39ad67340db2d8b7e0935be94429b9dd313
                                                                • Opcode Fuzzy Hash: aab1c4f8ae07fbdd5cab81270b21de60ec187e91888a0e7b587313c79e5cfd2e
                                                                • Instruction Fuzzy Hash: 8C21B0B4900218BBDF14AFA5CD849FEBBB8AF19310F004159BAA167295DB7D94089B64
                                                                Function 01011FC0 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 77windowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 00FB9CB3: _wcslen.LIBCMT ref: 00FB9CBD
                                                                  • Part of subcall function 01013CA7: GetClassNameW.USER32(?,?,000000FF), ref: 01013CCA
                                                                • SendMessageW.USER32(?,00000186,00020000,00000000), ref: 01012043
                                                                • GetDlgCtrlID.USER32 ref: 0101204E
                                                                • GetParent.USER32 ref: 0101206A
                                                                • SendMessageW.USER32(00000000,?,00000111,?), ref: 0101206D
                                                                • GetDlgCtrlID.USER32(?), ref: 01012076
                                                                • GetParent.USER32(?), ref: 0101208A
                                                                • SendMessageW.USER32(00000000,?,00000111,?), ref: 0101208D
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1653254072.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                • Associated: 00000000.00000002.1653140766.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653761657.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653855110.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                Similarity
                                                                • API ID: MessageSend$CtrlParent$ClassName_wcslen
                                                                • String ID: ComboBox$ListBox
                                                                • API String ID: 711023334-1403004172
                                                                • Opcode ID: 1a8babfbc9e1abe8c2e5a511b81f9948e062ca260da9df5622e6591836ae89f6
                                                                • Instruction ID: ae9c9961b5a7303f2d501f078f46581937d5c69dcd334541a8035bc550b5b835
                                                                • Opcode Fuzzy Hash: 1a8babfbc9e1abe8c2e5a511b81f9948e062ca260da9df5622e6591836ae89f6
                                                                • Instruction Fuzzy Hash: A921FFB5900218BBDF11AFA0CD84EFEBFB8AF08300F104045BA95A7196DA7E9404DB60
                                                                Function 01043A23 Relevance: 15.2, APIs: 10, Instructions: 182windowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • SendMessageW.USER32(?,0000101F,00000000,00000000), ref: 01043A9D
                                                                • SendMessageW.USER32(00000000,?,0000101F,00000000), ref: 01043AA0
                                                                • GetWindowLongW.USER32(?,000000F0), ref: 01043AC7
                                                                • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 01043AEA
                                                                • SendMessageW.USER32(?,0000104D,00000000,00000007), ref: 01043B62
                                                                • SendMessageW.USER32(?,00001074,00000000,00000007), ref: 01043BAC
                                                                • SendMessageW.USER32(?,00001057,00000000,00000000), ref: 01043BC7
                                                                • SendMessageW.USER32(?,0000101D,00001004,00000000), ref: 01043BE2
                                                                • SendMessageW.USER32(?,0000101E,00001004,00000000), ref: 01043BF6
                                                                • SendMessageW.USER32(?,00001008,00000000,00000007), ref: 01043C13
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1653254072.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                • Associated: 00000000.00000002.1653140766.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653761657.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653855110.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                Similarity
                                                                • API ID: MessageSend$LongWindow
                                                                • String ID:
                                                                • API String ID: 312131281-0
                                                                • Opcode ID: efbd51dd73f3366a9a2f20f8aa8b1f22ab6d884532d08f3d0fc6daf648529621
                                                                • Instruction ID: 1579072107cc0897af28ddc8dbca7ca3ed0a787975245045b42f99abb18caf7f
                                                                • Opcode Fuzzy Hash: efbd51dd73f3366a9a2f20f8aa8b1f22ab6d884532d08f3d0fc6daf648529621
                                                                • Instruction Fuzzy Hash: 7D6159B5900218AFDB20DFA8CC81EEE77F8BF09700F1041A9EA95AB291C774A945DB50
                                                                Function 0101B12F Relevance: 15.1, APIs: 10, Instructions: 88threadCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetCurrentThreadId.KERNEL32 ref: 0101B151
                                                                • GetForegroundWindow.USER32(00000000,?,?,?,?,?,0101A1E1,?,00000001), ref: 0101B165
                                                                • GetWindowThreadProcessId.USER32(00000000), ref: 0101B16C
                                                                • AttachThreadInput.USER32(00000000,00000000,00000001,?,?,?,?,?,0101A1E1,?,00000001), ref: 0101B17B
                                                                • GetWindowThreadProcessId.USER32(?,00000000), ref: 0101B18D
                                                                • AttachThreadInput.USER32(?,00000000,00000001,?,?,?,?,?,0101A1E1,?,00000001), ref: 0101B1A6
                                                                • AttachThreadInput.USER32(00000000,00000000,00000001,?,?,?,?,?,0101A1E1,?,00000001), ref: 0101B1B8
                                                                • AttachThreadInput.USER32(00000000,00000000,?,?,?,?,?,0101A1E1,?,00000001), ref: 0101B1FD
                                                                • AttachThreadInput.USER32(?,?,00000000,?,?,?,?,?,0101A1E1,?,00000001), ref: 0101B212
                                                                • AttachThreadInput.USER32(00000000,?,00000000,?,?,?,?,?,0101A1E1,?,00000001), ref: 0101B21D
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1653254072.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                • Associated: 00000000.00000002.1653140766.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653761657.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653855110.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                Similarity
                                                                • API ID: Thread$AttachInput$Window$Process$CurrentForeground
                                                                • String ID:
                                                                • API String ID: 2156557900-0
                                                                • Opcode ID: 6ed0f184e855777b9a56b2332480f1bd168422173e8dd34e4a03273094b0895d
                                                                • Instruction ID: 52e850520752afe0b3c44dd1b9ffeb3076f4ea892b1538d785d3e21a038d242c
                                                                • Opcode Fuzzy Hash: 6ed0f184e855777b9a56b2332480f1bd168422173e8dd34e4a03273094b0895d
                                                                • Instruction Fuzzy Hash: 0A31F5B5100604BFEB359F68D994FAD7BB9BB95711F108044FAC0CA188C7BDD8018F20
                                                                Function 00FE2C80 Relevance: 15.1, APIs: 10, Instructions: 54COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • _free.LIBCMT ref: 00FE2C94
                                                                  • Part of subcall function 00FE29C8: RtlFreeHeap.NTDLL(00000000,00000000,?,00FED7D1,00000000,00000000,00000000,00000000,?,00FED7F8,00000000,00000007,00000000,?,00FEDBF5,00000000), ref: 00FE29DE
                                                                  • Part of subcall function 00FE29C8: GetLastError.KERNEL32(00000000,?,00FED7D1,00000000,00000000,00000000,00000000,?,00FED7F8,00000000,00000007,00000000,?,00FEDBF5,00000000,00000000), ref: 00FE29F0
                                                                • _free.LIBCMT ref: 00FE2CA0
                                                                • _free.LIBCMT ref: 00FE2CAB
                                                                • _free.LIBCMT ref: 00FE2CB6
                                                                • _free.LIBCMT ref: 00FE2CC1
                                                                • _free.LIBCMT ref: 00FE2CCC
                                                                • _free.LIBCMT ref: 00FE2CD7
                                                                • _free.LIBCMT ref: 00FE2CE2
                                                                • _free.LIBCMT ref: 00FE2CED
                                                                • _free.LIBCMT ref: 00FE2CFB
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1653254072.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                • Associated: 00000000.00000002.1653140766.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653761657.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653855110.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                Similarity
                                                                • API ID: _free$ErrorFreeHeapLast
                                                                • String ID:
                                                                • API String ID: 776569668-0
                                                                • Opcode ID: acee691b7dff52a68b8ec3917334d22aa886d9ab1f50b593634eaa98bb948c8e
                                                                • Instruction ID: 84606fcfc17b61cd01b7b8bd839f31c9fd2f53774bdb59127380fe9b30c41a78
                                                                • Opcode Fuzzy Hash: acee691b7dff52a68b8ec3917334d22aa886d9ab1f50b593634eaa98bb948c8e
                                                                • Instruction Fuzzy Hash: 7811C67610014CAFCB82EF5ADC42CDD3BB9FF05350F425490F9485B222E639EA50BB91
                                                                Function 01027DF0 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 230COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetCurrentDirectoryW.KERNEL32(00007FFF,?), ref: 01027FAD
                                                                • SetCurrentDirectoryW.KERNEL32(?), ref: 01027FC1
                                                                • GetFileAttributesW.KERNEL32(?), ref: 01027FEB
                                                                • SetFileAttributesW.KERNEL32(?,00000000), ref: 01028005
                                                                • SetCurrentDirectoryW.KERNEL32(?), ref: 01028017
                                                                • SetCurrentDirectoryW.KERNEL32(?), ref: 01028060
                                                                • SetCurrentDirectoryW.KERNEL32(?,?,?,?,?), ref: 010280B0
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1653254072.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                • Associated: 00000000.00000002.1653140766.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653761657.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653855110.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                Similarity
                                                                • API ID: CurrentDirectory$AttributesFile
                                                                • String ID: *.*
                                                                • API String ID: 769691225-438819550
                                                                • Opcode ID: 53402162e346ac9aa6d1dea9e4b1b201ada8291c0ca35748c01608a0d99b7f12
                                                                • Instruction ID: 2e349e69ef1395d745b00b4b663212f5cd725403fe0b498afc28bc4d7ef5533d
                                                                • Opcode Fuzzy Hash: 53402162e346ac9aa6d1dea9e4b1b201ada8291c0ca35748c01608a0d99b7f12
                                                                • Instruction Fuzzy Hash: 0881C2725043119BDB64EF18C8849AEB7E8BF98310F148C5EF9C5C7251E739E945CBA2
                                                                Function 00FB5BEA Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 184windowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • SetWindowLongW.USER32(?,000000EB), ref: 00FB5C7A
                                                                  • Part of subcall function 00FB5D0A: GetClientRect.USER32(?,?), ref: 00FB5D30
                                                                  • Part of subcall function 00FB5D0A: GetWindowRect.USER32(?,?), ref: 00FB5D71
                                                                  • Part of subcall function 00FB5D0A: ScreenToClient.USER32(?,?), ref: 00FB5D99
                                                                • GetDC.USER32 ref: 00FF46F5
                                                                • SendMessageW.USER32(?,00000031,00000000,00000000), ref: 00FF4708
                                                                • SelectObject.GDI32(00000000,00000000), ref: 00FF4716
                                                                • SelectObject.GDI32(00000000,00000000), ref: 00FF472B
                                                                • ReleaseDC.USER32(?,00000000), ref: 00FF4733
                                                                • MoveWindow.USER32(?,?,?,?,?,?,?,00000031,00000000,00000000), ref: 00FF47C4
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1653254072.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                • Associated: 00000000.00000002.1653140766.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653761657.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653855110.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                Similarity
                                                                • API ID: Window$ClientObjectRectSelect$LongMessageMoveReleaseScreenSend
                                                                • String ID: U
                                                                • API String ID: 4009187628-3372436214
                                                                • Opcode ID: 16883055be64d7cdea2924965c37357583419feed9a58c1cbf25ee7d0529f3a3
                                                                • Instruction ID: f95c2f794b3199f8309eac597c0f52e84cb6eaa9a65b95b055d486045819d1e9
                                                                • Opcode Fuzzy Hash: 16883055be64d7cdea2924965c37357583419feed9a58c1cbf25ee7d0529f3a3
                                                                • Instruction Fuzzy Hash: B971F376800209DFCF219F64C984AFB7BB2FF4A364F144269EE919A179C335A841EF50
                                                                Function 0102359C Relevance: 14.2, APIs: 3, Strings: 5, Instructions: 150COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • LoadStringW.USER32(00000066,?,00000FFF,00000000), ref: 010235E4
                                                                  • Part of subcall function 00FB9CB3: _wcslen.LIBCMT ref: 00FB9CBD
                                                                • LoadStringW.USER32(01082390,?,00000FFF,?), ref: 0102360A
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1653254072.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                • Associated: 00000000.00000002.1653140766.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653761657.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653855110.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                Similarity
                                                                • API ID: LoadString$_wcslen
                                                                • String ID: Error: $"%s" (%d) : ==> %s:$"%s" (%d) : ==> %s:%s%s$Line %d (File "%s"):$^ ERROR
                                                                • API String ID: 4099089115-2391861430
                                                                • Opcode ID: 527ee6ac46d08e79b876b17c056c1474e3d98875d0de95c23e3d1e6721fbcde4
                                                                • Instruction ID: 7a7056087d6932037015b2adaac1e9281d33fe925db0ddabd15fba86aba58a04
                                                                • Opcode Fuzzy Hash: 527ee6ac46d08e79b876b17c056c1474e3d98875d0de95c23e3d1e6721fbcde4
                                                                • Instruction Fuzzy Hash: 8A51A071C0021ABBDF24EBA1CC82EEEBB79BF14300F544165F24576051DB395A99EFA0
                                                                Function 0102C253 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 94networkCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • InternetOpenUrlW.WININET(?,?,00000000,00000000,?,00000000), ref: 0102C272
                                                                • HttpSendRequestW.WININET(00000000,00000000,00000000,00000000,00000000), ref: 0102C29A
                                                                • HttpQueryInfoW.WININET(00000000,00000005,?,?,?), ref: 0102C2CA
                                                                • GetLastError.KERNEL32 ref: 0102C322
                                                                • SetEvent.KERNEL32(?), ref: 0102C336
                                                                • InternetCloseHandle.WININET(00000000), ref: 0102C341
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1653254072.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                • Associated: 00000000.00000002.1653140766.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653761657.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653855110.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                Similarity
                                                                • API ID: HttpInternet$CloseErrorEventHandleInfoLastOpenQueryRequestSend
                                                                • String ID:
                                                                • API String ID: 3113390036-3916222277
                                                                • Opcode ID: 02ef89064dafa8935bbc43d99a2f7e0f2993f18100162b27e060c68605fad0d5
                                                                • Instruction ID: 521e8f971c50e9a5a91dbf990b22d4a2406256d073403268618df643fe5d3edb
                                                                • Opcode Fuzzy Hash: 02ef89064dafa8935bbc43d99a2f7e0f2993f18100162b27e060c68605fad0d5
                                                                • Instruction Fuzzy Hash: A831A2B1500614AFF731DF688B84AAF7BFCEB49644B04895DE4CAD3200DB75DA448B60
                                                                Function 0101989B Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 74windowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetModuleHandleW.KERNEL32(00000000,?,?,00000FFF,00000000,?,00FF3AAF,?,?,Bad directive syntax error,0104CC08,00000000,00000010,?,?,>>>AUTOIT SCRIPT<<<), ref: 010198BC
                                                                • LoadStringW.USER32(00000000,?,00FF3AAF,?), ref: 010198C3
                                                                  • Part of subcall function 00FB9CB3: _wcslen.LIBCMT ref: 00FB9CBD
                                                                • MessageBoxW.USER32(00000000,00000001,00000001,00011010), ref: 01019987
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1653254072.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                • Associated: 00000000.00000002.1653140766.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653761657.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653855110.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                Similarity
                                                                • API ID: HandleLoadMessageModuleString_wcslen
                                                                • String ID: Error: $%s (%d) : ==> %s.: %s %s$.$Line %d (File "%s"):$Line %d:
                                                                • API String ID: 858772685-4153970271
                                                                • Opcode ID: c25b52d974de9bb3b7bf9c3dfde163776ae84a4290d732f197d1941bf5f1edb7
                                                                • Instruction ID: 28b0163a08152313af14063ee6056dee99eb8c968a0247a3dc14c6dc21a19c39
                                                                • Opcode Fuzzy Hash: c25b52d974de9bb3b7bf9c3dfde163776ae84a4290d732f197d1941bf5f1edb7
                                                                • Instruction Fuzzy Hash: 7121A031C4021EBBDF11AF91CC46EEE7B76BF18304F044469F655660A2EB7A9658DF10
                                                                Function 0101209F Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 71windowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetParent.USER32 ref: 010120AB
                                                                • GetClassNameW.USER32(00000000,?,00000100), ref: 010120C0
                                                                • SendMessageW.USER32(00000000,00000111,0000702B,00000000), ref: 0101214D
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1653254072.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                • Associated: 00000000.00000002.1653140766.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653761657.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653855110.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                Similarity
                                                                • API ID: ClassMessageNameParentSend
                                                                • String ID: SHELLDLL_DefView$details$largeicons$list$smallicons
                                                                • API String ID: 1290815626-3381328864
                                                                • Opcode ID: 6e730aa9130c38932f496d9fcf5af03e1561afc4c66b2974cb628206411b3aba
                                                                • Instruction ID: 6872161c5fefbdbff34f14ea41fc951f5e4823afac3801d4591210f27bde6b29
                                                                • Opcode Fuzzy Hash: 6e730aa9130c38932f496d9fcf5af03e1561afc4c66b2974cb628206411b3aba
                                                                • Instruction Fuzzy Hash: 02113D7E584306B6F6157524DC06CFA339CCB15324B30005AFB84A8096FA7D74015A18
                                                                Function 00FE8D45 Relevance: 13.8, APIs: 9, Instructions: 300COMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1653254072.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                • Associated: 00000000.00000002.1653140766.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653761657.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653855110.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: f85c585f87b38ac7ec176d0d37f9ccd66126197b84f65351b33e1393e7fc1d75
                                                                • Instruction ID: 48425190d77af11c2b32ca5bfc872d0380ac03574edf7ca640afa96e3f296b60
                                                                • Opcode Fuzzy Hash: f85c585f87b38ac7ec176d0d37f9ccd66126197b84f65351b33e1393e7fc1d75
                                                                • Instruction Fuzzy Hash: F6C12775D082C99FCB11EFAACC40BAD7BB1AF09320F044199F559A7392C7798941EB70
                                                                Function 00FECE90 Relevance: 13.7, APIs: 9, Instructions: 209COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1653254072.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                • Associated: 00000000.00000002.1653140766.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653761657.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653855110.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                Similarity
                                                                • API ID: _free$EnvironmentVariable___from_strstr_to_strchr
                                                                • String ID:
                                                                • API String ID: 1282221369-0
                                                                • Opcode ID: 25a0ebe6e278a9aaac0911378e6fbd98e0a7d59347e170ba4b19bb2693ed01ce
                                                                • Instruction ID: fcbff18871cdf071d1e6cde6d1df71ba479c73c54c2dcd36b3343c1e9bc74cf9
                                                                • Opcode Fuzzy Hash: 25a0ebe6e278a9aaac0911378e6fbd98e0a7d59347e170ba4b19bb2693ed01ce
                                                                • Instruction Fuzzy Hash: CD613B72D043C46FDB21AF769C41A6D7BA5AF05320F04416EF98197246E73A9D02B7A1
                                                                Function 010450D4 Relevance: 13.7, APIs: 9, Instructions: 162windowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • SendMessageW.USER32(?,00002001,00000000,00000000), ref: 01045186
                                                                • ShowWindow.USER32(?,00000000), ref: 010451C7
                                                                • ShowWindow.USER32(?,00000005,?,00000000), ref: 010451CD
                                                                • SetFocus.USER32(?,?,00000005,?,00000000), ref: 010451D1
                                                                  • Part of subcall function 01046FBA: DeleteObject.GDI32(00000000), ref: 01046FE6
                                                                • GetWindowLongW.USER32(?,000000F0), ref: 0104520D
                                                                • SetWindowLongW.USER32(?,000000F0,00000000), ref: 0104521A
                                                                • InvalidateRect.USER32(?,00000000,00000001,?,00000001), ref: 0104524D
                                                                • SendMessageW.USER32(?,00001001,00000000,000000FE), ref: 01045287
                                                                • SendMessageW.USER32(?,00001026,00000000,000000FE), ref: 01045296
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1653254072.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                • Associated: 00000000.00000002.1653140766.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653761657.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653855110.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                Similarity
                                                                • API ID: Window$MessageSend$LongShow$DeleteFocusInvalidateObjectRect
                                                                • String ID:
                                                                • API String ID: 3210457359-0
                                                                • Opcode ID: aa06062ed3d3470cb30185c1c93e956d62179caef898f43797832abba3887389
                                                                • Instruction ID: d21710cf8813dec88a680676ac0ac6a0b35a72157ebd40dc425dbf9de134eb8f
                                                                • Opcode Fuzzy Hash: aa06062ed3d3470cb30185c1c93e956d62179caef898f43797832abba3887389
                                                                • Instruction Fuzzy Hash: CF51B5B0A41209BFFF309E28CDCABD93BA5FF45321F148062F695962E1D775A580DB41
                                                                Function 00FC8B06 Relevance: 13.7, APIs: 9, Instructions: 155windowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • LoadImageW.USER32(00000000,?,?,00000010,00000010,00000010), ref: 01006890
                                                                • ExtractIconExW.SHELL32(?,?,00000000,00000000,00000001), ref: 010068A9
                                                                • LoadImageW.USER32(00000000,?,00000001,00000000,00000000,00000050), ref: 010068B9
                                                                • ExtractIconExW.SHELL32(?,?,?,00000000,00000001), ref: 010068D1
                                                                • SendMessageW.USER32(00000000,00000080,00000000,00000000), ref: 010068F2
                                                                • DestroyIcon.USER32(00000000,?,00000010,00000010,00000010,?,?,?,?,?,00FC8874,00000000,00000000,00000000,000000FF,00000000), ref: 01006901
                                                                • SendMessageW.USER32(00000000,00000080,00000001,00000000), ref: 0100691E
                                                                • DestroyIcon.USER32(00000000,?,00000010,00000010,00000010,?,?,?,?,?,00FC8874,00000000,00000000,00000000,000000FF,00000000), ref: 0100692D
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1653254072.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                • Associated: 00000000.00000002.1653140766.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653761657.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653855110.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                Similarity
                                                                • API ID: Icon$DestroyExtractImageLoadMessageSend
                                                                • String ID:
                                                                • API String ID: 1268354404-0
                                                                • Opcode ID: bd9ad2f3a676178766c0546e142e364066a1f0e181d4b939a533af1feb8ca0f4
                                                                • Instruction ID: 8f7237f42310ca5ce58abd9a817eeee3cde6754f8147af49ae39fa26c6de8404
                                                                • Opcode Fuzzy Hash: bd9ad2f3a676178766c0546e142e364066a1f0e181d4b939a533af1feb8ca0f4
                                                                • Instruction Fuzzy Hash: 4F516DB0600206EFEB21CF24C986FAA7BB6FF84750F104518F986972D0DB76E951DB50
                                                                Function 0102C143 Relevance: 13.6, APIs: 9, Instructions: 95networkCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • InternetConnectW.WININET(?,?,?,?,?,?,00000000,00000000), ref: 0102C182
                                                                • GetLastError.KERNEL32 ref: 0102C195
                                                                • SetEvent.KERNEL32(?), ref: 0102C1A9
                                                                  • Part of subcall function 0102C253: InternetOpenUrlW.WININET(?,?,00000000,00000000,?,00000000), ref: 0102C272
                                                                  • Part of subcall function 0102C253: GetLastError.KERNEL32 ref: 0102C322
                                                                  • Part of subcall function 0102C253: SetEvent.KERNEL32(?), ref: 0102C336
                                                                  • Part of subcall function 0102C253: InternetCloseHandle.WININET(00000000), ref: 0102C341
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1653254072.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                • Associated: 00000000.00000002.1653140766.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653761657.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653855110.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                Similarity
                                                                • API ID: Internet$ErrorEventLast$CloseConnectHandleOpen
                                                                • String ID:
                                                                • API String ID: 337547030-0
                                                                • Opcode ID: 232aedf45038018b8424d9fe5d94a60415572e710437672e3050c1fa87938896
                                                                • Instruction ID: 640084dff43e9a1509816410361e1e9bb4bbc807213df7be13b10917ecf36c07
                                                                • Opcode Fuzzy Hash: 232aedf45038018b8424d9fe5d94a60415572e710437672e3050c1fa87938896
                                                                • Instruction Fuzzy Hash: AB31A0B5101651AFFB319FA9DB44A6EBBF8FF19200B00441DF99A83604DB36E414DBA0
                                                                Function 010125A2 Relevance: 13.6, APIs: 9, Instructions: 60sleepkeyboardwindowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 01013A3D: GetWindowThreadProcessId.USER32(?,00000000), ref: 01013A57
                                                                  • Part of subcall function 01013A3D: GetCurrentThreadId.KERNEL32 ref: 01013A5E
                                                                  • Part of subcall function 01013A3D: AttachThreadInput.USER32(00000000,?,00000000,00000000,?,010125B3), ref: 01013A65
                                                                • MapVirtualKeyW.USER32(00000025,00000000), ref: 010125BD
                                                                • PostMessageW.USER32(?,00000100,00000025,00000000), ref: 010125DB
                                                                • Sleep.KERNEL32(00000000,?,00000100,00000025,00000000), ref: 010125DF
                                                                • MapVirtualKeyW.USER32(00000025,00000000), ref: 010125E9
                                                                • PostMessageW.USER32(?,00000100,00000027,00000000), ref: 01012601
                                                                • Sleep.KERNEL32(00000000,?,00000100,00000027,00000000), ref: 01012605
                                                                • MapVirtualKeyW.USER32(00000025,00000000), ref: 0101260F
                                                                • PostMessageW.USER32(?,00000101,00000027,00000000), ref: 01012623
                                                                • Sleep.KERNEL32(00000000,?,00000101,00000027,00000000,?,00000100,00000027,00000000), ref: 01012627
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1653254072.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                • Associated: 00000000.00000002.1653140766.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653761657.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653855110.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                Similarity
                                                                • API ID: MessagePostSleepThreadVirtual$AttachCurrentInputProcessWindow
                                                                • String ID:
                                                                • API String ID: 2014098862-0
                                                                • Opcode ID: accd2ec66694d5056f725708e02febd7befb873eae7f604a63714d180d40a7cb
                                                                • Instruction ID: dc9f13e224ddc11458fa0f06c0b6388d65d3c85390d919aecb7b065fa3491c46
                                                                • Opcode Fuzzy Hash: accd2ec66694d5056f725708e02febd7befb873eae7f604a63714d180d40a7cb
                                                                • Instruction Fuzzy Hash: A301D871791210BBFB2066689DCAF593F59EB4EB11F500001F398AE0D8C9F624448BA9
                                                                Function 01011803 Relevance: 13.5, APIs: 9, Instructions: 49memorythreadCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetProcessHeap.KERNEL32(00000008,0000000C,?,00000000,?,01011449,?,?,00000000), ref: 0101180C
                                                                • HeapAlloc.KERNEL32(00000000,?,01011449,?,?,00000000), ref: 01011813
                                                                • GetCurrentProcess.KERNEL32(00000000,00000000,00000000,00000002,?,01011449,?,?,00000000), ref: 01011828
                                                                • GetCurrentProcess.KERNEL32(?,00000000,?,01011449,?,?,00000000), ref: 01011830
                                                                • DuplicateHandle.KERNEL32(00000000,?,01011449,?,?,00000000), ref: 01011833
                                                                • GetCurrentProcess.KERNEL32(00000000,00000000,00000000,00000002,?,01011449,?,?,00000000), ref: 01011843
                                                                • GetCurrentProcess.KERNEL32(01011449,00000000,?,01011449,?,?,00000000), ref: 0101184B
                                                                • DuplicateHandle.KERNEL32(00000000,?,01011449,?,?,00000000), ref: 0101184E
                                                                • CreateThread.KERNEL32(00000000,00000000,01011874,00000000,00000000,00000000), ref: 01011868
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1653254072.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                • Associated: 00000000.00000002.1653140766.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653761657.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653855110.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                Similarity
                                                                • API ID: Process$Current$DuplicateHandleHeap$AllocCreateThread
                                                                • String ID:
                                                                • API String ID: 1957940570-0
                                                                • Opcode ID: 72a351420129b8021671a6c52212de14f23487cf284d129d59264ab2377bb0e2
                                                                • Instruction ID: ced7f5abe87cf8049183c6992050c25ae0887f4cc5b7670900e200c84eb09805
                                                                • Opcode Fuzzy Hash: 72a351420129b8021671a6c52212de14f23487cf284d129d59264ab2377bb0e2
                                                                • Instruction Fuzzy Hash: 6601BFB5241304BFF720ABB5DE8DF573B6CEB89B11F004411FA45DB195C6759800CB20
                                                                Function 0103A0E2 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 160COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 0101D4DC: CreateToolhelp32Snapshot.KERNEL32 ref: 0101D501
                                                                  • Part of subcall function 0101D4DC: Process32FirstW.KERNEL32(00000000,?), ref: 0101D50F
                                                                  • Part of subcall function 0101D4DC: FindCloseChangeNotification.KERNEL32(00000000), ref: 0101D5DC
                                                                • OpenProcess.KERNEL32(00000001,00000000,?), ref: 0103A16D
                                                                • GetLastError.KERNEL32 ref: 0103A180
                                                                • OpenProcess.KERNEL32(00000001,00000000,?), ref: 0103A1B3
                                                                • TerminateProcess.KERNEL32(00000000,00000000), ref: 0103A268
                                                                • GetLastError.KERNEL32(00000000), ref: 0103A273
                                                                • CloseHandle.KERNEL32(00000000), ref: 0103A2C4
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1653254072.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                • Associated: 00000000.00000002.1653140766.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653761657.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653855110.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                Similarity
                                                                • API ID: Process$CloseErrorLastOpen$ChangeCreateFindFirstHandleNotificationProcess32SnapshotTerminateToolhelp32
                                                                • String ID: SeDebugPrivilege
                                                                • API String ID: 1701285019-2896544425
                                                                • Opcode ID: 144563993f7ddd4a622d315331f78c2df5b6ef8c9bbe52e7980c8058171a3048
                                                                • Instruction ID: 7efbd9fdcc761551708f6b1fb2cf14a92f82e6ceadb5430050687fcee52e1a6c
                                                                • Opcode Fuzzy Hash: 144563993f7ddd4a622d315331f78c2df5b6ef8c9bbe52e7980c8058171a3048
                                                                • Instruction Fuzzy Hash: 4761B374204242DFE720DF19C494F6ABBE5AF84318F18848CE5E68B7A3C776E945CB91
                                                                Function 01043886 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 141windowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • SendMessageW.USER32(00000000,00001036,00000010,00000010), ref: 01043925
                                                                • SendMessageW.USER32(00000000,00001036,00000000,?), ref: 0104393A
                                                                • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000013), ref: 01043954
                                                                • _wcslen.LIBCMT ref: 01043999
                                                                • SendMessageW.USER32(?,00001057,00000000,?), ref: 010439C6
                                                                • SendMessageW.USER32(?,00001061,?,0000000F), ref: 010439F4
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1653254072.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                • Associated: 00000000.00000002.1653140766.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653761657.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653855110.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                Similarity
                                                                • API ID: MessageSend$Window_wcslen
                                                                • String ID: SysListView32
                                                                • API String ID: 2147712094-78025650
                                                                • Opcode ID: 9a5e152c003ed892af0bcfd5e53ccace4329f1f3e68e02d86003adab1eb94f09
                                                                • Instruction ID: 4c3704be7119cf9d01c791312b8dcd4247625003295a869204a19c8873c31b7e
                                                                • Opcode Fuzzy Hash: 9a5e152c003ed892af0bcfd5e53ccace4329f1f3e68e02d86003adab1eb94f09
                                                                • Instruction Fuzzy Hash: DE4197B1A00319ABEF219F64CC85BEE7BA9FF08350F10156AF994EB281D7759950CB90
                                                                Function 0101BC5E Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 137windowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 0101BCFD
                                                                • IsMenu.USER32(00000000), ref: 0101BD1D
                                                                • CreatePopupMenu.USER32 ref: 0101BD53
                                                                • GetMenuItemCount.USER32(00A65840), ref: 0101BDA4
                                                                • InsertMenuItemW.USER32(00A65840,?,00000001,00000030), ref: 0101BDCC
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1653254072.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                • Associated: 00000000.00000002.1653140766.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653761657.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653855110.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                Similarity
                                                                • API ID: Menu$Item$CountCreateInfoInsertPopup
                                                                • String ID: 0$2
                                                                • API String ID: 93392585-3793063076
                                                                • Opcode ID: 2f7bef85db78c9f44a797cfb0df7d3f38a429c97d19c8e7856b8a3a72adc8b78
                                                                • Instruction ID: 7ffcce6f62ca112f8f4478ece3632145fe7639d5b7b8e87d4b77f64d61ced8be
                                                                • Opcode Fuzzy Hash: 2f7bef85db78c9f44a797cfb0df7d3f38a429c97d19c8e7856b8a3a72adc8b78
                                                                • Instruction Fuzzy Hash: BD5121706002059BEF28EFACC9C4BAEBFF4BF45314F544199E581DB288E7789941CB52
                                                                Function 0101C874 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 81windowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • LoadIconW.USER32(00000000,00007F03), ref: 0101C913
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1653254072.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                • Associated: 00000000.00000002.1653140766.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653761657.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653855110.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                Similarity
                                                                • API ID: IconLoad
                                                                • String ID: blank$info$question$stop$warning
                                                                • API String ID: 2457776203-404129466
                                                                • Opcode ID: a673924f3ced525eb902be03f14d9d13dc3facfe3b9c71889165906184ef5db5
                                                                • Instruction ID: d4a6c20b188f77d73c09d7fc629b4f3c1c792c19f9c79596279fddf0aee7c38e
                                                                • Opcode Fuzzy Hash: a673924f3ced525eb902be03f14d9d13dc3facfe3b9c71889165906184ef5db5
                                                                • Instruction Fuzzy Hash: CB110B316C9707BBB7015A589EC3C9E77DDEF05360B10006FF580AA286E77DE9005268
                                                                Function 0101DE27 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 70networkCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1653254072.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                • Associated: 00000000.00000002.1653140766.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653761657.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653855110.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                Similarity
