Windows Analysis Report
563299efce875400a8d9b44b96597c8e-sample (1).zip

Overview

General Information

Sample name:	563299efce875400a8d9b44b96597c8e-sample (1).zip
Analysis ID:	1524026
MD5:	8625e1f9e8548342a4f9f1641a1ae4eb
SHA1:	3b602c272347d14cc91e07bf0dae686d768d7965
SHA256:	11fe7a13ad470ff3c39423f1ebb5b7abff8cf8a656d2ac97c0183d680d07687c
Infos:

Detection

Score:	72
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Submitted sample is a known malware sample

Creates an undocumented autostart registry key

Creates multiple autostart registry keys

Drops PE files with a suspicious file extension

Drops executables to the windows directory (C:\Windows) and starts them

Queries Google from non browser process on port 80

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Uses cmd line tools excessively to alter registry or file data

Writes many files with high entropy

Contains functionality to call native functions

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)

Contains functionality to check if a window is minimized (may be used to check if an application is visible)

Contains functionality to create guard pages, often used to hinder reverse engineering and debugging

Contains functionality to dynamically determine API calls

Contains functionality to open a port and listen for incoming connection (possibly a backdoor)

Contains functionality to query CPU information (cpuid)

Contains functionality to query locales information (e.g. system language)

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Creates a process in suspended mode (likely to inject code)

Creates files inside the system directory

Creates or modifies windows services

Detected potential crypto function

Drops PE files

Drops PE files to the windows directory (C:\Windows)

Drops files with a non-matching file extension (content does not match file extension)

Extensive use of GetProcAddress (often used to hide API calls)

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Found dropped PE file which has not been started or loaded

Found evasive API chain (date check)

Found evasive API chain (may stop execution after checking a module file name)

Found large amount of non-executed APIs

Found potential string decryption / allocating functions

HTTP GET or POST without a user agent

Launches processes in debugging mode, may be used to hinder debugging

May infect USB drives

May sleep (evasive loops) to hinder dynamic analysis

Monitors certain registry keys / values for changes (often done to protect autostart functionality)

Potential browser exploit detected (process start blacklist hit)

Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)

Queries sensitive Operating System Information (via WMI, Win32_ComputerSystem, often done to detect virtual machines)

Queries the volume information (name, serial number etc) of a device

Sample execution stops while process was sleeping (likely an evasion)

Sigma detected: Common Autorun Keys Modification

Sigma detected: CurrentVersion Autorun Keys Modification

Sigma detected: Direct Autorun Keys Modification

Sigma detected: Potential Persistence Attempt Via Run Keys Using Reg.EXE

Sigma detected: Suspicious Screensaver Binary File Creation

Sigma detected: Use Short Name Path in Command Line

Sleep loop found (likely to delay execution)

Stores files to the Windows start menu directory

Suricata IDS alerts with low severity for network traffic

Too many similar processes found

Uses Microsoft's Enhanced Cryptographic Provider

Uses code obfuscation techniques (call, push, ret)

Uses reg.exe to modify the Windows registry

Very long cmdline option found, this is very uncommon (may be encrypted or packed)

Classification

Signatures

Uses Microsoft's Enhanced Cryptographic Provider

Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_04819970 CryptAcquireContextA,CryptAcquireContextA,GetLastError,CryptAcquireContextA,CryptCreateHash,CryptHashData,CryptDeriveKey,CryptEncrypt,CryptEncrypt,_strncpy,CryptEncrypt,CryptReleaseContext,InterlockedIncrement,	20_2_04819970
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_04819BA0 CryptAcquireContextA,CryptAcquireContextA,GetLastError,CryptAcquireContextA,CryptCreateHash,CryptHashData,CryptDeriveKey,CryptDecrypt,CryptReleaseContext,	20_2_04819BA0
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_047E7BC0 CryptEncrypt,InterlockedIncrement,	20_2_047E7BC0

Source: https://support.google.com/picasa/answer/6383491?hl=en&visit_id=638634609885905976-1351747924&rd=3

HTTP Parser: No favicon

Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe

Window detected: I AgreeCancelNullsoft Install System v3.0b1 Nullsoft Install System v3.0b1License AgreementPlease review the license terms before installing Picasa 3By using Picasa 3 you agree to the Google Terms of Service and Privacy Policy.Terms of ServicePrivacy Policy

Source: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\REG.EXE

Registry value created: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SeznamInstall

Source: C:\Users\user\AppData\Roaming\Seznam.cz\szninstall.exe	File created: C:\Users\user\AppData\Roaming\Seznam.cz\install.log.5868.log
Source: C:\Users\user\AppData\Roaming\Seznam.cz\szninstall.exe	File created: C:\Users\user\AppData\Roaming\Seznam.cz\install.log
Source: C:\Windows\SysWOW64\cmd.exe	File created: C:\Users\user\AppData\Roaming\Seznam.cz\install_packages.log

Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe

File opened: C:\Users\user\AppData\Local\Temp\~006AD463.00000DD4.sznpkg\msvcr100.dll

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49702 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49704 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.75.76.70:443 -> 192.168.2.16:49708 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.217.23.110:443 -> 192.168.2.16:49716 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.217.23.110:443 -> 192.168.2.16:49715 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 142.250.186.65:443 -> 192.168.2.16:49736 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 142.250.186.65:443 -> 192.168.2.16:49737 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 142.250.185.174:443 -> 192.168.2.16:49755 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 142.250.185.174:443 -> 192.168.2.16:49754 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.217.23.110:443 -> 192.168.2.16:49772 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.217.23.110:443 -> 192.168.2.16:49773 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.217.23.110:443 -> 192.168.2.16:49775 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.75.76.70:443 -> 192.168.2.16:49776 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.190.159.64:443 -> 192.168.2.16:49926 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.75.78.30:443 -> 192.168.2.16:49960 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.75.78.30:443 -> 192.168.2.16:49966 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.75.78.30:443 -> 192.168.2.16:49969 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.75.78.30:443 -> 192.168.2.16:49972 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.75.78.30:443 -> 192.168.2.16:49981 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.75.78.30:443 -> 192.168.2.16:49996 version: TLS 1.2

Source:	Binary string: C:\Users\ondrej.novak\Documents\Visual Studio 2008\Projects\software-trunk\SeznamInstall\bin\debug\sznsetup-lt.pdbPV source: sznsetup-lt.exe, 00000017.00000000.1729394687.000000000052B000.00000002.00000001.01000000.0000001F.sdmp
Source:	Binary string: C:\Repository\listicka\ielisticka_new\bin-Release\pdb\listicka-x64.pdb source: UNZIP.EXE, 00000081.00000002.2178378406.0000000000428000.00000040.00000001.01000000.00000026.sdmp, CPY.EXE, 00000086.00000002.2185910879.000000000075A000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \plugins\CDVDR\*.pdb source: setuppicasa39-setup.exe, 00000010.00000003.1659418312.000000000067F000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \plugins\expwebsites\*.pdb source: setuppicasa39-setup.exe, 00000010.00000003.1659418312.000000000067F000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: p:\d\a\wpyh4-vm-6.hot\recipes\840394494\base\googleclient\picasa39-stable\build\Picasa3.pdb source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp
Source:	Binary string: C:\playground\repos\listicka\sznpp\bin\symbols\Release_x86\sznpp_dll.pdb source: UNZIP.EXE, 0000005D.00000002.2105385323.0000000000428000.00000040.00000001.01000000.00000026.sdmp, CPY.EXE, 00000064.00000002.2115643669.0000000000ECA000.00000004.00000020.00020000.00000000.sdmp, sznpp.exe, 0000007C.00000000.2152804918.0000000000BFB000.00000002.00000001.01000000.0000002C.sdmp
Source:	Binary string: msvcp110.i386.pdb source: szndesktop.exe, szndesktop.exe, 00000087.00000002.2193190667.000000006C0E1000.00000020.00000001.01000000.0000002E.sdmp
Source:	Binary string: C:\Users\ondrej.novak\Documents\Visual Studio 2008\Projects\software-trunk\SeznamInstall\bin\debug\sznsetup.pdb source: sznsetup.exe, 00000039.00000000.1850844929.0000000000F0C000.00000002.00000001.01000000.00000023.sdmp
Source:	Binary string: msvcr110.i386.pdb source: UNZIP.EXE, 00000052.00000002.2089014833.0000000000428000.00000040.00000001.01000000.00000026.sdmp, CPY.EXE, 00000057.00000002.2096863979.0000000000B3A000.00000004.00000020.00020000.00000000.sdmp, szndesktop.exe, szndesktop.exe, 00000087.00000002.2195197650.000000006C221000.00000020.00000001.01000000.0000002B.sdmp
Source:	Binary string: C:\playground\repos\listicka\sznpp\bin\symbols\Release_x64\sznpp_64.pdb source: sznpp.exe, 0000007C.00000000.2152804918.0000000000B52000.00000002.00000001.01000000.0000002C.sdmp
Source:	Binary string: PhotoViewer.pdbGCTL source: PicasaPhotoViewer.exe, 00000015.00000003.1748748621.0000000003DBE000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\playground\repos\listicka\sznpp\bin\symbols\Release_x86\sznpp.pdb source: sznpp.exe, 0000007C.00000000.2152425887.0000000000B0C000.00000002.00000001.01000000.0000002C.sdmp
Source:	Binary string: C:\playground\repos\listicka\sznpp\bin\symbols\Release_x86\sznpp.pdb- source: sznpp.exe, 0000007C.00000000.2152425887.0000000000B0C000.00000002.00000001.01000000.0000002C.sdmp
Source:	Binary string: p:\d\a\wpyh4-vm-6.hot\recipes\840394494\base\googleclient\picasa39-stable\build\PicasaPhotoViewer.pdb source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000031AA000.00000004.00000020.00020000.00000000.sdmp, PicasaPhotoViewer.exe, 00000015.00000000.1692209976.000000000070D000.00000002.00000001.01000000.00000019.sdmp
Source:	Binary string: p:\d\a\wpyh4-vm-6.hot\recipes\840394494\base\googleclient\picasa39-stable\build\cdautorun\PicasaCD.pdb source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.0000000004419000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: mi_exe_stub.pdb@;AL source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000029F6000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: p:\d\a\wpyh4-vm-6.hot\recipes\840394494\base\googleclient\picasa39-stable\build\plugins\CDVDR\CDVDR.pdb source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.0000000003831000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2497615129.00000000033F3000.00000002.00000001.01000000.00000015.sdmp
Source:	Binary string: p:\d\a\wpyh4-vm-6.hot\recipes\840394494\base\googleclient\picasa39-stable\build\npPicasa3.pdb source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.0000000002E88000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: d:\Development\googleclient\picasa4\build\plugins\Red.pdb source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.0000000003FAE000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Repository\listicka\ielisticka_new\bin-Release\pdb\szndesktop.pdb source: CPY.EXE, 00000061.00000002.2108099884.0000000000E09000.00000004.00000020.00020000.00000000.sdmp, szndesktop.exe, 00000087.00000000.2188348792.0000000000875000.00000002.00000001.01000000.0000002D.sdmp
Source:	Binary string: p:\d\a\wpyh4-vm-6.hot\recipes\840394494\base\googleclient\picasa39-stable\build\plugins\expwebsites\expwebsites.pdb source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.0000000003DA5000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2533437740.000000000488F000.00000002.00000001.01000000.00000016.sdmp
Source:	Binary string: C:\Users\ondrej.novak\Documents\Visual Studio 2008\Projects\software-trunk\SeznamInstall\bin\debug\sznsetup-lt.pdb source: listicka.exe, 00000016.00000002.2443085483.00000000029E3000.00000004.00000020.00020000.00000000.sdmp, sznsetup-lt.exe, 00000017.00000000.1729394687.000000000052B000.00000002.00000001.01000000.0000001F.sdmp
Source:	Binary string: C:\playground\repos\listicka\sznpp\bin\symbols\Release_x64\sznpp_dll.pdb source: CPY.EXE, 00000064.00000002.2115643669.0000000000ECA000.00000004.00000020.00020000.00000000.sdmp, sznpp.exe, 0000007C.00000000.2152804918.0000000000BFB000.00000002.00000001.01000000.0000002C.sdmp
Source:	Binary string: C:\playground\repos\listicka\sznpp\bin\symbols\Release_x64\sznpp_64.pdb( source: sznpp.exe, 0000007C.00000000.2152804918.0000000000B52000.00000002.00000001.01000000.0000002C.sdmp
Source:	Binary string: p:\d\a\wpyh4-vm-6.hot\recipes\840394494\base\googleclient\picasa39-stable\build\GPhotos.pdb source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000035FF000.00000004.00000020.00020000.00000000.sdmp, GPhotos.scr, 00000011.00000000.1542724484.000000000062E000.00000002.00000001.01000000.0000000F.sdmp
Source:	Binary string: C:\Repository\listicka\ielisticka_new\bin-Release\pdb\szndesktop.pdb44 source: CPY.EXE, 00000061.00000002.2108099884.0000000000E09000.00000004.00000020.00020000.00000000.sdmp, szndesktop.exe, 00000087.00000000.2188348792.0000000000875000.00000002.00000001.01000000.0000002D.sdmp
Source:	Binary string: C:\Repository\listicka-new\ielisticka_new\bin-Release\pdb\lightspeed.pdb source: CPY.EXE, 0000005C.00000002.2102179386.0000000000B00000.00000004.00000020.00020000.00000000.sdmp, szndesktop.exe, 00000087.00000002.2198970614.000000006C384000.00000002.00000001.01000000.0000002A.sdmp
Source:	Binary string: p:\d\a\wpyh4-vm-6.hot\recipes\840394494\base\googleclient\picasa39-stable\build\plugins\ytITivo.pdb source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.0000000003F3F000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2504208079.0000000004079000.00000002.00000001.01000000.00000017.sdmp
Source:	Binary string: C:\Repository\listicka-new\ielisticka_new\bin-Release\pdb\lightspeed.pdbQQ source: CPY.EXE, 0000005C.00000002.2102179386.0000000000B00000.00000004.00000020.00020000.00000000.sdmp, szndesktop.exe, 00000087.00000002.2198970614.000000006C384000.00000002.00000001.01000000.0000002A.sdmp
Source:	Binary string: p:\d\a\wpyh4-vm-6.hot\recipes\840394494\base\googleclient\picasa39-stable\build\cdautorun\PicasaRestore.pdb source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.000000000459F000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Repository\listicka\ielisticka_new\bin-Release\pdb\libfoxloader.pdb source: UNZIP.EXE, 0000007D.00000002.2173171240.000000000042B000.00000040.00000001.01000000.00000026.sdmp, szndesktop.exe, 00000087.00000002.2200176289.000000006C489000.00000002.00000001.01000000.0000002F.sdmp
Source:	Binary string: Rg.pdbH source: listicka.exe, 00000016.00000002.2443085483.00000000029E3000.00000004.00000020.00020000.00000000.sdmp, sznsetup-lt.exe, 00000017.00000000.1730049584.0000000000571000.00000002.00000001.01000000.0000001F.sdmp, REG.EXE, 0000002A.00000000.1818569837.0000000001000000.00000002.00000001.01000000.00000021.sdmp, REG.EXE, 0000002A.00000000.1818621571.0000000001018000.00000080.00000001.01000000.00000021.sdmp, REG.EXE, 0000002A.00000002.1819878005.0000000001000000.00000002.00000001.01000000.00000021.sdmp, sznsetup.exe, 00000039.00000000.1851570101.0000000000F52000.00000002.00000001.01000000.00000023.sdmp
Source:	Binary string: C:\Users\petr.slivon\Documents\Visual Studio 2012\Projects\listicka-trunk\ielisticka_new\bin-Release\pdb\wszndesktop.pdb source: UNZIP.EXE, 00000066.00000002.2120076164.0000000000428000.00000040.00000001.01000000.00000026.sdmp, CPY.EXE, 0000006A.00000002.2122729835.0000000000629000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: msvcp110.i386.pdb0 source: szndesktop.exe, 00000087.00000002.2193190667.000000006C0E1000.00000020.00000001.01000000.0000002E.sdmp
Source:	Binary string: C:\Repository\listicka\ielisticka_new\bin-Release\pdb\listicka-x64.pdbhh source: UNZIP.EXE, 00000081.00000002.2178378406.0000000000428000.00000040.00000001.01000000.00000026.sdmp, CPY.EXE, 00000086.00000002.2185910879.000000000075A000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Repository\listicka\ielisticka_new\bin-Release\pdb\libfoxloader.pdb~{ source: UNZIP.EXE, 0000007D.00000002.2173171240.000000000042B000.00000040.00000001.01000000.00000026.sdmp, szndesktop.exe, 00000087.00000002.2200176289.000000006C489000.00000002.00000001.01000000.0000002F.sdmp
Source:	Binary string: C:\Users\ondrej.novak\Documents\Visual Studio 2008\Projects\software-trunk\SeznamInstall\bin\debug\szninstall.pdb source: szninstall.exe, 00000038.00000000.1847499306.0000000000571000.00000002.00000001.01000000.00000022.sdmp
Source:	Binary string: reg.pdb source: REG.EXE, REG.EXE, 0000002A.00000002.1819912483.0000000001001000.00000040.00000001.01000000.00000021.sdmp
Source:	Binary string: mi_exe_stub.pdb source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000029F6000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: PhotoViewer.pdb source: PicasaPhotoViewer.exe, 00000015.00000003.1748748621.0000000003DBE000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: d:\twbrown-picasa-1\googleclient\picasa4\NSIS_Unicode_v3\Plugins\x86-unicode\NSIS_Picasa_Unicode.pdb source: setuppicasa39-setup.exe, 00000010.00000002.1704699696.0000000004CA3000.00000002.00000001.01000000.0000000C.sdmp
Source:	Binary string: C:\Users\ondrej.novak\Documents\Visual Studio 2008\Projects\software-trunk\SeznamInstall\bin\debug\sznsetup-lt.pdbPP source: listicka.exe, 00000016.00000002.2443085483.00000000029E3000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: p:\d\a\wpyh4-vm-6.hot\recipes\840394494\base\googleclient\picasa39-stable\build\Picasa3i18n.pdb source: Picasa3.exe, 00000014.00000002.2599698862.0000000010008000.00000002.00000001.01000000.00000014.sdmp
Source:	Binary string: C:\Users\ondrej.novak\Documents\Visual Studio 2008\Projects\software-trunk\SeznamInstall\bin\debug\sznsetup.pdb` source: sznsetup.exe, 00000039.00000000.1850844929.0000000000F0C000.00000002.00000001.01000000.00000023.sdmp
Source:	Binary string: p:\d\a\wpyh4-vm-6.hot\recipes\840394494\base\googleclient\picasa39-stable\build\cdautorun\PicasaCD.pdblpW source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.0000000004419000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\ondrej.novak\Documents\Visual Studio 2008\Projects\software-trunk\SeznamInstall\bin\debug\szninstall.pdb0Z source: szninstall.exe, 00000038.00000000.1847499306.0000000000571000.00000002.00000001.01000000.00000022.sdmp

May infect USB drives

Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	Binary or memory string: autorun.inf
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	Binary or memory string: VATAPIytICDVDR::ATAPISCSIytICDVDR::SCSI1394ytICDVDR::1394USBytICDVDR::USBUSB 2.0ytICDVDR::USB2.0Unknown typeytICDVDR::UnknownTypeCD-ROMytICDVDR::CD-ROMCD-RytICDVDR::CD-RCD-RWytICDVDR::CD-RWDVD-ROMytICDVDR::DVD-ROMDVD-RytICDVDR::DVD-RDVD-RWytICDVDR::DVD-RWDVD+RytICDVDR::DVD+RDVD+RWytICDVDR::DVD+RWDVD-RAMytICDVDR::DVD-RAMDVD+R DLytICDVDR::DVD+PR9Not Recordable DiscytICDVDR::MTNotRecRecordable DiscytICDVDR::MTRecIncompatible Recordable DiscytICDVDR::MTNotRecIncomBlank Recordable DiscytICDVDR::MTBlankUnknownytICDVDR::MTUnknownBlank DiscytICDVDR::MF1Data Mode 1 DAO (like the MSVC++ or a typical DOS game)ytICDVDR::MF2vKodak Photo CD - Data multis. Mode 2 TAOytICDVDR::MF3Gold Data Mode 1 - Data multis. Mode 1, closedytICDVDR::MF4Gold Data Mode 2 - Data multis. Mode 2, closedytICDVDR::MF5Data Mode 2 DAO (silver mastered from Corel or Toast gold)ytICDVDR::MF6CDRFS - Fixed packet (from Sony packet writing solution)ytICDVDR::MF7Packet writingytICDVDR::MF8Gold Data Mode 1 - Data multis. Mode 1, openytICDVDR::MF9Gold Data Mode 2 - Data multis. Mode 2, openytICDVDR::MF10Audio DAO Silver, like almost any music disc, or Closed GoldytICDVDR::MF11Audio Gold disc not closed (TAO or SAO)ytICDVDR::MF12First type of Enhanced CD (aborted)ytICDVDR::MF13CD Extra, Blue Book standardytICDVDR::MF14Audio TAO tracks with session not closed, the (HP way)ytICDVDR::MF15First track Data and other audioytICDVDR::MF16Gold TAO (like the ones made with Easy-CD 16 or 32 versions)ytICDVDR::MF17Kodak Portfolio (as the Kodak standard)ytICDVDR::MF18Video CD (as the White Book standard)ytICDVDR::MF19CD-i (as the Green Book standard)ytICDVDR::MF20PlayStation (Sony games)ytICDVDR::MF21ytICDVDR::MF22Recordable DVD-R, closedytICDVDR::MF23Recordable DVD-R, openytICDVDR::MF24DVD-RAM cartridgeytICDVDR::MF25OtherytICDVDR::MFOthershell32.dlloption_imagesizelimitoption_jpegqualityoption_thumbsizeoption_useorigoption_backupoption_createhtmloption_estimateoption_inifileoption_manifestoption_manifestcaptionsoption_manifestfiletimesoption_convertnonjpegoption_preservemoviesoption_noautoruninfoption_isuploadautorun.infd:\cdtemp\temp.isoPicasa CDprimoICDVDRDVDBurnBurnTempCannot create disc due to error when attempting to add folder '%s'.BurnCollection::CantAddFolderCannot create disc due to error when attempting to add item '%s'.BurnCollection::CantAddItemVerifyingContinueil_BurnPanel::InsertNext::1Disc Burningil_BurnPanel::NextDialogTitlecdchooselastcddriveuseddrive%c:\ %s on %sil_CDevChooseDialogWinuploadallinstructionpanelpublish/uploadallactionsrectpublish/uploadalloptionsrectpublish/uploadallstoragerectpublish/replicate_button_grouppublish/backup_gopublish/replicate_gopublish/backup_ejectpublish/presentcd_ejectpublish/uploadallsizepublish/uploadallaccesspublish/uploadallsyncSHCreateQueryCancelAutoPlayMonikerpublish/needed_storagepublish/full_storagepublish/final_storagethis removalil_BurnPanel::removalthis changeil_BurnPanel::changethis uploadil_BurnPanel::uploadCalculating...il_BurnPanel::calculatin
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	Binary or memory string: [autorun]
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	Binary or memory string: \autorun.inf
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	Binary or memory string: option_copysrctotempdestnone[autorun]
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	Binary or memory string: \autorun.infCDPrep%s%s%s%s%s%s%s%d%s%s%s\%s\%s\%sThreadDestroyDirectory %sburndialogIUIManagerIFileDatabaseAlignedImageCollectionPreferences\Plugins\plugins/upload/

Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	Code function: 16_2_04C91B90 lstrcpyW,GlobalAlloc,FindFirstFileW,GetLastError,FindNextFileW,FindClose,	16_2_04C91B90
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	Code function: 16_2_04C91F30 lstrcpyW,FindFirstFileW,GetLastError,GetFileAttributesW,FindNextFileW,FindClose,	16_2_04C91F30
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_033BB710 MultiByteToWideChar,MultiByteToWideChar,MultiByteToWideChar,MultiByteToWideChar,_memset,FindFirstFileW,WideCharToMultiByte,WideCharToMultiByte,WideCharToMultiByte,	20_2_033BB710
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_033F0600 GetVersion,FindFirstFileExA,	20_2_033F0600
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_033F05C0 GetVersion,FindFirstFileA,	20_2_033F05C0
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_033BB850 MultiByteToWideChar,MultiByteToWideChar,MultiByteToWideChar,MultiByteToWideChar,_memset,FindFirstFileExW,WideCharToMultiByte,WideCharToMultiByte,WideCharToMultiByte,	20_2_033BB850
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_040386D0 MultiByteToWideChar,MultiByteToWideChar,MultiByteToWideChar,MultiByteToWideChar,_memset,FindFirstFileW,WideCharToMultiByte,WideCharToMultiByte,WideCharToMultiByte,	20_2_040386D0
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_04038810 MultiByteToWideChar,MultiByteToWideChar,MultiByteToWideChar,MultiByteToWideChar,_memset,FindFirstFileExW,WideCharToMultiByte,WideCharToMultiByte,WideCharToMultiByte,	20_2_04038810
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_04076930 GetVersion,FindFirstFileA,	20_2_04076930
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_04076970 GetVersion,FindFirstFileExA,	20_2_04076970
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_048336A0 MultiByteToWideChar,MultiByteToWideChar,MultiByteToWideChar,MultiByteToWideChar,_memset,FindFirstFileW,WideCharToMultiByte,WideCharToMultiByte,WideCharToMultiByte,	20_2_048336A0
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_048337E0 MultiByteToWideChar,MultiByteToWideChar,MultiByteToWideChar,MultiByteToWideChar,_memset,FindFirstFileExW,WideCharToMultiByte,WideCharToMultiByte,WideCharToMultiByte,	20_2_048337E0
Source: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\UNZIP.EXE	Code function: 38_2_0041C29C FindFirstFileA,GetDriveTypeA,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FindClose,GetLastError,FindClose,	38_2_0041C29C
Source: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\UNZIP.EXE	Code function: 38_2_004107A0 FindFirstFileA,	38_2_004107A0
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: 135_2_6C10D6BF ?_Open_dir@sys@tr2@std@@YAPAXPA_WPB_WAAHAAW4file_type@123@@Z,__EH_prolog3_GS,wcslen,FindFirstFileExW,std::tr2::sys::_Read_dir,FindClose,std::tr2::sys::_Strcpy,	135_2_6C10D6BF
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: 135_2_6C29AAA4 _wstat32i64,__doserrno,_errno,_invalid_parameter_noinfo,_wcspbrk,_errno,__doserrno,_errno,__doserrno,towlower,_getdrive,FindFirstFileExW,_wcspbrk,wcslen,GetDriveTypeW,free,___loctotime32_t,free,_wsopen_s,__fstat32i64,_close,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime32_t,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime32_t,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime32_t,FindClose,GetLastError,__dosmaperr,FindClose,GetLastError,__dosmaperr,FindClose,	135_2_6C29AAA4
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: 135_2_6C298B4F _findfirst64i32,_errno,_invalid_parameter_noinfo,FindFirstFileExA,GetLastError,_errno,_errno,_errno,___time64_t_from_ft,___time64_t_from_ft,___time64_t_from_ft,strcpy_s,_invoke_watson,_findnext64i32,_errno,_invalid_parameter_noinfo,FindNextFileA,GetLastError,_errno,_errno,_errno,___time64_t_from_ft,___time64_t_from_ft,___time64_t_from_ft,strcpy_s,_invoke_watson,_findfirst32i64,_errno,_invalid_parameter_noinfo,FindFirstFileExA,GetLastError,_errno,_errno,_errno,___time64_t_from_ft,___time64_t_from_ft,___time64_t_from_ft,strcpy_s,_invoke_watson,_findnext32i64,_errno,_invalid_parameter_noinfo,FindNextFileA,GetLastError,_errno,_errno,_errno,___time64_t_from_ft,___time64_t_from_ft,___time64_t_from_ft,strcpy_s,_invoke_watson,_seterrormode,SetErrorMode,	135_2_6C298B4F
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: 135_2_6C29A625 _wstat64,__doserrno,_errno,_invalid_parameter_noinfo,_wcspbrk,_errno,__doserrno,_errno,__doserrno,towlower,_getdrive,FindFirstFileExW,_wcspbrk,wcslen,GetDriveTypeW,free,free,_wsopen_s,__fstat64,_close,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FindClose,GetLastError,__dosmaperr,FindClose,GetLastError,__dosmaperr,FindClose,	135_2_6C29A625
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: 135_2_6C298653 _findfirst32,_errno,_invalid_parameter_noinfo,FindFirstFileExA,GetLastError,_errno,_errno,_errno,___time64_t_from_ft,___time64_t_from_ft,___time64_t_from_ft,strcpy_s,_invoke_watson,_findnext32,_errno,_invalid_parameter_noinfo,FindNextFileA,GetLastError,_errno,_errno,_errno,___time64_t_from_ft,___time64_t_from_ft,___time64_t_from_ft,strcpy_s,_invoke_watson,_findfirst64,_errno,_invalid_parameter_noinfo,FindFirstFileExA,GetLastError,_errno,_errno,_errno,___time64_t_from_ft,___time64_t_from_ft,___time64_t_from_ft,strcpy_s,_invoke_watson,_findnext64,_errno,_invalid_parameter_noinfo,FindNextFileA,GetLastError,_errno,_errno,_errno,___time64_t_from_ft,___time64_t_from_ft,___time64_t_from_ft,strcpy_s,_invoke_watson,	135_2_6C298653
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: 135_2_6C29A1C7 _wstat32,__doserrno,_errno,_invalid_parameter_noinfo,_wcspbrk,_errno,__doserrno,towlower,_getdrive,FindFirstFileExW,_wcspbrk,wcslen,GetDriveTypeW,free,___loctotime32_t,free,_wsopen_s,__fstat32,_close,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime32_t,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime32_t,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime32_t,FindClose,_errno,GetLastError,__dosmaperr,FindClose,GetLastError,__dosmaperr,FindClose,	135_2_6C29A1C7
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: 135_2_6C297921 _malloc_crt,FindClose,FindFirstFileExA,FindNextFileA,FindClose,	135_2_6C297921
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: 135_2_6C297B8B _malloc_crt,FindClose,FindFirstFileExW,FindNextFileW,FindClose,	135_2_6C297B8B
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: 135_2_6C2377AA _wstat64i32,_wcspbrk,towlower,FindFirstFileExW,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FindClose,_errno,__doserrno,_getdrive,GetLastError,GetLastError,_wcspbrk,wcslen,__doserrno,_errno,_invalid_parameter_noinfo,GetDriveTypeW,free,free,_wsopen_s,__fstat64i32,_close,_errno,__dosmaperr,FindClose,__dosmaperr,FindClose,	135_2_6C2377AA
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: 135_2_6C299002 _wfindfirst32,_errno,_invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_errno,_errno,_errno,___time64_t_from_ft,___time64_t_from_ft,___time64_t_from_ft,wcscpy_s,_invoke_watson,_wfindnext32,_errno,_invalid_parameter_noinfo,FindNextFileW,GetLastError,_errno,_errno,_errno,___time64_t_from_ft,___time64_t_from_ft,___time64_t_from_ft,wcscpy_s,_invoke_watson,_wfindfirst64,_errno,_invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_errno,_errno,_errno,___time64_t_from_ft,___time64_t_from_ft,___time64_t_from_ft,wcscpy_s,_invoke_watson,_wfindnext64,_errno,_invalid_parameter_noinfo,FindNextFileW,GetLastError,_errno,_errno,_errno,___time64_t_from_ft,___time64_t_from_ft,___time64_t_from_ft,wcscpy_s,_invoke_watson,_wfindfirst64i32,_errno,_invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_errno,_errno,_errno,___time64_t_from_ft,___time64_t_from_ft,___time64_t_from_ft,wcscpy_s,_invoke_watson,_wfindnext64i32,_errno,_invalid_parameter_noinfo,FindNextFileW,GetLastError,_errno,_errno,_errno,___time64_t_from_ft,___time64_t_from_ft,___time64_t_from_ft,wcscpy_s,_invoke_watson,_wfindfirst32i64,_errno,_invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_errno,_errno,_errno,___time64_t_from_ft,___time64_t_from_ft,___time64_t_from_ft,wcscpy_s,_invoke_watson,_wfindnext32i64,_errno,_invalid_parameter_noinfo,FindNextFileW,GetLastError,_errno,_errno,_errno,___time64_t_from_ft,___time64_t_from_ft,___time64_t_from_ft,wcscpy_s,_invoke_watson,_access,_access_s,	135_2_6C299002
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: 135_2_6C35DBA0 FindFirstFileW,#210,FindNextFileW,FindClose,	135_2_6C35DBA0
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: 135_2_6C35EB00 #210,DeleteFileW,GetLastError,_CxxThrowException,#210,MoveFileExW,GetLastError,_CxxThrowException,#210,MoveFileExW,GetLastError,_CxxThrowException,#210,FindFirstFileW,FindClose,CopyFileW,GetLastError,_CxxThrowException,	135_2_6C35EB00

Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	File opened: C:\Users\user	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	File opened: C:\Users\user\Desktop\desktop.ini	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	File opened: C:\Users\user\Documents\desktop.ini	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	File opened: C:\Users\user\AppData\Local\Temp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	File opened: C:\Users\user\AppData	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	File opened: C:\Users\user\AppData\Local	Jump to behavior

Potential browser exploit detected (process start blacklist hit)

Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe

Process created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe

Networking

Queries Google from non browser process on port 80

Source: C:\Windows\SysWOW64\GPhotos.scr

HTTP traffic: GET /gphotos?action=install&hl=en&gl=ch&brand=GGLA&scrid=AD0E3D47-9B39-483F-83C6-9B8C783457F6&v=(null) HTTP/1.1 Accept: */* Accept-Encoding: gzip User-Agent: Google Photos Screensaver 2.0 (gzip) Host: pack.google.com Connection: Keep-Alive

HTTP GET or POST without a user agent

Source: global traffic	HTTP traffic detected: GET /update/packages.inf HTTP/1.1Host: download.seznam.czConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /update/cz.seznam.software.sznsetup-1.2.7-win32.zip HTTP/1.1Host: download.seznam.czConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /update/cz.seznam.software.szninstall-1.1.15-win32.zip HTTP/1.1Host: download.seznam.czConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /update/packages.inf HTTP/1.1Host: download.seznam.czConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /update/cz.seznam.software.lightspeed-1210-12.10.18-win32.zip HTTP/1.1Host: download.seznam.czConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /update/cz.seznam.software.libszndesktop-2.1.35-win32.zip HTTP/1.1Host: download.seznam.czConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /update/cz.seznam.software.szndesktop-2.0.32-win32.zip HTTP/1.1Host: download.seznam.czConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /update/cz.seznam.software.libfoxcub-3.3.8-win32.zip HTTP/1.1Host: download.seznam.czConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /update/cz.seznam.software.libfoxcub64-3.3.8-win32.zip HTTP/1.1Host: download.seznam.czConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /update/cz.seznam.software.ielisticka3-3.3.5-win32.zip HTTP/1.1Host: download.seznam.czConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /update/szn-software-fflisticka-4.0.8-win32.zip HTTP/1.1Host: download.seznam.czConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /hit/?a=event&d=%7B%22application%22%3A%22szndesktop%22%2C%22signedhash%22%3A%220%22%2C%22action%22%3A%22install_ie%22%2C%22status%22%3A0%2C%22osbuild%22%3A19045%2C%22osarch%22%3A9%2C%22iever%22%3A%2211.00.19041.1%20%28WinBuild.160101.0800%29%22%7D&s=partprog&v=2.1.35&r=1218851696&u=http://www.seznam.cz&h=B0B7C794-8699-4634-B6F9-24DA47BBD8EF&lsid=1727870994840&lses=0 HTTP/1.1Host: h.imedia.cz
Source: global traffic	HTTP traffic detected: GET /hit/?a=event&d=%7B%22action%22%3A%22startup%22%2C%22application%22%3A%22szndesktop%22%2C%22signedhash%22%3A%220%22%2C%22chrv%22%3A16%2C%22che%22%3A16%2C%22chs%22%3A16%2C%22ches%22%3A16%2C%22ie%22%3A1%2C%22osbuild%22%3A19045%2C%22osarch%22%3A9%2C%22chver%22%3A%22117.0.5938.132%22%2C%22ffver%22%3A%22118.0.1%22%2C%22iever%22%3A%2211.00.19041.1%20%28WinBuild.160101.0800%29%22%7D&s=partprog&v=2.1.35&r=-442691421&u=http://www.seznam.cz&h=B0B7C794-8699-4634-B6F9-24DA47BBD8EF&lsid=1727870998589&lses=1727870994840 HTTP/1.1Host: h.imedia.cz
Source: global traffic	HTTP traffic detected: GET /hit/?a=event&d=%7B%22application%22%3A%22szndesktop%22%2C%22signedhash%22%3A%220%22%2C%22action%22%3A%22install_ff%22%2C%22status%22%3A0%2C%22osbuild%22%3A19045%2C%22osarch%22%3A9%2C%22ffver%22%3A%22118.0.1%22%7D&s=partprog&v=2.1.35&r=-845759909&u=http://www.seznam.cz&h=B0B7C794-8699-4634-B6F9-24DA47BBD8EF&lsid=1727871000747&lses=1727870998589 HTTP/1.1Host: h.imedia.cz
Source: global traffic	HTTP traffic detected: GET /hit/?a=event&d=%7B%22application%22%3A%22szndesktop%22%2C%22signedhash%22%3A%220%22%2C%22action%22%3A%22install_ff%22%2C%22status%22%3A0%2C%22osbuild%22%3A19045%2C%22osarch%22%3A9%2C%22ffver%22%3A%22118.0.1%22%7D&s=partprog&v=2.1.35&r=-1701293468&u=http://www.seznam.cz&h=B0B7C794-8699-4634-B6F9-24DA47BBD8EF&lsid=1727871002951&lses=1727871000747 HTTP/1.1Host: h.imedia.cz
Source: global traffic	HTTP traffic detected: GET /hit/?a=event&d=%7B%22action%22%3A%22startup%22%2C%22application%22%3A%22szndesktop%22%2C%22signedhash%22%3A%220%22%2C%22chrv%22%3A48%2C%22che%22%3A48%2C%22chs%22%3A16%2C%22ches%22%3A16%2C%22ie%22%3A1%2C%22osbuild%22%3A19045%2C%22osarch%22%3A9%2C%22chver%22%3A%22117.0.5938.132%22%2C%22ffver%22%3A%22118.0.1%22%2C%22iever%22%3A%2211.00.19041.1%20%28WinBuild.160101.0800%29%22%7D&s=partprog&v=2.1.35&r=-1794028113&u=http://www.seznam.cz&h=B0B7C794-8699-4634-B6F9-24DA47BBD8EF&lsid=1727871011238&lses=1727871002951 HTTP/1.1Host: h.imedia.cz
Source: global traffic	HTTP traffic detected: GET /hit/?a=event&d=%7B%22action%22%3A%22startup%22%2C%22application%22%3A%22szndesktop%22%2C%22signedhash%22%3A%220%22%2C%22chrv%22%3A56%2C%22che%22%3A48%2C%22chs%22%3A16%2C%22ches%22%3A16%2C%22ie%22%3A1%2C%22osbuild%22%3A19045%2C%22osarch%22%3A9%2C%22chver%22%3A%22117.0.5938.132%22%2C%22ffver%22%3A%22118.0.1%22%2C%22iever%22%3A%2211.00.19041.1%20%28WinBuild.160101.0800%29%22%7D&s=partprog&v=2.1.35&r=256494956&u=http://www.seznam.cz&h=B0B7C794-8699-4634-B6F9-24DA47BBD8EF&lsid=1727871017325&lses=1727871011238 HTTP/1.1Host: h.imedia.cz
Source: global traffic	HTTP traffic detected: GET /update/packages.inf HTTP/1.1Host: download.seznam.cz
Source: global traffic	HTTP traffic detected: GET /update/cz.seznam.software.sznsetup-1.2.7-win32.zip HTTP/1.1Host: download.seznam.cz
Source: global traffic	HTTP traffic detected: GET /update/cz.seznam.software.szninstall-1.1.15-win32.zip HTTP/1.1Host: download.seznam.cz
Source: global traffic	HTTP traffic detected: GET /update/packages.inf HTTP/1.1Host: download.seznam.cz
Source: global traffic	HTTP traffic detected: GET /update/cz.seznam.software.lightspeed-1210-12.10.18-win32.zip HTTP/1.1Host: download.seznam.cz
Source: global traffic	HTTP traffic detected: GET /update/cz.seznam.software.libszndesktop-2.1.35-win32.zip HTTP/1.1Host: download.seznam.cz
Source: global traffic	HTTP traffic detected: GET /update/cz.seznam.software.szndesktop-2.0.32-win32.zip HTTP/1.1Host: download.seznam.cz
Source: global traffic	HTTP traffic detected: GET /update/cz.seznam.software.libfoxcub-3.3.8-win32.zip HTTP/1.1Host: download.seznam.cz
Source: global traffic	HTTP traffic detected: GET /update/cz.seznam.software.libfoxcub64-3.3.8-win32.zip HTTP/1.1Host: download.seznam.cz
Source: global traffic	HTTP traffic detected: GET /update/cz.seznam.software.ielisticka3-3.3.5-win32.zip HTTP/1.1Host: download.seznam.cz
Source: global traffic	HTTP traffic detected: GET /update/szn-software-fflisticka-4.0.8-win32.zip HTTP/1.1Host: download.seznam.cz

Suricata IDS alerts with low severity for network traffic

Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.16:49707 -> 77.75.76.70:80
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.16:49765 -> 77.75.76.70:80
Source: Network traffic	Suricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.16:49775 -> 172.217.23.110:443
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.16:49969 -> 77.75.78.30:443
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.16:49972 -> 77.75.78.30:443
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.16:49966 -> 77.75.78.30:443
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.16:49960 -> 77.75.78.30:443
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.16:49981 -> 77.75.78.30:443
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.16:49996 -> 77.75.78.30:443

Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 23.200.0.9
Source: unknown	TCP traffic detected without corresponding DNS query: 23.200.0.9
Source: unknown	TCP traffic detected without corresponding DNS query: 23.200.0.9
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.40

Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe

Code function: 20_2_04829380 QueryPerformanceCounter,HttpEndRequestA,InternetSetStatusCallback,GetLastError,InternetReadFile,InternetReadFile,

20_2_04829380

Source: global traffic

HTTP traffic detected: HTTP/1.1 200 OKCross-Origin-Resource-Policy: cross-originContent-Encoding: gzipETag: W/"c0cf1b4023295e310be6a0c4867471a65178b3c614f7cf80069684d27704e64f"Date: Wed, 02 Oct 2024 10:16:27 GMTContent-Type: application/atom+xml; charset=UTF-8Server: blogger-renderdCache-Control: public, must-revalidate, proxy-revalidate, max-age=1Vary: Accept-EncodingExpires: Wed, 02 Oct 2024 10:16:28 GMTX-Content-Type-Options: nosniffX-XSS-Protection: 0Last-Modified: Wed, 28 Aug 2024 14:47:25 GMTContent-Length: 9776X-Frame-Options: SAMEORIGINData Raw: 1f 8b 08 00 00 00 00 00 00 03 ed 7d d9 72 db c8 d2 e6 7d 3f 05 da 27 e2 d8 1d 16 48 2c 04 37 cb 3e 23 c9 4b ab 6d d9 b2 2d b7 ed be e9 00 81 22 09 13 04 60 2c a2 e8 ab 7e 88 b9 99 88 7f 22 fe 98 47 f9 1f a5 9f 64 32 b3 0a 1b 09 6e 12 25 ca 6e 75 d8 6d 89 04 0a 59 59 55 99 5f ae d8 ff cf c5 d8 95 ce 59 18 39 be f7 f8 be 5a 53 ee 4b cc b3 7c db f1 06 8f ef 7f 38 7b 2e b7 ef ff e7 c9 3e 5e 25 47 f1 d4 65 d1 90 b1 58 1a 86 ac ff f8 de 30 8e 83 6e bd 3e 99 4c 6a 3d d7 1f 0c 58 58 b3 fc 71 9d 5f 57 37 63 7f 5c b3 a2 e8 9e 14 4f 03 f6 f8 5e cc 2e e2 3a fe 0e e3 f5 19 b3 25 18 d3 8b 1e df 2f 8c 32 d1 6b 7e 38 a8 6b 8a 62 d4 0f e0 f6 fb fc 9a ae 1f 30 ef 3d 33 43 6b 98 5d 6e 76 e8 59 72 3d 0a 98 55 c7 0b 22 ba 20 8c a2 3a cc a2 9e de 2a 08 cb ee 8b ac 21 1b 9b 51 6d e0 fb 03 97 d1 18 e2 12 7c 6c 3b bd 6d c0 7c 18 a9 44 1c ff 88 08 e4 3f 66 d7 da 19 2b 2a 46 e7 d3 b9 27 ae 8d 87 39 29 41 12 ba 34 5c 34 f5 6c c7 32 63 58 82 3a 5c c0 4c 1b a7 70 ff c9 be 63 3f 89 cd 41 b7 c0 dc 3d b5 d3 e9 d0 07 b2 da 30 9a 46 b3 d3 34 8c 56 bb a9 36 db ba d2 dc af c3 1d fb 49 60 9b 31 b3 9f 68 8a d6 90 95 b6 ac b5 cf 94 56 b7 d1 ea 6a 46 ad d3 69 cb f0 8b a2 ec d7 d3 cb f6 e1 c9 6c e0 87 53 29 66 e1 f8 f1 3d 33 89 7d fe dd bd fa 93 fd d8 89 5d c6 57 f0 3e ae e0 fd 27 67 43 26 9d 02 b9 91 29 e9 d2 3b 20 f6 84 ed d7 e9 b2 27 fb 51 d2 2b de 30 8c c7 2e 4c a3 9e 7e fc 64 df 75 bc 91 14 32 77 d9 7a 70 8e fd 0b f7 c8 7d 31 90 19 04 6e ca 21 dc 57 0f 81 9b f7 f9 2e cc b8 49 24 c9 c8 bd 31 a3 fd 18 05 7e 4c 03 e2 48 51 3d f0 a3 38 aa db ac 6f 26 6e 7c bf 5e a4 25 62 6e 7f 83 47 cd 6e 78 3e 7e c5 7a 2c 7b a6 e9 02 bb 3d e0 f2 fd 02 77 eb c4 b1 b5 27 56 1e 71 98 f4 66 6f 4d 7a c0 7a f8 bc 97 f4 6a 30 b1 d2 8d b0 ce 43 3f 7c b2 ef 99 63 f6 44 2c e8 19 33 c7 fb 75 fa 64 3f 09 9d 27 0b 26 1c 84 7e df 71 59 1d 0e 8c a6 ab ed 96 a1 aa 5a db 68 18 4a 53 d3 61 63 c1 8d fb b0 a8 8e fb c4 f3 43 16 b8 d3 ff 55 b8 79 bf ce bf da 1f d8 5d 67 6c 0e d8 9a db 21 1e 26 e3 9e 07 77 de 97 26 8e 1d 83 24 50 9b 30 5d e6 0c 86 31 ff 39 0a 2d 3e 4e 04 03 Data Ascii: }r}?'H,7>#Km-"`,~"Gd2n%numYYU_Y9ZSK|8{.>^%GeX0n>Lj=XXq_W7c\O^.:%/2k~8kb0=3Ck]nvYr=U" :*!Qm|l;m|D?f+*F'9)A4\4l2cX:\Lpc?A=0F4V6I`1hVjFi

Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C

Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /update/packages.inf HTTP/1.1Host: download.seznam.czConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /update/cz.seznam.software.sznsetup-1.2.7-win32.zip HTTP/1.1Host: download.seznam.czConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /update/cz.seznam.software.szninstall-1.1.15-win32.zip HTTP/1.1Host: download.seznam.czConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /picasa/answer/93773?hl=en HTTP/1.1Accept: text/html, application/xhtml+xml, image/jxr, /Accept-Language: en-CHUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateConnection: Keep-AliveHost: support.google.com
Source: global traffic	HTTP traffic detected: GET /picasa/answer/157000?hl=en&visit_id=638634609885905976-1351747924&rd=1 HTTP/1.1Accept: text/html, application/xhtml+xml, image/jxr, /Accept-Language: en-CHUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateConnection: Keep-AliveHost: support.google.com
Source: global traffic	HTTP traffic detected: GET /picasa/answer/156347?hl=en&visit_id=638634609885905976-1351747924&rd=2 HTTP/1.1Accept: text/html, application/xhtml+xml, image/jxr, /Accept-Language: en-CHUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateConnection: Keep-AliveHost: support.google.com
Source: global traffic	HTTP traffic detected: GET /picasa/answer/6383491?hl=en&visit_id=638634609885905976-1351747924&rd=3 HTTP/1.1Accept: text/html, application/xhtml+xml, image/jxr, /Accept-Language: en-CHUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateConnection: Keep-AliveHost: support.google.com
Source: global traffic	HTTP traffic detected: GET /crx/blobs/AY4GWKDHKllS27BO_e8bCnbax_jg8ytdTG4Uzua5Kte91Msonmjt9Ssh1u4j53F3UYy-997sHknkzKEy9994XId3zBBDiju_YSunzv5QYwyL8XEx9VuF26n3JIgkmCYaLzIAxlKa5UdUDZoPCHdwU63c7rFT0JUxfsWG/GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_82_1_0.crx HTTP/1.1Host: clients2.googleusercontent.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /euPTmjj_6KOIZQJEA6eBnNPDVsQh79w_GUOZOjxdi8mCA2a5YlFg95RYLD3X8aJkxB0u=w36-h36 HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/;q=0.8, /*;q=0.5Referer: https://support.google.com/picasa/answer/6383491?hl=en&visit_id=638634609885905976-1351747924&rd=3Accept-Language: en-CHUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: lh3.googleusercontent.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /_/scs/abc-static/_/js/k=gapi.gapi.en.SpvAvsXfWWo.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/am=AACA/rs=AHpOoo-MoqWi0fF1M09Ccs-6QfulXvxfdg/cb=gapi.loaded_0 HTTP/1.1Accept: application/javascript, /;q=0.8Referer: https://support.google.com/picasa/answer/6383491?hl=en&visit_id=638634609885905976-1351747924&rd=3Accept-Language: en-CHUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: apis.google.comConnection: Keep-AliveCookie: NID=517=m-X95JoeCPCfoIHtcSxsmDi2wuwakqGlxl54bZGUpbMC8a-isGAbpG2Na1kJthkxyJutWyJR96BInrx1gm8GqFOkcoEY6cxDpArB931-8AEywgrSdlj_NkfkwtkvrNVCdHigO3n64T5OJjG2D0NbQ4RfOIRTD2zql-Sl_sWD3ScVAutPLTLnrvnwfcdARGW7_nOeLc_Xx6R7hL6-4RWij2UVns3pTxlpxWQcdbV_SDnZauyMgzVrmQ
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Accept: /UA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: support.google.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /picasa/answer/favicon.ico HTTP/1.1User-Agent: AutoItHost: support.google.com
Source: global traffic	HTTP traffic detected: GET /update/packages.inf HTTP/1.1Host: download.seznam.czConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/domains_config_gz/2.8.76/asset?assetgroup=EntityExtractionDomainsConfig HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveEdge-Asset-Group: EntityExtractionDomainsConfigSec-Mesh-Client-Edge-Version: 117.0.2045.47Sec-Mesh-Client-Edge-Channel: stableSec-Mesh-Client-OS: WindowsSec-Mesh-Client-OS-Version: 10.0.19045Sec-Mesh-Client-Arch: x86_64Sec-Mesh-Client-WebView: 0Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /assets/edge_hub_apps_manifest_gz/4.7.107/asset?assetgroup=Shoreline HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveEdge-Asset-Group: ShorelineSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /edge/welcome?form=M10004&mb03=true HTTP/1.1Host: www.microsoft.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"sec-ch-ua-platform-version: "10.0.0"Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /fwlink/?linkid=2195291 HTTP/1.1Host: go.microsoft.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"sec-ch-ua-platform-version: "10.0.0"Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /update/cz.seznam.software.lightspeed-1210-12.10.18-win32.zip HTTP/1.1Host: download.seznam.czConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /edge/welcome?form=M10004&mb03=true HTTP/1.1Host: www.microsoft.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version: "117.0.2045.47"sec-ch-ua-arch: "x86"sec-ch-ua-bitness: "64"sec-ch-prefers-color-scheme: lightAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /en-gb/edge/welcome?form=M10004&mb03=true HTTP/1.1Host: www.microsoft.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-full-version: "117.0.2045.47"sec-ch-ua-arch: "x86"sec-ch-ua-platform: "Windows"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-bitness: "64"sec-ch-prefers-color-scheme: lightAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /update/cz.seznam.software.libszndesktop-2.1.35-win32.zip HTTP/1.1Host: download.seznam.czConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /shared/edgeweb/css/2e4b955.css HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/edgeweb/css/105d560.css HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/edgeweb/css/16d7f8e.css HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/edgeweb/css/ec09bb6.css HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/edgeweb/css/659e497.css HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/edgeweb/css/287b8b9.css HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/edgeweb/css/859decd.css HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/edgeweb/5b15c2a.js HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/edgeweb/24b82ee.js HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/edgeweb/1c2ab9a.js HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/edgeweb/f99a53a.js HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /update/cz.seznam.software.szndesktop-2.0.32-win32.zip HTTP/1.1Host: download.seznam.czConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /shared/edgeweb/6e93679.js HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/edgeweb/76250cb.js HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/edgeweb/9f3b99e.js HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/edgeweb/dd71a23.js HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/edgeweb/03948fb.js HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /update/cz.seznam.software.libfoxcub-3.3.8-win32.zip HTTP/1.1Host: download.seznam.czConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /shared/cms/lrs1c69a1j/logos/5a74283229e24d0ca59fb94ed941c3a0.png HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/edgeweb/fonts/segoeui-vf-display.5c8aa5a.woff2 HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.microsoft.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://edgestatic.azureedge.net/shared/edgeweb/css/105d560.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/edgeweb/fonts/segoeui-vf-display-semibold.b7bb141.woff2 HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.microsoft.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://edgestatic.azureedge.net/shared/edgeweb/css/105d560.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/edgeweb/img/arrow-left.0af059d.svg HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Origin: https://www.microsoft.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/edgeweb/img/arrow-right.96b564d.svg HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Origin: https://www.microsoft.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /mscc/lib/v2/wcp-consent.js HTTP/1.1Host: wcpstatic.microsoft.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/cms/lrs1c69a1j/section-images/f1415474cbbc413bbbf3c9fc3fd1b3d0.png HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/cms/lrs1c69a1j/section-images/1c237bd147234b5b8b5ea2624c7de744.png HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/edgeweb/img/fluent-qr.44414bd.svg HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Origin: https://www.microsoft.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/edgeweb/img/fluent-link.baf5bd6.svg HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Origin: https://www.microsoft.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/cms/lrs1c69a1j/section-images/2b2884022b26457e9368c34b176c570c.png HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/edgeweb/img/fluent-dropdown.8618950.svg HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Origin: https://www.microsoft.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/cms/lrs1c69a1j/section-images/a06eb816e83b48758a42ca5dbddb2e67.png HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /bloomfilterfiles/ExpandedDomainsFilterGlobal.json HTTP/1.1Host: www.bing.comConnection: keep-aliveCookie: ANON=; MUID=;_RwBf=;Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/edgeweb/img/win11-explore.553240e.svg HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/edgeweb/img/win11-start.415d423.svg HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/edgeweb/img/fluent-check-bold.0ced02b.svg HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Origin: https://www.microsoft.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /apppack/edgefre HTTP/1.1Host: apps.microsoft.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/edgeweb/img/win11-edge.c5cce66.png HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/cms/lrs1c69a1j/section-images/94713cf7bc7c406d83691315feaf82dd.jpg HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/edgeweb/img/pinning-browser.b02edf1.svg HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/edgeweb/img/pinning-arrow.e9317cd.svg HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/cms/lrs1c69a1j/section-images/89ff15806b9e4b09b2fb21673a1c7094.webp HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /update/cz.seznam.software.libfoxcub64-3.3.8-win32.zip HTTP/1.1Host: download.seznam.czConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /apppack/edgefre?hl=en-us&gl=US HTTP/1.1Host: apps.microsoft.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Referer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR
Source: global traffic	HTTP traffic detected: GET /shared/edgeweb/img/max.5b1398e.png HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/edgeweb/img/pinterest.b958ffd.png HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/edgeweb/img/amazon.a8a5fd1.png HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/edgeweb/img/instagram.4cd031e.png HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/edgeweb/img/facebook.bb606e7.png HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /npm/@shoelace-style/shoelace@2.12.0/cdn/themes/light.css HTTP/1.1Host: cdn.jsdelivr.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://apps.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/edgeweb/img/outlook.dcd709d.png HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /assets/js/index-3c527300.css HTTP/1.1Host: apps.microsoft.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://apps.microsoft.com/apppack/edgefre?hl=en-us&gl=USAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR
Source: global traffic	HTTP traffic detected: GET /assets/js/index-36d30887.js HTTP/1.1Host: apps.microsoft.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://apps.microsoft.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://apps.microsoft.com/apppack/edgefre?hl=en-us&gl=USAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR
Source: global traffic	HTTP traffic detected: GET /shared/edgeweb/img/office.b772a89.png HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/cms/lrs1c69a1j/section-images/935d5e3b261649808ca8fbeb888a5d63.png HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/cms/lrs1c69a1j/section-images/38c8c879d3854390897db9c4b7f3a682.jpg HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/cms/lrs1c69a1j/section-images/2068e415cbe2442b82f2fba24ee0c202.png HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/cms/lrs1c69a1j/section-images/166ba0e92d8b4ad0b18bdf3455bfce5c.jpg HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /filestreamingservice/files/bdc392b9-6b81-4aaa-b3ee-2fffd9562edb?P1=1728468990&P2=404&P3=2&P4=fYCr80phaT2bw%2b97uzl%2bZm4Y9sWhLMBhIRsYhHez6bNE%2fFFZZ4zgZrSJ7EBeaEm2%2fZHS5qyeUFkGOOxDRvW5Gw%3d%3d HTTP/1.1Host: msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.comConnection: keep-aliveMS-CV: xxx6Kkdk1ksoy08AVfOlJeSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /clarity.js HTTP/1.1Host: apps.microsoft.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://apps.microsoft.com/apppack/edgefre?hl=en-us&gl=USAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR
Source: global traffic	HTTP traffic detected: GET /shared/cms/lrs1c69a1j/section-images/cea0e14e0ec44c1a9e8b92a6715ef1c1.png HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /update/cz.seznam.software.ielisticka3-3.3.5-win32.zip HTTP/1.1Host: download.seznam.czConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/js/index-70a46923.js HTTP/1.1Host: apps.microsoft.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://apps.microsoft.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://apps.microsoft.com/assets/js/index-36d30887.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR
Source: global traffic	HTTP traffic detected: GET /louserzed-strings/en-gb/strings.json?v=bd1e6f1fd0 HTTP/1.1Host: apps.microsoft.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/apppack/edgefre?hl=en-us&gl=USAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR
Source: global traffic	HTTP traffic detected: GET /api/settings/flags?gl=US&hl=en-us&sessionId= HTTP/1.1Host: apps.microsoft.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47X-API-Ref: db2c8457ef6ae807db500c0199cc06898be1b23d3cd9b3206a65b7c81f4185f0sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/apppack/edgefre?hl=en-us&gl=USAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR
Source: global traffic	HTTP traffic detected: GET /api/Products/ZeroStateSearch?gl=US&hl=en-us HTTP/1.1Host: apps.microsoft.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47X-API-Ref: ebe1c0636328a720580a52e74af985ddefbb0609f391016b633be0072e31e7fcsec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/apppack/edgefre?hl=en-us&gl=USAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR
Source: global traffic	HTTP traffic detected: GET /shared/cms/lrs1c69a1j/section-images/92176a17dafb4a90a9de118656f92fb2.jpg HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/cms/lrs1c69a1j/section-images/bbd7bff84da242f286f1e64f4f51d171.jpg HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/cms/lrs1c69a1j/section-images/d369d673d1e74d5eb64a9da00f0a2c2b.jpg HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/cms/lrs1c69a1j/section-images/fbee95612d3b45979dd58820b1e0df59.jpg HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/cms/lrs1c69a1j/section-images/e37077f885ed4fa6961e58e8b4c8b10d.jpg HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/cms/lrs1c69a1j/section-images/173b124fd99446babb8439cf477b38fd.jpg HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /dmp/up/pixie.js HTTP/1.1Host: acdn.adnxs.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /scripts/c/ms.jsll-3.min.js HTTP/1.1Host: js.monitor.azure.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/cms/lrs1c69a1j/section-images/ea9d7038df454660bfdb39a6de1c22d8.jpg HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/cms/lrs1c69a1j/section-images/7a62d65e6d6b48d5b5278067c3a78dba.png HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /en_US/fbevents.js HTTP/1.1Host: connect.facebook.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /assets/js/applicationinsights-web-9ad09b9c.js HTTP/1.1Host: apps.microsoft.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://apps.microsoft.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; exp-session-id=b6d0ece2-29a7-4143-931c-d621648d7cb8
Source: global traffic	HTTP traffic detected: GET /assets/js/InstrumentHooks-cd565348.js HTTP/1.1Host: apps.microsoft.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://apps.microsoft.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; exp-session-id=b6d0ece2-29a7-4143-931c-d621648d7cb8
Source: global traffic	HTTP traffic detected: GET /assets/js/applicationinsights-core-js-9783d46c.js HTTP/1.1Host: apps.microsoft.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://apps.microsoft.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; exp-session-id=b6d0ece2-29a7-4143-931c-d621648d7cb8
Source: global traffic	HTTP traffic detected: GET /shared/cms/lrs1c69a1j/section-videos/3dd826a043744d6cbfe55165a35a8ec8.mp4 HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Accept-Encoding: identity;q=1, ;q=0sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: videoReferer: https://www.microsoft.com/Accept-Language: en-GB,en;q=0.9,en-US;q=0.8Range: bytes=0-
Source: global traffic	HTTP traffic detected: GET /assets/js/Index-cbed7ffc.js HTTP/1.1Host: apps.microsoft.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://apps.microsoft.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://apps.microsoft.com/assets/js/index-36d30887.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; exp-session-id=b6d0ece2-29a7-4143-931c-d621648d7cb8
Source: global traffic	HTTP traffic detected: GET /update/szn-software-fflisticka-4.0.8-win32.zip HTTP/1.1Host: download.seznam.czConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /tag/inyago70pn HTTP/1.1Host: www.clarity.msConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://apps.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /tag/edvmnysmkk HTTP/1.1Host: www.clarity.msConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /assets/js/edgefre-0b65e548.js HTTP/1.1Host: apps.microsoft.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://apps.microsoft.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; exp-session-id=b6d0ece2-29a7-4143-931c-d621648d7cb8
Source: global traffic	HTTP traffic detected: GET /li.lms-analytics/insight.min.js HTTP/1.1Host: snap.licdn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /pixie/up?pi=e8619ae9-c189-46ef-bfc8-f39e0ac838fd HTTP/1.1Host: ib.adnxs.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Origin: https://www.microsoft.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /bat.js HTTP/1.1Host: bat.bing.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /X-Edge-Shopping-Flag: 1Sec-MS-GEC: FF699648EBF162654E01182ED0BD24EDB1A2721B7E78C7D8756497D88A893629Sec-MS-GEC-Version: 1-117.0.2045.47Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/edgeweb/fonts/segoeui-vf-display-bold.3b9304c.woff2 HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.microsoft.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://edgestatic.azureedge.net/shared/edgeweb/css/105d560.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /assets/js/product-collection-86c4abf3.js HTTP/1.1Host: apps.microsoft.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://apps.microsoft.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; exp-session-id=b6d0ece2-29a7-4143-931c-d621648d7cb8
Source: global traffic	HTTP traffic detected: GET /assets/js/nav-bar-ed71552c.js HTTP/1.1Host: apps.microsoft.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://apps.microsoft.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; exp-session-id=b6d0ece2-29a7-4143-931c-d621648d7cb8
Source: global traffic	HTTP traffic detected: GET /s/0.7.47/clarity.js HTTP/1.1Host: www.clarity.msConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: CLID=c6083d87285244068a54b7c1410cd9fd.20241002.20251002
Source: global traffic	HTTP traffic detected: GET /s/0.7.47/clarity-extended.js HTTP/1.1Host: www.clarity.msConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://apps.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: CLID=c6083d87285244068a54b7c1410cd9fd.20241002.20251002
Source: global traffic	HTTP traffic detected: GET /shared/cms/lrs1c69a1j/section-videos/3dd826a043744d6cbfe55165a35a8ec8.mp4 HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Accept-Encoding: identity;q=1, ;q=0sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: videoReferer: https://www.microsoft.com/Accept-Language: en-GB,en;q=0.9,en-US;q=0.8Range: bytes=2785280-2823167If-Range: W/"2b1400-18c5bb7f0e4"
Source: global traffic	HTTP traffic detected: GET /assets/js/auto-complete-app-search-c8ed58b0.js HTTP/1.1Host: apps.microsoft.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://apps.microsoft.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; exp-session-id=b6d0ece2-29a7-4143-931c-d621648d7cb8
Source: global traffic	HTTP traffic detected: GET /assets/js/collection-helper-ed90e706.js HTTP/1.1Host: apps.microsoft.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://apps.microsoft.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; exp-session-id=b6d0ece2-29a7-4143-931c-d621648d7cb8
Source: global traffic	HTTP traffic detected: GET /assets/js/paged-list-777752e9.js HTTP/1.1Host: apps.microsoft.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://apps.microsoft.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; exp-session-id=b6d0ece2-29a7-4143-931c-d621648d7cb8
Source: global traffic	HTTP traffic detected: GET /pixie?e=LandingPage&pi=e8619ae9-c189-46ef-bfc8-f39e0ac838fd&it=1727864209441&v=0.0.41&u=https%3A%2F%2Fwww.microsoft.com%2Fen-gb%2Fedge%2Fwelcome%3Fform%3DM10004%26mb03%3Dtrue&st=1727864209440&et=1727864210207&if=0&uetmsmid=ead072c6-87b6-4905-8bcf-231e8931644d&asce=0&ascc=0&tcfhl=0&tcfe=0&tcfgdpr=0&tcfc=0 HTTP/1.1Host: ib.adnxs.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /assets/js/flip-animation-helper-712a32df.js HTTP/1.1Host: apps.microsoft.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://apps.microsoft.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; exp-session-id=b6d0ece2-29a7-4143-931c-d621648d7cb8
Source: global traffic	HTTP traffic detected: GET /p/action/355008692.js HTTP/1.1Host: bat.bing.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /X-Edge-Shopping-Flag: 1Sec-MS-GEC: FF699648EBF162654E01182ED0BD24EDB1A2721B7E78C7D8756497D88A893629Sec-MS-GEC-Version: 1-117.0.2045.47Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /collect?v=2&fmt=js&pid=7850&time=1727864210223&li_adsId=c6366846-7f41-4708-9fb6-3269a23fdc13&url=https%3A%2F%2Fwww.microsoft.com%2Fen-gb%2Fedge%2Fwelcome%3Fform%3DM10004%26mb03%3Dtrue HTTP/1.1Host: px.ads.linkedin.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /assets/js/collection-types-77c388cf.js HTTP/1.1Host: apps.microsoft.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://apps.microsoft.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; exp-session-id=b6d0ece2-29a7-4143-931c-d621648d7cb8
Source: global traffic	HTTP traffic detected: GET /tr/?id=1770559986549030&ev=PageView&dl=https%3A%2F%2Fwww.microsoft.com%2Fen-gb%2Fedge%2Fwelcome%3Fform%3DM10004%26mb03%3Dtrue&rl=&if=false&ts=1727864210807&sw=1280&sh=1024&v=2.9.170&r=stable&ec=0&o=4126&fbp=fb.1.1727864210794.836094937724409315&cs_est=true&ler=empty&it=1727864210083&coo=false&rqm=GET HTTP/1.1Host: www.facebook.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /assets/icons/download-psi.svg HTTP/1.1Host: apps.microsoft.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"traceparent: 00-3b21d183801646059abf60aea5313c9b-493e3c1559104b6e-01request-id: \|3b21d183801646059abf60aea5313c9b.493e3c1559104b6esec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/apppack/edgefre?hl=en-us&gl=USAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; exp-session-id=b6d0ece2-29a7-4143-931c-d621648d7cb8; ai_user=gPFm7QcR2pV4O/zkZSC6dC\|2024-10-02T10:16:49.985Z; ai_session=KeivHP7d5TFls18euJ+R3i\|1727864209993\|1727864209993; _fbp=fb.1.1727864210794.836094937724409315; _clck=1x4xmda%7C2%7Cfpo%7C0%7C1736; _uetsid=70ac830080a711efa9fc9be06d42c5d1; _uetvid=70acc12080a711efa4bbe5908cfb5aee
Source: global traffic	HTTP traffic detected: GET /action/0?ti=355008692&Ver=2&mid=2f7ef59e-c4f4-48b2-910f-313aa21048be&sid=70ac830080a711efa9fc9be06d42c5d1&vid=70acc12080a711efa4bbe5908cfb5aee&vids=1&msclkid=N&uach=pv%3D10.0.0&pi=918639831&lg=en-GB&sw=1280&sh=1024&sc=24&tl=Welcome%20to%20Microsoft%20Edge&p=https%3A%2F%2Fwww.microsoft.com%2Fen-gb%2Fedge%2Fwelcome%3Fform%3DM10004%26mb03%3Dtrue&r=&lt=11581&evt=pageLoad&sv=1&cdb=AQAQ&rn=989132 HTTP/1.1Host: bat.bing.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8X-Edge-Shopping-Flag: 1Sec-MS-GEC: FF699648EBF162654E01182ED0BD24EDB1A2721B7E78C7D8756497D88A893629Sec-MS-GEC-Version: 1-117.0.2045.47Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /action/0?ti=355008692&Ver=2&mid=2f7ef59e-c4f4-48b2-910f-313aa21048be&sid=70ac830080a711efa9fc9be06d42c5d1&vid=70acc12080a711efa4bbe5908cfb5aee&vids=0&msclkid=N&ea=Other-Info-Screenwidth-1280&en=Y&p=https%3A%2F%2Fwww.microsoft.com%2Fen-gb%2Fedge%2Fwelcome&sw=1280&sh=1024&sc=24&evt=custom&cdb=AQAQ&rn=692432 HTTP/1.1Host: bat.bing.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8X-Edge-Shopping-Flag: 1Sec-MS-GEC: FF699648EBF162654E01182ED0BD24EDB1A2721B7E78C7D8756497D88A893629Sec-MS-GEC-Version: 1-117.0.2045.47Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /action/0?ti=355008692&Ver=2&mid=2f7ef59e-c4f4-48b2-910f-313aa21048be&sid=70ac830080a711efa9fc9be06d42c5d1&vid=70acc12080a711efa4bbe5908cfb5aee&vids=0&msclkid=N&ea=Other-Info-Screenheight-1024&en=Y&p=https%3A%2F%2Fwww.microsoft.com%2Fen-gb%2Fedge%2Fwelcome&sw=1280&sh=1024&sc=24&evt=custom&cdb=AQAQ&rn=591063 HTTP/1.1Host: bat.bing.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8X-Edge-Shopping-Flag: 1Sec-MS-GEC: FF699648EBF162654E01182ED0BD24EDB1A2721B7E78C7D8756497D88A893629Sec-MS-GEC-Version: 1-117.0.2045.47Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /action/0?ti=355008692&Ver=2&mid=2f7ef59e-c4f4-48b2-910f-313aa21048be&sid=70ac830080a711efa9fc9be06d42c5d1&vid=70acc12080a711efa4bbe5908cfb5aee&vids=0&msclkid=N&ea=Other-Info-Pixelratio-1&en=Y&p=https%3A%2F%2Fwww.microsoft.com%2Fen-gb%2Fedge%2Fwelcome&sw=1280&sh=1024&sc=24&evt=custom&cdb=AQAQ&rn=953385 HTTP/1.1Host: bat.bing.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8X-Edge-Shopping-Flag: 1Sec-MS-GEC: FF699648EBF162654E01182ED0BD24EDB1A2721B7E78C7D8756497D88A893629Sec-MS-GEC-Version: 1-117.0.2045.47Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /action/0?ti=355008692&Ver=2&mid=2f7ef59e-c4f4-48b2-910f-313aa21048be&sid=70ac830080a711efa9fc9be06d42c5d1&vid=70acc12080a711efa4bbe5908cfb5aee&vids=0&msclkid=N&ea=Action-Firstslide-AiIntro&en=Y&p=https%3A%2F%2Fwww.microsoft.com%2Fen-gb%2Fedge%2Fwelcome&sw=1280&sh=1024&sc=24&evt=custom&cdb=AQAQ&rn=399722 HTTP/1.1Host: bat.bing.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8X-Edge-Shopping-Flag: 1Sec-MS-GEC: FF699648EBF162654E01182ED0BD24EDB1A2721B7E78C7D8756497D88A893629Sec-MS-GEC-Version: 1-117.0.2045.47Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /collect?v=2&fmt=js&pid=7850&time=1727864210223&li_adsId=c6366846-7f41-4708-9fb6-3269a23fdc13&url=https%3A%2F%2Fwww.microsoft.com%2Fen-gb%2Fedge%2Fwelcome%3Fform%3DM10004%26mb03%3Dtrue&cookiesTest=true HTTP/1.1Host: px.ads.linkedin.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: li_sugr=d35b3f83-bdbb-45a3-85ce-a0229f826989; bcookie="v=2&2516b960-85ad-4191-847f-415a33eda43e"; lidc="b=TGST06:s=T:r=T:a=T:p=T:g=3013:u=1:x=1:i=1727864211:t=1727950611:v=2:sig=AQG_p4RFuAy5RLp45N0Pq_b0ZbnDEu0_"
Source: global traffic	HTTP traffic detected: GET /tag/uet/355008692?insights=1 HTTP/1.1Host: www.clarity.msConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: CLID=c6083d87285244068a54b7c1410cd9fd.20241002.20251002
Source: global traffic	HTTP traffic detected: GET /image/apps.8453.13655054093851568.4a371b72-2ce8-4bdb-9d83-be49894d3fa0.7f3687b9-847d-4f86-bb5c-c73259e2b38e?w=75 HTTP/1.1Host: store-images.s-microsoft.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://apps.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /image/apps.56161.9007199266246365.1d5a6a53-3c49-4f80-95d7-78d76b0e05d0.a3e87fea-e03e-4c0a-8f26-9ecef205fa7b?w=75 HTTP/1.1Host: store-images.s-microsoft.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://apps.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /image/apps.25776.14473651905739879.c2c2c20a-48ca-4b7a-a0c5-392cddcd557e.dbe766f0-50a3-4270-957c-d06415f86f39?w=75 HTTP/1.1Host: store-images.s-microsoft.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://apps.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /service-worker.js HTTP/1.1Host: apps.microsoft.comConnection: keep-aliveCache-Control: max-age=0Accept: /Service-Worker: scriptUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Sec-Fetch-Site: same-originSec-Fetch-Mode: same-originSec-Fetch-Dest: serviceworkerReferer: https://apps.microsoft.com/apppack/edgefre?hl=en-us&gl=USAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; exp-session-id=b6d0ece2-29a7-4143-931c-d621648d7cb8; ai_user=gPFm7QcR2pV4O/zkZSC6dC\|2024-10-02T10:16:49.985Z; ai_session=KeivHP7d5TFls18euJ+R3i\|1727864209993\|1727864209993; _fbp=fb.1.1727864210794.836094937724409315; _clck=1x4xmda%7C2%7Cfpo%7C0%7C1736
Source: global traffic	HTTP traffic detected: GET /consumers/oauth2/v2.0/authorize?client_id=929d973a-a08f-46a0-80b5-3c690ee1ee5f&scope=User.Read%20offline_access%20openid%20profile&redirect_uri=https%3A%2F%2Fapps.microsoft.com%2F&client-request-id=01924cbb-87e4-7744-aa7b-63aaf0118cbd&response_mode=fragment&response_type=code&x-client-SKU=msal.js.browser&x-client-VER=3.18.0&client_info=1&code_challenge=12wPOc1UDIDnCIHouMCWAbj0MmuWrsUyf6M21SmFz-A&code_challenge_method=S256&prompt=none&nonce=01924cbb-8810-75ee-8ce9-2c4082eafda8&state=eyJpZCI6IjAxOTI0Y2JiLTg3ZTQtNzBkZi1iZDFhLWVlMzFlYzFkOWE0YSIsIm1ldGEiOnsiaW50ZXJhY3Rpb25UeXBlIjoic2lsZW50In19 HTTP/1.1Host: login.microsoftonline.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://apps.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D7850%26time%3D1727864210223%26li_adsId%3Dc6366846-7f41-4708-9fb6-3269a23fdc13%26url%3Dhttps%253A%252F%252Fwww.microsoft.com%252Fen-gb%252Fedge%252Fwelcome%253Fform%253DM10004%2526mb03%253Dtrue%26cookiesTest%3Dtrue%26liSync%3Dtrue HTTP/1.1Host: www.linkedin.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: li_sugr=d35b3f83-bdbb-45a3-85ce-a0229f826989; bcookie="v=2&2516b960-85ad-4191-847f-415a33eda43e"; lidc="b=TGST06:s=T:r=T:a=T:p=T:g=3013:u=1:x=1:i=1727864211:t=1727950611:v=2:sig=AQG_p4RFuAy5RLp45N0Pq_b0ZbnDEu0_"; UserMatchHistory=AQIyePVLc9XnZgAAAZJMu4yU2_WgOCBxObdkN0Wk2LpTA7gLTgo39UVR7LkM-ElLklnw9wU5PMNQRQ; AnalyticsSyncHistory=AQKSK2PlgfRT2AAAAZJMu4yUVhKeSnIwUJNjMHTmLuEK0NvpIjlatlsxaB_7NFCL0oKdIIi5nD5QhsrMvCHBIw
Source: global traffic	HTTP traffic detected: GET /assets/js/_commonjsHelpers-39b5b250.js HTTP/1.1Host: apps.microsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/service-worker.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; exp-session-id=b6d0ece2-29a7-4143-931c-d621648d7cb8; ai_user=gPFm7QcR2pV4O/zkZSC6dC\|2024-10-02T10:16:49.985Z; ai_session=KeivHP7d5TFls18euJ+R3i\|1727864209993\|1727864209993; _fbp=fb.1.1727864210794.836094937724409315; _clck=1x4xmda%7C2%7Cfpo%7C0%7C1736; _uetsid=70ac830080a711efa9fc9be06d42c5d1; _uetvid=70acc12080a711efa4bbe5908cfb5aee; _clsk=z8aa33%7C1727864211918%7C1%7C0%7Ct.clarity.ms%2Fcollect
Source: global traffic	HTTP traffic detected: GET /collect?v=2&fmt=js&pid=7850&time=1727864210223&li_adsId=c6366846-7f41-4708-9fb6-3269a23fdc13&url=https%3A%2F%2Fwww.microsoft.com%2Fen-gb%2Fedge%2Fwelcome%3Fform%3DM10004%26mb03%3Dtrue&cookiesTest=true&liSync=true HTTP/1.1Host: px.ads.linkedin.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: li_sugr=d35b3f83-bdbb-45a3-85ce-a0229f826989; bcookie="v=2&2516b960-85ad-4191-847f-415a33eda43e"; lidc="b=TGST06:s=T:r=T:a=T:p=T:g=3013:u=1:x=1:i=1727864211:t=1727950611:v=2:sig=AQG_p4RFuAy5RLp45N0Pq_b0ZbnDEu0_"; UserMatchHistory=AQIyePVLc9XnZgAAAZJMu4yU2_WgOCBxObdkN0Wk2LpTA7gLTgo39UVR7LkM-ElLklnw9wU5PMNQRQ; AnalyticsSyncHistory=AQKSK2PlgfRT2AAAAZJMu4yUVhKeSnIwUJNjMHTmLuEK0NvpIjlatlsxaB_7NFCL0oKdIIi5nD5QhsrMvCHBIw
Source: global traffic	HTTP traffic detected: GET /offline.html HTTP/1.1Host: apps.microsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/service-worker.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; exp-session-id=b6d0ece2-29a7-4143-931c-d621648d7cb8; ai_user=gPFm7QcR2pV4O/zkZSC6dC\|2024-10-02T10:16:49.985Z; ai_session=KeivHP7d5TFls18euJ+R3i\|1727864209993\|1727864209993; _fbp=fb.1.1727864210794.836094937724409315; _clck=1x4xmda%7C2%7Cfpo%7C0%7C1736; _uetsid=70ac830080a711efa9fc9be06d42c5d1; _uetvid=70acc12080a711efa4bbe5908cfb5aee; _clsk=z8aa33%7C1727864211918%7C1%7C0%7Ct.clarity.ms%2Fcollect
Source: global traffic	HTTP traffic detected: GET /shared/cms/lrs1c69a1j/section-videos/3dd826a043744d6cbfe55165a35a8ec8.mp4 HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Accept-Encoding: identity;q=1, ;q=0sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: videoReferer: https://www.microsoft.com/Accept-Language: en-GB,en;q=0.9,en-US;q=0.8Range: bytes=32768-
Source: global traffic	HTTP traffic detected: GET /assets/js/about-b1ba6593.js HTTP/1.1Host: apps.microsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/service-worker.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; exp-session-id=b6d0ece2-29a7-4143-931c-d621648d7cb8; ai_user=gPFm7QcR2pV4O/zkZSC6dC\|2024-10-02T10:16:49.985Z; ai_session=KeivHP7d5TFls18euJ+R3i\|1727864209993\|1727864209993; _fbp=fb.1.1727864210794.836094937724409315; _clck=1x4xmda%7C2%7Cfpo%7C0%7C1736; _uetsid=70ac830080a711efa9fc9be06d42c5d1; _uetvid=70acc12080a711efa4bbe5908cfb5aee; _clsk=z8aa33%7C1727864211918%7C1%7C0%7Ct.clarity.ms%2Fcollect; MC1=GUID=40944b817c6f43219ea5caba422ead52&HASH=4094&LV=202410&V=4&LU=1727864214076; MS0=5d5a28dc628a46d8918acde28b77f98f
Source: global traffic	HTTP traffic detected: GET /oauth20_authorize.srf?client_id=929d973a-a08f-46a0-80b5-3c690ee1ee5f&scope=User.Read+offline_access+openid+profile&redirect_uri=https%3a%2f%2fapps.microsoft.com%2f&response_type=code&state=eyJpZCI6IjAxOTI0Y2JiLTg3ZTQtNzBkZi1iZDFhLWVlMzFlYzFkOWE0YSIsIm1ldGEiOnsiaW50ZXJhY3Rpb25UeXBlIjoic2lsZW50In19&response_mode=fragment&nonce=01924cbb-8810-75ee-8ce9-2c4082eafda8&prompt=none&code_challenge=NzfLDfZZ9pa9p594AEIvEIVcYy8SF9QRmo7u5zhFThU&code_challenge_method=S256&x-client-SKU=msal.js.browser&x-client-Ver=3.18.0&uaid=01924cbb87e47744aa7b63aaf0118cbd&msproxy=1&issuer=mso&tenant=consumers&ui_locales=en-GB&client_info=1&epct=PAQABDgEAAADW6jl31mB3T7ugrWTT8pFewSlPCygvk1lyVk6poWg0cXhJYK5z7bDUkD84hYnFfpGk3Dqr8p-SQwUSFQo5nwp3L68_LzPzWl5zH1OvuQD7NdyuHDbID_p9Jf4HLB5epgLIUALB3rtkYUSQiYgSVPxYXqac_1W8-J_7c4W3yxQ9bEdyMvnVmMGhSZsTYIASrVH9UgXMbgwz3xj-5Qd_uUH7-FDN9pHWVUPGxJLoz3Q_BSAA&jshs=0 HTTP/1.1Host: login.live.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Referer: https://apps.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /assets/js/additional-info-b4cc1e57.js HTTP/1.1Host: apps.microsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/service-worker.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; exp-session-id=b6d0ece2-29a7-4143-931c-d621648d7cb8; ai_user=gPFm7QcR2pV4O/zkZSC6dC\|2024-10-02T10:16:49.985Z; ai_session=KeivHP7d5TFls18euJ+R3i\|1727864209993\|1727864209993; _fbp=fb.1.1727864210794.836094937724409315; _clck=1x4xmda%7C2%7Cfpo%7C0%7C1736; _uetsid=70ac830080a711efa9fc9be06d42c5d1; _uetvid=70acc12080a711efa4bbe5908cfb5aee; _clsk=z8aa33%7C1727864211918%7C1%7C0%7Ct.clarity.ms%2Fcollect; MC1=GUID=40944b817c6f43219ea5caba422ead52&HASH=4094&LV=202410&V=4&LU=1727864214076; MS0=5d5a28dc628a46d8918acde28b77f98f
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: apps.microsoft.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Referer: https://apps.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; exp-session-id=b6d0ece2-29a7-4143-931c-d621648d7cb8; ai_user=gPFm7QcR2pV4O/zkZSC6dC\|2024-10-02T10:16:49.985Z; ai_session=KeivHP7d5TFls18euJ+R3i\|1727864209993\|1727864209993; _fbp=fb.1.1727864210794.836094937724409315; _clck=1x4xmda%7C2%7Cfpo%7C0%7C1736; _uetsid=70ac830080a711efa9fc9be06d42c5d1; _uetvid=70acc12080a711efa4bbe5908cfb5aee; _clsk=z8aa33%7C1727864211918%7C1%7C0%7Ct.clarity.ms%2Fcollect; MC1=GUID=40944b817c6f43219ea5caba422ead52&HASH=4094&LV=202410&V=4&LU=1727864214076; MS0=5d5a28dc628a46d8918acde28b77f98f
Source: global traffic	HTTP traffic detected: GET /assets/js/alert-service-3c7acae3.js HTTP/1.1Host: apps.microsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/service-worker.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; exp-session-id=b6d0ece2-29a7-4143-931c-d621648d7cb8; ai_user=gPFm7QcR2pV4O/zkZSC6dC\|2024-10-02T10:16:49.985Z; ai_session=KeivHP7d5TFls18euJ+R3i\|1727864209993\|1727864209993; _fbp=fb.1.1727864210794.836094937724409315; _clck=1x4xmda%7C2%7Cfpo%7C0%7C1736; _uetsid=70ac830080a711efa9fc9be06d42c5d1; _uetvid=70acc12080a711efa4bbe5908cfb5aee; _clsk=z8aa33%7C1727864211918%7C1%7C0%7Ct.clarity.ms%2Fcollect; MC1=GUID=40944b817c6f43219ea5caba422ead52&HASH=4094&LV=202410&V=4&LU=1727864214076; MS0=5d5a28dc628a46d8918acde28b77f98f
Source: global traffic	HTTP traffic detected: GET /?hl=en-gb&gl=US HTTP/1.1Host: apps.microsoft.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Referer: https://apps.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; exp-session-id=b6d0ece2-29a7-4143-931c-d621648d7cb8; ai_user=gPFm7QcR2pV4O/zkZSC6dC\|2024-10-02T10:16:49.985Z; ai_session=KeivHP7d5TFls18euJ+R3i\|1727864209993\|1727864209993; _fbp=fb.1.1727864210794.836094937724409315; _clck=1x4xmda%7C2%7Cfpo%7C0%7C1736; _uetsid=70ac830080a711efa9fc9be06d42c5d1; _uetvid=70acc12080a711efa4bbe5908cfb5aee; _clsk=z8aa33%7C1727864211918%7C1%7C0%7Ct.clarity.ms%2Fcollect; MC1=GUID=40944b817c6f43219ea5caba422ead52&HASH=4094&LV=202410&V=4&LU=1727864214076; MS0=5d5a28dc628a46d8918acde28b77f98f
Source: global traffic	HTTP traffic detected: GET /assets/js/app-badge-dd910ddd.js HTTP/1.1Host: apps.microsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/service-worker.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; exp-session-id=b6d0ece2-29a7-4143-931c-d621648d7cb8; ai_user=gPFm7QcR2pV4O/zkZSC6dC\|2024-10-02T10:16:49.985Z; ai_session=KeivHP7d5TFls18euJ+R3i\|1727864209993\|1727864209993; _fbp=fb.1.1727864210794.836094937724409315; _clck=1x4xmda%7C2%7Cfpo%7C0%7C1736; _uetsid=70ac830080a711efa9fc9be06d42c5d1; _uetvid=70acc12080a711efa4bbe5908cfb5aee; _clsk=z8aa33%7C1727864211918%7C1%7C0%7Ct.clarity.ms%2Fcollect; MC1=GUID=40944b817c6f43219ea5caba422ead52&HASH=4094&LV=202410&V=4&LU=1727864214076; MS0=5d5a28dc628a46d8918acde28b77f98f
Source: global traffic	HTTP traffic detected: GET /welcome/static/favicon.png HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /c.gif HTTP/1.1Host: c.clarity.msConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /assets/js/apps-565c0e30.js HTTP/1.1Host: apps.microsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/service-worker.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; exp-session-id=b6d0ece2-29a7-4143-931c-d621648d7cb8; ai_user=gPFm7QcR2pV4O/zkZSC6dC\|2024-10-02T10:16:49.985Z; ai_session=KeivHP7d5TFls18euJ+R3i\|1727864209993\|1727864209993; _fbp=fb.1.1727864210794.836094937724409315; _clck=1x4xmda%7C2%7Cfpo%7C0%7C1736; _uetsid=70ac830080a711efa9fc9be06d42c5d1; _uetvid=70acc12080a711efa4bbe5908cfb5aee; _clsk=z8aa33%7C1727864211918%7C1%7C0%7Ct.clarity.ms%2Fcollect; MC1=GUID=40944b817c6f43219ea5caba422ead52&HASH=4094&LV=202410&V=4&LU=1727864214076; MS0=5d5a28dc628a46d8918acde28b77f98f
Source: global traffic	HTTP traffic detected: GET /c.gif?ctsa=mr&CtsSyncId=8145D78C597043718658058358F19F5A&RedC=c.clarity.ms&MXFR=29D059AB96C76E5E0C754CA792C7607D HTTP/1.1Host: c.bing.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageSec-MS-GEC: FF699648EBF162654E01182ED0BD24EDB1A2721B7E78C7D8756497D88A893629Sec-MS-GEC-Version: 1-117.0.2045.47Referer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MUID=2609E576E1796E461EBDF07AE01B6F4F
Source: global traffic	HTTP traffic detected: GET /assets/js/auth-control-b8e249cd.js HTTP/1.1Host: apps.microsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/service-worker.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; exp-session-id=b6d0ece2-29a7-4143-931c-d621648d7cb8; ai_user=gPFm7QcR2pV4O/zkZSC6dC\|2024-10-02T10:16:49.985Z; ai_session=KeivHP7d5TFls18euJ+R3i\|1727864209993\|1727864209993; _fbp=fb.1.1727864210794.836094937724409315; _clck=1x4xmda%7C2%7Cfpo%7C0%7C1736; _uetsid=70ac830080a711efa9fc9be06d42c5d1; _uetvid=70acc12080a711efa4bbe5908cfb5aee; _clsk=z8aa33%7C1727864211918%7C1%7C0%7Ct.clarity.ms%2Fcollect; MC1=GUID=40944b817c6f43219ea5caba422ead52&HASH=4094&LV=202410&V=4&LU=1727864214076; MS0=5d5a28dc628a46d8918acde28b77f98f
Source: global traffic	HTTP traffic detected: GET /c.gif?ctsa=mr&CtsSyncId=8145D78C597043718658058358F19F5A&MUID=2609E576E1796E461EBDF07AE01B6F4F HTTP/1.1Host: c.clarity.msConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: SM=T; MUID=29D059AB96C76E5E0C754CA792C7607D
Source: global traffic	HTTP traffic detected: GET /assets/js/cms-page-6f3814da.js HTTP/1.1Host: apps.microsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/service-worker.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; exp-session-id=b6d0ece2-29a7-4143-931c-d621648d7cb8; ai_user=gPFm7QcR2pV4O/zkZSC6dC\|2024-10-02T10:16:49.985Z; ai_session=KeivHP7d5TFls18euJ+R3i\|1727864209993\|1727864209993; _fbp=fb.1.1727864210794.836094937724409315; _clck=1x4xmda%7C2%7Cfpo%7C0%7C1736; _uetsid=70ac830080a711efa9fc9be06d42c5d1; _uetvid=70acc12080a711efa4bbe5908cfb5aee; _clsk=z8aa33%7C1727864211918%7C1%7C0%7Ct.clarity.ms%2Fcollect; MC1=GUID=40944b817c6f43219ea5caba422ead52&HASH=4094&LV=202410&V=4&LU=1727864214076; MS0=5d5a28dc628a46d8918acde28b77f98f
Source: global traffic	HTTP traffic detected: GET /assets/js/collection-group-9730b6e8.js HTTP/1.1Host: apps.microsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/service-worker.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; exp-session-id=b6d0ece2-29a7-4143-931c-d621648d7cb8; ai_user=gPFm7QcR2pV4O/zkZSC6dC\|2024-10-02T10:16:49.985Z; ai_session=KeivHP7d5TFls18euJ+R3i\|1727864209993\|1727864209993; _fbp=fb.1.1727864210794.836094937724409315; _clck=1x4xmda%7C2%7Cfpo%7C0%7C1736; _uetsid=70ac830080a711efa9fc9be06d42c5d1; _uetvid=70acc12080a711efa4bbe5908cfb5aee; _clsk=z8aa33%7C1727864211918%7C1%7C0%7Ct.clarity.ms%2Fcollect; MC1=GUID=40944b817c6f43219ea5caba422ead52&HASH=4094&LV=202410&V=4&LU=1727864214076; MS0=5d5a28dc628a46d8918acde28b77f98f
Source: global traffic	HTTP traffic detected: GET /assets/js/collection-reel-group-3ecad3dd.js HTTP/1.1Host: apps.microsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/service-worker.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; exp-session-id=b6d0ece2-29a7-4143-931c-d621648d7cb8; ai_user=gPFm7QcR2pV4O/zkZSC6dC\|2024-10-02T10:16:49.985Z; ai_session=KeivHP7d5TFls18euJ+R3i\|1727864209993\|1727864209993; _fbp=fb.1.1727864210794.836094937724409315; _clck=1x4xmda%7C2%7Cfpo%7C0%7C1736; _uetsid=70ac830080a711efa9fc9be06d42c5d1; _uetvid=70acc12080a711efa4bbe5908cfb5aee; _clsk=z8aa33%7C1727864211918%7C1%7C0%7Ct.clarity.ms%2Fcollect; MC1=GUID=40944b817c6f43219ea5caba422ead52&HASH=4094&LV=202410&V=4&LU=1727864214076; MS0=5d5a28dc628a46d8918acde28b77f98f
Source: global traffic	HTTP traffic detected: GET /assets/js/collections-0ef93cf0.js HTTP/1.1Host: apps.microsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/service-worker.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; exp-session-id=b6d0ece2-29a7-4143-931c-d621648d7cb8; ai_user=gPFm7QcR2pV4O/zkZSC6dC\|2024-10-02T10:16:49.985Z; ai_session=KeivHP7d5TFls18euJ+R3i\|1727864209993\|1727864209993; _fbp=fb.1.1727864210794.836094937724409315; _clck=1x4xmda%7C2%7Cfpo%7C0%7C1736; _uetsid=70ac830080a711efa9fc9be06d42c5d1; _uetvid=70acc12080a711efa4bbe5908cfb5aee; _clsk=z8aa33%7C1727864211918%7C1%7C0%7Ct.clarity.ms%2Fcollect; MC1=GUID=40944b817c6f43219ea5caba422ead52&HASH=4094&LV=202410&V=4&LU=1727864214076; MS0=5d5a28dc628a46d8918acde28b77f98f
Source: global traffic	HTTP traffic detected: GET /assets/js/collections-browse-06db3db6.js HTTP/1.1Host: apps.microsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/service-worker.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; exp-session-id=b6d0ece2-29a7-4143-931c-d621648d7cb8; ai_user=gPFm7QcR2pV4O/zkZSC6dC\|2024-10-02T10:16:49.985Z; ai_session=KeivHP7d5TFls18euJ+R3i\|1727864209993\|1727864209993; _fbp=fb.1.1727864210794.836094937724409315; _clck=1x4xmda%7C2%7Cfpo%7C0%7C1736; _uetsid=70ac830080a711efa9fc9be06d42c5d1; _uetvid=70acc12080a711efa4bbe5908cfb5aee; _clsk=z8aa33%7C1727864211918%7C1%7C0%7Ct.clarity.ms%2Fcollect; MC1=GUID=40944b817c6f43219ea5caba422ead52&HASH=4094&LV=202410&V=4&LU=1727864214076; MS0=5d5a28dc628a46d8918acde28b77f98f
Source: global traffic	HTTP traffic detected: GET /assets/js/collections-test-fd3115fd.js HTTP/1.1Host: apps.microsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/service-worker.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; exp-session-id=b6d0ece2-29a7-4143-931c-d621648d7cb8; ai_user=gPFm7QcR2pV4O/zkZSC6dC\|2024-10-02T10:16:49.985Z; ai_session=KeivHP7d5TFls18euJ+R3i\|1727864209993\|1727864209993; _fbp=fb.1.1727864210794.836094937724409315; _clck=1x4xmda%7C2%7Cfpo%7C0%7C1736; _uetsid=70ac830080a711efa9fc9be06d42c5d1; _uetvid=70acc12080a711efa4bbe5908cfb5aee; _clsk=z8aa33%7C1727864211918%7C1%7C0%7Ct.clarity.ms%2Fcollect; MC1=GUID=40944b817c6f43219ea5caba422ead52&HASH=4094&LV=202410&V=4&LU=1727864214076; MS0=5d5a28dc628a46d8918acde28b77f98f
Source: global traffic	HTTP traffic detected: GET /hit/?a=event&d=%7B%22application%22%3A%22szndesktop%22%2C%22signedhash%22%3A%220%22%2C%22action%22%3A%22install_ie%22%2C%22status%22%3A0%2C%22osbuild%22%3A19045%2C%22osarch%22%3A9%2C%22iever%22%3A%2211.00.19041.1%20%28WinBuild.160101.0800%29%22%7D&s=partprog&v=2.1.35&r=1218851696&u=http://www.seznam.cz&h=B0B7C794-8699-4634-B6F9-24DA47BBD8EF&lsid=1727870994840&lses=0 HTTP/1.1Host: h.imedia.cz
Source: global traffic	HTTP traffic detected: GET /assets/js/color-worker-bb651d13.js HTTP/1.1Host: apps.microsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/service-worker.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; exp-session-id=b6d0ece2-29a7-4143-931c-d621648d7cb8; ai_user=gPFm7QcR2pV4O/zkZSC6dC\|2024-10-02T10:16:49.985Z; ai_session=KeivHP7d5TFls18euJ+R3i\|1727864209993\|1727864209993; _fbp=fb.1.1727864210794.836094937724409315; _clck=1x4xmda%7C2%7Cfpo%7C0%7C1736; _uetsid=70ac830080a711efa9fc9be06d42c5d1; _uetvid=70acc12080a711efa4bbe5908cfb5aee; _clsk=z8aa33%7C1727864211918%7C1%7C0%7Ct.clarity.ms%2Fcollect; MC1=GUID=40944b817c6f43219ea5caba422ead52&HASH=4094&LV=202410&V=4&LU=1727864214076; MS0=5d5a28dc628a46d8918acde28b77f98f
Source: global traffic	HTTP traffic detected: GET /assets/js/component-telemetry-ids-fc9d7e15.js HTTP/1.1Host: apps.microsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/service-worker.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; exp-session-id=b6d0ece2-29a7-4143-931c-d621648d7cb8; ai_user=gPFm7QcR2pV4O/zkZSC6dC\|2024-10-02T10:16:49.985Z; ai_session=KeivHP7d5TFls18euJ+R3i\|1727864209993\|1727864209993; _fbp=fb.1.1727864210794.836094937724409315; _clck=1x4xmda%7C2%7Cfpo%7C0%7C1736; _uetsid=70ac830080a711efa9fc9be06d42c5d1; _uetvid=70acc12080a711efa4bbe5908cfb5aee; _clsk=z8aa33%7C1727864211918%7C1%7C0%7Ct.clarity.ms%2Fcollect; MC1=GUID=40944b817c6f43219ea5caba422ead52&HASH=4094&LV=202410&V=4&LU=1727864214076; MS0=5d5a28dc628a46d8918acde28b77f98f
Source: global traffic	HTTP traffic detected: GET /assets/js/dash.all.min-f4f61554.js HTTP/1.1Host: apps.microsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/service-worker.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; exp-session-id=b6d0ece2-29a7-4143-931c-d621648d7cb8; ai_user=gPFm7QcR2pV4O/zkZSC6dC\|2024-10-02T10:16:49.985Z; ai_session=KeivHP7d5TFls18euJ+R3i\|1727864209993\|1727864209993; _fbp=fb.1.1727864210794.836094937724409315; _clck=1x4xmda%7C2%7Cfpo%7C0%7C1736; _uetsid=70ac830080a711efa9fc9be06d42c5d1; _uetvid=70acc12080a711efa4bbe5908cfb5aee; _clsk=z8aa33%7C1727864211918%7C1%7C0%7Ct.clarity.ms%2Fcollect; MC1=GUID=40944b817c6f43219ea5caba422ead52&HASH=4094&LV=202410&V=4&LU=1727864214076; MS0=5d5a28dc628a46d8918acde28b77f98f
Source: global traffic	HTTP traffic detected: GET /hit/?a=event&d=%7B%22action%22%3A%22startup%22%2C%22application%22%3A%22szndesktop%22%2C%22signedhash%22%3A%220%22%2C%22chrv%22%3A16%2C%22che%22%3A16%2C%22chs%22%3A16%2C%22ches%22%3A16%2C%22ie%22%3A1%2C%22osbuild%22%3A19045%2C%22osarch%22%3A9%2C%22chver%22%3A%22117.0.5938.132%22%2C%22ffver%22%3A%22118.0.1%22%2C%22iever%22%3A%2211.00.19041.1%20%28WinBuild.160101.0800%29%22%7D&s=partprog&v=2.1.35&r=-442691421&u=http://www.seznam.cz&h=B0B7C794-8699-4634-B6F9-24DA47BBD8EF&lsid=1727870998589&lses=1727870994840 HTTP/1.1Host: h.imedia.cz
Source: global traffic	HTTP traffic detected: GET /assets/js/dash.mss.min-9e6d10cc.js HTTP/1.1Host: apps.microsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/service-worker.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; exp-session-id=b6d0ece2-29a7-4143-931c-d621648d7cb8; ai_user=gPFm7QcR2pV4O/zkZSC6dC\|2024-10-02T10:16:49.985Z; ai_session=KeivHP7d5TFls18euJ+R3i\|1727864209993\|1727864209993; _fbp=fb.1.1727864210794.836094937724409315; _clck=1x4xmda%7C2%7Cfpo%7C0%7C1736; _uetsid=70ac830080a711efa9fc9be06d42c5d1; _uetvid=70acc12080a711efa4bbe5908cfb5aee; _clsk=z8aa33%7C1727864211918%7C1%7C0%7Ct.clarity.ms%2Fcollect; MC1=GUID=40944b817c6f43219ea5caba422ead52&HASH=4094&LV=202410&V=4&LU=1727864214076; MS0=5d5a28dc628a46d8918acde28b77f98f
Source: global traffic	HTTP traffic detected: GET /assets/js/editorial-aabeb52f.js HTTP/1.1Host: apps.microsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/service-worker.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; exp-session-id=b6d0ece2-29a7-4143-931c-d621648d7cb8; ai_user=gPFm7QcR2pV4O/zkZSC6dC\|2024-10-02T10:16:49.985Z; ai_session=KeivHP7d5TFls18euJ+R3i\|1727864209993\|1727864209993; _fbp=fb.1.1727864210794.836094937724409315; _clck=1x4xmda%7C2%7Cfpo%7C0%7C1736; _uetsid=70ac830080a711efa9fc9be06d42c5d1; _uetvid=70acc12080a711efa4bbe5908cfb5aee; _clsk=z8aa33%7C1727864211918%7C1%7C0%7Ct.clarity.ms%2Fcollect; MC1=GUID=40944b817c6f43219ea5caba422ead52&HASH=4094&LV=202410&V=4&LU=1727864214076; MS0=5d5a28dc628a46d8918acde28b77f98f
Source: global traffic	HTTP traffic detected: GET /hit/?a=event&d=%7B%22application%22%3A%22szndesktop%22%2C%22signedhash%22%3A%220%22%2C%22action%22%3A%22install_ff%22%2C%22status%22%3A0%2C%22osbuild%22%3A19045%2C%22osarch%22%3A9%2C%22ffver%22%3A%22118.0.1%22%7D&s=partprog&v=2.1.35&r=-845759909&u=http://www.seznam.cz&h=B0B7C794-8699-4634-B6F9-24DA47BBD8EF&lsid=1727871000747&lses=1727870998589 HTTP/1.1Host: h.imedia.cz
Source: global traffic	HTTP traffic detected: GET /assets/js/error-cba35c53.js HTTP/1.1Host: apps.microsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/service-worker.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; exp-session-id=b6d0ece2-29a7-4143-931c-d621648d7cb8; ai_user=gPFm7QcR2pV4O/zkZSC6dC\|2024-10-02T10:16:49.985Z; ai_session=KeivHP7d5TFls18euJ+R3i\|1727864209993\|1727864209993; _fbp=fb.1.1727864210794.836094937724409315; _clck=1x4xmda%7C2%7Cfpo%7C0%7C1736; _uetsid=70ac830080a711efa9fc9be06d42c5d1; _uetvid=70acc12080a711efa4bbe5908cfb5aee; _clsk=z8aa33%7C1727864211918%7C1%7C0%7Ct.clarity.ms%2Fcollect; MC1=GUID=40944b817c6f43219ea5caba422ead52&HASH=4094&LV=202410&V=4&LU=1727864214076; MS0=5d5a28dc628a46d8918acde28b77f98f
Source: global traffic	HTTP traffic detected: GET /assets/js/filter-menu.styles-c22dcbf5.js HTTP/1.1Host: apps.microsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/service-worker.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; exp-session-id=b6d0ece2-29a7-4143-931c-d621648d7cb8; ai_user=gPFm7QcR2pV4O/zkZSC6dC\|2024-10-02T10:16:49.985Z; ai_session=KeivHP7d5TFls18euJ+R3i\|1727864209993\|1727864209993; _fbp=fb.1.1727864210794.836094937724409315; _clck=1x4xmda%7C2%7Cfpo%7C0%7C1736; _uetsid=70ac830080a711efa9fc9be06d42c5d1; _uetvid=70acc12080a711efa4bbe5908cfb5aee; _clsk=z8aa33%7C1727864211918%7C1%7C0%7Ct.clarity.ms%2Fcollect; MC1=GUID=40944b817c6f43219ea5caba422ead52&HASH=4094&LV=202410&V=4&LU=1727864214076; MS0=5d5a28dc628a46d8918acde28b77f98f
Source: global traffic	HTTP traffic detected: GET /hit/?a=event&d=%7B%22application%22%3A%22szndesktop%22%2C%22signedhash%22%3A%220%22%2C%22action%22%3A%22install_ff%22%2C%22status%22%3A0%2C%22osbuild%22%3A19045%2C%22osarch%22%3A9%2C%22ffver%22%3A%22118.0.1%22%7D&s=partprog&v=2.1.35&r=-1701293468&u=http://www.seznam.cz&h=B0B7C794-8699-4634-B6F9-24DA47BBD8EF&lsid=1727871002951&lses=1727871000747 HTTP/1.1Host: h.imedia.cz
Source: global traffic	HTTP traffic detected: GET /assets/js/flip-animation-demo-c4c759ed.js HTTP/1.1Host: apps.microsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/service-worker.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; exp-session-id=b6d0ece2-29a7-4143-931c-d621648d7cb8; ai_user=gPFm7QcR2pV4O/zkZSC6dC\|2024-10-02T10:16:49.985Z; ai_session=KeivHP7d5TFls18euJ+R3i\|1727864209993\|1727864209993; _fbp=fb.1.1727864210794.836094937724409315; _clck=1x4xmda%7C2%7Cfpo%7C0%7C1736; _uetsid=70ac830080a711efa9fc9be06d42c5d1; _uetvid=70acc12080a711efa4bbe5908cfb5aee; _clsk=z8aa33%7C1727864211918%7C1%7C0%7Ct.clarity.ms%2Fcollect; MC1=GUID=40944b817c6f43219ea5caba422ead52&HASH=4094&LV=202410&V=4&LU=1727864214076; MS0=5d5a28dc628a46d8918acde28b77f98f
Source: global traffic	HTTP traffic detected: GET /assets/js/footer-menu-93708975.js HTTP/1.1Host: apps.microsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/service-worker.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; exp-session-id=b6d0ece2-29a7-4143-931c-d621648d7cb8; ai_user=gPFm7QcR2pV4O/zkZSC6dC\|2024-10-02T10:16:49.985Z; ai_session=KeivHP7d5TFls18euJ+R3i\|1727864209993\|1727864209993; _fbp=fb.1.1727864210794.836094937724409315; _clck=1x4xmda%7C2%7Cfpo%7C0%7C1736; _uetsid=70ac830080a711efa9fc9be06d42c5d1; _uetvid=70acc12080a711efa4bbe5908cfb5aee; _clsk=z8aa33%7C1727864211918%7C1%7C0%7Ct.clarity.ms%2Fcollect; MC1=GUID=40944b817c6f43219ea5caba422ead52&HASH=4094&LV=202410&V=4&LU=1727864214076; MS0=5d5a28dc628a46d8918acde28b77f98f
Source: global traffic	HTTP traffic detected: GET /assets/js/gaming-97ae1c62.js HTTP/1.1Host: apps.microsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/service-worker.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; exp-session-id=b6d0ece2-29a7-4143-931c-d621648d7cb8; ai_user=gPFm7QcR2pV4O/zkZSC6dC\|2024-10-02T10:16:49.985Z; ai_session=KeivHP7d5TFls18euJ+R3i\|1727864209993\|1727864209993; _fbp=fb.1.1727864210794.836094937724409315; _clck=1x4xmda%7C2%7Cfpo%7C0%7C1736; _uetsid=70ac830080a711efa9fc9be06d42c5d1; _uetvid=70acc12080a711efa4bbe5908cfb5aee; _clsk=z8aa33%7C1727864211918%7C1%7C0%7Ct.clarity.ms%2Fcollect; MC1=GUID=40944b817c6f43219ea5caba422ead52&HASH=4094&LV=202410&V=4&LU=1727864214076; MS0=5d5a28dc628a46d8918acde28b77f98f
Source: global traffic	HTTP traffic detected: GET /assets/js/header-1ef6623c.js HTTP/1.1Host: apps.microsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/service-worker.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; exp-session-id=b6d0ece2-29a7-4143-931c-d621648d7cb8; ai_user=gPFm7QcR2pV4O/zkZSC6dC\|2024-10-02T10:16:49.985Z; ai_session=KeivHP7d5TFls18euJ+R3i\|1727864209993\|1727864209993; _fbp=fb.1.1727864210794.836094937724409315; _clck=1x4xmda%7C2%7Cfpo%7C0%7C1736; _uetsid=70ac830080a711efa9fc9be06d42c5d1; _uetvid=70acc12080a711efa4bbe5908cfb5aee; _clsk=z8aa33%7C1727864211918%7C1%7C0%7Ct.clarity.ms%2Fcollect; MC1=GUID=40944b817c6f43219ea5caba422ead52&HASH=4094&LV=202410&V=4&LU=1727864214076; MS0=5d5a28dc628a46d8918acde28b77f98f
Source: global traffic	HTTP traffic detected: GET /assets/js/home-38153ab0.js HTTP/1.1Host: apps.microsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/service-worker.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; exp-session-id=b6d0ece2-29a7-4143-931c-d621648d7cb8; ai_user=gPFm7QcR2pV4O/zkZSC6dC\|2024-10-02T10:16:49.985Z; ai_session=KeivHP7d5TFls18euJ+R3i\|1727864209993\|1727864209993; _fbp=fb.1.1727864210794.836094937724409315; _clck=1x4xmda%7C2%7Cfpo%7C0%7C1736; _uetsid=70ac830080a711efa9fc9be06d42c5d1; _uetvid=70acc12080a711efa4bbe5908cfb5aee; _clsk=z8aa33%7C1727864211918%7C1%7C0%7Ct.clarity.ms%2Fcollect; MC1=GUID=40944b817c6f43219ea5caba422ead52&HASH=4094&LV=202410&V=4&LU=1727864214076; MS0=5d5a28dc628a46d8918acde28b77f98f
Source: global traffic	HTTP traffic detected: GET /assets/js/index-d961e0b8.js HTTP/1.1Host: apps.microsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/service-worker.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; exp-session-id=b6d0ece2-29a7-4143-931c-d621648d7cb8; ai_user=gPFm7QcR2pV4O/zkZSC6dC\|2024-10-02T10:16:49.985Z; ai_session=KeivHP7d5TFls18euJ+R3i\|1727864209993\|1727864209993; _fbp=fb.1.1727864210794.836094937724409315; _clck=1x4xmda%7C2%7Cfpo%7C0%7C1736; _uetsid=70ac830080a711efa9fc9be06d42c5d1; _uetvid=70acc12080a711efa4bbe5908cfb5aee; _clsk=z8aa33%7C1727864211918%7C1%7C0%7Ct.clarity.ms%2Fcollect; MC1=GUID=40944b817c6f43219ea5caba422ead52&HASH=4094&LV=202410&V=4&LU=1727864214076; MS0=5d5a28dc628a46d8918acde28b77f98f
Source: global traffic	HTTP traffic detected: GET /assets/js/info-card-cf23577c.js HTTP/1.1Host: apps.microsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/service-worker.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; exp-session-id=b6d0ece2-29a7-4143-931c-d621648d7cb8; ai_user=gPFm7QcR2pV4O/zkZSC6dC\|2024-10-02T10:16:49.985Z; ai_session=KeivHP7d5TFls18euJ+R3i\|1727864209993\|1727864209993; _fbp=fb.1.1727864210794.836094937724409315; _clck=1x4xmda%7C2%7Cfpo%7C0%7C1736; _uetsid=70ac830080a711efa9fc9be06d42c5d1; _uetvid=70acc12080a711efa4bbe5908cfb5aee; _clsk=z8aa33%7C1727864211918%7C1%7C0%7Ct.clarity.ms%2Fcollect; MC1=GUID=40944b817c6f43219ea5caba422ead52&HASH=4094&LV=202410&V=4&LU=1727864214076; MS0=5d5a28dc628a46d8918acde28b77f98f
Source: global traffic	HTTP traffic detected: GET /assets/js/info-panel-f1f0caf0.js HTTP/1.1Host: apps.microsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/service-worker.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; exp-session-id=b6d0ece2-29a7-4143-931c-d621648d7cb8; ai_user=gPFm7QcR2pV4O/zkZSC6dC\|2024-10-02T10:16:49.985Z; ai_session=KeivHP7d5TFls18euJ+R3i\|1727864209993\|1727864209993; _fbp=fb.1.1727864210794.836094937724409315; _clck=1x4xmda%7C2%7Cfpo%7C0%7C1736; _uetsid=70ac830080a711efa9fc9be06d42c5d1; _uetvid=70acc12080a711efa4bbe5908cfb5aee; _clsk=z8aa33%7C1727864211918%7C1%7C0%7Ct.clarity.ms%2Fcollect; MC1=GUID=40944b817c6f43219ea5caba422ead52&HASH=4094&LV=202410&V=4&LU=1727864214076; MS0=5d5a28dc628a46d8918acde28b77f98f
Source: global traffic	HTTP traffic detected: GET /hit/?a=event&d=%7B%22action%22%3A%22startup%22%2C%22application%22%3A%22szndesktop%22%2C%22signedhash%22%3A%220%22%2C%22chrv%22%3A48%2C%22che%22%3A48%2C%22chs%22%3A16%2C%22ches%22%3A16%2C%22ie%22%3A1%2C%22osbuild%22%3A19045%2C%22osarch%22%3A9%2C%22chver%22%3A%22117.0.5938.132%22%2C%22ffver%22%3A%22118.0.1%22%2C%22iever%22%3A%2211.00.19041.1%20%28WinBuild.160101.0800%29%22%7D&s=partprog&v=2.1.35&r=-1794028113&u=http://www.seznam.cz&h=B0B7C794-8699-4634-B6F9-24DA47BBD8EF&lsid=1727871011238&lses=1727871002951 HTTP/1.1Host: h.imedia.cz
Source: global traffic	HTTP traffic detected: GET /assets/js/landscape-poster-collection-2d9bcc1d.js HTTP/1.1Host: apps.microsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/service-worker.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; exp-session-id=b6d0ece2-29a7-4143-931c-d621648d7cb8; ai_user=gPFm7QcR2pV4O/zkZSC6dC\|2024-10-02T10:16:49.985Z; ai_session=KeivHP7d5TFls18euJ+R3i\|1727864209993\|1727864209993; _fbp=fb.1.1727864210794.836094937724409315; _clck=1x4xmda%7C2%7Cfpo%7C0%7C1736; _uetsid=70ac830080a711efa9fc9be06d42c5d1; _uetvid=70acc12080a711efa4bbe5908cfb5aee; _clsk=z8aa33%7C1727864211918%7C1%7C0%7Ct.clarity.ms%2Fcollect; MC1=GUID=40944b817c6f43219ea5caba422ead52&HASH=4094&LV=202410&V=4&LU=1727864214076; MS0=5d5a28dc628a46d8918acde28b77f98f
Source: global traffic	HTTP traffic detected: GET /assets/js/language-selector-dialog-b96e2be1.js HTTP/1.1Host: apps.microsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/service-worker.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; exp-session-id=b6d0ece2-29a7-4143-931c-d621648d7cb8; ai_user=gPFm7QcR2pV4O/zkZSC6dC\|2024-10-02T10:16:49.985Z; ai_session=KeivHP7d5TFls18euJ+R3i\|1727864209993\|1727864209993; _fbp=fb.1.1727864210794.836094937724409315; _clck=1x4xmda%7C2%7Cfpo%7C0%7C1736; _uetsid=70ac830080a711efa9fc9be06d42c5d1; _uetvid=70acc12080a711efa4bbe5908cfb5aee; _clsk=z8aa33%7C1727864211918%7C1%7C0%7Ct.clarity.ms%2Fcollect; MC1=GUID=40944b817c6f43219ea5caba422ead52&HASH=4094&LV=202410&V=4&LU=1727864214076; MS0=5d5a28dc628a46d8918acde28b77f98f
Source: global traffic	HTTP traffic detected: GET /assets/js/lottie-player.esm-e4b3d620.js HTTP/1.1Host: apps.microsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/service-worker.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; exp-session-id=b6d0ece2-29a7-4143-931c-d621648d7cb8; ai_user=gPFm7QcR2pV4O/zkZSC6dC\|2024-10-02T10:16:49.985Z; ai_session=KeivHP7d5TFls18euJ+R3i\|1727864209993\|1727864209993; _fbp=fb.1.1727864210794.836094937724409315; _clck=1x4xmda%7C2%7Cfpo%7C0%7C1736; _uetsid=70ac830080a711efa9fc9be06d42c5d1; _uetvid=70acc12080a711efa4bbe5908cfb5aee; _clsk=z8aa33%7C1727864211918%7C1%7C0%7Ct.clarity.ms%2Fcollect; MC1=GUID=40944b817c6f43219ea5caba422ead52&HASH=4094&LV=202410&V=4&LU=1727864214076; MS0=5d5a28dc628a46d8918acde28b77f98f
Source: global traffic	HTTP traffic detected: GET /assets/js/market-collection-service-133bf42f.js HTTP/1.1Host: apps.microsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/service-worker.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; exp-session-id=b6d0ece2-29a7-4143-931c-d621648d7cb8; ai_user=gPFm7QcR2pV4O/zkZSC6dC\|2024-10-02T10:16:49.985Z; ai_session=KeivHP7d5TFls18euJ+R3i\|1727864209993\|1727864209993; _fbp=fb.1.1727864210794.836094937724409315; _clck=1x4xmda%7C2%7Cfpo%7C0%7C1736; _uetsid=70ac830080a711efa9fc9be06d42c5d1; _uetvid=70acc12080a711efa4bbe5908cfb5aee; _clsk=z8aa33%7C1727864211918%7C1%7C0%7Ct.clarity.ms%2Fcollect; MC1=GUID=40944b817c6f43219ea5caba422ead52&HASH=4094&LV=202410&V=4&LU=1727864214076; MS0=5d5a28dc628a46d8918acde28b77f98f
Source: global traffic	HTTP traffic detected: GET /assets/js/movies-724e2e75.js HTTP/1.1Host: apps.microsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/service-worker.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; exp-session-id=b6d0ece2-29a7-4143-931c-d621648d7cb8; ai_user=gPFm7QcR2pV4O/zkZSC6dC\|2024-10-02T10:16:49.985Z; ai_session=KeivHP7d5TFls18euJ+R3i\|1727864209993\|1727864209993; _fbp=fb.1.1727864210794.836094937724409315; _clck=1x4xmda%7C2%7Cfpo%7C0%7C1736; _uetsid=70ac830080a711efa9fc9be06d42c5d1; _uetvid=70acc12080a711efa4bbe5908cfb5aee; _clsk=z8aa33%7C1727864211918%7C1%7C0%7Ct.clarity.ms%2Fcollect; MC1=GUID=40944b817c6f43219ea5caba422ead52&HASH=4094&LV=202410&V=4&LU=1727864214076; MS0=5d5a28dc628a46d8918acde28b77f98f
Source: global traffic	HTTP traffic detected: GET /assets/js/not-found-fa055e11.js HTTP/1.1Host: apps.microsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/service-worker.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; exp-session-id=b6d0ece2-29a7-4143-931c-d621648d7cb8; ai_user=gPFm7QcR2pV4O/zkZSC6dC\|2024-10-02T10:16:49.985Z; ai_session=KeivHP7d5TFls18euJ+R3i\|1727864209993\|1727864209993; _fbp=fb.1.1727864210794.836094937724409315; _clck=1x4xmda%7C2%7Cfpo%7C0%7C1736; _uetsid=70ac830080a711efa9fc9be06d42c5d1; _uetvid=70acc12080a711efa4bbe5908cfb5aee; _clsk=z8aa33%7C1727864211918%7C1%7C0%7Ct.clarity.ms%2Fcollect; MC1=GUID=40944b817c6f43219ea5caba422ead52&HASH=4094&LV=202410&V=4&LU=1727864214076; MS0=5d5a28dc628a46d8918acde28b77f98f
Source: global traffic	HTTP traffic detected: GET /assets/js/play-board-b1b7ae54.js HTTP/1.1Host: apps.microsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/service-worker.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; exp-session-id=b6d0ece2-29a7-4143-931c-d621648d7cb8; ai_user=gPFm7QcR2pV4O/zkZSC6dC\|2024-10-02T10:16:49.985Z; ai_session=KeivHP7d5TFls18euJ+R3i\|1727864209993\|1727864209993; _fbp=fb.1.1727864210794.836094937724409315; _clck=1x4xmda%7C2%7Cfpo%7C0%7C1736; _uetsid=70ac830080a711efa9fc9be06d42c5d1; _uetvid=70acc12080a711efa4bbe5908cfb5aee; _clsk=z8aa33%7C1727864211918%7C1%7C0%7Ct.clarity.ms%2Fcollect; MC1=GUID=40944b817c6f43219ea5caba422ead52&HASH=4094&LV=202410&V=4&LU=1727864214076; MS0=5d5a28dc628a46d8918acde28b77f98f
Source: global traffic	HTTP traffic detected: GET /hit/?a=event&d=%7B%22action%22%3A%22startup%22%2C%22application%22%3A%22szndesktop%22%2C%22signedhash%22%3A%220%22%2C%22chrv%22%3A56%2C%22che%22%3A48%2C%22chs%22%3A16%2C%22ches%22%3A16%2C%22ie%22%3A1%2C%22osbuild%22%3A19045%2C%22osarch%22%3A9%2C%22chver%22%3A%22117.0.5938.132%22%2C%22ffver%22%3A%22118.0.1%22%2C%22iever%22%3A%2211.00.19041.1%20%28WinBuild.160101.0800%29%22%7D&s=partprog&v=2.1.35&r=256494956&u=http://www.seznam.cz&h=B0B7C794-8699-4634-B6F9-24DA47BBD8EF&lsid=1727871017325&lses=1727871011238 HTTP/1.1Host: h.imedia.cz
Source: global traffic	HTTP traffic detected: GET /assets/js/play-board-tester-46874b9b.js HTTP/1.1Host: apps.microsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/service-worker.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; exp-session-id=b6d0ece2-29a7-4143-931c-d621648d7cb8; ai_user=gPFm7QcR2pV4O/zkZSC6dC\|2024-10-02T10:16:49.985Z; ai_session=KeivHP7d5TFls18euJ+R3i\|1727864209993\|1727864209993; _fbp=fb.1.1727864210794.836094937724409315; _clck=1x4xmda%7C2%7Cfpo%7C0%7C1736; _uetsid=70ac830080a711efa9fc9be06d42c5d1; _uetvid=70acc12080a711efa4bbe5908cfb5aee; _clsk=z8aa33%7C1727864211918%7C1%7C0%7Ct.clarity.ms%2Fcollect; MC1=GUID=40944b817c6f43219ea5caba422ead52&HASH=4094&LV=202410&V=4&LU=1727864214076; MS0=5d5a28dc628a46d8918acde28b77f98f
Source: global traffic	HTTP traffic detected: GET /assets/js/product-collection-renderer-92dc7aad.js HTTP/1.1Host: apps.microsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/service-worker.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; exp-session-id=b6d0ece2-29a7-4143-931c-d621648d7cb8; ai_user=gPFm7QcR2pV4O/zkZSC6dC\|2024-10-02T10:16:49.985Z; ai_session=KeivHP7d5TFls18euJ+R3i\|1727864209993\|1727864209993; _fbp=fb.1.1727864210794.836094937724409315; _clck=1x4xmda%7C2%7Cfpo%7C0%7C1736; _uetsid=70ac830080a711efa9fc9be06d42c5d1; _uetvid=70acc12080a711efa4bbe5908cfb5aee; _clsk=z8aa33%7C1727864211918%7C1%7C0%7Ct.clarity.ms%2Fcollect; MC1=GUID=40944b817c6f43219ea5caba422ead52&HASH=4094&LV=202410&V=4&LU=1727864214076; MS0=5d5a28dc628a46d8918acde28b77f98f
Source: global traffic	HTTP traffic detected: GET /assets/js/product-details-e165fa07.js HTTP/1.1Host: apps.microsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/service-worker.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; exp-session-id=b6d0ece2-29a7-4143-931c-d621648d7cb8; ai_user=gPFm7QcR2pV4O/zkZSC6dC\|2024-10-02T10:16:49.985Z; ai_session=KeivHP7d5TFls18euJ+R3i\|1727864209993\|1727864209993; _fbp=fb.1.1727864210794.836094937724409315; _clck=1x4xmda%7C2%7Cfpo%7C0%7C1736; _uetsid=70ac830080a711efa9fc9be06d42c5d1; _uetvid=70acc12080a711efa4bbe5908cfb5aee; _clsk=z8aa33%7C1727864211918%7C1%7C0%7Ct.clarity.ms%2Fcollect; MC1=GUID=40944b817c6f43219ea5caba422ead52&HASH=4094&LV=202410&V=4&LU=1727864214076; MS0=5d5a28dc628a46d8918acde28b77f98f
Source: global traffic	HTTP traffic detected: GET /assets/js/product-review-1e817684.js HTTP/1.1Host: apps.microsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/service-worker.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; exp-session-id=b6d0ece2-29a7-4143-931c-d621648d7cb8; ai_user=gPFm7QcR2pV4O/zkZSC6dC\|2024-10-02T10:16:49.985Z; ai_session=KeivHP7d5TFls18euJ+R3i\|1727864209993\|1727864209993; _fbp=fb.1.1727864210794.836094937724409315; _clck=1x4xmda%7C2%7Cfpo%7C0%7C1736; _uetsid=70ac830080a711efa9fc9be06d42c5d1; _uetvid=70acc12080a711efa4bbe5908cfb5aee; _clsk=z8aa33%7C1727864211918%7C1%7C0%7Ct.clarity.ms%2Fcollect; MC1=GUID=40944b817c6f43219ea5caba422ead52&HASH=4094&LV=202410&V=4&LU=1727864214076; MS0=5d5a28dc628a46d8918acde28b77f98f
Source: global traffic	HTTP traffic detected: GET /assets/js/promo-panel-544f890b.js HTTP/1.1Host: apps.microsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/service-worker.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; exp-session-id=b6d0ece2-29a7-4143-931c-d621648d7cb8; ai_user=gPFm7QcR2pV4O/zkZSC6dC\|2024-10-02T10:16:49.985Z; ai_session=KeivHP7d5TFls18euJ+R3i\|1727864209993\|1727864209993; _fbp=fb.1.1727864210794.836094937724409315; _clck=1x4xmda%7C2%7Cfpo%7C0%7C1736; _uetsid=70ac830080a711efa9fc9be06d42c5d1; _uetvid=70acc12080a711efa4bbe5908cfb5aee; _clsk=z8aa33%7C1727864211918%7C1%7C0%7Ct.clarity.ms%2Fcollect; MC1=GUID=40944b817c6f43219ea5caba422ead52&HASH=4094&LV=202410&V=4&LU=1727864214076; MS0=5d5a28dc628a46d8918acde28b77f98f
Source: global traffic	HTTP traffic detected: GET /assets/js/ratings-reviews-list-5a17d118.js HTTP/1.1Host: apps.microsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/service-worker.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; exp-session-id=b6d0ece2-29a7-4143-931c-d621648d7cb8; ai_user=gPFm7QcR2pV4O/zkZSC6dC\|2024-10-02T10:16:49.985Z; ai_session=KeivHP7d5TFls18euJ+R3i\|1727864209993\|1727864209993; _fbp=fb.1.1727864210794.836094937724409315; _clck=1x4xmda%7C2%7Cfpo%7C0%7C1736; _uetsid=70ac830080a711efa9fc9be06d42c5d1; _uetvid=70acc12080a711efa4bbe5908cfb5aee; _clsk=z8aa33%7C1727864211918%7C1%7C0%7Ct.clarity.ms%2Fcollect; MC1=GUID=40944b817c6f43219ea5caba422ead52&HASH=4094&LV=202410&V=4&LU=1727864214076; MS0=5d5a28dc628a46d8918acde28b77f98f
Source: global traffic	HTTP traffic detected: GET /assets/js/ratings-reviews-summary-abe56846.js HTTP/1.1Host: apps.microsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/service-worker.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; exp-session-id=b6d0ece2-29a7-4143-931c-d621648d7cb8; ai_user=gPFm7QcR2pV4O/zkZSC6dC\|2024-10-02T10:16:49.985Z; ai_session=KeivHP7d5TFls18euJ+R3i\|1727864209993\|1727864209993; _fbp=fb.1.1727864210794.836094937724409315; _clck=1x4xmda%7C2%7Cfpo%7C0%7C1736; _uetsid=70ac830080a711efa9fc9be06d42c5d1; _uetvid=70acc12080a711efa4bbe5908cfb5aee; _clsk=z8aa33%7C1727864211918%7C1%7C0%7Ct.clarity.ms%2Fcollect; MC1=GUID=40944b817c6f43219ea5caba422ead52&HASH=4094&LV=202410&V=4&LU=1727864214076; MS0=5d5a28dc628a46d8918acde28b77f98f
Source: global traffic	HTTP traffic detected: GET /assets/js/related-products-76acf8ee.js HTTP/1.1Host: apps.microsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/service-worker.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; exp-session-id=b6d0ece2-29a7-4143-931c-d621648d7cb8; ai_user=gPFm7QcR2pV4O/zkZSC6dC\|2024-10-02T10:16:49.985Z; ai_session=KeivHP7d5TFls18euJ+R3i\|1727864209993\|1727864209993; _fbp=fb.1.1727864210794.836094937724409315; _clck=1x4xmda%7C2%7Cfpo%7C0%7C1736; _uetsid=70ac830080a711efa9fc9be06d42c5d1; _uetvid=70acc12080a711efa4bbe5908cfb5aee; _clsk=z8aa33%7C1727864211918%7C1%7C0%7Ct.clarity.ms%2Fcollect; MC1=GUID=40944b817c6f43219ea5caba422ead52&HASH=4094&LV=202410&V=4&LU=1727864214076; MS0=5d5a28dc628a46d8918acde28b77f98f
Source: global traffic	HTTP traffic detected: GET /assets/js/report-dialog-8539c0d0.js HTTP/1.1Host: apps.microsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/service-worker.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; exp-session-id=b6d0ece2-29a7-4143-931c-d621648d7cb8; ai_user=gPFm7QcR2pV4O/zkZSC6dC\|2024-10-02T10:16:49.985Z; ai_session=KeivHP7d5TFls18euJ+R3i\|1727864209993\|1727864209993; _fbp=fb.1.1727864210794.836094937724409315; _clck=1x4xmda%7C2%7Cfpo%7C0%7C1736; _uetsid=70ac830080a711efa9fc9be06d42c5d1; _uetvid=70acc12080a711efa4bbe5908cfb5aee; _clsk=z8aa33%7C1727864211918%7C1%7C0%7Ct.clarity.ms%2Fcollect; MC1=GUID=40944b817c6f43219ea5caba422ead52&HASH=4094&LV=202410&V=4&LU=1727864214076; MS0=5d5a28dc628a46d8918acde28b77f98f
Source: global traffic	HTTP traffic detected: GET /assets/js/search-results-9f1dba5f.js HTTP/1.1Host: apps.microsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/service-worker.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; exp-session-id=b6d0ece2-29a7-4143-931c-d621648d7cb8; ai_user=gPFm7QcR2pV4O/zkZSC6dC\|2024-10-02T10:16:49.985Z; ai_session=KeivHP7d5TFls18euJ+R3i\|1727864209993\|1727864209993; _fbp=fb.1.1727864210794.836094937724409315; _clck=1x4xmda%7C2%7Cfpo%7C0%7C1736; _uetsid=70ac830080a711efa9fc9be06d42c5d1; _uetvid=70acc12080a711efa4bbe5908cfb5aee; _clsk=z8aa33%7C1727864211918%7C1%7C0%7Ct.clarity.ms%2Fcollect; MC1=GUID=40944b817c6f43219ea5caba422ead52&HASH=4094&LV=202410&V=4&LU=1727864214076; MS0=5d5a28dc628a46d8918acde28b77f98f
Source: global traffic	HTTP traffic detected: GET /assets/js/search-results-publisher-07f4a6c3.js HTTP/1.1Host: apps.microsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/service-worker.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; exp-session-id=b6d0ece2-29a7-4143-931c-d621648d7cb8; ai_user=gPFm7QcR2pV4O/zkZSC6dC\|2024-10-02T10:16:49.985Z; ai_session=KeivHP7d5TFls18euJ+R3i\|1727864209993\|1727864209993; _fbp=fb.1.1727864210794.836094937724409315; _clck=1x4xmda%7C2%7Cfpo%7C0%7C1736; _uetsid=70ac830080a711efa9fc9be06d42c5d1; _uetvid=70acc12080a711efa4bbe5908cfb5aee; _clsk=z8aa33%7C1727864211918%7C1%7C0%7Ct.clarity.ms%2Fcollect; MC1=GUID=40944b817c6f43219ea5caba422ead52&HASH=4094&LV=202410&V=4&LU=1727864214076; MS0=5d5a28dc628a46d8918acde28b77f98f
Source: global traffic	HTTP traffic detected: GET /assets/js/spacing.styles-7155d2ad.js HTTP/1.1Host: apps.microsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/service-worker.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; exp-session-id=b6d0ece2-29a7-4143-931c-d621648d7cb8; ai_user=gPFm7QcR2pV4O/zkZSC6dC\|2024-10-02T10:16:49.985Z; ai_session=KeivHP7d5TFls18euJ+R3i\|1727864209993\|1727864209993; _fbp=fb.1.1727864210794.836094937724409315; _clck=1x4xmda%7C2%7Cfpo%7C0%7C1736; _uetsid=70ac830080a711efa9fc9be06d42c5d1; _uetvid=70acc12080a711efa4bbe5908cfb5aee; _clsk=z8aa33%7C1727864211918%7C1%7C0%7Ct.clarity.ms%2Fcollect; MC1=GUID=40944b817c6f43219ea5caba422ead52&HASH=4094&LV=202410&V=4&LU=1727864214076; MS0=5d5a28dc628a46d8918acde28b77f98f
Source: global traffic	HTTP traffic detected: GET /assets/js/spotlight-card-d6cf8e19.js HTTP/1.1Host: apps.microsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/service-worker.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; exp-session-id=b6d0ece2-29a7-4143-931c-d621648d7cb8; ai_user=gPFm7QcR2pV4O/zkZSC6dC\|2024-10-02T10:16:49.985Z; ai_session=KeivHP7d5TFls18euJ+R3i\|1727864209993\|1727864209993; _fbp=fb.1.1727864210794.836094937724409315; _clck=1x4xmda%7C2%7Cfpo%7C0%7C1736; _uetsid=70ac830080a711efa9fc9be06d42c5d1; _uetvid=70acc12080a711efa4bbe5908cfb5aee; _clsk=z8aa33%7C1727864211918%7C1%7C0%7Ct.clarity.ms%2Fcollect; MC1=GUID=40944b817c6f43219ea5caba422ead52&HASH=4094&LV=202410&V=4&LU=1727864214076; MS0=5d5a28dc628a46d8918acde28b77f98f
Source: global traffic	HTTP traffic detected: GET /assets/js/spotlight-control-43a365a0.js HTTP/1.1Host: apps.microsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/service-worker.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; exp-session-id=b6d0ece2-29a7-4143-931c-d621648d7cb8; ai_user=gPFm7QcR2pV4O/zkZSC6dC\|2024-10-02T10:16:49.985Z; ai_session=KeivHP7d5TFls18euJ+R3i\|1727864209993\|1727864209993; _fbp=fb.1.1727864210794.836094937724409315; _clck=1x4xmda%7C2%7Cfpo%7C0%7C1736; _uetsid=70ac830080a711efa9fc9be06d42c5d1; _uetvid=70acc12080a711efa4bbe5908cfb5aee; _clsk=z8aa33%7C1727864211918%7C1%7C0%7Ct.clarity.ms%2Fcollect; MC1=GUID=40944b817c6f43219ea5caba422ead52&HASH=4094&LV=202410&V=4&LU=1727864214076; MS0=5d5a28dc628a46d8918acde28b77f98f
Source: global traffic	HTTP traffic detected: GET /assets/js/subscript-199a50ce.js HTTP/1.1Host: apps.microsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/service-worker.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; exp-session-id=b6d0ece2-29a7-4143-931c-d621648d7cb8; ai_user=gPFm7QcR2pV4O/zkZSC6dC\|2024-10-02T10:16:49.985Z; ai_session=KeivHP7d5TFls18euJ+R3i\|1727864209993\|1727864209993; _fbp=fb.1.1727864210794.836094937724409315; _clck=1x4xmda%7C2%7Cfpo%7C0%7C1736; _uetsid=70ac830080a711efa9fc9be06d42c5d1; _uetvid=70acc12080a711efa4bbe5908cfb5aee; _clsk=z8aa33%7C1727864211918%7C1%7C0%7Ct.clarity.ms%2Fcollect; MC1=GUID=40944b817c6f43219ea5caba422ead52&HASH=4094&LV=202410&V=4&LU=1727864214076; MS0=5d5a28dc628a46d8918acde28b77f98f
Source: global traffic	HTTP traffic detected: GET /assets/js/system-requirements-7f350381.js HTTP/1.1Host: apps.microsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/service-worker.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; exp-session-id=b6d0ece2-29a7-4143-931c-d621648d7cb8; ai_user=gPFm7QcR2pV4O/zkZSC6dC\|2024-10-02T10:16:49.985Z; ai_session=KeivHP7d5TFls18euJ+R3i\|1727864209993\|1727864209993; _fbp=fb.1.1727864210794.836094937724409315; _clck=1x4xmda%7C2%7Cfpo%7C0%7C1736; _uetsid=70ac830080a711efa9fc9be06d42c5d1; _uetvid=70acc12080a711efa4bbe5908cfb5aee; _clsk=z8aa33%7C1727864211918%7C1%7C0%7Ct.clarity.ms%2Fcollect; MC1=GUID=40944b817c6f43219ea5caba422ead52&HASH=4094&LV=202410&V=4&LU=1727864214076; MS0=5d5a28dc628a46d8918acde28b77f98f
Source: global traffic	HTTP traffic detected: GET /assets/js/tencent-4e399fb0.js HTTP/1.1Host: apps.microsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/service-worker.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; exp-session-id=b6d0ece2-29a7-4143-931c-d621648d7cb8; ai_user=gPFm7QcR2pV4O/zkZSC6dC\|2024-10-02T10:16:49.985Z; ai_session=KeivHP7d5TFls18euJ+R3i\|1727864209993\|1727864209993; _fbp=fb.1.1727864210794.836094937724409315; _clck=1x4xmda%7C2%7Cfpo%7C0%7C1736; _uetsid=70ac830080a711efa9fc9be06d42c5d1; _uetvid=70acc12080a711efa4bbe5908cfb5aee; _clsk=z8aa33%7C1727864211918%7C1%7C0%7Ct.clarity.ms%2Fcollect; MC1=GUID=40944b817c6f43219ea5caba422ead52&HASH=4094&LV=202410&V=4&LU=1727864214076; MS0=5d5a28dc628a46d8918acde28b77f98f
Source: global traffic	HTTP traffic detected: GET /assets/js/trending-collection-dc56edd4.js HTTP/1.1Host: apps.microsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/service-worker.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; exp-session-id=b6d0ece2-29a7-4143-931c-d621648d7cb8; ai_user=gPFm7QcR2pV4O/zkZSC6dC\|2024-10-02T10:16:49.985Z; ai_session=KeivHP7d5TFls18euJ+R3i\|1727864209993\|1727864209993; _fbp=fb.1.1727864210794.836094937724409315; _clck=1x4xmda%7C2%7Cfpo%7C0%7C1736; _uetsid=70ac830080a711efa9fc9be06d42c5d1; _uetvid=70acc12080a711efa4bbe5908cfb5aee; _clsk=z8aa33%7C1727864211918%7C1%7C0%7Ct.clarity.ms%2Fcollect; MC1=GUID=40944b817c6f43219ea5caba422ead52&HASH=4094&LV=202410&V=4&LU=1727864214076; MS0=5d5a28dc628a46d8918acde28b77f98f
Source: global traffic	HTTP traffic detected: GET /assets/js/video-player-aab5351f.js HTTP/1.1Host: apps.microsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/service-worker.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; exp-session-id=b6d0ece2-29a7-4143-931c-d621648d7cb8; ai_user=gPFm7QcR2pV4O/zkZSC6dC\|2024-10-02T10:16:49.985Z; ai_session=KeivHP7d5TFls18euJ+R3i\|1727864209993\|1727864209993; _fbp=fb.1.1727864210794.836094937724409315; _clck=1x4xmda%7C2%7Cfpo%7C0%7C1736; _uetsid=70ac830080a711efa9fc9be06d42c5d1; _uetvid=70acc12080a711efa4bbe5908cfb5aee; _clsk=z8aa33%7C1727864211918%7C1%7C0%7Ct.clarity.ms%2Fcollect; MC1=GUID=40944b817c6f43219ea5caba422ead52&HASH=4094&LV=202410&V=4&LU=1727864214076; MS0=5d5a28dc628a46d8918acde28b77f98f
Source: global traffic	HTTP traffic detected: GET /assets/js/visual-info-panel-112e17cc.js HTTP/1.1Host: apps.microsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/service-worker.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; exp-session-id=b6d0ece2-29a7-4143-931c-d621648d7cb8; ai_user=gPFm7QcR2pV4O/zkZSC6dC\|2024-10-02T10:16:49.985Z; ai_session=KeivHP7d5TFls18euJ+R3i\|1727864209993\|1727864209993; _fbp=fb.1.1727864210794.836094937724409315; _clck=1x4xmda%7C2%7Cfpo%7C0%7C1736; _uetsid=70ac830080a711efa9fc9be06d42c5d1; _uetvid=70acc12080a711efa4bbe5908cfb5aee; _clsk=z8aa33%7C1727864211918%7C1%7C0%7Ct.clarity.ms%2Fcollect; MC1=GUID=40944b817c6f43219ea5caba422ead52&HASH=4094&LV=202410&V=4&LU=1727864214076; MS0=5d5a28dc628a46d8918acde28b77f98f
Source: global traffic	HTTP traffic detected: GET /assets/js/wide-info-card-9b21aa9e.js HTTP/1.1Host: apps.microsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/service-worker.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; exp-session-id=b6d0ece2-29a7-4143-931c-d621648d7cb8; ai_user=gPFm7QcR2pV4O/zkZSC6dC\|2024-10-02T10:16:49.985Z; ai_session=KeivHP7d5TFls18euJ+R3i\|1727864209993\|1727864209993; _fbp=fb.1.1727864210794.836094937724409315; _clck=1x4xmda%7C2%7Cfpo%7C0%7C1736; _uetsid=70ac830080a711efa9fc9be06d42c5d1; _uetvid=70acc12080a711efa4bbe5908cfb5aee; _clsk=z8aa33%7C1727864211918%7C1%7C0%7Ct.clarity.ms%2Fcollect; MC1=GUID=40944b817c6f43219ea5caba422ead52&HASH=4094&LV=202410&V=4&LU=1727864214076; MS0=5d5a28dc628a46d8918acde28b77f98f
Source: global traffic	HTTP traffic detected: GET /baidu_verify_codeva-7XwzFsIV37.html HTTP/1.1Host: apps.microsoft.comConnection: keep-alivePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/service-worker.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; exp-session-id=b6d0ece2-29a7-4143-931c-d621648d7cb8; ai_user=gPFm7QcR2pV4O/zkZSC6dC\|2024-10-02T10:16:49.985Z; ai_session=KeivHP7d5TFls18euJ+R3i\|1727864209993\|1727864209993; _fbp=fb.1.1727864210794.836094937724409315; _clck=1x4xmda%7C2%7Cfpo%7C0%7C1736; _uetsid=70ac830080a711efa9fc9be06d42c5d1; _uetvid=70acc12080a711efa4bbe5908cfb5aee; _clsk=z8aa33%7C1727864211918%7C1%7C0%7Ct.clarity.ms%2Fcollect; MC1=GUID=40944b817c6f43219ea5caba422ead52&HASH=4094&LV=202410&V=4&LU=1727864214076; MS0=5d5a28dc628a46d8918acde28b77f98f
Source: global traffic	HTTP traffic detected: GET /bing-bat.js HTTP/1.1Host: apps.microsoft.comConnection: keep-alivePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/service-worker.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; exp-session-id=b6d0ece2-29a7-4143-931c-d621648d7cb8; ai_user=gPFm7QcR2pV4O/zkZSC6dC\|2024-10-02T10:16:49.985Z; ai_session=KeivHP7d5TFls18euJ+R3i\|1727864209993\|1727864209993; _fbp=fb.1.1727864210794.836094937724409315; _clck=1x4xmda%7C2%7Cfpo%7C0%7C1736; _uetsid=70ac830080a711efa9fc9be06d42c5d1; _uetvid=70acc12080a711efa4bbe5908cfb5aee; _clsk=z8aa33%7C1727864211918%7C1%7C0%7Ct.clarity.ms%2Fcollect; MC1=GUID=40944b817c6f43219ea5caba422ead52&HASH=4094&LV=202410&V=4&LU=1727864214076; MS0=5d5a28dc628a46d8918acde28b77f98f
Source: global traffic	HTTP traffic detected: GET /crx/blobs/AY4GWKDQIk_LzFaPKkVeG5kjrY2DSnx9vAOISkAQOoUiB7UAr3ctR1HE3o70iDC7T1ZWF5lMEcB1tpSB3Nz2v6hUR5ioHSyOWNrjqmubSP1Sq4lVK1emAMZSmuV73iDI0_0bj6Ca_uMOmBP187AlKQ/OLFEABKOENFAOLJNDFECAMGILLLCPIAK_6_0_11_0.crx HTTP/1.1Host: clients2.googleusercontent.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /clarity.js HTTP/1.1Host: apps.microsoft.comConnection: keep-alivePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/service-worker.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; exp-session-id=b6d0ece2-29a7-4143-931c-d621648d7cb8; ai_user=gPFm7QcR2pV4O/zkZSC6dC\|2024-10-02T10:16:49.985Z; ai_session=KeivHP7d5TFls18euJ+R3i\|1727864209993\|1727864209993; _fbp=fb.1.1727864210794.836094937724409315; _clck=1x4xmda%7C2%7Cfpo%7C0%7C1736; _uetsid=70ac830080a711efa9fc9be06d42c5d1; _uetvid=70acc12080a711efa4bbe5908cfb5aee; _clsk=z8aa33%7C1727864211918%7C1%7C0%7Ct.clarity.ms%2Fcollect; MC1=GUID=40944b817c6f43219ea5caba422ead52&HASH=4094&LV=202410&V=4&LU=1727864214076; MS0=5d5a28dc628a46d8918acde28b77f98f
Source: global traffic	HTTP traffic detected: GET /color-worker.js HTTP/1.1Host: apps.microsoft.comConnection: keep-alivePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/service-worker.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; exp-session-id=b6d0ece2-29a7-4143-931c-d621648d7cb8; ai_user=gPFm7QcR2pV4O/zkZSC6dC\|2024-10-02T10:16:49.985Z; ai_session=KeivHP7d5TFls18euJ+R3i\|1727864209993\|1727864209993; _fbp=fb.1.1727864210794.836094937724409315; _clck=1x4xmda%7C2%7Cfpo%7C0%7C1736; _uetsid=70ac830080a711efa9fc9be06d42c5d1; _uetvid=70acc12080a711efa4bbe5908cfb5aee; _clsk=z8aa33%7C1727864211918%7C1%7C0%7Ct.clarity.ms%2Fcollect; MC1=GUID=40944b817c6f43219ea5caba422ead52&HASH=4094&LV=202410&V=4&LU=1727864214076; MS0=5d5a28dc628a46d8918acde28b77f98f
Source: global traffic	HTTP traffic detected: GET /webstore/inlineinstall/detail/olfeabkoenfaoljndfecamgilllcpiak HTTP/1.1Host: chrome.google.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /offline.html HTTP/1.1Host: apps.microsoft.comConnection: keep-alivePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/service-worker.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; exp-session-id=b6d0ece2-29a7-4143-931c-d621648d7cb8; ai_user=gPFm7QcR2pV4O/zkZSC6dC\|2024-10-02T10:16:49.985Z; ai_session=KeivHP7d5TFls18euJ+R3i\|1727864209993\|1727864209993; _fbp=fb.1.1727864210794.836094937724409315; _clck=1x4xmda%7C2%7Cfpo%7C0%7C1736; _uetsid=70ac830080a711efa9fc9be06d42c5d1; _uetvid=70acc12080a711efa4bbe5908cfb5aee; _clsk=z8aa33%7C1727864211918%7C1%7C0%7Ct.clarity.ms%2Fcollect; MC1=GUID=40944b817c6f43219ea5caba422ead52&HASH=4094&LV=202410&V=4&LU=1727864214076; MS0=5d5a28dc628a46d8918acde28b77f98f
Source: global traffic	HTTP traffic detected: GET /shoelace-dark-2.15.1.css HTTP/1.1Host: apps.microsoft.comConnection: keep-alivePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/service-worker.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; exp-session-id=b6d0ece2-29a7-4143-931c-d621648d7cb8; ai_user=gPFm7QcR2pV4O/zkZSC6dC\|2024-10-02T10:16:49.985Z; ai_session=KeivHP7d5TFls18euJ+R3i\|1727864209993\|1727864209993; _fbp=fb.1.1727864210794.836094937724409315; _clck=1x4xmda%7C2%7Cfpo%7C0%7C1736; _uetsid=70ac830080a711efa9fc9be06d42c5d1; _uetvid=70acc12080a711efa4bbe5908cfb5aee; _clsk=z8aa33%7C1727864211918%7C1%7C0%7Ct.clarity.ms%2Fcollect; MC1=GUID=40944b817c6f43219ea5caba422ead52&HASH=4094&LV=202410&V=4&LU=1727864214076; MS0=5d5a28dc628a46d8918acde28b77f98f
Source: global traffic	HTTP traffic detected: GET /phishinglist/list/v2 HTTP/1.1Host: software.seznam.czConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Origin: chrome-extension://olfeabkoenfaoljndfecamgilllcpiakSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shoelace-light-2.15.1.css HTTP/1.1Host: apps.microsoft.comConnection: keep-alivePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/service-worker.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; exp-session-id=b6d0ece2-29a7-4143-931c-d621648d7cb8; ai_user=gPFm7QcR2pV4O/zkZSC6dC\|2024-10-02T10:16:49.985Z; ai_session=KeivHP7d5TFls18euJ+R3i\|1727864209993\|1727864209993; _fbp=fb.1.1727864210794.836094937724409315; _clck=1x4xmda%7C2%7Cfpo%7C0%7C1736; _uetsid=70ac830080a711efa9fc9be06d42c5d1; _uetvid=70acc12080a711efa4bbe5908cfb5aee; _clsk=z8aa33%7C1727864211918%7C1%7C0%7Ct.clarity.ms%2Fcollect; MC1=GUID=40944b817c6f43219ea5caba422ead52&HASH=4094&LV=202410&V=4&LU=1727864214076; MS0=5d5a28dc628a46d8918acde28b77f98f
Source: global traffic	HTTP traffic detected: GET /vite-index.html HTTP/1.1Host: apps.microsoft.comConnection: keep-alivePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/service-worker.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; exp-session-id=b6d0ece2-29a7-4143-931c-d621648d7cb8; ai_user=gPFm7QcR2pV4O/zkZSC6dC\|2024-10-02T10:16:49.985Z; ai_session=KeivHP7d5TFls18euJ+R3i\|1727864209993\|1727864209993; _fbp=fb.1.1727864210794.836094937724409315; _clck=1x4xmda%7C2%7Cfpo%7C0%7C1736; _uetsid=70ac830080a711efa9fc9be06d42c5d1; _uetvid=70acc12080a711efa4bbe5908cfb5aee; _clsk=z8aa33%7C1727864211918%7C1%7C0%7Ct.clarity.ms%2Fcollect; MC1=GUID=40944b817c6f43219ea5caba422ead52&HASH=4094&LV=202410&V=4&LU=1727864214076; MS0=5d5a28dc628a46d8918acde28b77f98f
Source: global traffic	HTTP traffic detected: GET /phishinglist/list/v2 HTTP/1.1Host: software.seznam.czConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Origin: chrome-extension://olfeabkoenfaoljndfecamgilllcpiakSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9If-None-Match: "0d3d9b65b89032e8640ff38a07a98de029eb2e9846c242e1ee11ffb96f927d03"
Source: global traffic	HTTP traffic detected: GET /crx/blobs/AY4GWKA7rRcfuiuOTi8MMh_yoPCiNMHFVQA6NVDkcJ6zsobnt4zWcbRwYlrOwIINIn3dxpNWaiKHNeuobj12XqBwh5d8WNR7RnSviL81nMFK9aE9MaMvmUFs3QvljNfFE-4AxlKa5T2E6wPqA8HFDB89XXj_lJRRoGXW/BGJPFHPJCGDPPJBGNPNJLLOKBMCDLLIG_6_1_11_0.crx HTTP/1.1Host: clients2.googleusercontent.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /webstore/inlineinstall/detail/bgjpfhpjcgdppjbgnpnjllokbmcdllig HTTP/1.1Host: chrome.google.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /gphotos?action=install&hl=en&gl=ch&brand=GGLA&scrid=AD0E3D47-9B39-483F-83C6-9B8C783457F6&v=(null) HTTP/1.1Accept: /Accept-Encoding: gzipUser-Agent: Google Photos Screensaver 2.0 (gzip)Host: pack.google.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /update/packages.inf HTTP/1.1Host: download.seznam.cz
Source: global traffic	HTTP traffic detected: GET /update/cz.seznam.software.sznsetup-1.2.7-win32.zip HTTP/1.1Host: download.seznam.cz
Source: global traffic	HTTP traffic detected: GET /update/cz.seznam.software.szninstall-1.1.15-win32.zip HTTP/1.1Host: download.seznam.cz
Source: global traffic	HTTP traffic detected: GET /feeds/posts/default HTTP/1.1Accept: /Accept-Encoding: gzipUser-Agent: Picasa/3.9.141.255 (gzip)Host: picasa-readme.blogspot.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /support/bin/answer.py?hl=en&answer=93773 HTTP/1.1Accept: text/html, application/xhtml+xml, image/jxr, /Accept-Language: en-CHUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: picasa.google.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /update/packages.inf HTTP/1.1Host: download.seznam.cz
Source: global traffic	HTTP traffic detected: GET /update/cz.seznam.software.lightspeed-1210-12.10.18-win32.zip HTTP/1.1Host: download.seznam.cz
Source: global traffic	HTTP traffic detected: GET /update/cz.seznam.software.libszndesktop-2.1.35-win32.zip HTTP/1.1Host: download.seznam.cz
Source: global traffic	HTTP traffic detected: GET /update/cz.seznam.software.szndesktop-2.0.32-win32.zip HTTP/1.1Host: download.seznam.cz
Source: global traffic	HTTP traffic detected: GET /update/cz.seznam.software.libfoxcub-3.3.8-win32.zip HTTP/1.1Host: download.seznam.cz
Source: global traffic	HTTP traffic detected: GET /update/cz.seznam.software.libfoxcub64-3.3.8-win32.zip HTTP/1.1Host: download.seznam.cz
Source: global traffic	HTTP traffic detected: GET /update/cz.seznam.software.ielisticka3-3.3.5-win32.zip HTTP/1.1Host: download.seznam.cz
Source: global traffic	HTTP traffic detected: GET /update/szn-software-fflisticka-4.0.8-win32.zip HTTP/1.1Host: download.seznam.cz