                                                                • API ID: CleanupStartup_strcatgethostbynamegethostnameinet_ntoa
                                                                • String ID: 0.0.0.0
                                                                • API String ID: 642191829-3771769585
                                                                • Opcode ID: bff0b6e6b75389648952fcae99989d782b5b34ae5f2ea6b05d5b7583ba404e5e
                                                                • Instruction ID: af11211cc47ab38bcfc3ac15d16da272ba875b168a685cac8eafa276ebda5ae5
                                                                • Opcode Fuzzy Hash: bff0b6e6b75389648952fcae99989d782b5b34ae5f2ea6b05d5b7583ba404e5e
                                                                • Instruction Fuzzy Hash: A8113671900109ABEB30BBB4DD4AEEE77ECEF10311F0401AAF58596185EF7D96819B60
                                                                Function 01049F86 Relevance: 12.3, APIs: 8, Instructions: 260windowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 00FC9BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00FC9BB2
                                                                • GetSystemMetrics.USER32(0000000F), ref: 01049FC7
                                                                • GetSystemMetrics.USER32(0000000F), ref: 01049FE7
                                                                • MoveWindow.USER32(00000003,?,?,?,?,00000000,?,?,?), ref: 0104A224
                                                                • SendMessageW.USER32(00000003,00000142,00000000,0000FFFF), ref: 0104A242
                                                                • SendMessageW.USER32(00000003,00000469,?,00000000), ref: 0104A263
                                                                • ShowWindow.USER32(00000003,00000000), ref: 0104A282
                                                                • InvalidateRect.USER32(?,00000000,00000001), ref: 0104A2A7
                                                                • DefDlgProcW.USER32(?,00000005,?,?), ref: 0104A2CA
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1653254072.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                • Associated: 00000000.00000002.1653140766.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653761657.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653855110.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                Similarity
                                                                • API ID: Window$MessageMetricsSendSystem$InvalidateLongMoveProcRectShow
                                                                • String ID:
                                                                • API String ID: 1211466189-0
                                                                • Opcode ID: 24ff3991109c64a05efcb0d0bce6da518b0020804cad51900617f483b96bfe40
                                                                • Instruction ID: 524e1a3ddc5ae99f998ae8330b7f3b38dd7edd593df62f28fb3cb481e33048ab
                                                                • Opcode Fuzzy Hash: 24ff3991109c64a05efcb0d0bce6da518b0020804cad51900617f483b96bfe40
                                                                • Instruction Fuzzy Hash: A7B18AB1640215EBEB14CF6CCAC57AE3BF2BF48741F0481B9ED869B299D735A940CB50
                                                                Function 0101ED19 Relevance: 12.1, APIs: 8, Instructions: 137timeCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1653254072.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                • Associated: 00000000.00000002.1653140766.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653761657.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653855110.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                Similarity
                                                                • API ID: _wcslen$LocalTime
                                                                • String ID:
                                                                • API String ID: 952045576-0
                                                                • Opcode ID: 7124936fba6156f1ffec1790a00116bcea5e754886dc97b52a8478161e7057d0
                                                                • Instruction ID: b2c3b9482756ec7381cbd1213057c9cff8c5c0a63e0c9a90d23de417065f6896
                                                                • Opcode Fuzzy Hash: 7124936fba6156f1ffec1790a00116bcea5e754886dc97b52a8478161e7057d0
                                                                • Instruction Fuzzy Hash: 7E418365C1011876CB11EBB4CC8A9CFB7A9AF45710F548467FA14E3222FB38E255C7E6
                                                                Function 00FCF8D8 Relevance: 12.1, APIs: 8, Instructions: 124COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • ShowWindow.USER32(FFFFFFFF,000000FF,?,00000000,?,0100682C,00000004,00000000,00000000), ref: 00FCF953
                                                                • ShowWindow.USER32(FFFFFFFF,00000006,?,00000000,?,0100682C,00000004,00000000,00000000), ref: 0100F3D1
                                                                • ShowWindow.USER32(FFFFFFFF,000000FF,?,00000000,?,0100682C,00000004,00000000,00000000), ref: 0100F454
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1653254072.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                • Associated: 00000000.00000002.1653140766.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653761657.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653855110.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                Similarity
                                                                • API ID: ShowWindow
                                                                • String ID:
                                                                • API String ID: 1268545403-0
                                                                • Opcode ID: c215e7a7c8265a730b5b29c30d29219e59a735144fd6cc9231184fe490b46c49
                                                                • Instruction ID: fedf05df4ca5fb9bf36e11a06356e46dbf387706d8f88263680bf3f5991a1acc
                                                                • Opcode Fuzzy Hash: c215e7a7c8265a730b5b29c30d29219e59a735144fd6cc9231184fe490b46c49
                                                                • Instruction Fuzzy Hash: 30412E31918642BBEF798B2C8F89F69FF936B46320F04842DE5C756990C637A488E711
                                                                Function 01042D03 Relevance: 12.1, APIs: 8, Instructions: 95windowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • DeleteObject.GDI32(00000000), ref: 01042D1B
                                                                • GetDC.USER32(00000000), ref: 01042D23
                                                                • GetDeviceCaps.GDI32(00000000,0000005A), ref: 01042D2E
                                                                • ReleaseDC.USER32(00000000,00000000), ref: 01042D3A
                                                                • CreateFontW.GDI32(?,00000000,00000000,00000000,?,00000000,00000000,00000000,00000001,00000004,00000000,?,00000000,?), ref: 01042D76
                                                                • SendMessageW.USER32(?,00000030,00000000,00000001), ref: 01042D87
                                                                • MoveWindow.USER32(?,?,?,?,?,00000000,?,?,01045A65,?,?,000000FF,00000000,?,000000FF,?), ref: 01042DC2
                                                                • SendMessageW.USER32(?,00000142,00000000,00000000), ref: 01042DE1
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1653254072.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                • Associated: 00000000.00000002.1653140766.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653761657.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653855110.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                Similarity
                                                                • API ID: MessageSend$CapsCreateDeleteDeviceFontMoveObjectReleaseWindow
                                                                • String ID:
                                                                • API String ID: 3864802216-0
                                                                • Opcode ID: 11856e55cd5794d1c4d9a6cbcd148220496f58d50b257cd097ab4ca94383dc52
                                                                • Instruction ID: b5e4bcc115bf929516129021f056c3b710f019ffa7ccbaeb7275de1b9358c96d
                                                                • Opcode Fuzzy Hash: 11856e55cd5794d1c4d9a6cbcd148220496f58d50b257cd097ab4ca94383dc52
                                                                • Instruction Fuzzy Hash: 0B31A2B62026147FFB214F54DD89FEB3FADEF09711F044065FE889A191C6759840C7A0
                                                                Function 01015622 Relevance: 12.1, APIs: 8, Instructions: 92COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1653254072.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                • Associated: 00000000.00000002.1653140766.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653761657.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653855110.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                Similarity
                                                                • API ID: _memcmp
                                                                • String ID:
                                                                • API String ID: 2931989736-0
                                                                • Opcode ID: b6cb62ee0745b40035f88b2060a8d4b56a6adc6619584d1c6c5bad3576f9edf0
                                                                • Instruction ID: 7e35713f8b23e8d8f33cf938b2dc210dd3a0cedd4f43bb26f09d7cac159206ad
                                                                • Opcode Fuzzy Hash: b6cb62ee0745b40035f88b2060a8d4b56a6adc6619584d1c6c5bad3576f9edf0
                                                                • Instruction Fuzzy Hash: E921C9A174020ABBE21465296EC2FFE339DBF97284F080425FD849F646F76CED1085E5
                                                                Function 01034FAE Relevance: 10.9, APIs: 4, Strings: 2, Instructions: 359COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1653254072.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                • Associated: 00000000.00000002.1653140766.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653761657.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653855110.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: NULL Pointer assignment$Not an Object type
                                                                • API String ID: 0-572801152
                                                                • Opcode ID: 7dbf7465db0756124b3ea0b1ec196984f099be260789a0fc0b01821ba851cea2
                                                                • Instruction ID: 092b4769224ef4be8dccec49b0e2acec2e3a9016cf203a267795e5f110aa7129
                                                                • Opcode Fuzzy Hash: 7dbf7465db0756124b3ea0b1ec196984f099be260789a0fc0b01821ba851cea2
                                                                • Instruction Fuzzy Hash: D3D18375A0020A9FDF10CF98CC84BAEB7F9BF88314F148469F995AB291E771D945CB90
                                                                Function 00FF1522 Relevance: 10.8, APIs: 7, Instructions: 268COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetCPInfo.KERNEL32(?,?), ref: 00FF15CE
                                                                • MultiByteToWideChar.KERNEL32(?,00000009,?,?,00000000,00000000), ref: 00FF1651
                                                                • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 00FF16E4
                                                                • MultiByteToWideChar.KERNEL32(?,00000009,?,?,00000000,00000000), ref: 00FF16FB
                                                                  • Part of subcall function 00FE3820: RtlAllocateHeap.NTDLL(00000000,?,01081444,?,00FCFDF5,?,?,00FBA976,00000010,01081440,00FB13FC,?,00FB13C6,?,00FB1129), ref: 00FE3852
                                                                • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 00FF1777
                                                                • __freea.LIBCMT ref: 00FF17A2
                                                                • __freea.LIBCMT ref: 00FF17AE
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1653254072.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                • Associated: 00000000.00000002.1653140766.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653761657.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653855110.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                Similarity
                                                                • API ID: ByteCharMultiWide$__freea$AllocateHeapInfo
                                                                • String ID:
                                                                • API String ID: 2829977744-0
                                                                • Opcode ID: a1f016196e4515349f120fdc18f92b2ddded09100835251eeac01770553e4286
                                                                • Instruction ID: 7c0f7986c114d0d166cd3bb4d208194c55ca1c80e7e0ff6e021d7e32f54be750
                                                                • Opcode Fuzzy Hash: a1f016196e4515349f120fdc18f92b2ddded09100835251eeac01770553e4286
                                                                • Instruction Fuzzy Hash: 6F91B172E0021EDADB209E75CD81AFE7BB5BF49320F1C0659EA05E7160DB25DD44EBA0
                                                                Function 01034523 Relevance: 10.8, APIs: 4, Strings: 2, Instructions: 262COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1653254072.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                • Associated: 00000000.00000002.1653140766.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653761657.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653855110.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                Similarity
                                                                • API ID: Variant$ClearInit
                                                                • String ID: Incorrect Object type in FOR..IN loop$Null Object assignment in FOR..IN loop
                                                                • API String ID: 2610073882-625585964
                                                                • Opcode ID: 9a81b8581fc8cd035bbd73f9e0e18a4560351ddac08709b9fa877152d9a9d6d7
                                                                • Instruction ID: 5a238775f61989ea5ccb6a98784eda8e48c0122c0aec045c85f26808fe50a202
                                                                • Opcode Fuzzy Hash: 9a81b8581fc8cd035bbd73f9e0e18a4560351ddac08709b9fa877152d9a9d6d7
                                                                • Instruction Fuzzy Hash: 52916B71A00219ABDF25CFA9C888FAEBBB8FF85710F108559F545EF281D7709945CBA0
                                                                Function 01021187 Relevance: 10.8, APIs: 7, Instructions: 254COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • SafeArrayGetVartype.OLEAUT32(00000001,?), ref: 0102125C
                                                                • SafeArrayAccessData.OLEAUT32(00000000,?), ref: 01021284
                                                                • SafeArrayUnaccessData.OLEAUT32(00000001), ref: 010212A8
                                                                • SafeArrayAccessData.OLEAUT32(00000001,?), ref: 010212D8
                                                                • SafeArrayAccessData.OLEAUT32(00000001,?), ref: 0102135F
                                                                • SafeArrayAccessData.OLEAUT32(00000001,?), ref: 010213C4
                                                                • SafeArrayAccessData.OLEAUT32(00000001,?), ref: 01021430
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1653254072.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                • Associated: 00000000.00000002.1653140766.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653761657.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653855110.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                Similarity
                                                                • API ID: ArraySafe$Data$Access$UnaccessVartype
                                                                • String ID:
                                                                • API String ID: 2550207440-0
                                                                • Opcode ID: 4f01147488dc2fcdeecc70f17f5bbf30a8d2d93e15ee7c2df9d645d096f438ae
                                                                • Instruction ID: e8d5e5bd11d7040642a18cf0201162fff677dc2870bcf695898292b8a687705e
                                                                • Opcode Fuzzy Hash: 4f01147488dc2fcdeecc70f17f5bbf30a8d2d93e15ee7c2df9d645d096f438ae
                                                                • Instruction Fuzzy Hash: 7C9107B5900229AFEB10DF98C884BFEB7B5FF45314F104069FA80E7291DB79A945CB90
                                                                Function 00FC948A Relevance: 10.8, APIs: 7, Instructions: 254COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1653254072.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                • Associated: 00000000.00000002.1653140766.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653761657.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653855110.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                Similarity
                                                                • API ID: ObjectSelect$BeginCreatePath
                                                                • String ID:
                                                                • API String ID: 3225163088-0
                                                                • Opcode ID: 9969972717cb98195d0667bd97abb715e5bab3be6ecc1342408cc292c45ac4b3
                                                                • Instruction ID: ee54861d7cf8b877c586b4bbddd3d9442919de9988b375ea6e7bb010dc2d50ae
                                                                • Opcode Fuzzy Hash: 9969972717cb98195d0667bd97abb715e5bab3be6ecc1342408cc292c45ac4b3
                                                                • Instruction Fuzzy Hash: B1915771D0420AAFDB11CFA9CD89EEEBBB8FF49320F148449E551B7291D378A941DB60
                                                                Function 01033947 Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 240COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • VariantInit.OLEAUT32(?), ref: 0103396B
                                                                • CharUpperBuffW.USER32(?,?), ref: 01033A7A
                                                                • _wcslen.LIBCMT ref: 01033A8A
                                                                • VariantClear.OLEAUT32(?), ref: 01033C1F
                                                                  • Part of subcall function 01020CDF: VariantInit.OLEAUT32(00000000), ref: 01020D1F
                                                                  • Part of subcall function 01020CDF: VariantCopy.OLEAUT32(?,?), ref: 01020D28
                                                                  • Part of subcall function 01020CDF: VariantClear.OLEAUT32(?), ref: 01020D34
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1653254072.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                • Associated: 00000000.00000002.1653140766.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653761657.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653855110.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                Similarity
                                                                • API ID: Variant$ClearInit$BuffCharCopyUpper_wcslen
                                                                • String ID: AUTOIT.ERROR$Incorrect Parameter format
                                                                • API String ID: 4137639002-1221869570
                                                                • Opcode ID: aa9bc3ff36df64dcfc78a2535b20f8dc58c5235d6ef407b1ceb575e5e4868067
                                                                • Instruction ID: 4a1d3f838b1aab320dfcb891dc8385674e9edf1bb3b1cb27df405433bf3754a5
                                                                • Opcode Fuzzy Hash: aa9bc3ff36df64dcfc78a2535b20f8dc58c5235d6ef407b1ceb575e5e4868067
                                                                • Instruction Fuzzy Hash: D0915974A083059FC714DF29C58196ABBE8FFC9314F04886DF9899B351DB35E905CB92
                                                                Function 01034BAD Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 236COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 0101000E: CLSIDFromProgID.OLE32(?,?,?,00000000,?,?,?,-C000001E,00000001,?,0100FF41,80070057,?,?,?,0101035E), ref: 0101002B
                                                                  • Part of subcall function 0101000E: ProgIDFromCLSID.OLE32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,0100FF41,80070057,?,?), ref: 01010046
                                                                  • Part of subcall function 0101000E: lstrcmpiW.KERNEL32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,0100FF41,80070057,?,?), ref: 01010054
                                                                  • Part of subcall function 0101000E: CoTaskMemFree.OLE32(00000000,?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,0100FF41,80070057,?), ref: 01010064
                                                                • CoInitializeSecurity.OLE32(00000000,000000FF,00000000,00000000,00000002,00000003,00000000,00000000,00000000,00000001,?,?), ref: 01034C51
                                                                • _wcslen.LIBCMT ref: 01034D59
                                                                • CoCreateInstanceEx.OLE32(?,00000000,00000015,?,00000001,?), ref: 01034DCF
                                                                • CoTaskMemFree.OLE32(?), ref: 01034DDA
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1653254072.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                • Associated: 00000000.00000002.1653140766.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653761657.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653855110.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                Similarity
                                                                • API ID: FreeFromProgTask$CreateInitializeInstanceSecurity_wcslenlstrcmpi
                                                                • String ID: NULL Pointer assignment
                                                                • API String ID: 614568839-2785691316
                                                                • Opcode ID: 3417fd956037cd0b90015fbb3745fe200a76f032c4c4a14390d2441d4c7a91f1
                                                                • Instruction ID: d5fd66cc1c08143291a63e6161c1aa7adec4632e16457e3093f494720b0cd619
                                                                • Opcode Fuzzy Hash: 3417fd956037cd0b90015fbb3745fe200a76f032c4c4a14390d2441d4c7a91f1
                                                                • Instruction Fuzzy Hash: 44911771D0021DAFDF15DFA5CC90AEEBBB9BF48310F10816AE955AB241DB749A44CFA0
                                                                Function 010420FD Relevance: 10.7, APIs: 7, Instructions: 196windowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetMenu.USER32(?), ref: 01042183
                                                                • GetMenuItemCount.USER32(00000000), ref: 010421B5
                                                                • GetMenuStringW.USER32(00000000,00000000,?,00007FFF,00000400), ref: 010421DD
                                                                • _wcslen.LIBCMT ref: 01042213
                                                                • GetMenuItemID.USER32(?,?), ref: 0104224D
                                                                • GetSubMenu.USER32(?,?), ref: 0104225B
                                                                  • Part of subcall function 01013A3D: GetWindowThreadProcessId.USER32(?,00000000), ref: 01013A57
                                                                  • Part of subcall function 01013A3D: GetCurrentThreadId.KERNEL32 ref: 01013A5E
                                                                  • Part of subcall function 01013A3D: AttachThreadInput.USER32(00000000,?,00000000,00000000,?,010125B3), ref: 01013A65
                                                                • PostMessageW.USER32(?,00000111,00000000,00000000), ref: 010422E3
                                                                  • Part of subcall function 0101E97B: Sleep.KERNEL32 ref: 0101E9F3
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1653254072.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                • Associated: 00000000.00000002.1653140766.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653761657.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653855110.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                Similarity
                                                                • API ID: Menu$Thread$Item$AttachCountCurrentInputMessagePostProcessSleepStringWindow_wcslen
                                                                • String ID:
                                                                • API String ID: 4196846111-0
                                                                • Opcode ID: 8aa0ee9772d32feee28f0273db867c4ae7fdb1903175cd425d79a68d82fd3d60
                                                                • Instruction ID: dc5f6c3ad76a1bd948e42fc6426f2391271c78437f73c9bbed628964f8444e65
                                                                • Opcode Fuzzy Hash: 8aa0ee9772d32feee28f0273db867c4ae7fdb1903175cd425d79a68d82fd3d60
                                                                • Instruction Fuzzy Hash: 8F7192B5A00205AFCB10DF69D981AAEBBF1EF48310F1484A9F956EB345D734A9418F90
                                                                Function 01047E9E Relevance: 10.7, APIs: 7, Instructions: 193windowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • IsWindow.USER32(00A658E0), ref: 01047F37
                                                                • IsWindowEnabled.USER32(00A658E0), ref: 01047F43
                                                                • SendMessageW.USER32(00000000,0000041C,00000000,00000000), ref: 0104801E
                                                                • SendMessageW.USER32(00A658E0,000000B0,?,?), ref: 01048051
                                                                • IsDlgButtonChecked.USER32(?,?), ref: 01048089
                                                                • GetWindowLongW.USER32(00A658E0,000000EC), ref: 010480AB
                                                                • SendMessageW.USER32(?,000000A1,00000002,00000000), ref: 010480C3
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1653254072.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                • Associated: 00000000.00000002.1653140766.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653761657.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653855110.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                Similarity
                                                                • API ID: MessageSendWindow$ButtonCheckedEnabledLong
                                                                • String ID:
                                                                • API String ID: 4072528602-0
                                                                • Opcode ID: f778eae5d88624a3265f25f06582056385d26fa5d17d4742b191f27ce491f284
                                                                • Instruction ID: 15e813fe70054b0f7d2c44128d4336cab9839ed77a7b8c6826dc5cb5344d2933
                                                                • Opcode Fuzzy Hash: f778eae5d88624a3265f25f06582056385d26fa5d17d4742b191f27ce491f284
                                                                • Instruction Fuzzy Hash: 9D717EB4605205AFEB719F68C9C4FEA7BF9EF09300F1448AAFAD597251C732A845DB10
                                                                Function 0101AEBA Relevance: 10.7, APIs: 7, Instructions: 162windowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetParent.USER32(?), ref: 0101AEF9
                                                                • GetKeyboardState.USER32(?), ref: 0101AF0E
                                                                • SetKeyboardState.USER32(?), ref: 0101AF6F
                                                                • PostMessageW.USER32(?,00000101,00000010,?), ref: 0101AF9D
                                                                • PostMessageW.USER32(?,00000101,00000011,?), ref: 0101AFBC
                                                                • PostMessageW.USER32(?,00000101,00000012,?), ref: 0101AFFD
                                                                • PostMessageW.USER32(?,00000101,0000005B,?), ref: 0101B020
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1653254072.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                • Associated: 00000000.00000002.1653140766.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653761657.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653855110.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                Similarity
                                                                • API ID: MessagePost$KeyboardState$Parent
                                                                • String ID:
                                                                • API String ID: 87235514-0
                                                                • Opcode ID: a525477714e44b0d051c2ef0174336db3c7e83cc401f609a255ead36e329d7ce
                                                                • Instruction ID: d3e321d5ad8f2c3e79ff8acbb2a54f235b92e532d6a2875c9f8c06dfb0bec25e
                                                                • Opcode Fuzzy Hash: a525477714e44b0d051c2ef0174336db3c7e83cc401f609a255ead36e329d7ce
                                                                • Instruction Fuzzy Hash: 6151D1A0A057D57DFB3782788845BBABEE95B06304F0885CDF2D9468C7C39DA8C8D760
                                                                Function 0101ACDA Relevance: 10.7, APIs: 7, Instructions: 161windowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetParent.USER32(00000000), ref: 0101AD19
                                                                • GetKeyboardState.USER32(?), ref: 0101AD2E
                                                                • SetKeyboardState.USER32(?), ref: 0101AD8F
                                                                • PostMessageW.USER32(00000000,00000100,00000010,?), ref: 0101ADBB
                                                                • PostMessageW.USER32(00000000,00000100,00000011,?), ref: 0101ADD8
                                                                • PostMessageW.USER32(00000000,00000100,00000012,?), ref: 0101AE17
                                                                • PostMessageW.USER32(00000000,00000100,0000005B,?), ref: 0101AE38
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1653254072.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                • Associated: 00000000.00000002.1653140766.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653761657.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653855110.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                Similarity
                                                                • API ID: MessagePost$KeyboardState$Parent
                                                                • String ID:
                                                                • API String ID: 87235514-0
                                                                • Opcode ID: 039ac5a131498e9e7a40896ac07014e6a4d2b6f5ab3b8b41f2be0b40ec07ea16
                                                                • Instruction ID: 99d91cfcc7b44c6ef6283dbc57b2f6aa96953c0d1b194b4c6d40848e2ac7199a
                                                                • Opcode Fuzzy Hash: 039ac5a131498e9e7a40896ac07014e6a4d2b6f5ab3b8b41f2be0b40ec07ea16
                                                                • Instruction Fuzzy Hash: C451E6A17067D57EFB3392388C95BBA7EE85B46304F0884C8E1D6474C7C2ACE898D760
                                                                Function 00FE542E Relevance: 10.7, APIs: 7, Instructions: 152fileCOMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                • GetConsoleCP.KERNEL32(00FF3CD6,?,?,?,?,?,?,?,?,00FE5BA3,?,?,00FF3CD6,?,?), ref: 00FE5470
                                                                • __fassign.LIBCMT ref: 00FE54EB
                                                                • __fassign.LIBCMT ref: 00FE5506
                                                                • WideCharToMultiByte.KERNEL32(?,00000000,?,00000001,00FF3CD6,00000005,00000000,00000000), ref: 00FE552C
                                                                • WriteFile.KERNEL32(?,00FF3CD6,00000000,00FE5BA3,00000000,?,?,?,?,?,?,?,?,?,00FE5BA3,?), ref: 00FE554B
                                                                • WriteFile.KERNEL32(?,?,00000001,00FE5BA3,00000000,?,?,?,?,?,?,?,?,?,00FE5BA3,?), ref: 00FE5584
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1653254072.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                • Associated: 00000000.00000002.1653140766.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653761657.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653855110.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                Similarity
                                                                • API ID: FileWrite__fassign$ByteCharConsoleMultiWide
                                                                • String ID:
                                                                • API String ID: 1324828854-0
                                                                • Opcode ID: 64d65abc6fc38b212ee8576d5a3b2355a05f11addaac1f101065d479b2f3d714
                                                                • Instruction ID: 87750800e593e6ea42c5f75c979658d7f83324735488147074fd5150cc1ddbcb
                                                                • Opcode Fuzzy Hash: 64d65abc6fc38b212ee8576d5a3b2355a05f11addaac1f101065d479b2f3d714
                                                                • Instruction Fuzzy Hash: 0251F4B1E007899FDB10CFA9D885AEEBBF9EF09714F18401AF955E7291D7309A40CB61
                                                                Function 00FD2D20 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 117COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • _ValidateLocalCookies.LIBCMT ref: 00FD2D4B
                                                                • ___except_validate_context_record.LIBVCRUNTIME ref: 00FD2D53
                                                                • _ValidateLocalCookies.LIBCMT ref: 00FD2DE1
                                                                • __IsNonwritableInCurrentImage.LIBCMT ref: 00FD2E0C
                                                                • _ValidateLocalCookies.LIBCMT ref: 00FD2E61
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1653254072.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                • Associated: 00000000.00000002.1653140766.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653761657.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653855110.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                Similarity
                                                                • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
                                                                • String ID: csm
                                                                • API String ID: 1170836740-1018135373
                                                                • Opcode ID: 811ead290f6ca6e25e7ab806dd53471c821e59ea5a97166d6f1da7c9be1d91d1
                                                                • Instruction ID: f4f419129e76a745e7193962e0fa2c70289b89ed1623df99a0da5806d9ff5a3e
                                                                • Opcode Fuzzy Hash: 811ead290f6ca6e25e7ab806dd53471c821e59ea5a97166d6f1da7c9be1d91d1
                                                                • Instruction Fuzzy Hash: 6D41D235E00209ABCF10DF68CC85A9EBBB7BF54324F188156F9146B352D7369A01EBD1
                                                                Function 010310B8 Relevance: 10.6, APIs: 7, Instructions: 110networkCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 0103304E: inet_addr.WSOCK32(?,?,?,?,?,00000000), ref: 0103307A
                                                                  • Part of subcall function 0103304E: _wcslen.LIBCMT ref: 0103309B
                                                                • socket.WSOCK32(00000002,00000001,00000006,?,?,00000000), ref: 01031112
                                                                • WSAGetLastError.WSOCK32 ref: 01031121
                                                                • WSAGetLastError.WSOCK32 ref: 010311C9
                                                                • closesocket.WSOCK32(00000000), ref: 010311F9
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1653254072.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                • Associated: 00000000.00000002.1653140766.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653761657.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653855110.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                Similarity
                                                                • API ID: ErrorLast$_wcslenclosesocketinet_addrsocket
                                                                • String ID:
                                                                • API String ID: 2675159561-0
                                                                • Opcode ID: 7cde7b6ac8633170911b9ccbe3567097361c889f1e9b0f01fcc607236720d319
                                                                • Instruction ID: 852b0721eb4c9df7a78454de07223be2b961de69cd1adda68514094cdcb42d6a
                                                                • Opcode Fuzzy Hash: 7cde7b6ac8633170911b9ccbe3567097361c889f1e9b0f01fcc607236720d319
                                                                • Instruction Fuzzy Hash: 4B41D9756001049FE7109F14C984BEAB7EDFF85364F048099FC959B285C775AD41CBE1
                                                                Function 0101CF00 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 108filestringCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 0101DDE0: GetFullPathNameW.KERNEL32(00000000,00007FFF,?,?,?,?,?,?,0101CF22,?), ref: 0101DDFD
                                                                  • Part of subcall function 0101DDE0: GetFullPathNameW.KERNEL32(?,00007FFF,?,?,?,?,?,0101CF22,?), ref: 0101DE16
                                                                • lstrcmpiW.KERNEL32(?,?), ref: 0101CF45
                                                                • MoveFileW.KERNEL32(?,?), ref: 0101CF7F
                                                                • _wcslen.LIBCMT ref: 0101D005
                                                                • _wcslen.LIBCMT ref: 0101D01B
                                                                • SHFileOperationW.SHELL32(?), ref: 0101D061
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1653254072.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                • Associated: 00000000.00000002.1653140766.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653761657.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653855110.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                Similarity
                                                                • API ID: FileFullNamePath_wcslen$MoveOperationlstrcmpi
                                                                • String ID: \*.*
                                                                • API String ID: 3164238972-1173974218
                                                                • Opcode ID: 93956bb84ef5e3fa23ff9a21a98895d10f35f6af72de827daedb3f7700ad6047
                                                                • Instruction ID: bf90a73e4dddbc2d07c81562cd00f78fea401f18f8ce394ea67085a2c44229d3
                                                                • Opcode Fuzzy Hash: 93956bb84ef5e3fa23ff9a21a98895d10f35f6af72de827daedb3f7700ad6047
                                                                • Instruction Fuzzy Hash: 754158719451195FEF52EFA4CE81ADD77F8AF08380F0400EAD549EB145EB39E644CB50
                                                                Function 01042DFD Relevance: 10.6, APIs: 7, Instructions: 99windowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • SendMessageW.USER32(?,000000F0,00000000,00000000), ref: 01042E1C
                                                                • GetWindowLongW.USER32(?,000000F0), ref: 01042E4F
                                                                • GetWindowLongW.USER32(?,000000F0), ref: 01042E84
                                                                • SendMessageW.USER32(?,000000F1,00000000,00000000), ref: 01042EB6
                                                                • SendMessageW.USER32(?,000000F1,00000001,00000000), ref: 01042EE0
                                                                • GetWindowLongW.USER32(?,000000F0), ref: 01042EF1
                                                                • SetWindowLongW.USER32(?,000000F0,00000000), ref: 01042F0B
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1653254072.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                • Associated: 00000000.00000002.1653140766.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653761657.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653855110.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                Similarity
                                                                • API ID: LongWindow$MessageSend
                                                                • String ID:
                                                                • API String ID: 2178440468-0
                                                                • Opcode ID: 45676e78c04450f6f6a4d4217427411d6f5b28d6a897a14f045754ae194806ae
                                                                • Instruction ID: 320ea6dc2e74fc20058ff8168729c98e1f3c40bd74e4faf057fe88361234f151
                                                                • Opcode Fuzzy Hash: 45676e78c04450f6f6a4d4217427411d6f5b28d6a897a14f045754ae194806ae
                                                                • Instruction Fuzzy Hash: D33114B4705140AFEB31CF59EDC4F6937E0EB4A710F1501A4FAD48B2A6CB76A841DB40
                                                                Function 01017726 Relevance: 10.6, APIs: 7, Instructions: 94memoryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 01017769
                                                                • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 0101778F
                                                                • SysAllocString.OLEAUT32(00000000), ref: 01017792
                                                                • SysAllocString.OLEAUT32(?), ref: 010177B0
                                                                • SysFreeString.OLEAUT32(?), ref: 010177B9
                                                                • StringFromGUID2.OLE32(?,?,00000028), ref: 010177DE
                                                                • SysAllocString.OLEAUT32(?), ref: 010177EC
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1653254072.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                • Associated: 00000000.00000002.1653140766.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653761657.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653855110.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                Similarity
                                                                • API ID: String$Alloc$ByteCharMultiWide$FreeFrom
                                                                • String ID:
                                                                • API String ID: 3761583154-0
                                                                • Opcode ID: 46209150094bebafcff816fe4df47ba322d9daa077a5609b8330e51cf2df7b3f
                                                                • Instruction ID: 7c74563e06a2289fe3c83db1da9f979c8a893b40b7086a8608178a55c058d577
                                                                • Opcode Fuzzy Hash: 46209150094bebafcff816fe4df47ba322d9daa077a5609b8330e51cf2df7b3f
                                                                • Instruction Fuzzy Hash: 6B21F47A600209AFEF10EEACCE88DBB77ECFB09360B008065FA55CB155DA78DC418760
                                                                Function 010177FD Relevance: 10.6, APIs: 7, Instructions: 89memoryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 01017842
                                                                • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 01017868
                                                                • SysAllocString.OLEAUT32(00000000), ref: 0101786B
                                                                • SysAllocString.OLEAUT32 ref: 0101788C
                                                                • SysFreeString.OLEAUT32 ref: 01017895
                                                                • StringFromGUID2.OLE32(?,?,00000028), ref: 010178AF
                                                                • SysAllocString.OLEAUT32(?), ref: 010178BD
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1653254072.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                • Associated: 00000000.00000002.1653140766.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653761657.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653855110.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                Similarity