Source: Picasa3.exe, 00000014.00000002.2593399186.0000000007223000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Minor bugfixes to the text tool, web sync, and virtual albums</span></span></div><div><br /></div></span></span></div><div><br /></div></content><link rel='edit' type='application/atom+xml' href='http://www.blogger.com/feeds/1456569655786168306/posts/default/3576455443803502313'/><link rel='self' type='application/atom+xml' href='http://www.blogger.com/feeds/1456569655786168306/posts/default/3576455443803502313'/><link rel='alternate' type='text/html' href='http://picasa-readme.blogspot.com/2008/10/picasa-30-out-of-beta-build-xxxx.html' title='Picasa 3.0 (out of beta!) -- Build 57.53'/><author><name>Picasa Team</name><uri>http://www.blogger.com/profile/00823187511285450623</uri><email>noreply@blogger.com</email><gd:image rel='http://schemas.google.com/g/2005#thumbnail' width='16' height='16' src='https://img1.blogblog.com/img/b16-rounded.gif'/></author></entry><entry><id>tag:blogger.com,1999:blog-1456569655786168306.post-6597548198970830433</id><published>2008-09-30T16:40:00.000-07:00</published><updated>2008-09-30T16:43:01.938-07:00</updated><category scheme="http://www.blogger.com/atom/ns#" term="autoupdate"/><title type='text'>Build 57.24</title><content type='html'><span style="font-style: italic;">Automatic update for Picasa 3 beta testers.</span><br /><br />Changes in this release are:<br /><ul><li>Bug fixes.</li><li>Updated RAW support for more cameras including: Canon 1000D and the Powershot A720, Nikon D700, and Olympus E-520.<br /></li><li>Increased YouTube file size upload limit to 1GB.<br /></li></ul>Visit our <a href="http://groups.google.com/group/picasa">Google Group</a> to give us feedback, and discuss Picasa with other users.</content><link rel='edit' type='application/atom+xml' href='http://www.blogger.com/feeds/1456569655786168306/posts/default/6597548198970830433'/><link rel='self' type='application/atom+xml' href='http://www.blogger.com/feeds/1456569655786168306/posts/default/6597548198970830433'/><link rel='alternate' type='text/html' href='http://picasa-readme.blogspot.com/2008/09/build-5724.html' title='Build 57.24'/><author><name>Picasa Team</name><uri>http://www.blogger.com/profile/00823187511285450623</uri><email>noreply@blogger.com</email><gd:image rel='http://schemas.google.com/g/2005#thumbnail' width='16' height='16' src='https://img1.blogblog.com/img/b16-rounded.gif'/></author></entry><entry><id>tag:blogger.com,1999:blog-1456569655786168306.post-1237605142260003533</id><published>2008-09-02T12:00:00.000-07:00</published><updated>2008-10-29T16:15:59.995-07:00</updated><title type='text'>Picasa 3.0 (beta) -- Build 57.19</title><content type='html'><span class="Apple-style-span" style="font-style: italic;">Initial public beta release of Picasa 3.0. equals www.youtube.com (Youtube)
Source: Picasa3.exe, 00000014.00000002.2593399186.0000000007223000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: </content><link rel='edit' type='application/atom+xml' href='http://www.blogger.com/feeds/1456569655786168306/posts/default/2231948156028307071'/><link rel='self' type='application/atom+xml' href='http://www.blogger.com/feeds/1456569655786168306/posts/default/2231948156028307071'/><link rel='alternate' type='text/html' href='http://picasa-readme.blogspot.com/2012/04/picasa-3.html' title='Picasa 3.9: Now with Google+ sharing and tagging'/><author><name>Picasa Team</name><uri>http://www.blogger.com/profile/00823187511285450623</uri><email>noreply@blogger.com</email><gd:image rel='http://schemas.google.com/g/2005#thumbnail' width='16' height='16' src='https://img1.blogblog.com/img/b16-rounded.gif'/></author><media:thumbnail xmlns:media="http://search.yahoo.com/mrss/" url="https://lh5.googleusercontent.com/torawRKsQC9zYeAfBTnwj0vDXOgZc_h0dLzbT9cuJHTARJVy8hKIualz1K6Eyxrk5N0BqzOcE0q033Bobgt1A4ugxIGsBqnvlYQG1zqx4F28kqDOzhg=s72-c" height="72" width="72"/></entry><entry><id>tag:blogger.com,1999:blog-1456569655786168306.post-1272700194270571942</id><published>2010-10-20T13:09:00.000-07:00</published><updated>2010-10-20T21:45:11.829-07:00</updated><title type='text'>Picasa 3.8 now available in 38 languages</title><content type='html'>People around the world can now enjoy the updates in Picasa 3.8. The latest Picasa update is now available in 38 languages. This update includes; batch uploading and other synchronization controls with Picasa Web Albums, the addition of Picnik's photo-editor, Face Movie and more. Face Movie is a fun way to showcase photos centered around one person. <br /> equals www.yahoo.com (Yahoo)
Source: Picasa3.exe, 00000014.00000002.2593399186.0000000007223000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Feedback and questions are also welcome in our <a href="http://groups.google.com/group/Picasa">forums</a>.</span></span></div><br /><br /><object width="425" height="344"><param name="movie" value="http://www.youtube.com/v/rskC6c_5L1M&amp;hl=en&amp;fs=1"><param name="allowFullScreen" value="true"><param name="allowscriptaccess" value="always"><embed src="http://www.youtube.com/v/rskC6c_5L1M&amp;hl=en&amp;fs=1" type="application/x-shockwave-flash" allowscriptaccess="always" allowfullscreen="true" width="425" height="344"></embed></object><br /><br /><div><span class="Apple-style-span" style="color: rgb(51, 51, 51); ">A brief summary of changes in this release, versus Picasa 2:</span><br /></div><div><span class="Apple-style-span" style="font-size:small;"><span class="Apple-style-span" style="color: rgb(51, 51, 51);"><br /></span></span></div><div><span class="Apple-style-span" style="line-height: 20px; "><div><span class="Apple-style-span" style="font-weight: bold; "><span class="Apple-style-span" style="font-size:small;"><span class="Apple-style-span" style="color: rgb(51, 51, 51);">Better integration between desktop and the web</span></span></span></div><div><span class="Apple-style-span" style="font-size:small;"><span class="Apple-style-span" style="color: rgb(51, 51, 51);"> equals www.youtube.com (Youtube)
Source: Picasa3.exe, 00000014.00000002.2593399186.000000000716B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Feedback and questions are also welcome in our <a href="http://groups.google.com/group/Picasa">forums</a>.</span></span></div><br /><br /><object width="425" height="344"><param name="movie" value="http://www.youtube.com/v/rskC6c_5L1M&hl=en&fs=1"><param name="allowFullScreen" value="true"><param name="allowscriptaccess" value="always"><embed src="http://www.youtube.com/v/rskC6c_5L1M&hl=en&fs=1" type="application/x-shockwave-flash" allowscriptaccess="always" allowfullscreen="true" width="425" height="344"></embed></object><br /><br /><div><span class="Apple-style-span" style="color: rgb(51, 51, 51); ">A brief summary of changes in this release, versus Picasa 2:</span><br /></div><div><span class="Apple-style-span" style="font-size:small;"><span class="Apple-style-span" style="color: rgb(51, 51, 51);"><br /></span></span></div><div><span class="Apple-style-span" style="line-height: 20px; "><div><span class="Apple-style-span" style="font-weight: bold; "><span class="Apple-style-span" style="font-size:small;"><span class="Apple-style-span" style="color: rgb(51, 51, 51);">Better integration between desktop and the web</span></span></span></div><div><span class="Apple-style-span" style="font-size:small;"><span class="Apple-style-span" style="color: rgb(51, 51, 51);"> equals www.youtube.com (Youtube)
Source: GPhotos.scr, 00000011.00000000.1542724484.000000000062E000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: Fgaiahttps://www.google.com/accounts/OAuthLoginhttps://picasaweb.google.com/c/https://www.google.com/m8/feeds/https://mail.google.com/http://gdata.youtube.comhttps://www.googleapis.com/auth/plus.settingshttps://www.googleapis.com/auth/plus.media.readonlyhttps://www.googleapis.com/auth/plus.media.uploadhttps://www.googleapis.com/auth/plus.mehttps://www.googleapis.com/auth/plus.profiles.readhttps://www.googleapis.com/auth/plus.circles.readhttps://www.googleapis.com/auth/plus.stream.writehttps://www.googleapis.com/auth/photoshttps://www.googleapis.com/auth/userinfo%23emailhttps://www.google.comGaiaUrlwebupdatesoauthloginyoutubeplus.settingsplus.media.readonlyplus.media.uploadplus.meplus.profiles.readplus.circles.readplus.firstpartyplus.stream.writemailrelaycp.managercplh2mailThis account is not enabled for Google Photos.Gaia:NoPWAThis account is not enabled for Google+Gaia::NoGPlusYou are not signed up for a Gmail AccountGaia::NoGmailYou are either not signed up for YouTube or your YouTube account is not connected to your Google accountGaia::NoYouTubeYou are not signed up for this serviceGaia::NoServicehttps://picasaweb.google.com/lh/picasaSignupRedirhttps://plus.google.com/https://www.google.com/accounts/NewAccount?service=mailhttps://www.youtube.com/create_channel?upsell=uploadPUTHEADPOSTGET%s: %sContent-encodinggzipGZip detected- inflatingFailed to inflate GZip dataFailed to inflate GZIP dataContent-typeimageReceived response: equals www.youtube.com (Youtube)
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: Fgaiahttps://www.google.com/accounts/OAuthLoginhttps://picasaweb.google.com/c/https://www.google.com/m8/feeds/https://mail.google.com/https://www.googleapis.com/auth/plus.settingshttps://www.googleapis.com/auth/plus.media.readonlyhttps://www.googleapis.com/auth/plus.media.uploadhttps://www.googleapis.com/auth/plus.mehttps://www.googleapis.com/auth/plus.profiles.readhttps://www.googleapis.com/auth/plus.circles.readhttps://www.googleapis.com/auth/plus.stream.writehttps://www.googleapis.com/auth/photoshttps://www.googleapis.com/auth/userinfo%23emailhttps://www.google.comGaiaUrlwebupdatesoauthloginplus.settingsplus.media.readonlyplus.media.uploadplus.meplus.profiles.readplus.circles.readplus.firstpartyplus.stream.writemailrelaycp.managercplh2mailThis account is not enabled for Google Photos.Gaia:NoPWAThis account is not enabled for Google+Gaia::NoGPlusYou are not signed up for a Gmail AccountGaia::NoGmailYou are either not signed up for YouTube or your YouTube account is not connected to your Google accountGaia::NoYouTubeYou are not signed up for this serviceGaia::NoServicehttps://picasaweb.google.com/lh/picasaSignupRedirhttps://plus.google.com/https://www.google.com/accounts/NewAccount?service=mailhttps://www.youtube.com/create_channel?upsell=upload%3B%3A%25%disable_contact_sync{id}https://picasaweb.google.com/data/urls?version=1&alt=rss{username}Software\Google\Photos%s URL not foundLighthouse::urlerrorgphoto:settingsgphoto:syncgphoto:uploadgphoto:quotalimitpaidgphoto:etaggphoto:frOptinOptedOutUndecided&gl=%sFailed to parse URL listLHUrls::ParseErrorLDomain://lh::userpostemailAlbumrecentCommentsgalleryalbumPagealbum_entryphotoPageupgradeStoragehttps://photos.google.comvideoPostTargetresumableVideoUploadUrlupgradeVideoemailRelayupdateRequiredGoogle Photos is temporarily unavailableLighthouse::ServiceUnavailableESWeb Albums is temporarily unavailableLighthouse::ServiceUnavailablelhpicasaweb.google.comlh2.google.comphotos.google.com/feed/entry//feed/?alt=rss equals www.youtube.com (Youtube)
Source: Picasa3.exe, 00000014.00000002.2506191744.0000000004241000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: In addition, the Photo Viewer software that accompanies Picasa 3 on Windows is not included on the Mac.</div><div><br /></div><div>Picasa for Mac requires an Intel-based Mac and Mac OS X 10.4+.</div><div><br /></div><div>We'd like to hear your feedback on this beta -- please visit our <a href="http://www.google.com/support/forum/p/Picasa?hl=en">support forum</a> and let us know how Picasa works for you, and how we can make it better.</div><div><br /></div><div><span class="Apple-style-span" style="border-collapse: separate; white-space: pre; font-family:Arial;font-size:10px;"><object width="425" height="344"><param name="movie" value="http://www.youtube.com/v/NDKFjc3_wrk&hl=en&fs=1"><param name="allowFullScreen" value="true"><param name="allowscriptaccess" value="always"><embed src="http://www.youtube.com/v/NDKFjc3_wrk&hl=en&fs=1" type="application/x-shockwave-flash" allowscriptaccess="always" allowfullscreen="true" width="425" height="344"></embed></object></span><br /></div><div><br /></div></span> equals www.youtube.com (Youtube)
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: K<style><!--span{width: 220px; height: 20px; white-space:nowrap; overflow:hidden; text-overflow:ellipsis} body,td,a,p,.h{background-color: #F3F3F3;font-family:arial,sans-serif;font-size: 14px;}.h{font-size: 20px;}.q{color:#0000cc;}//--></style><meta http-equiv='refresh' content='60'><style><!--body,td,a,p,.h{background-color: #EFEFEF;font-family:arial,sans-serif;font-size: 14px;}.h{font-size: 20px;}.q{color:#0000cc;}//--></style><html><head>%s<body topmargin=20 leftmargin=8><html><head>%s<body topmargin=4 leftmargin=4><form action=search><input size=45 maxLength=256 name=q><input type=submit value='Picasa Search'></form><html><head>%s<body topmargin=20 leftmargin=20><form action=search><input size=55 maxLength=256 name=q><input type=submit value='Picasa Search'></form>OkytSocketytHTTPdimage/jpegimagedbidhttp://%s/%s/thumb/%s.jpghttp://%s/%s/image/%s.jpghttp://%s/%s/original/%s<?xml version="1.0" encoding="utf-8" ?>rss2.0versionhttp://www.pheed.com/pheed/xmlns:photohttp://search.yahoo.com/msrss/xmlns:mediahttp://picasaweb.google.com/lh/picasaweb/xmlns:gphotochanneltitlelinkgphoto:usergphoto:idgphoto:locationpicasa:dbidpicasa:albumidhttp://%s/%s/album%d.htmlhttp://%s/%s/rssalbum%d.rssitempubDategphoto:filenamepubdategphoto:rsslinkgphoto:widthgphoto:heightphoto:thumbnailphoto:imgsrcmedia:groupmedia:contenturltrueisDefaultmedia:thumbnailfileSizetype, equals www.yahoo.com (Yahoo)
Source: Picasa3.exe, 00000014.00000002.2586100840.0000000006F6F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: We're happy to announce the launch of Picasa 3.5, the latest release of Picasa photo management software. If you don't want to wait until we autoupdate everyone to Picasa 3.5, you can download it at <a href="http://picasa.google.com/">picasa.google.com</a>.<br /><br />This ReadMe page appears when a new version of Picasa software is available, and tells you what changes and improvements are in each release.<br /><br />Picasa 3.5 is a significant upgrade from Picasa 3.1. For an in-depth overview of what's new, you can play the video below, read our launch post on the <a href="http://googlephotos.blogspot.com/">Google Photos blog</a>, or consult the "<a href="http://picasa.google.com/support/bin/answer.py?answer=93773&ctx=readme">Picasa 3 New Features</a>" support document. Feedback and questions are also welcome in our <a href="http://groups.google.com/group/Picasa">user forums</a>.<br /><br /><object width="560" height="340"><param name="movie" value="http://www.youtube.com/v/gYO2uhrIZJ4&hl=en& equals www.youtube.com (Youtube)
Source: Picasa3.exe, 00000014.00000002.2506191744.0000000004241000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: We're happy to announce the launch of Picasa 3.5, the latest release of Picasa photo management software. If you don't want to wait until we autoupdate everyone to Picasa 3.5, you can download it at <a href="http://picasa.google.com/">picasa.google.com</a>.<br /><br />This ReadMe page appears when a new version of Picasa software is available, and tells you what changes and improvements are in each release.<br /><br />Picasa 3.5 is a significant upgrade from Picasa 3.1. For an in-depth overview of what's new, you can play the video below, read our launch post on the <a href="http://googlephotos.blogspot.com/">Google Photos blog</a>, or consult the "<a href="http://picasa.google.com/support/bin/answer.py?answer=93773&ctx=readme">Picasa 3 New Features</a>" support document. Feedback and questions are also welcome in our <a href="http://groups.google.com/group/Picasa">user forums</a>.<br /><br /><object width="560" height="340"><param name="movie" value="http://www.youtube.com/v/gYO2uhrIZJ4&hl=en&fs=1 equals www.youtube.com (Youtube)
Source: Picasa3.exe, 00000014.00000002.2506191744.0000000004241000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: We're happy to announce the launch of Picasa 3.5, the latest release of Picasa photo management software. If you don't want to wait until we autoupdate everyone to Picasa 3.5, you can download it at <a href="http://picasa.google.com/">picasa.google.com</a>.<br /><br />This ReadMe page appears when a new version of Picasa software is available, and tells you what changes and improvements are in each release.<br /><br />Picasa 3.5 is a significant upgrade from Picasa 3.1. For an in-depth overview of what's new, you can play the video below, read our launch post on the <a href="http://googlephotos.blogspot.com/">Google Photos blog</a>, or consult the "<a href="http://picasa.google.com/support/bin/answer.py?answer=93773&ctx=readme">Picasa 3 New Features</a>" support document. Feedback and questions are also welcome in our <a href="http://groups.google.com/group/Picasa">user forums</a>.<br /><br /><object width="560" height="340"><param name="movie" value="http://www.youtube.com/v/gYO2uhrIZJ4&hl=en&fs=1&rel=0&hd=1"><param name="allowFullScreen" value="true"><param name="allowscriptaccess" value="always"><embed src="http://www.youtube.com/v/gYO2uhrIZJ4&hl=en&fs=1&rel=0&hd=1" type="application/x-shockwave-flash" allowscriptaccess="always" allowfullscreen="true" width="560" height="340"></embed></object><br /><br />A brief summary of changes in this release, versus Picasa 3.1:<br /><br /><strong>Name tags</strong><br /><ul><li>Name tags help you organize your photos by what matters most: the people in them.<br /></li><li>Picasa identifies similar faces in your photos and puts these into the "Unnamed people" album. To add a name tag, just click "Add a name" and type the person's name.<br /></li><li>After you've tagged some pictures, you can do creative things with your name tags, like finding all the photos with the same two people in them or creating a face collage with just one click.<br /></li><li> equals www.youtube.com (Youtube)
Source: Picasa3.exe, 00000014.00000002.2506191744.0000000004241000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: We're happy to announce the launch of Picasa 3.5, the latest release of Picasa photo management software. If you don't want to wait until we autoupdate everyone to Picasa 3.5, you can download it at <a href="http://picasa.google.com/">picasa.google.com</a>.<br /><br />This ReadMe page appears when a new version of Picasa software is available, and tells you what changes and improvements are in each release.<br /><br />Picasa 3.5 is a significant upgrade from Picasa 3.1. For an in-depth overview of what's new, you can play the video below, read our launch post on the <a href="http://googlephotos.blogspot.com/">Google Photos blog</a>, or consult the "<a href="http://picasa.google.com/support/bin/answer.py?answer=93773&ctx=readme">Picasa 3 New Features</a>" support document. Feedback and questions are also welcome in our <a href="http://groups.google.com/group/Picasa">user forums</a>.<br /><br /><object width="560" height="340"><param name="movie" value="http://www.youtube.com/v/gYO2uhrIZJ4&hl=en&fs=1&rel=0&hd=1"><param name="allowFullScreen" value="true"><param name="allowscriptaccess" value="always"><embed src="http://www.youtube.com/v/gYO2uhrIZJ4&hl=en&fs=1&rel=0&hd=1" type="application/x-shockwave-flash" allowscriptaccess="always" allowfullscreen="true" width="560" height="340"></embed></object><br /><br />A brief summary of changes in this release, versus Picasa 3.1:<br /><br /><strong>Name tags</strong><br /><ul><li>Name tags help you organize your photos by what matters most: the people in them.<br /></li><li>Picasa identifies similar faces in your photos and puts these into the "Unnamed people" album. To add a name tag, just click "Add a name" and type the person's name.<br /></li><li>After you've tagged some pictures, you can do creative things with your name tags, like finding all the photos with the same two people in them or creating a face collage with just one click.<br /></li><li>x0 equals www.youtube.com (Youtube)
Source: Picasa3.exe, 00000014.00000002.2563942835.0000000006D99000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: aram name="allowscriptaccess" value="always"><embed src="http://www.youtube.com/v/NDKFjc3_wrk&hl=en&fs=1" type="application/x-shockwave-flash" allowscriptaccess="always" allowfullscreen="true" width="425" height="344"></embed></object></span><br /></div><div><br /></div></span> equals www.youtube.com (Youtube)
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000031AA000.00000004.00000020.00020000.00000000.sdmp, setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000035FF000.00000004.00000020.00020000.00000000.sdmp, GPhotos.scr, 00000011.00000000.1542724484.000000000062E000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: https://www.youtube.com/create_channel?upsell=upload equals www.youtube.com (Youtube)
Source: PicasaPhotoViewer.exe, 00000015.00000000.1692209976.000000000070D000.00000002.00000001.01000000.00000019.sdmp	String found in binary or memory: ugp7Dgaiahttps://www.google.com/accounts/OAuthLoginhttps://picasaweb.google.com/c/https://www.google.com/m8/feeds/https://mail.google.com/http://gdata.youtube.comhttps://www.googleapis.com/auth/plus.settingshttps://www.googleapis.com/auth/plus.media.readonlyhttps://www.googleapis.com/auth/plus.media.uploadhttps://www.googleapis.com/auth/plus.mehttps://www.googleapis.com/auth/plus.profiles.readhttps://www.googleapis.com/auth/plus.circles.readhttps://www.googleapis.com/auth/plus.stream.writehttps://www.googleapis.com/auth/photoshttps://www.googleapis.com/auth/userinfo%23emailhttps://www.google.comGaiaUrlwebupdatesoauthloginyoutubeplus.settingsplus.media.readonlyplus.media.uploadplus.meplus.profiles.readplus.circles.readplus.firstpartyplus.stream.writemailrelaycp.managercplh2mailThis account is not enabled for Google Photos.Gaia:NoPWAThis account is not enabled for Google+Gaia::NoGPlusYou are not signed up for a Gmail AccountGaia::NoGmailYou are either not signed up for YouTube or your YouTube account is not connected to your Google accountGaia::NoYouTubeYou are not signed up for this serviceGaia::NoServicehttps://picasaweb.google.com/lh/picasaSignupRedirhttps://plus.google.com/https://www.google.com/accounts/NewAccount?service=mailhttps://www.youtube.com/create_channel?upsell=uploadConnection failedUploadError::ConnectFailedRequest failedUploadError::RequestFailedimageentryreledit-mediahrefalternatetext/htmlcontentsrcpublishedpubDateupdatedgphoto:idgphoto:widthgphoto:heightgphoto:clientgphoto:checksumgphoto:sizemedia:keywordscodeinternalReasonapplication/atom+xml%s/data/feed/api/user/%s/albumid/%s?xmlerrors=1PUT%s/data/feed/api/user/%s?kind=album&access=privatevisible equals www.youtube.com (Youtube)