                                                                • API ID: String$Alloc$ByteCharMultiWide$FreeFrom
                                                                • String ID:
                                                                • API String ID: 3761583154-0
                                                                • Opcode ID: ca46d0e4175b8bb287b6d37916b4640136bb26497e0cb3adf637fbe6ad7ff632
                                                                • Instruction ID: e45170af0632a4299dbba1e6259ebc1a1ee6f489e6c41fe15c492e331c763ed7
                                                                • Opcode Fuzzy Hash: ca46d0e4175b8bb287b6d37916b4640136bb26497e0cb3adf637fbe6ad7ff632
                                                                • Instruction Fuzzy Hash: 4B21D375600204AFEB10AFBCCD88DBA77ECEB093607108025F955CB2A9DA78DC41CB74
                                                                Function 010205A7 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 80pipeCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetStdHandle.KERNEL32(000000F6), ref: 010205C6
                                                                • CreatePipe.KERNEL32(?,?,0000000C,00000000), ref: 01020601
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1653254072.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                • Associated: 00000000.00000002.1653140766.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653761657.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653855110.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                Similarity
                                                                • API ID: CreateHandlePipe
                                                                • String ID: nul
                                                                • API String ID: 1424370930-2873401336
                                                                • Opcode ID: 9e51155dcfdc4b220d6c0ef6a704bee9f058238131a24a50367285645aa7ac36
                                                                • Instruction ID: f278eca44fc3b19ac8a3e391566578a5deb120ff713a81c6d59821a442cc63ab
                                                                • Opcode Fuzzy Hash: 9e51155dcfdc4b220d6c0ef6a704bee9f058238131a24a50367285645aa7ac36
                                                                • Instruction Fuzzy Hash: 2921B7755003259FEB309F6DC948A9AB7E8BF89724F300A59F9E1D72E8D7B19540CB10
                                                                Function 010204D2 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 80pipeCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetStdHandle.KERNEL32(0000000C), ref: 010204F2
                                                                • CreatePipe.KERNEL32(?,?,0000000C,00000000), ref: 0102052E
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1653254072.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                • Associated: 00000000.00000002.1653140766.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653761657.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653855110.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                Similarity
                                                                • API ID: CreateHandlePipe
                                                                • String ID: nul
                                                                • API String ID: 1424370930-2873401336
                                                                • Opcode ID: 97e235d0a4ead5be97bac1447cfa1fd0c149858191ddce85ec865082bd051e48
                                                                • Instruction ID: 498becabaaf189deb0e0af3163bc2a1cf922b1dad7de975c61cfcae5dfeefa8d
                                                                • Opcode Fuzzy Hash: 97e235d0a4ead5be97bac1447cfa1fd0c149858191ddce85ec865082bd051e48
                                                                • Instruction Fuzzy Hash: 3E21BFB4600329EFEB208F29D944A9BBBF4AF44720F204A58F9E1D72E8D7709540CB60
                                                                Function 010440AD Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 75windowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 00FB600E: CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 00FB604C
                                                                  • Part of subcall function 00FB600E: GetStockObject.GDI32(00000011), ref: 00FB6060
                                                                  • Part of subcall function 00FB600E: SendMessageW.USER32(00000000,00000030,00000000), ref: 00FB606A
                                                                • SendMessageW.USER32(00000000,00002001,00000000,FF000000), ref: 01044112
                                                                • SendMessageW.USER32(?,00000409,00000000,FF000000), ref: 0104411F
                                                                • SendMessageW.USER32(?,00000402,00000000,00000000), ref: 0104412A
                                                                • SendMessageW.USER32(?,00000401,00000000,00640000), ref: 01044139
                                                                • SendMessageW.USER32(?,00000404,00000001,00000000), ref: 01044145
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1653254072.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                • Associated: 00000000.00000002.1653140766.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653761657.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653855110.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                Similarity
                                                                • API ID: MessageSend$CreateObjectStockWindow
                                                                • String ID: Msctls_Progress32
                                                                • API String ID: 1025951953-3636473452
                                                                • Opcode ID: 8831fe2b7316dd7f6e6645f9fe543fd11f41fa11ffacec137addd7eef1b31406
                                                                • Instruction ID: a145b7533c54ec7d5d7c9247f6e6ecfc236db080dc8adfe2ac8a27c918c4920b
                                                                • Opcode Fuzzy Hash: 8831fe2b7316dd7f6e6645f9fe543fd11f41fa11ffacec137addd7eef1b31406
                                                                • Instruction Fuzzy Hash: 5711B2B215021DBFFF219E65CC85EEB7F9DEF08798F018121BA58E6050C6769C21DBA4
                                                                Function 00FED7DF Relevance: 10.6, APIs: 7, Instructions: 65COMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 00FED7A3: _free.LIBCMT ref: 00FED7CC
                                                                • _free.LIBCMT ref: 00FED82D
                                                                  • Part of subcall function 00FE29C8: RtlFreeHeap.NTDLL(00000000,00000000,?,00FED7D1,00000000,00000000,00000000,00000000,?,00FED7F8,00000000,00000007,00000000,?,00FEDBF5,00000000), ref: 00FE29DE
                                                                  • Part of subcall function 00FE29C8: GetLastError.KERNEL32(00000000,?,00FED7D1,00000000,00000000,00000000,00000000,?,00FED7F8,00000000,00000007,00000000,?,00FEDBF5,00000000,00000000), ref: 00FE29F0
                                                                • _free.LIBCMT ref: 00FED838
                                                                • _free.LIBCMT ref: 00FED843
                                                                • _free.LIBCMT ref: 00FED897
                                                                • _free.LIBCMT ref: 00FED8A2
                                                                • _free.LIBCMT ref: 00FED8AD
                                                                • _free.LIBCMT ref: 00FED8B8
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1653254072.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                • Associated: 00000000.00000002.1653140766.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653761657.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653855110.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                Similarity
                                                                • API ID: _free$ErrorFreeHeapLast
                                                                • String ID:
                                                                • API String ID: 776569668-0
                                                                • Opcode ID: d5e9bbcb1dbdafe4c8d3bd98f36014f41f46dc5d4a3df644b036f3c2391e0fc8
                                                                • Instruction ID: d6632e52926183d9b920c9900ebd21d0d8d55cbfbc91fd1fa1c4db14a1be4434
                                                                • Opcode Fuzzy Hash: d5e9bbcb1dbdafe4c8d3bd98f36014f41f46dc5d4a3df644b036f3c2391e0fc8
                                                                • Instruction Fuzzy Hash: 01115171540B88AAD521BFB2CC47FCB7BEC6F00700F400825B699A6893DA6DB5057651
                                                                Function 0101DA5A Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 46windowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetModuleHandleW.KERNEL32(00000000,?,?,00000100,00000000), ref: 0101DA74
                                                                • LoadStringW.USER32(00000000), ref: 0101DA7B
                                                                • GetModuleHandleW.KERNEL32(00000000,00001389,?,00000100), ref: 0101DA91
                                                                • LoadStringW.USER32(00000000), ref: 0101DA98
                                                                • MessageBoxW.USER32(00000000,?,?,00011010), ref: 0101DADC
                                                                Strings
                                                                • %s (%d) : ==> %s: %s %s, xrefs: 0101DAB9
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1653254072.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                • Associated: 00000000.00000002.1653140766.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653761657.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653855110.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                Similarity
                                                                • API ID: HandleLoadModuleString$Message
                                                                • String ID: %s (%d) : ==> %s: %s %s
                                                                • API String ID: 4072794657-3128320259
                                                                • Opcode ID: 4bad4bec1c95d3a89e666bc70d73ac6664d8b031c5721e537a106e6ee21eab7b
                                                                • Instruction ID: e70fb2cef8cdf819356c3bb68330ce9cd91c5bd45bc73d132d7bb0cf352de3a4
                                                                • Opcode Fuzzy Hash: 4bad4bec1c95d3a89e666bc70d73ac6664d8b031c5721e537a106e6ee21eab7b
                                                                • Instruction Fuzzy Hash: 630162F69002087FF710DBE49FC9EEB376CE708205F404495B786E2045EA79AE844B74
                                                                Function 0102096B Relevance: 10.5, APIs: 7, Instructions: 35synchronizationthreadCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • InterlockedExchange.KERNEL32(00A5E5A8,00A5E5A8), ref: 0102097B
                                                                • EnterCriticalSection.KERNEL32(00A5E588,00000000), ref: 0102098D
                                                                • TerminateThread.KERNEL32(?,000001F6), ref: 0102099B
                                                                • WaitForSingleObject.KERNEL32(?,000003E8), ref: 010209A9
                                                                • CloseHandle.KERNEL32(?), ref: 010209B8
                                                                • InterlockedExchange.KERNEL32(00A5E5A8,000001F6), ref: 010209C8
                                                                • LeaveCriticalSection.KERNEL32(00A5E588), ref: 010209CF
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1653254072.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                • Associated: 00000000.00000002.1653140766.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653761657.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653855110.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                Similarity
                                                                • API ID: CriticalExchangeInterlockedSection$CloseEnterHandleLeaveObjectSingleTerminateThreadWait
                                                                • String ID:
                                                                • API String ID: 3495660284-0
                                                                • Opcode ID: e63dd1efb1bcb47dff1a29c9cb463de81d1616b16e0ee74dbef4131b781ff3c7
                                                                • Instruction ID: 19ecaa60ef02c6d75ebc86adce9c0f4603a59a151cdb87e7ffbb69a08a81a50f
                                                                • Opcode Fuzzy Hash: e63dd1efb1bcb47dff1a29c9cb463de81d1616b16e0ee74dbef4131b781ff3c7
                                                                • Instruction Fuzzy Hash: 76F01D71543A12BBF7615B94EFC8AD67A25BF05702F401015F24250898C7BA9465CF90
                                                                Function 00FB5D0A Relevance: 9.3, APIs: 6, Instructions: 276COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetClientRect.USER32(?,?), ref: 00FB5D30
                                                                • GetWindowRect.USER32(?,?), ref: 00FB5D71
                                                                • ScreenToClient.USER32(?,?), ref: 00FB5D99
                                                                • GetClientRect.USER32(?,?), ref: 00FB5ED7
                                                                • GetWindowRect.USER32(?,?), ref: 00FB5EF8
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1653254072.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                • Associated: 00000000.00000002.1653140766.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653761657.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653855110.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                Similarity
                                                                • API ID: Rect$Client$Window$Screen
                                                                • String ID:
                                                                • API String ID: 1296646539-0
                                                                • Opcode ID: 185a1cbc7dafef6ca8e5a8c2efa35cfcc9d540cf5102014076cced287fb993f3
                                                                • Instruction ID: a61f4db8e5ef0611802e10de6ee7052a5aa9b33c8682dea4ab61b376a9a1a522
                                                                • Opcode Fuzzy Hash: 185a1cbc7dafef6ca8e5a8c2efa35cfcc9d540cf5102014076cced287fb993f3
                                                                • Instruction Fuzzy Hash: 93B17839A0064ADBDB10CFA9C5807FAB7F1FF48310F14851AE8A9D7250DB38EA41EB54
                                                                Function 00FE01B7 Relevance: 9.3, APIs: 6, Instructions: 269COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • __allrem.LIBCMT ref: 00FE00BA
                                                                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00FE00D6
                                                                • __allrem.LIBCMT ref: 00FE00ED
                                                                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00FE010B
                                                                • __allrem.LIBCMT ref: 00FE0122
                                                                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00FE0140
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1653254072.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                • Associated: 00000000.00000002.1653140766.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653761657.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653855110.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                Similarity
                                                                • API ID: Unothrow_t@std@@@__allrem__ehfuncinfo$??2@
                                                                • String ID:
                                                                • API String ID: 1992179935-0
                                                                • Opcode ID: c0aa086816e9a6b10c8594d9af3fc1b6618250ddc70608c46d0048b3e4fbc764
                                                                • Instruction ID: 026ca594da2dcfc5d8aeb74fabaff42bb8d9d98c81d00ff72e2fe4ccdfb0df03
                                                                • Opcode Fuzzy Hash: c0aa086816e9a6b10c8594d9af3fc1b6618250ddc70608c46d0048b3e4fbc764
                                                                • Instruction Fuzzy Hash: 8481F872A007469BE7209F6ACC41B6B73E9AF41334F28463AF551DB3C1EBB8D944A750
                                                                Function 01031D10 Relevance: 9.3, APIs: 6, Instructions: 254networkCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 01033149: select.WSOCK32(00000000,?,00000000,00000000,?,?,?,00000000,?,?,?,0103101C,00000000,?,?,00000000), ref: 01033195
                                                                • __WSAFDIsSet.WSOCK32(00000000,?,00000000,00000000,?,00000064,00000000), ref: 01031DC0
                                                                • #17.WSOCK32(00000000,?,?,00000000,?,00000010), ref: 01031DE1
                                                                • WSAGetLastError.WSOCK32 ref: 01031DF2
                                                                • inet_ntoa.WSOCK32(?), ref: 01031E8C
                                                                • htons.WSOCK32(?,?,?,?,?), ref: 01031EDB
                                                                • _strlen.LIBCMT ref: 01031F35
                                                                  • Part of subcall function 010139E8: _strlen.LIBCMT ref: 010139F2
                                                                  • Part of subcall function 00FB6D9E: MultiByteToWideChar.KERNEL32(00000000,00000001,?,?,00000000,00000000,00000002,?,?,?,?,00FCCF58,?,?,?), ref: 00FB6DBA
                                                                  • Part of subcall function 00FB6D9E: MultiByteToWideChar.KERNEL32(00000000,00000001,?,?,00000000,?,?,?,00FCCF58,?,?,?), ref: 00FB6DED
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1653254072.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                • Associated: 00000000.00000002.1653140766.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653761657.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653855110.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                Similarity
                                                                • API ID: ByteCharMultiWide_strlen$ErrorLasthtonsinet_ntoaselect
                                                                • String ID:
                                                                • API String ID: 1923757996-0
                                                                • Opcode ID: 5cb1e502de98e963268627a7f3115bf104c813827cb4e8184e947f234f736425
                                                                • Instruction ID: 34d9d33825c85bf282a13c0a3d778b44c513832606a666ebd6a19247ea10bb58
                                                                • Opcode Fuzzy Hash: 5cb1e502de98e963268627a7f3115bf104c813827cb4e8184e947f234f736425
                                                                • Instruction Fuzzy Hash: 5CA1E130104301AFD324EF25C885F6A7BE9AFD8318F54898CF5965B2A2CB75ED46CB91
                                                                Function 00FE61FE Relevance: 9.2, APIs: 6, Instructions: 216COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • MultiByteToWideChar.KERNEL32(00000001,00000000,?,?,00000000,00000000,?,00FD82D9,00FD82D9,?,?,?,00FE644F,00000001,00000001,8BE85006), ref: 00FE6258
                                                                • MultiByteToWideChar.KERNEL32(00000001,00000001,?,?,00000000,?,?,?,?,00FE644F,00000001,00000001,8BE85006,?,?,?), ref: 00FE62DE
                                                                • WideCharToMultiByte.KERNEL32(00000001,00000000,00000000,00000000,?,8BE85006,00000000,00000000,?,00000400,00000000,?,00000000,00000000,00000000,00000000), ref: 00FE63D8
                                                                • __freea.LIBCMT ref: 00FE63E5
                                                                  • Part of subcall function 00FE3820: RtlAllocateHeap.NTDLL(00000000,?,01081444,?,00FCFDF5,?,?,00FBA976,00000010,01081440,00FB13FC,?,00FB13C6,?,00FB1129), ref: 00FE3852
                                                                • __freea.LIBCMT ref: 00FE63EE
                                                                • __freea.LIBCMT ref: 00FE6413
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1653254072.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                • Associated: 00000000.00000002.1653140766.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653761657.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653855110.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                Similarity
                                                                • API ID: ByteCharMultiWide__freea$AllocateHeap
                                                                • String ID:
                                                                • API String ID: 1414292761-0
                                                                • Opcode ID: d9aa46f1f7de38cbbe3f3915fe69d7ed673338f651c1c0efb217984722441edb
                                                                • Instruction ID: faf0c06a8c78864d18544db5e14937253d1f64a9ca001dba26d767ceb54ff67a
                                                                • Opcode Fuzzy Hash: d9aa46f1f7de38cbbe3f3915fe69d7ed673338f651c1c0efb217984722441edb
                                                                • Instruction Fuzzy Hash: 6F51F572A0029AAFEF258F66CC81EAF77A9EF547A0F144229FD05D7240DB34DC40E660
                                                                Function 0103BBDB Relevance: 9.2, APIs: 6, Instructions: 191registryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 00FB9CB3: _wcslen.LIBCMT ref: 00FB9CBD
                                                                  • Part of subcall function 0103C998: CharUpperBuffW.USER32(?,?,?,?,?,?,?,0103B6AE,?,?), ref: 0103C9B5
                                                                  • Part of subcall function 0103C998: _wcslen.LIBCMT ref: 0103C9F1
                                                                  • Part of subcall function 0103C998: _wcslen.LIBCMT ref: 0103CA68
                                                                  • Part of subcall function 0103C998: _wcslen.LIBCMT ref: 0103CA9E
                                                                • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 0103BCCA
                                                                • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 0103BD25
                                                                • RegCloseKey.ADVAPI32(00000000), ref: 0103BD6A
                                                                • RegEnumValueW.ADVAPI32(?,-00000001,?,?,00000000,?,00000000,00000000), ref: 0103BD99
                                                                • RegCloseKey.ADVAPI32(?,?,00000000), ref: 0103BDF3
                                                                • RegCloseKey.ADVAPI32(?), ref: 0103BDFF
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1653254072.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                • Associated: 00000000.00000002.1653140766.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653761657.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653855110.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                Similarity
                                                                • API ID: _wcslen$Close$BuffCharConnectEnumOpenRegistryUpperValue
                                                                • String ID:
                                                                • API String ID: 1120388591-0
                                                                • Opcode ID: 8a1a6598f9fa1da7c970955f8c14967cdaf4ee0d19606214642e6dd9b6d925d0
                                                                • Instruction ID: 2b0e30936de854faa575d7bb7fff38d4bae99d157c43865404b696fa122200e1
                                                                • Opcode Fuzzy Hash: 8a1a6598f9fa1da7c970955f8c14967cdaf4ee0d19606214642e6dd9b6d925d0
                                                                • Instruction Fuzzy Hash: 7081B570208241AFD714EF24C885E6ABBE9FF84308F14459DF5954B292DB35ED45CF92
                                                                Function 0100F7AD Relevance: 9.2, APIs: 6, Instructions: 183memoryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • VariantInit.OLEAUT32(00000035), ref: 0100F7B9
                                                                • SysAllocString.OLEAUT32(00000001), ref: 0100F860
                                                                • VariantCopy.OLEAUT32(0100FA64,00000000), ref: 0100F889
                                                                • VariantClear.OLEAUT32(0100FA64), ref: 0100F8AD
                                                                • VariantCopy.OLEAUT32(0100FA64,00000000), ref: 0100F8B1
                                                                • VariantClear.OLEAUT32(?), ref: 0100F8BB
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1653254072.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                • Associated: 00000000.00000002.1653140766.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653761657.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653855110.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                Similarity
                                                                • API ID: Variant$ClearCopy$AllocInitString
                                                                • String ID:
                                                                • API String ID: 3859894641-0
                                                                • Opcode ID: 5ed5933923df05e6dadcaf5e975576ab1aa8e22c9164074778bf2de33bd7efc2
                                                                • Instruction ID: b8c252ba667cdc0c42d92e7b5ab9960f8fb49a9428a87acb589689e1a1c1ca6e
                                                                • Opcode Fuzzy Hash: 5ed5933923df05e6dadcaf5e975576ab1aa8e22c9164074778bf2de33bd7efc2
                                                                • Instruction Fuzzy Hash: AC512435600312BBEF36AB65D885B6DB3E8EF45310F14845AE942DF2C5DB748840EBA7
                                                                Function 0102910C Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 383COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 00FB7620: _wcslen.LIBCMT ref: 00FB7625
                                                                  • Part of subcall function 00FB6B57: _wcslen.LIBCMT ref: 00FB6B6A
                                                                • GetOpenFileNameW.COMDLG32(00000058), ref: 010294E5
                                                                • _wcslen.LIBCMT ref: 01029506
                                                                • _wcslen.LIBCMT ref: 0102952D
                                                                • GetSaveFileNameW.COMDLG32(00000058), ref: 01029585
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1653254072.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                • Associated: 00000000.00000002.1653140766.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653761657.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653855110.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                Similarity
                                                                • API ID: _wcslen$FileName$OpenSave
                                                                • String ID: X
                                                                • API String ID: 83654149-3081909835
                                                                • Opcode ID: fc4d9d8a17304ec635ee326249c244218c5dbf3ff21fc591c928c2fafd03772a
                                                                • Instruction ID: 000f5e559b08a338f50056a20ec1322aa5f8ddca5425870be2d4c7fa18a83911
                                                                • Opcode Fuzzy Hash: fc4d9d8a17304ec635ee326249c244218c5dbf3ff21fc591c928c2fafd03772a
                                                                • Instruction Fuzzy Hash: 61E1B4716083218FD724DF25C881AAEB7E4BF85314F18856DF9899B2A2DB35DD04CF92
                                                                Function 00FC920C Relevance: 9.1, APIs: 6, Instructions: 113COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 00FC9BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00FC9BB2
                                                                • BeginPaint.USER32(?,?,?), ref: 00FC9241
                                                                • GetWindowRect.USER32(?,?), ref: 00FC92A5
                                                                • ScreenToClient.USER32(?,?), ref: 00FC92C2
                                                                • SetViewportOrgEx.GDI32(00000000,?,?,00000000), ref: 00FC92D3
                                                                • EndPaint.USER32(?,?,?,?,?), ref: 00FC9321
                                                                • Rectangle.GDI32(00000000,00000000,00000000,?,?), ref: 010071EA
                                                                  • Part of subcall function 00FC9339: BeginPath.GDI32(00000000), ref: 00FC9357
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1653254072.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                • Associated: 00000000.00000002.1653140766.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653761657.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653855110.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                Similarity
                                                                • API ID: BeginPaintWindow$ClientLongPathRectRectangleScreenViewport
                                                                • String ID:
                                                                • API String ID: 3050599898-0
                                                                • Opcode ID: c46302045d1f4bb49cedd9a1fd13179838241d3ca5e478fa87909b980a1ba58e
                                                                • Instruction ID: 7da136d0e22551f5e3423e744b74df9cbf48989d59b267dbd0ace3197f03934e
                                                                • Opcode Fuzzy Hash: c46302045d1f4bb49cedd9a1fd13179838241d3ca5e478fa87909b980a1ba58e
                                                                • Instruction Fuzzy Hash: D541A271109201AFE721DF18C989FAA7BA9FF45320F04066DF9D4871E1C77AA845EB61
                                                                Function 010207EF Relevance: 9.1, APIs: 6, Instructions: 107fileCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • InterlockedExchange.KERNEL32(?,000001F5), ref: 0102080C
                                                                • ReadFile.KERNEL32(?,?,0000FFFF,?,00000000), ref: 01020847
                                                                • EnterCriticalSection.KERNEL32(?), ref: 01020863
                                                                • LeaveCriticalSection.KERNEL32(?), ref: 010208DC
                                                                • ReadFile.KERNEL32(?,?,0000FFFF,00000000,00000000), ref: 010208F3
                                                                • InterlockedExchange.KERNEL32(?,000001F6), ref: 01020921
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1653254072.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                • Associated: 00000000.00000002.1653140766.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653761657.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653855110.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                Similarity
                                                                • API ID: CriticalExchangeFileInterlockedReadSection$EnterLeave
                                                                • String ID:
                                                                • API String ID: 3368777196-0
                                                                • Opcode ID: f88970f1fe5a83a519514b30b5c11beb08f6ba00b9f73c37fc4fc0bf3b5dbaa7
                                                                • Instruction ID: c7f5e20f13c9c2346443fbf6fe2dfcf9a7c220c7ff622466f78f5baaff8db022
                                                                • Opcode Fuzzy Hash: f88970f1fe5a83a519514b30b5c11beb08f6ba00b9f73c37fc4fc0bf3b5dbaa7
                                                                • Instruction Fuzzy Hash: 8C41CE71A00205EFEF14AF54DD81A6AB7B9FF04300F0480A9FD00AA29BDB75DE14DBA0
                                                                Function 010481DB Relevance: 9.1, APIs: 6, Instructions: 104windowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • ShowWindow.USER32(FFFFFFFF,00000000,?,00000000,00000000,?,0100F3AB,00000000,?,?,00000000,?,0100682C,00000004,00000000,00000000), ref: 0104824C
                                                                • EnableWindow.USER32(?,00000000), ref: 01048272
                                                                • ShowWindow.USER32(FFFFFFFF,00000000), ref: 010482D1
                                                                • ShowWindow.USER32(?,00000004), ref: 010482E5
                                                                • EnableWindow.USER32(?,00000001), ref: 0104830B
                                                                • SendMessageW.USER32(?,0000130C,00000000,00000000), ref: 0104832F
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1653254072.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                • Associated: 00000000.00000002.1653140766.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653761657.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653855110.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                Similarity
                                                                • API ID: Window$Show$Enable$MessageSend
                                                                • String ID:
                                                                • API String ID: 642888154-0
                                                                • Opcode ID: fe1be939eb93577da544e9f1b8965cf32d664d639295ba260cd51e7d17e446ca
                                                                • Instruction ID: 0665acbd40f1318a130acc5fa02f0a40509473ca6d30bf1dba349c34ac2a6c96
                                                                • Opcode Fuzzy Hash: fe1be939eb93577da544e9f1b8965cf32d664d639295ba260cd51e7d17e446ca
                                                                • Instruction Fuzzy Hash: 6141B7B4601644AFEB61CF58C6C9BE87BE0BF09715F1885F6E6D84B263C3366441CB50
                                                                Function 010322DA Relevance: 9.1, APIs: 6, Instructions: 103COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetForegroundWindow.USER32(?,?,00000000), ref: 010322E8
                                                                  • Part of subcall function 0102E4EC: GetWindowRect.USER32(?,?), ref: 0102E504
                                                                • GetDesktopWindow.USER32 ref: 01032312
                                                                • GetWindowRect.USER32(00000000), ref: 01032319
                                                                • mouse_event.USER32(00008001,?,?,00000002,00000002), ref: 01032355
                                                                • GetCursorPos.USER32(?), ref: 01032381
                                                                • mouse_event.USER32(00008001,?,?,00000000,00000000), ref: 010323DF
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1653254072.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                • Associated: 00000000.00000002.1653140766.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653761657.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653855110.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                Similarity
                                                                • API ID: Window$Rectmouse_event$CursorDesktopForeground
                                                                • String ID:
                                                                • API String ID: 2387181109-0
                                                                • Opcode ID: b71f016fe205c505e3097a6ccf34b29de3fdb796ff9b0888a15d1410bcc73d40
                                                                • Instruction ID: f296174905ce5a3d0fb34751efb2433791996f312031a76fde2f0c393be9c36a
                                                                • Opcode Fuzzy Hash: b71f016fe205c505e3097a6ccf34b29de3fdb796ff9b0888a15d1410bcc73d40
                                                                • Instruction Fuzzy Hash: C531CFB2505305ABD721DF18C944A9BBBEDFFC8310F004A19F9C597181DB35EA08CB92
                                                                Function 01014C7D Relevance: 9.1, APIs: 6, Instructions: 87windowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • IsWindowVisible.USER32(?), ref: 01014C95
                                                                • SendMessageW.USER32(?,0000000E,00000000,00000000), ref: 01014CB2
                                                                • SendMessageW.USER32(?,0000000D,00000001,00000000), ref: 01014CEA
                                                                • _wcslen.LIBCMT ref: 01014D08
                                                                • CharUpperBuffW.USER32(00000000,00000000,?,?,?,?), ref: 01014D10
                                                                • _wcsstr.LIBVCRUNTIME ref: 01014D1A
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1653254072.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                • Associated: 00000000.00000002.1653140766.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653761657.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653855110.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                Similarity
                                                                • API ID: MessageSend$BuffCharUpperVisibleWindow_wcslen_wcsstr
                                                                • String ID:
                                                                • API String ID: 72514467-0
                                                                • Opcode ID: 848eb387cd3aa45def9a4bcde59f69a8a3c53c34a609c4a368a151936640f2d2
                                                                • Instruction ID: 087dcd25107fb5444c78694dd6fb639438f68a6eacc45400183a5c746f6858c1
                                                                • Opcode Fuzzy Hash: 848eb387cd3aa45def9a4bcde59f69a8a3c53c34a609c4a368a151936640f2d2
                                                                • Instruction Fuzzy Hash: C52149712042047BFB656B39AD49E7F7BDDDF49710F00806DF845CA1A6EB79D80093A0
                                                                Function 0102581E Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 336comCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 00FB3AA2: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00FB3A97,?,?,00FB2E7F,?,?,?,00000000), ref: 00FB3AC2
                                                                • _wcslen.LIBCMT ref: 0102587B
                                                                • CoInitialize.OLE32(00000000), ref: 01025995
                                                                • CoCreateInstance.OLE32(0104FCF8,00000000,00000001,0104FB68,?), ref: 010259AE
                                                                • CoUninitialize.OLE32 ref: 010259CC
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1653254072.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                • Associated: 00000000.00000002.1653140766.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653761657.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653855110.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                Similarity
                                                                • API ID: CreateFullInitializeInstanceNamePathUninitialize_wcslen
                                                                • String ID: .lnk
                                                                • API String ID: 3172280962-24824748
                                                                • Opcode ID: e7bde28adcad001acd342e17a103c57cb89411b11773b7e7e82c454766e1a104
                                                                • Instruction ID: 93dd557dcb1f742013bcc0586aec151e040127b638a65a39983c50f9c78d6406
                                                                • Opcode Fuzzy Hash: e7bde28adcad001acd342e17a103c57cb89411b11773b7e7e82c454766e1a104
                                                                • Instruction Fuzzy Hash: 71D155746043119FC714DF19C884AAABBE5EF89710F14889DF8899B361DB35EC45CF92
                                                                Function 0101175D Relevance: 9.1, APIs: 6, Instructions: 68memoryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 01010FB4: GetTokenInformation.ADVAPI32(?,00000002,?,00000000,?), ref: 01010FCA
                                                                  • Part of subcall function 01010FB4: GetLastError.KERNEL32(?,00000002,?,00000000,?), ref: 01010FD6
                                                                  • Part of subcall function 01010FB4: GetProcessHeap.KERNEL32(00000008,?,?,00000002,?,00000000,?), ref: 01010FE5
                                                                  • Part of subcall function 01010FB4: HeapAlloc.KERNEL32(00000000,?,00000002,?,00000000,?), ref: 01010FEC
                                                                  • Part of subcall function 01010FB4: GetTokenInformation.ADVAPI32(?,00000002,00000000,?,?,?,00000002,?,00000000,?), ref: 01011002
                                                                • GetLengthSid.ADVAPI32(?,00000000,01011335), ref: 010117AE
                                                                • GetProcessHeap.KERNEL32(00000008,00000000), ref: 010117BA
                                                                • HeapAlloc.KERNEL32(00000000), ref: 010117C1
                                                                • CopySid.ADVAPI32(00000000,00000000,?), ref: 010117DA
                                                                • GetProcessHeap.KERNEL32(00000000,00000000,01011335), ref: 010117EE
                                                                • HeapFree.KERNEL32(00000000), ref: 010117F5
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1653254072.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                • Associated: 00000000.00000002.1653140766.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653761657.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653855110.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                Similarity
                                                                • API ID: Heap$Process$AllocInformationToken$CopyErrorFreeLastLength
                                                                • String ID:
                                                                • API String ID: 3008561057-0
                                                                • Opcode ID: 505ebd46a3ac81d2c1094df4c501853f254396dcd108fa073fe145c629e4e85b
                                                                • Instruction ID: aa345e6728056d9b2cd7123a568bffb3733f04037d4a36113f2b01fb5b3be9cb
                                                                • Opcode Fuzzy Hash: 505ebd46a3ac81d2c1094df4c501853f254396dcd108fa073fe145c629e4e85b
                                                                • Instruction Fuzzy Hash: A011A275502205FFEB249FA8CE49BAE7BF9FB42255F144098F6C197208C73A9940CB60
                                                                Function 010114CE Relevance: 9.1, APIs: 6, Instructions: 64processCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetCurrentProcess.KERNEL32(0000000A,00000004), ref: 010114FF
                                                                • OpenProcessToken.ADVAPI32(00000000), ref: 01011506
                                                                • CreateEnvironmentBlock.USERENV(?,00000004,00000001), ref: 01011515
                                                                • CloseHandle.KERNEL32(00000004), ref: 01011520
                                                                • CreateProcessWithLogonW.ADVAPI32(?,?,?,00000000,00000000,?,?,00000000,?,?,?), ref: 0101154F
                                                                • DestroyEnvironmentBlock.USERENV(00000000), ref: 01011563
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1653254072.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                • Associated: 00000000.00000002.1653140766.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653761657.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653855110.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                Similarity
                                                                • API ID: Process$BlockCreateEnvironment$CloseCurrentDestroyHandleLogonOpenTokenWith
                                                                • String ID:
                                                                • API String ID: 1413079979-0
                                                                • Opcode ID: b302b1ca2c4cd93e0424710398aa44e919689e7dc156040b65c8f421c08f0c5f
                                                                • Instruction ID: 1a15e7f80468fcbf8ac8c6c088a18fe20af40e4002ffac4c167d785a33308818
                                                                • Opcode Fuzzy Hash: b302b1ca2c4cd93e0424710398aa44e919689e7dc156040b65c8f421c08f0c5f
                                                                • Instruction Fuzzy Hash: 9A112CB6601209EBEF21CFA8DE49BDE7BA9FF08744F044055FB45A2054C37A8E60DB61
                                                                Function 00FD3382 Relevance: 9.1, APIs: 6, Instructions: 60COMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                • GetLastError.KERNEL32(?,?,00FD3379,00FD2FE5), ref: 00FD3390
                                                                • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 00FD339E
                                                                • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 00FD33B7
                                                                • SetLastError.KERNEL32(00000000,?,00FD3379,00FD2FE5), ref: 00FD3409
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1653254072.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                • Associated: 00000000.00000002.1653140766.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653761657.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653855110.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                Similarity
                                                                • API ID: ErrorLastValue___vcrt_
                                                                • String ID:
                                                                • API String ID: 3852720340-0
                                                                • Opcode ID: 8d3272ebd42f33d03e7635d646fcad5fe26601921c945459d8b6477967334a3d
                                                                • Instruction ID: 174d9ddd0234fca27e3897e3b66e442539ba6197ae004aa102e27f9df506b6d5
                                                                • Opcode Fuzzy Hash: 8d3272ebd42f33d03e7635d646fcad5fe26601921c945459d8b6477967334a3d
                                                                • Instruction Fuzzy Hash: 3801F533A093126FB62526746E89A1A3B56FB06375328022BF610903E0EF1A4E01B2C6
                                                                Function 00FE2D74 Relevance: 9.0, APIs: 6, Instructions: 50COMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                • GetLastError.KERNEL32(?,?,00FE5686,00FF3CD6,?,00000000,?,00FE5B6A,?,?,?,?,?,00FDE6D1,?,01078A48), ref: 00FE2D78
                                                                • _free.LIBCMT ref: 00FE2DAB
                                                                • _free.LIBCMT ref: 00FE2DD3
                                                                • SetLastError.KERNEL32(00000000,?,?,?,?,00FDE6D1,?,01078A48,00000010,00FB4F4A,?,?,00000000,00FF3CD6), ref: 00FE2DE0
                                                                • SetLastError.KERNEL32(00000000,?,?,?,?,00FDE6D1,?,01078A48,00000010,00FB4F4A,?,?,00000000,00FF3CD6), ref: 00FE2DEC
                                                                • _abort.LIBCMT ref: 00FE2DF2
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1653254072.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                • Associated: 00000000.00000002.1653140766.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653761657.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653855110.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                Similarity
                                                                • API ID: ErrorLast$_free$_abort
                                                                • String ID:
                                                                • API String ID: 3160817290-0
                                                                • Opcode ID: 8a02f0934c56753df3f7f39f5339ce0780f099e14a0d8274187cce73deb7a089
                                                                • Instruction ID: e99645a74080a6a6e190fca551bad5559383eea2a6b5515e6bc4e02f0d414449
                                                                • Opcode Fuzzy Hash: 8a02f0934c56753df3f7f39f5339ce0780f099e14a0d8274187cce73deb7a089
                                                                • Instruction Fuzzy Hash: 20F0F976D0668027D3B2363B7D0AA1E375DABC27B1F254019FA64D2186FE2D89017221
                                                                Function 01048A24 Relevance: 9.0, APIs: 6, Instructions: 49COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 00FC9639: ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,00000000), ref: 00FC9693
                                                                  • Part of subcall function 00FC9639: SelectObject.GDI32(?,00000000), ref: 00FC96A2
                                                                  • Part of subcall function 00FC9639: BeginPath.GDI32(?), ref: 00FC96B9
                                                                  • Part of subcall function 00FC9639: SelectObject.GDI32(?,00000000), ref: 00FC96E2
                                                                • MoveToEx.GDI32(?,-00000002,00000000,00000000), ref: 01048A4E
                                                                • LineTo.GDI32(?,00000003,00000000), ref: 01048A62
                                                                • MoveToEx.GDI32(?,00000000,-00000002,00000000), ref: 01048A70
                                                                • LineTo.GDI32(?,00000000,00000003), ref: 01048A80
                                                                • EndPath.GDI32(?), ref: 01048A90
                                                                • StrokePath.GDI32(?), ref: 01048AA0
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1653254072.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                • Associated: 00000000.00000002.1653140766.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653761657.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653855110.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                Similarity
                                                                • API ID: Path$LineMoveObjectSelect$BeginCreateStroke
                                                                • String ID:
                                                                • API String ID: 43455801-0
                                                                • Opcode ID: 1aa3b4483d193ee91d6fee2ac4f04574e830a6aeaebdb87cf77618abcfa068ee
                                                                • Instruction ID: 93e5269070b3d82d80ca6253bc870abfa8e2369dec701576272025ac34674926
                                                                • Opcode Fuzzy Hash: 1aa3b4483d193ee91d6fee2ac4f04574e830a6aeaebdb87cf77618abcfa068ee
                                                                • Instruction Fuzzy Hash: 81115EB600010CBFEF119F94DD88E9A7F6CEF05350F008421FA85951A4C7769D55DF60
                                                                Function 010151FD Relevance: 9.0, APIs: 6, Instructions: 49COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetDC.USER32(00000000), ref: 01015218
                                                                • GetDeviceCaps.GDI32(00000000,00000058), ref: 01015229
                                                                • GetDeviceCaps.GDI32(00000000,0000005A), ref: 01015230
                                                                • ReleaseDC.USER32(00000000,00000000), ref: 01015238
                                                                • MulDiv.KERNEL32(000009EC,?,00000000), ref: 0101524F
                                                                • MulDiv.KERNEL32(000009EC,00000001,?), ref: 01015261
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1653254072.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                • Associated: 00000000.00000002.1653140766.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653761657.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653855110.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                Similarity
                                                                • API ID: CapsDevice$Release
                                                                • String ID:
                                                                • API String ID: 1035833867-0
                                                                • Opcode ID: eb059cddce645b2f41e6f468c402cc6ed2b7f9971f10920560e5c7e1c9c4c699
                                                                • Instruction ID: a80d0096a62c31cd9b7954e5ad9a1070324a025935508507d071b3464639b84b
                                                                • Opcode Fuzzy Hash: eb059cddce645b2f41e6f468c402cc6ed2b7f9971f10920560e5c7e1c9c4c699
                                                                • Instruction Fuzzy Hash: A801A7B5E01705BBFB205BE59D49E5EBFB8EF49351F044065FE44AB284D6759800CFA0
                                                                Function 00FB1BC3 Relevance: 9.0, APIs: 6, Instructions: 44keyboardCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • MapVirtualKeyW.USER32(0000005B,00000000), ref: 00FB1BF4
                                                                • MapVirtualKeyW.USER32(00000010,00000000), ref: 00FB1BFC
                                                                • MapVirtualKeyW.USER32(000000A0,00000000), ref: 00FB1C07
                                                                • MapVirtualKeyW.USER32(000000A1,00000000), ref: 00FB1C12
                                                                • MapVirtualKeyW.USER32(00000011,00000000), ref: 00FB1C1A
                                                                • MapVirtualKeyW.USER32(00000012,00000000), ref: 00FB1C22
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1653254072.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                • Associated: 00000000.00000002.1653140766.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653761657.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653855110.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                Similarity
                                                                • API ID: Virtual
                                                                • String ID:
                                                                • API String ID: 4278518827-0
                                                                • Opcode ID: 578b1261ce220304694877e22799dfb5bc0d9da4e328a045ab74b14f51ecd6ff
                                                                • Instruction ID: 2272fdebf43359370c8072c01ab4d0f2d8cac844c5f3c90b2e53d32a1043b4ec
                                                                • Opcode Fuzzy Hash: 578b1261ce220304694877e22799dfb5bc0d9da4e328a045ab74b14f51ecd6ff
                                                                • Instruction Fuzzy Hash: 8D0167B0902B5ABDE3008F6A8C85B52FFA8FF19354F00411BA15C4BA42C7F5A864CFE5
                                                                Function 0101EB20 Relevance: 9.0, APIs: 6, Instructions: 42windowtimethreadCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • PostMessageW.USER32(?,00000010,00000000,00000000), ref: 0101EB30
                                                                • SendMessageTimeoutW.USER32(?,00000010,00000000,00000000,00000002,000001F4,?), ref: 0101EB46
                                                                • GetWindowThreadProcessId.USER32(?,?), ref: 0101EB55
                                                                • OpenProcess.KERNEL32(001F0FFF,00000000,?,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 0101EB64
                                                                • TerminateProcess.KERNEL32(00000000,00000000,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 0101EB6E
                                                                • CloseHandle.KERNEL32(00000000,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 0101EB75
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1653254072.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                • Associated: 00000000.00000002.1653140766.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653761657.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653855110.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                Similarity
                                                                • API ID: Process$Message$CloseHandleOpenPostSendTerminateThreadTimeoutWindow
                                                                • String ID:
                                                                • API String ID: 839392675-0
                                                                • Opcode ID: e0921b6fbd3a32bcc35182c02b767494189475d7ef986c16150ec2efb8623217
                                                                • Instruction ID: 54b3398b20694808fd180e624d6d0e7418ec5152ab3c89de944359b957f90f0d
                                                                • Opcode Fuzzy Hash: e0921b6fbd3a32bcc35182c02b767494189475d7ef986c16150ec2efb8623217
                                                                • Instruction Fuzzy Hash: 62F06DB6242158BBE73156529E4DEAF3A7CEBCAB11F004158FA41D108496A92A0187B4
                                                                Function 01007439 Relevance: 9.0, APIs: 6, Instructions: 37windowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetClientRect.USER32(?), ref: 01007452
                                                                • SendMessageW.USER32(?,00001328,00000000,?), ref: 01007469
                                                                • GetWindowDC.USER32(?), ref: 01007475
                                                                • GetPixel.GDI32(00000000,?,?), ref: 01007484
                                                                • ReleaseDC.USER32(?,00000000), ref: 01007496
                                                                • GetSysColor.USER32(00000005), ref: 010074B0
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1653254072.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                • Associated: 00000000.00000002.1653140766.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653761657.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653855110.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                Similarity
                                                                • API ID: ClientColorMessagePixelRectReleaseSendWindow
                                                                • String ID:
                                                                • API String ID: 272304278-0
                                                                • Opcode ID: 3728a9a852bbfd06ed95014887cec8bff8e83b106d658c1bb48b279561232626
                                                                • Instruction ID: 70dfdd7d178fadd8733f0b11e621297c3292ae9371b0e0ab26647cff6ad79d9c
                                                                • Opcode Fuzzy Hash: 3728a9a852bbfd06ed95014887cec8bff8e83b106d658c1bb48b279561232626
                                                                • Instruction Fuzzy Hash: 4B018B75401205EFEB625F64DE48BAE7BB5FF08311F514064F995A20E1CF3A2E41AB50
                                                                Function 01011874 Relevance: 9.0, APIs: 6, Instructions: 23memorysynchronizationCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • WaitForSingleObject.KERNEL32(?,000000FF), ref: 0101187F
                                                                • UnloadUserProfile.USERENV(?,?), ref: 0101188B
                                                                • CloseHandle.KERNEL32(?), ref: 01011894
                                                                • CloseHandle.KERNEL32(?), ref: 0101189C
                                                                • GetProcessHeap.KERNEL32(00000000,?), ref: 010118A5
                                                                • HeapFree.KERNEL32(00000000), ref: 010118AC
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1653254072.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                • Associated: 00000000.00000002.1653140766.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653761657.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653855110.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                Similarity
                                                                • API ID: CloseHandleHeap$FreeObjectProcessProfileSingleUnloadUserWait
                                                                • String ID:
                                                                • API String ID: 146765662-0
                                                                • Opcode ID: 456ef1671819b7725fc980671c26c9ad5956c80169b735a8baaa0653172f8164
                                                                • Instruction ID: 9d7674bb7d9cf0e70429098a6c9af42aaeccb68fef332e75f51d74f9491c8562
                                                                • Opcode Fuzzy Hash: 456ef1671819b7725fc980671c26c9ad5956c80169b735a8baaa0653172f8164
                                                                • Instruction Fuzzy Hash: CAE0EDBA105501BBE7215FA1EF4C905BF39FF4A7227108220F26581078CB375420DB50
                                                                Function 0101C5D0 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 191windowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 00FB7620: _wcslen.LIBCMT ref: 00FB7625
                                                                • GetMenuItemInfoW.USER32(?,?,00000000,?), ref: 0101C6EE
                                                                • _wcslen.LIBCMT ref: 0101C735
                                                                • SetMenuItemInfoW.USER32(?,?,00000000,?), ref: 0101C79C
                                                                • SetMenuDefaultItem.USER32(?,000000FF,00000000), ref: 0101C7CA
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1653254072.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                • Associated: 00000000.00000002.1653140766.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653761657.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653855110.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                Similarity
                                                                • API ID: ItemMenu$Info_wcslen$Default
                                                                • String ID: 0
                                                                • API String ID: 1227352736-4108050209
                                                                • Opcode ID: 270e2c61ff8fa7b3b4300e3649f9939dabe369a0f6a58c29fb25560a847733f6
                                                                • Instruction ID: a31b8985ee6d757295bc0be144158d90798f4a70635af5f38a5773b8632b2c1e
                                                                • Opcode Fuzzy Hash: 270e2c61ff8fa7b3b4300e3649f9939dabe369a0f6a58c29fb25560a847733f6
                                                                • Instruction Fuzzy Hash: 6851E2716843019BF7919E28CA85B6EBBE4BF49310F04096DFAD6D2195DBBCD804CB52
                                                                Function 0101719E Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 120comlibraryloaderCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • CoCreateInstance.OLE32(?,00000000,00000005,?,?,?,?,?,?,?,?,?,?,?), ref: 01017206
                                                                • SetErrorMode.KERNEL32(00000001,?,?,?,?,?,?,?,?,?), ref: 0101723C
                                                                • GetProcAddress.KERNEL32(?,DllGetClassObject), ref: 0101724D
                                                                • SetErrorMode.KERNEL32(00000000,?,?,?,?,?,?,?,?,?), ref: 010172CF
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1653254072.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                • Associated: 00000000.00000002.1653140766.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653761657.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653855110.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                Similarity
                                                                • API ID: ErrorMode$AddressCreateInstanceProc
                                                                • String ID: DllGetClassObject
                                                                • API String ID: 753597075-1075368562
                                                                • Opcode ID: ad81f5ea9dd597a907e9ddf3546187038a7a7bc74279a95bced8f9f648879653
                                                                • Instruction ID: 9e125bda13854c1605e3fbdd0de7fe3ce8d33b9ab72eec68f781f84a366ac8c7
                                                                • Opcode Fuzzy Hash: ad81f5ea9dd597a907e9ddf3546187038a7a7bc74279a95bced8f9f648879653
                                                                • Instruction Fuzzy Hash: 2F416EB1A00204AFDB25CF94C984ADA7FA9EF49310F1480ADFD459F20DD7B9D945CBA0
                                                                Function 01043D7C Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 101windowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 01043E35
                                                                • IsMenu.USER32(?), ref: 01043E4A
                                                                • InsertMenuItemW.USER32(?,?,00000001,00000030), ref: 01043E92
                                                                • DrawMenuBar.USER32 ref: 01043EA5
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1653254072.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                • Associated: 00000000.00000002.1653140766.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653761657.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653855110.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                Similarity
                                                                • API ID: Menu$Item$DrawInfoInsert
                                                                • String ID: 0
                                                                • API String ID: 3076010158-4108050209
                                                                • Opcode ID: a66b24b8b7a7bc645fd023374eb602e29921034ec2f861b77274770dd3473859
                                                                • Instruction ID: 16a2da9fddc7a5351727ffdbf13f3b5a79b1916553ef516e0ee7de22b1ef075b
                                                                • Opcode Fuzzy Hash: a66b24b8b7a7bc645fd023374eb602e29921034ec2f861b77274770dd3473859
                                                                • Instruction Fuzzy Hash: 97418AB4A02219AFEB20DF55D8C0AAEBBF5FF48350F044069E9959B280D335A941CF90
                                                                Function 01011DE2 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 93windowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 00FB9CB3: _wcslen.LIBCMT ref: 00FB9CBD
                                                                  • Part of subcall function 01013CA7: GetClassNameW.USER32(?,?,000000FF), ref: 01013CCA
                                                                • SendMessageW.USER32(?,00000188,00000000,00000000), ref: 01011E66
                                                                • SendMessageW.USER32(?,0000018A,00000000,00000000), ref: 01011E79
                                                                • SendMessageW.USER32(?,00000189,?,00000000), ref: 01011EA9
                                                                  • Part of subcall function 00FB6B57: _wcslen.LIBCMT ref: 00FB6B6A
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1653254072.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                • Associated: 00000000.00000002.1653140766.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653761657.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653855110.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                Similarity
                                                                • API ID: MessageSend$_wcslen$ClassName
                                                                • String ID: ComboBox$ListBox
                                                                • API String ID: 2081771294-1403004172
                                                                • Opcode ID: 774d122993da14160b5ed3f61765d8fe106015d6e6e6f513b852d5fca12f6e24
                                                                • Instruction ID: f4022adff907f6690d519f034b3039043164d512d3615f9c91d33a34eef924c1
                                                                • Opcode Fuzzy Hash: 774d122993da14160b5ed3f61765d8fe106015d6e6e6f513b852d5fca12f6e24
                                                                • Instruction Fuzzy Hash: 892146B1A00108ABEB18ABB5DD85CFFBBF8EF45350B004019F691971D5DB3C49099A20
                                                                Function 0103C9EA Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 91COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1653254072.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                • Associated: 00000000.00000002.1653140766.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653761657.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653855110.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                Similarity
                                                                • API ID: _wcslen
                                                                • String ID: HKEY_LOCAL_MACHINE$HKLM
                                                                • API String ID: 176396367-4004644295
                                                                • Opcode ID: aec8cd0cee933ecde509f05ce2876ef0665e2777ff510d36c30bc53373ecc130
                                                                • Instruction ID: 608d9d2017a5d7b19515ce0c67050ccd5f93a9b6303f63d51233cd654da3ede0
                                                                • Opcode Fuzzy Hash: aec8cd0cee933ecde509f05ce2876ef0665e2777ff510d36c30bc53373ecc130
                                                                • Instruction Fuzzy Hash: D1313973A009614BEB61EF2DDE500BE37D95BD1688F15409BE8C1FB34AEA71CD4293A0
                                                                Function 01042F17 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 78windowlibraryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • SendMessageW.USER32(00000000,00000467,00000000,?), ref: 01042F8D
                                                                • LoadLibraryW.KERNEL32(?), ref: 01042F94
                                                                • SendMessageW.USER32(?,00000467,00000000,00000000), ref: 01042FA9
                                                                • DestroyWindow.USER32(?), ref: 01042FB1
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1653254072.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                • Associated: 00000000.00000002.1653140766.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653761657.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653855110.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                Similarity
                                                                • API ID: MessageSend$DestroyLibraryLoadWindow
                                                                • String ID: SysAnimate32
                                                                • API String ID: 3529120543-1011021900
                                                                • Opcode ID: 8bb910d8fda42157a4e7aecf6c59afce0c5dfa11506a949ae4825b9ec170e7e1
                                                                • Instruction ID: e5f58bf248f8c988e75e84680def7dc48fac58848e103cf87334c515215ebd48
                                                                • Opcode Fuzzy Hash: 8bb910d8fda42157a4e7aecf6c59afce0c5dfa11506a949ae4825b9ec170e7e1
                                                                • Instruction Fuzzy Hash: F121DEB1300209ABEB214E68ECC0EBB3BA9EB48364F504278FA90D2091C372EC419760
                                                                Function 00FD4D6D Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 38libraryloaderCOMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,?,00FD4D1E,00FE28E9,?,00FD4CBE,00FE28E9,010788B8,0000000C,00FD4E15,00FE28E9,00000002), ref: 00FD4D8D
                                                                • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 00FD4DA0
                                                                • FreeLibrary.KERNEL32(00000000,?,?,?,00FD4D1E,00FE28E9,?,00FD4CBE,00FE28E9,010788B8,0000000C,00FD4E15,00FE28E9,00000002,00000000), ref: 00FD4DC3
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1653254072.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                • Associated: 00000000.00000002.1653140766.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653761657.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653855110.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                Similarity
                                                                • API ID: AddressFreeHandleLibraryModuleProc
                                                                • String ID: CorExitProcess$mscoree.dll
                                                                • API String ID: 4061214504-1276376045
                                                                • Opcode ID: fd2d4744d1f2f205fbb063bd891fb5ffd138eff7392096b69adc96dd6a70a3fd
                                                                • Instruction ID: 44d3905c96a8fc9279102ac3059f8464e27b10b80c6d88ae12a1518c5b9483ad
                                                                • Opcode Fuzzy Hash: fd2d4744d1f2f205fbb063bd891fb5ffd138eff7392096b69adc96dd6a70a3fd
                                                                • Instruction Fuzzy Hash: 58F0A474901208BBEB219F90D949BAEBFB6EF04711F040059F845A2254CB355940DB90
                                                                Function 0100D3A0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 29libraryloaderCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • LoadLibraryA.KERNEL32 ref: 0100D3AD
                                                                • GetProcAddress.KERNEL32(00000000,GetSystemWow64DirectoryW), ref: 0100D3BF
                                                                • FreeLibrary.KERNEL32(00000000), ref: 0100D3E5
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1653254072.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                • Associated: 00000000.00000002.1653140766.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653761657.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653855110.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                Similarity
                                                                • API ID: Library$AddressFreeLoadProc
                                                                • String ID: GetSystemWow64DirectoryW$X64
                                                                • API String ID: 145871493-2590602151
                                                                • Opcode ID: 73ae6075cbdac3a0c9f2c299308600f1c15381370f6473e8facf2dbd82024cca
                                                                • Instruction ID: e0450fce7df5dea39510a0a89aa6de3335f4a0ccfa8e829dc27f37c822884234
                                                                • Opcode Fuzzy Hash: 73ae6075cbdac3a0c9f2c299308600f1c15381370f6473e8facf2dbd82024cca
                                                                • Instruction Fuzzy Hash: 48F0ECF6807511EBF77316D48EA8A5DB754AF21711F44C199F5C1F1089D730C94087B5
                                                                Function 00FB4E90 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 24libraryloaderCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • LoadLibraryA.KERNEL32(kernel32.dll,?,?,00FB4EDD,?,01081418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00FB4E9C
                                                                • GetProcAddress.KERNEL32(00000000,Wow64DisableWow64FsRedirection), ref: 00FB4EAE
                                                                • FreeLibrary.KERNEL32(00000000,?,?,00FB4EDD,?,01081418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00FB4EC0
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1653254072.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                • Associated: 00000000.00000002.1653140766.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653761657.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653855110.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                Similarity
                                                                • API ID: Library$AddressFreeLoadProc
                                                                • String ID: Wow64DisableWow64FsRedirection$kernel32.dll
                                                                • API String ID: 145871493-3689287502
                                                                • Opcode ID: ebaffc34eaad8f2c0c9734adf0a5ccaf7ffbabe9e7526935e2aa2b9f90ea895a
                                                                • Instruction ID: 51bf79ac5a5e4488bd8078d1b13a2dd845d1e316dab4edd1effd0882b044ca12
                                                                • Opcode Fuzzy Hash: ebaffc34eaad8f2c0c9734adf0a5ccaf7ffbabe9e7526935e2aa2b9f90ea895a
                                                                • Instruction Fuzzy Hash: F9E0CDB9E035225BF331172B6F58B9F7554AF82F72B050115FC40D6505DB75DC019AE1
                                                                Function 00FB4E59 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 22libraryloaderCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • LoadLibraryA.KERNEL32(kernel32.dll,?,?,00FF3CDE,?,01081418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00FB4E62
                                                                • GetProcAddress.KERNEL32(00000000,Wow64RevertWow64FsRedirection), ref: 00FB4E74
                                                                • FreeLibrary.KERNEL32(00000000,?,?,00FF3CDE,?,01081418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00FB4E87
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1653254072.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                • Associated: 00000000.00000002.1653140766.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653761657.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653855110.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                Similarity
                                                                • API ID: Library$AddressFreeLoadProc
                                                                • String ID: Wow64RevertWow64FsRedirection$kernel32.dll
                                                                • API String ID: 145871493-1355242751
                                                                • Opcode ID: 31cf329813335ee0eca06401c18e4f21ee5499bac5bb6de1107349626e6e0754
                                                                • Instruction ID: 0f59065571f85838a0c17b644b05936c576652ba6fcfde8c7ff69ba1bb04a6fc
                                                                • Opcode Fuzzy Hash: 31cf329813335ee0eca06401c18e4f21ee5499bac5bb6de1107349626e6e0754
                                                                • Instruction Fuzzy Hash: 6AD0C2B9D03A215767321B266B18ECB2B18AF82B213050124B840A6118CF26DD01EAE0
                                                                Function 01022947 Relevance: 7.8, APIs: 5, Instructions: 313fileCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • DeleteFileW.KERNEL32(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 01022C05
                                                                • DeleteFileW.KERNEL32(?), ref: 01022C87
                                                                • CopyFileW.KERNEL32(?,?,00000000,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001), ref: 01022C9D
                                                                • DeleteFileW.KERNEL32(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 01022CAE
                                                                • DeleteFileW.KERNEL32(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 01022CC0
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1653254072.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                • Associated: 00000000.00000002.1653140766.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653761657.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653855110.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                Similarity
                                                                • API ID: File$Delete$Copy
                                                                • String ID:
                                                                • API String ID: 3226157194-0
                                                                • Opcode ID: 489a2e29b9866b92eb48edd20b7422eead6675e97c075e357e40c1e2d3f0efb0
                                                                • Instruction ID: 4454a42e06dea6b9514a4008952dd099d8cebb6c2ede8040e1e97a1d5ac0ed35
                                                                • Opcode Fuzzy Hash: 489a2e29b9866b92eb48edd20b7422eead6675e97c075e357e40c1e2d3f0efb0
                                                                • Instruction Fuzzy Hash: EAB15D72900129ABDF21EBE4CD85EDEBBBDEF48350F1040A6F649A7141EA359A448F61
                                                                Function 0103A387 Relevance: 7.8, APIs: 5, Instructions: 256COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetCurrentProcessId.KERNEL32 ref: 0103A427
                                                                • OpenProcess.KERNEL32(00000410,00000000,00000000), ref: 0103A435
                                                                • GetProcessIoCounters.KERNEL32(00000000,?), ref: 0103A468
                                                                • CloseHandle.KERNEL32(?), ref: 0103A63D
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1653254072.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                • Associated: 00000000.00000002.1653140766.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653761657.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653855110.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                Similarity
                                                                • API ID: Process$CloseCountersCurrentHandleOpen
                                                                • String ID:
                                                                • API String ID: 3488606520-0
                                                                • Opcode ID: 68204b3ce922907274a5e7d884cfc15d711ee855e2aed5df39e3dab62a9ec821
                                                                • Instruction ID: b4d231edb12c41bf356f03f0b7ec0de7484956592c0ef9bc2e12fb439479d026
                                                                • Opcode Fuzzy Hash: 68204b3ce922907274a5e7d884cfc15d711ee855e2aed5df39e3dab62a9ec821
                                                                • Instruction Fuzzy Hash: 9CA1B071604301AFE720DF29C986F2AB7E5AF88714F14885CF59ADB2D2DB74EC418B91
                                                                Function 0101E3FB Relevance: 7.7, APIs: 5, Instructions: 167filestringCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 0101DDE0: GetFullPathNameW.KERNEL32(00000000,00007FFF,?,?,?,?,?,?,0101CF22,?), ref: 0101DDFD
                                                                  • Part of subcall function 0101DDE0: GetFullPathNameW.KERNEL32(?,00007FFF,?,?,?,?,?,0101CF22,?), ref: 0101DE16
                                                                  • Part of subcall function 0101E199: GetFileAttributesW.KERNEL32(?,0101CF95), ref: 0101E19A
                                                                • lstrcmpiW.KERNEL32(?,?), ref: 0101E473
                                                                • MoveFileW.KERNEL32(?,?), ref: 0101E4AC
                                                                • _wcslen.LIBCMT ref: 0101E5EB
                                                                • _wcslen.LIBCMT ref: 0101E603
                                                                • SHFileOperationW.SHELL32(?,?,?,?,?,?), ref: 0101E650
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1653254072.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                • Associated: 00000000.00000002.1653140766.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653761657.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653855110.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                Similarity
                                                                • API ID: File$FullNamePath_wcslen$AttributesMoveOperationlstrcmpi
                                                                • String ID:
                                                                • API String ID: 3183298772-0
                                                                • Opcode ID: 5a7465447527d08770c884198edf3b01354a444f1253889f5cc5ac1222a67d5b
                                                                • Instruction ID: 5f4361283c815b5b9d05ca07dfe232bd8fdc6c537d032ff015d0ea5050511f8d
                                                                • Opcode Fuzzy Hash: 5a7465447527d08770c884198edf3b01354a444f1253889f5cc5ac1222a67d5b
                                                                • Instruction Fuzzy Hash: D65180B24083459BD765EBA4DC809DF77ECAF84340F00491EEAC9D3145EE78E2888B66
                                                                Function 0103B9C9 Relevance: 7.7, APIs: 5, Instructions: 167registryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 00FB9CB3: _wcslen.LIBCMT ref: 00FB9CBD
                                                                  • Part of subcall function 0103C998: CharUpperBuffW.USER32(?,?,?,?,?,?,?,0103B6AE,?,?), ref: 0103C9B5
                                                                  • Part of subcall function 0103C998: _wcslen.LIBCMT ref: 0103C9F1
                                                                  • Part of subcall function 0103C998: _wcslen.LIBCMT ref: 0103CA68
                                                                  • Part of subcall function 0103C998: _wcslen.LIBCMT ref: 0103CA9E
                                                                • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 0103BAA5
                                                                • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 0103BB00
                                                                • RegEnumKeyExW.ADVAPI32(?,-00000001,?,?,00000000,00000000,00000000,?), ref: 0103BB63
                                                                • RegCloseKey.ADVAPI32(?,?), ref: 0103BBA6
                                                                • RegCloseKey.ADVAPI32(00000000), ref: 0103BBB3
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1653254072.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                • Associated: 00000000.00000002.1653140766.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653761657.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653855110.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                Similarity
                                                                • API ID: _wcslen$Close$BuffCharConnectEnumOpenRegistryUpper
                                                                • String ID:
                                                                • API String ID: 826366716-0
                                                                • Opcode ID: 88ad0ab6442e6e56ac83482c6223e44b2312b16c61c8ce568ddca4d5630be794
                                                                • Instruction ID: 9737f4aa2693c3230dcca1c2647a0d0e00168365656be521d3a32cfc0f401709
                                                                • Opcode Fuzzy Hash: 88ad0ab6442e6e56ac83482c6223e44b2312b16c61c8ce568ddca4d5630be794
                                                                • Instruction Fuzzy Hash: 7961B171208201AFD324DF14C890E6ABBE9FF84308F54859DF5998B292CB75ED45CB92
                                                                Function 01018BB0 Relevance: 7.7, APIs: 5, Instructions: 159COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • VariantInit.OLEAUT32(?), ref: 01018BCD
                                                                • VariantClear.OLEAUT32 ref: 01018C3E
                                                                • VariantClear.OLEAUT32 ref: 01018C9D
                                                                • VariantClear.OLEAUT32(?), ref: 01018D10
                                                                • VariantChangeType.OLEAUT32(?,?,00000000,00000013), ref: 01018D3B
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1653254072.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                • Associated: 00000000.00000002.1653140766.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653761657.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653855110.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                Similarity
                                                                • API ID: Variant$Clear$ChangeInitType
                                                                • String ID:
                                                                • API String ID: 4136290138-0
                                                                • Opcode ID: 8c8ad6e68ca53de36dc1a108329d98edd1d5c1f5157f5c7cd1a46d13dae8977c
                                                                • Instruction ID: 83822d41ba9070006524ba6143e1c7f7a4bbfdd74684e93a158bb5848bea2275
                                                                • Opcode Fuzzy Hash: 8c8ad6e68ca53de36dc1a108329d98edd1d5c1f5157f5c7cd1a46d13dae8977c
                                                                • Instruction Fuzzy Hash: 32515AB5A00219EFDB10DF68C884AAABBF4FF89310F05855AF945DB314E734EA11CB90
                                                                Function 01028AFB Relevance: 7.6, APIs: 5, Instructions: 143COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetPrivateProfileSectionW.KERNEL32(00000003,?,00007FFF,?), ref: 01028BAE
                                                                • GetPrivateProfileSectionW.KERNEL32(?,00000003,00000003,?), ref: 01028BDA
                                                                • WritePrivateProfileSectionW.KERNEL32(?,?,?), ref: 01028C32
                                                                • WritePrivateProfileStringW.KERNEL32(00000003,00000000,00000000,?), ref: 01028C57
                                                                • WritePrivateProfileStringW.KERNEL32(00000000,00000000,00000000,?), ref: 01028C5F
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1653254072.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                • Associated: 00000000.00000002.1653140766.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653761657.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653855110.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                Similarity