Source: global traffic	DNS traffic detected: DNS query: pack.google.com
Source: global traffic	DNS traffic detected: DNS query: download.seznam.cz
Source: global traffic	DNS traffic detected: DNS query: picasa.google.com
Source: global traffic	DNS traffic detected: DNS query: picasa-readme.blogspot.com
Source: global traffic	DNS traffic detected: DNS query: support.google.com
Source: global traffic	DNS traffic detected: DNS query: clients2.googleusercontent.com
Source: global traffic	DNS traffic detected: DNS query: lh3.googleusercontent.com
Source: global traffic	DNS traffic detected: DNS query: chrome.cloudflare-dns.com
Source: global traffic	DNS traffic detected: DNS query: apis.google.com
Source: global traffic	DNS traffic detected: DNS query: h.imedia.cz
Source: global traffic	DNS traffic detected: DNS query: sentry.sklik.cz
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: chrome.google.com
Source: global traffic	DNS traffic detected: DNS query: software.seznam.cz
Source: global traffic	DNS traffic detected: DNS query: h.seznam.cz

Source: unknown

HTTP traffic detected: POST /dns-query HTTP/1.1Host: chrome.cloudflare-dns.comConnection: keep-aliveContent-Length: 128Accept: application/dns-messageAccept-Language: *User-Agent: ChromeAccept-Encoding: identityContent-Type: application/dns-message

Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundP3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."Strict-Transport-Security: max-age=31536000; includeSubdomainsContent-Type: text/html; charset=UTF-8Date: Wed, 02 Oct 2024 10:16:36 GMTExpires: Wed, 02 Oct 2024 10:16:36 GMTCache-Control: private, max-age=0Content-Security-Policy-Report-Only: object-src 'none';base-uri 'self';script-src 'nonce-IP6YhjyZ5zH1GbKIYwQC' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' https: http: 'report-sample';report-uri https://csp.withgoogle.com/csp/scfeP3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."X-Content-Type-Options: nosniffServer: support-content-uiX-XSS-Protection: 0X-Frame-Options: SAMEORIGINSet-Cookie: NID=517=6vc2afBzm5gk4mPKuql_mQ3rKSVagR0-666zy5fO9R-BJd9VVHTKac1hL8PYBKfsE7QKQj--ZkI9P2x8fL0XJIMzeE4-wSN0Cx7P3rE203XNog8Dh9kYHu1KGT7J4c_LQKQm2PrvT5_GZStgW-Jm8tj9Ltn_84w_euix-7o-Le3edvPI2Q; expires=Thu, 03-Apr-2025 10:16:36 GMT; path=/; domain=.google.com; HttpOnlySet-Cookie: NID=517=6vc2afBzm5gk4mPKuql_mQ3rKSVagR0-666zy5fO9R-BJd9VVHTKac1hL8PYBKfsE7QKQj--ZkI9P2x8fL0XJIMzeE4-wSN0Cx7P3rE203XNog8Dh9kYHu1KGT7J4c_LQKQm2PrvT5_GZStgW-Jm8tj9Ltn_84w_euix-7o-Le3edvPI2Q; expires=Thu, 03-Apr-2025 10:16:36 GMT; path=/; domain=.google.com; HttpOnlyAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=UTF-8Referrer-Policy: no-referrerContent-Length: 1568Date: Wed, 02 Oct 2024 10:16:02 GMTData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67 3a 33 30 70 78 20 30 20 31 35 70 78 7d 2a 20 3e 20 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 65 72 72 6f 72 73 2f 72 6f 62 6f 74 2e 70 6e 67 29 20 31 30 30 25 20 35 70 78 20 6e 6f 2d 72 65 70 65 61 74 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 32 30 35 70 78 7d 70 7b 6d 61 72 67 69 6e 3a 31 31 70 78 20 30 20 32 32 70 78 3b 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 7d 69 6e 73 7b 63 6f 6c 6f 72 3a 23 37 37 37 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 7d 61 20 69 6d 67 7b 62 6f 72 64 65 72 3a 30 7d 40 6d 65 64 69 61 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 61 78 2d 77 69 64 74 68 3a 37 37 32 70 78 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 6e 6f 6e 65 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 30 3b 6d 61 78 2d 77 69 64 74 68 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 30 7d 7d 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 31 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 6e 6f 2d 72 65 70 65 61 74 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 35 70 78 7d 40 6d 65 64 69 61 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 69 6e 2d 72 65 73 6f 6c 75 74 69 6f 6e 3a 31 39 32 64 70 69 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 32 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20

Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: http://%s/%s/album%d.html
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: http://%s/%s/image/%s.jpg
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: http://%s/%s/rssalbum%d.rss
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: http://%s/%s/thumb/%s.jpg
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: http://%s/%s/thumb/%s.jpghttp://%s/%s/image/%s.jpghttp://%s/%s/original/%s
Source: Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://Picasa.google.com/
Source: Picasa3.exe, 00000014.00000002.2482072226.0000000002E92000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2596878839.000000000862D000.00000004.00000010.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2596878839.000000000863C000.00000004.00000010.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2482072226.0000000002EAA000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000003.2141243034.0000000001215000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000003.2142383735.00000000011D3000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000003.2141243034.0000000001221000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2467205779.00000000011A2000.00000004.00000020.00020000.00000000.sdmp, PicasaPhotoViewer.exe, 00000015.00000000.1692209976.000000000070D000.00000002.00000001.01000000.00000019.sdmp	String found in binary or memory: http://clients2.google.com/service/update2
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: http://clients2.google.com/service/update2omahaURLLifescapeUpdaterupdate
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000029F6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.thawte.com/ThawtePremiumServerCA.crl0
Source: 1a4e5ccd35a56d84281a143f831563be.exe, 0000000F.00000002.2435414779.0000000000414000.00000004.00000001.01000000.00000006.sdmp, setuppicasa39-setup.exe, 00000010.00000002.1664870898.000000000459F000.00000004.00000020.00020000.00000000.sdmp, setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000032A7000.00000004.00000020.00020000.00000000.sdmp, setuppicasa39-setup.exe, 00000010.00000002.1664870898.0000000002E88000.00000004.00000020.00020000.00000000.sdmp, setuppicasa39-setup.exe, 00000010.00000002.1664870898.000000000467E000.00000004.00000020.00020000.00000000.sdmp, setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000029F6000.00000004.00000020.00020000.00000000.sdmp, PicasaPhotoViewer.exe, 00000015.00000003.1750777100.0000000000AF4000.00000004.00000020.00020000.00000000.sdmp, PicasaPhotoViewer.exe, 00000015.00000002.1780753263.0000000003B00000.00000004.00000020.00020000.00000000.sdmp, PicasaPhotoViewer.exe, 00000015.00000003.1775638859.0000000000A66000.00000004.00000020.00020000.00000000.sdmp, UNZIP.EXE, 00000026.00000002.1812336800.0000000000430000.00000040.00000001.01000000.00000020.sdmp, UNZIP.EXE, 00000028.00000002.1816767609.000000000042B000.00000040.00000001.01000000.00000020.sdmp, UNZIP.EXE, 00000058.00000002.2099499225.0000000000428000.00000040.00000001.01000000.00000026.sdmp, CPY.EXE, 0000005C.00000002.2102179386.0000000000B00000.00000004.00000020.00020000.00000000.sdmp, UNZIP.EXE, 0000005D.00000002.2105385323.0000000000428000.00000040.00000001.01000000.00000026.sdmp, CPY.EXE, 00000061.00000002.2108099884.0000000000E09000.00000004.00000020.00020000.00000000.sdmp, CPY.EXE, 00000064.00000002.2115643669.0000000000ECA000.00000004.00000020.00020000.00000000.sdmp, UNZIP.EXE, 00000066.00000002.2120076164.0000000000428000.00000040.00000001.01000000.00000026.sdmp, CPY.EXE, 0000006A.00000002.2122729835.0000000000629000.00000004.00000020.00020000.00000000.sdmp, CPY.EXE, 00000070.00000002.2131296204.0000000000CD9000.00000004.00000020.00020000.00000000.sdmp, sznpp.exe, 0000007C.00000000.2152804918.0000000000BFB000.00000002.00000001.01000000.0000002C.sdmp, UNZIP.EXE, 0000007D.00000002.2173171240.000000000042B000.00000040.00000001.01000000.00000026.sdmp	String found in binary or memory: http://crl.thawte.com/ThawteTimestampingCA.crl0
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000029F6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cs-g2-crl.thawte.com/ThawteCSG2.crl0
Source: Picasa3.exe, 00000014.00000002.2593399186.0000000007244000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.google.com/photos/picasamac38.dmg
Source: Picasa3.exe, 00000014.00000002.2593399186.0000000007223000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.google.com/photos/picasamac38.dmg"><span
Source: Picasa3.exe, 00000014.00000002.2563942835.0000000006D99000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2586100840.0000000006F6F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.google.com/picasa/picasa3-setup.exe
Source: Picasa3.exe, 00000014.00000002.2593399186.0000000007244000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.google.com/picasa/picasa38-setup.exe
Source: Picasa3.exe, 00000014.00000002.2593399186.0000000007223000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.google.com/picasa/picasa38-setup.exe"><span
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=6
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: http://earth.google.com
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: http://earth.google.com/kml/2.0
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: http://earth.google.com/kml/2.0xmlnsFolderPicasa
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000031AA000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp, PicasaPhotoViewer.exe, 00000015.00000000.1692209976.000000000070D000.00000002.00000001.01000000.00000019.sdmp	String found in binary or memory: http://earth.google.com/kml/2.1
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000031AA000.00000004.00000020.00020000.00000000.sdmp, PicasaPhotoViewer.exe, 00000015.00000000.1692209976.000000000070D000.00000002.00000001.01000000.00000019.sdmp	String found in binary or memory: http://earth.google.com/kml/2.1xmlnsgphoto:timestampgphoto:starexif:tagsexif:distanceexif:exposureex
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: http://earth.google.comTag
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000035FF000.00000004.00000020.00020000.00000000.sdmp, GPhotos.scr, 00000011.00000000.1542724484.000000000062E000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: http://ericorth.kir.corp.google.com:8888
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000035FF000.00000004.00000020.00020000.00000000.sdmp, GPhotos.scr, 00000011.00000000.1542724484.000000000062E000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: http://ericorth.kir.corp.google.com:8888/gphotos?action=retrconfig&email=/gphotos?action=postconfigr
Source: Picasa3.exe, 00000012.00000000.1604678624.0000000000DF8000.00000002.00000001.01000000.00000012.sdmp, Picasa3.exe, 00000014.00000003.1626531844.00000000040E2000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2599824731.000000001140C000.00000002.00000001.01000000.00000014.sdmp, Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp, Picasa3.exe, 00000014.00000002.2482072226.0000000002EAA000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000003.1626203204.0000000003FB3000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2599824731.000000001000C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://forums.picasa.com/
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000031AA000.00000004.00000020.00020000.00000000.sdmp, setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000035FF000.00000004.00000020.00020000.00000000.sdmp, GPhotos.scr, 00000011.00000000.1542724484.000000000062E000.00000002.00000001.01000000.0000000F.sdmp, Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp, PicasaPhotoViewer.exe, 00000015.00000000.1692209976.000000000070D000.00000002.00000001.01000000.00000019.sdmp	String found in binary or memory: http://gdata.youtube.com
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: http://gdata.youtube.com/schemas/2007
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: http://gdata.youtube.com/schemas/2007/categories.cat
Source: Picasa3.exe, 00000014.00000002.2506191744.0000000004241000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2599824731.000000001140C000.00000002.00000001.01000000.00000014.sdmp, Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp, Picasa3.exe, 00000014.00000003.1626203204.0000000003FB3000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2599824731.000000001000C000.00000002.00000001.01000000.00000014.sdmp, Picasa3.exe, 00000014.00000002.2586100840.0000000006F6F000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2593399186.000000000716B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://googlephotos.blogspot.com/
Source: Picasa3.exe, 00000014.00000002.2593399186.0000000007223000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://googlephotos.blogspot.com/">Google
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: http://googlephotos.blogspot.com/HelpURL::ReadMehttp://picasa.google.com/support/bin/answer.py?answe
Source: Picasa3.exe, 00000014.00000002.2506191744.0000000004241000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2586100840.0000000006F6F000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2593399186.000000000716B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://groups.google.com/group/Picasa
Source: Picasa3.exe, 00000014.00000002.2593399186.0000000007223000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://groups.google.com/group/Picasa">forums</a>.</span></span></div&g
Source: Picasa3.exe, 00000014.00000002.2506191744.0000000004241000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://groups.google.com/group/picasa
Source: Picasa3.exe, 00000014.00000002.2593399186.0000000007223000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://groups.google.com/group/picasa">Google
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.0000000003831000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://internet.e-mail
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.0000000004788000.00000004.00000020.00020000.00000000.sdmp, setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000031AA000.00000004.00000020.00020000.00000000.sdmp, setuppicasa39-setup.exe, 00000010.00000002.1664870898.0000000004419000.00000004.00000020.00020000.00000000.sdmp, setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000035FF000.00000004.00000020.00020000.00000000.sdmp, GPhotos.scr, 00000011.00000002.1554998935.0000000002750000.00000004.00000020.00020000.00000000.sdmp, GPhotos.scr, 00000011.00000000.1542724484.000000000062E000.00000002.00000001.01000000.0000000F.sdmp, Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp, Picasa3.exe, 00000014.00000002.2482072226.0000000002EAA000.00000004.00000020.00020000.00000000.sdmp, PicasaPhotoViewer.exe, 00000015.00000003.1768334402.000000000284E000.00000004.00000020.00020000.00000000.sdmp, PicasaPhotoViewer.exe, 00000015.00000002.1779527117.0000000002854000.00000004.00000020.00020000.00000000.sdmp, PicasaPhotoViewer.exe, 00000015.00000000.1692209976.000000000070D000.00000002.00000001.01000000.00000019.sdmp	String found in binary or memory: http://iptc.org/std/Iptc4xmpCore/1.0/xmlns/
Source: Picasa3.exe, 00000014.00000002.2482072226.0000000002EAA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://iptc.org/std/Iptc4xmpCore/1.0/xmlns/em#
Source: GPhotos.scr, 00000011.00000002.1554998935.0000000002750000.00000004.00000020.00020000.00000000.sdmp, GPhotos.scr, 00000011.00000000.1542724484.000000000062E000.00000002.00000001.01000000.0000000F.sdmp, Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp, Picasa3.exe, 00000014.00000002.2482072226.0000000002EAA000.00000004.00000020.00020000.00000000.sdmp, PicasaPhotoViewer.exe, 00000015.00000003.1768334402.000000000284E000.00000004.00000020.00020000.00000000.sdmp, PicasaPhotoViewer.exe, 00000015.00000002.1779527117.0000000002854000.00000004.00000020.00020000.00000000.sdmp, PicasaPhotoViewer.exe, 00000015.00000000.1692209976.000000000070D000.00000002.00000001.01000000.00000019.sdmp	String found in binary or memory: http://iptc.org/std/Iptc4xmpExt/2008-02-29/
Source: Picasa3.exe, 00000014.00000002.2482072226.0000000002EAA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://iptc.org/std/Iptc4xmpExt/2008-02-29/e2
Source: Picasa3.exe, 00000014.00000002.2482072226.0000000002EAA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://iptc.org/std/Iptc4xmpExt/2008-02-29/j2
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.000000000369C000.00000004.00000020.00020000.00000000.sdmp, GPhotos.scr, 00000011.00000000.1542961815.00000000006EF000.00000002.00000001.01000000.0000000F.sdmp, Picasa3.exe, 00000014.00000002.2599824731.000000001140C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://lh2.google.com.vn/data/feed/api/all?kind=photo&filter=1&max-results=100&alt=rss
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.000000000369C000.00000004.00000020.00020000.00000000.sdmp, GPhotos.scr, 00000011.00000000.1542961815.00000000006EF000.00000002.00000001.01000000.0000000F.sdmp, Picasa3.exe, 00000014.00000002.2599824731.000000001140C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://lh2.google.com/data/feed/api/all?kind=photo&filter=1&
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.000000000369C000.00000004.00000020.00020000.00000000.sdmp, GPhotos.scr, 00000011.00000000.1542961815.00000000006EF000.00000002.00000001.01000000.0000000F.sdmp, Picasa3.exe, 00000014.00000003.1626531844.00000000040E2000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2599824731.000000001140C000.00000002.00000001.01000000.00000014.sdmp, Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp, Picasa3.exe, 00000014.00000003.1626203204.0000000003FB3000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2599824731.000000001000C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://lh2.google.com/data/feed/api/all?kind=photo&filter=1&max-results=100&alt=rss
Source: GPhotos.scr, 00000011.00000002.1554998935.0000000002744000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2482072226.0000000002E32000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://lh2.google.com/data/feed/api/all?kind=photo&filter=1&max-results=100&alt=rss
Source: GPhotos.scr, 00000011.00000002.1554998935.0000000002744000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://lh2.google.com/data/feed/api/all?kind=photo&filter=1&max-results=100&alt=rssu
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.000000000369C000.00000004.00000020.00020000.00000000.sdmp, GPhotos.scr, 00000011.00000000.1542961815.00000000006EF000.00000002.00000001.01000000.0000000F.sdmp, Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://lh2.google.rs/data/feed/api/all?kind=photo&filter=1&max-results=100&alt=rss
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: http://localhost:%d/%s/image/%s.jpg
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: http://localhost:%d/%s/thumb/%s.jpg
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.0000000003831000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2599824731.000000001000C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://mail.google.com
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: http://mail.google.com/mail/help/intl/%s/about.html
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: http://mail.google.com/mail/help/intl/%s/about.htmli18n
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000032A7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://maps.google.com/maps?file=api&v=2&client=google-picasa-client&sensor=false
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: http://maps.google.com/maps?q=%g
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000032A7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://maps.googleapis.com/maps/api/js?client=google-picasa-client&sensor=false&v=3
Source: 1a4e5ccd35a56d84281a143f831563be.exe, 0000000C.00000000.1432448821.000000000040C000.00000002.00000001.01000000.00000006.sdmp, setuppicasa39-setup.exe, 00000010.00000000.1489441264.0000000000409000.00000008.00000001.01000000.0000000B.sdmp, setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000032A7000.00000004.00000020.00020000.00000000.sdmp, setuppicasa39-setup.exe, 00000010.00000002.1660522898.0000000000409000.00000004.00000001.01000000.0000000B.sdmp, listicka.exe, 00000016.00000000.1706188175.0000000000409000.00000008.00000001.01000000.0000001A.sdmp, listicka.exe, 00000016.00000002.2422886994.0000000000409000.00000004.00000001.01000000.0000001A.sdmp	String found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
Source: 1a4e5ccd35a56d84281a143f831563be.exe, 0000000F.00000002.2435414779.0000000000414000.00000004.00000001.01000000.00000006.sdmp, setuppicasa39-setup.exe, 00000010.00000002.1664870898.000000000459F000.00000004.00000020.00020000.00000000.sdmp, setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000032A7000.00000004.00000020.00020000.00000000.sdmp, setuppicasa39-setup.exe, 00000010.00000002.1664870898.0000000002E88000.00000004.00000020.00020000.00000000.sdmp, setuppicasa39-setup.exe, 00000010.00000002.1664870898.000000000467E000.00000004.00000020.00020000.00000000.sdmp, setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000029F6000.00000004.00000020.00020000.00000000.sdmp, PicasaPhotoViewer.exe, 00000015.00000003.1750777100.0000000000AF4000.00000004.00000020.00020000.00000000.sdmp, PicasaPhotoViewer.exe, 00000015.00000002.1780753263.0000000003B00000.00000004.00000020.00020000.00000000.sdmp, PicasaPhotoViewer.exe, 00000015.00000003.1775638859.0000000000A66000.00000004.00000020.00020000.00000000.sdmp, UNZIP.EXE, 00000026.00000002.1812336800.0000000000430000.00000040.00000001.01000000.00000020.sdmp, UNZIP.EXE, 00000028.00000002.1816767609.000000000042B000.00000040.00000001.01000000.00000020.sdmp, UNZIP.EXE, 00000058.00000002.2099499225.0000000000428000.00000040.00000001.01000000.00000026.sdmp, CPY.EXE, 0000005C.00000002.2102179386.0000000000B00000.00000004.00000020.00020000.00000000.sdmp, UNZIP.EXE, 0000005D.00000002.2105385323.0000000000428000.00000040.00000001.01000000.00000026.sdmp, CPY.EXE, 00000061.00000002.2108099884.0000000000E09000.00000004.00000020.00020000.00000000.sdmp, CPY.EXE, 00000064.00000002.2115643669.0000000000ECA000.00000004.00000020.00020000.00000000.sdmp, UNZIP.EXE, 00000066.00000002.2120076164.0000000000428000.00000040.00000001.01000000.00000026.sdmp, CPY.EXE, 0000006A.00000002.2122729835.0000000000629000.00000004.00000020.00020000.00000000.sdmp, CPY.EXE, 00000070.00000002.2131296204.0000000000CD9000.00000004.00000020.00020000.00000000.sdmp, sznpp.exe, 0000007C.00000000.2152804918.0000000000BFB000.00000002.00000001.01000000.0000002C.sdmp, UNZIP.EXE, 0000007D.00000002.2173171240.000000000042B000.00000040.00000001.01000000.00000026.sdmp	String found in binary or memory: http://ocsp.thawte.com0
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.000000000369C000.00000004.00000020.00020000.00000000.sdmp, GPhotos.scr, 00000011.00000000.1542961815.00000000006EF000.00000002.00000001.01000000.0000000F.sdmp, Picasa3.exe, 00000014.00000002.2599824731.000000001000C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://pack.google.co.uk/feeds.
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.000000000369C000.00000004.00000020.00020000.00000000.sdmp, GPhotos.scr, 00000011.00000000.1542961815.00000000006EF000.00000002.00000001.01000000.0000000F.sdmp, Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://pack.google.com.br/feeds.
Source: Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp, Picasa3.exe, 00000014.00000002.2599824731.000000001000C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://pack.google.com/feeds
Source: Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp, Picasa3.exe, 00000014.00000003.1626203204.0000000003FB3000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2599824731.000000001000C000.00000002.00000001.01000000.00000014.sdmp, Picasa3.exe, 00000014.00000002.2482072226.0000000002E7B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://pack.google.com/feeds.
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000035FF000.00000004.00000020.00020000.00000000.sdmp, GPhotos.scr, 00000011.00000000.1542724484.000000000062E000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: http://pack.google.com/feeds.MetadataNode::TipDiscoverMeasure
Source: GPhotos.scr, 00000011.00000003.1552747031.0000000000B45000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://pack.google.com/gphotos?action=install&hl=en&gl=ch&brand=GGLA&scrid=AD0E3D47-9B39-483F-83C6-9
Source: GPhotos.scr, 00000011.00000002.1553040041.0000000000199000.00000004.00000010.00020000.00000000.sdmp	String found in binary or memory: http://pack.google.com/gphotos?action=install&hl=en&gl=ch&brand=GGLA&scrid=AD0E3D47-9B39-483F-8Profi
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.000000000369C000.00000004.00000020.00020000.00000000.sdmp, GPhotos.scr, 00000011.00000000.1542961815.00000000006EF000.00000002.00000001.01000000.0000000F.sdmp, Picasa3.exe, 00000014.00000002.2599824731.000000001000C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://pack.google.dk/feeds.
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.000000000369C000.00000004.00000020.00020000.00000000.sdmp, GPhotos.scr, 00000011.00000000.1542961815.00000000006EF000.00000002.00000001.01000000.0000000F.sdmp, Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://pack.google.rs/feeds.
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: http://photos.hello.com/interface/AlbumStack.gif
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: http://photos.hello.com/interface/AlbumStackSelected.gif
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: http://photos.hello.com/interface/AppsBtn-hello.gif
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: http://photos.hello.com/interface/AppsBtn-picasa.gif
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: http://photos.hello.com/interface/AppsBtn.gif
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: http://photos.hello.com/interface/boxes/B11.gif
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: http://photos.hello.com/interface/boxes/B13.gif
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: http://photos.hello.com/interface/boxes/B31.gif
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: http://photos.hello.com/interface/boxes/B33.gif
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: http://photos.hello.com/interface/boxes/S11.gif
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: http://photos.hello.com/interface/boxes/S12.gif
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: http://photos.hello.com/interface/boxes/S13.gif
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: http://photos.hello.com/interface/boxes/S21.gif
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: http://photos.hello.com/interface/boxes/S23.gif
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: http://photos.hello.com/interface/boxes/S31.gif
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: http://photos.hello.com/interface/boxes/S32.gif
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: http://photos.hello.com/interface/boxes/S33.gif
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: http://photos.hello.com/interface/boxes/spacer.gif
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: http://photos.hello.com/interface/spacer.gif
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: http://photos.hello.com/scripts.js
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: http://photos.hello.com/styles.css
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.0000000003831000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2482072226.0000000002E92000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2506191744.0000000004114000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://picasa-readme.blogspot.com/
Source: Picasa3.exe, 00000014.00000002.2593399186.0000000007223000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2506191744.0000000004114000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://picasa-readme.blogspot.com/2008/08/picasa-30-beta-build-3717.html
Source: Picasa3.exe, 00000014.00000002.2593399186.0000000007223000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://picasa-readme.blogspot.com/2008/09/build-5724.html
Source: Picasa3.exe, 00000014.00000002.2593399186.0000000007223000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2589400232.0000000007039000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://picasa-readme.blogspot.com/2008/10/picasa-30-out-of-beta-build-xxxx.html
Source: Picasa3.exe, 00000014.00000002.2482072226.0000000002EAA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://picasa-readme.blogspot.com/2009/09/picasa-35-now-with-name-tags-build-7967.html
Source: Picasa3.exe, 00000014.00000002.2482072226.0000000002EAA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://picasa-readme.blogspot.com/2009/12/picasa-36-now-with-collaborative-albums.html
Source: Picasa3.exe, 00000014.00000002.2593399186.0000000007223000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2482072226.0000000002EAA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://picasa-readme.blogspot.com/2010/10/picasa-38-now-available-in-35-languages.html
Source: Picasa3.exe, 00000014.00000002.2482072226.0000000002EAA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://picasa-readme.blogspot.com/2010/10/picasa-38-now-available-in-35-languages.htmliew
Source: Picasa3.exe, 00000014.00000002.2593399186.0000000007223000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://picasa-readme.blogspot.com/2012/04/picasa-3.html
Source: Picasa3.exe, 00000014.00000002.2467205779.00000000011B6000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2482072226.0000000002EAA000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000003.2141243034.0000000001205000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000003.2144975853.0000000001231000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2597529140.00000000091DD000.00000004.00000010.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000003.2141243034.0000000001221000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2467205779.0000000001230000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2482072226.0000000002E7B000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2506191744.0000000004114000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2467205779.000000000120E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://picasa-readme.blogspot.com/feeds/posts/default
Source: Picasa3.exe, 00000014.00000002.2467205779.00000000011B6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://picasa-readme.blogspot.com/feeds/posts/default(
Source: Picasa3.exe, 00000014.00000002.2482072226.0000000002E92000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://picasa-readme.blogspot.com/update2
Source: Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://picasa.google.co.jp/
Source: Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://picasa.google.co.kr/support?ctx=picasa
Source: Picasa3.exe, 00000014.00000002.2599824731.000000001140C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://picasa.google.com.tr/support/bin/answer.py?answer=11139
Source: Picasa3.exe, 00000014.00000002.2599824731.000000001140C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://picasa.google.com.tr/support/bin/answer.py?answer=141059
Source: Picasa3.exe, 00000014.00000002.2599824731.000000001140C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://picasa.google.com.tr/support/bin/answer.py?answer=53209
Source: Picasa3.exe, 00000014.00000002.2599824731.000000001140C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://picasa.google.com.tr/support/bin/topic.py?topic=16056
Source: Picasa3.exe, 00000014.00000002.2599824731.000000001140C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://picasa.google.com.vn/support?ctx=picasa
Source: Picasa3.exe, 00000014.00000002.2482072226.0000000002EAA000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2589400232.0000000007039000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000003.1626203204.0000000003FB3000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2599824731.000000001000C000.00000002.00000001.01000000.00000014.sdmp, Picasa3.exe, 00000014.00000002.2586100840.0000000006F6F000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2482072226.0000000002E7B000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2593399186.000000000716B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://picasa.google.com/
Source: Picasa3.exe, 00000014.00000002.2593399186.0000000007223000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://picasa.google.com/"><span
Source: Picasa3.exe, 00000014.00000002.2593399186.0000000007223000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://picasa.google.com/">picasa.google.com</a>.<br
Source: Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp, Picasa3.exe, 00000014.00000002.2599824731.000000001000C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://picasa.google.com/.
Source: Picasa3.exe, 00000012.00000000.1604678624.0000000000DF8000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: http://picasa.google.com/AOne
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: http://picasa.google.com/assets/logo.gif
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.0000000003831000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://picasa.google.com/assets/logo_kmz.gif
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000032A7000.00000004.00000020.00020000.00000000.sdmp, PicasaPhotoViewer.exe, 00000015.00000003.1769352161.0000000003272000.00000004.00000020.00020000.00000000.sdmp, PicasaPhotoViewer.exe, 00000015.00000003.1770457054.0000000002831000.00000004.00000020.00020000.00000000.sdmp, PicasaPhotoViewer.exe, 00000015.00000003.1770788161.0000000003273000.00000004.00000020.00020000.00000000.sdmp, PicasaPhotoViewer.exe, 00000015.00000003.1774735111.0000000002835000.00000004.00000020.00020000.00000000.sdmp, PicasaPhotoViewer.exe, 00000015.00000003.1771353717.0000000003273000.00000004.00000020.00020000.00000000.sdmp, PicasaPhotoViewer.exe, 00000015.00000003.1761252169.0000000003255000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://picasa.google.com/features.html
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: http://picasa.google.com/index.html
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: http://picasa.google.com/intl/%s/terms.html
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.000000000369C000.00000004.00000020.00020000.00000000.sdmp, GPhotos.scr, 00000011.00000000.1542961815.00000000006EF000.00000002.00000001.01000000.0000000F.sdmp, Picasa3.exe, 00000014.00000002.2599824731.000000001000C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://picasa.google.com/intl/ar/#utm_source=gph-et-ar&utm_medium=et&utm_campaign=ar-screens
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.000000000369C000.00000004.00000020.00020000.00000000.sdmp, GPhotos.scr, 00000011.00000000.1542961815.00000000006EF000.00000002.00000001.01000000.0000000F.sdmp, Picasa3.exe, 00000014.00000002.2599824731.000000001000C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://picasa.google.com/intl/bg/#utm_source=gph-et-bg&utm_medium=et&utm_campaign=bg-screens
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.000000000369C000.00000004.00000020.00020000.00000000.sdmp, GPhotos.scr, 00000011.00000000.1542961815.00000000006EF000.00000002.00000001.01000000.0000000F.sdmp, Picasa3.exe, 00000014.00000002.2599824731.000000001000C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://picasa.google.com/intl/ca/#utm_source=gph-et-en&utm_medium=et&utm_campaign=en-protect
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.000000000369C000.00000004.00000020.00020000.00000000.sdmp, GPhotos.scr, 00000011.00000000.1542961815.00000000006EF000.00000002.00000001.01000000.0000000F.sdmp, Picasa3.exe, 00000014.00000002.2599824731.000000001000C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://picasa.google.com/intl/cs/#utm_source=gph-et-en&utm_medium=et&utm_campaign=cs-screens
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.000000000369C000.00000004.00000020.00020000.00000000.sdmp, GPhotos.scr, 00000011.00000000.1542961815.00000000006EF000.00000002.00000001.01000000.0000000F.sdmp, Picasa3.exe, 00000014.00000002.2599824731.000000001000C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://picasa.google.com/intl/de/#utm_source=gph-et-de&utm_medium=et&utm_campaign=de-screens
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.000000000369C000.00000004.00000020.00020000.00000000.sdmp, GPhotos.scr, 00000011.00000000.1542961815.00000000006EF000.00000002.00000001.01000000.0000000F.sdmp, Picasa3.exe, 00000014.00000002.2599824731.000000001000C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://picasa.google.com/intl/el/#utm_source=gph-et-el&utm_medium=et&utm_campaign=el-screens
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.000000000369C000.00000004.00000020.00020000.00000000.sdmp, GPhotos.scr, 00000011.00000000.1542961815.00000000006EF000.00000002.00000001.01000000.0000000F.sdmp, Picasa3.exe, 00000014.00000003.1626531844.00000000040E2000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2599824731.000000001140C000.00000002.00000001.01000000.00000014.sdmp, Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp, Picasa3.exe, 00000014.00000003.1626203204.0000000003FB3000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2599824731.000000001000C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://picasa.google.com/intl/en/#utm_source=gph-et-en&utm_medium=et&utm_campaign=en-screens
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.000000000369C000.00000004.00000020.00020000.00000000.sdmp, GPhotos.scr, 00000011.00000000.1542961815.00000000006EF000.00000002.00000001.01000000.0000000F.sdmp, Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://picasa.google.com/intl/en/#utm_source=gph-et-en&utm_medium=et&utm_campaign=fil-screen
Source: Picasa3.exe, 00000014.00000002.2482072226.0000000002EAA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://picasa.google.com/intl/en/#utm_source=gph-et-en&utm_medium=et&utm_campaign=en-screensaver
Source: GPhotos.scr, 00000011.00000002.1554998935.0000000002750000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://picasa.google.com/intl/en/#utm_source=gph-et-en&utm_medium=et&utm_campaign=en-screensaver.
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000035FF000.00000004.00000020.00020000.00000000.sdmp, GPhotos.scr, 00000011.00000000.1542724484.000000000062E000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: http://picasa.google.com/intl/en/#utm_source=gph-et-en&utm_medium=et&utm_campaign=en-screensaverCGen
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.000000000369C000.00000004.00000020.00020000.00000000.sdmp, GPhotos.scr, 00000011.00000000.1542961815.00000000006EF000.00000002.00000001.01000000.0000000F.sdmp, Picasa3.exe, 00000014.00000002.2599824731.000000001000C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://picasa.google.com/intl/en_uk/#utm_source=gph-et-en&utm_medium=et&utm_campaign=en-scre
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.000000000369C000.00000004.00000020.00020000.00000000.sdmp, GPhotos.scr, 00000011.00000000.1542961815.00000000006EF000.00000002.00000001.01000000.0000000F.sdmp, Picasa3.exe, 00000014.00000002.2599824731.000000001000C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://picasa.google.com/intl/es/#utm_source=gph-et-en&utm_medium=et&utm_campaign=es-screens
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.000000000369C000.00000004.00000020.00020000.00000000.sdmp, GPhotos.scr, 00000011.00000000.1542961815.00000000006EF000.00000002.00000001.01000000.0000000F.sdmp, Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://picasa.google.com/intl/fi/#utm_source=gph-et-fi&utm_medium=et&utm_campaign=fi-screens
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.000000000369C000.00000004.00000020.00020000.00000000.sdmp, GPhotos.scr, 00000011.00000000.1542961815.00000000006EF000.00000002.00000001.01000000.0000000F.sdmp, Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://picasa.google.com/intl/fr/#utm_source=gph-et-fr&utm_medium=et&utm_campaign=fr-screens
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.000000000369C000.00000004.00000020.00020000.00000000.sdmp, GPhotos.scr, 00000011.00000000.1542961815.00000000006EF000.00000002.00000001.01000000.0000000F.sdmp, Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://picasa.google.com/intl/hi/#utm_source=gph-et-hi&utm_medium=et&utm_campaign=hi-screens
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.000000000369C000.00000004.00000020.00020000.00000000.sdmp, GPhotos.scr, 00000011.00000000.1542961815.00000000006EF000.00000002.00000001.01000000.0000000F.sdmp, Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://picasa.google.com/intl/hu/#utm_source=gph-et-hu&utm_medium=et&utm_campaign=hu-screens
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.000000000369C000.00000004.00000020.00020000.00000000.sdmp, GPhotos.scr, 00000011.00000000.1542961815.00000000006EF000.00000002.00000001.01000000.0000000F.sdmp, Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://picasa.google.com/intl/id/#utm_source=gph-et-id&utm_medium=et&utm_campaign=id-screens
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.000000000369C000.00000004.00000020.00020000.00000000.sdmp, GPhotos.scr, 00000011.00000000.1542961815.00000000006EF000.00000002.00000001.01000000.0000000F.sdmp, Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://picasa.google.com/intl/ja/#utm_source=gph-et-ja&utm_medium=et&utm_campaign=ja-screens
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.000000000369C000.00000004.00000020.00020000.00000000.sdmp, GPhotos.scr, 00000011.00000000.1542961815.00000000006EF000.00000002.00000001.01000000.0000000F.sdmp, Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://picasa.google.com/intl/ko/#utm_source=gph-et-en&utm_medium=et&utm_campaign=en-screens
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.000000000369C000.00000004.00000020.00020000.00000000.sdmp, GPhotos.scr, 00000011.00000000.1542961815.00000000006EF000.00000002.00000001.01000000.0000000F.sdmp, Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://picasa.google.com/intl/lt/#utm_source=gph-et-lt&utm_medium=et&utm_campaign=lt-screens
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.000000000369C000.00000004.00000020.00020000.00000000.sdmp, GPhotos.scr, 00000011.00000000.1542961815.00000000006EF000.00000002.00000001.01000000.0000000F.sdmp, Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://picasa.google.com/intl/lv/#utm_source=gph-et-lv&utm_medium=et&utm_campaign=lv-screens
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.000000000369C000.00000004.00000020.00020000.00000000.sdmp, GPhotos.scr, 00000011.00000000.1542961815.00000000006EF000.00000002.00000001.01000000.0000000F.sdmp, Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://picasa.google.com/intl/nl/#utm_source=gph-et-nl&utm_medium=et&utm_campaign=nl-screens
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.000000000369C000.00000004.00000020.00020000.00000000.sdmp, GPhotos.scr, 00000011.00000000.1542961815.00000000006EF000.00000002.00000001.01000000.0000000F.sdmp, Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://picasa.google.com/intl/pl/#utm_source=gph-et-en&utm_medium=et&utm_campaign=en-screens
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.000000000369C000.00000004.00000020.00020000.00000000.sdmp, GPhotos.scr, 00000011.00000000.1542961815.00000000006EF000.00000002.00000001.01000000.0000000F.sdmp, Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://picasa.google.com/intl/pt-BR/#utm_source=gph-et-en&utm_medium=et&utm_campaign=en-scre
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.000000000369C000.00000004.00000020.00020000.00000000.sdmp, GPhotos.scr, 00000011.00000000.1542961815.00000000006EF000.00000002.00000001.01000000.0000000F.sdmp, Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://picasa.google.com/intl/pt_PT/#utm_source=gph-et-pt_PT&utm_medium=et&utm_campaign=pt_P
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.000000000369C000.00000004.00000020.00020000.00000000.sdmp, GPhotos.scr, 00000011.00000000.1542961815.00000000006EF000.00000002.00000001.01000000.0000000F.sdmp, Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://picasa.google.com/intl/ro/#utm_source=gph-et-ro&utm_medium=et&utm_campaign=ro-screens
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.000000000369C000.00000004.00000020.00020000.00000000.sdmp, GPhotos.scr, 00000011.00000000.1542961815.00000000006EF000.00000002.00000001.01000000.0000000F.sdmp, Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://picasa.google.com/intl/ru/#utm_source=gph-et-ru&utm_medium=et&utm_campaign=ru-screens
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.000000000369C000.00000004.00000020.00020000.00000000.sdmp, GPhotos.scr, 00000011.00000000.1542961815.00000000006EF000.00000002.00000001.01000000.0000000F.sdmp, Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://picasa.google.com/intl/sk/#utm_source=gph-et-sk&utm_medium=et&utm_campaign=sk-screens
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.000000000369C000.00000004.00000020.00020000.00000000.sdmp, GPhotos.scr, 00000011.00000000.1542961815.00000000006EF000.00000002.00000001.01000000.0000000F.sdmp, Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://picasa.google.com/intl/sl/#utm_source=gph-et-sl&utm_medium=et&utm_campaign=sl-screens
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.000000000369C000.00000004.00000020.00020000.00000000.sdmp, GPhotos.scr, 00000011.00000000.1542961815.00000000006EF000.00000002.00000001.01000000.0000000F.sdmp, Picasa3.exe, 00000014.00000002.2599824731.000000001140C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://picasa.google.com/intl/th/#utm_source=gph-et-en&utm_medium=et&utm_campaign=en-screens
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.000000000369C000.00000004.00000020.00020000.00000000.sdmp, GPhotos.scr, 00000011.00000000.1542961815.00000000006EF000.00000002.00000001.01000000.0000000F.sdmp, Picasa3.exe, 00000014.00000002.2599824731.000000001140C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://picasa.google.com/intl/tr/#utm_source=gph-et-en&utm_medium=et&utm_campaign=en-screens
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.000000000369C000.00000004.00000020.00020000.00000000.sdmp, GPhotos.scr, 00000011.00000000.1542961815.00000000006EF000.00000002.00000001.01000000.0000000F.sdmp, Picasa3.exe, 00000014.00000002.2599824731.000000001140C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://picasa.google.com/intl/vi/#utm_source=gph-et-en&utm_medium=et&utm_campaign=en-screens
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.000000000369C000.00000004.00000020.00020000.00000000.sdmp, GPhotos.scr, 00000011.00000000.1542961815.00000000006EF000.00000002.00000001.01000000.0000000F.sdmp, Picasa3.exe, 00000014.00000002.2599824731.000000001140C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://picasa.google.com/intl/zh-CN/#utm_source=gph-et-zh_CN&utm_medium=et&utm_campaign=zh_C
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.000000000369C000.00000004.00000020.00020000.00000000.sdmp, GPhotos.scr, 00000011.00000000.1542961815.00000000006EF000.00000002.00000001.01000000.0000000F.sdmp, Picasa3.exe, 00000014.00000002.2599824731.000000001140C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://picasa.google.com/intl/zh-TW/#utm_source=gph-et-zh-TW&utm_medium=et&utm_campaign=zh-T
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp, Picasa3.exe, 00000014.00000003.1626531844.00000000040E2000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp, Picasa3.exe, 00000014.00000003.1626203204.0000000003FB3000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2599824731.000000001000C000.00000002.00000001.01000000.00000014.sdmp, Picasa3.exe, 00000014.00000002.2482072226.0000000002E7B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://picasa.google.com/support/bin/answer.py?answer=11139
Source: Picasa3.exe, 00000014.00000002.2599824731.000000001140C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://picasa.google.com/support/bin/answer.py?answer=11139&hl=th
Source: Picasa3.exe, 00000014.00000002.2599824731.000000001140C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://picasa.google.com/support/bin/answer.py?answer=11139&hl=uk
Source: Picasa3.exe, 00000014.00000002.2599824731.000000001140C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://picasa.google.com/support/bin/answer.py?answer=11139&hl=vi
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: http://picasa.google.com/support/bin/answer.py?answer=11511
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.0000000003831000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp, Picasa3.exe, 00000014.00000003.1626531844.00000000040E2000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2599824731.000000001140C000.00000002.00000001.01000000.00000014.sdmp, Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp, Picasa3.exe, 00000014.00000002.2482072226.0000000002EAA000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000003.1626203204.0000000003FB3000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2599824731.000000001000C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://picasa.google.com/support/bin/answer.py?answer=139492
Source: Picasa3.exe, 00000014.00000002.2599824731.000000001140C000.00000002.00000001.01000000.00000014.sdmp, Picasa3.exe, 00000014.00000002.2599824731.000000001000C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://picasa.google.com/support/bin/answer.py?answer=139492&hl=uk
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: http://picasa.google.com/support/bin/answer.py?answer=139492&hl=%sSplashThreadruntime
Source: Picasa3.exe, 00000014.00000002.2482072226.0000000002EAA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://picasa.google.com/support/bin/answer.py?answer=139492ar)
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp, Picasa3.exe, 00000014.00000003.1626531844.00000000040E2000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp, Picasa3.exe, 00000014.00000002.2482072226.0000000002EAA000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000003.1626203204.0000000003FB3000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2599824731.000000001000C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://picasa.google.com/support/bin/answer.py?answer=141059
Source: Picasa3.exe, 00000014.00000002.2599824731.000000001140C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://picasa.google.com/support/bin/answer.py?answer=141059&hl=th
Source: Picasa3.exe, 00000014.00000002.2599824731.000000001140C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://picasa.google.com/support/bin/answer.py?answer=141059&hl=uk
Source: Picasa3.exe, 00000014.00000002.2599824731.000000001140C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://picasa.google.com/support/bin/answer.py?answer=141059&hl=vi
Source: Picasa3.exe, 00000014.00000002.2482072226.0000000002EAA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://picasa.google.com/support/bin/answer.py?answer=141059)V
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: http://picasa.google.com/support/bin/answer.py?answer=141059iPhotoError::HelpURL
Source: Picasa3.exe, 00000014.00000002.2482072226.0000000002EAA000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2586100840.0000000006F6F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://picasa.google.com/support/bin/answer.py?answer=26374
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: http://picasa.google.com/support/bin/answer.py?answer=39551
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: http://picasa.google.com/support/bin/answer.py?answer=39551-----------------------------------------
Source: Picasa3.exe, 00000014.00000002.2593399186.0000000007244000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://picasa.google.com/support/bin/answer.py?answer=43901
Source: Picasa3.exe, 00000014.00000002.2593399186.0000000007223000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://picasa.google.com/support/bin/answer.py?answer=43901"><span
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp, Picasa3.exe, 00000014.00000003.1626531844.00000000040E2000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2599824731.000000001140C000.00000002.00000001.01000000.00000014.sdmp, Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp, Picasa3.exe, 00000014.00000003.1626203204.0000000003FB3000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2599824731.000000001000C000.00000002.00000001.01000000.00000014.sdmp, Picasa3.exe, 00000014.00000002.2482072226.0000000002E7B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://picasa.google.com/support/bin/answer.py?answer=53209
Source: Picasa3.exe, 00000014.00000002.2599824731.000000001140C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://picasa.google.com/support/bin/answer.py?answer=53209&hl=th
Source: Picasa3.exe, 00000014.00000002.2599824731.000000001140C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://picasa.google.com/support/bin/answer.py?answer=53209&hl=uk
Source: Picasa3.exe, 00000014.00000002.2506191744.0000000004241000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2586100840.0000000006F6F000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2593399186.000000000716B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://picasa.google.com/support/bin/answer.py?answer=93773
Source: Picasa3.exe, 00000014.00000002.2506191744.0000000004241000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2586100840.0000000006F6F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://picasa.google.com/support/bin/answer.py?answer=93773&ctx=readme
Source: Picasa3.exe, 00000014.00000002.2593399186.0000000007223000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://picasa.google.com/support/bin/answer.py?answer=93773"><span
Source: Picasa3.exe, 00000014.00000002.2593399186.0000000007223000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://picasa.google.com/support/bin/answer.py?answer=93773">Picasa
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: http://picasa.google.com/support/bin/answer.py?hl=%s&answer=156272
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: http://picasa.google.com/support/bin/answer.py?hl=%s&answer=156272InfoTextUnnamedShownclustering_con
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.0000000003831000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2599824731.000000001000C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://picasa.google.com/support/bin/answer.py?hl=en&answer=15625
Source: Picasa3.exe, 00000014.00000003.1626531844.00000000040E2000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2599824731.000000001140C000.00000002.00000001.01000000.00000014.sdmp, Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp, Picasa3.exe, 00000014.00000003.1626203204.0000000003FB3000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2599824731.000000001000C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://picasa.google.com/support/bin/answer.py?hl=en&answer=93773
Source: Picasa3.exe, 00000014.00000002.2593399186.0000000007223000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://picasa.google.com/support/bin/answer.py?hl=en&answer=93773">Picasa
Source: Picasa3.exe, 00000014.00000002.2482072226.0000000002EAA000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2419587665.0000000000180000.00000004.00000010.00020000.00000000.sdmp	String found in binary or memory: http://picasa.google.com/support/bin/answer.py?hl=en&answer=93773
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: http://picasa.google.com/support/bin/answer.py?hl=en&answer=93773CThumbUI::showfeatureslinkSaverUpgr
Source: Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://picasa.google.com/support/bin/answer.py?hl=fi&answer=93773
Source: Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://picasa.google.com/support/bin/answer.py?hl=fil&answer=93773
Source: Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://picasa.google.com/support/bin/answer.py?hl=fr&answer=93773
Source: Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://picasa.google.com/support/bin/answer.py?hl=hi&answer=93773
Source: Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://picasa.google.com/support/bin/answer.py?hl=hu&answer=93773
Source: Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://picasa.google.com/support/bin/answer.py?hl=id&answer=93773
Source: Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://picasa.google.com/support/bin/answer.py?hl=it&answer=93773
Source: Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://picasa.google.com/support/bin/answer.py?hl=iw&answer=93773
Source: Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://picasa.google.com/support/bin/answer.py?hl=ja&answer=93773
Source: Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://picasa.google.com/support/bin/answer.py?hl=ko&answer=93773
Source: Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://picasa.google.com/support/bin/answer.py?hl=lt&answer=93773
Source: Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://picasa.google.com/support/bin/answer.py?hl=lv&answer=93773
Source: Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://picasa.google.com/support/bin/answer.py?hl=nl&answer=93773
Source: Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://picasa.google.com/support/bin/answer.py?hl=no&answer=93773
Source: Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://picasa.google.com/support/bin/answer.py?hl=pl&answer=93773
Source: Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://picasa.google.com/support/bin/answer.py?hl=pt-BR&answer=93773
Source: Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://picasa.google.com/support/bin/answer.py?hl=pt_PT&answer=93773
Source: Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://picasa.google.com/support/bin/answer.py?hl=ro&answer=93773
Source: Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://picasa.google.com/support/bin/answer.py?hl=ru&answer=93773
Source: Picasa3.exe, 00000014.00000002.2599824731.000000001140C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://picasa.google.com/support/bin/answer.py?hl=se&answer=11139
Source: Picasa3.exe, 00000014.00000002.2599824731.000000001140C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://picasa.google.com/support/bin/answer.py?hl=se&answer=141059
Source: Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://picasa.google.com/support/bin/answer.py?hl=sk&answer=93773
Source: Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://picasa.google.com/support/bin/answer.py?hl=sl&answer=93773
Source: Picasa3.exe, 00000014.00000002.2599824731.000000001140C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://picasa.google.com/support/bin/answer.py?hl=sv&answer=53209
Source: Picasa3.exe, 00000014.00000002.2599824731.000000001140C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://picasa.google.com/support/bin/answer.py?hl=sv&answer=93773
Source: Picasa3.exe, 00000014.00000002.2599824731.000000001140C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://picasa.google.com/support/bin/answer.py?hl=th&answer=93773
Source: Picasa3.exe, 00000014.00000002.2599824731.000000001140C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://picasa.google.com/support/bin/answer.py?hl=tr&answer=93773
Source: Picasa3.exe, 00000014.00000002.2599824731.000000001140C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://picasa.google.com/support/bin/answer.py?hl=vi&answer=93773
Source: Picasa3.exe, 00000014.00000002.2599824731.000000001140C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://picasa.google.com/support/bin/answer.py?hl=zh-TW&answer=11139
Source: Picasa3.exe, 00000014.00000002.2599824731.000000001140C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://picasa.google.com/support/bin/answer.py?hl=zh-TW&answer=141059
Source: Picasa3.exe, 00000014.00000002.2599824731.000000001140C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://picasa.google.com/support/bin/answer.py?hl=zh-TW&answer=53209
Source: Picasa3.exe, 00000014.00000002.2599824731.000000001140C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://picasa.google.com/support/bin/answer.py?hl=zh-TW&answer=93773
Source: Picasa3.exe, 00000014.00000002.2599824731.000000001140C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://picasa.google.com/support/bin/answer.py?hl=zh_CN&answer=11139
Source: Picasa3.exe, 00000014.00000002.2599824731.000000001140C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://picasa.google.com/support/bin/answer.py?hl=zh_CN&answer=141059
Source: Picasa3.exe, 00000014.00000002.2599824731.000000001140C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://picasa.google.com/support/bin/answer.py?hl=zh_CN&answer=53209
Source: Picasa3.exe, 00000014.00000002.2599824731.000000001140C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://picasa.google.com/support/bin/answer.py?hl=zh_CN&answer=93773
Source: setuppicasa39-setup.exe	String found in binary or memory: http://picasa.google.com/support/bin/request.py?contact_type=uninstall
Source: setuppicasa39-setup.exe, 00000010.00000002.1704699696.0000000004CA3000.00000002.00000001.01000000.0000000C.sdmp	String found in binary or memory: http://picasa.google.com/support/bin/request.py?contact_type=uninstallptPTpt_PTpt_BRzhCNzh_CNzh_TW&h
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp, Picasa3.exe, 00000014.00000003.1626531844.00000000040E2000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2599824731.000000001140C000.00000002.00000001.01000000.00000014.sdmp, Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp, Picasa3.exe, 00000014.00000003.1626203204.0000000003FB3000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2599824731.000000001000C000.00000002.00000001.01000000.00000014.sdmp, Picasa3.exe, 00000014.00000002.2482072226.0000000002E7B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://picasa.google.com/support/bin/topic.py?topic=16056
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: http://picasa.google.com/support/bin/topic.py?topic=16056il_BurnPanel::imapierrorlinkError
Source: Picasa3.exe, 00000014.00000002.2482072226.0000000002E92000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2599824731.000000001140C000.00000002.00000001.01000000.00000014.sdmp, Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp, Picasa3.exe, 00000014.00000003.1626203204.0000000003FB3000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2599824731.000000001000C000.00000002.00000001.01000000.00000014.sdmp, PicasaPhotoViewer.exe, 00000015.00000000.1692209976.000000000070D000.00000002.00000001.01000000.00000019.sdmp	String found in binary or memory: http://picasa.google.com/support?ctx=picasa
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: http://picasa.google.com/support?ctx=picasaHELPID_DEFAULTi18n
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000031AA000.00000004.00000020.00020000.00000000.sdmp, PicasaPhotoViewer.exe, 00000015.00000000.1692209976.000000000070D000.00000002.00000001.01000000.00000019.sdmp	String found in binary or memory: http://picasa.google.com/support?ctx=picasatooltip3dfilmstripprintlocateemailblogslingshot_minimizep
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.000000000369C000.00000004.00000020.00020000.00000000.sdmp, GPhotos.scr, 00000011.00000000.1542961815.00000000006EF000.00000002.00000001.01000000.0000000F.sdmp, Picasa3.exe, 00000014.00000002.2599824731.000000001000C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://picasa.google.dk/intl/da/#utm_source=gph-et-en&utm_medium=et&utm_campaign=da-screensa
Source: Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://picasa.google.it/support/bin/answer.py?answer=11139
Source: Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp, Picasa3.exe, 00000014.00000002.2599824731.000000001000C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://picasa.google.it/support/bin/answer.py?answer=139492
Source: Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://picasa.google.it/support/bin/answer.py?answer=141059
Source: Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://picasa.google.it/support/bin/answer.py?answer=53209
Source: Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://picasa.google.nl/support/bin/answer.py?answer=11139
Source: Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp, Picasa3.exe, 00000014.00000002.2599824731.000000001000C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://picasa.google.nl/support/bin/answer.py?answer=139492
Source: Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://picasa.google.nl/support/bin/answer.py?answer=141059
Source: Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://picasa.google.nl/support/bin/answer.py?answer=53209
Source: Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://picasa.google.nl/support/bin/topic.py?topic=14609
Source: Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://picasa.google.ro/
Source: Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://picasa.google.rs/
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.000000000369C000.00000004.00000020.00020000.00000000.sdmp, GPhotos.scr, 00000011.00000000.1542961815.00000000006EF000.00000002.00000001.01000000.0000000F.sdmp, Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://picasa.google.rs/intl/sr/#utm_source=gph-et-sr&utm_medium=et&utm_campaign=sr-screensa
Source: Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://picasa.google.rs/support/bin/answer.py?answer=11139
Source: Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://picasa.google.rs/support/bin/answer.py?answer=141059
Source: Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://picasa.google.rs/support/bin/answer.py?answer=53209
Source: Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://picasa.google.rs/support/bin/answer.py?hl=sr&answer=93773
Source: Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://picasa.google.rs/support/bin/topic.py?topic=16056
Source: Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://picasa.google.rs/support?ctx=picasa
Source: Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://picasa.google.ru/support?ctx=picasa
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: http://picasa.smo/buttons
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: http://picasa.smo/buttonsP
Source: Picasa3.exe, 00000014.00000003.1626531844.00000000040E2000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2482072226.0000000002E92000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2599824731.000000001140C000.00000002.00000001.01000000.00000014.sdmp, Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp, Picasa3.exe, 00000014.00000003.1626203204.0000000003FB3000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2599824731.000000001000C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://picasa2.blogspot.com/
Source: Picasa3.exe, 00000012.00000000.1604678624.0000000000DF8000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: http://picasa2.blogspot.com/3Some
Source: Picasa3.exe, 00000014.00000002.2599824731.000000001140C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://picasa2.blogspot.com/?hl=vi
Source: Picasa3.exe, 00000014.00000002.2482072226.0000000002E92000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://picasa2.blogspot.com/e.
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000035FF000.00000004.00000020.00020000.00000000.sdmp, GPhotos.scr, 00000011.00000000.1542724484.000000000062E000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: http://picasaweb.google.com/data/feed/base/user/
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000035FF000.00000004.00000020.00020000.00000000.sdmp, GPhotos.scr, 00000011.00000000.1542724484.000000000062E000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: http://picasaweb.google.com/home
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000035FF000.00000004.00000020.00020000.00000000.sdmp, GPhotos.scr, 00000011.00000000.1542724484.000000000062E000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: http://picasaweb.google.com/lh/favorites
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000035FF000.00000004.00000020.00020000.00000000.sdmp, GPhotos.scr, 00000011.00000000.1542724484.000000000062E000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: http://picasaweb.google.com/lh/favoriteshttp://picasaweb.google.com/home?kind=album&alt=rss&hl=en_US
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: http://picasaweb.google.com/lh/nameTagOpt
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: http://picasaweb.google.com/lh/nameTagOptDoNotConfirmReducedUploadquotalearnmorehttps://support.goog
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: http://picasaweb.google.com/lh/picasaweb/
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: http://picasaweb.google.com/support/bin/request.py?contact_type=bug
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: http://picasaweb.google.com/support/bin/request.py?contact_type=bugPicasa2
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: http://schemas.google.com/contacts/2008/rel#photo
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000031AA000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp, PicasaPhotoViewer.exe, 00000015.00000000.1692209976.000000000070D000.00000002.00000001.01000000.00000019.sdmp	String found in binary or memory: http://schemas.google.com/g/2005
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: http://schemas.google.com/g/2005#home
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: http://schemas.google.com/g/2005#homerelgd:deletedgContact:systemGroupFriendsFocusGroup::FriendsFami
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp, PicasaPhotoViewer.exe, 00000015.00000000.1692209976.000000000070D000.00000002.00000001.01000000.00000019.sdmp	String found in binary or memory: http://schemas.google.com/g/2005#kind
Source: Picasa3.exe, 00000014.00000002.2593399186.0000000007223000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://schemas.google.com/g/2005#thumbnail
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: http://schemas.google.com/g/2008/ordering#comesAfter
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: http://schemas.google.com/g/2008/ordering#first
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000031AA000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp, PicasaPhotoViewer.exe, 00000015.00000000.1692209976.000000000070D000.00000002.00000001.01000000.00000019.sdmp	String found in binary or memory: http://schemas.google.com/photos/2007
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: http://schemas.google.com/photos/2007#album
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: http://schemas.google.com/photos/2007#albumDownload
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp, PicasaPhotoViewer.exe, 00000015.00000000.1692209976.000000000070D000.00000002.00000001.01000000.00000019.sdmp	String found in binary or memory: http://schemas.google.com/photos/2007#photo
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: http://schemas.google.com/photos/20073.9.6picasa_versioncreateSubjectgphoto:opgphoto:itemidgphoto:ga
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000031AA000.00000004.00000020.00020000.00000000.sdmp, PicasaPhotoViewer.exe, 00000015.00000000.1692209976.000000000070D000.00000002.00000001.01000000.00000019.sdmp	String found in binary or memory: http://schemas.google.com/photos/2007xmlns:gphotohttp://search.yahoo.com/mrss/xmlns:mediahttp://sche
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000031AA000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp, PicasaPhotoViewer.exe, 00000015.00000000.1692209976.000000000070D000.00000002.00000001.01000000.00000019.sdmp	String found in binary or memory: http://schemas.google.com/photos/exif/2007
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000031AA000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp, Picasa3.exe, 00000014.00000002.2593399186.0000000007223000.00000004.00000020.00020000.00000000.sdmp, PicasaPhotoViewer.exe, 00000015.00000000.1692209976.000000000070D000.00000002.00000001.01000000.00000019.sdmp	String found in binary or memory: http://search.yahoo.com/mrss/
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: http://search.yahoo.com/msrss/
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.0000000003DA5000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, Picasa3.exe, 00000014.00000002.2533437740.000000000488F000.00000002.00000001.01000000.00000016.sdmp	String found in binary or memory: http://stats.picasa.com/apps/get.stats.uploader.php
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.0000000003DA5000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2533437740.000000000488F000.00000002.00000001.01000000.00000016.sdmp	String found in binary or memory: http://stats.picasa.com/apps/get.stats.uploader.phpPluginNameOverrideXmlOverrideUrlOverrideytIAction
Source: Picasa3.exe, 00000014.00000002.2593399186.0000000007223000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://support.google.com/picasa/bin/answer.py?hl=en&amp;answer=1319659&amp;topic=1751920&qu
Source: Picasa3.exe, 00000014.00000002.2593399186.0000000007223000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://support.google.com/picasa/bin/answer.py?hl=en&amp;answer=39500&amp;topic=1751920&quot
Source: Picasa3.exe, 00000014.00000002.2506191744.000000000417F000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2593399186.000000000716B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://support.google.com/picasa/bin/answer.py?hl=en&answer=39500&topic=1751920
Source: Picasa3.exe, 00000014.00000002.2506191744.000000000417F000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2593399186.000000000716B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://support.google.com/plus/bin/answer.py?answer=2370124
Source: Picasa3.exe, 00000014.00000002.2593399186.0000000007223000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://support.google.com/plus/bin/answer.py?answer=2370124"><span
Source: 1a4e5ccd35a56d84281a143f831563be.exe, 0000000F.00000002.2435414779.0000000000414000.00000004.00000001.01000000.00000006.sdmp, setuppicasa39-setup.exe, 00000010.00000002.1664870898.000000000459F000.00000004.00000020.00020000.00000000.sdmp, setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000032A7000.00000004.00000020.00020000.00000000.sdmp, setuppicasa39-setup.exe, 00000010.00000002.1664870898.0000000002E88000.00000004.00000020.00020000.00000000.sdmp, setuppicasa39-setup.exe, 00000010.00000002.1664870898.000000000467E000.00000004.00000020.00020000.00000000.sdmp, setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000029F6000.00000004.00000020.00020000.00000000.sdmp, PicasaPhotoViewer.exe, 00000015.00000003.1750870600.0000000000AEB000.00000004.00000020.00020000.00000000.sdmp, PicasaPhotoViewer.exe, 00000015.00000002.1780753263.0000000003B00000.00000004.00000020.00020000.00000000.sdmp, PicasaPhotoViewer.exe, 00000015.00000003.1775638859.0000000000A66000.00000004.00000020.00020000.00000000.sdmp, UNZIP.EXE, 00000026.00000002.1812336800.0000000000430000.00000040.00000001.01000000.00000020.sdmp, UNZIP.EXE, 00000028.00000002.1816767609.000000000042B000.00000040.00000001.01000000.00000020.sdmp, UNZIP.EXE, 00000058.00000002.2099499225.0000000000428000.00000040.00000001.01000000.00000026.sdmp, CPY.EXE, 0000005C.00000002.2102179386.0000000000B00000.00000004.00000020.00020000.00000000.sdmp, UNZIP.EXE, 0000005D.00000002.2105385323.0000000000428000.00000040.00000001.01000000.00000026.sdmp, CPY.EXE, 00000061.00000002.2108099884.0000000000E09000.00000004.00000020.00020000.00000000.sdmp, CPY.EXE, 00000064.00000002.2115643669.0000000000ECA000.00000004.00000020.00020000.00000000.sdmp, UNZIP.EXE, 00000066.00000002.2120076164.0000000000428000.00000040.00000001.01000000.00000026.sdmp, CPY.EXE, 0000006A.00000002.2122729835.0000000000629000.00000004.00000020.00020000.00000000.sdmp, CPY.EXE, 00000070.00000002.2131296204.0000000000CD9000.00000004.00000020.00020000.00000000.sdmp, sznpp.exe, 0000007C.00000000.2152804918.0000000000BFB000.00000002.00000001.01000000.0000002C.sdmp, UNZIP.EXE, 0000007D.00000002.2173171240.000000000042B000.00000040.00000001.01000000.00000026.sdmp	String found in binary or memory: http://ts-aia.ws.symantec.com/tss-ca-g2.cer0
Source: 1a4e5ccd35a56d84281a143f831563be.exe, 0000000F.00000002.2435414779.0000000000414000.00000004.00000001.01000000.00000006.sdmp, setuppicasa39-setup.exe, 00000010.00000002.1664870898.000000000459F000.00000004.00000020.00020000.00000000.sdmp, setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000032A7000.00000004.00000020.00020000.00000000.sdmp, setuppicasa39-setup.exe, 00000010.00000002.1664870898.0000000002E88000.00000004.00000020.00020000.00000000.sdmp, setuppicasa39-setup.exe, 00000010.00000002.1664870898.000000000467E000.00000004.00000020.00020000.00000000.sdmp, setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000029F6000.00000004.00000020.00020000.00000000.sdmp, PicasaPhotoViewer.exe, 00000015.00000003.1750870600.0000000000AEB000.00000004.00000020.00020000.00000000.sdmp, PicasaPhotoViewer.exe, 00000015.00000002.1780753263.0000000003B00000.00000004.00000020.00020000.00000000.sdmp, PicasaPhotoViewer.exe, 00000015.00000003.1775638859.0000000000A66000.00000004.00000020.00020000.00000000.sdmp, UNZIP.EXE, 00000026.00000002.1812336800.0000000000430000.00000040.00000001.01000000.00000020.sdmp, UNZIP.EXE, 00000028.00000002.1816767609.000000000042B000.00000040.00000001.01000000.00000020.sdmp, UNZIP.EXE, 00000058.00000002.2099499225.0000000000428000.00000040.00000001.01000000.00000026.sdmp, CPY.EXE, 0000005C.00000002.2102179386.0000000000B00000.00000004.00000020.00020000.00000000.sdmp, UNZIP.EXE, 0000005D.00000002.2105385323.0000000000428000.00000040.00000001.01000000.00000026.sdmp, CPY.EXE, 00000061.00000002.2108099884.0000000000E09000.00000004.00000020.00020000.00000000.sdmp, CPY.EXE, 00000064.00000002.2115643669.0000000000ECA000.00000004.00000020.00020000.00000000.sdmp, UNZIP.EXE, 00000066.00000002.2120076164.0000000000428000.00000040.00000001.01000000.00000026.sdmp, CPY.EXE, 0000006A.00000002.2122729835.0000000000629000.00000004.00000020.00020000.00000000.sdmp, CPY.EXE, 00000070.00000002.2131296204.0000000000CD9000.00000004.00000020.00020000.00000000.sdmp, sznpp.exe, 0000007C.00000000.2152804918.0000000000BFB000.00000002.00000001.01000000.0000002C.sdmp, UNZIP.EXE, 0000007D.00000002.2173171240.000000000042B000.00000040.00000001.01000000.00000026.sdmp	String found in binary or memory: http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
Source: 1a4e5ccd35a56d84281a143f831563be.exe, 0000000F.00000002.2435414779.0000000000414000.00000004.00000001.01000000.00000006.sdmp, setuppicasa39-setup.exe, 00000010.00000002.1664870898.000000000459F000.00000004.00000020.00020000.00000000.sdmp, setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000032A7000.00000004.00000020.00020000.00000000.sdmp, setuppicasa39-setup.exe, 00000010.00000002.1664870898.0000000002E88000.00000004.00000020.00020000.00000000.sdmp, setuppicasa39-setup.exe, 00000010.00000002.1664870898.000000000467E000.00000004.00000020.00020000.00000000.sdmp, setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000029F6000.00000004.00000020.00020000.00000000.sdmp, PicasaPhotoViewer.exe, 00000015.00000003.1750870600.0000000000AEB000.00000004.00000020.00020000.00000000.sdmp, PicasaPhotoViewer.exe, 00000015.00000002.1780753263.0000000003B00000.00000004.00000020.00020000.00000000.sdmp, PicasaPhotoViewer.exe, 00000015.00000003.1775638859.0000000000A66000.00000004.00000020.00020000.00000000.sdmp, UNZIP.EXE, 00000026.00000002.1812336800.0000000000430000.00000040.00000001.01000000.00000020.sdmp, UNZIP.EXE, 00000028.00000002.1816767609.000000000042B000.00000040.00000001.01000000.00000020.sdmp, UNZIP.EXE, 00000058.00000002.2099499225.0000000000428000.00000040.00000001.01000000.00000026.sdmp, CPY.EXE, 0000005C.00000002.2102179386.0000000000B00000.00000004.00000020.00020000.00000000.sdmp, UNZIP.EXE, 0000005D.00000002.2105385323.0000000000428000.00000040.00000001.01000000.00000026.sdmp, CPY.EXE, 00000061.00000002.2108099884.0000000000E09000.00000004.00000020.00020000.00000000.sdmp, CPY.EXE, 00000064.00000002.2115643669.0000000000ECA000.00000004.00000020.00020000.00000000.sdmp, UNZIP.EXE, 00000066.00000002.2120076164.0000000000428000.00000040.00000001.01000000.00000026.sdmp, CPY.EXE, 0000006A.00000002.2122729835.0000000000629000.00000004.00000020.00020000.00000000.sdmp, CPY.EXE, 00000070.00000002.2131296204.0000000000CD9000.00000004.00000020.00020000.00000000.sdmp, sznpp.exe, 0000007C.00000000.2152804918.0000000000BFB000.00000002.00000001.01000000.0000002C.sdmp, UNZIP.EXE, 0000007D.00000002.2173171240.000000000042B000.00000040.00000001.01000000.00000026.sdmp	String found in binary or memory: http://ts-ocsp.ws.symantec.com07
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.0000000003831000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://updates.picasasoftware.com/picasa2/public/currentversion.ini
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: http://uploads.gdata.youtube.com
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: http://uploads.gdata.youtube.comhttp://gdata.youtube.comhttp://search.yahoo.com/mrss/http://gdata.yo
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: http://video.google.com
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: http://video.google.com/googleplayer.swf?videoUrl=%s
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: http://video.google.com/googleplayer.swf?videoUrl=%s&autoplay=yes
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: http://vp.video.google.com/videodownload?version=0&secureurl=jgAAADNI5rdEqehq2NF9eKwMNPUIAAq3YqAYcNm
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.0000000004788000.00000004.00000020.00020000.00000000.sdmp, setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000031AA000.00000004.00000020.00020000.00000000.sdmp, setuppicasa39-setup.exe, 00000010.00000002.1664870898.0000000004419000.00000004.00000020.00020000.00000000.sdmp, setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000035FF000.00000004.00000020.00020000.00000000.sdmp, GPhotos.scr, 00000011.00000002.1554998935.0000000002750000.00000004.00000020.00020000.00000000.sdmp, GPhotos.scr, 00000011.00000000.1542724484.000000000062E000.00000002.00000001.01000000.0000000F.sdmp, Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp, Picasa3.exe, 00000014.00000002.2482072226.0000000002EAA000.00000004.00000020.00020000.00000000.sdmp, PicasaPhotoViewer.exe, 00000015.00000000.1692209976.000000000070D000.00000002.00000001.01000000.00000019.sdmp, PicasaPhotoViewer.exe, 00000015.00000003.1775225286.0000000002848000.00000004.00000020.00020000.00000000.sdmp, PicasaPhotoViewer.exe, 00000015.00000003.1770457054.0000000002847000.00000004.00000020.00020000.00000000.sdmp, PicasaPhotoViewer.exe, 00000015.00000003.1774341456.0000000002847000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.aiim.org/pdfa/ns/extension/
Source: Picasa3.exe, 00000014.00000002.2482072226.0000000002EAA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.aiim.org/pdfa/ns/extension/#6
Source: GPhotos.scr, 00000011.00000002.1554998935.0000000002750000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.aiim.org/pdfa/ns/extension/rceRef#
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.0000000004788000.00000004.00000020.00020000.00000000.sdmp, setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000031AA000.00000004.00000020.00020000.00000000.sdmp, setuppicasa39-setup.exe, 00000010.00000002.1664870898.0000000004419000.00000004.00000020.00020000.00000000.sdmp, setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000035FF000.00000004.00000020.00020000.00000000.sdmp, GPhotos.scr, 00000011.00000002.1554998935.0000000002750000.00000004.00000020.00020000.00000000.sdmp, GPhotos.scr, 00000011.00000000.1542724484.000000000062E000.00000002.00000001.01000000.0000000F.sdmp, Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp, Picasa3.exe, 00000014.00000002.2482072226.0000000002EAA000.00000004.00000020.00020000.00000000.sdmp, PicasaPhotoViewer.exe, 00000015.00000003.1768334402.000000000284E000.00000004.00000020.00020000.00000000.sdmp, PicasaPhotoViewer.exe, 00000015.00000002.1779527117.0000000002854000.00000004.00000020.00020000.00000000.sdmp, PicasaPhotoViewer.exe, 00000015.00000000.1692209976.000000000070D000.00000002.00000001.01000000.00000019.sdmp	String found in binary or memory: http://www.aiim.org/pdfa/ns/field#
Source: GPhotos.scr, 00000011.00000002.1554998935.0000000002750000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.aiim.org/pdfa/ns/field#ersion#
Source: Picasa3.exe, 00000014.00000002.2482072226.0000000002EAA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.aiim.org/pdfa/ns/field#y#festItem#
Source: GPhotos.scr, 00000011.00000002.1554998935.0000000002750000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.aiim.org/pdfa/ns/field#y#mlns/o
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.0000000004788000.00000004.00000020.00020000.00000000.sdmp, setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000031AA000.00000004.00000020.00020000.00000000.sdmp, setuppicasa39-setup.exe, 00000010.00000002.1664870898.0000000004419000.00000004.00000020.00020000.00000000.sdmp, setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000035FF000.00000004.00000020.00020000.00000000.sdmp, GPhotos.scr, 00000011.00000002.1554998935.0000000002750000.00000004.00000020.00020000.00000000.sdmp, GPhotos.scr, 00000011.00000000.1542724484.000000000062E000.00000002.00000001.01000000.0000000F.sdmp, Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp, Picasa3.exe, 00000014.00000002.2482072226.0000000002EAA000.00000004.00000020.00020000.00000000.sdmp, PicasaPhotoViewer.exe, 00000015.00000000.1692209976.000000000070D000.00000002.00000001.01000000.00000019.sdmp, PicasaPhotoViewer.exe, 00000015.00000003.1775225286.0000000002848000.00000004.00000020.00020000.00000000.sdmp, PicasaPhotoViewer.exe, 00000015.00000003.1770457054.0000000002847000.00000004.00000020.00020000.00000000.sdmp, PicasaPhotoViewer.exe, 00000015.00000003.1774341456.0000000002847000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.aiim.org/pdfa/ns/id/
Source: GPhotos.scr, 00000011.00000002.1554998935.0000000002750000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.aiim.org/pdfa/ns/id/&#W
Source: Picasa3.exe, 00000014.00000002.2482072226.0000000002EAA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.aiim.org/pdfa/ns/id/9
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.0000000004788000.00000004.00000020.00020000.00000000.sdmp, setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000031AA000.00000004.00000020.00020000.00000000.sdmp, setuppicasa39-setup.exe, 00000010.00000002.1664870898.0000000004419000.00000004.00000020.00020000.00000000.sdmp, setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000035FF000.00000004.00000020.00020000.00000000.sdmp, GPhotos.scr, 00000011.00000002.1554998935.0000000002750000.00000004.00000020.00020000.00000000.sdmp, GPhotos.scr, 00000011.00000000.1542724484.000000000062E000.00000002.00000001.01000000.0000000F.sdmp, Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp, Picasa3.exe, 00000014.00000002.2482072226.0000000002EAA000.00000004.00000020.00020000.00000000.sdmp, PicasaPhotoViewer.exe, 00000015.00000003.1768334402.000000000284E000.00000004.00000020.00020000.00000000.sdmp, PicasaPhotoViewer.exe, 00000015.00000002.1779527117.0000000002854000.00000004.00000020.00020000.00000000.sdmp, PicasaPhotoViewer.exe, 00000015.00000000.1692209976.000000000070D000.00000002.00000001.01000000.00000019.sdmp	String found in binary or memory: http://www.aiim.org/pdfa/ns/property#
Source: GPhotos.scr, 00000011.00000002.1554998935.0000000002750000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.aiim.org/pdfa/ns/property#festItem#
Source: GPhotos.scr, 00000011.00000002.1554998935.0000000002750000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.aiim.org/pdfa/ns/property#mlns/
Source: Picasa3.exe, 00000014.00000002.2482072226.0000000002EAA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.aiim.org/pdfa/ns/property#mlns/m#_6
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.0000000004788000.00000004.00000020.00020000.00000000.sdmp, setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000031AA000.00000004.00000020.00020000.00000000.sdmp, setuppicasa39-setup.exe, 00000010.00000002.1664870898.0000000004419000.00000004.00000020.00020000.00000000.sdmp, setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000035FF000.00000004.00000020.00020000.00000000.sdmp, GPhotos.scr, 00000011.00000002.1554998935.0000000002750000.00000004.00000020.00020000.00000000.sdmp, GPhotos.scr, 00000011.00000000.1542724484.000000000062E000.00000002.00000001.01000000.0000000F.sdmp, Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp, Picasa3.exe, 00000014.00000002.2482072226.0000000002EAA000.00000004.00000020.00020000.00000000.sdmp, PicasaPhotoViewer.exe, 00000015.00000003.1768334402.000000000284E000.00000004.00000020.00020000.00000000.sdmp, PicasaPhotoViewer.exe, 00000015.00000002.1779527117.0000000002854000.00000004.00000020.00020000.00000000.sdmp, PicasaPhotoViewer.exe, 00000015.00000000.1692209976.000000000070D000.00000002.00000001.01000000.00000019.sdmp	String found in binary or memory: http://www.aiim.org/pdfa/ns/schema#
Source: GPhotos.scr, 00000011.00000002.1554998935.0000000002750000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.aiim.org/pdfa/ns/schema#nifestItem#
Source: Picasa3.exe, 00000014.00000002.2482072226.0000000002EAA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.aiim.org/pdfa/ns/schema#ual/1.0/
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.0000000004788000.00000004.00000020.00020000.00000000.sdmp, setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000031AA000.00000004.00000020.00020000.00000000.sdmp, setuppicasa39-setup.exe, 00000010.00000002.1664870898.0000000004419000.00000004.00000020.00020000.00000000.sdmp, setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000035FF000.00000004.00000020.00020000.00000000.sdmp, GPhotos.scr, 00000011.00000002.1554998935.0000000002750000.00000004.00000020.00020000.00000000.sdmp, GPhotos.scr, 00000011.00000000.1542724484.000000000062E000.00000002.00000001.01000000.0000000F.sdmp, Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp, Picasa3.exe, 00000014.00000002.2482072226.0000000002EAA000.00000004.00000020.00020000.00000000.sdmp, PicasaPhotoViewer.exe, 00000015.00000003.1768334402.000000000284E000.00000004.00000020.00020000.00000000.sdmp, PicasaPhotoViewer.exe, 00000015.00000002.1779527117.0000000002854000.00000004.00000020.00020000.00000000.sdmp, PicasaPhotoViewer.exe, 00000015.00000000.1692209976.000000000070D000.00000002.00000001.01000000.00000019.sdmp	String found in binary or memory: http://www.aiim.org/pdfa/ns/type#
Source: GPhotos.scr, 00000011.00000002.1554998935.0000000002750000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.aiim.org/pdfa/ns/type#ManifestItem#
Source: GPhotos.scr, 00000011.00000002.1554998935.0000000002750000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.aiim.org/pdfa/ns/type#ty#
Source: Picasa3.exe, 00000014.00000002.2482072226.0000000002EAA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.aiim.org/pdfa/ns/type#ty#mlns/
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.0000000004749000.00000004.00000020.00020000.00000000.sdmp, setuppicasa39-setup.exe, 00000010.00000002.1664870898.0000000004788000.00000004.00000020.00020000.00000000.sdmp, setuppicasa39-setup.exe, 00000010.00000002.1664870898.000000000467E000.00000004.00000020.00020000.00000000.sdmp, setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000029F6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.apple.com/DTDs/PropertyList-1.0.dtd
Source: Picasa3.exe, 00000014.00000002.2593399186.0000000007223000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.blogger.com/atom/ns#
Source: Picasa3.exe, 00000014.00000002.2506191744.0000000004241000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.blogger.com/feeds/1456569655786168306/posts/default
Source: Picasa3.exe, 00000014.00000002.2593399186.0000000007223000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2589400232.0000000007039000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.blogger.com/feeds/1456569655786168306/posts/default/1237605142260003533
Source: Picasa3.exe, 00000014.00000002.2593399186.0000000007223000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.blogger.com/feeds/1456569655786168306/posts/default/1272700194270571942
Source: Picasa3.exe, 00000014.00000002.2593399186.0000000007223000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2589400232.0000000007039000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.blogger.com/feeds/1456569655786168306/posts/default/2231948156028307071
Source: Picasa3.exe, 00000014.00000002.2593399186.0000000007223000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.blogger.com/feeds/1456569655786168306/posts/default/3576455443803502313
Source: Picasa3.exe, 00000014.00000002.2593399186.0000000007223000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2589400232.0000000007039000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.blogger.com/feeds/1456569655786168306/posts/default/6597548198970830433
Source: Picasa3.exe, 00000014.00000002.2593399186.0000000007223000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2482072226.0000000002E7B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.blogger.com/profile/00823187511285450623
Source: Picasa3.exe, 00000014.00000002.2593399186.0000000007223000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.blogger.com/styles/atom.css
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000031AA000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp, PicasaPhotoViewer.exe, 00000015.00000000.1692209976.000000000070D000.00000002.00000001.01000000.00000019.sdmp	String found in binary or memory: http://www.georss.org/georss
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: http://www.georss.org/georssxmlns:georsshttp://www.opengis.net/gmlxmlns:gmlhttp://schemas.google.com
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.0000000003831000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp, Picasa3.exe, 00000014.00000002.2599824731.000000001000C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://www.google.com
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp, Picasa3.exe, 00000014.00000002.2506191744.000000000417F000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2506191744.0000000004241000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2593399186.0000000007223000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2593399186.000000000716B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.google.com/
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: http://www.google.com/You
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: http://www.google.com/intl/%s/privacypolicy.html
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.000000000467E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.google.com/picasa
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.0000000004788000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: http://www.google.com/privacypolicy.html
Source: setuppicasa39-setup.exe, setuppicasa39-setup.exe, 00000010.00000002.1704699696.0000000004CA3000.00000002.00000001.01000000.0000000C.sdmp	String found in binary or memory: http://www.google.com/search?q=
Source: Picasa3.exe, 00000014.00000002.2593399186.0000000007223000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.google.com/support/forum/p/Picasa">our
Source: Picasa3.exe, 00000014.00000002.2593399186.0000000007244000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2506191744.0000000004241000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.google.com/support/forum/p/Picasa?hl=en
Source: Picasa3.exe, 00000014.00000002.2593399186.0000000007223000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.google.com/support/forum/p/Picasa?hl=en"><span
Source: Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://www.google.com/support/forum/p/picasa?hl=pt_PT
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: http://www.google.com/support/picasa/?p=picasa_get_started
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: http://www.google.com/support/picasa/?p=picasa_get_startedUploadOptionMenu::usesize800800
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000031AA000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp, Picasa3.exe, 00000014.00000002.2596878839.000000000862D000.00000004.00000010.00020000.00000000.sdmp, PicasaPhotoViewer.exe, 00000015.00000000.1692209976.000000000070D000.00000002.00000001.01000000.00000019.sdmp	String found in binary or memory: http://www.google.com/update2/request
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: http://www.google.com/video/uploader/form/videoonline
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: http://www.google.com/video/uploader/form/videoonlinesessionStatusadditionalInfouploader_service.Goo
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: http://www.google.comLastCommentsPubDateLastActivityPubDateCActivityBackground
Source: Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://www.google.ro/policies/privacy/
Source: Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://www.google.ro/policies/terms/
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: http://www.macromedia.com/shockwave/download/index.cgi?P1_Prod_Version=ShockwaveFlash
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000031AA000.00000004.00000020.00020000.00000000.sdmp, setuppicasa39-setup.exe, 00000010.00000002.1664870898.0000000004419000.00000004.00000020.00020000.00000000.sdmp, setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000035FF000.00000004.00000020.00020000.00000000.sdmp, GPhotos.scr, 00000011.00000002.1554998935.0000000002750000.00000004.00000020.00020000.00000000.sdmp, GPhotos.scr, 00000011.00000000.1542724484.000000000062E000.00000002.00000001.01000000.0000000F.sdmp, Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp, Picasa3.exe, 00000014.00000002.2482072226.0000000002EAA000.00000004.00000020.00020000.00000000.sdmp, PicasaPhotoViewer.exe, 00000015.00000003.1768334402.000000000284E000.00000004.00000020.00020000.00000000.sdmp, PicasaPhotoViewer.exe, 00000015.00000002.1779527117.0000000002854000.00000004.00000020.00020000.00000000.sdmp, PicasaPhotoViewer.exe, 00000015.00000000.1692209976.000000000070D000.00000002.00000001.01000000.00000019.sdmp	String found in binary or memory: http://www.metadataworkinggroup.com/schemas/regions/
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.0000000004788000.00000004.00000020.00020000.00000000.sdmp, setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000031AA000.00000004.00000020.00020000.00000000.sdmp, setuppicasa39-setup.exe, 00000010.00000002.1664870898.0000000004419000.00000004.00000020.00020000.00000000.sdmp, setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000035FF000.00000004.00000020.00020000.00000000.sdmp, GPhotos.scr, 00000011.00000002.1554998935.0000000002750000.00000004.00000020.00020000.00000000.sdmp, GPhotos.scr, 00000011.00000000.1542724484.000000000062E000.00000002.00000001.01000000.0000000F.sdmp, Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp, Picasa3.exe, 00000014.00000002.2482072226.0000000002EAA000.00000004.00000020.00020000.00000000.sdmp, PicasaPhotoViewer.exe, 00000015.00000000.1692209976.000000000070D000.00000002.00000001.01000000.00000019.sdmp, PicasaPhotoViewer.exe, 00000015.00000003.1775225286.0000000002848000.00000004.00000020.00020000.00000000.sdmp, PicasaPhotoViewer.exe, 00000015.00000003.1770457054.0000000002847000.00000004.00000020.00020000.00000000.sdmp, PicasaPhotoViewer.exe, 00000015.00000003.1774341456.0000000002847000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.npes.org/pdfx/ns/id/
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000031AA000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp, PicasaPhotoViewer.exe, 00000015.00000000.1692209976.000000000070D000.00000002.00000001.01000000.00000019.sdmp	String found in binary or memory: http://www.opengis.net/gml
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: http://www.pheed.com/pheed/
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: http://www.pheed.com/pheed/xmlns:photohttp://search.yahoo.com/msrss/xmlns:mediahttp://picasaweb.goog
Source: Picasa3.exe, 00000014.00000002.2482072226.0000000002E92000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2599824731.000000001140C000.00000002.00000001.01000000.00000014.sdmp, Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp, Picasa3.exe, 00000014.00000003.1626203204.0000000003FB3000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2599824731.000000001000C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://www.picasa.com/contact/feedback.php
Source: Picasa3.exe, 00000012.00000000.1604678624.0000000000DF8000.00000002.00000001.01000000.00000012.sdmp, Picasa3.exe, 00000014.00000003.1626531844.00000000040E2000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2482072226.0000000002E92000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2599824731.000000001140C000.00000002.00000001.01000000.00000014.sdmp, Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp, Picasa3.exe, 00000014.00000003.1626203204.0000000003FB3000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2599824731.000000001000C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://www.picasa.com/support/
Source: Picasa3.exe, 00000014.00000002.2482072226.0000000002E92000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.picasa.com/support/n
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: http://www.picnik.com/service/
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: http://www.picnik.com/service/_ckeditpanel/picnikbasePicnikWarnDon
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.0000000003831000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.stereopsis.com/bg.gif);
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C40000.00000002.00000001.01000000.00000012.sdmp, PicasaPhotoViewer.exe, 00000015.00000000.1692209976.00000000006EA000.00000002.00000001.01000000.00000019.sdmp	String found in binary or memory: http://www.winimage.com/zLibDll
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000032A7000.00000004.00000020.00020000.00000000.sdmp, GPhotos.scr, 00000011.00000000.1542724484.0000000000610000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: http://www.winimage.com/zLibDlll
Source: Picasa3.exe, 00000014.00000002.2506191744.0000000004241000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.youtube.com/v/NDKFjc3_wrk&hl=en&fs=1
Source: Picasa3.exe, 00000014.00000002.2506191744.0000000004241000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.youtube.com/v/gYO2uhrIZJ4&hl=en&fs=1
Source: Picasa3.exe, 00000014.00000002.2506191744.0000000004241000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.youtube.com/v/gYO2uhrIZJ4&hl=en&fs=1&rel=0&hd=1
Source: Picasa3.exe, 00000014.00000002.2593399186.0000000007223000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.youtube.com/v/rskC6c_5L1M&amp;hl=en&amp;fs=1"
Source: Picasa3.exe, 00000014.00000002.2593399186.0000000007223000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.youtube.com/v/rskC6c_5L1M&amp;hl=en&amp;fs=1"><param
Source: Picasa3.exe, 00000014.00000002.2506191744.000000000417F000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2593399186.000000000716B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.youtube.com/v/rskC6c_5L1M&hl=en&fs=1
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp, Picasa3.exe, 00000014.00000003.1626531844.00000000040E2000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2482072226.0000000002E92000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2599824731.000000001140C000.00000002.00000001.01000000.00000014.sdmp, Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp, Picasa3.exe, 00000014.00000003.1626203204.0000000003FB3000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2599824731.000000001000C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://youtube.com/my_videos
Source: Picasa3.exe, 00000014.00000002.2599824731.000000001140C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://youtube.com/my_videos?hl=vi
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: http://youtube.com/my_videosCYouTubeUploader::urlmyvideosThere
Source: Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://youtube.com/sajat_videoklipek
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000031AA000.00000004.00000020.00020000.00000000.sdmp, setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000035FF000.00000004.00000020.00020000.00000000.sdmp, GPhotos.scr, 00000011.00000000.1542724484.000000000062E000.00000002.00000001.01000000.0000000F.sdmp, Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp, PicasaPhotoViewer.exe, 00000015.00000000.1692209976.000000000070D000.00000002.00000001.01000000.00000019.sdmp	String found in binary or memory: https://accounts.google.com/o/oauth2/
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000035FF000.00000004.00000020.00020000.00000000.sdmp, GPhotos.scr, 00000011.00000000.1542724484.000000000062E000.00000002.00000001.01000000.0000000F.sdmp, Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: https://accounts.google.com/o/oauth2/962788293942.apps.googleusercontent.comUigxU4n_nVPLcipw7lmKSWRn
Source: Picasa3.exe, 00000014.00000002.2593399186.0000000007223000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2593399186.000000000716B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhdYMorlhvaoU2vdx-Au0-wABULVhkz6vqRku4godi
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.0000000003831000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2563942835.0000000006BBD000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2506191744.0000000004114000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://client4.google.com/providers/printers2.html
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.0000000003831000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2563942835.0000000006BBD000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2506191744.0000000004114000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://client4.google.com/providers/xml
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.0000000004749000.00000004.00000020.00020000.00000000.sdmp, setuppicasa39-setup.exe, 00000010.00000002.1664870898.000000000467E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://clients2.google.com/cr
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000031AA000.00000004.00000020.00020000.00000000.sdmp, setuppicasa39-setup.exe, 00000010.00000002.1664870898.0000000004419000.00000004.00000020.00020000.00000000.sdmp, setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000035FF000.00000004.00000020.00020000.00000000.sdmp, GPhotos.scr, 00000011.00000000.1542724484.000000000062E000.00000002.00000001.01000000.0000000F.sdmp, Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp, PicasaPhotoViewer.exe, 00000015.00000000.1692209976.000000000070D000.00000002.00000001.01000000.00000019.sdmp	String found in binary or memory: https://clients2.google.com/cr/report
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000031AA000.00000004.00000020.00020000.00000000.sdmp, setuppicasa39-setup.exe, 00000010.00000002.1664870898.0000000004419000.00000004.00000020.00020000.00000000.sdmp, setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000035FF000.00000004.00000020.00020000.00000000.sdmp, GPhotos.scr, 00000011.00000000.1542724484.000000000062E000.00000002.00000001.01000000.0000000F.sdmp, Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp, PicasaPhotoViewer.exe, 00000015.00000000.1692209976.000000000070D000.00000002.00000001.01000000.00000019.sdmp	String found in binary or memory: https://clients2.google.com/cr/reportPicasaLastCrashDump
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.0000000004749000.00000004.00000020.00020000.00000000.sdmp, setuppicasa39-setup.exe, 00000010.00000002.1664870898.000000000467E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://clients2.google.com/cr3600200000YESTRUE1NOFALSE0Could
Source: Picasa3.exe, 00000014.00000003.2144975853.000000000123E000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000003.2141243034.0000000001221000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2467205779.000000000123E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://csp.withgoogle.com/csp/clientupdate-aus/1
Source: Picasa3.exe, 00000014.00000002.2593399186.0000000007223000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://img1.blogblog.com/img/b16-rounded.gif
Source: Picasa3.exe, 00000014.00000002.2593399186.0000000007223000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2593399186.000000000716B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://lh5.googleusercontent.com/torawRKsQC9zYeAfBTnwj0vDXOgZc_h0dLzbT9cuJHTARJVy8hKIualz1K6Eyxrk5N
Source: Picasa3.exe, 00000014.00000002.2593399186.0000000007223000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2593399186.000000000716B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://lh6.googleusercontent.com/U1Wgkz0b0L79g0MrXkIR-u3WrLnN-6LfWpKMewRPk7cimpKgDjQOFOB8iYJlE0WMtl
Source: Picasa3.exe, 00000014.00000002.2593399186.0000000007244000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2593399186.0000000007223000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://lh6.googleusercontent.com/cj7rHSEh-D7AQlIfvrTNPlz54826dAcKs41-1aVifrCkILBD5-XDZMBfl7sfLOw6oC
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000031AA000.00000004.00000020.00020000.00000000.sdmp, setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000035FF000.00000004.00000020.00020000.00000000.sdmp, GPhotos.scr, 00000011.00000000.1542724484.000000000062E000.00000002.00000001.01000000.0000000F.sdmp, Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp, PicasaPhotoViewer.exe, 00000015.00000000.1692209976.000000000070D000.00000002.00000001.01000000.00000019.sdmp	String found in binary or memory: https://mail.google.com/
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: https://mail.google.com/a/%s/?ui=pb&v=sm
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: https://mail.google.com/a/%s/?ui=pb&v=smhttps://mail.google.com/mail?ui=pb&v=sm%x%x%x%x-GMAIL_ATGMAI
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: https://mail.google.com/mail?ui=pb&v=sm
Source: 1a4e5ccd35a56d84281a143f831563be.exe, 0000000F.00000002.2419971867.000000000012E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://napoveda.seznam.cz/cz/smluvni-podminky/podminky-seznam-doplnky/0x00F1
Source: 1a4e5ccd35a56d84281a143f831563be.exe, 0000000F.00000002.2419971867.000000000012E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://napoveda.seznam.cz/cz/smluvni-podminky/podminky-seznam-doplnky/open
Source: Picasa3.exe, 00000014.00000002.2482072226.0000000002E92000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2506191744.0000000004241000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://photos.blogger.com/picasa-post.g
Source: Picasa3.exe, 00000014.00000002.2482072226.0000000002E92000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://photos.blogger.com/picasa-post.g(s
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: https://photos.google.com
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: https://photos.google.com/apps
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: https://photos.google.com/appslistboxcaptionpopuplistOriginal
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: https://photos.google.comvideoPostTargetresumableVideoUploadUrlupgradeVideoemailRelayupdateRequiredG
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000031AA000.00000004.00000020.00020000.00000000.sdmp, setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000035FF000.00000004.00000020.00020000.00000000.sdmp, GPhotos.scr, 00000011.00000000.1542724484.000000000062E000.00000002.00000001.01000000.0000000F.sdmp, Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp, PicasaPhotoViewer.exe, 00000015.00000000.1692209976.000000000070D000.00000002.00000001.01000000.00000019.sdmp	String found in binary or memory: https://picasaweb.google.com
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000031AA000.00000004.00000020.00020000.00000000.sdmp, setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000035FF000.00000004.00000020.00020000.00000000.sdmp, GPhotos.scr, 00000011.00000000.1542724484.000000000062E000.00000002.00000001.01000000.0000000F.sdmp, Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp, PicasaPhotoViewer.exe, 00000015.00000000.1692209976.000000000070D000.00000002.00000001.01000000.00000019.sdmp	String found in binary or memory: https://picasaweb.google.com/c/
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000035FF000.00000004.00000020.00020000.00000000.sdmp, GPhotos.scr, 00000011.00000000.1542724484.000000000062E000.00000002.00000001.01000000.0000000F.sdmp, Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: https://picasaweb.google.com/data/urls?version=1&alt=rss
Source: Picasa3.exe, 00000014.00000002.2506191744.0000000004241000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://picasaweb.google.com/data/urls?version=1&alt=rss&gl=CH
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000031AA000.00000004.00000020.00020000.00000000.sdmp, PicasaPhotoViewer.exe, 00000015.00000000.1692209976.000000000070D000.00000002.00000001.01000000.00000019.sdmp	String found in binary or memory: https://picasaweb.google.com/data/urls?version=1&alt=rssSoftware
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000031AA000.00000004.00000020.00020000.00000000.sdmp, setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000035FF000.00000004.00000020.00020000.00000000.sdmp, GPhotos.scr, 00000011.00000000.1542724484.000000000062E000.00000002.00000001.01000000.0000000F.sdmp, Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp, PicasaPhotoViewer.exe, 00000015.00000000.1692209976.000000000070D000.00000002.00000001.01000000.00000019.sdmp	String found in binary or memory: https://picasaweb.google.com/lh/picasaSignupRedir
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000031AA000.00000004.00000020.00020000.00000000.sdmp, setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000035FF000.00000004.00000020.00020000.00000000.sdmp, GPhotos.scr, 00000011.00000000.1542724484.000000000062E000.00000002.00000001.01000000.0000000F.sdmp, Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp, PicasaPhotoViewer.exe, 00000015.00000000.1692209976.000000000070D000.00000002.00000001.01000000.00000019.sdmp	String found in binary or memory: https://picasaweb.google.com/lh/picasaSignupRedirhttps://plus.google.com/https://www.google.com/acco
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000031AA000.00000004.00000020.00020000.00000000.sdmp, setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000035FF000.00000004.00000020.00020000.00000000.sdmp, GPhotos.scr, 00000011.00000000.1542724484.000000000062E000.00000002.00000001.01000000.0000000F.sdmp, Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp, PicasaPhotoViewer.exe, 00000015.00000000.1692209976.000000000070D000.00000002.00000001.01000000.00000019.sdmp	String found in binary or memory: https://plus.google.com/
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: https://plus.google.com/photos/%s/albums/%s
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: https://plus.google.com/photos/%s/albums/%sNot
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.0000000003831000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2506191744.0000000004241000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2482072226.0000000002E7B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://secure.picasa.com/support/account.php
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.0000000003831000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2506191744.0000000004241000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2482072226.0000000002F0B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://secure.picasa.com/support/account.php?do=password
Source: Picasa3.exe, 00000014.00000002.2506191744.0000000004241000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2599824731.000000001140C000.00000002.00000001.01000000.00000014.sdmp, Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp, Picasa3.exe, 00000014.00000003.1626203204.0000000003FB3000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2599824731.000000001000C000.00000002.00000001.01000000.00000014.sdmp, Picasa3.exe, 00000014.00000002.2482072226.0000000002E7B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://secure.picasa.com/support/register.php
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: https://support.google.com/drive/?p=picasa
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.0000000003831000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2599824731.000000001000C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: https://support.google.com/photos/?p=storage
Source: Picasa3.exe, 00000014.00000002.2506191744.0000000004241000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://support.google.com/picasa/answer/52532?hl=en
Source: setuppicasa39-setup.exe, 00000010.00000003.1659418312.000000000067F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://support.google.com/plus/?p=gpautobackupPublisherGoogle
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.0000000003831000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://support.google.com/plus/answer/1647509#cost
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: https://uploader.picasa.com/froogle.php?q=%s
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: https://uploader.picasa.com/froogle.php?q=%sthumbui/mainuipanelthumbui/acquirepanelthumbui/infowellt
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: https://uploader.picasa.com/providers/php/generate.xml.php?prID=%s&country=%s
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: https://uploader.picasa.com/providers/php/generate.xml.php?prID=%s&country=%sclientlanguagehttp://lo
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000031AA000.00000004.00000020.00020000.00000000.sdmp, setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000035FF000.00000004.00000020.00020000.00000000.sdmp, GPhotos.scr, 00000011.00000000.1542724484.000000000062E000.00000002.00000001.01000000.0000000F.sdmp, Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp, PicasaPhotoViewer.exe, 00000015.00000000.1692209976.000000000070D000.00000002.00000001.01000000.00000019.sdmp	String found in binary or memory: https://www-googleapis-staging.sandbox.google.com
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000031AA000.00000004.00000020.00020000.00000000.sdmp, setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000035FF000.00000004.00000020.00020000.00000000.sdmp, GPhotos.scr, 00000011.00000000.1542724484.000000000062E000.00000002.00000001.01000000.0000000F.sdmp, Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp, PicasaPhotoViewer.exe, 00000015.00000000.1692209976.000000000070D000.00000002.00000001.01000000.00000019.sdmp	String found in binary or memory: https://www-googleapis-test.sandbox.google.com
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000031AA000.00000004.00000020.00020000.00000000.sdmp, setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000035FF000.00000004.00000020.00020000.00000000.sdmp, GPhotos.scr, 00000011.00000000.1542724484.000000000062E000.00000002.00000001.01000000.0000000F.sdmp, Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp, PicasaPhotoViewer.exe, 00000015.00000000.1692209976.000000000070D000.00000002.00000001.01000000.00000019.sdmp	String found in binary or memory: https://www-googleapis-test.sandbox.google.comhttps://www-googleapis-staging.sandbox.google.comhttps
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.0000000003831000.00000004.00000020.00020000.00000000.sdmp, setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000031AA000.00000004.00000020.00020000.00000000.sdmp, setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000035FF000.00000004.00000020.00020000.00000000.sdmp, GPhotos.scr, 00000011.00000000.1542724484.000000000062E000.00000002.00000001.01000000.0000000F.sdmp, Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp, Picasa3.exe, 00000014.00000002.2506191744.0000000004241000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2482072226.0000000002EAA000.00000004.00000020.00020000.00000000.sdmp, PicasaPhotoViewer.exe, 00000015.00000000.1692209976.000000000070D000.00000002.00000001.01000000.00000019.sdmp	String found in binary or memory: https://www.google.com
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000032A7000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2599824731.000000001140C000.00000002.00000001.01000000.00000014.sdmp, PicasaPhotoViewer.exe, 00000015.00000000.1697683801.0000000000864000.00000002.00000001.01000000.00000019.sdmp	String found in binary or memory: https://www.google.com.tr/accounts/ForgotPasswd
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000031AA000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp, PicasaPhotoViewer.exe, 00000015.00000000.1692209976.000000000070D000.00000002.00000001.01000000.00000019.sdmp	String found in binary or memory: https://www.google.com/
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000031AA000.00000004.00000020.00020000.00000000.sdmp, PicasaPhotoViewer.exe, 00000015.00000000.1692209976.000000000070D000.00000002.00000001.01000000.00000019.sdmp	String found in binary or memory: https://www.google.com/Working
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000032A7000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000003.1626531844.00000000040E2000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2599824731.000000001140C000.00000002.00000001.01000000.00000014.sdmp, Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp, Picasa3.exe, 00000014.00000003.1626203204.0000000003FB3000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2599824731.000000001000C000.00000002.00000001.01000000.00000014.sdmp, Picasa3.exe, 00000014.00000002.2482072226.0000000002E7B000.00000004.00000020.00020000.00000000.sdmp, PicasaPhotoViewer.exe, 00000015.00000003.1768334402.000000000284E000.00000004.00000020.00020000.00000000.sdmp, PicasaPhotoViewer.exe, 00000015.00000003.1770457054.0000000002831000.00000004.00000020.00020000.00000000.sdmp, PicasaPhotoViewer.exe, 00000015.00000003.1774735111.0000000002835000.00000004.00000020.00020000.00000000.sdmp, PicasaPhotoViewer.exe, 00000015.00000000.1697683801.0000000000864000.00000002.00000001.01000000.00000019.sdmp, PicasaPhotoViewer.exe, 00000015.00000003.1775225286.000000000283A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/accounts/ForgotPasswd
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000032A7000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp, PicasaPhotoViewer.exe, 00000015.00000000.1697683801.0000000000864000.00000002.00000001.01000000.00000019.sdmp	String found in binary or memory: https://www.google.com/accounts/ForgotPasswd?hl=pt_BR
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000031AA000.00000004.00000020.00020000.00000000.sdmp, setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000035FF000.00000004.00000020.00020000.00000000.sdmp, GPhotos.scr, 00000011.00000000.1542724484.000000000062E000.00000002.00000001.01000000.0000000F.sdmp, Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp, PicasaPhotoViewer.exe, 00000015.00000000.1692209976.000000000070D000.00000002.00000001.01000000.00000019.sdmp	String found in binary or memory: https://www.google.com/accounts/NewAccount?service=mail
Source: Picasa3.exe, 00000014.00000002.2506191744.0000000004241000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/accounts/NewAccount?service=videoonline
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000031AA000.00000004.00000020.00020000.00000000.sdmp, setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000035FF000.00000004.00000020.00020000.00000000.sdmp, GPhotos.scr, 00000011.00000000.1542724484.000000000062E000.00000002.00000001.01000000.0000000F.sdmp, Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp, PicasaPhotoViewer.exe, 00000015.00000000.1692209976.000000000070D000.00000002.00000001.01000000.00000019.sdmp	String found in binary or memory: https://www.google.com/accounts/OAuthLogin
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000031AA000.00000004.00000020.00020000.00000000.sdmp, setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000035FF000.00000004.00000020.00020000.00000000.sdmp, GPhotos.scr, 00000011.00000000.1542724484.000000000062E000.00000002.00000001.01000000.0000000F.sdmp, Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp, PicasaPhotoViewer.exe, 00000015.00000000.1692209976.000000000070D000.00000002.00000001.01000000.00000019.sdmp	String found in binary or memory: https://www.google.com/accounts/OAuthLoginhttps://picasaweb.google.com/c/https://www.google.com/m8/f
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000032A7000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2599824731.000000001000C000.00000002.00000001.01000000.00000014.sdmp, PicasaPhotoViewer.exe, 00000015.00000000.1697683801.0000000000864000.00000002.00000001.01000000.00000019.sdmp	String found in binary or memory: https://www.google.com/accounts/ServiceLogin?hl=ar_US&continue=http%3A%2F%2Fpicasaweb.google.com
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000032A7000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2599824731.000000001000C000.00000002.00000001.01000000.00000014.sdmp, PicasaPhotoViewer.exe, 00000015.00000000.1697683801.0000000000864000.00000002.00000001.01000000.00000019.sdmp	String found in binary or memory: https://www.google.com/accounts/ServiceLogin?hl=bg&continue=http%3A%2F%2Fpicasaweb.google.com%2F
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000032A7000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2599824731.000000001000C000.00000002.00000001.01000000.00000014.sdmp, PicasaPhotoViewer.exe, 00000015.00000000.1697683801.0000000000864000.00000002.00000001.01000000.00000019.sdmp	String found in binary or memory: https://www.google.com/accounts/ServiceLogin?hl=ca_ES&continue=http%3A%2F%2Fpicasaweb.google.com
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000032A7000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2599824731.000000001000C000.00000002.00000001.01000000.00000014.sdmp, PicasaPhotoViewer.exe, 00000015.00000000.1697683801.0000000000864000.00000002.00000001.01000000.00000019.sdmp	String found in binary or memory: https://www.google.com/accounts/ServiceLogin?hl=cs&continue=http%3A%2F%2Fpicasaweb.google.com%2F
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000032A7000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2599824731.000000001000C000.00000002.00000001.01000000.00000014.sdmp, PicasaPhotoViewer.exe, 00000015.00000000.1697683801.0000000000864000.00000002.00000001.01000000.00000019.sdmp	String found in binary or memory: https://www.google.com/accounts/ServiceLogin?hl=de_DE&continue=http%3A%2F%2Fpicasaweb.google.com
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000032A7000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2599824731.000000001000C000.00000002.00000001.01000000.00000014.sdmp, PicasaPhotoViewer.exe, 00000015.00000000.1697683801.0000000000864000.00000002.00000001.01000000.00000019.sdmp	String found in binary or memory: https://www.google.com/accounts/ServiceLogin?hl=el&continue=http%3A%2F%2Fpicasaweb.google.com%2F
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000032A7000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2599824731.000000001000C000.00000002.00000001.01000000.00000014.sdmp, PicasaPhotoViewer.exe, 00000015.00000000.1697683801.0000000000864000.00000002.00000001.01000000.00000019.sdmp	String found in binary or memory: https://www.google.com/accounts/ServiceLogin?hl=en_GB&continue=http%3A%2F%2Fpicasaweb.google.com
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000032A7000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000003.1626531844.00000000040E2000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2599824731.000000001140C000.00000002.00000001.01000000.00000014.sdmp, Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp, Picasa3.exe, 00000014.00000003.1626203204.0000000003FB3000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2599824731.000000001000C000.00000002.00000001.01000000.00000014.sdmp, PicasaPhotoViewer.exe, 00000015.00000003.1768334402.000000000284E000.00000004.00000020.00020000.00000000.sdmp, PicasaPhotoViewer.exe, 00000015.00000000.1697683801.0000000000864000.00000002.00000001.01000000.00000019.sdmp	String found in binary or memory: https://www.google.com/accounts/ServiceLogin?hl=en_US&continue=http%3A%2F%2Fpicasaweb.google.com
Source: Picasa3.exe, 00000014.00000002.2482072226.0000000002EAA000.00000004.00000020.00020000.00000000.sdmp, PicasaPhotoViewer.exe, 00000015.00000003.1768334402.000000000284E000.00000004.00000020.00020000.00000000.sdmp, PicasaPhotoViewer.exe, 00000015.00000002.1779594524.000000000285D000.00000004.00000020.00020000.00000000.sdmp, PicasaPhotoViewer.exe, 00000015.00000003.1775391488.000000000285D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/accounts/ServiceLogin?hl=en_US&continue=http%3A%2F%2Fpicasaweb.google.com%2Fh
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000032A7000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2599824731.000000001000C000.00000002.00000001.01000000.00000014.sdmp, PicasaPhotoViewer.exe, 00000015.00000000.1697683801.0000000000864000.00000002.00000001.01000000.00000019.sdmp	String found in binary or memory: https://www.google.com/accounts/ServiceLogin?hl=es_ES&continue=http%3A%2F%2Fpicasaweb.google.com
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000032A7000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp, PicasaPhotoViewer.exe, 00000015.00000000.1697683801.0000000000864000.00000002.00000001.01000000.00000019.sdmp	String found in binary or memory: https://www.google.com/accounts/ServiceLogin?hl=fi_fi&continue=http%3A%2F%2Fpicasaweb.google.com
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000032A7000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp, PicasaPhotoViewer.exe, 00000015.00000000.1697683801.0000000000864000.00000002.00000001.01000000.00000019.sdmp	String found in binary or memory: https://www.google.com/accounts/ServiceLogin?hl=fil_PH&continue=http%3A%2F%2Fpicasaweb.google.co
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000032A7000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp, PicasaPhotoViewer.exe, 00000015.00000000.1697683801.0000000000864000.00000002.00000001.01000000.00000019.sdmp	String found in binary or memory: https://www.google.com/accounts/ServiceLogin?hl=fr_FR&continue=http%3A%2F%2Fpicasaweb.google.com
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000032A7000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp, PicasaPhotoViewer.exe, 00000015.00000000.1697683801.0000000000864000.00000002.00000001.01000000.00000019.sdmp	String found in binary or memory: https://www.google.com/accounts/ServiceLogin?hl=hu_HU&continue=http%3A%2F%2Fpicasaweb.google.com
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000032A7000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp, PicasaPhotoViewer.exe, 00000015.00000000.1697683801.0000000000864000.00000002.00000001.01000000.00000019.sdmp	String found in binary or memory: https://www.google.com/accounts/ServiceLogin?hl=id_ID&continue=http%3A%2F%2Fpicasaweb.google.com
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000032A7000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp, PicasaPhotoViewer.exe, 00000015.00000000.1697683801.0000000000864000.00000002.00000001.01000000.00000019.sdmp	String found in binary or memory: https://www.google.com/accounts/ServiceLogin?hl=it&continue=http%3A%2F%2Fpicasaweb.google.com%2F
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000032A7000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp, PicasaPhotoViewer.exe, 00000015.00000000.1697683801.0000000000864000.00000002.00000001.01000000.00000019.sdmp	String found in binary or memory: https://www.google.com/accounts/ServiceLogin?hl=ja_JP&continue=http%3A%2F%2Fpicasaweb.google.com
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000032A7000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp, PicasaPhotoViewer.exe, 00000015.00000000.1697683801.0000000000864000.00000002.00000001.01000000.00000019.sdmp	String found in binary or memory: https://www.google.com/accounts/ServiceLogin?hl=ko_KR&continue=http%3A%2F%2Fpicasaweb.google.com
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000032A7000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp, PicasaPhotoViewer.exe, 00000015.00000000.1697683801.0000000000864000.00000002.00000001.01000000.00000019.sdmp	String found in binary or memory: https://www.google.com/accounts/ServiceLogin?hl=lv_LV&continue=http%3A%2F%2Fpicasaweb.google.com
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000032A7000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp, PicasaPhotoViewer.exe, 00000015.00000000.1697683801.0000000000864000.00000002.00000001.01000000.00000019.sdmp	String found in binary or memory: https://www.google.com/accounts/ServiceLogin?hl=nl_US&continue=http%3A%2F%2Fpicasaweb.google.com
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000032A7000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp, PicasaPhotoViewer.exe, 00000015.00000000.1697683801.0000000000864000.00000002.00000001.01000000.00000019.sdmp	String found in binary or memory: https://www.google.com/accounts/ServiceLogin?hl=no_US&continue=http%3A%2F%2Fpicasaweb.google.com
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000032A7000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp, PicasaPhotoViewer.exe, 00000015.00000000.1697683801.0000000000864000.00000002.00000001.01000000.00000019.sdmp	String found in binary or memory: https://www.google.com/accounts/ServiceLogin?hl=pl&continue=http%3A%2F%2Fpicasaweb.google.com%2F
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000032A7000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp, PicasaPhotoViewer.exe, 00000015.00000000.1697683801.0000000000864000.00000002.00000001.01000000.00000019.sdmp	String found in binary or memory: https://www.google.com/accounts/ServiceLogin?hl=pt_BR&continue=http%3A%2F%2Fpicasaweb.google.com
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000032A7000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp, PicasaPhotoViewer.exe, 00000015.00000000.1697683801.0000000000864000.00000002.00000001.01000000.00000019.sdmp	String found in binary or memory: https://www.google.com/accounts/ServiceLogin?hl=pt_PT&continue=http%3A%2F%2Fpicasaweb.google.com
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000032A7000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp, PicasaPhotoViewer.exe, 00000015.00000000.1697683801.0000000000864000.00000002.00000001.01000000.00000019.sdmp	String found in binary or memory: https://www.google.com/accounts/ServiceLogin?hl=ro&continue=http%3A%2F%2Fpicasaweb.google.com%2F
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000032A7000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp, PicasaPhotoViewer.exe, 00000015.00000000.1697683801.0000000000864000.00000002.00000001.01000000.00000019.sdmp	String found in binary or memory: https://www.google.com/accounts/ServiceLogin?hl=ru&continue=http%3A%2F%2Fpicasaweb.google.com%2F
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000032A7000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp, PicasaPhotoViewer.exe, 00000015.00000000.1697683801.0000000000864000.00000002.00000001.01000000.00000019.sdmp	String found in binary or memory: https://www.google.com/accounts/ServiceLogin?hl=sl_SI&continue=http%3A%2F%2Fpicasaweb.google.com
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000032A7000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp, PicasaPhotoViewer.exe, 00000015.00000000.1697683801.0000000000864000.00000002.00000001.01000000.00000019.sdmp	String found in binary or memory: https://www.google.com/accounts/ServiceLogin?hl=sv_SE&continue=http%3A%2F%2Fpicasaweb.google.com
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000032A7000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2599824731.000000001140C000.00000002.00000001.01000000.00000014.sdmp, PicasaPhotoViewer.exe, 00000015.00000000.1697683801.0000000000864000.00000002.00000001.01000000.00000019.sdmp	String found in binary or memory: https://www.google.com/accounts/ServiceLogin?hl=th&
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000032A7000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2599824731.000000001140C000.00000002.00000001.01000000.00000014.sdmp, PicasaPhotoViewer.exe, 00000015.00000000.1697683801.0000000000864000.00000002.00000001.01000000.00000019.sdmp	String found in binary or memory: https://www.google.com/accounts/ServiceLogin?hl=tr&continue=http%3A%2F%2Fpicasaweb.google.com%2F
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000032A7000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2599824731.000000001140C000.00000002.00000001.01000000.00000014.sdmp, PicasaPhotoViewer.exe, 00000015.00000000.1697683801.0000000000864000.00000002.00000001.01000000.00000019.sdmp	String found in binary or memory: https://www.google.com/accounts/ServiceLogin?hl=vi_VN&continue=http%3A%2F%2Fpicasaweb.google.com
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000032A7000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2599824731.000000001140C000.00000002.00000001.01000000.00000014.sdmp, PicasaPhotoViewer.exe, 00000015.00000000.1697683801.0000000000864000.00000002.00000001.01000000.00000019.sdmp	String found in binary or memory: https://www.google.com/accounts/ServiceLogin?hl=zh_CN&continue=http%3A%2F%2Fpicasaweb.google.com
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: https://www.google.com/contacts
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: https://www.google.com/contactsrefresh_contactsonline_contactcountsyncgplusrevertcreateemailsfullnam
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.0000000003831000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2599824731.000000001000C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: https://www.google.com/intl/en/policies/privacy/
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.0000000003831000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2599824731.000000001000C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: https://www.google.com/intl/en/policies/terms/
Source: Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: https://www.google.com/intl/iw/policies/privacy/
Source: Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: https://www.google.com/intl/iw/policies/terms/
Source: Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp, Picasa3.exe, 00000014.00000002.2599824731.000000001000C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: https://www.google.com/intl/pt-BR/policies/privacy/
Source: Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp, Picasa3.exe, 00000014.00000002.2599824731.000000001000C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: https://www.google.com/intl/pt-BR/policies/terms/
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000031AA000.00000004.00000020.00020000.00000000.sdmp, setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000035FF000.00000004.00000020.00020000.00000000.sdmp, GPhotos.scr, 00000011.00000000.1542724484.000000000062E000.00000002.00000001.01000000.0000000F.sdmp, Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp, PicasaPhotoViewer.exe, 00000015.00000000.1692209976.000000000070D000.00000002.00000001.01000000.00000019.sdmp	String found in binary or memory: https://www.google.com/m8/feeds/
Source: Picasa3.exe, 00000014.00000002.2482072226.0000000002E92000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2599824731.000000001140C000.00000002.00000001.01000000.00000014.sdmp, Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp, Picasa3.exe, 00000014.00000003.1626203204.0000000003FB3000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2599824731.000000001000C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: https://www.google.com/policies/privacy/
Source: setuppicasa39-setup.exe, 00000010.00000003.1659418312.000000000067F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/policies/privacy/http://www.google.ro/policies/privacy/https://www.google.com
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.0000000003831000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2599824731.000000001000C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: https://www.google.com/policies/terms
Source: Picasa3.exe, 00000014.00000002.2482072226.0000000002E92000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2599824731.000000001140C000.00000002.00000001.01000000.00000014.sdmp, Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp, Picasa3.exe, 00000014.00000003.1626203204.0000000003FB3000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2599824731.000000001000C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: https://www.google.com/policies/terms/
Source: setuppicasa39-setup.exe, 00000010.00000003.1659418312.000000000067F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/policies/terms/http://www.google.ro/policies/terms/https://www.google.com/int
Source: Picasa3.exe, 00000014.00000002.2482072226.0000000002E92000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/tbproxy/usagestats
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: https://www.google.com/tbproxy/usagestatsLastStatsTransmissionpicasa
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000032A7000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2599824731.000000001000C000.00000002.00000001.01000000.00000014.sdmp, PicasaPhotoViewer.exe, 00000015.00000000.1697683801.0000000000864000.00000002.00000001.01000000.00000019.sdmp	String found in binary or memory: https://www.google.cz/accounts/ForgotPasswd
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000032A7000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2599824731.000000001000C000.00000002.00000001.01000000.00000014.sdmp, PicasaPhotoViewer.exe, 00000015.00000000.1697683801.0000000000864000.00000002.00000001.01000000.00000019.sdmp	String found in binary or memory: https://www.google.de/accounts/ForgotPasswd
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000032A7000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2599824731.000000001000C000.00000002.00000001.01000000.00000014.sdmp, PicasaPhotoViewer.exe, 00000015.00000000.1697683801.0000000000864000.00000002.00000001.01000000.00000019.sdmp	String found in binary or memory: https://www.google.es/accounts/ForgotPasswd
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000032A7000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp, PicasaPhotoViewer.exe, 00000015.00000000.1697683801.0000000000864000.00000002.00000001.01000000.00000019.sdmp	String found in binary or memory: https://www.google.nl/accounts/ForgotPasswd
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000032A7000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp, PicasaPhotoViewer.exe, 00000015.00000000.1697683801.0000000000864000.00000002.00000001.01000000.00000019.sdmp	String found in binary or memory: https://www.google.rs/accounts/ForgotPasswd
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000032A7000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp, PicasaPhotoViewer.exe, 00000015.00000000.1697683801.0000000000864000.00000002.00000001.01000000.00000019.sdmp	String found in binary or memory: https://www.google.rs/accounts/ServiceLogin?hl=sr&continue=http%3A%2F%2Fpicasaweb.google.rs%2Fho
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000031AA000.00000004.00000020.00020000.00000000.sdmp, setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000035FF000.00000004.00000020.00020000.00000000.sdmp, GPhotos.scr, 00000011.00000000.1542724484.000000000062E000.00000002.00000001.01000000.0000000F.sdmp, Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp, PicasaPhotoViewer.exe, 00000015.00000000.1692209976.000000000070D000.00000002.00000001.01000000.00000019.sdmp	String found in binary or memory: https://www.googleapis.com
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000031AA000.00000004.00000020.00020000.00000000.sdmp, setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000035FF000.00000004.00000020.00020000.00000000.sdmp, GPhotos.scr, 00000011.00000000.1542724484.000000000062E000.00000002.00000001.01000000.0000000F.sdmp, Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp, PicasaPhotoViewer.exe, 00000015.00000000.1692209976.000000000070D000.00000002.00000001.01000000.00000019.sdmp	String found in binary or memory: https://www.googleapis.com/auth/photos
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000031AA000.00000004.00000020.00020000.00000000.sdmp, setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000035FF000.00000004.00000020.00020000.00000000.sdmp, GPhotos.scr, 00000011.00000000.1542724484.000000000062E000.00000002.00000001.01000000.0000000F.sdmp, Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp, PicasaPhotoViewer.exe, 00000015.00000000.1692209976.000000000070D000.00000002.00000001.01000000.00000019.sdmp	String found in binary or memory: https://www.googleapis.com/auth/plus.circles.read
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000031AA000.00000004.00000020.00020000.00000000.sdmp, setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000035FF000.00000004.00000020.00020000.00000000.sdmp, GPhotos.scr, 00000011.00000000.1542724484.000000000062E000.00000002.00000001.01000000.0000000F.sdmp, Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp, PicasaPhotoViewer.exe, 00000015.00000000.1692209976.000000000070D000.00000002.00000001.01000000.00000019.sdmp	String found in binary or memory: https://www.googleapis.com/auth/plus.me
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000031AA000.00000004.00000020.00020000.00000000.sdmp, setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000035FF000.00000004.00000020.00020000.00000000.sdmp, GPhotos.scr, 00000011.00000000.1542724484.000000000062E000.00000002.00000001.01000000.0000000F.sdmp, Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp, PicasaPhotoViewer.exe, 00000015.00000000.1692209976.000000000070D000.00000002.00000001.01000000.00000019.sdmp	String found in binary or memory: https://www.googleapis.com/auth/plus.media.readonly
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000031AA000.00000004.00000020.00020000.00000000.sdmp, setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000035FF000.00000004.00000020.00020000.00000000.sdmp, GPhotos.scr, 00000011.00000000.1542724484.000000000062E000.00000002.00000001.01000000.0000000F.sdmp, Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp, PicasaPhotoViewer.exe, 00000015.00000000.1692209976.000000000070D000.00000002.00000001.01000000.00000019.sdmp	String found in binary or memory: https://www.googleapis.com/auth/plus.media.upload
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000031AA000.00000004.00000020.00020000.00000000.sdmp, setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000035FF000.00000004.00000020.00020000.00000000.sdmp, GPhotos.scr, 00000011.00000000.1542724484.000000000062E000.00000002.00000001.01000000.0000000F.sdmp, Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp, PicasaPhotoViewer.exe, 00000015.00000000.1692209976.000000000070D000.00000002.00000001.01000000.00000019.sdmp	String found in binary or memory: https://www.googleapis.com/auth/plus.profiles.read
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000031AA000.00000004.00000020.00020000.00000000.sdmp, setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000035FF000.00000004.00000020.00020000.00000000.sdmp, GPhotos.scr, 00000011.00000000.1542724484.000000000062E000.00000002.00000001.01000000.0000000F.sdmp, Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp, PicasaPhotoViewer.exe, 00000015.00000000.1692209976.000000000070D000.00000002.00000001.01000000.00000019.sdmp	String found in binary or memory: https://www.googleapis.com/auth/plus.settings
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000031AA000.00000004.00000020.00020000.00000000.sdmp, setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000035FF000.00000004.00000020.00020000.00000000.sdmp, GPhotos.scr, 00000011.00000000.1542724484.000000000062E000.00000002.00000001.01000000.0000000F.sdmp, Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp, PicasaPhotoViewer.exe, 00000015.00000000.1692209976.000000000070D000.00000002.00000001.01000000.00000019.sdmp	String found in binary or memory: https://www.googleapis.com/auth/plus.stream.write
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000031AA000.00000004.00000020.00020000.00000000.sdmp, setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000035FF000.00000004.00000020.00020000.00000000.sdmp, GPhotos.scr, 00000011.00000000.1542724484.000000000062E000.00000002.00000001.01000000.0000000F.sdmp, Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp, PicasaPhotoViewer.exe, 00000015.00000000.1692209976.000000000070D000.00000002.00000001.01000000.00000019.sdmp	String found in binary or memory: https://www.googleapis.com/auth/userinfo%23email
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000031AA000.00000004.00000020.00020000.00000000.sdmp, setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000035FF000.00000004.00000020.00020000.00000000.sdmp, GPhotos.scr, 00000011.00000000.1542724484.000000000062E000.00000002.00000001.01000000.0000000F.sdmp, Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp, PicasaPhotoViewer.exe, 00000015.00000000.1692209976.000000000070D000.00000002.00000001.01000000.00000019.sdmp	String found in binary or memory: https://www.youtube.com/create_channel?upsell=upload