                                                                • API ID: PrivateProfile$SectionWrite$String
                                                                • String ID:
                                                                • API String ID: 2832842796-0
                                                                • Opcode ID: 5866773e09610134e04e7bf6995d9040b11d709fec766975a3f1b62a1334b9b0
                                                                • Instruction ID: 2e3660945fa76a481438edf7ffe869f6c9c1a40f017e24800eaab7697e8f92e2
                                                                • Opcode Fuzzy Hash: 5866773e09610134e04e7bf6995d9040b11d709fec766975a3f1b62a1334b9b0
                                                                • Instruction Fuzzy Hash: EF514B79A002199FDB11DF65C981AA9BBF5FF48314F088099E849AB362CB35ED41DF90
                                                                Function 01038EE4 Relevance: 7.6, APIs: 5, Instructions: 143libraryloaderCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • LoadLibraryW.KERNEL32(?,00000000,?), ref: 01038F40
                                                                • GetProcAddress.KERNEL32(00000000,?), ref: 01038FD0
                                                                • GetProcAddress.KERNEL32(00000000,00000000), ref: 01038FEC
                                                                • GetProcAddress.KERNEL32(00000000,?), ref: 01039032
                                                                • FreeLibrary.KERNEL32(00000000), ref: 01039052
                                                                  • Part of subcall function 00FCF6C9: WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,00000000,00000000,00000000,?,00000000,?,?,?,01021043,?,753CE610), ref: 00FCF6E6
                                                                  • Part of subcall function 00FCF6C9: WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,0100FA64,00000000,00000000,?,?,01021043,?,753CE610,?,0100FA64), ref: 00FCF70D
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1653254072.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                • Associated: 00000000.00000002.1653140766.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653761657.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653855110.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                Similarity
                                                                • API ID: AddressProc$ByteCharLibraryMultiWide$FreeLoad
                                                                • String ID:
                                                                • API String ID: 666041331-0
                                                                • Opcode ID: 6d19b787f82324122c33fbf11d36e4c8e6105112daa4689b62c93a436dc2bdd7
                                                                • Instruction ID: 3c772d0a1450ff8e27f9cbab838c6af8f36ab722ea68fd761b5871131c0a685a
                                                                • Opcode Fuzzy Hash: 6d19b787f82324122c33fbf11d36e4c8e6105112daa4689b62c93a436dc2bdd7
                                                                • Instruction Fuzzy Hash: A45136386052059FCB11DF68C4848ADBBF5FF89314B0881A9F94A9B362D775ED85CF90
                                                                Function 01046B76 Relevance: 7.6, APIs: 5, Instructions: 131windowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • SetWindowLongW.USER32(00000002,000000F0,?), ref: 01046C33
                                                                • SetWindowLongW.USER32(?,000000EC,?), ref: 01046C4A
                                                                • SendMessageW.USER32(00000002,00001036,00000000,?), ref: 01046C73
                                                                • ShowWindow.USER32(00000002,00000000,00000002,00000002,?,?,?,?,?,?,?,0102AB79,00000000,00000000), ref: 01046C98
                                                                • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000027,00000002,?,00000001,00000002,00000002,?,?,?), ref: 01046CC7
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1653254072.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                • Associated: 00000000.00000002.1653140766.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653761657.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653855110.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                Similarity
                                                                • API ID: Window$Long$MessageSendShow
                                                                • String ID:
                                                                • API String ID: 3688381893-0
                                                                • Opcode ID: fcb8ae65498d679613af6b2a9010fef793a5897c1f23b4c2f16ef4e9f6fb9453
                                                                • Instruction ID: cca5d27055173f08f7d4d5eacbb1b41431408c04abd391dc579bf53c94a2ccb6
                                                                • Opcode Fuzzy Hash: fcb8ae65498d679613af6b2a9010fef793a5897c1f23b4c2f16ef4e9f6fb9453
                                                                • Instruction Fuzzy Hash: 6B41A3B5A04108AFE724CE68C9D4BB97FA5EB0A350F0402B4E995A7291E372AD41CA84
                                                                Function 00FE2051 Relevance: 7.6, APIs: 5, Instructions: 129COMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1653254072.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                • Associated: 00000000.00000002.1653140766.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653761657.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653855110.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                Similarity
                                                                • API ID: _free
                                                                • String ID:
                                                                • API String ID: 269201875-0
                                                                • Opcode ID: 283de9b11c5b2c695ca1fa9cd06f0e88684e7f8d93bcfd33a1c8331056415b46
                                                                • Instruction ID: 1053e40fd09e2468c5e9aa521a116324e353b1e2989350a0398d8b6914507e52
                                                                • Opcode Fuzzy Hash: 283de9b11c5b2c695ca1fa9cd06f0e88684e7f8d93bcfd33a1c8331056415b46
                                                                • Instruction Fuzzy Hash: EB410632E002049FDB24DF79C981A5DB3F9EF89320F154569E615EB392E735AE01EB80
                                                                Function 00FC912D Relevance: 7.6, APIs: 5, Instructions: 121keyboardCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetCursorPos.USER32(?), ref: 00FC9141
                                                                • ScreenToClient.USER32(00000000,?), ref: 00FC915E
                                                                • GetAsyncKeyState.USER32(00000001), ref: 00FC9183
                                                                • GetAsyncKeyState.USER32(00000002), ref: 00FC919D
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1653254072.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                • Associated: 00000000.00000002.1653140766.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653761657.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653855110.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                Similarity
                                                                • API ID: AsyncState$ClientCursorScreen
                                                                • String ID:
                                                                • API String ID: 4210589936-0
                                                                • Opcode ID: 06fe3ddcdc5a26927dfbdab399915ef4b83bd238b9764d401b617be8afb2891a
                                                                • Instruction ID: c467531c8030bf65e00d505edbdaacbdaf608fd1a81f431669eeebf0efe6b137
                                                                • Opcode Fuzzy Hash: 06fe3ddcdc5a26927dfbdab399915ef4b83bd238b9764d401b617be8afb2891a
                                                                • Instruction Fuzzy Hash: 9141F571A0810BFBEF169F68C949BEEB7B1FF05320F104229E4A5A32D0C7746950CB91
                                                                Function 01023874 Relevance: 7.6, APIs: 5, Instructions: 101windowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetInputState.USER32 ref: 010238CB
                                                                • TranslateAcceleratorW.USER32(?,00000000,?), ref: 01023922
                                                                • TranslateMessage.USER32(?), ref: 0102394B
                                                                • DispatchMessageW.USER32(?), ref: 01023955
                                                                • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 01023966
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1653254072.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                • Associated: 00000000.00000002.1653140766.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653761657.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653855110.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                Similarity
                                                                • API ID: Message$Translate$AcceleratorDispatchInputPeekState
                                                                • String ID:
                                                                • API String ID: 2256411358-0
                                                                • Opcode ID: 0c2f25f26221b5239f9794758379a2098dc311e1259af87f9b6bc2b6d2872810
                                                                • Instruction ID: da1d66438be5ddba7e7a2e8b369c84ed6db954418d13105c78219a240c023d45
                                                                • Opcode Fuzzy Hash: 0c2f25f26221b5239f9794758379a2098dc311e1259af87f9b6bc2b6d2872810
                                                                • Instruction Fuzzy Hash: AD31A870608352EFFB75CB389549BBA3BE8BB0E304F044599D5D28A185D77E9085CB11
                                                                Function 01011901 Relevance: 7.6, APIs: 5, Instructions: 93sleepwindowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetWindowRect.USER32(?,?), ref: 01011915
                                                                • PostMessageW.USER32(00000001,00000201,00000001), ref: 010119C1
                                                                • Sleep.KERNEL32(00000000,?,?,?), ref: 010119C9
                                                                • PostMessageW.USER32(00000001,00000202,00000000), ref: 010119DA
                                                                • Sleep.KERNEL32(00000000,?,?,?,?), ref: 010119E2
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1653254072.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                • Associated: 00000000.00000002.1653140766.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653761657.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653855110.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                Similarity
                                                                • API ID: MessagePostSleep$RectWindow
                                                                • String ID:
                                                                • API String ID: 3382505437-0
                                                                • Opcode ID: 478831280b7458bbc6627850c36e28e15751e21e3a78a796f04f2b85170ff7b3
                                                                • Instruction ID: 40943751dba4e39aaa225a6e5c11af7b2ad9f48870a8284692758228738f6e81
                                                                • Opcode Fuzzy Hash: 478831280b7458bbc6627850c36e28e15751e21e3a78a796f04f2b85170ff7b3
                                                                • Instruction Fuzzy Hash: FE31D6B5900219EFDB14CFBCDA88ADE3BB6EB05315F004265FAB1A72D5C7749944CB90
                                                                Function 01045706 Relevance: 7.6, APIs: 5, Instructions: 82windowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • SendMessageW.USER32(?,00001053,000000FF,?), ref: 01045745
                                                                • SendMessageW.USER32(?,00001074,?,00000001), ref: 0104579D
                                                                • _wcslen.LIBCMT ref: 010457AF
                                                                • _wcslen.LIBCMT ref: 010457BA
                                                                • SendMessageW.USER32(?,00001002,00000000,?), ref: 01045816
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1653254072.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                • Associated: 00000000.00000002.1653140766.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653761657.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653855110.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                Similarity
                                                                • API ID: MessageSend$_wcslen
                                                                • String ID:
                                                                • API String ID: 763830540-0
                                                                • Opcode ID: cc7a12f8519fabe231e4e44bcd87be1c5228636f7ba6a8de1b72ead5f1e7cec6
                                                                • Instruction ID: 9e88f39083118262effc66851a01033b31d14a5d9b25e0983c1e28303b0324fc
                                                                • Opcode Fuzzy Hash: cc7a12f8519fabe231e4e44bcd87be1c5228636f7ba6a8de1b72ead5f1e7cec6
                                                                • Instruction Fuzzy Hash: 2321A5F59042189BEB20DF64DCC5AEE7BB8FF45324F008276EA99EA180D7749585CF50
                                                                Function 01030930 Relevance: 7.6, APIs: 5, Instructions: 69COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • IsWindow.USER32(00000000), ref: 01030951
                                                                • GetForegroundWindow.USER32 ref: 01030968
                                                                • GetDC.USER32(00000000), ref: 010309A4
                                                                • GetPixel.GDI32(00000000,?,00000003), ref: 010309B0
                                                                • ReleaseDC.USER32(00000000,00000003), ref: 010309E8
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1653254072.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                • Associated: 00000000.00000002.1653140766.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653761657.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653855110.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                Similarity
                                                                • API ID: Window$ForegroundPixelRelease
                                                                • String ID:
                                                                • API String ID: 4156661090-0
                                                                • Opcode ID: e6289f3c9f01a7ab1b5f4e25fd633c43bd2b67cf915ba4aaafd7d571879c9e8f
                                                                • Instruction ID: 9cb82b626d749192ca0b4854dc130e9716d407a08e040323c79e25b0c07f7cfd
                                                                • Opcode Fuzzy Hash: e6289f3c9f01a7ab1b5f4e25fd633c43bd2b67cf915ba4aaafd7d571879c9e8f
                                                                • Instruction Fuzzy Hash: 2321A179600214AFE714EF65C984AAEBBF9FF48710F048069F88A97355CB75AD04CB50
                                                                Function 00FECDBD Relevance: 7.6, APIs: 5, Instructions: 68COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetEnvironmentStringsW.KERNEL32 ref: 00FECDC6
                                                                • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00FECDE9
                                                                  • Part of subcall function 00FE3820: RtlAllocateHeap.NTDLL(00000000,?,01081444,?,00FCFDF5,?,?,00FBA976,00000010,01081440,00FB13FC,?,00FB13C6,?,00FB1129), ref: 00FE3852
                                                                • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,00000000,00000000), ref: 00FECE0F
                                                                • _free.LIBCMT ref: 00FECE22
                                                                • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 00FECE31
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1653254072.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                • Associated: 00000000.00000002.1653140766.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653761657.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653855110.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                Similarity
                                                                • API ID: ByteCharEnvironmentMultiStringsWide$AllocateFreeHeap_free
                                                                • String ID:
                                                                • API String ID: 336800556-0
                                                                • Opcode ID: 308f23fdc4906bae297b1ccb799b694296f3a4b2d747c9fdef5a7fe1fe952514
                                                                • Instruction ID: 21de6e8f16a5abd808928883055a3ead8dec81bc37c6a25ac1378e7e44e924f2
                                                                • Opcode Fuzzy Hash: 308f23fdc4906bae297b1ccb799b694296f3a4b2d747c9fdef5a7fe1fe952514
                                                                • Instruction Fuzzy Hash: 4601D4B3A022957F333116BB6D8CD7F796DDEC6FA13150129F905D7200EA668E02A2F0
                                                                Function 00FC9639 Relevance: 7.6, APIs: 5, Instructions: 66COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,00000000), ref: 00FC9693
                                                                • SelectObject.GDI32(?,00000000), ref: 00FC96A2
                                                                • BeginPath.GDI32(?), ref: 00FC96B9
                                                                • SelectObject.GDI32(?,00000000), ref: 00FC96E2
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1653254072.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                • Associated: 00000000.00000002.1653140766.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653761657.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653855110.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                Similarity
                                                                • API ID: ObjectSelect$BeginCreatePath
                                                                • String ID:
                                                                • API String ID: 3225163088-0
                                                                • Opcode ID: 06705fd9a312e242498687109d6864996a3b02750efe167ce9909fbc740f04d9
                                                                • Instruction ID: ab1cb4fcb52671d1f6ab78aeed4d9631981cc546092d1df45ade9bc254bc9276
                                                                • Opcode Fuzzy Hash: 06705fd9a312e242498687109d6864996a3b02750efe167ce9909fbc740f04d9
                                                                • Instruction Fuzzy Hash: 4C21C87181A306EFEB218F54DA49BAD3BA4BF11325F104259F4D0A21D4D3BA5842EF90
                                                                Function 01015711 Relevance: 7.6, APIs: 5, Instructions: 61COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1653254072.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                • Associated: 00000000.00000002.1653140766.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653761657.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653855110.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                Similarity
                                                                • API ID: _memcmp
                                                                • String ID:
                                                                • API String ID: 2931989736-0
                                                                • Opcode ID: 31e1d3f47b920e14478b1b1280091b21bde65470cf494c26e0368a933880c243
                                                                • Instruction ID: 448d6f49243765a30458e43e1ace726a7ca37bf6aabd352da39dae62248e572d
                                                                • Opcode Fuzzy Hash: 31e1d3f47b920e14478b1b1280091b21bde65470cf494c26e0368a933880c243
                                                                • Instruction Fuzzy Hash: BD01B5E564120ABBE2485519AE83FBB739DBB923A4F044025FD849E206F768ED1096E4
                                                                Function 00FE2DF8 Relevance: 7.6, APIs: 5, Instructions: 53COMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                • GetLastError.KERNEL32(?,?,?,00FDF2DE,00FE3863,01081444,?,00FCFDF5,?,?,00FBA976,00000010,01081440,00FB13FC,?,00FB13C6), ref: 00FE2DFD
                                                                • _free.LIBCMT ref: 00FE2E32
                                                                • _free.LIBCMT ref: 00FE2E59
                                                                • SetLastError.KERNEL32(00000000,00FB1129), ref: 00FE2E66
                                                                • SetLastError.KERNEL32(00000000,00FB1129), ref: 00FE2E6F
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1653254072.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                • Associated: 00000000.00000002.1653140766.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653761657.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653855110.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                Similarity
                                                                • API ID: ErrorLast$_free
                                                                • String ID:
                                                                • API String ID: 3170660625-0
                                                                • Opcode ID: 6ff1ea1851743f2391edf07d6d4ad92cb354f4ca777403de0faf81d91c6645c4
                                                                • Instruction ID: c5791446151eb6b777cc0111172de7e30ebff2364528751ed2b2b2d77e2c9436
                                                                • Opcode Fuzzy Hash: 6ff1ea1851743f2391edf07d6d4ad92cb354f4ca777403de0faf81d91c6645c4
                                                                • Instruction Fuzzy Hash: 49017D779066D027D76226376D8AD2F376DABC1371B354028F490A3186FF3D8C007120
                                                                Function 0101000E Relevance: 7.5, APIs: 5, Instructions: 47stringCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • CLSIDFromProgID.OLE32(?,?,?,00000000,?,?,?,-C000001E,00000001,?,0100FF41,80070057,?,?,?,0101035E), ref: 0101002B
                                                                • ProgIDFromCLSID.OLE32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,0100FF41,80070057,?,?), ref: 01010046
                                                                • lstrcmpiW.KERNEL32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,0100FF41,80070057,?,?), ref: 01010054
                                                                • CoTaskMemFree.OLE32(00000000,?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,0100FF41,80070057,?), ref: 01010064
                                                                • CLSIDFromString.OLE32(?,?,?,?,?,00000000,?,?,?,-C000001E,00000001,?,0100FF41,80070057,?,?), ref: 01010070
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1653254072.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                • Associated: 00000000.00000002.1653140766.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653761657.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653855110.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                Similarity
                                                                • API ID: From$Prog$FreeStringTasklstrcmpi
                                                                • String ID:
                                                                • API String ID: 3897988419-0
                                                                • Opcode ID: ab98307055b3c1e37b0cc5fb9aef048be43f49bb54f51ced3ce4e3f3798b5dc8
                                                                • Instruction ID: dece58df05c3487851917972a6b0bd671fc611965d8f58cab49534219908aa04
                                                                • Opcode Fuzzy Hash: ab98307055b3c1e37b0cc5fb9aef048be43f49bb54f51ced3ce4e3f3798b5dc8
                                                                • Instruction Fuzzy Hash: F50184B6601205BFFB214F68DD44BAA7EEDEB44661F144118F9C5D2208E77ADA808760
                                                                Function 0101E97B Relevance: 7.5, APIs: 5, Instructions: 47sleepCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • QueryPerformanceCounter.KERNEL32(?), ref: 0101E997
                                                                • QueryPerformanceFrequency.KERNEL32(?), ref: 0101E9A5
                                                                • Sleep.KERNEL32(00000000), ref: 0101E9AD
                                                                • QueryPerformanceCounter.KERNEL32(?), ref: 0101E9B7
                                                                • Sleep.KERNEL32 ref: 0101E9F3
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1653254072.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                • Associated: 00000000.00000002.1653140766.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653761657.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653855110.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                Similarity
                                                                • API ID: PerformanceQuery$CounterSleep$Frequency
                                                                • String ID:
                                                                • API String ID: 2833360925-0
                                                                • Opcode ID: afca01d70249ca72f991e66c4cf54544a69984cbe60a5311f55888fd93b232f7
                                                                • Instruction ID: 2a9f290ffaf862957a4b7d1b86dc26d1b5361b57c2383d1adefc37ac19497064
                                                                • Opcode Fuzzy Hash: afca01d70249ca72f991e66c4cf54544a69984cbe60a5311f55888fd93b232f7
                                                                • Instruction Fuzzy Hash: 01018775C0262DDBDF51ABE4DA88AEDBB79BF09700F000546E982B2248CB3995408BA1
                                                                Function 010110F9 Relevance: 7.5, APIs: 5, Instructions: 46memoryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetUserObjectSecurity.USER32(?,00000004,?,00000000,?), ref: 01011114
                                                                • GetLastError.KERNEL32(?,00000000,00000000,?,?,01010B9B,?,?,?), ref: 01011120
                                                                • GetProcessHeap.KERNEL32(00000008,?,?,00000000,00000000,?,?,01010B9B,?,?,?), ref: 0101112F
                                                                • HeapAlloc.KERNEL32(00000000,?,00000000,00000000,?,?,01010B9B,?,?,?), ref: 01011136
                                                                • GetUserObjectSecurity.USER32(?,00000004,00000000,?,?), ref: 0101114D
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1653254072.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                • Associated: 00000000.00000002.1653140766.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653761657.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653855110.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                Similarity
                                                                • API ID: HeapObjectSecurityUser$AllocErrorLastProcess
                                                                • String ID:
                                                                • API String ID: 842720411-0
                                                                • Opcode ID: 57aa965f784cfa577d9ef4f5ffb07deab41dbcf2bf4a240ba16c8c789941a1bd
                                                                • Instruction ID: 333897b95f0d887bcb6831679c31ccce2f351feb8608202d7c9c8918e86551a9
                                                                • Opcode Fuzzy Hash: 57aa965f784cfa577d9ef4f5ffb07deab41dbcf2bf4a240ba16c8c789941a1bd
                                                                • Instruction Fuzzy Hash: 000181B9101205BFEB654FA9DE89E6A3FAEFF86264B100454FA81C3354DB36DC008B60
                                                                Function 01010FB4 Relevance: 7.5, APIs: 5, Instructions: 43memoryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetTokenInformation.ADVAPI32(?,00000002,?,00000000,?), ref: 01010FCA
                                                                • GetLastError.KERNEL32(?,00000002,?,00000000,?), ref: 01010FD6
                                                                • GetProcessHeap.KERNEL32(00000008,?,?,00000002,?,00000000,?), ref: 01010FE5
                                                                • HeapAlloc.KERNEL32(00000000,?,00000002,?,00000000,?), ref: 01010FEC
                                                                • GetTokenInformation.ADVAPI32(?,00000002,00000000,?,?,?,00000002,?,00000000,?), ref: 01011002
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1653254072.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                • Associated: 00000000.00000002.1653140766.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653761657.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653855110.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                Similarity
                                                                • API ID: HeapInformationToken$AllocErrorLastProcess
                                                                • String ID:
                                                                • API String ID: 44706859-0
                                                                • Opcode ID: 07ad69463d69f417952cde7d7b35cf253099c3f2e1d46745bafd59d6122e0f87
                                                                • Instruction ID: 27bfed43911b5bd3f74573274e421429d554c878795f51d80de5bc58fb20fdfb
                                                                • Opcode Fuzzy Hash: 07ad69463d69f417952cde7d7b35cf253099c3f2e1d46745bafd59d6122e0f87
                                                                • Instruction Fuzzy Hash: 8CF0C279202301ABE7220FA8DE8DF563FADEF8A762F100414FA85C7244CA79D8408B60
                                                                Function 01011014 Relevance: 7.5, APIs: 5, Instructions: 43memoryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),?,00000000,?), ref: 0101102A
                                                                • GetLastError.KERNEL32(?,TokenIntegrityLevel,?,00000000,?), ref: 01011036
                                                                • GetProcessHeap.KERNEL32(00000008,?,?,TokenIntegrityLevel,?,00000000,?), ref: 01011045
                                                                • HeapAlloc.KERNEL32(00000000,?,TokenIntegrityLevel,?,00000000,?), ref: 0101104C
                                                                • GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),00000000,?,?,?,TokenIntegrityLevel,?,00000000,?), ref: 01011062
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1653254072.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                • Associated: 00000000.00000002.1653140766.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653761657.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653855110.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                Similarity
                                                                • API ID: HeapInformationToken$AllocErrorLastProcess
                                                                • String ID:
                                                                • API String ID: 44706859-0
                                                                • Opcode ID: 8d5d579ffc416dbfde319c9c88d1fd74278e1046b01a451d644cdd6fdbacfd96
                                                                • Instruction ID: 0599b31e41b9c09aaa38d150de413419c0f66d92b56fa6db8695b1f576a21d5a
                                                                • Opcode Fuzzy Hash: 8d5d579ffc416dbfde319c9c88d1fd74278e1046b01a451d644cdd6fdbacfd96
                                                                • Instruction Fuzzy Hash: D2F0C279202301ABE7221FA9EE88F563FADEF8A661F100414FA85C7244CA79D850CB60
                                                                Function 0102030F Relevance: 7.5, APIs: 6, Instructions: 41COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • CloseHandle.KERNEL32(?,?,?,?,0102017D,?,010232FC,?,00000001,00FF2592,?), ref: 01020324
                                                                • CloseHandle.KERNEL32(?,?,?,?,0102017D,?,010232FC,?,00000001,00FF2592,?), ref: 01020331
                                                                • CloseHandle.KERNEL32(?,?,?,?,0102017D,?,010232FC,?,00000001,00FF2592,?), ref: 0102033E
                                                                • CloseHandle.KERNEL32(?,?,?,?,0102017D,?,010232FC,?,00000001,00FF2592,?), ref: 0102034B
                                                                • CloseHandle.KERNEL32(?,?,?,?,0102017D,?,010232FC,?,00000001,00FF2592,?), ref: 01020358
                                                                • CloseHandle.KERNEL32(?,?,?,?,0102017D,?,010232FC,?,00000001,00FF2592,?), ref: 01020365
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1653254072.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                • Associated: 00000000.00000002.1653140766.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653761657.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653855110.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                Similarity
                                                                • API ID: CloseHandle
                                                                • String ID:
                                                                • API String ID: 2962429428-0
                                                                • Opcode ID: 64f8dee81ae23c19a6d5160a6bcc37c6f70c054d3f6b045d0a016da3db98f83c
                                                                • Instruction ID: 40a4cc1a6049d10d24ad5951ffec8dfcff62583fcbbd422ba3f66ce0ea8ce3e3
                                                                • Opcode Fuzzy Hash: 64f8dee81ae23c19a6d5160a6bcc37c6f70c054d3f6b045d0a016da3db98f83c
                                                                • Instruction Fuzzy Hash: AF019072801B259FD7309F6AD880413FBF9BE502153158A7EE29652931C371A954CF80
                                                                Function 00FED73A Relevance: 7.5, APIs: 5, Instructions: 40COMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                • _free.LIBCMT ref: 00FED752
                                                                  • Part of subcall function 00FE29C8: RtlFreeHeap.NTDLL(00000000,00000000,?,00FED7D1,00000000,00000000,00000000,00000000,?,00FED7F8,00000000,00000007,00000000,?,00FEDBF5,00000000), ref: 00FE29DE
                                                                  • Part of subcall function 00FE29C8: GetLastError.KERNEL32(00000000,?,00FED7D1,00000000,00000000,00000000,00000000,?,00FED7F8,00000000,00000007,00000000,?,00FEDBF5,00000000,00000000), ref: 00FE29F0
                                                                • _free.LIBCMT ref: 00FED764
                                                                • _free.LIBCMT ref: 00FED776
                                                                • _free.LIBCMT ref: 00FED788
                                                                • _free.LIBCMT ref: 00FED79A
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1653254072.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                • Associated: 00000000.00000002.1653140766.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653761657.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653855110.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                Similarity
                                                                • API ID: _free$ErrorFreeHeapLast
                                                                • String ID:
                                                                • API String ID: 776569668-0
                                                                • Opcode ID: d5e29d051c6813dccb64224551096c2fba74a0f458b32da4f0ad00f5017d8151
                                                                • Instruction ID: f0d8279ca24b0af2952dea27763cb8e26bf14f6d34095ef47fed61ee0a63367c
                                                                • Opcode Fuzzy Hash: d5e29d051c6813dccb64224551096c2fba74a0f458b32da4f0ad00f5017d8151
                                                                • Instruction Fuzzy Hash: 45F06832D002896B86A5EB5AF9C6C1A77EDBB04330B951809F084E7906D73DFC406761
                                                                Function 01015C44 Relevance: 7.5, APIs: 5, Instructions: 40windowtimeCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetDlgItem.USER32(?,000003E9), ref: 01015C58
                                                                • GetWindowTextW.USER32(00000000,?,00000100), ref: 01015C6F
                                                                • MessageBeep.USER32(00000000), ref: 01015C87
                                                                • KillTimer.USER32(?,0000040A), ref: 01015CA3
                                                                • EndDialog.USER32(?,00000001), ref: 01015CBD
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1653254072.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                • Associated: 00000000.00000002.1653140766.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653761657.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653855110.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                Similarity
                                                                • API ID: BeepDialogItemKillMessageTextTimerWindow
                                                                • String ID:
                                                                • API String ID: 3741023627-0
                                                                • Opcode ID: c45e835be2edc8084b2d932e572713b4db6ebbf9efc7ebe4e2b605fa34fd2c90
                                                                • Instruction ID: 732f77264bd3464e83097232c9096bfdde9213b8dd0a7adbe890caf41f5d3e4e
                                                                • Opcode Fuzzy Hash: c45e835be2edc8084b2d932e572713b4db6ebbf9efc7ebe4e2b605fa34fd2c90
                                                                • Instruction Fuzzy Hash: 4901A274501708AFFB305F10DF8EFA67BB8BB45B05F040299A6C2A50D5DBF9A9848B90
                                                                Function 00FE22A0 Relevance: 7.5, APIs: 5, Instructions: 30COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • _free.LIBCMT ref: 00FE22BE
                                                                  • Part of subcall function 00FE29C8: RtlFreeHeap.NTDLL(00000000,00000000,?,00FED7D1,00000000,00000000,00000000,00000000,?,00FED7F8,00000000,00000007,00000000,?,00FEDBF5,00000000), ref: 00FE29DE
                                                                  • Part of subcall function 00FE29C8: GetLastError.KERNEL32(00000000,?,00FED7D1,00000000,00000000,00000000,00000000,?,00FED7F8,00000000,00000007,00000000,?,00FEDBF5,00000000,00000000), ref: 00FE29F0
                                                                • _free.LIBCMT ref: 00FE22D0
                                                                • _free.LIBCMT ref: 00FE22E3
                                                                • _free.LIBCMT ref: 00FE22F4
                                                                • _free.LIBCMT ref: 00FE2305
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1653254072.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                • Associated: 00000000.00000002.1653140766.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653761657.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653855110.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                Similarity
                                                                • API ID: _free$ErrorFreeHeapLast
                                                                • String ID:
                                                                • API String ID: 776569668-0
                                                                • Opcode ID: fbc1f1e344200b0094c6a67e3d0c3aaeb9fe4dabcca6a32c65794dedcaaea052
                                                                • Instruction ID: a558ab96f0b13fbb97a2cbadfe401c3a66f5fd483dfc59f3eee53406c8b51020
                                                                • Opcode Fuzzy Hash: fbc1f1e344200b0094c6a67e3d0c3aaeb9fe4dabcca6a32c65794dedcaaea052
                                                                • Instruction Fuzzy Hash: D5F030B18041558B97B2AF59F80280C3B78BB187707015506F4D0D626FD73E1412BBA6
                                                                Function 00FC95C5 Relevance: 7.5, APIs: 5, Instructions: 29COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • EndPath.GDI32(?), ref: 00FC95D4
                                                                • StrokeAndFillPath.GDI32(?,?,010071F7,00000000,?,?,?), ref: 00FC95F0
                                                                • SelectObject.GDI32(?,00000000), ref: 00FC9603
                                                                • DeleteObject.GDI32 ref: 00FC9616
                                                                • StrokePath.GDI32(?), ref: 00FC9631
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1653254072.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                • Associated: 00000000.00000002.1653140766.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653761657.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653855110.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                Similarity
                                                                • API ID: Path$ObjectStroke$DeleteFillSelect
                                                                • String ID:
                                                                • API String ID: 2625713937-0
                                                                • Opcode ID: dc17992c7443122473d604b016ef1bbaba73f3ce86d360cba076d7db1bd2a205
                                                                • Instruction ID: be57289b4585dc9a5aa08c7a0f0d184672a38b70cf70c542f58deb5c21d6d752
                                                                • Opcode Fuzzy Hash: dc17992c7443122473d604b016ef1bbaba73f3ce86d360cba076d7db1bd2a205
                                                                • Instruction Fuzzy Hash: ACF03C3540E605AFEB365F65EB4DB683B61AB11332F048218F4E5550F8CB7A8992EF20
                                                                Function 00FE0F47 Relevance: 7.4, APIs: 2, Strings: 2, Instructions: 389COMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1653254072.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                • Associated: 00000000.00000002.1653140766.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653761657.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653855110.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                Similarity
                                                                • API ID: __freea$_free
                                                                • String ID: a/p$am/pm
                                                                • API String ID: 3432400110-3206640213
                                                                • Opcode ID: 3d75d5e5e11928e224e1d053e2116617f478c4f0840e90207e41e9a87e89bd1a
                                                                • Instruction ID: c84eeb388d7708f3e9ef833935927d09957751602a5b1e542a24c37c398d0b66
                                                                • Opcode Fuzzy Hash: 3d75d5e5e11928e224e1d053e2116617f478c4f0840e90207e41e9a87e89bd1a
                                                                • Instruction Fuzzy Hash: 3FD10572D00286CEDB249F6BC845BFEB7B5FF05320F28015AEA019B654D7799D80EB91
                                                                Function 01037B7E Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 230COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 00FD0242: EnterCriticalSection.KERNEL32(0108070C,01081884,?,?,00FC198B,01082518,?,?,?,00FB12F9,00000000), ref: 00FD024D
                                                                  • Part of subcall function 00FD0242: LeaveCriticalSection.KERNEL32(0108070C,?,00FC198B,01082518,?,?,?,00FB12F9,00000000), ref: 00FD028A
                                                                  • Part of subcall function 00FB9CB3: _wcslen.LIBCMT ref: 00FB9CBD
                                                                  • Part of subcall function 00FD00A3: __onexit.LIBCMT ref: 00FD00A9
                                                                • __Init_thread_footer.LIBCMT ref: 01037BFB
                                                                  • Part of subcall function 00FD01F8: EnterCriticalSection.KERNEL32(0108070C,?,?,00FC8747,01082514), ref: 00FD0202
                                                                  • Part of subcall function 00FD01F8: LeaveCriticalSection.KERNEL32(0108070C,?,00FC8747,01082514), ref: 00FD0235
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1653254072.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                • Associated: 00000000.00000002.1653140766.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653761657.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653855110.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                Similarity
                                                                • API ID: CriticalSection$EnterLeave$Init_thread_footer__onexit_wcslen
                                                                • String ID: 5$G$Variable must be of type 'Object'.