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49865
Source: unknown	Network traffic detected: HTTP traffic on port 49817 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49863
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49862
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49861
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49982
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49860
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49981
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49980
Source: unknown	Network traffic detected: HTTP traffic on port 49932 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49898 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49875 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49852 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49795 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49990 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49859
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49979
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49857
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49978
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49856
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49977
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49855
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49976
Source: unknown	Network traffic detected: HTTP traffic on port 49841 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49854
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49975
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49853
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49974
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49852
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49973
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49851
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49972
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49850
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49971
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49970
Source: unknown	Network traffic detected: HTTP traffic on port 49967 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49784 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50004 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49909 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49806 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49943 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49849
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49848
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49969
Source: unknown	Network traffic detected: HTTP traffic on port 49978 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49847
Source: unknown	Network traffic detected: HTTP traffic on port 49886 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49968
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49846
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49967
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49845
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49966
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49844
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49965
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49843
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49964
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49842
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49963
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49841
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49962
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49840
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49961
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49960
Source: unknown	Network traffic detected: HTTP traffic on port 50015 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50040 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49966 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49989 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49828 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49933 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49805 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49839
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49838
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49959
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49837
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49958
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49836
Source: unknown	Network traffic detected: HTTP traffic on port 49921 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49957
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49835
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49956
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49834
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49955
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49833
Source: unknown	Network traffic detected: HTTP traffic on port 49887 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49954
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49832
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49953
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49831
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49952
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49830
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49951
Source: unknown	Network traffic detected: HTTP traffic on port 49839 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49950
Source: unknown	Network traffic detected: HTTP traffic on port 49944 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49910 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49853 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49796 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown	Network traffic detected: HTTP traffic on port 49955 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49708
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49829
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49828
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49949
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49827
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49948
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49826
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49947
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49704
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49825
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49946
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49824
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49945
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49702
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49823
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49944
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49822
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49943
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49788
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49787
Source: unknown	Network traffic detected: HTTP traffic on port 50061 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49786
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49785
Source: unknown	Network traffic detected: HTTP traffic on port 49922 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49784
Source: unknown	Network traffic detected: HTTP traffic on port 49945 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49783
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49782
Source: unknown	Network traffic detected: HTTP traffic on port 50017 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49781
Source: unknown	Network traffic detected: HTTP traffic on port 49968 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49785 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50049 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49807 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49980 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown	Network traffic detected: HTTP traffic on port 49885 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49778
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49899
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49898
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49897
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49896
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49895
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 49862 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49894
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49893
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49892
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49891
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49890
Source: unknown	Network traffic detected: HTTP traffic on port 49897 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49911 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49957 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49851 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49830 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49889
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49888
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49887
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49886
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49885
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 49863 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49884
Source: unknown	Network traffic detected: HTTP traffic on port 50038 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49883
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49882
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49881
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 49840 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49880
Source: unknown	Network traffic detected: HTTP traffic on port 49702 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49896 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49797 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49956 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50005 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49979 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49879
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49878
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49999
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49877
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49998
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49876
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49997
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49875
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49996
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49874
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49995
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49873
Source: unknown	Network traffic detected: HTTP traffic on port 49923 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49994
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49872
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49993
Source: unknown	Network traffic detected: HTTP traffic on port 50016 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49818 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49871
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49992
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49870
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49990
Source: unknown	Network traffic detected: HTTP traffic on port 49786 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49874 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49829 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49934 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50027 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49869
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49868
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49989
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49867
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49866
Source: unknown	Network traffic detected: HTTP traffic on port 50013 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50059 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49803 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49826 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49906 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49849 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49900 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49837 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49975 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49929 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49872 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49964 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49798 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49861 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49999 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49918 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49873 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49787 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49930 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50001 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49850 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49963 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49799
Source: unknown	Network traffic detected: HTTP traffic on port 50037 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49798
Source: unknown	Network traffic detected: HTTP traffic on port 50012 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49797
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50009
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49796
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49795
Source: unknown	Network traffic detected: HTTP traffic on port 49952 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49794
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49793
Source: unknown	Network traffic detected: HTTP traffic on port 49814 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49792
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49791
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49790
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50001
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50003
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50002
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50005
Source: unknown	Network traffic detected: HTTP traffic on port 49895 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50004
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50048 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49825 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49884 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49907 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49941 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49789
Source: unknown	Network traffic detected: HTTP traffic on port 49997 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49859 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49871 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49894 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50003 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49965 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49799 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49942 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49977 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49816 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50035 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49919 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49954 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50014 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49788 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49827 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49882 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49848 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49838 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49976 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49953 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49815 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49908 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50024 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49883 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49860 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49778 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49998 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49931 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50058 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49804 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50002 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49920 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49708 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49926 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49949 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49800 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49789 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50056
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50058
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50057
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50059
Source: unknown	Network traffic detected: HTTP traffic on port 49961 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50022 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50061
Source: unknown	Network traffic detected: HTTP traffic on port 50045 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49881 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49950 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49996 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50010 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49812 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50056 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49893 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49915 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49823 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49790 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49869 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50009 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49972 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49834 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50057 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49892 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49904 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49847 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49927 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49822 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49870 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49938 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49811 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50018
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50017
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50019
Source: unknown	Network traffic detected: HTTP traffic on port 49813 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49951 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49974 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50010
Source: unknown	Network traffic detected: HTTP traffic on port 49836 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49916 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50012
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50011
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50014
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50013
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50016
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50015
Source: unknown	Network traffic detected: HTTP traffic on port 49939 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49845 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49791 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49868 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50021
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50020
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50022
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50024
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50027
Source: unknown	Network traffic detected: HTTP traffic on port 49879 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49802 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50021 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50030
Source: unknown	Network traffic detected: HTTP traffic on port 49905 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49995 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50011 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49928 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50031
Source: unknown	Network traffic detected: HTTP traffic on port 49857 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50033
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50035
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50038
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50037
Source: unknown	Network traffic detected: HTTP traffic on port 49801 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49940 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49824 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50041
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50040
Source: unknown	Network traffic detected: HTTP traffic on port 49973 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49891 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50033 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50043
Source: unknown	Network traffic detected: HTTP traffic on port 49835 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49917 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50042
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50045
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50044
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50049
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50048
Source: unknown	Network traffic detected: HTTP traffic on port 49880 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49962 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49775 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50044 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49846 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49792 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49890 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49970 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50042 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49781 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49878 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49912 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49935 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49958 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49889 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49866 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49820 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49946 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50018 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49855 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49981 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49901 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49924 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49819 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49844 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49947 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49793 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49831 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50031 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49992 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50043 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49782 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49969 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49994 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50020 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49856 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49913 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49808 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49867 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49821
Source: unknown	Network traffic detected: HTTP traffic on port 49865 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49942
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49820
Source: unknown	Network traffic detected: HTTP traffic on port 49842 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49941
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49940
Source: unknown	Network traffic detected: HTTP traffic on port 49704 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49833 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49819
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49818
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49939
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49938
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49817
Source: unknown	Network traffic detected: HTTP traffic on port 49810 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49816
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49937
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49815
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49936
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49814
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49935
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49813
Source: unknown	Network traffic detected: HTTP traffic on port 49902 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49934
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49812
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49933
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49811
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49932
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49810
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49931
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49930
Source: unknown	Network traffic detected: HTTP traffic on port 49925 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49971 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49794 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49936 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49876 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49960 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49809
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49808

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49702 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49704 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.75.76.70:443 -> 192.168.2.16:49708 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.217.23.110:443 -> 192.168.2.16:49716 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.217.23.110:443 -> 192.168.2.16:49715 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 142.250.186.65:443 -> 192.168.2.16:49736 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 142.250.186.65:443 -> 192.168.2.16:49737 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 142.250.185.174:443 -> 192.168.2.16:49755 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 142.250.185.174:443 -> 192.168.2.16:49754 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.217.23.110:443 -> 192.168.2.16:49772 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.217.23.110:443 -> 192.168.2.16:49773 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.217.23.110:443 -> 192.168.2.16:49775 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.75.76.70:443 -> 192.168.2.16:49776 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.190.159.64:443 -> 192.168.2.16:49926 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.75.78.30:443 -> 192.168.2.16:49960 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.75.78.30:443 -> 192.168.2.16:49966 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.75.78.30:443 -> 192.168.2.16:49969 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.75.78.30:443 -> 192.168.2.16:49972 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.75.78.30:443 -> 192.168.2.16:49981 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.75.78.30:443 -> 192.168.2.16:49996 version: TLS 1.2

Spam, unwanted Advertisements and Ransom Demands

Writes many files with high entropy

Source: C:\Users\user\Desktop\1a4e5ccd35a56d84281a143f831563be.exe	File created: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\listicka.exe entropy: 7.99973343481	Jump to dropped file
Source: C:\Users\user\Desktop\1a4e5ccd35a56d84281a143f831563be.exe	File created: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe entropy: 7.99944334747	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\listicka.exe	File created: C:\Users\user\AppData\Roaming\Seznam.cz\install\com.microsoft.msdn.msvcr100-10.0.40219.325-win32.zip entropy: 7.99902013967	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\listicka.exe	File created: C:\Users\user\AppData\Roaming\Seznam.cz\install\com.microsoft.msdn.msvcr110-11.0.51106.1-win32.zip entropy: 7.99803893501	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\listicka.exe	File created: C:\Users\user\AppData\Roaming\Seznam.cz\install\cz.seznam.software.libfoxcub-3.3.4-win32.zip entropy: 7.99937504474	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\listicka.exe	File created: C:\Users\user\AppData\Roaming\Seznam.cz\install\cz.seznam.software.libfoxcub64-3.3.4-win32.zip entropy: 7.9934403699	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\listicka.exe	File created: C:\Users\user\AppData\Roaming\Seznam.cz\install\cz.seznam.software.libszndesktop-2.1.29-win32.zip entropy: 7.9975528811	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\listicka.exe	File created: C:\Users\user\AppData\Roaming\Seznam.cz\install\cz.seznam.software.lightspeed-1210-12.10.12-win32.zip entropy: 7.99527419193	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\listicka.exe	File created: C:\Users\user\AppData\Roaming\Seznam.cz\install\cz.seznam.software.lightspeed-1210-12.10.17-win32.zip entropy: 7.99527148225	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\listicka.exe	File created: C:\Users\user\AppData\Roaming\Seznam.cz\install\cz.seznam.software.pp-1.0.2-win32.zip entropy: 7.99611761346	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\listicka.exe	File created: C:\Users\user\AppData\Roaming\Seznam.cz\install\cz.seznam.software.szndesktop-2.0.31-win32.zip entropy: 7.99148015785	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\listicka.exe	File created: C:\Users\user\AppData\Roaming\Seznam.cz\install\cz.seznam.software.szninstall-1.1.14-win32.zip entropy: 7.99734638525	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\listicka.exe	File created: C:\Users\user\AppData\Roaming\Seznam.cz\install\cz.seznam.software.sznsetup-1.2.6-win32.zip entropy: 7.99808441613	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\listicka.exe	File created: C:\Users\user\AppData\Roaming\Seznam.cz\install\szn-software-fflisticka-4.0.4-win32.zip entropy: 7.99500794712	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup-lt.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\90SNK17T\cz.seznam.software.sznsetup-1.2.7-win32[1].zip entropy: 7.99751989556	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup-lt.exe	File created: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\download\cz.seznam.software.sznsetup-1.2.7-win32.zip entropy: 7.99751989556	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup-lt.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\AN5UOLP8\cz.seznam.software.szninstall-1.1.15-win32[1].zip entropy: 7.99622148951	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup-lt.exe	File created: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\download\cz.seznam.software.szninstall-1.1.15-win32.zip entropy: 7.99622148951	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\90SNK17T\cz.seznam.software.libfoxcub-3.3.8-win32[1].zip entropy: 7.99928054353	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	File created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\download\cz.seznam.software.libfoxcub-3.3.8-win32.zip entropy: 7.99928054353	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\AN5UOLP8\cz.seznam.software.libfoxcub64-3.3.8-win32[1].zip entropy: 7.99330512834	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	File created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\download\cz.seznam.software.libfoxcub64-3.3.8-win32.zip entropy: 7.99330512834	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\AN5UOLP8\szn-software-fflisticka-4.0.8-win32[1].zip entropy: 7.99598048244	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	File created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\download\szn-software-fflisticka-4.0.8-win32.zip entropy: 7.99598048244	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\C7S8M5VS\cz.seznam.software.lightspeed-1210-12.10.18-win32[1].zip entropy: 7.99452128979	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	File created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\download\cz.seznam.software.lightspeed-1210-12.10.18-win32.zip entropy: 7.99452128979	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\33CUD2J1\cz.seznam.software.libszndesktop-2.1.35-win32[1].zip entropy: 7.99829572997	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	File created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\download\cz.seznam.software.libszndesktop-2.1.35-win32.zip entropy: 7.99829572997	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\AN5UOLP8\cz.seznam.software.szndesktop-2.0.32-win32[1].zip entropy: 7.991462256	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	File created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\download\cz.seznam.software.szndesktop-2.0.32-win32.zip entropy: 7.991462256	Jump to dropped file

Too many similar processes found

Source: conhost.exe

Process created: 41

System Summary

Submitted sample is a known malware sample

Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	Dropped file: MD5: 23b7d7d024abb0f558420e098800bf27 Family: OceanLotus Alias: OceanLotus, , Cobalt Kitty , APT-C-00, SeaLotus, APT32 Description: OceanLotus is an APT group that was first disclosed and named by QI-ANXIN. The APT group carried out targeted attacks against Chinese government, research institutes, maritime institutions, and shipping companies since 2012. The group, called as APT32 by FireEye, also targeted corporations with a vested interest in Vietnams manufacturing, consumer products, and hospitality sectors. Furthermore, it has also targeted foreign governments, as well as Vietnamese dissidents and journalists since at least 2013. References: https://www.fireeye.com/blog/threat-research/2017/05/cyber-espionage-apt32.html https://www.cybereason.com/labs-operation-cobalt-kitty-a-large-scale-apt-in-asia-carried-out-by-the-oceanlotus-group/https://www.scmagazineuk.com/ocean-lotus-groupapt-32-identified-as-vietnamese-apt-group/article/663565/Data Source: https://github.com/RedDrip7/APT_Digital_Weapon
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	Dropped file: MD5: 23b7d7d024abb0f558420e098800bf27 Family: OceanLotus Alias: OceanLotus, , Cobalt Kitty , APT-C-00, SeaLotus, APT32 Description: OceanLotus is an APT group that was first disclosed and named by QI-ANXIN. The APT group carried out targeted attacks against Chinese government, research institutes, maritime institutions, and shipping companies since 2012. The group, called as APT32 by FireEye, also targeted corporations with a vested interest in Vietnams manufacturing, consumer products, and hospitality sectors. Furthermore, it has also targeted foreign governments, as well as Vietnamese dissidents and journalists since at least 2013. References: https://www.fireeye.com/blog/threat-research/2017/05/cyber-espionage-apt32.html https://www.cybereason.com/labs-operation-cobalt-kitty-a-large-scale-apt-in-asia-carried-out-by-the-oceanlotus-group/https://www.scmagazineuk.com/ocean-lotus-groupapt-32-identified-as-vietnamese-apt-group/article/663565/Data Source: https://github.com/RedDrip7/APT_Digital_Weapon
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	Dropped file: MD5: 23b7d7d024abb0f558420e098800bf27 Family: OceanLotus Alias: OceanLotus, , Cobalt Kitty , APT-C-00, SeaLotus, APT32 Description: OceanLotus is an APT group that was first disclosed and named by QI-ANXIN. The APT group carried out targeted attacks against Chinese government, research institutes, maritime institutions, and shipping companies since 2012. The group, called as APT32 by FireEye, also targeted corporations with a vested interest in Vietnams manufacturing, consumer products, and hospitality sectors. Furthermore, it has also targeted foreign governments, as well as Vietnamese dissidents and journalists since at least 2013. References: https://www.fireeye.com/blog/threat-research/2017/05/cyber-espionage-apt32.html https://www.cybereason.com/labs-operation-cobalt-kitty-a-large-scale-apt-in-asia-carried-out-by-the-oceanlotus-group/https://www.scmagazineuk.com/ocean-lotus-groupapt-32-identified-as-vietnamese-apt-group/article/663565/Data Source: https://github.com/RedDrip7/APT_Digital_Weapon
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	Dropped file: MD5: 23b7d7d024abb0f558420e098800bf27 Family: OceanLotus Alias: OceanLotus, , Cobalt Kitty , APT-C-00, SeaLotus, APT32 Description: OceanLotus is an APT group that was first disclosed and named by QI-ANXIN. The APT group carried out targeted attacks against Chinese government, research institutes, maritime institutions, and shipping companies since 2012. The group, called as APT32 by FireEye, also targeted corporations with a vested interest in Vietnams manufacturing, consumer products, and hospitality sectors. Furthermore, it has also targeted foreign governments, as well as Vietnamese dissidents and journalists since at least 2013. References: https://www.fireeye.com/blog/threat-research/2017/05/cyber-espionage-apt32.html https://www.cybereason.com/labs-operation-cobalt-kitty-a-large-scale-apt-in-asia-carried-out-by-the-oceanlotus-group/https://www.scmagazineuk.com/ocean-lotus-groupapt-32-identified-as-vietnamese-apt-group/article/663565/Data Source: https://github.com/RedDrip7/APT_Digital_Weapon

Contains functionality to call native functions

Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe

Code function: 16_2_04C926E0 ntusercheck,GlobalAlloc,lstrcpynW,

16_2_04C926E0

Creates files inside the system directory

Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe

File created: C:\Windows\SysWOW64\GPhotos.scr

Jump to behavior

Detected potential crypto function

Source: C:\Users\user\Desktop\1a4e5ccd35a56d84281a143f831563be.exe	Code function: 15_2_73A34F30	15_2_73A34F30
Source: C:\Users\user\Desktop\1a4e5ccd35a56d84281a143f831563be.exe	Code function: 15_2_73A32077	15_2_73A32077
Source: C:\Users\user\Desktop\1a4e5ccd35a56d84281a143f831563be.exe	Code function: 15_2_73A34C40	15_2_73A34C40
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	Code function: 16_2_04C97CF0	16_2_04C97CF0
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	Code function: 16_2_04C9F421	16_2_04C9F421
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	Code function: 16_2_04C96A7D	16_2_04C96A7D
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	Code function: 16_2_04C98F8D	16_2_04C98F8D
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_033E522B	20_2_033E522B
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_033E9229	20_2_033E9229
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_033E4112	20_2_033E4112
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_033C0100	20_2_033C0100
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_033D1190	20_2_033D1190
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_033EB1F1	20_2_033EB1F1
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_033BE0B0	20_2_033BE0B0
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_033EB733	20_2_033EB733
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_033EC6B9	20_2_033EC6B9
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_033E141B	20_2_033E141B
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_033DA8B0	20_2_033DA8B0
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_033EDE49	20_2_033EDE49
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_033DFD20	20_2_033DFD20
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_033EBDF3	20_2_033EBDF3
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_033EACAF	20_2_033EACAF
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_04043450	20_2_04043450
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_04065468	20_2_04065468
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_04042500	20_2_04042500
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_04056560	20_2_04056560
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_04042600	20_2_04042600
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_04071701	20_2_04071701
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_04032730	20_2_04032730
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_0406F73C	20_2_0406F73C
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_0403B070	20_2_0403B070
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_04065070	20_2_04065070
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_040340B0	20_2_040340B0
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_040711BF	20_2_040711BF
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_040691CB	20_2_040691CB
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_04037280	20_2_04037280
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_04072303	20_2_04072303
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_04074359	20_2_04074359
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_04071C43	20_2_04071C43
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_04060E40	20_2_04060E40
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_0403DEF0	20_2_0403DEF0
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_04036F10	20_2_04036F10
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_04044810	20_2_04044810
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_04059810	20_2_04059810
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_0406B890	20_2_0406B890
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_04067B7F	20_2_04067B7F
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_04072BC9	20_2_04072BC9
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_04838D40	20_2_04838D40
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_04831410	20_2_04831410
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_0481F430	20_2_0481F430
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_04879445	20_2_04879445
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_0488A469	20_2_0488A469
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_0483D470	20_2_0483D470
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_048275B0	20_2_048275B0
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_048835EB	20_2_048835EB
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_0480B510	20_2_0480B510
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_04828510	20_2_04828510
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_04823680	20_2_04823680
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_048126C0	20_2_048126C0
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_04865600	20_2_04865600
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_04884640	20_2_04884640
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_047E66B0	20_2_047E66B0
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_04836670	20_2_04836670
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_0487D78E	20_2_0487D78E
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_048687C0	20_2_048687C0
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_048107F0	20_2_048107F0
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_0483A710	20_2_0483A710
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_048830A9	20_2_048830A9
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_047F3050	20_2_047F3050
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_04802020	20_2_04802020
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_04836040	20_2_04836040
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_04813180	20_2_04813180
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_047E8150	20_2_047E8150
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_0483E1F0	20_2_0483E1F0
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_047EC190	20_2_047EC190
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_04880233	20_2_04880233
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_04811380	20_2_04811380
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_04874325	20_2_04874325
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_047E53B8	20_2_047E53B8
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_04847360	20_2_04847360
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_0480CDF0	20_2_0480CDF0
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_047F1D00	20_2_047F1D00
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_0486FD20	20_2_0486FD20
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_0481AD70	20_2_0481AD70
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_047EBE50	20_2_047EBE50
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_04887EA7	20_2_04887EA7
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_0487DEEC	20_2_0487DEEC
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_0481AEF0	20_2_0481AEF0
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_047FFEF0	20_2_047FFEF0
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_0487BE1D	20_2_0487BE1D
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_0480BE40	20_2_0480BE40
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_047E3EB0	20_2_047E3EB0
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_04815880	20_2_04815880
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_04842890	20_2_04842890
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_048778B0	20_2_048778B0
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_0488499F	20_2_0488499F
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_047FCAE0	20_2_047FCAE0
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_0481FA40	20_2_0481FA40
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_047E5A90	20_2_047E5A90
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_04871A70	20_2_04871A70
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_047F4B30	20_2_047F4B30
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_047EFB10	20_2_047EFB10
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_04808B70	20_2_04808B70
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_047F6B80	20_2_047F6B80
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_100028F0	20_2_100028F0
Source: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\UNZIP.EXE	Code function: 38_2_00408850	38_2_00408850
Source: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\UNZIP.EXE	Code function: 38_2_0040C820	38_2_0040C820
Source: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\UNZIP.EXE	Code function: 38_2_00403490	38_2_00403490
Source: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\UNZIP.EXE	Code function: 38_2_00411170	38_2_00411170
Source: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\UNZIP.EXE	Code function: 38_2_0040E900	38_2_0040E900
Source: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\UNZIP.EXE	Code function: 38_2_0040CE49	38_2_0040CE49
Source: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\UNZIP.EXE	Code function: 38_2_0040CE50	38_2_0040CE50
Source: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\UNZIP.EXE	Code function: 38_2_00402210	38_2_00402210
Source: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\UNZIP.EXE	Code function: 38_2_00408EC0	38_2_00408EC0
Source: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\UNZIP.EXE	Code function: 38_2_00417EE3	38_2_00417EE3
Source: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\UNZIP.EXE	Code function: 38_2_00402EF0	38_2_00402EF0
Source: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\UNZIP.EXE	Code function: 38_2_0040F280	38_2_0040F280
Source: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\UNZIP.EXE	Code function: 38_2_00409FD0	38_2_00409FD0
Source: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\UNZIP.EXE	Code function: 38_2_004093E0	38_2_004093E0
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: 135_2_6C28CD7F	135_2_6C28CD7F
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: 135_2_6C2C8DB8	135_2_6C2C8DB8
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: 135_2_6C23AEB5	135_2_6C23AEB5
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: 135_2_6C2D6F10	135_2_6C2D6F10
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: 135_2_6C2309FB	135_2_6C2309FB
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: 135_2_6C23AB7B	135_2_6C23AB7B
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: 135_2_6C2DEBA7	135_2_6C2DEBA7
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: 135_2_6C2D2B84	135_2_6C2D2B84
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: 135_2_6C230BC8	135_2_6C230BC8
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: 135_2_6C24EBDD	135_2_6C24EBDD
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: 135_2_6C230549	135_2_6C230549
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: 135_2_6C2605BE	135_2_6C2605BE
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: 135_2_6C23059C	135_2_6C23059C
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: 135_2_6C2405D2	135_2_6C2405D2
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: 135_2_6C2486A2	135_2_6C2486A2
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: 135_2_6C2AC698	135_2_6C2AC698
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: 135_2_6C2AA693	135_2_6C2AA693
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: 135_2_6C2B86F4	135_2_6C2B86F4
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: 135_2_6C2DE7B6	135_2_6C2DE7B6
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: 135_2_6C23A7EB	135_2_6C23A7EB
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: 135_2_6C24208B	135_2_6C24208B
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: 135_2_6C2C20CF	135_2_6C2C20CF
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: 135_2_6C2B2146	135_2_6C2B2146
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: 135_2_6C24DCBB	135_2_6C24DCBB
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: 135_2_6C23BDA0	135_2_6C23BDA0
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: 135_2_6C275837	135_2_6C275837
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: 135_2_6C259840	135_2_6C259840
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: 135_2_6C2DD8C3	135_2_6C2DD8C3
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: 135_2_6C2AD8DA	135_2_6C2AD8DA
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: 135_2_6C241906	135_2_6C241906
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: 135_2_6C23BA5E	135_2_6C23BA5E
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: 135_2_6C2DBB66	135_2_6C2DBB66
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: 135_2_6C267579	135_2_6C267579
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: 135_2_6C2AB63B	135_2_6C2AB63B
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: 135_2_6C2CD670	135_2_6C2CD670
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: 135_2_6C2B56B4	135_2_6C2B56B4
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: 135_2_6C299002	135_2_6C299002
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: 135_2_6C2E10E6	135_2_6C2E10E6
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: 135_2_6C2370ED	135_2_6C2370ED
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: 135_2_6C231137	135_2_6C231137
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: 135_2_6C2C714C	135_2_6C2C714C
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: 135_2_6C253155	135_2_6C253155
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: 135_2_6C247216	135_2_6C247216
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: 135_2_6C2492E9	135_2_6C2492E9
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: 135_2_6C23B35D	135_2_6C23B35D
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: 135_2_6C35EB00	135_2_6C35EB00
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: 135_2_6C36E4A0	135_2_6C36E4A0
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: 135_2_6C33E670	135_2_6C33E670
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: 135_2_6C3707E0	135_2_6C3707E0
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: 135_2_6C36E240	135_2_6C36E240

Found potential string decryption / allocating functions

Source: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\UNZIP.EXE	Code function: String function: 00412920 appears 297 times
Source: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\UNZIP.EXE	Code function: String function: 00406640 appears 57 times
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	Code function: String function: 04C97C8C appears 38 times
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: String function: 0487784C appears 46 times
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: String function: 0482BBE0 appears 33 times
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: String function: 048734CE appears 109 times
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: String function: 0404A590 appears 51 times
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: String function: 047E7C90 appears 40 times
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: String function: 04859BE0 appears 40 times
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: String function: 033DFCBC appears 39 times
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: String function: 04832DE0 appears 88 times
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: String function: 047E3300 appears 67 times
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: String function: 033CDD30 appears 51 times
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: String function: 04065014 appears 39 times
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: String function: 6C234BAC appears 37 times
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: String function: 6C11A5B1 appears 82 times
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: String function: 6C36CA60 appears 56 times
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: String function: 6C23517A appears 64 times
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: String function: 6C11A5E7 appears 128 times
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: String function: 6C11A57E appears 282 times
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: String function: 6C22E590 appears 34 times
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: String function: 6C22FF6A appears 136 times
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: String function: 6C22FFE8 appears 71 times

Uses reg.exe to modify the Windows registry

Source: C:\Windows\SysWOW64\cmd.exe

Process created: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\REG.EXE REG DELETE "HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SeznamInstall" /f /va

Source: classification engine

Classification label: mal72.rans.evad.winZIP@317/1031@40/38

Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe

Code function: 20_2_04036450 GetLastError,FormatMessageA,LocalFree,

20_2_04036450

Source: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\UNZIP.EXE	Code function: 38_2_00412830 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,LookupPrivilegeValueA,GetLastError,AdjustTokenPrivileges,AdjustTokenPrivileges,GetLastError,CloseHandle,LookupPrivilegeValueA,AdjustTokenPrivileges,GetLastError,CloseHandle,		38_2_00412830
Source: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\REG.EXE	Code function: 42_2_01003280 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,		42_2_01003280

Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe

Code function: 135_2_6C10DAAA ?_Statvfs@sys@tr2@std@@YA?AUspace_info@123@PB_W@Z,__EH_prolog3_GS,wcslen,GetDiskFreeSpaceExW,

135_2_6C10DAAA

Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe

Code function: 16_2_04C91D20 CoCreateInstance,

16_2_04C91D20

Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe

Code function: 20_2_033B2780 lstrlenW,_malloc,WideCharToMultiByte,LoadLibraryExA,FindResourceA,LoadResource,SizeofResource,FreeLibrary,

20_2_033B2780

Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe

File created: C:\Program Files (x86)\Google\Picasa3

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe

File created: C:\Users\Public\Desktop\Picasa 3.lnk

Jump to behavior

Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2080:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5744:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4132:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7324:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3916:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6608:120:WilError_03
Source: C:\Program Files (x86)\Google\Picasa3\PicasaPhotoViewer.exe	Mutant created: \Sessions\1\BaseNamedObjects\Slingshot
Source: C:\Windows\SysWOW64\rundll32.exe	Mutant created: \Sessions\1\BaseNamedObjects\{42FD847D-5CAE-41A6-ACA4-9BDF58CE3344}
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7384:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:304:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3616:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4020:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2932:120:WilError_03
Source: C:\Program Files (x86)\Google\Picasa3\PicasaPhotoViewer.exe	Mutant created: \Sessions\1\BaseNamedObjects\Slingshot_setup
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Mutant created: \Sessions\1\BaseNamedObjects\Picasa
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Mutant created: \Sessions\1\BaseNamedObjects\szn-install-2012-d258fa602b6b6016a83aa6553428620f
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Mutant created: \Sessions\1\BaseNamedObjects\LightSpeed-ServiceApp-runmutexszndesktop.exe
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2084:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4184:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7452:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5232:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6464:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7460:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2188:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3640:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7872:120:WilError_03
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Mutant created: \Sessions\1\BaseNamedObjects\Picasa2
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7844:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5488:120:WilError_03

Source: C:\Users\user\Desktop\1a4e5ccd35a56d84281a143f831563be.exe

File created: C:\Users\user\AppData\Local\Temp\nsf8723.tmp

Jump to behavior

Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup-lt.exe

Process created: C:\Windows\SysWOW64\cmd.exe cmd /S /C "install.bat C:\Users\user\AppData\Roaming\Seznam.cz"

Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

System information queried: HandleInformation

Source: C:\Users\user\Desktop\1a4e5ccd35a56d84281a143f831563be.exe

File read: C:\Users\desktop.ini

Jump to behavior

Source: C:\Windows\System32\rundll32.exe

Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: unknown

Process created: C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

Source: UNZIP.EXE

String found in binary or memory: C:/Users/user/AppData/Roaming/Seznam.cz/install/com.microsoft.msdn.msvcr110-11.0.51106.1-win32.zip