                                                                • API String ID: 535116098-3733170431
                                                                • Opcode ID: 83bc25581aeb254d0e64c372387c6e1b0232727867b06bef962b5e45a1c0d2c3
                                                                • Instruction ID: 3a37d04a0058e8654379e2a6c8133dd272efdd2757421b0a5ec0089a7569f5f5
                                                                • Opcode Fuzzy Hash: 83bc25581aeb254d0e64c372387c6e1b0232727867b06bef962b5e45a1c0d2c3
                                                                • Instruction Fuzzy Hash: 8B918FB1A00209EFCB05EF59D894DADB7B9FF89300F14809DF9865B252DB71AE41CB51
                                                                Function 01012716 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 121windowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 0101B403: WriteProcessMemory.KERNEL32(?,?,?,00000000,00000000,00000000,?,010121D0,?,?,00000034,00000800,?,00000034), ref: 0101B42D
                                                                • SendMessageW.USER32(?,00001104,00000000,00000000), ref: 01012760
                                                                  • Part of subcall function 0101B3CE: ReadProcessMemory.KERNEL32(?,?,?,00000000,00000000,00000000,?,010121FF,?,?,00000800,?,00001073,00000000,?,?), ref: 0101B3F8
                                                                  • Part of subcall function 0101B32A: GetWindowThreadProcessId.USER32(?,?), ref: 0101B355
                                                                  • Part of subcall function 0101B32A: OpenProcess.KERNEL32(00000438,00000000,?,?,?,01012194,00000034,?,?,00001004,00000000,00000000), ref: 0101B365
                                                                  • Part of subcall function 0101B32A: VirtualAllocEx.KERNEL32(00000000,00000000,?,00001000,00000004,?,?,01012194,00000034,?,?,00001004,00000000,00000000), ref: 0101B37B
                                                                • SendMessageW.USER32(?,00001111,00000000,00000000), ref: 010127CD
                                                                • SendMessageW.USER32(?,00001111,00000000,00000000), ref: 0101281A
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1653254072.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                • Associated: 00000000.00000002.1653140766.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653761657.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653855110.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                Similarity
                                                                • API ID: Process$MessageSend$Memory$AllocOpenReadThreadVirtualWindowWrite
                                                                • String ID: @
                                                                • API String ID: 4150878124-2766056989
                                                                • Opcode ID: 5cde73fc3d4a3de9f1c99f97438ae22a11d4d8e49ad0fd1f6a6dcb88e4b97657
                                                                • Instruction ID: f5648bea0781aeeed60c642b3a35b16865f0275fac73a8c3f7e0eb61bf008d6d
                                                                • Opcode Fuzzy Hash: 5cde73fc3d4a3de9f1c99f97438ae22a11d4d8e49ad0fd1f6a6dcb88e4b97657
                                                                • Instruction Fuzzy Hash: C3416D76901218BFDB10DFA4CD81AEEBBB8EF19300F108095FA95B7184DB746E45CBA0
                                                                Function 00FE172E Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 115COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetModuleFileNameW.KERNEL32(00000000,C:\Users\user\Desktop\file.exe,00000104), ref: 00FE1769
                                                                • _free.LIBCMT ref: 00FE1834
                                                                • _free.LIBCMT ref: 00FE183E
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1653254072.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                • Associated: 00000000.00000002.1653140766.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653761657.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653855110.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                Similarity
                                                                • API ID: _free$FileModuleName
                                                                • String ID: C:\Users\user\Desktop\file.exe
                                                                • API String ID: 2506810119-1957095476
                                                                • Opcode ID: 8151b9ae01661c8fdf1b11ee61e0ebcc1dfb628abcd007fbf6a5c519a4671bc0
                                                                • Instruction ID: 4acbcabbab70fbd1ffa08fe17ec52006fa3107d644b95c9b8de53c1d90ed9702
                                                                • Opcode Fuzzy Hash: 8151b9ae01661c8fdf1b11ee61e0ebcc1dfb628abcd007fbf6a5c519a4671bc0
                                                                • Instruction Fuzzy Hash: 01318F71E04298AFDB21DF9B9C81D9EBBBCFF85720B144166F84497201D6748E41EB90
                                                                Function 0101C27D Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 114windowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetMenuItemInfoW.USER32(00000004,00000000,00000000,?), ref: 0101C306
                                                                • DeleteMenu.USER32(?,00000007,00000000), ref: 0101C34C
                                                                • DeleteMenu.USER32(?,00000000,00000000,?,00000000,00000000,01081990,00A65840), ref: 0101C395
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1653254072.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                • Associated: 00000000.00000002.1653140766.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653761657.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653855110.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                Similarity
                                                                • API ID: Menu$Delete$InfoItem
                                                                • String ID: 0
                                                                • API String ID: 135850232-4108050209
                                                                • Opcode ID: a61c69256397a6119006a8c39c751b137182ee7544639a4cac86ade8ee5a6bfb
                                                                • Instruction ID: 052782f96603d52affeb3d27c2bf2775e737b76a5cb952b904eb725e1441cf49
                                                                • Opcode Fuzzy Hash: a61c69256397a6119006a8c39c751b137182ee7544639a4cac86ade8ee5a6bfb
                                                                • Instruction Fuzzy Hash: F141E3712443029FE724DF29D984B5ABBE8AF85310F04865EF9E5972C5D738E604CB52
                                                                Function 01044416 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 106COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • SetWindowPos.USER32(00000000,00000000,00000000,00000000,00000000,00000000,00000013,?,?,SysTreeView32,0104CC08,00000000,?,?,?,?), ref: 010444AA
                                                                • GetWindowLongW.USER32 ref: 010444C7
                                                                • SetWindowLongW.USER32(?,000000F0,00000000), ref: 010444D7
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1653254072.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                • Associated: 00000000.00000002.1653140766.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653761657.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653855110.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                Similarity
                                                                • API ID: Window$Long
                                                                • String ID: SysTreeView32
                                                                • API String ID: 847901565-1698111956
                                                                • Opcode ID: 5c34f54e81bfe6553d8fa222da00573a77f8d23fbae6a1f3f36145cb8d85b0b6
                                                                • Instruction ID: 56cbe57524a927eadbe5668ee3af0e9efb6ac562c893c36c015e7aaac0e7624c
                                                                • Opcode Fuzzy Hash: 5c34f54e81bfe6553d8fa222da00573a77f8d23fbae6a1f3f36145cb8d85b0b6
                                                                • Instruction Fuzzy Hash: 3631C2B1210205AFEF618E38DC85BDA7BA9EB48334F208725F9B5D21D1DB74E8509B50
                                                                Function 0103304E Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 90networkCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 0103335B: WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,00000000,00000000,00000000,?,?,?,?,?,01033077,?,?), ref: 01033378
                                                                • inet_addr.WSOCK32(?,?,?,?,?,00000000), ref: 0103307A
                                                                • _wcslen.LIBCMT ref: 0103309B
                                                                • htons.WSOCK32(00000000,?,?,00000000), ref: 01033106
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1653254072.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                • Associated: 00000000.00000002.1653140766.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653761657.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653855110.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                Similarity
                                                                • API ID: ByteCharMultiWide_wcslenhtonsinet_addr
                                                                • String ID: 255.255.255.255
                                                                • API String ID: 946324512-2422070025
                                                                • Opcode ID: 051b0f2e343f47c66653f4f92fd7aaeaecff85380191772714189ea91d0bd695
                                                                • Instruction ID: aa9b8729c29bf2652f247288ee4762b6a50ec7847b19a4799f8bca5e3ebaa419
                                                                • Opcode Fuzzy Hash: 051b0f2e343f47c66653f4f92fd7aaeaecff85380191772714189ea91d0bd695
                                                                • Instruction Fuzzy Hash: 9E31D2396042019FD720CF2DC5D5AAABBF8FF94318F148099E9968F392DB76E941C760
                                                                Function 01043EB8 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 89windowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • SendMessageW.USER32(00000000,00001009,00000000,?), ref: 01043F40
                                                                • SetWindowPos.USER32(?,00000000,?,?,?,?,00000004), ref: 01043F54
                                                                • SendMessageW.USER32(?,00001002,00000000,?), ref: 01043F78
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1653254072.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                • Associated: 00000000.00000002.1653140766.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653761657.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653855110.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                Similarity
                                                                • API ID: MessageSend$Window
                                                                • String ID: SysMonthCal32
                                                                • API String ID: 2326795674-1439706946
                                                                • Opcode ID: f3f12b4295c68ed347795d6f4bae933477ff948da38d140ea5f89aeb0332aacb
                                                                • Instruction ID: 8b9672f1161d6df49e66161699c3febececa679febb5f87a5efe870e63141690
                                                                • Opcode Fuzzy Hash: f3f12b4295c68ed347795d6f4bae933477ff948da38d140ea5f89aeb0332aacb
                                                                • Instruction Fuzzy Hash: 4821B172600229BFEF229E54CC86FEA3BB5FF48714F111154FE95AB1C0D6B5A8508B90
                                                                Function 01044653 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 87windowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • SendMessageW.USER32(00000000,00000469,?,00000000), ref: 01044705
                                                                • SendMessageW.USER32(00000000,00000465,00000000,80017FFF), ref: 01044713
                                                                • DestroyWindow.USER32(00000000,00000000,?,?,?,00000000,msctls_updown32,00000000,00000000,00000000,00000000,00000000,00000000,?,?,00000000), ref: 0104471A
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1653254072.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                • Associated: 00000000.00000002.1653140766.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653761657.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653855110.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                Similarity
                                                                • API ID: MessageSend$DestroyWindow
                                                                • String ID: msctls_updown32
                                                                • API String ID: 4014797782-2298589950
                                                                • Opcode ID: 49575626c6157dbb88810cf23a6a5187d3864a07e3350d81750c86381f3b048f
                                                                • Instruction ID: 102564006b4a2f49e6dff30bd519149455adabcaa6d26d98493783e48cb7a8f0
                                                                • Opcode Fuzzy Hash: 49575626c6157dbb88810cf23a6a5187d3864a07e3350d81750c86381f3b048f
                                                                • Instruction Fuzzy Hash: 44211BB5600209AFEB11DF68DCC1DAA37ADEF4A294B040499FA94DB251CA75EC12DB60
                                                                Function 010195AD Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 85COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1653254072.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                • Associated: 00000000.00000002.1653140766.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653761657.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653855110.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                Similarity
                                                                • API ID: _wcslen
                                                                • String ID: #OnAutoItStartRegister$#notrayicon$#requireadmin
                                                                • API String ID: 176396367-2734436370
                                                                • Opcode ID: 838385dd0fa304d598abada6d9c2ec9f7821f866e9146384770e9a57aefb263a
                                                                • Instruction ID: ebc85b98bbcd5a199ba6b4f68e74056dd24b19ac0dd925254f6e0ea7e610d594
                                                                • Opcode Fuzzy Hash: 838385dd0fa304d598abada6d9c2ec9f7821f866e9146384770e9a57aefb263a
                                                                • Instruction Fuzzy Hash: A521A07210421167E331BB2D9C22FBB73DD9F95308F05442AFAC597146EB5CA941D3E1
                                                                Function 010437B7 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84windowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • SendMessageW.USER32(00000000,00000180,00000000,?), ref: 01043840
                                                                • SendMessageW.USER32(?,00000186,00000000,00000000), ref: 01043850
                                                                • MoveWindow.USER32(00000000,?,?,?,?,00000000,?,?,Listbox,00000000,00000000,?,?,?,?,?), ref: 01043876
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1653254072.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                • Associated: 00000000.00000002.1653140766.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653761657.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653855110.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                Similarity
                                                                • API ID: MessageSend$MoveWindow
                                                                • String ID: Listbox
                                                                • API String ID: 3315199576-2633736733
                                                                • Opcode ID: fb20632f5fa42170b394d6b256abe9b351402b388d0121521d616e81067797fb
                                                                • Instruction ID: ff2c0eabce95729e276bf5c331bce290e3cdc4caba16ce3dd6f3598801215d32
                                                                • Opcode Fuzzy Hash: fb20632f5fa42170b394d6b256abe9b351402b388d0121521d616e81067797fb
                                                                • Instruction Fuzzy Hash: F421B3B2610228BBEB22CE59CC85EAB37AEFF89750F109164F9849B190C675DC518790
                                                                Function 010249F4 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 78COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • SetErrorMode.KERNEL32(00000001), ref: 01024A08
                                                                • GetVolumeInformationW.KERNEL32(?,?,00007FFF,?,00000000,00000000,00000000,00000000), ref: 01024A5C
                                                                • SetErrorMode.KERNEL32(00000000,?,?,0104CC08), ref: 01024AD0
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1653254072.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                • Associated: 00000000.00000002.1653140766.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653761657.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653855110.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                Similarity
                                                                • API ID: ErrorMode$InformationVolume
                                                                • String ID: %lu
                                                                • API String ID: 2507767853-685833217
                                                                • Opcode ID: 1e08a4aad0f8cf7a55de883127223af5551bafb5bb990614ac1aba84c1a63943
                                                                • Instruction ID: 4df27189fd2411a8cd1c8dd4105e1188d988b3e4df022df275d6b1281e1a8c0d
                                                                • Opcode Fuzzy Hash: 1e08a4aad0f8cf7a55de883127223af5551bafb5bb990614ac1aba84c1a63943
                                                                • Instruction Fuzzy Hash: C2318F74A00109AFDB10DF54C9C5EAA7BF8EF08308F1480A9E949DB252D775ED45CB61
                                                                Function 010441EB Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 67windowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • SendMessageW.USER32(00000000,00000405,00000000,00000000), ref: 0104424F
                                                                • SendMessageW.USER32(?,00000406,00000000,00640000), ref: 01044264
                                                                • SendMessageW.USER32(?,00000414,0000000A,00000000), ref: 01044271
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1653254072.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                • Associated: 00000000.00000002.1653140766.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653761657.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653855110.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                Similarity
                                                                • API ID: MessageSend
                                                                • String ID: msctls_trackbar32
                                                                • API String ID: 3850602802-1010561917
                                                                • Opcode ID: e5627601f7bc306fba54d5efe0b4a5b86fc43d991a0e833aa702344abd3837f7
                                                                • Instruction ID: 958bcaf217f4680347e7dd014e3fadae4a3257a17df02c00f5f60790e44d5fae
                                                                • Opcode Fuzzy Hash: e5627601f7bc306fba54d5efe0b4a5b86fc43d991a0e833aa702344abd3837f7
                                                                • Instruction Fuzzy Hash: 9311C6B1240248BFEF215E69CC46FAB3BACEF85B64F014525FA95E6090D671D8119B20
                                                                Function 01012F52 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 67windowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 00FB6B57: _wcslen.LIBCMT ref: 00FB6B6A
                                                                  • Part of subcall function 01012DA7: SendMessageTimeoutW.USER32(?,00000000,00000000,00000000,00000002,00001388,?), ref: 01012DC5
                                                                  • Part of subcall function 01012DA7: GetWindowThreadProcessId.USER32(?,00000000), ref: 01012DD6
                                                                  • Part of subcall function 01012DA7: GetCurrentThreadId.KERNEL32 ref: 01012DDD
                                                                  • Part of subcall function 01012DA7: AttachThreadInput.USER32(00000000,?,00000000,00000000), ref: 01012DE4
                                                                • GetFocus.USER32 ref: 01012F78
                                                                  • Part of subcall function 01012DEE: GetParent.USER32(00000000), ref: 01012DF9
                                                                • GetClassNameW.USER32(?,?,00000100), ref: 01012FC3
                                                                • EnumChildWindows.USER32(?,0101303B), ref: 01012FEB
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1653254072.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                • Associated: 00000000.00000002.1653140766.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653761657.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653855110.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                Similarity
                                                                • API ID: Thread$AttachChildClassCurrentEnumFocusInputMessageNameParentProcessSendTimeoutWindowWindows_wcslen
                                                                • String ID: %s%d
                                                                • API String ID: 1272988791-1110647743
                                                                • Opcode ID: d34b03f4ddd38ce0f2934c7a6b34c4cff5cbbd23e8ad8b7ab4711530908e29dd
                                                                • Instruction ID: c09bf308316d8b5297480d0366c46a0ed10a8768a1400d9d3473b54b926863da
                                                                • Opcode Fuzzy Hash: d34b03f4ddd38ce0f2934c7a6b34c4cff5cbbd23e8ad8b7ab4711530908e29dd
                                                                • Instruction Fuzzy Hash: ED1102B1200206ABDF157F60CDD5EEE37AAAF94314F008079F9499B146DE3898498B30
                                                                Function 01045882 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 47windowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetMenuItemInfoW.USER32(?,?,?,00000030), ref: 010458C1
                                                                • SetMenuItemInfoW.USER32(?,?,?,00000030), ref: 010458EE
                                                                • DrawMenuBar.USER32(?), ref: 010458FD
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1653254072.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                • Associated: 00000000.00000002.1653140766.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653761657.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653855110.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                Similarity
                                                                • API ID: Menu$InfoItem$Draw
                                                                • String ID: 0
                                                                • API String ID: 3227129158-4108050209
                                                                • Opcode ID: fd830af595d371ed4faabdced0e37a2886f8d743f2b32c06cb6aade818f0843f
                                                                • Instruction ID: 5a6734fd2c850cd529b4be9f222ab3ad5e7d44e0371475032c14e4c6fb19c20f
                                                                • Opcode Fuzzy Hash: fd830af595d371ed4faabdced0e37a2886f8d743f2b32c06cb6aade818f0843f
                                                                • Instruction Fuzzy Hash: AC01C4B5500208AFDB219F11DC85FAFBBB5FF45760F0080A9E889D6151DB348A84DF20
                                                                Function 0101007F Relevance: 6.3, APIs: 4, Instructions: 322COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1653254072.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                • Associated: 00000000.00000002.1653140766.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653761657.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653855110.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 4eac5262054d4140d629a114f2988ba1a1ee578ac0b12914bf1a71af4d136477
                                                                • Instruction ID: a8e81caea487fb675cff4eb2d1bdcaf0a8b7b7521d4ea73b4633401e8e067d7a
                                                                • Opcode Fuzzy Hash: 4eac5262054d4140d629a114f2988ba1a1ee578ac0b12914bf1a71af4d136477
                                                                • Instruction Fuzzy Hash: 7BC16E75A0020AEFDB15CF98C884AAEBBB9FF48704F108598F585EB259D735DD81CB90
                                                                Function 00FE3E80 Relevance: 6.3, APIs: 4, Instructions: 305COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1653254072.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                • Associated: 00000000.00000002.1653140766.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653761657.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653855110.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                Similarity
                                                                • API ID: __alldvrm$_strrchr
                                                                • String ID:
                                                                • API String ID: 1036877536-0
                                                                • Opcode ID: 190bec492484a18a97fe5f025dcdb3e473ceac46589bc02d4dbe4f94f5be8f6e
                                                                • Instruction ID: 4620457575876801546dae63dc0ce482d5d241cd2b6a8a349c126c7b26911693
                                                                • Opcode Fuzzy Hash: 190bec492484a18a97fe5f025dcdb3e473ceac46589bc02d4dbe4f94f5be8f6e
                                                                • Instruction Fuzzy Hash: 2CA14872D003C69FDB16CF19CC917AEBBE5EF65360F1841ADE6859B281C238A941E750
                                                                Function 0103342E Relevance: 6.3, APIs: 4, Instructions: 257COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1653254072.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                • Associated: 00000000.00000002.1653140766.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653761657.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653855110.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                Similarity
                                                                • API ID: Variant$ClearInitInitializeUninitialize
                                                                • String ID:
                                                                • API String ID: 1998397398-0
                                                                • Opcode ID: b954beeffc2b07dfb3075d9918f164bf73fb1bd935d176f9b45b127ed613b242
                                                                • Instruction ID: b47de7f2640ecf556915c4286de35b4b32e01d8b074a56444c4a23162046184d
                                                                • Opcode Fuzzy Hash: b954beeffc2b07dfb3075d9918f164bf73fb1bd935d176f9b45b127ed613b242
                                                                • Instruction Fuzzy Hash: 5BA158756043019FC710EF29C985A6ABBE9FF88314F088859F98A9B365DB34ED01DF91
                                                                Function 01010436 Relevance: 6.2, APIs: 4, Instructions: 230COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • ProgIDFromCLSID.OLE32(?,00000000,?,00000000,00000800,00000000,?,0104FC08,?), ref: 010105F0
                                                                • CoTaskMemFree.OLE32(00000000,00000000,?,00000000,00000800,00000000,?,0104FC08,?), ref: 01010608
                                                                • CLSIDFromProgID.OLE32(?,?,00000000,0104CC40,000000FF,?,00000000,00000800,00000000,?,0104FC08,?), ref: 0101062D
                                                                • _memcmp.LIBVCRUNTIME ref: 0101064E
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1653254072.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                • Associated: 00000000.00000002.1653140766.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653761657.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653855110.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                Similarity
                                                                • API ID: FromProg$FreeTask_memcmp
                                                                • String ID:
                                                                • API String ID: 314563124-0
                                                                • Opcode ID: 404cb9727df11c51cc5517377b937e0fc950f27101988bae1502235ba024887d
                                                                • Instruction ID: 56a93c2dce3a0e14600b1b415ef2fdaf2ab70371bc0f78b73757f652c5732d46
                                                                • Opcode Fuzzy Hash: 404cb9727df11c51cc5517377b937e0fc950f27101988bae1502235ba024887d
                                                                • Instruction Fuzzy Hash: BA816B71A00109EFCB04CF98C984EEEB7B9FF89315F204598F546AB254DB75AE46CB60
                                                                Function 0103A67C Relevance: 6.2, APIs: 4, Instructions: 175processCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • CreateToolhelp32Snapshot.KERNEL32 ref: 0103A6AC
                                                                • Process32FirstW.KERNEL32(00000000,?), ref: 0103A6BA
                                                                  • Part of subcall function 00FB9CB3: _wcslen.LIBCMT ref: 00FB9CBD
                                                                • Process32NextW.KERNEL32(00000000,?), ref: 0103A79C
                                                                • CloseHandle.KERNEL32(00000000), ref: 0103A7AB
                                                                  • Part of subcall function 00FCCE60: CompareStringW.KERNEL32(00000409,00000001,?,00000000,00000000,?,?,00000000,?,00FF3303,?), ref: 00FCCE8A
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1653254072.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                • Associated: 00000000.00000002.1653140766.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653761657.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653855110.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                Similarity
                                                                • API ID: Process32$CloseCompareCreateFirstHandleNextSnapshotStringToolhelp32_wcslen
                                                                • String ID:
                                                                • API String ID: 1991900642-0
                                                                • Opcode ID: 786f1c172fd244bd9f2b1e452a87ab11a1773c1d08fc3eb3408cb2541ce34195
                                                                • Instruction ID: 9591fdd5f8f13ee471d2af6c822303403547c6e0d7c174fd7e7d6bf6b83ab9ef
                                                                • Opcode Fuzzy Hash: 786f1c172fd244bd9f2b1e452a87ab11a1773c1d08fc3eb3408cb2541ce34195
                                                                • Instruction Fuzzy Hash: 2F5169B1508301AFD710EF25CD86AABBBE8FF89714F00891DF58597251EB39D904DB92
                                                                Function 00FF1391 Relevance: 6.2, APIs: 4, Instructions: 152COMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1653254072.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                • Associated: 00000000.00000002.1653140766.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653761657.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653855110.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                Similarity
                                                                • API ID: _free
                                                                • String ID:
                                                                • API String ID: 269201875-0
                                                                • Opcode ID: ae98dca3075db20f7c4b732631731ed6f27e71f82e66c1d63151498975e4c8f7
                                                                • Instruction ID: 99ab527f01a214c5d07289e7ffff556c3aa8b94778f5ee37a2ebd17685d043f6
                                                                • Opcode Fuzzy Hash: ae98dca3075db20f7c4b732631731ed6f27e71f82e66c1d63151498975e4c8f7
                                                                • Instruction Fuzzy Hash: 55412E3190010CEBDB25EBBD9C45BBE3AA5FF82370F184226FA19D72B1E67848417671
                                                                Function 01046278 Relevance: 6.1, APIs: 4, Instructions: 138COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetWindowRect.USER32(?,?), ref: 010462E2
                                                                • ScreenToClient.USER32(?,?), ref: 01046315
                                                                • MoveWindow.USER32(?,?,?,?,000000FF,00000001,?,?,?,?,?), ref: 01046382
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1653254072.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                • Associated: 00000000.00000002.1653140766.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653761657.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653855110.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                Similarity
                                                                • API ID: Window$ClientMoveRectScreen
                                                                • String ID:
                                                                • API String ID: 3880355969-0
                                                                • Opcode ID: c20b94b6614d0da832ba0c83e8e90cbf9d66211990ffda35cf788354e1c388c7
                                                                • Instruction ID: 79285265417ea4916b45cbdace78ed3153d592bce836a5c825349521d59118b4
                                                                • Opcode Fuzzy Hash: c20b94b6614d0da832ba0c83e8e90cbf9d66211990ffda35cf788354e1c388c7
                                                                • Instruction Fuzzy Hash: C3516CB4A00249AFDF21CF58D9C09AE7BF5FF46321F1081A9F8A497291E732E941CB50
                                                                Function 01031AD6 Relevance: 6.1, APIs: 4, Instructions: 138networkCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • socket.WSOCK32(00000002,00000002,00000011), ref: 01031AFD
                                                                • WSAGetLastError.WSOCK32 ref: 01031B0B
                                                                • #21.WSOCK32(?,0000FFFF,00000020,00000002,00000004), ref: 01031B8A
                                                                • WSAGetLastError.WSOCK32 ref: 01031B94
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1653254072.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                • Associated: 00000000.00000002.1653140766.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653761657.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653855110.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                Similarity
                                                                • API ID: ErrorLast$socket
                                                                • String ID:
                                                                • API String ID: 1881357543-0
                                                                • Opcode ID: 3057b747991c559f7e92ef982296823cd0dad03e82254b7de8495265eca71bbc
                                                                • Instruction ID: 150e860d5e72b01577d05994718fd33d395a1b71a1b93c2a08d58427169ce829
                                                                • Opcode Fuzzy Hash: 3057b747991c559f7e92ef982296823cd0dad03e82254b7de8495265eca71bbc
                                                                • Instruction Fuzzy Hash: B141B574600200AFE724EF24C986F6A77E5AB88718F54848CF6569F3C2D776DD428B90
                                                                Function 00FEB41F Relevance: 6.1, APIs: 4, Instructions: 133COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1653254072.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                • Associated: 00000000.00000002.1653140766.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653761657.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653855110.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: d93ad44a00cf5539fd30b2c3f9cfd030b211995acee0815873480672aa63fb45
                                                                • Instruction ID: 7364e56d005ffaf384055906ff64f347bdaeb8e2101a459b7825833e21f6520e
                                                                • Opcode Fuzzy Hash: d93ad44a00cf5539fd30b2c3f9cfd030b211995acee0815873480672aa63fb45
                                                                • Instruction Fuzzy Hash: 80410872A00344AFD724DF79CC41B6BBBA9EF84720F10466EF541DB2D1D775A9019790
                                                                Function 010256D9 Relevance: 6.1, APIs: 4, Instructions: 110fileCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • CreateHardLinkW.KERNEL32(00000002,?,00000000), ref: 01025783
                                                                • GetLastError.KERNEL32(?,00000000), ref: 010257A9
                                                                • DeleteFileW.KERNEL32(00000002,?,00000000), ref: 010257CE
                                                                • CreateHardLinkW.KERNEL32(00000002,?,00000000,?,00000000), ref: 010257FA
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1653254072.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                • Associated: 00000000.00000002.1653140766.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653761657.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653855110.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                Similarity
                                                                • API ID: CreateHardLink$DeleteErrorFileLast
                                                                • String ID:
                                                                • API String ID: 3321077145-0
                                                                • Opcode ID: b2c2fe7d306032fbbacdbe490bcf3fcd43035e25270ebb8f84b8e529418cd1ec
                                                                • Instruction ID: 9388bbfd40493786cf662a955bffa6ce2745bf589e8e4cc557b9087d86a1b93b
                                                                • Opcode Fuzzy Hash: b2c2fe7d306032fbbacdbe490bcf3fcd43035e25270ebb8f84b8e529418cd1ec
                                                                • Instruction Fuzzy Hash: 8A412E39600610DFCB21EF15C945A9EBBE1AF89310B18C488E84A6B366CB79FD01DF91
                                                                Function 00FED8C3 Relevance: 6.1, APIs: 4, Instructions: 110COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • MultiByteToWideChar.KERNEL32(?,00000000,8BE85006,00FD6D71,00000000,00000000,00FD82D9,?,00FD82D9,?,00000001,00FD6D71,8BE85006,00000001,00FD82D9,00FD82D9), ref: 00FED910
                                                                • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 00FED999
                                                                • GetStringTypeW.KERNEL32(?,00000000,00000000,?), ref: 00FED9AB
                                                                • __freea.LIBCMT ref: 00FED9B4
                                                                  • Part of subcall function 00FE3820: RtlAllocateHeap.NTDLL(00000000,?,01081444,?,00FCFDF5,?,?,00FBA976,00000010,01081440,00FB13FC,?,00FB13C6,?,00FB1129), ref: 00FE3852
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1653254072.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                • Associated: 00000000.00000002.1653140766.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653761657.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653855110.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                Similarity
                                                                • API ID: ByteCharMultiWide$AllocateHeapStringType__freea
                                                                • String ID:
                                                                • API String ID: 2652629310-0
                                                                • Opcode ID: 94a991a642e6b2a7ec06daf26045c92a129bdf94cddb13c5340356f2284f0cec
                                                                • Instruction ID: 5a49a558e5e386194533a3d4bee53ca792c7ae9909a4cd243a28b9fbb5aa74e6
                                                                • Opcode Fuzzy Hash: 94a991a642e6b2a7ec06daf26045c92a129bdf94cddb13c5340356f2284f0cec
                                                                • Instruction Fuzzy Hash: 8631E172A0124AABDF24DF66DC85EAE7BA5EF41320F050169FC04D7251EB39DD50EBA0
                                                                Function 0101AA57 Relevance: 6.1, APIs: 4, Instructions: 107keyboardwindowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetKeyboardState.USER32(?,00000001,00000040,00000000), ref: 0101AAAC
                                                                • SetKeyboardState.USER32(00000080), ref: 0101AAC8
                                                                • PostMessageW.USER32(?,00000102,00000001,00000001), ref: 0101AB36
                                                                • SendInput.USER32(00000001,?,0000001C,00000001,00000040,00000000), ref: 0101AB88
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1653254072.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                • Associated: 00000000.00000002.1653140766.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653761657.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653855110.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                Similarity
                                                                • API ID: KeyboardState$InputMessagePostSend
                                                                • String ID:
                                                                • API String ID: 432972143-0
                                                                • Opcode ID: 9a8f4b4976fe5ca8ede02cf6095f2f095b7cd8c89de47958ad8f4e176aa0a642
                                                                • Instruction ID: 82438d705b732f435273dc3054cb474003931344b6ca6c1555761d189d8c25cc
                                                                • Opcode Fuzzy Hash: 9a8f4b4976fe5ca8ede02cf6095f2f095b7cd8c89de47958ad8f4e176aa0a642
                                                                • Instruction Fuzzy Hash: 2E310470B422C8EEFF318A688884BFA7BE6BB44310F04465AE1C1531DAD37D85818761
                                                                Function 010452C1 Relevance: 6.1, APIs: 4, Instructions: 104windowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • SendMessageW.USER32(?,00001024,00000000,?), ref: 01045352
                                                                • GetWindowLongW.USER32(?,000000F0), ref: 01045375
                                                                • SetWindowLongW.USER32(?,000000F0,00000000), ref: 01045382
                                                                • InvalidateRect.USER32(?,00000000,00000001,?,?,?), ref: 010453A8
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1653254072.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                • Associated: 00000000.00000002.1653140766.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653761657.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653855110.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                Similarity
                                                                • API ID: LongWindow$InvalidateMessageRectSend
                                                                • String ID:
                                                                • API String ID: 3340791633-0
                                                                • Opcode ID: b62bbd4c9339bcee74e31be0631084274277284ad173aa5ac2b4492d56eec3e6
                                                                • Instruction ID: eb94f9d90c45010c303c50ba52f27824ef2cc4015f6907e0ef1d25c05e9278b1
                                                                • Opcode Fuzzy Hash: b62bbd4c9339bcee74e31be0631084274277284ad173aa5ac2b4492d56eec3e6
                                                                • Instruction Fuzzy Hash: FA31C2B4A55208FFFB749E18CCC5BE83BE5AB05352F48C1A1FAD0961D1C7B5A980DB42
                                                                Function 01047674 Relevance: 6.1, APIs: 4, Instructions: 102windowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • ClientToScreen.USER32(?,?), ref: 0104769A
                                                                • GetWindowRect.USER32(?,?), ref: 01047710
                                                                • PtInRect.USER32(?,?,01048B89), ref: 01047720
                                                                • MessageBeep.USER32(00000000), ref: 0104778C
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1653254072.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                • Associated: 00000000.00000002.1653140766.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653761657.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653855110.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                Similarity
                                                                • API ID: Rect$BeepClientMessageScreenWindow
                                                                • String ID:
                                                                • API String ID: 1352109105-0
                                                                • Opcode ID: 7cb9f41c74c48703214f24d77f69ddef017c759e480b77b2aa8737a93e4ad935
                                                                • Instruction ID: fcb2ec6af474d8d1b0997b629d7b686f83147506a2630ba21a1bacf3804dc641
                                                                • Opcode Fuzzy Hash: 7cb9f41c74c48703214f24d77f69ddef017c759e480b77b2aa8737a93e4ad935