Source: unknown	Process created: C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
Source: unknown	Process created: C:\Users\user\Desktop\1a4e5ccd35a56d84281a143f831563be.exe "C:\Users\user\Desktop\1a4e5ccd35a56d84281a143f831563be.exe"
Source: unknown	Process created: C:\Users\user\Desktop\1a4e5ccd35a56d84281a143f831563be.exe "C:\Users\user\Desktop\1a4e5ccd35a56d84281a143f831563be.exe"
Source: C:\Users\user\Desktop\1a4e5ccd35a56d84281a143f831563be.exe	Process created: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe setuppicasa39-setup.exe
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	Process created: C:\Windows\SysWOW64\GPhotos.scr "C:\Windows\system32\GPhotos.scr" /c /installcheck
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	Process created: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe "C:\Program Files (x86)\Google\Picasa3\Picasa3.exe" /register
Source: unknown	Process created: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe "C:\Program Files (x86)\Google\Picasa3\Picasa3.exe"
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Process created: C:\Program Files (x86)\Google\Picasa3\PicasaPhotoViewer.exe /config
Source: C:\Users\user\Desktop\1a4e5ccd35a56d84281a143f831563be.exe	Process created: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\listicka.exe listicka.exe /S
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\listicka.exe	Process created: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup-lt.exe "C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup-lt.exe" -T "C:\Users\user\AppData\Roaming\Seznam.cz" -R "$\install" http://download.seznam.cz/update
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup-lt.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\listicka.exe	Process created: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup-lt.exe "C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup-lt.exe" -T "C:\Users\user\AppData\Roaming\Seznam.cz" -i cz.seznam.software.szninstall
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup-lt.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Process created: C:\Program Files\Internet Explorer\iexplore.exe "C:\Program Files\Internet Explorer\iexplore.exe" -nohome "http://picasa.google.com/support/bin/answer.py?hl=en&answer=93773"
Source: C:\Program Files\Internet Explorer\iexplore.exe	Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3720 CREDAT:9474 /prefetch:2
Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe "C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe" --from-ie-to-edge=3 --ie-frame-hwnd=602e8
Source: C:\Program Files\Internet Explorer\iexplore.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe "C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe" --from-ie-to-edge=3 --ie-frame-hwnd=602e8
Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe	Process created: C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe "C:\PROGRA~2\Java\jre-1.8\bin\ssvagent.exe" -new
Source: C:\Program Files\Internet Explorer\iexplore.exe	Process created: C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe "C:\PROGRA~2\Java\jre-1.8\bin\ssvagent.exe" -new
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --from-ie-to-edge=3 --ie-frame-hwnd=602e8
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2244 --field-trial-handle=2004,i,1639013666010223883,15040558206664522354,262144 /prefetch:3
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup-lt.exe	Process created: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\UNZIP.EXE C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\unzip.exe -d C:\Users\user\AppData\Local\Temp\~006A18C4.00001B74.sznpkg -o C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\download\cz.seznam.software.sznsetup-1.2.7-win32.zip
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup-lt.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /S /C "install.bat C:\Users\user\AppData\Roaming\Seznam.cz"
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup-lt.exe	Process created: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\UNZIP.EXE C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\unzip.exe -d C:\Users\user\AppData\Local\Temp\~006A1AF6.00001B74.sznpkg -o C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\download\cz.seznam.software.szninstall-1.1.15-win32.zip
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup-lt.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /S /C "install.bat C:\Users\user\AppData\Roaming\Seznam.cz"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\REG.EXE REG DELETE "HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SeznamInstall" /f /va
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\REG.EXE REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SeznamInstall" /f
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\REG.EXE REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SeznamInstall" /f /v "InstallLocation" /d C:\Users\user\AppData\Roaming\Seznam.cz
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\REG.EXE REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SeznamInstall" /f /v "DisplayName" /d "Seznam Software"
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=1724 --field-trial-handle=2004,i,1639013666010223883,15040558206664522354,262144 /prefetch:8
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\REG.EXE REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SeznamInstall" /f /v "DisplayIcon" /d "C:\Users\user\AppData\Roaming\Seznam.cz\szninstall.exe,0"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\REG.EXE REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SeznamInstall" /f /v "UninstallString" /d "\"C:\Users\user\AppData\Roaming\Seznam.cz\szninstall.exe\" -X"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\REG.EXE REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SeznamInstall" /f /v "ModifyPath" /d "C:\Users\user\AppData\Roaming\Seznam.cz\szninstall.exe"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\REG.EXE REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SeznamInstall" /f /v "Publisher" /d "Seznam.cz"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\REG.EXE REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SeznamInstall" /f /v "URLInfoAbout" /d "http://software.seznam.cz"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\REG.EXE REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SeznamInstall" /f /v "Comments" /d "Vsechny aplikace spolecnosti Seznam.cz a.s."
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\REG.EXE REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SeznamInstall" /f /v "NoRepair" /t REG_DWORD /d 1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\REG.EXE REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SeznamInstall" /f /v "NoModify" /t REG_DWORD /d 0
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\listicka.exe	Process created: C:\Users\user\AppData\Roaming\Seznam.cz\szninstall.exe "C:\Users\user\AppData\Roaming\Seznam.cz\szninstall.exe" -s -u -i cz.seznam.software.autoupdate szn-software-listicka
Source: C:\Users\user\AppData\Roaming\Seznam.cz\szninstall.exe	Process created: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe -V
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.ProfileImport --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=6596 --field-trial-handle=2004,i,1639013666010223883,15040558206664522354,262144 /prefetch:8
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=3720 --field-trial-handle=2004,i,1639013666010223883,15040558206664522354,262144 /prefetch:8
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\cookie_exporter.exe cookie_exporter.exe --cookie-json=1188
Source: C:\Users\user\AppData\Roaming\Seznam.cz\szninstall.exe	Process created: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe -T C:\Users\user\AppData\Roaming\Seznam.cz -i -u cz.seznam.software.autoupdate szn-software-listicka -p
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Program Files\Internet Explorer\iexplore.exe	Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3720 CREDAT:202066 /prefetch:2
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-GB --service-sandbox-type=audio --mojo-platform-channel-handle=4984 --field-trial-handle=2004,i,1639013666010223883,15040558206664522354,262144 /prefetch:8
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\UNZIP.EXE C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\unzip.exe -d C:\Users\user\AppData\Local\Temp\~006A81A0.00000DD4.sznpkg -o C:\Users\user\AppData\Roaming\Seznam.cz\install\cz.seznam.software.autoupdate-1.0.8-win32.zip
Source: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\UNZIP.EXE	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /S /C "install.bat C:\Users\user\AppData\Roaming\Seznam.cz"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\REG.EXE REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /f /v "cz.seznam.software.autoupdate" /d "\"C:\Users\user\AppData\Roaming\Seznam.cz\szninstall.exe\" -c"
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\UNZIP.EXE C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\unzip.exe -d C:\Users\user\AppData\Local\Temp\~006A8374.00000DD4.sznpkg -o C:\Users\user\AppData\Roaming\Seznam.cz\install\szn-software-base-1.0.0-win32.zip
Source: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\UNZIP.EXE	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /S /C "install.bat C:\Users\user\AppData\Roaming\Seznam.cz"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\UNZIP.EXE C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\unzip.exe -d C:\Users\user\AppData\Local\Temp\~006A848E.00000DD4.sznpkg -o C:\Users\user\AppData\Roaming\Seznam.cz\install\com.microsoft.msdn.msvcr110-11.0.51106.1-win32.zip
Source: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\UNZIP.EXE	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /S /C "install.bat C:\Users\user\AppData\Roaming\Seznam.cz"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\CPY.EXE cpy msvcp110.dll "C:\Users\user\AppData\Roaming\Seznam.cz\bin"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\CPY.EXE cpy msvcr110.dll "C:\Users\user\AppData\Roaming\Seznam.cz\bin"
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\UNZIP.EXE C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\unzip.exe -d C:\Users\user\AppData\Local\Temp\~006A8960.00000DD4.sznpkg -o C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\download\cz.seznam.software.lightspeed-1210-12.10.18-win32.zip
Source: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\UNZIP.EXE	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /S /C "install.bat C:\Users\user\AppData\Roaming\Seznam.cz"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\CPY.EXE cpy lightspeed.dll "C:\Users\user\AppData\Roaming\Seznam.cz\bin"
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\UNZIP.EXE C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\unzip.exe -d C:\Users\user\AppData\Local\Temp\~006A8B64.00000DD4.sznpkg -o C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\download\cz.seznam.software.libszndesktop-2.1.35-win32.zip
Source: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\UNZIP.EXE	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /S /C "install.bat C:\Users\user\AppData\Roaming\Seznam.cz"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\CPY.EXE cpy "szndesktop.exe" "C:\Users\user\AppData\Roaming\Seznam.cz\bin"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\CPY.EXE cpy "szndesktop.conf" "C:\Users\user\AppData\Roaming\Seznam.cz\conf"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\CPY.EXE cpy "szndesktop.webpak" "C:\Users\user\AppData\Roaming\Seznam.cz\data"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\CPY.EXE cpy "sznpp.exe" "C:\Users\user\AppData\Roaming\Seznam.cz\bin"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\REG.EXE reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SeznamInstall" /v DisplayVersion /t REG_SZ /d "2.1.35" /f
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\UNZIP.EXE C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\unzip.exe -d C:\Users\user\AppData\Local\Temp\~006A9140.00000DD4.sznpkg -o C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\download\cz.seznam.software.szndesktop-2.0.32-win32.zip
Source: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\UNZIP.EXE	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /S /C "install.bat C:\Users\user\AppData\Roaming\Seznam.cz"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\CPY.EXE cpy "wszndesktop.exe" "C:\Users\user\AppData\Roaming\Seznam.cz\bin"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\REG.EXE REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /f /v "cz.seznam.software.szndesktop" /d "\"C:\Users\user\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe\" -q"
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\UNZIP.EXE C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\unzip.exe -d C:\Users\user\AppData\Local\Temp\~006A93FF.00000DD4.sznpkg -o C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\download\cz.seznam.software.libfoxcub-3.3.8-win32.zip
Source: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\UNZIP.EXE	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /S /C "install.bat C:\Users\user\AppData\Roaming\Seznam.cz"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\CPY.EXE cpy libfoxcub.dll "C:\Users\user\AppData\Roaming\Seznam.cz\bin"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\CPY.EXE cpy libfoxcub-x64.dll "C:\Users\user\AppData\Roaming\Seznam.cz\bin"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\CPY.EXE cpy libfoxcub.conf "C:\Users\user\AppData\Roaming\Seznam.cz\conf\szndesktop.d"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\CPY.EXE cpy foxcub.conf "C:\Users\user\AppData\Roaming\Seznam.cz\conf\libfoxcub"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\CPY.EXE cpy remote.conf "C:\Users\user\AppData\Roaming\Seznam.cz\conf\libfoxcub"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\CPY.EXE cpy listickaconfig.webpak "C:\Users\user\AppData\Roaming\Seznam.cz\data"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\CPY.EXE cpy listickanastaveni.webpak "C:\Users\user\AppData\Roaming\Seznam.cz\data"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\CPY.EXE cpy speeddial.webpak "C:\Users\user\AppData\Roaming\Seznam.cz\data"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe libfoxcub.dll,UpgradeListicka
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\REG.EXE REG QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\szn-software-listicka" /v "UninstallString"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\REG.EXE REG QUERY "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\szn-software-listicka" /v "UninstallString"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\REG.EXE REG DELETE "HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EA837F48-5AD1-443E-AE34-FFE03CBF3099}" /F
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Roaming\Seznam.cz\bin\sznpp.exe "C:\Users\user\AppData\Roaming\Seznam.cz\bin\sznpp.exe" -v report-ielisticka-install --status=0
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\UNZIP.EXE C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\unzip.exe -d C:\Users\user\AppData\Local\Temp\~006AA61F.00000DD4.sznpkg -o C:\Users\user\AppData\Roaming\Seznam.cz\install\cz.seznam.software.libfoxloader-3.2.7-win32.zip
Source: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\UNZIP.EXE	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /S /C "install.bat C:\Users\user\AppData\Roaming\Seznam.cz"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\UNZIP.EXE C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\unzip.exe -d C:\Users\user\AppData\Local\Temp\~006AA7B6.00000DD4.sznpkg -o C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\download\cz.seznam.software.libfoxcub64-3.3.8-win32.zip
Source: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\UNZIP.EXE	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /S /C "install.bat C:\Users\user\AppData\Roaming\Seznam.cz"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\CPY.EXE cpy libfoxcub-x64.dll "C:\Users\user\AppData\Roaming\Seznam.cz\bin"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\CPY.EXE cpy listicka-x64.exe "C:\Users\user\AppData\Roaming\Seznam.cz\bin"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe szndesktop.exe default restart
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Process created: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe szndesktop.exe default restart
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Process created: C:\Users\user\AppData\Roaming\Seznam.cz\bin\listicka-x64.exe "C:\Users\user\AppData\Roaming\Seznam.cz\bin\listicka-x64.exe"
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Process created: C:\Users\user\AppData\Roaming\Seznam.cz\bin\sznpp.exe "C:\Users\user\AppData\Roaming\Seznam.cz\bin\sznpp.exe" report-startup
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\listicka-x64.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\UNZIP.EXE C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\unzip.exe -d C:\Users\user\AppData\Local\Temp\~006AB17A.00000DD4.sznpkg -o C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\download\cz.seznam.software.ielisticka3-3.3.5-win32.zip
Source: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\UNZIP.EXE	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /S /C "install.bat C:\Users\user\AppData\Roaming\Seznam.cz"
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\UNZIP.EXE C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\unzip.exe -d C:\Users\user\AppData\Local\Temp\~006AB2D1.00000DD4.sznpkg -o C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\download\szn-software-fflisticka-4.0.8-win32.zip
Source: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\UNZIP.EXE	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /S /C "install.bat C:\Users\user\AppData\Roaming\Seznam.cz"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Roaming\Seznam.cz\bin\sznpp.exe "C:\Users\user\AppData\Roaming\Seznam.cz\bin\sznpp.exe" install_ff "C:\Users\user\AppData\Roaming\Seznam.cz\data\fflisticka\seznam_doplnek_email-4.4.1-fx.xpi"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Roaming\Seznam.cz\bin\sznpp.exe "C:\Users\user\AppData\Roaming\Seznam.cz\bin\sznpp.exe" install_ff "C:\Users\user\AppData\Roaming\Seznam.cz\data\fflisticka\sko-extension@firma.seznam.cz.xpi"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Roaming\Seznam.cz\bin\sznpp.exe "C:\Users\user\AppData\Roaming\Seznam.cz\bin\sznpp.exe" install-firefox-nm
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\UNZIP.EXE C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\unzip.exe -d C:\Users\user\AppData\Local\Temp\~006AC669.00000DD4.sznpkg -o C:\Users\user\AppData\Roaming\Seznam.cz\install\cz.seznam.software.chromelisticka-2.0.4-win32.zip
Source: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\UNZIP.EXE	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /S /C "install.bat C:\Users\user\AppData\Roaming\Seznam.cz"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Roaming\Seznam.cz\bin\sznpp.exe "C:\Users\user\AppData\Roaming\Seznam.cz\bin\sznpp.exe" install-chrome all
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\sznpp.exe	Process created: C:\Users\user\AppData\Roaming\Seznam.cz\bin\sznpp_64.exe "C:\Users\user\AppData\Roaming\Seznam.cz\bin\sznpp.exe" install-chrome all
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Roaming\Seznam.cz\bin\sznpp.exe "C:\Users\user\AppData\Roaming\Seznam.cz\bin\sznpp.exe" install-chrome-nm
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\UNZIP.EXE C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\unzip.exe -d C:\Users\user\AppData\Local\Temp\~006AD463.00000DD4.sznpkg -o C:\Users\user\AppData\Roaming\Seznam.cz\install\com.microsoft.msdn.msvcr100-10.0.40219.325-win32.zip
Source: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\UNZIP.EXE	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /S /C "install.bat C:\Users\user\AppData\Roaming\Seznam.cz"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\CPY.EXE cpy msvcp100.dll "C:\Users\user\AppData\Roaming\Seznam.cz\bin"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\CPY.EXE cpy msvcr100.dll "C:\Users\user\AppData\Roaming\Seznam.cz\bin"
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\UNZIP.EXE C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\unzip.exe -d C:\Users\user\AppData\Local\Temp\~006AD780.00000DD4.sznpkg -o C:\Users\user\AppData\Roaming\Seznam.cz\install\cz.seznam.software.pp-1.0.2-win32.zip
Source: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\UNZIP.EXE	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /S /C "install.bat C:\Users\user\AppData\Roaming\Seznam.cz"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\CPY.EXE cpy unlockInstance.dll "C:\Users\user\AppData\Roaming\Seznam.cz\bin"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\CPY.EXE cpy unlockInstance.conf "C:\Users\user\AppData\Roaming\Seznam.cz\conf\szndesktop.d"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe szndesktop.exe default restart
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Process created: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe szndesktop.exe default restart
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Process created: C:\Users\user\AppData\Roaming\Seznam.cz\bin\sznpp.exe "C:\Users\user\AppData\Roaming\Seznam.cz\bin\sznpp.exe" install-chrome retry
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\sznpp.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Process created: C:\Users\user\AppData\Roaming\Seznam.cz\bin\listicka-x64.exe "C:\Users\user\AppData\Roaming\Seznam.cz\bin\listicka-x64.exe"
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Process created: C:\Users\user\AppData\Roaming\Seznam.cz\bin\sznpp.exe "C:\Users\user\AppData\Roaming\Seznam.cz\bin\sznpp.exe" report-startup
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\listicka-x64.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\sznpp.exe	Process created: C:\Users\user\AppData\Roaming\Seznam.cz\bin\sznpp_64.exe "C:\Users\user\AppData\Roaming\Seznam.cz\bin\sznpp.exe" install-chrome retry
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\UNZIP.EXE C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\unzip.exe -d C:\Users\user\AppData\Local\Temp\~006AE03A.00000DD4.sznpkg -o C:\Users\user\AppData\Roaming\Seznam.cz\install\szn-software-listicka-3.0.0-win32.zip
Source: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\UNZIP.EXE	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\sznpp_64.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe chrome.exe --no-default-browser-check --new-window about:blank
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /S /C "install.bat C:\Users\user\AppData\Roaming\Seznam.cz"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe "C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe" -A 49764 cd "C:\Users\user\AppData\Roaming\Seznam.cz"
Source: C:\Users\user\AppData\Roaming\Seznam.cz\szninstall.exe	Process created: C:\Users\user\AppData\Roaming\Seznam.cz\szninstall.exe "C:\Users\user\AppData\Roaming\Seznam.cz\szninstall.exe" -S 49764
Source: C:\Windows\System32\conhost.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2216 --field-trial-handle=1932,i,14273124409084968856,4101485093560783332,262144 /prefetch:8
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe "C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe" -A 49764 "C:\Users\user\AppData\Local\Temp\~006AE03A.00000DD4.sznpkg\install.bat" ADMINPHASE . "C:\Program Files (x86)\Seznam.cz\distribution"
Source: C:\Users\user\AppData\Roaming\Seznam.cz\szninstall.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c C:\Users\user\AppData\Local\Temp\~006AE03A.00000DD4.sznpkg\install.bat ADMINPHASE . "C:\Program Files (x86)\Seznam.cz\distribution"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe ".\sznsetup.exe" -T "C:\Program Files (x86)\Seznam.cz\distribution" -R "C:\Program Files (x86)\Seznam.cz\distribution\install"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\xcopy.exe xcopy /S /Y /G /I ".\install\." "C:\Program Files (x86)\Seznam.cz\distribution\install"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\REG.EXE REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /f /v "seznam-listicka-distribuce" /d "\"C:\Program Files (x86)\Seznam.cz\distribution\szninstall.exe\" -s -d listicka 1 szn-software-listicka cz.seznam.software.autoupdate"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\REG.EXE REG ADD "HKEY_CURRENT_USER\SOFTWARE\Seznam.cz\distribution" /f /v "listicka" /t REG_DWORD /d 1
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /S /C "C:\Users\user\AppData\Roaming\Seznam.cz\uninstall\cz_seznam_software_libszndesktop_2_1_35.reconfigure.bat C:\Users\user\AppData\Roaming\Seznam.cz"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe "C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe" default restart
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Process created: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe "C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe" default restart
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Process created: C:\Users\user\AppData\Roaming\Seznam.cz\bin\sznpp.exe "C:\Users\user\AppData\Roaming\Seznam.cz\bin\sznpp.exe" install-chrome retry
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\sznpp.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Process created: C:\Users\user\AppData\Roaming\Seznam.cz\bin\listicka-x64.exe "C:\Users\user\AppData\Roaming\Seznam.cz\bin\listicka-x64.exe"
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Process created: C:\Users\user\AppData\Roaming\Seznam.cz\bin\sznpp.exe "C:\Users\user\AppData\Roaming\Seznam.cz\bin\sznpp.exe" report-startup
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\listicka-x64.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Roaming\Seznam.cz\szninstall.exe	Process created: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe -V
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-GB --service-sandbox-type=search_indexer --message-loop-type-ui --mojo-platform-channel-handle=6084 --field-trial-handle=2004,i,1639013666010223883,15040558206664522354,262144 /prefetch:8
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\sznpp_64.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe chrome.exe --no-default-browser-check --new-window about:blank
Source: C:\Users\user\Desktop\1a4e5ccd35a56d84281a143f831563be.exe	Process created: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe setuppicasa39-setup.exe	Jump to behavior
Source: C:\Users\user\Desktop\1a4e5ccd35a56d84281a143f831563be.exe	Process created: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\listicka.exe listicka.exe /S	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	Process created: C:\Windows\SysWOW64\GPhotos.scr "C:\Windows\system32\GPhotos.scr" /c /installcheck	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	Process created: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe "C:\Program Files (x86)\Google\Picasa3\Picasa3.exe" /register	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Process created: C:\Program Files (x86)\Google\Picasa3\PicasaPhotoViewer.exe /config	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Process created: C:\Program Files\Internet Explorer\iexplore.exe "C:\Program Files\Internet Explorer\iexplore.exe" -nohome "http://picasa.google.com/support/bin/answer.py?hl=en&answer=93773"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\listicka.exe	Process created: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup-lt.exe "C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup-lt.exe" -T "C:\Users\user\AppData\Roaming\Seznam.cz" -R "$\install" http://download.seznam.cz/update
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\listicka.exe	Process created: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup-lt.exe "C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup-lt.exe" -T "C:\Users\user\AppData\Roaming\Seznam.cz" -i cz.seznam.software.szninstall
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\listicka.exe	Process created: C:\Users\user\AppData\Roaming\Seznam.cz\szninstall.exe "C:\Users\user\AppData\Roaming\Seznam.cz\szninstall.exe" -s -u -i cz.seznam.software.autoupdate szn-software-listicka
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup-lt.exe	Process created: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\UNZIP.EXE C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\unzip.exe -d C:\Users\user\AppData\Local\Temp\~006A18C4.00001B74.sznpkg -o C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\download\cz.seznam.software.sznsetup-1.2.7-win32.zip
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup-lt.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /S /C "install.bat C:\Users\user\AppData\Roaming\Seznam.cz"
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup-lt.exe	Process created: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\UNZIP.EXE C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\unzip.exe -d C:\Users\user\AppData\Local\Temp\~006A1AF6.00001B74.sznpkg -o C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\download\cz.seznam.software.szninstall-1.1.15-win32.zip
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup-lt.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /S /C "install.bat C:\Users\user\AppData\Roaming\Seznam.cz"
Source: C:\Program Files\Internet Explorer\iexplore.exe	Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3720 CREDAT:9474 /prefetch:2
Source: C:\Program Files\Internet Explorer\iexplore.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe "C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe" --from-ie-to-edge=3 --ie-frame-hwnd=602e8
Source: C:\Program Files\Internet Explorer\iexplore.exe	Process created: C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe "C:\PROGRA~2\Java\jre-1.8\bin\ssvagent.exe" -new
Source: C:\Program Files\Internet Explorer\iexplore.exe	Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3720 CREDAT:202066 /prefetch:2
Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe "C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe" --from-ie-to-edge=3 --ie-frame-hwnd=602e8
Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe	Process created: C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe "C:\PROGRA~2\Java\jre-1.8\bin\ssvagent.exe" -new
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --from-ie-to-edge=3 --ie-frame-hwnd=602e8
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2244 --field-trial-handle=2004,i,1639013666010223883,15040558206664522354,262144 /prefetch:3
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=1724 --field-trial-handle=2004,i,1639013666010223883,15040558206664522354,262144 /prefetch:8
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=1724 --field-trial-handle=2004,i,1639013666010223883,15040558206664522354,262144 /prefetch:8
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\CPY.EXE cpy speeddial.webpak "C:\Users\user\AppData\Roaming\Seznam.cz\data"
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /S /C "install.bat C:\Users\user\AppData\Roaming\Seznam.cz"
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\REG.EXE REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /f /v "cz.seznam.software.szndesktop" /d "\"C:\Users\user\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe\" -q"
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\UNZIP.EXE C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\unzip.exe -d C:\Users\user\AppData\Local\Temp\~006A18C4.00001B74.sznpkg -o C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\download\cz.seznam.software.sznsetup-1.2.7-win32.zip
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.ProfileImport --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=6596 --field-trial-handle=2004,i,1639013666010223883,15040558206664522354,262144 /prefetch:8
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=3720 --field-trial-handle=2004,i,1639013666010223883,15040558206664522354,262144 /prefetch:8
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\CPY.EXE cpy "szndesktop.conf" "C:\Users\user\AppData\Roaming\Seznam.cz\conf"
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /S /C "install.bat C:\Users\user\AppData\Roaming\Seznam.cz"
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\REG.EXE REG ADD "HKEY_CURRENT_USER\SOFTWARE\Seznam.cz\distribution" /f /v "listicka" /t REG_DWORD /d 1
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-GB --service-sandbox-type=audio --mojo-platform-channel-handle=4984 --field-trial-handle=2004,i,1639013666010223883,15040558206664522354,262144 /prefetch:8
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-GB --service-sandbox-type=search_indexer --message-loop-type-ui --mojo-platform-channel-handle=6084 --field-trial-handle=2004,i,1639013666010223883,15040558206664522354,262144 /prefetch:8
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\REG.EXE REG DELETE "HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SeznamInstall" /f /va
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\REG.EXE REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SeznamInstall" /f
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\REG.EXE REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SeznamInstall" /f /v "InstallLocation" /d C:\Users\user\AppData\Roaming\Seznam.cz
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\REG.EXE REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SeznamInstall" /f /v "DisplayName" /d "Seznam Software"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\REG.EXE REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SeznamInstall" /f /v "DisplayIcon" /d "C:\Users\user\AppData\Roaming\Seznam.cz\szninstall.exe,0"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\REG.EXE REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SeznamInstall" /f /v "UninstallString" /d "\"C:\Users\user\AppData\Roaming\Seznam.cz\szninstall.exe\" -X"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\REG.EXE REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SeznamInstall" /f /v "ModifyPath" /d "C:\Users\user\AppData\Roaming\Seznam.cz\szninstall.exe"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\REG.EXE REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SeznamInstall" /f /v "Publisher" /d "Seznam.cz"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\REG.EXE REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SeznamInstall" /f /v "URLInfoAbout" /d "http://software.seznam.cz"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\REG.EXE REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SeznamInstall" /f /v "InstallLocation" /d C:\Users\user\AppData\Roaming\Seznam.cz
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\REG.EXE REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SeznamInstall" /f /v "Comments" /d "Vsechny aplikace spolecnosti Seznam.cz a.s."
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\REG.EXE REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SeznamInstall" /f /v "NoRepair" /t REG_DWORD /d 1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\REG.EXE REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SeznamInstall" /f /v "NoModify" /t REG_DWORD /d 0
Source: C:\Users\user\AppData\Roaming\Seznam.cz\szninstall.exe	Process created: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe -V
Source: C:\Users\user\AppData\Roaming\Seznam.cz\szninstall.exe	Process created: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe -T C:\Users\user\AppData\Roaming\Seznam.cz -i -u cz.seznam.software.autoupdate szn-software-listicka -p
Source: C:\Users\user\AppData\Roaming\Seznam.cz\szninstall.exe	Process created: C:\Users\user\AppData\Roaming\Seznam.cz\szninstall.exe "C:\Users\user\AppData\Roaming\Seznam.cz\szninstall.exe" -S 49764
Source: C:\Users\user\AppData\Roaming\Seznam.cz\szninstall.exe	Process created: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe -V
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\cookie_exporter.exe cookie_exporter.exe --cookie-json=1188
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\UNZIP.EXE C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\unzip.exe -d C:\Users\user\AppData\Local\Temp\~006A81A0.00000DD4.sznpkg -o C:\Users\user\AppData\Roaming\Seznam.cz\install\cz.seznam.software.autoupdate-1.0.8-win32.zip
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /S /C "install.bat C:\Users\user\AppData\Roaming\Seznam.cz"
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\UNZIP.EXE C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\unzip.exe -d C:\Users\user\AppData\Local\Temp\~006A8374.00000DD4.sznpkg -o C:\Users\user\AppData\Roaming\Seznam.cz\install\szn-software-base-1.0.0-win32.zip
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /S /C "install.bat C:\Users\user\AppData\Roaming\Seznam.cz"
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\UNZIP.EXE C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\unzip.exe -d C:\Users\user\AppData\Local\Temp\~006A848E.00000DD4.sznpkg -o C:\Users\user\AppData\Roaming\Seznam.cz\install\com.microsoft.msdn.msvcr110-11.0.51106.1-win32.zip
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /S /C "install.bat C:\Users\user\AppData\Roaming\Seznam.cz"
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\UNZIP.EXE C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\unzip.exe -d C:\Users\user\AppData\Local\Temp\~006A8960.00000DD4.sznpkg -o C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\download\cz.seznam.software.lightspeed-1210-12.10.18-win32.zip
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /S /C "install.bat C:\Users\user\AppData\Roaming\Seznam.cz"
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\UNZIP.EXE C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\unzip.exe -d C:\Users\user\AppData\Local\Temp\~006A8B64.00000DD4.sznpkg -o C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\download\cz.seznam.software.libszndesktop-2.1.35-win32.zip
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /S /C "install.bat C:\Users\user\AppData\Roaming\Seznam.cz"
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\UNZIP.EXE C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\unzip.exe -d C:\Users\user\AppData\Local\Temp\~006A9140.00000DD4.sznpkg -o C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\download\cz.seznam.software.szndesktop-2.0.32-win32.zip
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /S /C "install.bat C:\Users\user\AppData\Roaming\Seznam.cz"
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\UNZIP.EXE C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\unzip.exe -d C:\Users\user\AppData\Local\Temp\~006A93FF.00000DD4.sznpkg -o C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\download\cz.seznam.software.libfoxcub-3.3.8-win32.zip
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /S /C "install.bat C:\Users\user\AppData\Roaming\Seznam.cz"
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\UNZIP.EXE C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\unzip.exe -d C:\Users\user\AppData\Local\Temp\~006AA61F.00000DD4.sznpkg -o C:\Users\user\AppData\Roaming\Seznam.cz\install\cz.seznam.software.libfoxloader-3.2.7-win32.zip
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /S /C "install.bat C:\Users\user\AppData\Roaming\Seznam.cz"
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\UNZIP.EXE C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\unzip.exe -d C:\Users\user\AppData\Local\Temp\~006AA7B6.00000DD4.sznpkg -o C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\download\cz.seznam.software.libfoxcub64-3.3.8-win32.zip
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /S /C "install.bat C:\Users\user\AppData\Roaming\Seznam.cz"
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\UNZIP.EXE C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\unzip.exe -d C:\Users\user\AppData\Local\Temp\~006AB17A.00000DD4.sznpkg -o C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\download\cz.seznam.software.ielisticka3-3.3.5-win32.zip
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /S /C "install.bat C:\Users\user\AppData\Roaming\Seznam.cz"
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\UNZIP.EXE C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\unzip.exe -d C:\Users\user\AppData\Local\Temp\~006AB2D1.00000DD4.sznpkg -o C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\download\szn-software-fflisticka-4.0.8-win32.zip
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /S /C "install.bat C:\Users\user\AppData\Roaming\Seznam.cz"
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\UNZIP.EXE C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\unzip.exe -d C:\Users\user\AppData\Local\Temp\~006AC669.00000DD4.sznpkg -o C:\Users\user\AppData\Roaming\Seznam.cz\install\cz.seznam.software.chromelisticka-2.0.4-win32.zip
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /S /C "install.bat C:\Users\user\AppData\Roaming\Seznam.cz"
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\UNZIP.EXE C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\unzip.exe -d C:\Users\user\AppData\Local\Temp\~006AD463.00000DD4.sznpkg -o C:\Users\user\AppData\Roaming\Seznam.cz\install\com.microsoft.msdn.msvcr100-10.0.40219.325-win32.zip
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /S /C "install.bat C:\Users\user\AppData\Roaming\Seznam.cz"
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\UNZIP.EXE C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\unzip.exe -d C:\Users\user\AppData\Local\Temp\~006AD780.00000DD4.sznpkg -o C:\Users\user\AppData\Roaming\Seznam.cz\install\cz.seznam.software.pp-1.0.2-win32.zip
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\CPY.EXE cpy libfoxcub.conf "C:\Users\user\AppData\Roaming\Seznam.cz\conf\szndesktop.d"
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\UNZIP.EXE C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\unzip.exe -d C:\Users\user\AppData\Local\Temp\~006AE03A.00000DD4.sznpkg -o C:\Users\user\AppData\Roaming\Seznam.cz\install\szn-software-listicka-3.0.0-win32.zip
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /S /C "install.bat C:\Users\user\AppData\Roaming\Seznam.cz"
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /S /C "C:\Users\user\AppData\Roaming\Seznam.cz\uninstall\cz_seznam_software_libszndesktop_2_1_35.reconfigure.bat C:\Users\user\AppData\Roaming\Seznam.cz"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\REG.EXE REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /f /v "cz.seznam.software.autoupdate" /d "\"C:\Users\user\AppData\Roaming\Seznam.cz\szninstall.exe\" -c"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\CPY.EXE cpy msvcp110.dll "C:\Users\user\AppData\Roaming\Seznam.cz\bin"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\CPY.EXE cpy msvcr110.dll "C:\Users\user\AppData\Roaming\Seznam.cz\bin"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\CPY.EXE cpy lightspeed.dll "C:\Users\user\AppData\Roaming\Seznam.cz\bin"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\CPY.EXE cpy "szndesktop.exe" "C:\Users\user\AppData\Roaming\Seznam.cz\bin"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\CPY.EXE cpy "szndesktop.conf" "C:\Users\user\AppData\Roaming\Seznam.cz\conf"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\CPY.EXE cpy "szndesktop.webpak" "C:\Users\user\AppData\Roaming\Seznam.cz\data"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\CPY.EXE cpy "sznpp.exe" "C:\Users\user\AppData\Roaming\Seznam.cz\bin"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\REG.EXE reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SeznamInstall" /v DisplayVersion /t REG_SZ /d "2.1.35" /f
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\CPY.EXE cpy "wszndesktop.exe" "C:\Users\user\AppData\Roaming\Seznam.cz\bin"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\REG.EXE REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /f /v "cz.seznam.software.szndesktop" /d "\"C:\Users\user\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe\" -q"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\CPY.EXE cpy libfoxcub.dll "C:\Users\user\AppData\Roaming\Seznam.cz\bin"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\CPY.EXE cpy libfoxcub-x64.dll "C:\Users\user\AppData\Roaming\Seznam.cz\bin"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\CPY.EXE cpy libfoxcub.conf "C:\Users\user\AppData\Roaming\Seznam.cz\conf\szndesktop.d"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\CPY.EXE cpy foxcub.conf "C:\Users\user\AppData\Roaming\Seznam.cz\conf\libfoxcub"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\CPY.EXE cpy remote.conf "C:\Users\user\AppData\Roaming\Seznam.cz\conf\libfoxcub"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\CPY.EXE cpy listickaconfig.webpak "C:\Users\user\AppData\Roaming\Seznam.cz\data"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\CPY.EXE cpy listickanastaveni.webpak "C:\Users\user\AppData\Roaming\Seznam.cz\data"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\CPY.EXE cpy speeddial.webpak "C:\Users\user\AppData\Roaming\Seznam.cz\data"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe libfoxcub.dll,UpgradeListicka
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\REG.EXE REG QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\szn-software-listicka" /v "UninstallString"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\REG.EXE REG QUERY "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\szn-software-listicka" /v "UninstallString"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\REG.EXE REG DELETE "HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EA837F48-5AD1-443E-AE34-FFE03CBF3099}" /F
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Roaming\Seznam.cz\bin\sznpp.exe "C:\Users\user\AppData\Roaming\Seznam.cz\bin\sznpp.exe" -v report-ielisticka-install --status=0
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\CPY.EXE cpy libfoxcub-x64.dll "C:\Users\user\AppData\Roaming\Seznam.cz\bin"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\CPY.EXE cpy listicka-x64.exe "C:\Users\user\AppData\Roaming\Seznam.cz\bin"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe szndesktop.exe default restart
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Process created: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe szndesktop.exe default restart

Source: C:\Users\user\Desktop\1a4e5ccd35a56d84281a143f831563be.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\1a4e5ccd35a56d84281a143f831563be.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\1a4e5ccd35a56d84281a143f831563be.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\1a4e5ccd35a56d84281a143f831563be.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\Desktop\1a4e5ccd35a56d84281a143f831563be.exe	Section loaded: dwmapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\1a4e5ccd35a56d84281a143f831563be.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\1a4e5ccd35a56d84281a143f831563be.exe	Section loaded: oleacc.dll	Jump to behavior
Source: C:\Users\user\Desktop\1a4e5ccd35a56d84281a143f831563be.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\Desktop\1a4e5ccd35a56d84281a143f831563be.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\1a4e5ccd35a56d84281a143f831563be.exe	Section loaded: shfolder.dll	Jump to behavior
Source: C:\Users\user\Desktop\1a4e5ccd35a56d84281a143f831563be.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\1a4e5ccd35a56d84281a143f831563be.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\1a4e5ccd35a56d84281a143f831563be.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\1a4e5ccd35a56d84281a143f831563be.exe	Section loaded: riched20.dll	Jump to behavior
Source: C:\Users\user\Desktop\1a4e5ccd35a56d84281a143f831563be.exe	Section loaded: usp10.dll	Jump to behavior
Source: C:\Users\user\Desktop\1a4e5ccd35a56d84281a143f831563be.exe	Section loaded: msls31.dll	Jump to behavior
Source: C:\Users\user\Desktop\1a4e5ccd35a56d84281a143f831563be.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Users\user\Desktop\1a4e5ccd35a56d84281a143f831563be.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Users\user\Desktop\1a4e5ccd35a56d84281a143f831563be.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\Desktop\1a4e5ccd35a56d84281a143f831563be.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\1a4e5ccd35a56d84281a143f831563be.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\1a4e5ccd35a56d84281a143f831563be.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\1a4e5ccd35a56d84281a143f831563be.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	Section loaded: shfolder.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	Section loaded: riched20.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	Section loaded: usp10.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	Section loaded: msls31.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	Section loaded: sti.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	Section loaded: sti.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	Section loaded: linkinfo.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	Section loaded: ntshrui.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	Section loaded: cscapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	Section loaded: sti.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	Section loaded: sxs.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\GPhotos.scr	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\GPhotos.scr	Section loaded: rasapi32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\GPhotos.scr	Section loaded: wininet.dll	Jump to behavior
Source: C:\Windows\SysWOW64\GPhotos.scr	Section loaded: mscms.dll	Jump to behavior
Source: C:\Windows\SysWOW64\GPhotos.scr	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Windows\SysWOW64\GPhotos.scr	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\GPhotos.scr	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Windows\SysWOW64\GPhotos.scr	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\GPhotos.scr	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\GPhotos.scr	Section loaded: rasman.dll	Jump to behavior
Source: C:\Windows\SysWOW64\GPhotos.scr	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\GPhotos.scr	Section loaded: coloradapterclient.dll	Jump to behavior
Source: C:\Windows\SysWOW64\GPhotos.scr	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\SysWOW64\GPhotos.scr	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\SysWOW64\GPhotos.scr	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\GPhotos.scr	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\GPhotos.scr	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\GPhotos.scr	Section loaded: rtutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\GPhotos.scr	Section loaded: netprofm.dll	Jump to behavior
Source: C:\Windows\SysWOW64\GPhotos.scr	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\GPhotos.scr	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Windows\SysWOW64\GPhotos.scr	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\GPhotos.scr	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\GPhotos.scr	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Windows\SysWOW64\GPhotos.scr	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\GPhotos.scr	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\GPhotos.scr	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\GPhotos.scr	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Section loaded: ddraw.dll	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Section loaded: mscms.dll	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Section loaded: msvfw32.dll	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Section loaded: avifil32.dll	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Section loaded: coloradapterclient.dll	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Section loaded: dxgi.dll	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Section loaded: msacm32.dll	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Section loaded: winmmbase.dll	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Section loaded: winmmbase.dll	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Section loaded: ddraw.dll	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Section loaded: mscms.dll	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Section loaded: msvfw32.dll	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Section loaded: avifil32.dll	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Section loaded: dxgi.dll	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Section loaded: coloradapterclient.dll	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Section loaded: msacm32.dll	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Section loaded: winmmbase.dll	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Section loaded: winmmbase.dll	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Section loaded: rasapi32.dll	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Section loaded: rasman.dll	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Section loaded: rtutils.dll	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Section loaded: netprofm.dll	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Section loaded: dataexchange.dll	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Section loaded: d3d11.dll	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Section loaded: dcomp.dll	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Section loaded: twinapi.appcore.dll	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Section loaded: devenum.dll	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Section loaded: devobj.dll	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Section loaded: msdmo.dll	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Section loaded: avicap32.dll	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\PicasaPhotoViewer.exe	Section loaded: apphelp.dll
Source: C:\Program Files (x86)\Google\Picasa3\PicasaPhotoViewer.exe	Section loaded: wininet.dll
Source: C:\Program Files (x86)\Google\Picasa3\PicasaPhotoViewer.exe	Section loaded: mscms.dll
Source: C:\Program Files (x86)\Google\Picasa3\PicasaPhotoViewer.exe	Section loaded: urlmon.dll
Source: C:\Program Files (x86)\Google\Picasa3\PicasaPhotoViewer.exe	Section loaded: version.dll
Source: C:\Program Files (x86)\Google\Picasa3\PicasaPhotoViewer.exe	Section loaded: userenv.dll
Source: C:\Program Files (x86)\Google\Picasa3\PicasaPhotoViewer.exe	Section loaded: coloradapterclient.dll
Source: C:\Program Files (x86)\Google\Picasa3\PicasaPhotoViewer.exe	Section loaded: iertutil.dll
Source: C:\Program Files (x86)\Google\Picasa3\PicasaPhotoViewer.exe	Section loaded: srvcli.dll
Source: C:\Program Files (x86)\Google\Picasa3\PicasaPhotoViewer.exe	Section loaded: netutils.dll
Source: C:\Program Files (x86)\Google\Picasa3\PicasaPhotoViewer.exe	Section loaded: msasn1.dll
Source: C:\Program Files (x86)\Google\Picasa3\PicasaPhotoViewer.exe	Section loaded: uxtheme.dll
Source: C:\Program Files (x86)\Google\Picasa3\PicasaPhotoViewer.exe	Section loaded: windows.storage.dll
Source: C:\Program Files (x86)\Google\Picasa3\PicasaPhotoViewer.exe	Section loaded: wldp.dll
Source: C:\Program Files (x86)\Google\Picasa3\PicasaPhotoViewer.exe	Section loaded: profapi.dll
Source: C:\Program Files (x86)\Google\Picasa3\PicasaPhotoViewer.exe	Section loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\Google\Picasa3\PicasaPhotoViewer.exe	Section loaded: propsys.dll
Source: C:\Program Files (x86)\Google\Picasa3\PicasaPhotoViewer.exe	Section loaded: mrmcorer.dll
Source: C:\Program Files (x86)\Google\Picasa3\PicasaPhotoViewer.exe	Section loaded: windows.staterepositorycore.dll
Source: C:\Program Files (x86)\Google\Picasa3\PicasaPhotoViewer.exe	Section loaded: appxdeploymentclient.dll
Source: C:\Program Files (x86)\Google\Picasa3\PicasaPhotoViewer.exe	Section loaded: bcp47mrm.dll
Source: C:\Program Files (x86)\Google\Picasa3\PicasaPhotoViewer.exe	Section loaded: windows.ui.dll
Source: C:\Program Files (x86)\Google\Picasa3\PicasaPhotoViewer.exe	Section loaded: windowmanagementapi.dll
Source: C:\Program Files (x86)\Google\Picasa3\PicasaPhotoViewer.exe	Section loaded: textinputframework.dll
Source: C:\Program Files (x86)\Google\Picasa3\PicasaPhotoViewer.exe	Section loaded: inputhost.dll
Source: C:\Program Files (x86)\Google\Picasa3\PicasaPhotoViewer.exe	Section loaded: wintypes.dll
Source: C:\Program Files (x86)\Google\Picasa3\PicasaPhotoViewer.exe	Section loaded: twinapi.appcore.dll
Source: C:\Program Files (x86)\Google\Picasa3\PicasaPhotoViewer.exe	Section loaded: coremessaging.dll
Source: C:\Program Files (x86)\Google\Picasa3\PicasaPhotoViewer.exe	Section loaded: twinapi.appcore.dll
Source: C:\Program Files (x86)\Google\Picasa3\PicasaPhotoViewer.exe	Section loaded: coreuicomponents.dll
Source: C:\Program Files (x86)\Google\Picasa3\PicasaPhotoViewer.exe	Section loaded: coremessaging.dll
Source: C:\Program Files (x86)\Google\Picasa3\PicasaPhotoViewer.exe	Section loaded: coremessaging.dll
Source: C:\Program Files (x86)\Google\Picasa3\PicasaPhotoViewer.exe	Section loaded: coreuicomponents.dll
Source: C:\Program Files (x86)\Google\Picasa3\PicasaPhotoViewer.exe	Section loaded: ntmarta.dll
Source: C:\Program Files (x86)\Google\Picasa3\PicasaPhotoViewer.exe	Section loaded: appxdeploymentclient.dll
Source: C:\Program Files (x86)\Google\Picasa3\PicasaPhotoViewer.exe	Section loaded: appxdeploymentclient.dll
Source: C:\Program Files (x86)\Google\Picasa3\PicasaPhotoViewer.exe	Section loaded: appxdeploymentclient.dll
Source: C:\Program Files (x86)\Google\Picasa3\PicasaPhotoViewer.exe	Section loaded: appxdeploymentclient.dll
Source: C:\Program Files (x86)\Google\Picasa3\PicasaPhotoViewer.exe	Section loaded: appxdeploymentclient.dll
Source: C:\Program Files (x86)\Google\Picasa3\PicasaPhotoViewer.exe	Section loaded: appxdeploymentclient.dll
Source: C:\Program Files (x86)\Google\Picasa3\PicasaPhotoViewer.exe	Section loaded: appxdeploymentclient.dll
Source: C:\Program Files (x86)\Google\Picasa3\PicasaPhotoViewer.exe	Section loaded: windows.staterepositoryps.dll
Source: C:\Program Files (x86)\Google\Picasa3\PicasaPhotoViewer.exe	Section loaded: appxdeploymentclient.dll
Source: C:\Program Files (x86)\Google\Picasa3\PicasaPhotoViewer.exe	Section loaded: appxdeploymentclient.dll
Source: C:\Program Files (x86)\Google\Picasa3\PicasaPhotoViewer.exe	Section loaded: appxdeploymentclient.dll
Source: C:\Program Files (x86)\Google\Picasa3\PicasaPhotoViewer.exe	Section loaded: appxdeploymentclient.dll
Source: C:\Program Files (x86)\Google\Picasa3\PicasaPhotoViewer.exe	Section loaded: appxdeploymentclient.dll
Source: C:\Program Files (x86)\Google\Picasa3\PicasaPhotoViewer.exe	Section loaded: appxdeploymentclient.dll
Source: C:\Program Files (x86)\Google\Picasa3\PicasaPhotoViewer.exe	Section loaded: appxdeploymentclient.dll
Source: C:\Program Files (x86)\Google\Picasa3\PicasaPhotoViewer.exe	Section loaded: appxdeploymentclient.dll
Source: C:\Program Files (x86)\Google\Picasa3\PicasaPhotoViewer.exe	Section loaded: appxdeploymentclient.dll
Source: C:\Program Files (x86)\Google\Picasa3\PicasaPhotoViewer.exe	Section loaded: appxdeploymentclient.dll
Source: C:\Program Files (x86)\Google\Picasa3\PicasaPhotoViewer.exe	Section loaded: appxdeploymentclient.dll
Source: C:\Program Files (x86)\Google\Picasa3\PicasaPhotoViewer.exe	Section loaded: appxdeploymentclient.dll
Source: C:\Program Files (x86)\Google\Picasa3\PicasaPhotoViewer.exe	Section loaded: cryptsp.dll
Source: C:\Program Files (x86)\Google\Picasa3\PicasaPhotoViewer.exe	Section loaded: rsaenh.dll
Source: C:\Program Files (x86)\Google\Picasa3\PicasaPhotoViewer.exe	Section loaded: cryptbase.dll
Source: C:\Program Files (x86)\Google\Picasa3\PicasaPhotoViewer.exe	Section loaded: gpapi.dll
Source: C:\Program Files (x86)\Google\Picasa3\PicasaPhotoViewer.exe	Section loaded: cryptnet.dll
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\listicka.exe	Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\listicka.exe	Section loaded: version.dll
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\listicka.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\listicka.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\listicka.exe	Section loaded: shfolder.dll
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\listicka.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\listicka.exe	Section loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\listicka.exe	Section loaded: propsys.dll
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\listicka.exe	Section loaded: profapi.dll
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\listicka.exe	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup-lt.exe	Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup-lt.exe	Section loaded: wininet.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup-lt.exe	Section loaded: wininet.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup-lt.exe	Section loaded: iertutil.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup-lt.exe	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup-lt.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup-lt.exe	Section loaded: wldp.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup-lt.exe	Section loaded: profapi.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup-lt.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup-lt.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup-lt.exe	Section loaded: winhttp.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup-lt.exe	Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup-lt.exe	Section loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup-lt.exe	Section loaded: winnsi.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup-lt.exe	Section loaded: dnsapi.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup-lt.exe	Section loaded: rasadhlp.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup-lt.exe	Section loaded: fwpuclnt.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup-lt.exe	Section loaded: urlmon.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup-lt.exe	Section loaded: srvcli.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup-lt.exe	Section loaded: netutils.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup-lt.exe	Section loaded: schannel.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup-lt.exe	Section loaded: mskeyprotect.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup-lt.exe	Section loaded: ntasn1.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup-lt.exe	Section loaded: msasn1.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup-lt.exe	Section loaded: dpapi.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup-lt.exe	Section loaded: cryptsp.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup-lt.exe	Section loaded: rsaenh.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup-lt.exe	Section loaded: cryptbase.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup-lt.exe	Section loaded: gpapi.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup-lt.exe	Section loaded: ncrypt.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup-lt.exe	Section loaded: ncryptsslp.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup-lt.exe	Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup-lt.exe	Section loaded: ntmarta.dll
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe	Section loaded: wininet.dll
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe	Section loaded: urlmon.dll
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe	Section loaded: iertutil.dll
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe	Section loaded: srvcli.dll
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe	Section loaded: netutils.dll
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe	Section loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe	Section loaded: uxtheme.dll
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe	Section loaded: windows.storage.dll
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe	Section loaded: wldp.dll
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe	Section loaded: propsys.dll
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe	Section loaded: profapi.dll
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe	Section loaded: edputil.dll
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe	Section loaded: windows.staterepositoryps.dll
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe	Section loaded: sspicli.dll
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe	Section loaded: wintypes.dll
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe	Section loaded: appresolver.dll
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe	Section loaded: bcp47langs.dll
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe	Section loaded: slc.dll
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe	Section loaded: userenv.dll
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe	Section loaded: sppc.dll
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe	Section loaded: onecorecommonproxystub.dll
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe	Section loaded: onecoreuapcommonproxystub.dll
Source: C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe	Section loaded: vcruntime140.dll
Source: C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe	Section loaded: wininet.dll
Source: C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe	Section loaded: version.dll
Source: C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe	Section loaded: urlmon.dll
Source: C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe	Section loaded: msvcp140.dll
Source: C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe	Section loaded: iertutil.dll
Source: C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe	Section loaded: srvcli.dll
Source: C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe	Section loaded: netutils.dll
Source: C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe	Section loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\UNZIP.EXE	Section loaded: apphelp.dll
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: cmdext.dll
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: ntmarta.dll
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: cmdext.dll
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: ntmarta.dll
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\REG.EXE	Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\szninstall.exe	Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\szninstall.exe	Section loaded: wtsapi32.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\szninstall.exe	Section loaded: userenv.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\szninstall.exe	Section loaded: wininet.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\szninstall.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\szninstall.exe	Section loaded: wldp.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\szninstall.exe	Section loaded: profapi.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\szninstall.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\szninstall.exe	Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\szninstall.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\szninstall.exe	Section loaded: propsys.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\szninstall.exe	Section loaded: edputil.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\szninstall.exe	Section loaded: urlmon.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\szninstall.exe	Section loaded: iertutil.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\szninstall.exe	Section loaded: srvcli.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\szninstall.exe	Section loaded: netutils.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\szninstall.exe	Section loaded: windows.staterepositoryps.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\szninstall.exe	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\szninstall.exe	Section loaded: wintypes.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\szninstall.exe	Section loaded: appresolver.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\szninstall.exe	Section loaded: bcp47langs.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\szninstall.exe	Section loaded: slc.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\szninstall.exe	Section loaded: sppc.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\szninstall.exe	Section loaded: onecorecommonproxystub.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\szninstall.exe	Section loaded: onecoreuapcommonproxystub.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Section loaded: wininet.dll
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\cookie_exporter.exe	Section loaded: msedge.dll
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\cookie_exporter.exe	Section loaded: winmm.dll
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\cookie_exporter.exe	Section loaded: msedge_elf.dll
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\cookie_exporter.exe	Section loaded: wininet.dll
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\cookie_exporter.exe	Section loaded: iertutil.dll
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\cookie_exporter.exe	Section loaded: sspicli.dll
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\cookie_exporter.exe	Section loaded: windows.storage.dll
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\cookie_exporter.exe	Section loaded: wldp.dll
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\cookie_exporter.exe	Section loaded: profapi.dll
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\cookie_exporter.exe	Section loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\cookie_exporter.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\cookie_exporter.exe	Section loaded: winhttp.dll
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\cookie_exporter.exe	Section loaded: mswsock.dll
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\cookie_exporter.exe	Section loaded: iphlpapi.dll
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\cookie_exporter.exe	Section loaded: winnsi.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Section loaded: wininet.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Section loaded: iertutil.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Section loaded: wldp.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Section loaded: profapi.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Section loaded: winhttp.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Section loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Section loaded: winnsi.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Section loaded: dnsapi.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Section loaded: rasadhlp.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Section loaded: fwpuclnt.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Section loaded: urlmon.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Section loaded: srvcli.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Section loaded: netutils.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Section loaded: schannel.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Section loaded: mskeyprotect.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Section loaded: ntasn1.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Section loaded: msasn1.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Section loaded: dpapi.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Section loaded: cryptsp.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Section loaded: rsaenh.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Section loaded: cryptbase.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Section loaded: gpapi.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Section loaded: ncrypt.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Section loaded: ncryptsslp.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Section loaded: ntmarta.dll
Source: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\UNZIP.EXE	Section loaded: apphelp.dll
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: cmdext.dll
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\REG.EXE	Section loaded: apphelp.dll
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: cmdext.dll
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: cmdext.dll
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\CPY.EXE	Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\CPY.EXE	Section loaded: ntmarta.dll
Source: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\CPY.EXE	Section loaded: ntmarta.dll
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: cmdext.dll
Source: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\CPY.EXE	Section loaded: ntmarta.dll
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: cmdext.dll
Source: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\CPY.EXE	Section loaded: ntmarta.dll
Source: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\CPY.EXE	Section loaded: ntmarta.dll
Source: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\CPY.EXE	Section loaded: ntmarta.dll
Source: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\CPY.EXE	Section loaded: ntmarta.dll
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: cmdext.dll
Source: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\CPY.EXE	Section loaded: ntmarta.dll
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: cmdext.dll
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\CPY.EXE	Section loaded: ntmarta.dll
Source: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\CPY.EXE	Section loaded: ntmarta.dll
Source: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\CPY.EXE	Section loaded: ntmarta.dll
Source: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\CPY.EXE	Section loaded: ntmarta.dll
Source: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\CPY.EXE	Section loaded: ntmarta.dll
Source: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\CPY.EXE	Section loaded: ntmarta.dll
Source: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\CPY.EXE	Section loaded: ntmarta.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\sznpp.exe	Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\sznpp.exe	Section loaded: version.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\sznpp.exe	Section loaded: wininet.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\sznpp.exe	Section loaded: secur32.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\sznpp.exe	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\sznpp.exe	Section loaded: dbghelp.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\sznpp.exe	Section loaded: dbgcore.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\sznpp.exe	Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\sznpp.exe	Section loaded: napinsp.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\sznpp.exe	Section loaded: pnrpnsp.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\sznpp.exe	Section loaded: wshbth.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\sznpp.exe	Section loaded: nlaapi.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\sznpp.exe	Section loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\sznpp.exe	Section loaded: dnsapi.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\sznpp.exe	Section loaded: winrnr.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\sznpp.exe	Section loaded: fwpuclnt.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\sznpp.exe	Section loaded: rasadhlp.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\sznpp.exe	Section loaded: msasn1.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\sznpp.exe	Section loaded: cryptsp.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\sznpp.exe	Section loaded: rsaenh.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\sznpp.exe	Section loaded: profapi.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\sznpp.exe	Section loaded: cryptbase.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\sznpp.exe	Section loaded: dpapi.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\sznpp.exe	Section loaded: ncrypt.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\sznpp.exe	Section loaded: ntasn1.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\sznpp.exe	Section loaded: schannel.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\sznpp.exe	Section loaded: mskeyprotect.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\sznpp.exe	Section loaded: ncryptprov.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\sznpp.exe	Section loaded: ncryptsslp.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\sznpp.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: cmdext.dll
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: ntmarta.dll
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: cmdext.dll
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: ntmarta.dll
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\CPY.EXE	Section loaded: ntmarta.dll
Source: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\CPY.EXE	Section loaded: ntmarta.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Section loaded: wininet.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Section loaded: version.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Section loaded: lightspeed.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Section loaded: msvcp110.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Section loaded: msvcr110.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Section loaded: dbghelp.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Section loaded: dbgcore.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Section loaded: mswsock.dll

Source: C:\Users\user\Desktop\1a4e5ccd35a56d84281a143f831563be.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32

Jump to behavior

Source: Picasa 3.lnk.16.dr	LNK file: ..\..\..\..\..\..\Program Files (x86)\Google\Picasa3\Picasa3.exe
Source: Configure Picasa Photo Viewer.lnk.16.dr	LNK file: ..\..\..\..\..\..\Program Files (x86)\Google\Picasa3\PicasaPhotoViewer.exe
Source: Uninstall.lnk.16.dr	LNK file: ..\..\..\..\..\..\Program Files (x86)\Google\Picasa3\uninstall.exe
Source: Picasa 3.lnk0.16.dr	LNK file: ..\..\..\Program Files (x86)\Google\Picasa3\Picasa3.exe
Source: Picasa 3.lnk1.16.dr	LNK file: ..\..\..\..\..\..\..\Program Files (x86)\Google\Picasa3\Picasa3.exe

Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe

File written: C:\Program Files (x86)\Google\Picasa3\web\templates\blackfrm\xLifescape.ini

Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe

Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe

Key opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2246122658-3693405117-2476756634-1003\Software\Microsoft\Office\16.0\Lync

Source: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\REG.EXE

Registry value created: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SeznamInstall

Source: 563299efce875400a8d9b44b96597c8e-sample (1).zip

Static file information: File size 25085622 > 1048576

Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe

File opened: C:\Users\user\AppData\Local\Temp\~006AD463.00000DD4.sznpkg\msvcr100.dll

Source:	Binary string: C:\Users\ondrej.novak\Documents\Visual Studio 2008\Projects\software-trunk\SeznamInstall\bin\debug\sznsetup-lt.pdbPV source: sznsetup-lt.exe, 00000017.00000000.1729394687.000000000052B000.00000002.00000001.01000000.0000001F.sdmp
Source:	Binary string: C:\Repository\listicka\ielisticka_new\bin-Release\pdb\listicka-x64.pdb source: UNZIP.EXE, 00000081.00000002.2178378406.0000000000428000.00000040.00000001.01000000.00000026.sdmp, CPY.EXE, 00000086.00000002.2185910879.000000000075A000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \plugins\CDVDR\*.pdb source: setuppicasa39-setup.exe, 00000010.00000003.1659418312.000000000067F000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \plugins\expwebsites\*.pdb source: setuppicasa39-setup.exe, 00000010.00000003.1659418312.000000000067F000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: p:\d\a\wpyh4-vm-6.hot\recipes\840394494\base\googleclient\picasa39-stable\build\Picasa3.pdb source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp
Source:	Binary string: C:\playground\repos\listicka\sznpp\bin\symbols\Release_x86\sznpp_dll.pdb source: UNZIP.EXE, 0000005D.00000002.2105385323.0000000000428000.00000040.00000001.01000000.00000026.sdmp, CPY.EXE, 00000064.00000002.2115643669.0000000000ECA000.00000004.00000020.00020000.00000000.sdmp, sznpp.exe, 0000007C.00000000.2152804918.0000000000BFB000.00000002.00000001.01000000.0000002C.sdmp
Source:	Binary string: msvcp110.i386.pdb source: szndesktop.exe, szndesktop.exe, 00000087.00000002.2193190667.000000006C0E1000.00000020.00000001.01000000.0000002E.sdmp
Source:	Binary string: C:\Users\ondrej.novak\Documents\Visual Studio 2008\Projects\software-trunk\SeznamInstall\bin\debug\sznsetup.pdb source: sznsetup.exe, 00000039.00000000.1850844929.0000000000F0C000.00000002.00000001.01000000.00000023.sdmp
Source:	Binary string: msvcr110.i386.pdb source: UNZIP.EXE, 00000052.00000002.2089014833.0000000000428000.00000040.00000001.01000000.00000026.sdmp, CPY.EXE, 00000057.00000002.2096863979.0000000000B3A000.00000004.00000020.00020000.00000000.sdmp, szndesktop.exe, szndesktop.exe, 00000087.00000002.2195197650.000000006C221000.00000020.00000001.01000000.0000002B.sdmp
Source:	Binary string: C:\playground\repos\listicka\sznpp\bin\symbols\Release_x64\sznpp_64.pdb source: sznpp.exe, 0000007C.00000000.2152804918.0000000000B52000.00000002.00000001.01000000.0000002C.sdmp
Source:	Binary string: PhotoViewer.pdbGCTL source: PicasaPhotoViewer.exe, 00000015.00000003.1748748621.0000000003DBE000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\playground\repos\listicka\sznpp\bin\symbols\Release_x86\sznpp.pdb source: sznpp.exe, 0000007C.00000000.2152425887.0000000000B0C000.00000002.00000001.01000000.0000002C.sdmp
Source:	Binary string: C:\playground\repos\listicka\sznpp\bin\symbols\Release_x86\sznpp.pdb- source: sznpp.exe, 0000007C.00000000.2152425887.0000000000B0C000.00000002.00000001.01000000.0000002C.sdmp
Source:	Binary string: p:\d\a\wpyh4-vm-6.hot\recipes\840394494\base\googleclient\picasa39-stable\build\PicasaPhotoViewer.pdb source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000031AA000.00000004.00000020.00020000.00000000.sdmp, PicasaPhotoViewer.exe, 00000015.00000000.1692209976.000000000070D000.00000002.00000001.01000000.00000019.sdmp
Source:	Binary string: p:\d\a\wpyh4-vm-6.hot\recipes\840394494\base\googleclient\picasa39-stable\build\cdautorun\PicasaCD.pdb source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.0000000004419000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: mi_exe_stub.pdb@;AL source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000029F6000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: p:\d\a\wpyh4-vm-6.hot\recipes\840394494\base\googleclient\picasa39-stable\build\plugins\CDVDR\CDVDR.pdb source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.0000000003831000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2497615129.00000000033F3000.00000002.00000001.01000000.00000015.sdmp
Source:	Binary string: p:\d\a\wpyh4-vm-6.hot\recipes\840394494\base\googleclient\picasa39-stable\build\npPicasa3.pdb source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.0000000002E88000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: d:\Development\googleclient\picasa4\build\plugins\Red.pdb source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.0000000003FAE000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Repository\listicka\ielisticka_new\bin-Release\pdb\szndesktop.pdb source: CPY.EXE, 00000061.00000002.2108099884.0000000000E09000.00000004.00000020.00020000.00000000.sdmp, szndesktop.exe, 00000087.00000000.2188348792.0000000000875000.00000002.00000001.01000000.0000002D.sdmp
Source:	Binary string: p:\d\a\wpyh4-vm-6.hot\recipes\840394494\base\googleclient\picasa39-stable\build\plugins\expwebsites\expwebsites.pdb source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.0000000003DA5000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2533437740.000000000488F000.00000002.00000001.01000000.00000016.sdmp
Source:	Binary string: C:\Users\ondrej.novak\Documents\Visual Studio 2008\Projects\software-trunk\SeznamInstall\bin\debug\sznsetup-lt.pdb source: listicka.exe, 00000016.00000002.2443085483.00000000029E3000.00000004.00000020.00020000.00000000.sdmp, sznsetup-lt.exe, 00000017.00000000.1729394687.000000000052B000.00000002.00000001.01000000.0000001F.sdmp
Source:	Binary string: C:\playground\repos\listicka\sznpp\bin\symbols\Release_x64\sznpp_dll.pdb source: CPY.EXE, 00000064.00000002.2115643669.0000000000ECA000.00000004.00000020.00020000.00000000.sdmp, sznpp.exe, 0000007C.00000000.2152804918.0000000000BFB000.00000002.00000001.01000000.0000002C.sdmp
Source:	Binary string: C:\playground\repos\listicka\sznpp\bin\symbols\Release_x64\sznpp_64.pdb( source: sznpp.exe, 0000007C.00000000.2152804918.0000000000B52000.00000002.00000001.01000000.0000002C.sdmp
Source:	Binary string: p:\d\a\wpyh4-vm-6.hot\recipes\840394494\base\googleclient\picasa39-stable\build\GPhotos.pdb source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000035FF000.00000004.00000020.00020000.00000000.sdmp, GPhotos.scr, 00000011.00000000.1542724484.000000000062E000.00000002.00000001.01000000.0000000F.sdmp
Source:	Binary string: C:\Repository\listicka\ielisticka_new\bin-Release\pdb\szndesktop.pdb44 source: CPY.EXE, 00000061.00000002.2108099884.0000000000E09000.00000004.00000020.00020000.00000000.sdmp, szndesktop.exe, 00000087.00000000.2188348792.0000000000875000.00000002.00000001.01000000.0000002D.sdmp
Source:	Binary string: C:\Repository\listicka-new\ielisticka_new\bin-Release\pdb\lightspeed.pdb source: CPY.EXE, 0000005C.00000002.2102179386.0000000000B00000.00000004.00000020.00020000.00000000.sdmp, szndesktop.exe, 00000087.00000002.2198970614.000000006C384000.00000002.00000001.01000000.0000002A.sdmp
Source:	Binary string: p:\d\a\wpyh4-vm-6.hot\recipes\840394494\base\googleclient\picasa39-stable\build\plugins\ytITivo.pdb source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.0000000003F3F000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2504208079.0000000004079000.00000002.00000001.01000000.00000017.sdmp
Source:	Binary string: C:\Repository\listicka-new\ielisticka_new\bin-Release\pdb\lightspeed.pdbQQ source: CPY.EXE, 0000005C.00000002.2102179386.0000000000B00000.00000004.00000020.00020000.00000000.sdmp, szndesktop.exe, 00000087.00000002.2198970614.000000006C384000.00000002.00000001.01000000.0000002A.sdmp
Source:	Binary string: p:\d\a\wpyh4-vm-6.hot\recipes\840394494\base\googleclient\picasa39-stable\build\cdautorun\PicasaRestore.pdb source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.000000000459F000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Repository\listicka\ielisticka_new\bin-Release\pdb\libfoxloader.pdb source: UNZIP.EXE, 0000007D.00000002.2173171240.000000000042B000.00000040.00000001.01000000.00000026.sdmp, szndesktop.exe, 00000087.00000002.2200176289.000000006C489000.00000002.00000001.01000000.0000002F.sdmp
Source:	Binary string: Rg.pdbH source: listicka.exe, 00000016.00000002.2443085483.00000000029E3000.00000004.00000020.00020000.00000000.sdmp, sznsetup-lt.exe, 00000017.00000000.1730049584.0000000000571000.00000002.00000001.01000000.0000001F.sdmp, REG.EXE, 0000002A.00000000.1818569837.0000000001000000.00000002.00000001.01000000.00000021.sdmp, REG.EXE, 0000002A.00000000.1818621571.0000000001018000.00000080.00000001.01000000.00000021.sdmp, REG.EXE, 0000002A.00000002.1819878005.0000000001000000.00000002.00000001.01000000.00000021.sdmp, sznsetup.exe, 00000039.00000000.1851570101.0000000000F52000.00000002.00000001.01000000.00000023.sdmp
Source:	Binary string: C:\Users\petr.slivon\Documents\Visual Studio 2012\Projects\listicka-trunk\ielisticka_new\bin-Release\pdb\wszndesktop.pdb source: UNZIP.EXE, 00000066.00000002.2120076164.0000000000428000.00000040.00000001.01000000.00000026.sdmp, CPY.EXE, 0000006A.00000002.2122729835.0000000000629000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: msvcp110.i386.pdb0 source: szndesktop.exe, 00000087.00000002.2193190667.000000006C0E1000.00000020.00000001.01000000.0000002E.sdmp
Source:	Binary string: C:\Repository\listicka\ielisticka_new\bin-Release\pdb\listicka-x64.pdbhh source: UNZIP.EXE, 00000081.00000002.2178378406.0000000000428000.00000040.00000001.01000000.00000026.sdmp, CPY.EXE, 00000086.00000002.2185910879.000000000075A000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Repository\listicka\ielisticka_new\bin-Release\pdb\libfoxloader.pdb~{ source: UNZIP.EXE, 0000007D.00000002.2173171240.000000000042B000.00000040.00000001.01000000.00000026.sdmp, szndesktop.exe, 00000087.00000002.2200176289.000000006C489000.00000002.00000001.01000000.0000002F.sdmp
Source:	Binary string: C:\Users\ondrej.novak\Documents\Visual Studio 2008\Projects\software-trunk\SeznamInstall\bin\debug\szninstall.pdb source: szninstall.exe, 00000038.00000000.1847499306.0000000000571000.00000002.00000001.01000000.00000022.sdmp
Source:	Binary string: reg.pdb source: REG.EXE, REG.EXE, 0000002A.00000002.1819912483.0000000001001000.00000040.00000001.01000000.00000021.sdmp
Source:	Binary string: mi_exe_stub.pdb source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000029F6000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: PhotoViewer.pdb source: PicasaPhotoViewer.exe, 00000015.00000003.1748748621.0000000003DBE000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: d:\twbrown-picasa-1\googleclient\picasa4\NSIS_Unicode_v3\Plugins\x86-unicode\NSIS_Picasa_Unicode.pdb source: setuppicasa39-setup.exe, 00000010.00000002.1704699696.0000000004CA3000.00000002.00000001.01000000.0000000C.sdmp
Source:	Binary string: C:\Users\ondrej.novak\Documents\Visual Studio 2008\Projects\software-trunk\SeznamInstall\bin\debug\sznsetup-lt.pdbPP source: listicka.exe, 00000016.00000002.2443085483.00000000029E3000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: p:\d\a\wpyh4-vm-6.hot\recipes\840394494\base\googleclient\picasa39-stable\build\Picasa3i18n.pdb source: Picasa3.exe, 00000014.00000002.2599698862.0000000010008000.00000002.00000001.01000000.00000014.sdmp
Source:	Binary string: C:\Users\ondrej.novak\Documents\Visual Studio 2008\Projects\software-trunk\SeznamInstall\bin\debug\sznsetup.pdb` source: sznsetup.exe, 00000039.00000000.1850844929.0000000000F0C000.00000002.00000001.01000000.00000023.sdmp
Source:	Binary string: p:\d\a\wpyh4-vm-6.hot\recipes\840394494\base\googleclient\picasa39-stable\build\cdautorun\PicasaCD.pdblpW source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.0000000004419000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\ondrej.novak\Documents\Visual Studio 2008\Projects\software-trunk\SeznamInstall\bin\debug\szninstall.pdb0Z source: szninstall.exe, 00000038.00000000.1847499306.0000000000571000.00000002.00000001.01000000.00000022.sdmp

Contains functionality to dynamically determine API calls

Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe

Code function: 16_2_04C92490 GetVersion,LoadLibraryW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,

16_2_04C92490

Uses code obfuscation techniques (call, push, ret)