                                                                • Instruction Fuzzy Hash: 3041BCB8601215EFDB22CF58C5C4EAC7BF5BF48310F4540B8E9D49B255C336A942CB90
                                                                Function 010416DA Relevance: 6.1, APIs: 4, Instructions: 101COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetForegroundWindow.USER32 ref: 010416EB
                                                                  • Part of subcall function 01013A3D: GetWindowThreadProcessId.USER32(?,00000000), ref: 01013A57
                                                                  • Part of subcall function 01013A3D: GetCurrentThreadId.KERNEL32 ref: 01013A5E
                                                                  • Part of subcall function 01013A3D: AttachThreadInput.USER32(00000000,?,00000000,00000000,?,010125B3), ref: 01013A65
                                                                • GetCaretPos.USER32(?), ref: 010416FF
                                                                • ClientToScreen.USER32(00000000,?), ref: 0104174C
                                                                • GetForegroundWindow.USER32 ref: 01041752
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1653254072.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                • Associated: 00000000.00000002.1653140766.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653761657.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653855110.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                Similarity
                                                                • API ID: ThreadWindow$Foreground$AttachCaretClientCurrentInputProcessScreen
                                                                • String ID:
                                                                • API String ID: 2759813231-0
                                                                • Opcode ID: 2037f74f3ad0f27b10ad1be95344ceb2ec61ed357ec6709c98d60c0a70662d5f
                                                                • Instruction ID: 5606cfb086b00b146c7f6ed94655590b738e139d319286c86506e7e9c0568937
                                                                • Opcode Fuzzy Hash: 2037f74f3ad0f27b10ad1be95344ceb2ec61ed357ec6709c98d60c0a70662d5f
                                                                • Instruction Fuzzy Hash: CD313EB5D00249AFD700EFAAC9C18EEBBF9FF48204B5480AAE455E7201D7359E45CFA0
                                                                Function 0101DF95 Relevance: 6.1, APIs: 4, Instructions: 87COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 00FB7620: _wcslen.LIBCMT ref: 00FB7625
                                                                • _wcslen.LIBCMT ref: 0101DFCB
                                                                • _wcslen.LIBCMT ref: 0101DFE2
                                                                • _wcslen.LIBCMT ref: 0101E00D
                                                                • GetTextExtentPoint32W.GDI32(?,00000000,00000000,?), ref: 0101E018
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1653254072.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                • Associated: 00000000.00000002.1653140766.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653761657.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653855110.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                Similarity
                                                                • API ID: _wcslen$ExtentPoint32Text
                                                                • String ID:
                                                                • API String ID: 3763101759-0
                                                                • Opcode ID: 845bfeec97fc77166730559680dff7e8159e5c8e151bb23b7ccfc90585ea54d5
                                                                • Instruction ID: ef2189e71364b919d3f8aa5cbd5b7277b2e09bd8aa5425f7179392e54f6a4728
                                                                • Opcode Fuzzy Hash: 845bfeec97fc77166730559680dff7e8159e5c8e151bb23b7ccfc90585ea54d5
                                                                • Instruction Fuzzy Hash: CF21D371900214AFCB21AFA8CD81BAEB7F9EF45750F1440A9F944BB346D6789E408BA1
                                                                Function 01048FC9 Relevance: 6.1, APIs: 4, Instructions: 78windowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 00FC9BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00FC9BB2
                                                                • GetCursorPos.USER32(?), ref: 01049001
                                                                • TrackPopupMenuEx.USER32(?,00000000,?,?,?,00000000,?,01007711,?,?,?,?,?), ref: 01049016
                                                                • GetCursorPos.USER32(?), ref: 0104905E
                                                                • DefDlgProcW.USER32(?,0000007B,?,?,?,?,?,?,?,?,?,?,01007711,?,?,?), ref: 01049094
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1653254072.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                • Associated: 00000000.00000002.1653140766.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653761657.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653855110.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                Similarity
                                                                • API ID: Cursor$LongMenuPopupProcTrackWindow
                                                                • String ID:
                                                                • API String ID: 2864067406-0
                                                                • Opcode ID: c0f1b46333ed426166830e1ca267e56dead5539b695b8f7461735db36284f235
                                                                • Instruction ID: adaf7265b764cb6a8008fd9fddd03fb1add30408b0d6ec8a3ed4912f96f0528c
                                                                • Opcode Fuzzy Hash: c0f1b46333ed426166830e1ca267e56dead5539b695b8f7461735db36284f235
                                                                • Instruction Fuzzy Hash: 04219C75601018AFEB25DF98C889EEF3BB9EF89350F0040B9FA8547251C7369990DB60
                                                                Function 0101D2C1 Relevance: 6.1, APIs: 4, Instructions: 78COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetFileAttributesW.KERNEL32(?,0104CB68), ref: 0101D2FB
                                                                • GetLastError.KERNEL32 ref: 0101D30A
                                                                • CreateDirectoryW.KERNEL32(?,00000000), ref: 0101D319
                                                                • CreateDirectoryW.KERNEL32(?,00000000,00000000,000000FF,0104CB68), ref: 0101D376
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1653254072.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                • Associated: 00000000.00000002.1653140766.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653761657.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653855110.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                Similarity
                                                                • API ID: CreateDirectory$AttributesErrorFileLast
                                                                • String ID:
                                                                • API String ID: 2267087916-0
                                                                • Opcode ID: 957467fca28ded74a9180eee71b82353d7e2ffb8fb0c29123e37560ce07ec9fa
                                                                • Instruction ID: b93667d6e3b2e1bd46ebc088e74a48e2f9ed4c8bafa1f0fc8c31d34f093bbfbb
                                                                • Opcode Fuzzy Hash: 957467fca28ded74a9180eee71b82353d7e2ffb8fb0c29123e37560ce07ec9fa
                                                                • Instruction Fuzzy Hash: 5321E2745093019F9310DF69CA848AE7BE8EF46328F108A5DF4D9C72A5DB39D906CF92
                                                                Function 01011571 Relevance: 6.1, APIs: 4, Instructions: 78memoryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 01011014: GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),?,00000000,?), ref: 0101102A
                                                                  • Part of subcall function 01011014: GetLastError.KERNEL32(?,TokenIntegrityLevel,?,00000000,?), ref: 01011036
                                                                  • Part of subcall function 01011014: GetProcessHeap.KERNEL32(00000008,?,?,TokenIntegrityLevel,?,00000000,?), ref: 01011045
                                                                  • Part of subcall function 01011014: HeapAlloc.KERNEL32(00000000,?,TokenIntegrityLevel,?,00000000,?), ref: 0101104C
                                                                  • Part of subcall function 01011014: GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),00000000,?,?,?,TokenIntegrityLevel,?,00000000,?), ref: 01011062
                                                                • LookupPrivilegeValueW.ADVAPI32(00000000,?,?), ref: 010115BE
                                                                • _memcmp.LIBVCRUNTIME ref: 010115E1
                                                                • GetProcessHeap.KERNEL32(00000000,00000000), ref: 01011617
                                                                • HeapFree.KERNEL32(00000000), ref: 0101161E
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1653254072.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                • Associated: 00000000.00000002.1653140766.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653761657.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653855110.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                Similarity
                                                                • API ID: Heap$InformationProcessToken$AllocErrorFreeLastLookupPrivilegeValue_memcmp
                                                                • String ID:
                                                                • API String ID: 1592001646-0
                                                                • Opcode ID: a212f10f25efe7f12defa05f8b3d16c20959f739b69047da569d19af422ade64
                                                                • Instruction ID: 5cb2f9a44c707dfe54f58c2efb17cf9c7e063f85f212fa5e39b0436ed092f43a
                                                                • Opcode Fuzzy Hash: a212f10f25efe7f12defa05f8b3d16c20959f739b69047da569d19af422ade64
                                                                • Instruction Fuzzy Hash: 46218E71E01109EFDB14CFA8CA44BEEBBF8EF44354F084899E681A7244D739AA05CB50
                                                                Function 01042782 Relevance: 6.1, APIs: 4, Instructions: 75COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetWindowLongW.USER32(?,000000EC), ref: 0104280A
                                                                • SetWindowLongW.USER32(?,000000EC,00000000), ref: 01042824
                                                                • SetWindowLongW.USER32(?,000000EC,00000000), ref: 01042832
                                                                • SetLayeredWindowAttributes.USER32(?,00000000,?,00000002), ref: 01042840
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1653254072.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                • Associated: 00000000.00000002.1653140766.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653761657.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653855110.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                Similarity
                                                                • API ID: Window$Long$AttributesLayered
                                                                • String ID:
                                                                • API String ID: 2169480361-0
                                                                • Opcode ID: 245ecbde02268879735c5506111a3e8190b54be2158dd5c629d6fe4259fdad63
                                                                • Instruction ID: 58e8991702c93cec98a820a96cde8684f3b993a2571a995deb592f9085b75e9d
                                                                • Opcode Fuzzy Hash: 245ecbde02268879735c5506111a3e8190b54be2158dd5c629d6fe4259fdad63
                                                                • Instruction Fuzzy Hash: A321F475305111AFE714DB24D884FAA7B95AF45324F1481A8F4568B6D2C775EC82CBD0
                                                                Function 0102CE44 Relevance: 6.1, APIs: 4, Instructions: 75filenetworkCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • InternetReadFile.WININET(?,?,00000400,?), ref: 0102CE89
                                                                • GetLastError.KERNEL32(?,00000000), ref: 0102CEEA
                                                                • SetEvent.KERNEL32(?,?,00000000), ref: 0102CEFE
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1653254072.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                • Associated: 00000000.00000002.1653140766.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653761657.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653855110.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                Similarity
                                                                • API ID: ErrorEventFileInternetLastRead
                                                                • String ID:
                                                                • API String ID: 234945975-0
                                                                • Opcode ID: 79a352e2c134d5483603dff63958b8d209855d3a566b0b8c0e5994b8183d4f70
                                                                • Instruction ID: cc9414fad9814a1771411ae931ea3d106ddf88c4f405c1849994d0ffa752215a
                                                                • Opcode Fuzzy Hash: 79a352e2c134d5483603dff63958b8d209855d3a566b0b8c0e5994b8183d4f70
                                                                • Instruction Fuzzy Hash: C421C1B15007159BFB70DF69CB84BABBBFCEB40358F10445EE686D2141E775EA048B50
                                                                Function 010178F5 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 71stringCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 01018D7D: lstrlenW.KERNEL32(?,00000002,000000FF,?,?,?,0101790A,?,000000FF,?,01018754,00000000,?,0000001C,?,?), ref: 01018D8C
                                                                  • Part of subcall function 01018D7D: lstrcpyW.KERNEL32(00000000,?), ref: 01018DB2
                                                                  • Part of subcall function 01018D7D: lstrcmpiW.KERNEL32(00000000,?,0101790A,?,000000FF,?,01018754,00000000,?,0000001C,?,?), ref: 01018DE3
                                                                • lstrlenW.KERNEL32(?,00000002,000000FF,?,000000FF,?,01018754,00000000,?,0000001C,?,?,00000000), ref: 01017923
                                                                • lstrcpyW.KERNEL32(00000000,?), ref: 01017949
                                                                • lstrcmpiW.KERNEL32(00000002,cdecl,?,01018754,00000000,?,0000001C,?,?,00000000), ref: 01017984
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1653254072.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                • Associated: 00000000.00000002.1653140766.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653761657.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653855110.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                Similarity
                                                                • API ID: lstrcmpilstrcpylstrlen
                                                                • String ID: cdecl
                                                                • API String ID: 4031866154-3896280584
                                                                • Opcode ID: d2dcf54f659a4ab4b8e9f703c712eeeb22ef452ae6c0e11c743801114c6c2293
                                                                • Instruction ID: 9a839eb442920e9571a91052508ef650111ceacbdd63bcbd0a5d75d7e81b7271
                                                                • Opcode Fuzzy Hash: d2dcf54f659a4ab4b8e9f703c712eeeb22ef452ae6c0e11c743801114c6c2293
                                                                • Instruction Fuzzy Hash: 7C112C3A200302ABDB155F38C844D7B77E6FF85350B40402EF982C7268EB359905C791
                                                                Function 01047CC2 Relevance: 6.1, APIs: 4, Instructions: 70COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetWindowLongW.USER32(?,000000F0), ref: 01047D0B
                                                                • SetWindowLongW.USER32(00000000,000000F0,?), ref: 01047D2A
                                                                • SetWindowLongW.USER32(00000000,000000EC,000000FF), ref: 01047D42
                                                                • SetWindowPos.USER32(00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,?,?,?,?,?,0102B7AD,00000000), ref: 01047D6B
                                                                  • Part of subcall function 00FC9BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00FC9BB2
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1653254072.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                • Associated: 00000000.00000002.1653140766.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653761657.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653855110.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                Similarity
                                                                • API ID: Window$Long
                                                                • String ID:
                                                                • API String ID: 847901565-0
                                                                • Opcode ID: 4c76dcb85b4b6174bf561ba82a47f172c0658467204cdb7c20839ea58713721d
                                                                • Instruction ID: af3a6a7a87c682408de106786b74608be5ca684958129637e1f4bd4cc2aaf80d
                                                                • Opcode Fuzzy Hash: 4c76dcb85b4b6174bf561ba82a47f172c0658467204cdb7c20839ea58713721d
                                                                • Instruction Fuzzy Hash: D011D2B2215615AFDB20AF2CCC84A6A3BA5BF45360B118378F9F9C72E0D7359951CB80
                                                                Function 01045660 Relevance: 6.1, APIs: 4, Instructions: 67windowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • SendMessageW.USER32(?,00001060,?,00000004), ref: 010456BB
                                                                • _wcslen.LIBCMT ref: 010456CD
                                                                • _wcslen.LIBCMT ref: 010456D8
                                                                • SendMessageW.USER32(?,00001002,00000000,?), ref: 01045816
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1653254072.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                • Associated: 00000000.00000002.1653140766.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653761657.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653855110.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                Similarity
                                                                • API ID: MessageSend_wcslen
                                                                • String ID:
                                                                • API String ID: 455545452-0
                                                                • Opcode ID: 8447211197d05930f6343d3a7e19f4261ef3e06daadd59ee97ddabf58aa7b675
                                                                • Instruction ID: 3d93d3c10a826dc1f7eab27f604f2842976d09a44b879efd3d851b271cbdbf66
                                                                • Opcode Fuzzy Hash: 8447211197d05930f6343d3a7e19f4261ef3e06daadd59ee97ddabf58aa7b675
                                                                • Instruction Fuzzy Hash: 991103F5600208A7EB20DF65DCC1AEE3BACEF05364B00407AFA85DA081EB74D640CB60
                                                                Function 00FE1D09 Relevance: 6.1, APIs: 4, Instructions: 63COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1653254072.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                • Associated: 00000000.00000002.1653140766.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653761657.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653855110.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 0a0d392158d77651cf1b205dca71212903d88269a790de22cc535a8435df1eac
                                                                • Instruction ID: 17f00632a999bc74f516eff29feabdc87afc1d49eb753d924f7410cf98f10681
                                                                • Opcode Fuzzy Hash: 0a0d392158d77651cf1b205dca71212903d88269a790de22cc535a8435df1eac
                                                                • Instruction Fuzzy Hash: 0E01A2B260A69A3EF731257B6CC1F2B761CEF813B8B310329F521511D6DB798C047160
                                                                Function 01011A27 Relevance: 6.1, APIs: 4, Instructions: 56windowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • SendMessageW.USER32(?,000000B0,?,?), ref: 01011A47
                                                                • SendMessageW.USER32(?,000000C9,?,00000000), ref: 01011A59
                                                                • SendMessageW.USER32(?,000000C9,?,00000000), ref: 01011A6F
                                                                • SendMessageW.USER32(?,000000C9,?,00000000), ref: 01011A8A
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1653254072.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                • Associated: 00000000.00000002.1653140766.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653761657.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653855110.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                Similarity
                                                                • API ID: MessageSend
                                                                • String ID:
                                                                • API String ID: 3850602802-0
                                                                • Opcode ID: 1b84d2acb9ff0eab1b70a3c6dbf53dbaba303f399193ccae443ac119eb4dd144
                                                                • Instruction ID: 95a2f854a42774ff36aaf73af5f147cb1b2ba800843af3e84a3f9763a182d845
                                                                • Opcode Fuzzy Hash: 1b84d2acb9ff0eab1b70a3c6dbf53dbaba303f399193ccae443ac119eb4dd144
                                                                • Instruction Fuzzy Hash: 0211397AD00219FFEB11DBA8C985FADBBB8EB08754F200091EA00B7294D6716E50DB94
                                                                Function 0101E1D6 Relevance: 6.1, APIs: 4, Instructions: 55synchronizationthreadwindowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetCurrentThreadId.KERNEL32 ref: 0101E1FD
                                                                • MessageBoxW.USER32(?,?,?,?), ref: 0101E230
                                                                • WaitForSingleObject.KERNEL32(00000000,000000FF,?,?,?,?), ref: 0101E246
                                                                • CloseHandle.KERNEL32(00000000,?,?,?,?), ref: 0101E24D
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1653254072.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                • Associated: 00000000.00000002.1653140766.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653761657.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653855110.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                Similarity
                                                                • API ID: CloseCurrentHandleMessageObjectSingleThreadWait
                                                                • String ID:
                                                                • API String ID: 2880819207-0
                                                                • Opcode ID: 23e73bea376fcfacf3e4500a3d84c441559e6555f49d6e3ef0150299fdf0a41c
                                                                • Instruction ID: 89eb12cb8b11317a76563c4d8bd96fded07c78d1ff5e1df41905b60ad14040e2
                                                                • Opcode Fuzzy Hash: 23e73bea376fcfacf3e4500a3d84c441559e6555f49d6e3ef0150299fdf0a41c
                                                                • Instruction Fuzzy Hash: 05112BB6A04254BFD7229FACDD45ADE7FACAF46310F048255FD94D3285D2B9C90087A0
                                                                Function 00FDD1CC Relevance: 6.1, APIs: 4, Instructions: 55threadCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • CreateThread.KERNEL32(00000000,?,00FDCFF9,00000000,00000004,00000000), ref: 00FDD218
                                                                • GetLastError.KERNEL32 ref: 00FDD224
                                                                • __dosmaperr.LIBCMT ref: 00FDD22B
                                                                • ResumeThread.KERNEL32(00000000), ref: 00FDD249
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1653254072.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                • Associated: 00000000.00000002.1653140766.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653761657.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653855110.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                Similarity
                                                                • API ID: Thread$CreateErrorLastResume__dosmaperr
                                                                • String ID:
                                                                • API String ID: 173952441-0
                                                                • Opcode ID: 0a8b53a89214ba34563f83cb974e2d6def4b953a01c376d0b01a32b994c97749
                                                                • Instruction ID: 224035662d669e266da431c094b1481719d8a2d8e96cb0741bbd95ceedb361a1
                                                                • Opcode Fuzzy Hash: 0a8b53a89214ba34563f83cb974e2d6def4b953a01c376d0b01a32b994c97749
                                                                • Instruction Fuzzy Hash: 9801F9768051047BD7216BA5DC09BAE7B6EDF82332F18031AF925923D0DB75C905E7A0
                                                                Function 01049EF3 Relevance: 6.1, APIs: 4, Instructions: 55COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 00FC9BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00FC9BB2
                                                                • GetClientRect.USER32(?,?), ref: 01049F31
                                                                • GetCursorPos.USER32(?), ref: 01049F3B
                                                                • ScreenToClient.USER32(?,?), ref: 01049F46
                                                                • DefDlgProcW.USER32(?,00000020,?,00000000,?,?,?), ref: 01049F7A
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1653254072.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                • Associated: 00000000.00000002.1653140766.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653761657.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653855110.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                Similarity
                                                                • API ID: Client$CursorLongProcRectScreenWindow
                                                                • String ID:
                                                                • API String ID: 4127811313-0
                                                                • Opcode ID: c786755def7615e2b63866dfb0826bec2d4434994848373119d71d7f169ab9f7
                                                                • Instruction ID: 4d6c329f9aeff2934df72fdfba6db77abfc51dfa62c7e77f5878a01104d6f0a0
                                                                • Opcode Fuzzy Hash: c786755def7615e2b63866dfb0826bec2d4434994848373119d71d7f169ab9f7
                                                                • Instruction Fuzzy Hash: 4E114CB550111AFBDB10DF58D9859EE77B8FF49315F0004A5F981E3140D735BA82CBA1
                                                                Function 00FB600E Relevance: 6.1, APIs: 4, Instructions: 53windowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 00FB604C
                                                                • GetStockObject.GDI32(00000011), ref: 00FB6060
                                                                • SendMessageW.USER32(00000000,00000030,00000000), ref: 00FB606A
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1653254072.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                • Associated: 00000000.00000002.1653140766.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653761657.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653855110.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                Similarity
                                                                • API ID: CreateMessageObjectSendStockWindow
                                                                • String ID:
                                                                • API String ID: 3970641297-0
                                                                • Opcode ID: 0e7ce88681db281fd9832318248699f7c09521648574f548000558d0a9d94f3d
                                                                • Instruction ID: 7ee76662f6cbfd8d993508317fdef340f57d3a34c964abbbaa879b2c549e282d
                                                                • Opcode Fuzzy Hash: 0e7ce88681db281fd9832318248699f7c09521648574f548000558d0a9d94f3d
                                                                • Instruction Fuzzy Hash: 771161B3502548BFEF229F969D44EFA7B69FF093A4F040115FA5492110D73A9C60EF90
                                                                Function 00FD3B3C Relevance: 6.1, APIs: 4, Instructions: 53COMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                • ___BuildCatchObject.LIBVCRUNTIME ref: 00FD3B56
                                                                  • Part of subcall function 00FD3AA3: BuildCatchObjectHelperInternal.LIBVCRUNTIME ref: 00FD3AD2
                                                                  • Part of subcall function 00FD3AA3: ___AdjustPointer.LIBCMT ref: 00FD3AED
                                                                • _UnwindNestedFrames.LIBCMT ref: 00FD3B6B
                                                                • __FrameHandler3::FrameUnwindToState.LIBVCRUNTIME ref: 00FD3B7C
                                                                • CallCatchBlock.LIBVCRUNTIME ref: 00FD3BA4
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1653254072.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                • Associated: 00000000.00000002.1653140766.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653761657.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653855110.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                Similarity
                                                                • API ID: Catch$BuildFrameObjectUnwind$AdjustBlockCallFramesHandler3::HelperInternalNestedPointerState
                                                                • String ID:
                                                                • API String ID: 737400349-0
                                                                • Opcode ID: 12ea49abee573113f57dbd3ec3a577afcc9c348439d29e6cbe32e78011ac24d3
                                                                • Instruction ID: f0edf08cb407e4859df5f797cf20c300daa63f414c5de571fc7dfd6a7705e908
                                                                • Opcode Fuzzy Hash: 12ea49abee573113f57dbd3ec3a577afcc9c348439d29e6cbe32e78011ac24d3
                                                                • Instruction Fuzzy Hash: 52012D32500148BBDF126F95CC46DEB3B6AEF88754F08401AFE4856221C736E961EBA1
                                                                Function 00FE3073 Relevance: 6.1, APIs: 4, Instructions: 52libraryCOMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                • LoadLibraryExW.KERNEL32(00000000,00000000,00000800,00FB13C6,00000000,00000000,?,00FE301A,00FB13C6,00000000,00000000,00000000,?,00FE328B,00000006,FlsSetValue), ref: 00FE30A5
                                                                • GetLastError.KERNEL32(?,00FE301A,00FB13C6,00000000,00000000,00000000,?,00FE328B,00000006,FlsSetValue,01052290,FlsSetValue,00000000,00000364,?,00FE2E46), ref: 00FE30B1
                                                                • LoadLibraryExW.KERNEL32(00000000,00000000,00000000,?,00FE301A,00FB13C6,00000000,00000000,00000000,?,00FE328B,00000006,FlsSetValue,01052290,FlsSetValue,00000000), ref: 00FE30BF
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1653254072.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                • Associated: 00000000.00000002.1653140766.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653761657.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653855110.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                Similarity
                                                                • API ID: LibraryLoad$ErrorLast
                                                                • String ID:
                                                                • API String ID: 3177248105-0
                                                                • Opcode ID: bfe36360524650c3076d9d44eb17f50a828a72c02d85b081afce90e426ef3144
                                                                • Instruction ID: 3011afab7b876b71ba6e7145b7771c9c957536b63e678d0e224712eeb2c59fc4
                                                                • Opcode Fuzzy Hash: bfe36360524650c3076d9d44eb17f50a828a72c02d85b081afce90e426ef3144
                                                                • Instruction Fuzzy Hash: 44012B76702262ABDB318A7B9D8CA677B98AF45B75B200620FB45E3144C736D901D7E0
                                                                Function 01017464 Relevance: 6.1, APIs: 4, Instructions: 51registryCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetModuleFileNameW.KERNEL32(?,?,00000104,00000000), ref: 0101747F
                                                                • LoadTypeLibEx.OLEAUT32(?,00000002,?), ref: 01017497
                                                                • RegisterTypeLib.OLEAUT32(?,?,00000000), ref: 010174AC
                                                                • RegisterTypeLibForUser.OLEAUT32(?,?,00000000), ref: 010174CA
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1653254072.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                • Associated: 00000000.00000002.1653140766.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653761657.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653855110.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                Similarity
                                                                • API ID: Type$Register$FileLoadModuleNameUser
                                                                • String ID:
                                                                • API String ID: 1352324309-0
                                                                • Opcode ID: 6722914d0fdf05ae64a152903ffaa93683ce6378fa169d1b74fc13dbc92f3ce1
                                                                • Instruction ID: 712a0ae8211ceec448b087787fa7486ad2332877b96042009056c62e4e498951
                                                                • Opcode Fuzzy Hash: 6722914d0fdf05ae64a152903ffaa93683ce6378fa169d1b74fc13dbc92f3ce1
                                                                • Instruction Fuzzy Hash: 1311A1B52423009BF7308F58DE48B967FFCEB40B00F008569EA96D6155DF79E904CB50
                                                                Function 0101B0A8 Relevance: 6.0, APIs: 4, Instructions: 50sleepCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,?,?,0101ACD3,?,00008000), ref: 0101B0C4
                                                                • Sleep.KERNEL32(00000000,?,?,?,?,?,?,?,?,0101ACD3,?,00008000), ref: 0101B0E9
                                                                • QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,?,?,0101ACD3,?,00008000), ref: 0101B0F3
                                                                • Sleep.KERNEL32(00000000,?,?,?,?,?,?,?,?,0101ACD3,?,00008000), ref: 0101B126
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1653254072.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                • Associated: 00000000.00000002.1653140766.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653761657.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653855110.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                Similarity
                                                                • API ID: CounterPerformanceQuerySleep
                                                                • String ID:
                                                                • API String ID: 2875609808-0
                                                                • Opcode ID: 34f0325f155ecdd9f714a18a0dd03134aea41f1f0ff92f55abd6cd33e2b06163
                                                                • Instruction ID: 4743d5be49f21fe29f69951b33827881667e1a1ca3d16e45835f577dcc05f0cf
                                                                • Opcode Fuzzy Hash: 34f0325f155ecdd9f714a18a0dd03134aea41f1f0ff92f55abd6cd33e2b06163
                                                                • Instruction Fuzzy Hash: E611AD70C0251CE7DF10AFE4EA88AEEBF78FF0A310F114086E9C1B2189CB3996508B51
                                                                Function 01047E14 Relevance: 6.0, APIs: 4, Instructions: 46COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetWindowRect.USER32(?,?), ref: 01047E33
                                                                • ScreenToClient.USER32(?,?), ref: 01047E4B
                                                                • ScreenToClient.USER32(?,?), ref: 01047E6F
                                                                • InvalidateRect.USER32(?,?,?,?,?,?,?,?,?,?,?,?), ref: 01047E8A
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1653254072.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                • Associated: 00000000.00000002.1653140766.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653761657.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653855110.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                Similarity
                                                                • API ID: ClientRectScreen$InvalidateWindow
                                                                • String ID:
                                                                • API String ID: 357397906-0
                                                                • Opcode ID: 31613c07ee36ed3c8e52968d99dce78dfefb09a352d85d32f092162f05b3c90b
                                                                • Instruction ID: 20bf2ed327d0a04511b52a4fbc04ed5020a0930bcaa6af1e5e7b796aba22ab54
                                                                • Opcode Fuzzy Hash: 31613c07ee36ed3c8e52968d99dce78dfefb09a352d85d32f092162f05b3c90b
                                                                • Instruction Fuzzy Hash: 181180B9D0020AAFDB51CFA8C584AEEBBF9FF08310F108066E951E3214D735AA54CF90
                                                                Function 01012DA7 Relevance: 6.0, APIs: 4, Instructions: 34threadwindowtimeCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • SendMessageTimeoutW.USER32(?,00000000,00000000,00000000,00000002,00001388,?), ref: 01012DC5
                                                                • GetWindowThreadProcessId.USER32(?,00000000), ref: 01012DD6
                                                                • GetCurrentThreadId.KERNEL32 ref: 01012DDD
                                                                • AttachThreadInput.USER32(00000000,?,00000000,00000000), ref: 01012DE4
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1653254072.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                • Associated: 00000000.00000002.1653140766.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653761657.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653855110.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                Similarity
                                                                • API ID: Thread$AttachCurrentInputMessageProcessSendTimeoutWindow
                                                                • String ID:
                                                                • API String ID: 2710830443-0
                                                                • Opcode ID: 784a6bc2d38f3e505bfcbcbfa28627b810f0e1ce171b2490000b996d1d2d7fd2
                                                                • Instruction ID: 7fb38b95315b62ce6a25278acd260c9f15f0784aa1f0863e9d20391e360a60dd
                                                                • Opcode Fuzzy Hash: 784a6bc2d38f3e505bfcbcbfa28627b810f0e1ce171b2490000b996d1d2d7fd2
                                                                • Instruction Fuzzy Hash: EDE092B52022287BE7302BB6DE4DFEB3E6CEF47BA1F504015F245D10849AAAD440C7B0
                                                                Function 01048863 Relevance: 6.0, APIs: 4, Instructions: 31COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 00FC9639: ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,00000000), ref: 00FC9693
                                                                  • Part of subcall function 00FC9639: SelectObject.GDI32(?,00000000), ref: 00FC96A2
                                                                  • Part of subcall function 00FC9639: BeginPath.GDI32(?), ref: 00FC96B9
                                                                  • Part of subcall function 00FC9639: SelectObject.GDI32(?,00000000), ref: 00FC96E2
                                                                • MoveToEx.GDI32(?,00000000,00000000,00000000), ref: 01048887
                                                                • LineTo.GDI32(?,?,?), ref: 01048894
                                                                • EndPath.GDI32(?), ref: 010488A4
                                                                • StrokePath.GDI32(?), ref: 010488B2
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1653254072.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                • Associated: 00000000.00000002.1653140766.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653761657.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653855110.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                Similarity
                                                                • API ID: Path$ObjectSelect$BeginCreateLineMoveStroke
                                                                • String ID:
                                                                • API String ID: 1539411459-0
                                                                • Opcode ID: c1e001fb0c2e9ff399bfba9f80a5d87d0a4b60113d5ca1e8fb4cf920377de1f5
                                                                • Instruction ID: 9b220b6bcb86f9099422d7b023e196a032713acefdf5aabc2e42c49ed7f7ca50
                                                                • Opcode Fuzzy Hash: c1e001fb0c2e9ff399bfba9f80a5d87d0a4b60113d5ca1e8fb4cf920377de1f5
                                                                • Instruction Fuzzy Hash: E3F09A3A006258BBFB221E94AE4AFCE3E59AF06310F008104FA81610D5C3BA1111DBA9
                                                                Function 00FC98B0 Relevance: 6.0, APIs: 4, Instructions: 23COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetSysColor.USER32(00000008), ref: 00FC98CC
                                                                • SetTextColor.GDI32(?,?), ref: 00FC98D6
                                                                • SetBkMode.GDI32(?,00000001), ref: 00FC98E9
                                                                • GetStockObject.GDI32(00000005), ref: 00FC98F1
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1653254072.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                • Associated: 00000000.00000002.1653140766.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653761657.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653855110.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                Similarity
                                                                • API ID: Color$ModeObjectStockText
                                                                • String ID:
                                                                • API String ID: 4037423528-0
                                                                • Opcode ID: cb9fa8452e26f173f1c2c939a5a900700d37a57ee5d4203fdd2f7247f8ac7f1a
                                                                • Instruction ID: c2fc687cc1839e08fe3ed32557d9478eebb87903e06d3ceac991a4600208973c
                                                                • Opcode Fuzzy Hash: cb9fa8452e26f173f1c2c939a5a900700d37a57ee5d4203fdd2f7247f8ac7f1a
                                                                • Instruction Fuzzy Hash: 5DE06575641280ABFB315B78AA49BD83F60AB06336F048259F7F5540E4C7B642409B10
                                                                Function 0101162B Relevance: 6.0, APIs: 4, Instructions: 22threadCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetCurrentThread.KERNEL32 ref: 01011634
                                                                • OpenThreadToken.ADVAPI32(00000000,?,?,?,010111D9), ref: 0101163B
                                                                • GetCurrentProcess.KERNEL32(00000028,?,?,?,?,010111D9), ref: 01011648
                                                                • OpenProcessToken.ADVAPI32(00000000,?,?,?,010111D9), ref: 0101164F
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1653254072.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                • Associated: 00000000.00000002.1653140766.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653761657.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653855110.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                Similarity
                                                                • API ID: CurrentOpenProcessThreadToken
                                                                • String ID:
                                                                • API String ID: 3974789173-0
                                                                • Opcode ID: bf55e993bb49c27173cda6243d5fc7e87d8f73b2dd94bd734240346322a278c7
                                                                • Instruction ID: 9c521d2cded0ec42934e5f3b918ac1c44d1bf6096d42b0f8732f9de3863406fd
                                                                • Opcode Fuzzy Hash: bf55e993bb49c27173cda6243d5fc7e87d8f73b2dd94bd734240346322a278c7
                                                                • Instruction Fuzzy Hash: 0EE04FB5602211ABE7701BB49F4DB463BA9AF45792F144848F6C5C9088D67E40408B50
                                                                Function 0100D858 Relevance: 6.0, APIs: 4, Instructions: 19COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetDesktopWindow.USER32 ref: 0100D858
                                                                • GetDC.USER32(00000000), ref: 0100D862
                                                                • GetDeviceCaps.GDI32(00000000,0000000C), ref: 0100D882
                                                                • ReleaseDC.USER32(?), ref: 0100D8A3
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1653254072.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                • Associated: 00000000.00000002.1653140766.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653761657.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653855110.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                Similarity
                                                                • API ID: CapsDesktopDeviceReleaseWindow
                                                                • String ID:
                                                                • API String ID: 2889604237-0
                                                                • Opcode ID: 997f7d28c0dc56e3be2b7b4d296249d5349494549b9e2f3677804c1eeda72456
                                                                • Instruction ID: 7dfe05cf41499458f910e43eb90b1027f938273680acac27d93ee9a698fef8ec
                                                                • Opcode Fuzzy Hash: 997f7d28c0dc56e3be2b7b4d296249d5349494549b9e2f3677804c1eeda72456
                                                                • Instruction Fuzzy Hash: 28E01AB9801205EFEB619FE0D748A6DBBB5FB08310F108059F886E7244C73D9901AF50
                                                                Function 0100D86C Relevance: 6.0, APIs: 4, Instructions: 18COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetDesktopWindow.USER32 ref: 0100D86C
                                                                • GetDC.USER32(00000000), ref: 0100D876
                                                                • GetDeviceCaps.GDI32(00000000,0000000C), ref: 0100D882
                                                                • ReleaseDC.USER32(?), ref: 0100D8A3
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1653254072.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                • Associated: 00000000.00000002.1653140766.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653761657.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653855110.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                Similarity
                                                                • API ID: CapsDesktopDeviceReleaseWindow
                                                                • String ID:
                                                                • API String ID: 2889604237-0
                                                                • Opcode ID: 2ea62e0a516a67e57bc340ace9ee01c0de0d3ca8033557ff59e07c581227fc5f
                                                                • Instruction ID: 1e5bae6236f86ffd2f36232a835b105f6f7d93434fe2f09f3c768157cb1faa1d
                                                                • Opcode Fuzzy Hash: 2ea62e0a516a67e57bc340ace9ee01c0de0d3ca8033557ff59e07c581227fc5f
                                                                • Instruction Fuzzy Hash: D7E01AB9801200EFDB609FA0D64866DBBB5BB08310B108048F886E7244C73D6901AF50
                                                                Function 01024D87 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 230shareCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 00FB7620: _wcslen.LIBCMT ref: 00FB7625
                                                                • WNetUseConnectionW.MPR(00000000,?,0000002A,00000000,?,?,0000002A,?), ref: 01024ED4
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1653254072.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                • Associated: 00000000.00000002.1653140766.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653761657.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653855110.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                Similarity
                                                                • API ID: Connection_wcslen
                                                                • String ID: *$LPT
                                                                • API String ID: 1725874428-3443410124
                                                                • Opcode ID: aa6fb9aa29503750b2349d024c371ff3853e32482ecca81f6e35d76e0009a123
                                                                • Instruction ID: 7cdf273daea9bcae447d19b69b19399fbb198939ad3bf8dd84f63fcd0faa149c
                                                                • Opcode Fuzzy Hash: aa6fb9aa29503750b2349d024c371ff3853e32482ecca81f6e35d76e0009a123
                                                                • Instruction Fuzzy Hash: 25918F75A00214DFDB54DF58C884EAABBF1AF84304F1980D9E84A9F7A2C735ED85CB90
                                                                Function 00FDE27D Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 189COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • __startOneArgErrorHandling.LIBCMT ref: 00FDE30D
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1653254072.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                • Associated: 00000000.00000002.1653140766.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653761657.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653855110.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                Similarity
                                                                • API ID: ErrorHandling__start
                                                                • String ID: pow
                                                                • API String ID: 3213639722-2276729525
                                                                • Opcode ID: f134f98ed10e371fd9fc16c70389214544497a6201d4b547d27bc357ed6c68ed
                                                                • Instruction ID: cafb5e04ff3270b391f75c1728e7a02bced3ec772ca8f66805223828c61c0b49
                                                                • Opcode Fuzzy Hash: f134f98ed10e371fd9fc16c70389214544497a6201d4b547d27bc357ed6c68ed
                                                                • Instruction Fuzzy Hash: 25518E72E0C34296CB257615CD0137A3F99EF40761F3849AAE0D54A3DCEB398C85BB86
                                                                Function 00FCE187 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 184COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1653254072.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                • Associated: 00000000.00000002.1653140766.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653761657.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653855110.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: #
                                                                • API String ID: 0-1885708031
                                                                • Opcode ID: dcf6f54525e3142539cbe5a69f86cac69102e0d4a10b0bd73fe96b6ffcb71075
                                                                • Instruction ID: 3edd4ee39237810f05895337463b6c5679352c9ce5e6c0ac2968024e1ab5f9e0
                                                                • Opcode Fuzzy Hash: dcf6f54525e3142539cbe5a69f86cac69102e0d4a10b0bd73fe96b6ffcb71075
                                                                • Instruction Fuzzy Hash: 96515575904206DFEB26DF28C482BFA7BE8FF55310F244499E8D5AB2C1D6389D42DB90
                                                                Function 00FCF291 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 144sleepCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • Sleep.KERNEL32(00000000), ref: 00FCF2A2
                                                                • GlobalMemoryStatusEx.KERNEL32(?), ref: 00FCF2BB
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1653254072.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                • Associated: 00000000.00000002.1653140766.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653761657.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653855110.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                Similarity
                                                                • API ID: GlobalMemorySleepStatus
                                                                • String ID: @
                                                                • API String ID: 2783356886-2766056989
                                                                • Opcode ID: 0372b86c89331aaabf5276ff6c28a27151a4127d0eb076354c8af833471d6474
                                                                • Instruction ID: 7fd7e6c8f42972ba3d3ce65beed095ed43f6a675697c8cc5e9b24282fa0d1e28
                                                                • Opcode Fuzzy Hash: 0372b86c89331aaabf5276ff6c28a27151a4127d0eb076354c8af833471d6474
                                                                • Instruction Fuzzy Hash: 865135715087449BE320AF11DC86BABBBF8FBC4340F81885DF1D982195EB758529CB66
                                                                Function 01035745 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 125COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • CharUpperBuffW.USER32(?,?,?,00000003,?,?), ref: 010357E0
                                                                • _wcslen.LIBCMT ref: 010357EC
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1653254072.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                • Associated: 00000000.00000002.1653140766.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653761657.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653855110.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                Similarity
                                                                • API ID: BuffCharUpper_wcslen
                                                                • String ID: CALLARGARRAY
                                                                • API String ID: 157775604-1150593374
                                                                • Opcode ID: 2ef3422b93c6e8d407bb2b077076c5688e852b05134926b6100a9afc821f301d
                                                                • Instruction ID: b098f5e39e94e942aa95494edb138d6ab7ea39e8eb7e00ca791adb89b0204792
                                                                • Opcode Fuzzy Hash: 2ef3422b93c6e8d407bb2b077076c5688e852b05134926b6100a9afc821f301d
                                                                • Instruction Fuzzy Hash: E9419171E002099FCB14DFA9CD819FEBBF9FF89314F244069E545A7262E7749981CB90
                                                                Function 0102D0F4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 98networkCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • _wcslen.LIBCMT ref: 0102D130
                                                                • InternetCrackUrlW.WININET(?,00000000,00000000,0000007C), ref: 0102D13A
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1653254072.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                • Associated: 00000000.00000002.1653140766.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653761657.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653855110.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                Similarity
                                                                • API ID: CrackInternet_wcslen
                                                                • String ID: |
                                                                • API String ID: 596671847-2343686810
                                                                • Opcode ID: 6ca9991b379de53b0e4eb36074bb446f9d4fe45891d207b55ec7935da8b87b5e
                                                                • Instruction ID: e0019c57699598a293638c6328acad2b0947c171819f21f09deff9b517ad30a3
                                                                • Opcode Fuzzy Hash: 6ca9991b379de53b0e4eb36074bb446f9d4fe45891d207b55ec7935da8b87b5e
                                                                • Instruction Fuzzy Hash: 66313D71D00219ABDF15EFA5CC85AEEBFB9FF04300F100059F915A61A6E739AA06DF54
                                                                Function 0104356C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 96COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • DestroyWindow.USER32(?,?,?,?), ref: 01043621
                                                                • MoveWindow.USER32(?,?,?,?,?,00000001,?,?,?), ref: 0104365C
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1653254072.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                • Associated: 00000000.00000002.1653140766.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653761657.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653855110.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                Similarity
                                                                • API ID: Window$DestroyMove
                                                                • String ID: static
                                                                • API String ID: 2139405536-2160076837
                                                                • Opcode ID: 2d4d3fff05d2e78f8bc7c1014c67e9a6a3da0356cdc766408bec8c068653b9b0
                                                                • Instruction ID: 6d475a59f8982aeb69edf6de220c8377928f181a23b73858de626a24d30437d9
                                                                • Opcode Fuzzy Hash: 2d4d3fff05d2e78f8bc7c1014c67e9a6a3da0356cdc766408bec8c068653b9b0
                                                                • Instruction Fuzzy Hash: F3318FB1110205AFEB209F68DC80EFB73A9FF48720F009629F9A597280DA35A891D760
                                                                Function 01044537 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 95windowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • SendMessageW.USER32(00000027,00001132,00000000,?), ref: 0104461F
                                                                • SendMessageW.USER32(?,00001105,00000000,00000000), ref: 01044634
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1653254072.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                • Associated: 00000000.00000002.1653140766.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653761657.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653855110.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                Similarity
                                                                • API ID: MessageSend
                                                                • String ID: '
                                                                • API String ID: 3850602802-1997036262
                                                                • Opcode ID: aa00198675b307d6607b5b58c8b7e127cfea58215a2ace199a0083b30b5425f4
                                                                • Instruction ID: ea18768fcd512b161ed392ba341ccdfab5b7a5356655e2ad9be889fffbf42fe7
                                                                • Opcode Fuzzy Hash: aa00198675b307d6607b5b58c8b7e127cfea58215a2ace199a0083b30b5425f4
                                                                • Instruction Fuzzy Hash: 5631E7B4A012099FDF14CFA9C981BDA7BB5FF49300F144169EA45EB342D771A945CF90
                                                                Function 010431EF Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 72windowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • SendMessageW.USER32(00000000,00000143,00000000,?), ref: 0104327C
                                                                • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 01043287
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1653254072.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                • Associated: 00000000.00000002.1653140766.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653761657.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653855110.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                Similarity
                                                                • API ID: MessageSend
                                                                • String ID: Combobox
                                                                • API String ID: 3850602802-2096851135
                                                                • Opcode ID: 200c155b4bc206c8d38844ec479a6be0a11d5026ba0e1ea332e469b72939ee31
                                                                • Instruction ID: ad0b7931393ce360d692ba87ac5c5fa3b319c636ac1561cc2c1096f7d88a5b41
                                                                • Opcode Fuzzy Hash: 200c155b4bc206c8d38844ec479a6be0a11d5026ba0e1ea332e469b72939ee31
                                                                • Instruction Fuzzy Hash: D911D3B13002186FFF669E58DDC0EAB37AAFB483A4F105125F9949B291D6359C51C760
                                                                Function 01043710 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 67COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 00FB600E: CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 00FB604C
                                                                  • Part of subcall function 00FB600E: GetStockObject.GDI32(00000011), ref: 00FB6060
                                                                  • Part of subcall function 00FB600E: SendMessageW.USER32(00000000,00000030,00000000), ref: 00FB606A
                                                                • GetWindowRect.USER32(00000000,?), ref: 0104377A
                                                                • GetSysColor.USER32(00000012), ref: 01043794
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1653254072.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                • Associated: 00000000.00000002.1653140766.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653761657.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653855110.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                Similarity
                                                                • API ID: Window$ColorCreateMessageObjectRectSendStock
                                                                • String ID: static
                                                                • API String ID: 1983116058-2160076837
                                                                • Opcode ID: 0f35c9e166a2fd3b898c64d08fef5ca6c910e4cf47d07af324689812f09a83ca
                                                                • Instruction ID: 2925a9bbf282b9d938d0c4323a2529a4843772315d7e915a58d283bcc597f745
                                                                • Opcode Fuzzy Hash: 0f35c9e166a2fd3b898c64d08fef5ca6c910e4cf47d07af324689812f09a83ca
                                                                • Instruction Fuzzy Hash: 961129B2610209AFEB11DFA8CD85AEE7BF8FF08354F005925F995E6240D735E8519B50
                                                                Function 0102CD1E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66networkCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • InternetOpenW.WININET(?,00000000,00000000,00000000,00000000), ref: 0102CD7D
                                                                • InternetSetOptionW.WININET(00000000,00000032,?,00000008), ref: 0102CDA6
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1653254072.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                • Associated: 00000000.00000002.1653140766.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653761657.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653855110.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                Similarity
                                                                • API ID: Internet$OpenOption
                                                                • String ID: <local>
                                                                • API String ID: 942729171-4266983199
                                                                • Opcode ID: 7ee318c9f011224a462de4186f81abbbdf056beb31e95336aaf7025794bcaf80
                                                                • Instruction ID: ae9ddfe172740d6609660b3a3d91d62fac803114ff32405fe47b1ea2cf7d0f66
                                                                • Opcode Fuzzy Hash: 7ee318c9f011224a462de4186f81abbbdf056beb31e95336aaf7025794bcaf80
                                                                • Instruction Fuzzy Hash: A71129B12016317AF7746A668D84FFBBEACEF026A4F00425AF18983080D3759444C6F0
                                                                Function 01043429 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 64windowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetWindowTextLengthW.USER32(00000000), ref: 010434AB
                                                                • SendMessageW.USER32(?,000000B1,00000000,00000000), ref: 010434BA
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1653254072.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                • Associated: 00000000.00000002.1653140766.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653761657.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653855110.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                Similarity
                                                                • API ID: LengthMessageSendTextWindow
                                                                • String ID: edit
                                                                • API String ID: 2978978980-2167791130
                                                                • Opcode ID: d64d1d6a7497d942d27a4fb730a824af6a50085e3db602d54615b2814f4892bf
                                                                • Instruction ID: bfca55e158604147f04a1fc4312ef4a5eaa97aec9262e7aad242f36c8fd2c919
                                                                • Opcode Fuzzy Hash: d64d1d6a7497d942d27a4fb730a824af6a50085e3db602d54615b2814f4892bf
                                                                • Instruction Fuzzy Hash: 33119DB5100118ABEB624E68DC84AEA37AAFB85374F505324F9A09B1D4CB36EC519B50
                                                                Function 01016C86 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 56COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 00FB9CB3: _wcslen.LIBCMT ref: 00FB9CBD
                                                                • CharUpperBuffW.USER32(?,?,?), ref: 01016CB6
                                                                • _wcslen.LIBCMT ref: 01016CC2
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1653254072.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                • Associated: 00000000.00000002.1653140766.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653761657.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653855110.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                Similarity
                                                                • API ID: _wcslen$BuffCharUpper
                                                                • String ID: STOP
                                                                • API String ID: 1256254125-2411985666
                                                                • Opcode ID: 08102e40010e47c66b7ad03cff0503fe953975b1f18b0df39d32fd4915501913
                                                                • Instruction ID: 917215f809e8ee2e6122c0c8e6f0c747a623a5d9fa68a10e3f45da01c26873c2
                                                                • Opcode Fuzzy Hash: 08102e40010e47c66b7ad03cff0503fe953975b1f18b0df39d32fd4915501913
                                                                • Instruction Fuzzy Hash: 95010432E0052A8BDB21AFBECC808BF3BE5EB61610B400564E99292189EBBBD440C750
                                                                Function 01011CDE Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 52windowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 00FB9CB3: _wcslen.LIBCMT ref: 00FB9CBD
                                                                  • Part of subcall function 01013CA7: GetClassNameW.USER32(?,?,000000FF), ref: 01013CCA
                                                                • SendMessageW.USER32(?,000001A2,000000FF,?), ref: 01011D4C
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1653254072.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                • Associated: 00000000.00000002.1653140766.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653761657.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653855110.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                Similarity
                                                                • API ID: ClassMessageNameSend_wcslen
                                                                • String ID: ComboBox$ListBox
                                                                • API String ID: 624084870-1403004172
                                                                • Opcode ID: 9e5962e0ed62a44ea0f2e5e7bcfd0d84cad9fd9d6f134b9ff907f9e9c3fd7e4e
                                                                • Instruction ID: 32e435c1f07aa18dc5fe9eb55b9d9eeaf3595c0cc6c2738553610f1ac90e6511
                                                                • Opcode Fuzzy Hash: 9e5962e0ed62a44ea0f2e5e7bcfd0d84cad9fd9d6f134b9ff907f9e9c3fd7e4e
                                                                • Instruction Fuzzy Hash: 72014C7560121DABDB08FBB5CD50CFE77A8FF16350B400509EAB25B3C4EA785408CB60
                                                                Function 01011BD8 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 50windowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 00FB9CB3: _wcslen.LIBCMT ref: 00FB9CBD
                                                                  • Part of subcall function 01013CA7: GetClassNameW.USER32(?,?,000000FF), ref: 01013CCA
                                                                • SendMessageW.USER32(?,00000180,00000000,?), ref: 01011C46
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1653254072.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                • Associated: 00000000.00000002.1653140766.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653761657.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653855110.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                Similarity
                                                                • API ID: ClassMessageNameSend_wcslen
                                                                • String ID: ComboBox$ListBox
                                                                • API String ID: 624084870-1403004172
                                                                • Opcode ID: 105daad3384d54212fd97df4528609b1f9c51c8c88b9183e5872d79dac8d453f
                                                                • Instruction ID: 6165efef5180b51dbd4ac0fea15836bdf3945aaf224c26f7b8909480df1d4195
                                                                • Opcode Fuzzy Hash: 105daad3384d54212fd97df4528609b1f9c51c8c88b9183e5872d79dac8d453f
                                                                • Instruction Fuzzy Hash: 04012BB5B4110D67DB08EBA1CE51DFF77E8AF11340F100019AA8667285EA78AA08CBB1
                                                                Function 01011C5C Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 49windowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 00FB9CB3: _wcslen.LIBCMT ref: 00FB9CBD
                                                                  • Part of subcall function 01013CA7: GetClassNameW.USER32(?,?,000000FF), ref: 01013CCA
                                                                • SendMessageW.USER32(?,00000182,?,00000000), ref: 01011CC8
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1653254072.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                • Associated: 00000000.00000002.1653140766.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653761657.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653855110.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                Similarity
                                                                • API ID: ClassMessageNameSend_wcslen
                                                                • String ID: ComboBox$ListBox
                                                                • API String ID: 624084870-1403004172
                                                                • Opcode ID: 154ec5c82e02fa67050165e17eed2522bac255d14ab5e2b2e19c6094bf1a1f05
                                                                • Instruction ID: c1ad5b0d4f0e6b1f44263db6f2c237cc70d356874218d33019c6a4938ebfcef8
                                                                • Opcode Fuzzy Hash: 154ec5c82e02fa67050165e17eed2522bac255d14ab5e2b2e19c6094bf1a1f05
                                                                • Instruction Fuzzy Hash: 88012BB5A0011D67DF08E7A5CF41AFF77E8AB11340F100015AA8667285EA789A08CBB1
                                                                Function 01011D68 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 46windowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 00FB9CB3: _wcslen.LIBCMT ref: 00FB9CBD
                                                                  • Part of subcall function 01013CA7: GetClassNameW.USER32(?,?,000000FF), ref: 01013CCA
                                                                • SendMessageW.USER32(?,0000018B,00000000,00000000), ref: 01011DD3
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1653254072.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                • Associated: 00000000.00000002.1653140766.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653761657.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653855110.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                Similarity
                                                                • API ID: ClassMessageNameSend_wcslen
                                                                • String ID: ComboBox$ListBox
                                                                • API String ID: 624084870-1403004172
                                                                • Opcode ID: facd492e1c3aa67a6c9446e54c34e540d732a20e1a3d21ad93356b65ad558c09
                                                                • Instruction ID: dcbd0c7786c1755d43aec5a34d1b810eab704d969edbfa5b882e09ff6163b868
                                                                • Opcode Fuzzy Hash: facd492e1c3aa67a6c9446e54c34e540d732a20e1a3d21ad93356b65ad558c09
                                                                • Instruction Fuzzy Hash: 15F04970A0021967DB08F7A5CC81BFF77A8AB01350F400808BAA2672C4EA7855088760
                                                                Function 0103747E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1653254072.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                • Associated: 00000000.00000002.1653140766.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653761657.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653855110.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                Similarity
                                                                • API ID: _wcslen
                                                                • String ID: 3, 3, 16, 1
                                                                • API String ID: 176396367-3042988571
                                                                • Opcode ID: 9c3284a6ef4b2411c3b8476176b6d521bd165db01887e4f0255910b282d27005
                                                                • Instruction ID: 8297262f460bb87fdb590bed396ba0e8a1f60b7a3bb2cdf9f320a1c3791ef4e5
                                                                • Opcode Fuzzy Hash: 9c3284a6ef4b2411c3b8476176b6d521bd165db01887e4f0255910b282d27005
                                                                • Instruction Fuzzy Hash: 67E02B42601320219271137F9CC197F7ACECFC9690714182BFAC5C2366EFA8ED9193A1
                                                                Function 01010B15 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 28windowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • MessageBoxW.USER32(00000000,Error allocating memory.,AutoIt,00000010), ref: 01010B23
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1653254072.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                • Associated: 00000000.00000002.1653140766.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653761657.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653855110.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                Similarity
                                                                • API ID: Message
                                                                • String ID: AutoIt$Error allocating memory.
                                                                • API String ID: 2030045667-4017498283
                                                                • Opcode ID: 509914fb90b8494b57b324ac8abb551de8e60fca90f10ce7cc770fe449ee6628
                                                                • Instruction ID: 9b1cb56fa469f093ec00c027b9238394a49b2bc485c47771c034107bc35486ce
                                                                • Opcode Fuzzy Hash: 509914fb90b8494b57b324ac8abb551de8e60fca90f10ce7cc770fe449ee6628
                                                                • Instruction Fuzzy Hash: 9CE0D83128531837E2143795BE43FC97B859F05B10F10446EFBD4995C38EDA249016ED
                                                                Function 00FD0D42 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 22COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                  • Part of subcall function 00FCF7C9: InitializeCriticalSectionAndSpinCount.KERNEL32(?,00000000,?,00FD0D71,?,?,?,00FB100A), ref: 00FCF7CE
                                                                • IsDebuggerPresent.KERNEL32(?,?,?,00FB100A), ref: 00FD0D75
                                                                • OutputDebugStringW.KERNEL32(ERROR : Unable to initialize critical section in CAtlBaseModule,?,?,?,00FB100A), ref: 00FD0D84
                                                                Strings
                                                                • ERROR : Unable to initialize critical section in CAtlBaseModule, xrefs: 00FD0D7F
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1653254072.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                • Associated: 00000000.00000002.1653140766.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653761657.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653855110.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                Similarity
                                                                • API ID: CountCriticalDebugDebuggerInitializeOutputPresentSectionSpinString
                                                                • String ID: ERROR : Unable to initialize critical section in CAtlBaseModule
                                                                • API String ID: 55579361-631824599
                                                                • Opcode ID: ffcd99318178deb79fa3f10f979363158bd7d8e1e8ac14d5402cf9f866113f29
                                                                • Instruction ID: 287e5590bd4cd92a42f350f103faff0adc85ea85f5e68f0d9b88eb94430db404
                                                                • Opcode Fuzzy Hash: ffcd99318178deb79fa3f10f979363158bd7d8e1e8ac14d5402cf9f866113f29
                                                                • Instruction Fuzzy Hash: F7E06DB42003028BE3309FBEE6447467BE2AF04B45F04892EE4C6C7746DFB9E4449BA1
                                                                Function 01023017 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 18COMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • GetTempPathW.KERNEL32(00000104,?,00000001), ref: 0102302F
                                                                • GetTempFileNameW.KERNEL32(?,aut,00000000,?), ref: 01023044
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1653254072.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                • Associated: 00000000.00000002.1653140766.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653761657.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653855110.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                Similarity
                                                                • API ID: Temp$FileNamePath
                                                                • String ID: aut
                                                                • API String ID: 3285503233-3010740371
                                                                • Opcode ID: a58688428f20d6645818598147587777666f0d2b4a206942fd71469bffc7d844
                                                                • Instruction ID: b2d4cd4b920d02d070e715df4994f445699993e8575fc3e2cad99d9419c6e2a8
                                                                • Opcode Fuzzy Hash: a58688428f20d6645818598147587777666f0d2b4a206942fd71469bffc7d844
                                                                • Instruction Fuzzy Hash: 9CD05BB550131477EB30A6959E4DFC73A6CD704650F0001517695D6085DAF59544CFD4
                                                                Function 0100D21C Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 17timeCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1653254072.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                • Associated: 00000000.00000002.1653140766.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653761657.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653855110.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                Similarity
                                                                • API ID: LocalTime
                                                                • String ID: %.3d$X64
                                                                • API String ID: 481472006-1077770165
                                                                • Opcode ID: efb62a7dd21a068c45ee7d5b603f3d386e082badc266c822c0e949d67702988d
                                                                • Instruction ID: 8fa0ba30031847b6db04aec83a676cea4166f6851784b9e85f6344b870f29331
                                                                • Opcode Fuzzy Hash: efb62a7dd21a068c45ee7d5b603f3d386e082badc266c822c0e949d67702988d
                                                                • Instruction Fuzzy Hash: D2D05BB1C09119FADB5196D0CE4ADBDF37CFB68351F408466F98AD1080D738D5085B71
                                                                Function 01042322 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 15windowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 0104232C
                                                                • PostMessageW.USER32(00000000,00000111,00000197,00000000), ref: 0104233F
                                                                  • Part of subcall function 0101E97B: Sleep.KERNEL32 ref: 0101E9F3
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1653254072.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                • Associated: 00000000.00000002.1653140766.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653761657.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653855110.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                Similarity
                                                                • API ID: FindMessagePostSleepWindow
                                                                • String ID: Shell_TrayWnd
                                                                • API String ID: 529655941-2988720461
                                                                • Opcode ID: 9b89e946361f00e9ed57cf40ddaa3692c2cace36a57f856ed14207c38e74be1e
                                                                • Instruction ID: 32397795d8b04a2d4ceec68485634b9bd868795e219de6bb996c7f3e34e506ef
                                                                • Opcode Fuzzy Hash: 9b89e946361f00e9ed57cf40ddaa3692c2cace36a57f856ed14207c38e74be1e
                                                                • Instruction Fuzzy Hash: 01D0A9BA791300B7F274A331DE4FFCABA14AB00B00F0049067786AA1C8C8B9A800CB44
                                                                Function 01042356 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 15windowCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 0104236C
                                                                • PostMessageW.USER32(00000000), ref: 01042373
                                                                  • Part of subcall function 0101E97B: Sleep.KERNEL32 ref: 0101E9F3
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1653254072.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                • Associated: 00000000.00000002.1653140766.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653761657.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653855110.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                Similarity
                                                                • API ID: FindMessagePostSleepWindow
                                                                • String ID: Shell_TrayWnd
                                                                • API String ID: 529655941-2988720461
                                                                • Opcode ID: eaa84d3d3a54044390a9704d3e21a2367a95b37ee712433847bc2d64939fece7
                                                                • Instruction ID: 52b95bf0cd67160952cc00ef6553e13e915023421d384ee07c6b4cea5d83917c
                                                                • Opcode Fuzzy Hash: eaa84d3d3a54044390a9704d3e21a2367a95b37ee712433847bc2d64939fece7
                                                                • Instruction Fuzzy Hash: F1D0A9B67823007BF274A331DE4FFCAB614AB04B00F0049067782AA1C8C8B9A800CB48
                                                                Function 00FEBDFD Relevance: 5.1, APIs: 4, Instructions: 139COMMONLIBRARYCODE
                                                                Download Yara Rule
                                                                APIs
                                                                • MultiByteToWideChar.KERNEL32(?,00000009,?,00000000,00000000,?,?,?,00000000,?,?,?,?,?,00000000,?), ref: 00FEBE93
                                                                • GetLastError.KERNEL32 ref: 00FEBEA1
                                                                • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 00FEBEFC
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.1653254072.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                • Associated: 00000000.00000002.1653140766.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653493238.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653761657.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                • Associated: 00000000.00000002.1653855110.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_0_2_fb0000_file.jbxd
                                                                Similarity
                                                                • API ID: ByteCharMultiWide$ErrorLast
                                                                • String ID:
                                                                • API String ID: 1717984340-0
                                                                • Opcode ID: 61d1cfbf43deb0224a729a8e4f0e90667d902f60060b95a83d566d8598b627ec
                                                                • Instruction ID: 1ad55863ff90c7544acc9e5a208685640173b75b358b662453ef17f24cb3da64
                                                                • Opcode Fuzzy Hash: 61d1cfbf43deb0224a729a8e4f0e90667d902f60060b95a83d566d8598b627ec
                                                                • Instruction Fuzzy Hash: 6041E835A052C6AFDF218FA6CC44BBB7BA5EF41320F144169F959972A1DB318D00EB60

                                                                Execution Graph

                                                                Execution Coverage:0.5%
                                                                Dynamic/Decrypted Code Coverage:0%
                                                                Signature Coverage:100%
                                                                Total number of Nodes:6
                                                                Total number of Limit Nodes:0
                                                                execution_graph 5016 250b9aea9b7 5017 250b9aea9c7 NtQuerySystemInformation 5016->5017 5018 250b9aea964 5017->5018 5019 250b9ae21f2 5020 250b9ae2249 NtQuerySystemInformation 5019->5020 5021 250b9ae05c4 5019->5021 5020->5021

                                                                Callgraph

                                                                Executed Functions

                                                                Function 00000250B9AEA9B7 Relevance: 8.4, APIs: 1, Instructions: 6852nativeCOMMON
                                                                Download Yara Rule
                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000010.00000002.2898705667.00000250B9AE8000.00000020.00000001.00020000.00000000.sdmp, Offset: 00000250B9AE8000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_16_2_250b9ae8000_firefox.jbxd
                                                                Similarity
                                                                • API ID: InformationQuerySystem
                                                                • String ID:
                                                                • API String ID: 3562636166-0
                                                                • Opcode ID: a3d4a310f25344abd1978f5247c9d082b9ccbb3eaa73dfa71153365510a96fee
                                                                • Instruction ID: 6ac2a688d03c2c34b545e916e474746afc1008f42ba0dbbf9396f2d464890c9c
                                                                • Opcode Fuzzy Hash: a3d4a310f25344abd1978f5247c9d082b9ccbb3eaa73dfa71153365510a96fee
                                                                • Instruction Fuzzy Hash: D5A3F231A14E488BDB2DDF28DCC97A977E5FB95305F14462ED94BC3281DB30EA428AC5
                                                                Function 00000250B955C180 Relevance: .1, Instructions: 85COMMON
                                                                Download Yara Rule

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 2862 250b955c180-250b955c1c3 2864 250b955c1c7-250b955c1c9 2862->2864 2865 250b955c21f-250b955c251 2864->2865 2866 250b955c1cb-250b955c202 2864->2866 2866->2865
                                                                Memory Dump Source
                                                                • Source File: 00000010.00000002.2897740037.00000250B955C000.00000020.00000001.00020000.00000000.sdmp, Offset: 00000250B955C000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_16_2_250b955c000_firefox.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: a526df03fd3513f466d28c1e2a97e7dbdd1d3ece3287b4cb14672625a1e97d2d
                                                                • Instruction ID: cd44c78a468c3a4761081723acf142b254a08bdccf246b995b3c03d112501452
                                                                • Opcode Fuzzy Hash: a526df03fd3513f466d28c1e2a97e7dbdd1d3ece3287b4cb14672625a1e97d2d
                                                                • Instruction Fuzzy Hash: 4D21933150CF8C4FDB45DF28C844B96BBE0FB6A311F1506AFE089C3292D634D9458782