Source: C:\Users\user\Desktop\1a4e5ccd35a56d84281a143f831563be.exe	Code function: 15_2_73A33299 push ebx; mov dword ptr [esp], 00000001h	15_2_73A332D5
Source: C:\Users\user\Desktop\1a4e5ccd35a56d84281a143f831563be.exe	Code function: 15_2_73A314B4 push edx; mov dword ptr [esp], eax	15_2_73A31535
Source: C:\Users\user\Desktop\1a4e5ccd35a56d84281a143f831563be.exe	Code function: 15_2_73A34BE0 push dword ptr [eax+04h]; ret	15_2_73A34C0F
Source: C:\Users\user\Desktop\1a4e5ccd35a56d84281a143f831563be.exe	Code function: 15_2_73A32ACE push ecx; mov dword ptr [esp], 00000000h	15_2_73A32B06
Source: C:\Users\user\Desktop\1a4e5ccd35a56d84281a143f831563be.exe	Code function: 15_2_73A33A03 push edx; mov dword ptr [esp], eax	15_2_73A33A27
Source: C:\Users\user\Desktop\1a4e5ccd35a56d84281a143f831563be.exe	Code function: 15_2_73A31C11 push ecx; mov dword ptr [esp], ebx	15_2_73A31CC9
Source: C:\Users\user\Desktop\1a4e5ccd35a56d84281a143f831563be.exe	Code function: 15_2_73A3147E push edx; mov dword ptr [esp], eax	15_2_73A31471
Source: C:\Users\user\Desktop\1a4e5ccd35a56d84281a143f831563be.exe	Code function: 15_2_741C21CA push eax; mov dword ptr [esp], ebx	15_2_741C227B
Source: C:\Users\user\Desktop\1a4e5ccd35a56d84281a143f831563be.exe	Code function: 15_2_741C113F push eax; mov dword ptr [esp], ebx	15_2_741C11D9
Source: C:\Users\user\Desktop\1a4e5ccd35a56d84281a143f831563be.exe	Code function: 15_2_741C113F push edx; mov dword ptr [esp], 741C5000h	15_2_741C11EE
Source: C:\Users\user\Desktop\1a4e5ccd35a56d84281a143f831563be.exe	Code function: 15_2_741C113F push eax; mov dword ptr [esp], esi	15_2_741C1298
Source: C:\Users\user\Desktop\1a4e5ccd35a56d84281a143f831563be.exe	Code function: 15_2_741C113F push eax; mov dword ptr [esp], 741C4000h	15_2_741C12F6
Source: C:\Users\user\Desktop\1a4e5ccd35a56d84281a143f831563be.exe	Code function: 15_2_741C1038 push edx; mov dword ptr [esp], ebx	15_2_741C112D
Source: C:\Users\user\Desktop\1a4e5ccd35a56d84281a143f831563be.exe	Code function: 15_2_741C164A push edx; mov dword ptr [esp], eax	15_2_741C1685
Source: C:\Users\user\Desktop\1a4e5ccd35a56d84281a143f831563be.exe	Code function: 15_2_741C16C7 push edx; mov dword ptr [esp], eax	15_2_741C1743
Source: C:\Users\user\Desktop\1a4e5ccd35a56d84281a143f831563be.exe	Code function: 15_2_741C24EF push edx; mov dword ptr [esp], eax	15_2_741C2513
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	Code function: 16_2_04C97CD1 push ecx; ret	16_2_04C97CE4
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_033DFD01 push ecx; ret	20_2_033DFD14
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_04065059 push ecx; ret	20_2_0406506C
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_0482E67A push esi; ret	20_2_0482E685
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_04877891 push ecx; ret	20_2_048778A4
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_100028CD push ecx; ret	20_2_100028E0
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\listicka.exe	Code function: 22_2_10002A10 push eax; ret	22_2_10002A3E
Source: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\UNZIP.EXE	Code function: 38_2_0041B280 push eax; ret	38_2_0041B2AE
Source: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\REG.EXE	Code function: 42_2_01006F30 push eax; ret	42_2_01006F44
Source: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\REG.EXE	Code function: 42_2_01006F30 push eax; ret	42_2_01006F6C
Source: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\UNZIP.EXE	Code function: 82_2_006120DB pushad ; ret	82_2_006120EA
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: 135_2_6C11AC05 push ecx; ret	135_2_6C11AC18
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: 135_2_6C0E7FFA push edi; iretd	135_2_6C0E8001
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: 135_2_6C0E3834 push ss; iretd	135_2_6C0E3CA1
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: 135_2_6C0E3BF6 push ss; iretd	135_2_6C0E3CA1

Persistence and Installation Behavior

Drops PE files with a suspicious file extension

Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe

File created: C:\Windows\SysWOW64\GPhotos.scr

Jump to dropped file

Drops executables to the windows directory (C:\Windows) and starts them

Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe

Executable created and started: C:\Windows\SysWOW64\GPhotos.scr

Jump to behavior

Uses cmd line tools excessively to alter registry or file data

Source: C:\Windows\SysWOW64\cmd.exe	Process created: reg.exe
Source: C:\Windows\SysWOW64\cmd.exe	Process created: reg.exe
Source: C:\Windows\SysWOW64\cmd.exe	Process created: reg.exe
Source: C:\Windows\SysWOW64\cmd.exe	Process created: reg.exe
Source: C:\Windows\SysWOW64\cmd.exe	Process created: reg.exe
Source: C:\Windows\SysWOW64\cmd.exe	Process created: reg.exe
Source: C:\Windows\SysWOW64\cmd.exe	Process created: reg.exe
Source: C:\Windows\SysWOW64\cmd.exe	Process created: reg.exe
Source: C:\Windows\SysWOW64\cmd.exe	Process created: reg.exe
Source: C:\Windows\SysWOW64\cmd.exe	Process created: reg.exe
Source: C:\Windows\SysWOW64\cmd.exe	Process created: reg.exe
Source: C:\Windows\SysWOW64\cmd.exe	Process created: reg.exe
Source: C:\Windows\SysWOW64\cmd.exe	Process created: reg.exe
Source: C:\Windows\SysWOW64\cmd.exe	Process created: reg.exe
Source: C:\Windows\SysWOW64\cmd.exe	Process created: reg.exe
Source: C:\Windows\SysWOW64\cmd.exe	Process created: reg.exe
Source: C:\Windows\SysWOW64\cmd.exe	Process created: reg.exe
Source: C:\Windows\SysWOW64\cmd.exe	Process created: reg.exe
Source: C:\Windows\SysWOW64\cmd.exe	Process created: reg.exe
Source: C:\Windows\SysWOW64\cmd.exe	Process created: reg.exe
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: reg.exe
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: reg.exe
Source: C:\Windows\SysWOW64\cmd.exe	Process created: reg.exe
Source: C:\Windows\SysWOW64\cmd.exe	Process created: reg.exe
Source: C:\Windows\SysWOW64\cmd.exe	Process created: reg.exe
Source: C:\Windows\SysWOW64\cmd.exe	Process created: reg.exe
Source: C:\Windows\SysWOW64\cmd.exe	Process created: reg.exe
Source: C:\Windows\SysWOW64\cmd.exe	Process created: reg.exe
Source: C:\Windows\SysWOW64\cmd.exe	Process created: reg.exe
Source: C:\Windows\SysWOW64\cmd.exe	Process created: reg.exe
Source: C:\Windows\SysWOW64\cmd.exe	Process created: reg.exe
Source: C:\Windows\SysWOW64\cmd.exe	Process created: reg.exe
Source: C:\Windows\SysWOW64\cmd.exe	Process created: reg.exe
Source: C:\Windows\SysWOW64\cmd.exe	Process created: reg.exe
Source: C:\Windows\SysWOW64\cmd.exe	Process created: reg.exe
Source: C:\Windows\SysWOW64\cmd.exe	Process created: reg.exe
Source: C:\Windows\SysWOW64\cmd.exe	Process created: reg.exe
Source: C:\Windows\SysWOW64\cmd.exe	Process created: reg.exe
Source: C:\Windows\SysWOW64\cmd.exe	Process created: reg.exe
Source: C:\Windows\SysWOW64\cmd.exe	Process created: reg.exe
Source: C:\Windows\SysWOW64\cmd.exe	Process created: reg.exe

Drops PE files

Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	File created: C:\Users\user\AppData\Local\Temp\nst9CEF.tmp\NSIS_Picasa_Unicode.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	File created: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\CPY.EXE	File created: C:\Users\user\AppData\Roaming\Seznam.cz\bin\listicka-x64.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	File created: C:\Program Files (x86)\Google\Picasa3\MovieThumb.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	File created: C:\Users\user\AppData\Local\Temp\nst9CEF.tmp\System.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\UNZIP.EXE	File created: C:\Users\user\AppData\Local\Temp\~006A8B64.00000DD4.sznpkg\sznpp.exe	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	File created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\CPY.EXE	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	File created: C:\Program Files (x86)\Google\Picasa3\qtsupport.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\UNZIP.EXE	File created: C:\Users\user\AppData\Local\Temp\~006A9140.00000DD4.sznpkg\wszndesktop.exe	Jump to dropped file
Source: C:\Users\user\Desktop\1a4e5ccd35a56d84281a143f831563be.exe	File created: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\listicka.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	File created: C:\Users\user\AppData\Local\Temp\nst9CEF.tmp\StdUtils.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\CPY.EXE	File created: C:\Users\user\AppData\Roaming\Seznam.cz\bin\lightspeed.dll	Jump to dropped file
Source: C:\Users\user\Desktop\1a4e5ccd35a56d84281a143f831563be.exe	File created: C:\Users\user\AppData\Local\Temp\nsu8781.tmp\ButtonEvent.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\UNZIP.EXE	File created: C:\Users\user\AppData\Local\Temp\~006AA7B6.00000DD4.sznpkg\libfoxloader-x64.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\listicka.exe	File created: C:\Users\user\AppData\Local\Temp\nsrF139.tmp\nsExec.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\CPY.EXE	File created: C:\Users\user\AppData\Roaming\Seznam.cz\bin\sznpp.exe	Jump to dropped file
Source: C:\Windows\SysWOW64\cmd.exe	File created: C:\Users\user\AppData\Roaming\Seznam.cz\bin\24557libfoxloader.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	File created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\UNZIP.EXE	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\UNZIP.EXE	File created: C:\Users\user\AppData\Local\Temp\~006A1AF6.00001B74.sznpkg\szninstall.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\UNZIP.EXE	File created: C:\Users\user\AppData\Local\Temp\~006A8960.00000DD4.sznpkg\lightspeed.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	File created: C:\Windows\SysWOW64\GPhotos.scr	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\listicka.exe	File created: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup-lt.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\UNZIP.EXE	File created: C:\Users\user\AppData\Local\Temp\~006A93FF.00000DD4.sznpkg\libfoxcub.dll	Jump to dropped file
Source: C:\Users\user\Desktop\1a4e5ccd35a56d84281a143f831563be.exe	File created: C:\Users\user\AppData\Local\Temp\nsu8781.tmp\nsDialogs.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup-lt.exe	File created: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\UNZIP.EXE	Jump to dropped file
Source: C:\Windows\SysWOW64\cmd.exe	File created: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\listicka.exe	File created: C:\Users\user\AppData\Local\Temp\nsrF139.tmp\System.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\UNZIP.EXE	File created: C:\Users\user\AppData\Local\Temp\~006AA7B6.00000DD4.sznpkg\libfoxcub-x64.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	File created: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\UNZIP.EXE	File created: C:\Users\user\AppData\Local\Temp\~006A848E.00000DD4.sznpkg\msvcr110.dll	Jump to dropped file
Source: C:\Windows\SysWOW64\cmd.exe	File created: C:\Users\user\AppData\Roaming\Seznam.cz\szninstall.exe	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	File created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\RM.EXE	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	File created: C:\Program Files (x86)\Google\Picasa3\cdautorun\PicasaRestore.exe	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	File created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\REG.EXE	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup-lt.exe	File created: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\REG.EXE	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	File created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\RUNBG.EXE	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\CPY.EXE	File created: C:\Users\user\AppData\Roaming\Seznam.cz\bin\msvcp110.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\UNZIP.EXE	File created: C:\Users\user\AppData\Local\Temp\~006A848E.00000DD4.sznpkg\msvcp110.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\listicka.exe	File created: C:\Users\user\AppData\Local\Temp\nsrF139.tmp\UserInfo.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\CPY.EXE	File created: C:\Users\user\AppData\Roaming\Seznam.cz\bin\msvcr110.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	File created: C:\Program Files (x86)\Google\Picasa3\plugins\Red.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	File created: C:\Program Files (x86)\Google\Picasa3\plugins\ytITivo.yti	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	File created: C:\Program Files (x86)\Google\Picasa3\cdautorun\PicasaCD.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\UNZIP.EXE	File created: C:\Users\user\AppData\Local\Temp\~006A8B64.00000DD4.sznpkg\szndesktop.exe	Jump to dropped file
Source: C:\Users\user\Desktop\1a4e5ccd35a56d84281a143f831563be.exe	File created: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	File created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\MKLNK.EXE	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	File created: C:\Program Files (x86)\Google\Picasa3\plugins\expwebsites\expwebsites.yti	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	File created: C:\Program Files (x86)\Google\Picasa3\uninstall.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\CPY.EXE	File created: C:\Users\user\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\UNZIP.EXE	File created: C:\Users\user\AppData\Local\Temp\~006AA61F.00000DD4.sznpkg\libfoxloader.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	File created: C:\Program Files (x86)\Google\Picasa3\Picasa3i18n.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	File created: C:\Program Files (x86)\Google\Picasa3\plugins\CDVDR\CDVDR.yti	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\CPY.EXE	File created: C:\Users\user\AppData\Roaming\Seznam.cz\bin\libfoxcub.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\UNZIP.EXE	File created: C:\Users\user\AppData\Local\Temp\~006AA7B6.00000DD4.sznpkg\listicka-x64.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	File created: C:\Program Files (x86)\Google\Picasa3\PicasaPhotoViewer.exe	Jump to dropped file
Source: C:\Users\user\Desktop\1a4e5ccd35a56d84281a143f831563be.exe	File created: C:\Users\user\AppData\Local\Temp\nsu8781.tmp\System.dll	Jump to dropped file
Source: C:\Windows\SysWOW64\cmd.exe	File created: C:\Users\user\AppData\Roaming\Seznam.cz\bin\24557libfoxloader-x64.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\UNZIP.EXE	File created: C:\Users\user\AppData\Local\Temp\~006A18C4.00001B74.sznpkg\sznsetup.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	File created: C:\Users\user\AppData\Local\Temp\nst9CEF.tmp\nsDialogs.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	File created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\SHELLFLD.EXE	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\CPY.EXE	File created: C:\Users\user\AppData\Roaming\Seznam.cz\bin\libfoxcub-x64.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\CPY.EXE	File created: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Jump to dropped file

Drops PE files to the windows directory (C:\Windows)

Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe

File created: C:\Windows\SysWOW64\GPhotos.scr

Jump to dropped file

Drops files with a non-matching file extension (content does not match file extension)

Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	File created: C:\Program Files (x86)\Google\Picasa3\plugins\CDVDR\CDVDR.yti	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	File created: C:\Program Files (x86)\Google\Picasa3\plugins\expwebsites\expwebsites.yti	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	File created: C:\Program Files (x86)\Google\Picasa3\plugins\ytITivo.yti	Jump to dropped file

Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe

Code function: 16_2_04C910B0 lstrcpyW,lstrcatW,GetPrivateProfileStringW,

16_2_04C910B0

Source: C:\Users\user\AppData\Roaming\Seznam.cz\szninstall.exe	File created: C:\Users\user\AppData\Roaming\Seznam.cz\install.log.5868.log
Source: C:\Users\user\AppData\Roaming\Seznam.cz\szninstall.exe	File created: C:\Users\user\AppData\Roaming\Seznam.cz\install.log
Source: C:\Windows\SysWOW64\cmd.exe	File created: C:\Users\user\AppData\Roaming\Seznam.cz\install_packages.log

Boot Survival

Creates an undocumented autostart registry key

Source: C:\Windows\SysWOW64\GPhotos.scr

Key value created or modified: HKEY_USERS.DEFAULT\Control Panel\Desktop SCRNSAVE.EXE

Jump to behavior

Creates multiple autostart registry keys

Source: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\REG.EXE	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run cz.seznam.software.szndesktop
Source: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\REG.EXE	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run cz.seznam.software.autoupdate

Creates or modifies windows services

Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe

Registry key created: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Application\Picasa3

Jump to behavior

Stores files to the Windows start menu directory

Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3\Picasa 3.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3\Configure Picasa Photo Viewer.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3\Uninstall.lnk	Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\REG.EXE	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run cz.seznam.software.autoupdate
Source: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\REG.EXE	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run cz.seznam.software.autoupdate
Source: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\REG.EXE	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run cz.seznam.software.szndesktop
Source: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\REG.EXE	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run cz.seznam.software.szndesktop

Contains functionality to check if a window is minimized (may be used to check if an application is visible)

Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_04035CD0 IsWindowVisible,IsWindow,IsWindow,IsWindowVisible,GetCurrentThreadId,GetCurrentThreadId,EnumThreadWindows,IsWindowVisible,IsIconic,IsIconic,IsWindow,IsWindowVisible,IsWindowVisible,IsIconic,GetCurrentThreadId,SetWindowsHookExA,	20_2_04035CD0
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_04035CD0 IsWindowVisible,IsWindow,IsWindow,IsWindowVisible,GetCurrentThreadId,GetCurrentThreadId,EnumThreadWindows,IsWindowVisible,IsIconic,IsIconic,IsWindow,IsWindowVisible,IsWindowVisible,IsIconic,GetCurrentThreadId,SetWindowsHookExA,	20_2_04035CD0
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_04035CD0 IsWindowVisible,IsWindow,IsWindow,IsWindowVisible,GetCurrentThreadId,GetCurrentThreadId,EnumThreadWindows,IsWindowVisible,IsIconic,IsIconic,IsWindow,IsWindowVisible,IsWindowVisible,IsIconic,GetCurrentThreadId,SetWindowsHookExA,	20_2_04035CD0
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_04041930 IsIconic,ShowWindow,DialogBoxIndirectParamW,GlobalFree,	20_2_04041930
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_0483F400 IsIconic,ShowWindow,DialogBoxIndirectParamW,GlobalFree,	20_2_0483F400
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_0480E0E0 IsIconic,ShowWindow,DialogBoxIndirectParamW,GlobalFree,	20_2_0480E0E0
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_0480E060 ShowWindow,IsIconic,ShowWindow,CreateDialogIndirectParamA,GlobalFree,ShowWindow,	20_2_0480E060
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_0482DEC0 IsWindowVisible,GetCurrentThreadId,IsWindow,IsWindow,IsWindowVisible,GetCurrentThreadId,EnumThreadWindows,IsWindowVisible,IsIconic,IsIconic,IsWindow,IsWindowVisible,IsWindowVisible,IsIconic,GetCurrentThreadId,SetWindowsHookExA,	20_2_0482DEC0
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_0482DEC0 IsWindowVisible,GetCurrentThreadId,IsWindow,IsWindow,IsWindowVisible,GetCurrentThreadId,EnumThreadWindows,IsWindowVisible,IsIconic,IsIconic,IsWindow,IsWindowVisible,IsWindowVisible,IsIconic,GetCurrentThreadId,SetWindowsHookExA,	20_2_0482DEC0
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_0482DEC0 IsWindowVisible,GetCurrentThreadId,IsWindow,IsWindow,IsWindowVisible,GetCurrentThreadId,EnumThreadWindows,IsWindowVisible,IsIconic,IsIconic,IsWindow,IsWindowVisible,IsWindowVisible,IsIconic,GetCurrentThreadId,SetWindowsHookExA,	20_2_0482DEC0

Extensive use of GetProcAddress (often used to hide API calls)

Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe

Code function: 135_2_6C247216 EncodePointer,__initp_misc_winsig,GetModuleHandleW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,

135_2_6C247216

Monitors certain registry keys / values for changes (often done to protect autostart functionality)

Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Registry key monitored for changes: HKEY_CURRENT_USER_Classes	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\PicasaPhotoViewer.exe	Registry key monitored for changes: HKEY_CURRENT_USER_Classes
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe	Registry key monitored for changes: HKEY_CURRENT_USER_Classes

Source: C:\Windows\System32\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\1a4e5ccd35a56d84281a143f831563be.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\GPhotos.scr	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\GPhotos.scr	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\GPhotos.scr	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\GPhotos.scr	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\GPhotos.scr	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\GPhotos.scr	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\GPhotos.scr	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\GPhotos.scr	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\GPhotos.scr	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\GPhotos.scr	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\GPhotos.scr	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\PicasaPhotoViewer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Google\Picasa3\PicasaPhotoViewer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Google\Picasa3\PicasaPhotoViewer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Google\Picasa3\PicasaPhotoViewer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Google\Picasa3\PicasaPhotoViewer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Google\Picasa3\PicasaPhotoViewer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Google\Picasa3\PicasaPhotoViewer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Google\Picasa3\PicasaPhotoViewer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Google\Picasa3\PicasaPhotoViewer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Google\Picasa3\PicasaPhotoViewer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Google\Picasa3\PicasaPhotoViewer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Google\Picasa3\PicasaPhotoViewer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Google\Picasa3\PicasaPhotoViewer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Google\Picasa3\PicasaPhotoViewer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Google\Picasa3\PicasaPhotoViewer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Google\Picasa3\PicasaPhotoViewer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Google\Picasa3\PicasaPhotoViewer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Google\Picasa3\PicasaPhotoViewer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Google\Picasa3\PicasaPhotoViewer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Google\Picasa3\PicasaPhotoViewer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Google\Picasa3\PicasaPhotoViewer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Google\Picasa3\PicasaPhotoViewer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Google\Picasa3\PicasaPhotoViewer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Google\Picasa3\PicasaPhotoViewer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Google\Picasa3\PicasaPhotoViewer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Google\Picasa3\PicasaPhotoViewer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\listicka.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup-lt.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup-lt.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup-lt.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup-lt.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup-lt.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup-lt.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup-lt.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup-lt.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup-lt.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup-lt.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\UNZIP.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\UNZIP.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\UNZIP.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\UNZIP.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\UNZIP.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\UNZIP.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\REG.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\REG.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\REG.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\REG.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\REG.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\REG.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Seznam.cz\szninstall.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Seznam.cz\szninstall.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Seznam.cz\szninstall.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Seznam.cz\szninstall.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Seznam.cz\szninstall.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Seznam.cz\szninstall.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Seznam.cz\szninstall.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Seznam.cz\szninstall.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\cookie_exporter.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\cookie_exporter.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\cookie_exporter.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\UNZIP.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\UNZIP.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\UNZIP.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\UNZIP.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\UNZIP.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\UNZIP.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\REG.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\REG.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\REG.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\REG.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\REG.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\REG.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\CPY.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\CPY.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\CPY.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\CPY.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\CPY.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\CPY.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\sznpp.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\sznpp.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exe	Process information set: NOOPENFILEERRORBOX

Malware Analysis System Evasion

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000031AA000.00000004.00000020.00020000.00000000.sdmp, PicasaPhotoViewer.exe, 00000015.00000000.1692209976.000000000070D000.00000002.00000001.01000000.00000019.sdmp	Binary or memory string: LROOTEDITSOFTWARE\GOOGLE\%SGOOGLE\%SRASENUMENTRIESARASAPI32.DLLJPEG FILESYTAPP::JPEGFILTER.JPG;.JPEGGETFILESINFOYTAPP::INFOTITLEEXPLORER/SELECT,"%S"SOFTWARE\CLIENTS\STARTMENUINTERNET%S\%S\SHELL\OPEN\COMMAND.EXEIEXPLORE-NOHOME RUNTIME\DISTRO.INIDISTROWINELINUX_%SLINUX_UNKNOWNWINEWINDOWSWINDOWS_%D_%DWINE_GET_UNIX_FILE_NAMEKERNEL32
Source: Picasa3.exe, Picasa3.exe, 00000014.00000002.2533437740.000000000488F000.00000002.00000001.01000000.00000016.sdmp, Picasa3.exe, 00000014.00000002.2504208079.0000000004079000.00000002.00000001.01000000.00000017.sdmp, PicasaPhotoViewer.exe, 00000015.00000000.1692209976.000000000070D000.00000002.00000001.01000000.00000019.sdmp	Binary or memory string: WINE_GET_UNIX_FILE_NAME
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000035FF000.00000004.00000020.00020000.00000000.sdmp, GPhotos.scr, 00000011.00000000.1542724484.000000000062E000.00000002.00000001.01000000.0000000F.sdmp	Binary or memory string: W RK0RKSOFTWARE\GOOGLE\%SGOOGLE\%SRASENUMENTRIESARASAPI32.DLLTAHOMAWJPEG FILESYTAPP::JPEGFILTER.JPG;.JPEGGETFILESINFOYTAPP::INFOTITLEEXPLORER/E,/SELECT,"%S"SOFTWARE\CLIENTS\STARTMENUINTERNET%S\%S\SHELL\OPEN\COMMANDIEXPLORE.EXE.EXEIEXPLORE-NOHOME RUNTIME\DISTRO.INIDISTROWINELINUX_%SLINUX_UNKNOWNWINEWINDOWSWINDOWS_%D_%DWINE_GET_UNIX_FILE_NAMEKERNEL32
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.0000000003DA5000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2533437740.000000000488F000.00000002.00000001.01000000.00000016.sdmp	Binary or memory string: SOFTWARE\GOOGLE\%SGOOGLE\%SRASENUMENTRIESARASAPI32.DLLJPEG FILESYTAPP::JPEGFILTER.JPG;.JPEGGETFILESYTAPP::ERRORTITLEINFOYTAPP::INFOTITLE"%S"SOFTWARE\CLIENTS\STARTMENUINTERNET%S\%S\SHELL\OPEN\COMMANDIEXPLORE.EXE.EXE.EXEIEXPLORE-NOHOME WINE_GET_UNIX_FILE_NAMEKERNEL32LW
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.000000000459F000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: EHELPCLOSENOYESIGNORERETRYABORTCANCELOK%S/%S_BSOFTWARE\GOOGLE\%SGOOGLE\%SRASENUMENTRIESARASAPI32.DLLTAHOMAJPEG FILESYTAPP::JPEGFILTER.JPG;.JPEGGETFILESYTAPP::ERRORTITLEOPENEXPLORER/SELECT,"%S"WINE_GET_UNIX_FILE_NAMEKERNEL32
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	Binary or memory string: WINE_GET_UNIX_REAL_NAMEKERNEL32WINE_GET_UNIX_FILE_NAMERUNTIME\WINEDISABLE.TXTSUPPORTHTTP%S_PAUTOINFOCHECKSHOWTOOLTIPSPRINTERQUALITYPRINTRESAMPLERQUALITYPRINTPROXYPREVIEWLOOPSLIDESHOWPLAYMP3TRACKSARIAL UNICODE MSWEB_ALBUMS_TABCGENERALPREFSPAGE::WEBALBUMSTABESENABLEFRUPLOADSTAGS_GROUPUPLOADCONTACTPHOTOSUSAGESTATSPRIVACYAUTOUPDATEIMPORTDESTEMAILSINGLEPICTUREEMAILMOVIEUSEHTMLMAILEREMAILPREPTYPEDONOTPROMPTFOREMAILPREFEMAILEXPORTSIZEMAILPROGPICSIZEDEFAULTMAILIDS_EMAILCLIENTRADIOPRINT%DPROXYUSERPROXYPASSCONN:PROXYMETHODAUTOPROXYLOGLEVELLOGLEVELLOG ALL (INSECURE)NETWORKPREFS::LOGINSECURELOGPWASTARREDPWASYNCORDERPWASTRIPEDPWAUSEHIQUALITYJPEGPWADEFAULTSIZEORIGINAL SIZE (SLOWEST UPLOAD)CGENERALPREFSPAGE::ORIGINALBEST FOR WEB SHARING (2048PX)CGENERALPREFSPAGE::2048RECOMMENDED: 1600 PIXELS (FOR PRINTS, SCREENSAVERS, AND SHARING)CGENERALPREFSPAGE::1600MEDIUM: 1024 PIXELS (FOR SHARING)CGENERALPREFSPAGE::1024SMALL: 800 PIXELS (FOR BLOGS AND WEBPAGES)CGENERALPREFSPAGE::800HASWATERMARKPWAWATERMARKENABLEFACEDETECTIONENABLEFACESUGGESTIONSPERSISTFACETOFILEFACETHRESH0FACETHRESH1CHANGE THE LANGUAGE PICASA USES?
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.0000000003F3F000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2504208079.0000000004079000.00000002.00000001.01000000.00000017.sdmp	Binary or memory string: \PREFERENCESSOFTWARE\GOOGLE\%SGOOGLE\%SRASENUMENTRIESARASAPI32.DLLTAHOMAERRORYTAPP::ERRORTITLEOPENEXPLORER/SELECT,"%S"WINE_GET_UNIX_FILE_NAMEKERNEL32
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.0000000004419000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: BSOFTWARE\GOOGLE\%SGOOGLE\%SRASENUMENTRIESARASAPI32.DLLTAHOMAJPEG FILESYTAPP::JPEGFILTER.JPG;.JPEGGETFILESERRORYTAPP::ERRORTITLEINFOYTAPP::INFOTITLEEXPLORER/SELECT,"%S""%S"SOFTWARE\CLIENTS\STARTMENUINTERNET%S\%S\SHELL\OPEN\COMMANDIEXPLORE.EXE.EXE.EXEIEXPLORE-NOHOME RUNTIME\DISTRO.INIDISTROWINELINUX_%SLINUX_UNKNOWNWINDOWS_%D_%DWINE_GET_UNIX_FILE_NAMEKERNEL32

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Window / User API: threadDelayed 1344			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\listicka.exe	Window / User API: threadDelayed 1044

Found dropped PE file which has not been started or loaded

Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nst9CEF.tmp\NSIS_Picasa_Unicode.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\UNZIP.EXE	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\~006AA7B6.00000DD4.sznpkg\libfoxcub-x64.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\listicka.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsrF139.tmp\System.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\RM.EXE	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Google\Picasa3\MovieThumb.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Google\Picasa3\cdautorun\PicasaRestore.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nst9CEF.tmp\System.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\RUNBG.EXE	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Google\Picasa3\qtsupport.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\listicka.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsrF139.tmp\UserInfo.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Google\Picasa3\plugins\Red.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\UNZIP.EXE	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\~006A9140.00000DD4.sznpkg\wszndesktop.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Google\Picasa3\cdautorun\PicasaCD.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Google\Picasa3\plugins\ytITivo.yti	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nst9CEF.tmp\StdUtils.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\MKLNK.EXE	Jump to dropped file
Source: C:\Users\user\Desktop\1a4e5ccd35a56d84281a143f831563be.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsu8781.tmp\ButtonEvent.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Google\Picasa3\plugins\expwebsites\expwebsites.yti	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\UNZIP.EXE	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\~006AA7B6.00000DD4.sznpkg\libfoxloader-x64.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\CPY.EXE	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Google\Picasa3\uninstall.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\listicka.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsrF139.tmp\nsExec.dll	Jump to dropped file
Source: C:\Windows\SysWOW64\cmd.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Seznam.cz\bin\24557libfoxloader.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\UNZIP.EXE	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\~006AA61F.00000DD4.sznpkg\libfoxloader.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Google\Picasa3\Picasa3i18n.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Google\Picasa3\plugins\CDVDR\CDVDR.yti	Jump to dropped file
Source: C:\Windows\SysWOW64\cmd.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Seznam.cz\bin\24557libfoxloader-x64.dll	Jump to dropped file
Source: C:\Users\user\Desktop\1a4e5ccd35a56d84281a143f831563be.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsu8781.tmp\System.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\SHELLFLD.EXE	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nst9CEF.tmp\nsDialogs.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\CPY.EXE	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Seznam.cz\bin\libfoxcub-x64.dll	Jump to dropped file
Source: C:\Users\user\Desktop\1a4e5ccd35a56d84281a143f831563be.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsu8781.tmp\nsDialogs.dll	Jump to dropped file

Found evasive API chain (date check)

Source: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\UNZIP.EXE

Evasive API call chain: GetSystemTime,DecisionNodes

Found evasive API chain (may stop execution after checking a module file name)

Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe

Evasive API call chain: GetModuleFileName,DecisionNodes,ExitProcess

Found large amount of non-executed APIs

Source: C:\Users\user\Desktop\1a4e5ccd35a56d84281a143f831563be.exe	API coverage: 8.0 %
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	API coverage: 1.3 %
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	API coverage: 1.6 %
Source: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\REG.EXE	API coverage: 5.2 %
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	API coverage: 2.1 %

May sleep (evasive loops) to hinder dynamic analysis

Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\listicka.exe TID: 5972	Thread sleep count: 1044 > 30
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\listicka.exe TID: 5972	Thread sleep time: -104400s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\listicka.exe TID: 5972	Thread sleep count: 51 > 30

Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)

Source: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\CPY.EXE	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BIOS
Source: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\CPY.EXE	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BIOS

Queries sensitive Operating System Information (via WMI, Win32_ComputerSystem, often done to detect virtual machines)

Source: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\CPY.EXE	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_ComputerSystem
Source: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\CPY.EXE	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_ComputerSystem

Sample execution stops while process was sleeping (likely an evasion)

Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Last function: Thread delayed
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\listicka.exe	Last function: Thread delayed
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\listicka.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed

Sleep loop found (likely to delay execution)

Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe

Thread sleep count: Count: 1344 delay: -20

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	File Volume queried: C:\Program Files (x86)\Google FullSizeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	File Volume queried: C:\Program Files (x86)\Google FullSizeInformation	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	File Volume queried: C:\Windows\SysWOW64 FullSizeInformation	Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	Code function: 16_2_04C91B90 lstrcpyW,GlobalAlloc,FindFirstFileW,GetLastError,FindNextFileW,FindClose,	16_2_04C91B90
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	Code function: 16_2_04C91F30 lstrcpyW,FindFirstFileW,GetLastError,GetFileAttributesW,FindNextFileW,FindClose,	16_2_04C91F30
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_033BB710 MultiByteToWideChar,MultiByteToWideChar,MultiByteToWideChar,MultiByteToWideChar,_memset,FindFirstFileW,WideCharToMultiByte,WideCharToMultiByte,WideCharToMultiByte,	20_2_033BB710
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_033F0600 GetVersion,FindFirstFileExA,	20_2_033F0600
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_033F05C0 GetVersion,FindFirstFileA,	20_2_033F05C0
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_033BB850 MultiByteToWideChar,MultiByteToWideChar,MultiByteToWideChar,MultiByteToWideChar,_memset,FindFirstFileExW,WideCharToMultiByte,WideCharToMultiByte,WideCharToMultiByte,	20_2_033BB850
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_040386D0 MultiByteToWideChar,MultiByteToWideChar,MultiByteToWideChar,MultiByteToWideChar,_memset,FindFirstFileW,WideCharToMultiByte,WideCharToMultiByte,WideCharToMultiByte,	20_2_040386D0
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_04038810 MultiByteToWideChar,MultiByteToWideChar,MultiByteToWideChar,MultiByteToWideChar,_memset,FindFirstFileExW,WideCharToMultiByte,WideCharToMultiByte,WideCharToMultiByte,	20_2_04038810
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_04076930 GetVersion,FindFirstFileA,	20_2_04076930
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_04076970 GetVersion,FindFirstFileExA,	20_2_04076970
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_048336A0 MultiByteToWideChar,MultiByteToWideChar,MultiByteToWideChar,MultiByteToWideChar,_memset,FindFirstFileW,WideCharToMultiByte,WideCharToMultiByte,WideCharToMultiByte,	20_2_048336A0
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_048337E0 MultiByteToWideChar,MultiByteToWideChar,MultiByteToWideChar,MultiByteToWideChar,_memset,FindFirstFileExW,WideCharToMultiByte,WideCharToMultiByte,WideCharToMultiByte,	20_2_048337E0
Source: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\UNZIP.EXE	Code function: 38_2_0041C29C FindFirstFileA,GetDriveTypeA,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FindClose,GetLastError,FindClose,	38_2_0041C29C
Source: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\UNZIP.EXE	Code function: 38_2_004107A0 FindFirstFileA,	38_2_004107A0
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: 135_2_6C10D6BF ?_Open_dir@sys@tr2@std@@YAPAXPA_WPB_WAAHAAW4file_type@123@@Z,__EH_prolog3_GS,wcslen,FindFirstFileExW,std::tr2::sys::_Read_dir,FindClose,std::tr2::sys::_Strcpy,	135_2_6C10D6BF
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: 135_2_6C29AAA4 _wstat32i64,__doserrno,_errno,_invalid_parameter_noinfo,_wcspbrk,_errno,__doserrno,_errno,__doserrno,towlower,_getdrive,FindFirstFileExW,_wcspbrk,wcslen,GetDriveTypeW,free,___loctotime32_t,free,_wsopen_s,__fstat32i64,_close,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime32_t,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime32_t,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime32_t,FindClose,GetLastError,__dosmaperr,FindClose,GetLastError,__dosmaperr,FindClose,	135_2_6C29AAA4
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: 135_2_6C298B4F _findfirst64i32,_errno,_invalid_parameter_noinfo,FindFirstFileExA,GetLastError,_errno,_errno,_errno,___time64_t_from_ft,___time64_t_from_ft,___time64_t_from_ft,strcpy_s,_invoke_watson,_findnext64i32,_errno,_invalid_parameter_noinfo,FindNextFileA,GetLastError,_errno,_errno,_errno,___time64_t_from_ft,___time64_t_from_ft,___time64_t_from_ft,strcpy_s,_invoke_watson,_findfirst32i64,_errno,_invalid_parameter_noinfo,FindFirstFileExA,GetLastError,_errno,_errno,_errno,___time64_t_from_ft,___time64_t_from_ft,___time64_t_from_ft,strcpy_s,_invoke_watson,_findnext32i64,_errno,_invalid_parameter_noinfo,FindNextFileA,GetLastError,_errno,_errno,_errno,___time64_t_from_ft,___time64_t_from_ft,___time64_t_from_ft,strcpy_s,_invoke_watson,_seterrormode,SetErrorMode,	135_2_6C298B4F
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: 135_2_6C29A625 _wstat64,__doserrno,_errno,_invalid_parameter_noinfo,_wcspbrk,_errno,__doserrno,_errno,__doserrno,towlower,_getdrive,FindFirstFileExW,_wcspbrk,wcslen,GetDriveTypeW,free,free,_wsopen_s,__fstat64,_close,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FindClose,GetLastError,__dosmaperr,FindClose,GetLastError,__dosmaperr,FindClose,	135_2_6C29A625
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: 135_2_6C298653 _findfirst32,_errno,_invalid_parameter_noinfo,FindFirstFileExA,GetLastError,_errno,_errno,_errno,___time64_t_from_ft,___time64_t_from_ft,___time64_t_from_ft,strcpy_s,_invoke_watson,_findnext32,_errno,_invalid_parameter_noinfo,FindNextFileA,GetLastError,_errno,_errno,_errno,___time64_t_from_ft,___time64_t_from_ft,___time64_t_from_ft,strcpy_s,_invoke_watson,_findfirst64,_errno,_invalid_parameter_noinfo,FindFirstFileExA,GetLastError,_errno,_errno,_errno,___time64_t_from_ft,___time64_t_from_ft,___time64_t_from_ft,strcpy_s,_invoke_watson,_findnext64,_errno,_invalid_parameter_noinfo,FindNextFileA,GetLastError,_errno,_errno,_errno,___time64_t_from_ft,___time64_t_from_ft,___time64_t_from_ft,strcpy_s,_invoke_watson,	135_2_6C298653
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: 135_2_6C29A1C7 _wstat32,__doserrno,_errno,_invalid_parameter_noinfo,_wcspbrk,_errno,__doserrno,towlower,_getdrive,FindFirstFileExW,_wcspbrk,wcslen,GetDriveTypeW,free,___loctotime32_t,free,_wsopen_s,__fstat32,_close,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime32_t,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime32_t,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime32_t,FindClose,_errno,GetLastError,__dosmaperr,FindClose,GetLastError,__dosmaperr,FindClose,	135_2_6C29A1C7
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: 135_2_6C297921 _malloc_crt,FindClose,FindFirstFileExA,FindNextFileA,FindClose,	135_2_6C297921
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: 135_2_6C297B8B _malloc_crt,FindClose,FindFirstFileExW,FindNextFileW,FindClose,	135_2_6C297B8B
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: 135_2_6C2377AA _wstat64i32,_wcspbrk,towlower,FindFirstFileExW,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FindClose,_errno,__doserrno,_getdrive,GetLastError,GetLastError,_wcspbrk,wcslen,__doserrno,_errno,_invalid_parameter_noinfo,GetDriveTypeW,free,free,_wsopen_s,__fstat64i32,_close,_errno,__dosmaperr,FindClose,__dosmaperr,FindClose,	135_2_6C2377AA
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: 135_2_6C299002 _wfindfirst32,_errno,_invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_errno,_errno,_errno,___time64_t_from_ft,___time64_t_from_ft,___time64_t_from_ft,wcscpy_s,_invoke_watson,_wfindnext32,_errno,_invalid_parameter_noinfo,FindNextFileW,GetLastError,_errno,_errno,_errno,___time64_t_from_ft,___time64_t_from_ft,___time64_t_from_ft,wcscpy_s,_invoke_watson,_wfindfirst64,_errno,_invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_errno,_errno,_errno,___time64_t_from_ft,___time64_t_from_ft,___time64_t_from_ft,wcscpy_s,_invoke_watson,_wfindnext64,_errno,_invalid_parameter_noinfo,FindNextFileW,GetLastError,_errno,_errno,_errno,___time64_t_from_ft,___time64_t_from_ft,___time64_t_from_ft,wcscpy_s,_invoke_watson,_wfindfirst64i32,_errno,_invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_errno,_errno,_errno,___time64_t_from_ft,___time64_t_from_ft,___time64_t_from_ft,wcscpy_s,_invoke_watson,_wfindnext64i32,_errno,_invalid_parameter_noinfo,FindNextFileW,GetLastError,_errno,_errno,_errno,___time64_t_from_ft,___time64_t_from_ft,___time64_t_from_ft,wcscpy_s,_invoke_watson,_wfindfirst32i64,_errno,_invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_errno,_errno,_errno,___time64_t_from_ft,___time64_t_from_ft,___time64_t_from_ft,wcscpy_s,_invoke_watson,_wfindnext32i64,_errno,_invalid_parameter_noinfo,FindNextFileW,GetLastError,_errno,_errno,_errno,___time64_t_from_ft,___time64_t_from_ft,___time64_t_from_ft,wcscpy_s,_invoke_watson,_access,_access_s,	135_2_6C299002
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: 135_2_6C35DBA0 FindFirstFileW,#210,FindNextFileW,FindClose,	135_2_6C35DBA0
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: 135_2_6C35EB00 #210,DeleteFileW,GetLastError,_CxxThrowException,#210,MoveFileExW,GetLastError,_CxxThrowException,#210,MoveFileExW,GetLastError,_CxxThrowException,#210,FindFirstFileW,FindClose,CopyFileW,GetLastError,_CxxThrowException,	135_2_6C35EB00

Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe

Code function: 20_2_033F18F0 GetSystemInfo,

20_2_033F18F0

Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	File opened: C:\Users\user	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	File opened: C:\Users\user\Desktop\desktop.ini	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	File opened: C:\Users\user\Documents\desktop.ini	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	File opened: C:\Users\user\AppData\Local\Temp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	File opened: C:\Users\user\AppData	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	File opened: C:\Users\user\AppData\Local	Jump to behavior

Source: sznsetup.exe, 0000003E.00000002.2385836381.0000000000A48000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWP0
Source: sznsetup.exe, 0000003E.00000002.2385836381.0000000000A84000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWx
Source: 1a4e5ccd35a56d84281a143f831563be.exe, 0000000F.00000002.2419971867.0000000000107000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\\?\Volume{a33c736e-61ca-11ee-8c18-806e6f6e6963}\
Source: GPhotos.scr, 00000011.00000003.1552747031.0000000000B6A000.00000004.00000020.00020000.00000000.sdmp, GPhotos.scr, 00000011.00000002.1554743880.0000000000B6F000.00000004.00000020.00020000.00000000.sdmp, GPhotos.scr, 00000011.00000003.1552747031.0000000000B20000.00000004.00000020.00020000.00000000.sdmp, GPhotos.scr, 00000011.00000003.1552747031.0000000000B45000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2467205779.00000000011B6000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000003.2141243034.0000000001221000.00000004.00000020.00020000.00000000.sdmp, sznsetup-lt.exe, 00000019.00000002.1841305644.0000000000A88000.00000004.00000020.00020000.00000000.sdmp, sznsetup-lt.exe, 00000019.00000002.1841305644.0000000000AE4000.00000004.00000020.00020000.00000000.sdmp, sznsetup-lt.exe, 00000019.00000003.1808801224.0000000000ACB000.00000004.00000020.00020000.00000000.sdmp, sznsetup.exe, 0000003E.00000002.2385836381.0000000000A84000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: Picasa3.exe, 00000014.00000003.2144975853.000000000123E000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000003.2141243034.0000000001221000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2467205779.000000000123E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWen-GBn
Source: szndesktop.exe, 00000087.00000002.2191704797.0000000000F6E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll_
Source: szninstall.exe, 00000038.00000003.2400647328.0000000001295000.00000004.00000020.00020000.00000000.sdmp, cookie_exporter.exe, 0000003D.00000002.1866617987.000001CC03C45000.00000004.00000020.00020000.00000000.sdmp, sznpp.exe, 0000007C.00000003.2168700578.0000000000861000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll

Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	API call chain: ExitProcess graph end node
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	API call chain: ExitProcess graph end node
Source: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\UNZIP.EXE	API call chain: ExitProcess graph end node
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	API call chain: ExitProcess graph end node
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	API call chain: ExitProcess graph end node

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe

Code function: 16_2_04C9680C _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,

16_2_04C9680C

Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)

Source: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\REG.EXE

Code function: 42_2_01006900 SearchPathW,CreateFileW,GetFileSize,ReadFile,SetFilePointer,CharNextW,wcstoul,IsCharAlphaNumericW,wcstoul,IsCharAlphaNumericW,wcstoul,CharNextW,GetLastError,wsprintfW,OutputDebugStringW,CloseHandle,

42_2_01006900

Contains functionality to create guard pages, often used to hinder reverse engineering and debugging

Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe

Code function: 135_2_6C2BBD84 VirtualProtect ?,-00000001,00000104,?,?,?,0000001C

135_2_6C2BBD84

Contains functionality to dynamically determine API calls

Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe

Code function: 16_2_04C92490 GetVersion,LoadLibraryW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,

16_2_04C92490

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Source: C:\Users\user\Desktop\1a4e5ccd35a56d84281a143f831563be.exe

Code function: 15_2_741C1A8C Create,GetDlgItem,GetWindowRect,MapWindowPoints,CreateDialogParamW,SetWindowPos,SetWindowLongW,GetProcessHeap,HeapAlloc,

15_2_741C1A8C

Launches processes in debugging mode, may be used to hinder debugging

Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup-lt.exe

Process created: C:\Windows\SysWOW64\cmd.exe cmd /S /C "install.bat C:\Users\user\AppData\Roaming\Seznam.cz"

Source: C:\Users\user\Desktop\1a4e5ccd35a56d84281a143f831563be.exe	Code function: 15_2_73A3400C SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,abort,	15_2_73A3400C
Source: C:\Users\user\Desktop\1a4e5ccd35a56d84281a143f831563be.exe	Code function: 15_2_73A34010 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,abort,	15_2_73A34010
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	Code function: 16_2_04C9680C _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	16_2_04C9680C
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	Code function: 16_2_04C9519A IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	16_2_04C9519A
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	Code function: 16_2_04CA1FEE _raise,_memset,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	16_2_04CA1FEE
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_033E00B8 _raise,_memset,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	20_2_033E00B8
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_033DC711 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	20_2_033DC711
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_033E2C6A _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	20_2_033E2C6A
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_040610AC IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	20_2_040610AC
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_04065E06 _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	20_2_04065E06
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_04065F26 _raise,_memset,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	20_2_04065F26
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_04877CA4 _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	20_2_04877CA4
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_0487A82B _raise,_memset,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	20_2_0487A82B
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_04872924 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	20_2_04872924
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_1000102A IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	20_2_1000102A
Source: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\REG.EXE	Code function: 42_2_01006C92 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	42_2_01006C92
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: 135_2_6C2C00DD __crtUnhandledException,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	135_2_6C2C00DD
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: 135_2_6C247B39 __crtSetUnhandledExceptionFilter,SetUnhandledExceptionFilter,	135_2_6C247B39

Creates a process in suspended mode (likely to inject code)

Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Process created: C:\Program Files\Internet Explorer\iexplore.exe "C:\Program Files\Internet Explorer\iexplore.exe" -nohome "http://picasa.google.com/support/bin/answer.py?hl=en&answer=93773"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\listicka.exe	Process created: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup-lt.exe "C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup-lt.exe" -T "C:\Users\user\AppData\Roaming\Seznam.cz" -R "$\install" http://download.seznam.cz/update
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\listicka.exe	Process created: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup-lt.exe "C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup-lt.exe" -T "C:\Users\user\AppData\Roaming\Seznam.cz" -i cz.seznam.software.szninstall
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\listicka.exe	Process created: C:\Users\user\AppData\Roaming\Seznam.cz\szninstall.exe "C:\Users\user\AppData\Roaming\Seznam.cz\szninstall.exe" -s -u -i cz.seznam.software.autoupdate szn-software-listicka
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup-lt.exe	Process created: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\UNZIP.EXE C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\unzip.exe -d C:\Users\user\AppData\Local\Temp\~006A18C4.00001B74.sznpkg -o C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\download\cz.seznam.software.sznsetup-1.2.7-win32.zip
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup-lt.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /S /C "install.bat C:\Users\user\AppData\Roaming\Seznam.cz"
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup-lt.exe	Process created: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\UNZIP.EXE C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\unzip.exe -d C:\Users\user\AppData\Local\Temp\~006A1AF6.00001B74.sznpkg -o C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\download\cz.seznam.software.szninstall-1.1.15-win32.zip
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup-lt.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /S /C "install.bat C:\Users\user\AppData\Roaming\Seznam.cz"
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --from-ie-to-edge=3 --ie-frame-hwnd=602e8
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\REG.EXE REG DELETE "HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SeznamInstall" /f /va
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\REG.EXE REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SeznamInstall" /f
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\REG.EXE REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SeznamInstall" /f /v "InstallLocation" /d C:\Users\user\AppData\Roaming\Seznam.cz
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\REG.EXE REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SeznamInstall" /f /v "DisplayName" /d "Seznam Software"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\REG.EXE REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SeznamInstall" /f /v "DisplayIcon" /d "C:\Users\user\AppData\Roaming\Seznam.cz\szninstall.exe,0"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\REG.EXE REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SeznamInstall" /f /v "UninstallString" /d "\"C:\Users\user\AppData\Roaming\Seznam.cz\szninstall.exe\" -X"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\REG.EXE REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SeznamInstall" /f /v "ModifyPath" /d "C:\Users\user\AppData\Roaming\Seznam.cz\szninstall.exe"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\REG.EXE REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SeznamInstall" /f /v "Publisher" /d "Seznam.cz"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\REG.EXE REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SeznamInstall" /f /v "URLInfoAbout" /d "http://software.seznam.cz"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\REG.EXE REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SeznamInstall" /f /v "InstallLocation" /d C:\Users\user\AppData\Roaming\Seznam.cz
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\REG.EXE REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SeznamInstall" /f /v "Comments" /d "Vsechny aplikace spolecnosti Seznam.cz a.s."
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\REG.EXE REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SeznamInstall" /f /v "NoRepair" /t REG_DWORD /d 1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\REG.EXE REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SeznamInstall" /f /v "NoModify" /t REG_DWORD /d 0
Source: C:\Users\user\AppData\Roaming\Seznam.cz\szninstall.exe	Process created: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe -V
Source: C:\Users\user\AppData\Roaming\Seznam.cz\szninstall.exe	Process created: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe -T C:\Users\user\AppData\Roaming\Seznam.cz -i -u cz.seznam.software.autoupdate szn-software-listicka -p
Source: C:\Users\user\AppData\Roaming\Seznam.cz\szninstall.exe	Process created: C:\Users\user\AppData\Roaming\Seznam.cz\szninstall.exe "C:\Users\user\AppData\Roaming\Seznam.cz\szninstall.exe" -S 49764
Source: C:\Users\user\AppData\Roaming\Seznam.cz\szninstall.exe	Process created: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe -V
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\UNZIP.EXE C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\unzip.exe -d C:\Users\user\AppData\Local\Temp\~006A81A0.00000DD4.sznpkg -o C:\Users\user\AppData\Roaming\Seznam.cz\install\cz.seznam.software.autoupdate-1.0.8-win32.zip
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /S /C "install.bat C:\Users\user\AppData\Roaming\Seznam.cz"
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\UNZIP.EXE C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\unzip.exe -d C:\Users\user\AppData\Local\Temp\~006A8374.00000DD4.sznpkg -o C:\Users\user\AppData\Roaming\Seznam.cz\install\szn-software-base-1.0.0-win32.zip
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /S /C "install.bat C:\Users\user\AppData\Roaming\Seznam.cz"
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\UNZIP.EXE C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\unzip.exe -d C:\Users\user\AppData\Local\Temp\~006A848E.00000DD4.sznpkg -o C:\Users\user\AppData\Roaming\Seznam.cz\install\com.microsoft.msdn.msvcr110-11.0.51106.1-win32.zip
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /S /C "install.bat C:\Users\user\AppData\Roaming\Seznam.cz"
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\UNZIP.EXE C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\unzip.exe -d C:\Users\user\AppData\Local\Temp\~006A8960.00000DD4.sznpkg -o C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\download\cz.seznam.software.lightspeed-1210-12.10.18-win32.zip
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /S /C "install.bat C:\Users\user\AppData\Roaming\Seznam.cz"
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\UNZIP.EXE C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\unzip.exe -d C:\Users\user\AppData\Local\Temp\~006A8B64.00000DD4.sznpkg -o C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\download\cz.seznam.software.libszndesktop-2.1.35-win32.zip
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /S /C "install.bat C:\Users\user\AppData\Roaming\Seznam.cz"
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\UNZIP.EXE C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\unzip.exe -d C:\Users\user\AppData\Local\Temp\~006A9140.00000DD4.sznpkg -o C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\download\cz.seznam.software.szndesktop-2.0.32-win32.zip
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /S /C "install.bat C:\Users\user\AppData\Roaming\Seznam.cz"
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\UNZIP.EXE C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\unzip.exe -d C:\Users\user\AppData\Local\Temp\~006A93FF.00000DD4.sznpkg -o C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\download\cz.seznam.software.libfoxcub-3.3.8-win32.zip
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /S /C "install.bat C:\Users\user\AppData\Roaming\Seznam.cz"
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\UNZIP.EXE C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\unzip.exe -d C:\Users\user\AppData\Local\Temp\~006AA61F.00000DD4.sznpkg -o C:\Users\user\AppData\Roaming\Seznam.cz\install\cz.seznam.software.libfoxloader-3.2.7-win32.zip
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /S /C "install.bat C:\Users\user\AppData\Roaming\Seznam.cz"
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\UNZIP.EXE C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\unzip.exe -d C:\Users\user\AppData\Local\Temp\~006AA7B6.00000DD4.sznpkg -o C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\download\cz.seznam.software.libfoxcub64-3.3.8-win32.zip
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /S /C "install.bat C:\Users\user\AppData\Roaming\Seznam.cz"
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\UNZIP.EXE C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\unzip.exe -d C:\Users\user\AppData\Local\Temp\~006AB17A.00000DD4.sznpkg -o C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\download\cz.seznam.software.ielisticka3-3.3.5-win32.zip
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /S /C "install.bat C:\Users\user\AppData\Roaming\Seznam.cz"
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\UNZIP.EXE C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\unzip.exe -d C:\Users\user\AppData\Local\Temp\~006AB2D1.00000DD4.sznpkg -o C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\download\szn-software-fflisticka-4.0.8-win32.zip
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /S /C "install.bat C:\Users\user\AppData\Roaming\Seznam.cz"
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\UNZIP.EXE C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\unzip.exe -d C:\Users\user\AppData\Local\Temp\~006AC669.00000DD4.sznpkg -o C:\Users\user\AppData\Roaming\Seznam.cz\install\cz.seznam.software.chromelisticka-2.0.4-win32.zip
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /S /C "install.bat C:\Users\user\AppData\Roaming\Seznam.cz"
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\UNZIP.EXE C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\unzip.exe -d C:\Users\user\AppData\Local\Temp\~006AD463.00000DD4.sznpkg -o C:\Users\user\AppData\Roaming\Seznam.cz\install\com.microsoft.msdn.msvcr100-10.0.40219.325-win32.zip
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /S /C "install.bat C:\Users\user\AppData\Roaming\Seznam.cz"
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\UNZIP.EXE C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\unzip.exe -d C:\Users\user\AppData\Local\Temp\~006AD780.00000DD4.sznpkg -o C:\Users\user\AppData\Roaming\Seznam.cz\install\cz.seznam.software.pp-1.0.2-win32.zip
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\CPY.EXE cpy libfoxcub.conf "C:\Users\user\AppData\Roaming\Seznam.cz\conf\szndesktop.d"
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\UNZIP.EXE C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\unzip.exe -d C:\Users\user\AppData\Local\Temp\~006AE03A.00000DD4.sznpkg -o C:\Users\user\AppData\Roaming\Seznam.cz\install\szn-software-listicka-3.0.0-win32.zip
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /S /C "install.bat C:\Users\user\AppData\Roaming\Seznam.cz"
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /S /C "C:\Users\user\AppData\Roaming\Seznam.cz\uninstall\cz_seznam_software_libszndesktop_2_1_35.reconfigure.bat C:\Users\user\AppData\Roaming\Seznam.cz"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\REG.EXE REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /f /v "cz.seznam.software.autoupdate" /d "\"C:\Users\user\AppData\Roaming\Seznam.cz\szninstall.exe\" -c"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\CPY.EXE cpy msvcp110.dll "C:\Users\user\AppData\Roaming\Seznam.cz\bin"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\CPY.EXE cpy msvcr110.dll "C:\Users\user\AppData\Roaming\Seznam.cz\bin"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\CPY.EXE cpy lightspeed.dll "C:\Users\user\AppData\Roaming\Seznam.cz\bin"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\CPY.EXE cpy "szndesktop.exe" "C:\Users\user\AppData\Roaming\Seznam.cz\bin"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\CPY.EXE cpy "szndesktop.conf" "C:\Users\user\AppData\Roaming\Seznam.cz\conf"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\CPY.EXE cpy "szndesktop.webpak" "C:\Users\user\AppData\Roaming\Seznam.cz\data"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\CPY.EXE cpy "sznpp.exe" "C:\Users\user\AppData\Roaming\Seznam.cz\bin"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\REG.EXE reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SeznamInstall" /v DisplayVersion /t REG_SZ /d "2.1.35" /f
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\CPY.EXE cpy "wszndesktop.exe" "C:\Users\user\AppData\Roaming\Seznam.cz\bin"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\REG.EXE REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /f /v "cz.seznam.software.szndesktop" /d "\"C:\Users\user\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe\" -q"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\CPY.EXE cpy libfoxcub.dll "C:\Users\user\AppData\Roaming\Seznam.cz\bin"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\CPY.EXE cpy libfoxcub-x64.dll "C:\Users\user\AppData\Roaming\Seznam.cz\bin"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\CPY.EXE cpy libfoxcub.conf "C:\Users\user\AppData\Roaming\Seznam.cz\conf\szndesktop.d"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\CPY.EXE cpy foxcub.conf "C:\Users\user\AppData\Roaming\Seznam.cz\conf\libfoxcub"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\CPY.EXE cpy remote.conf "C:\Users\user\AppData\Roaming\Seznam.cz\conf\libfoxcub"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\CPY.EXE cpy listickaconfig.webpak "C:\Users\user\AppData\Roaming\Seznam.cz\data"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\CPY.EXE cpy listickanastaveni.webpak "C:\Users\user\AppData\Roaming\Seznam.cz\data"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\CPY.EXE cpy speeddial.webpak "C:\Users\user\AppData\Roaming\Seznam.cz\data"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe libfoxcub.dll,UpgradeListicka
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\REG.EXE REG QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\szn-software-listicka" /v "UninstallString"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\REG.EXE REG QUERY "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\szn-software-listicka" /v "UninstallString"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\REG.EXE REG DELETE "HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EA837F48-5AD1-443E-AE34-FFE03CBF3099}" /F
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Roaming\Seznam.cz\bin\sznpp.exe "C:\Users\user\AppData\Roaming\Seznam.cz\bin\sznpp.exe" -v report-ielisticka-install --status=0
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\CPY.EXE cpy libfoxcub-x64.dll "C:\Users\user\AppData\Roaming\Seznam.cz\bin"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\CPY.EXE cpy listicka-x64.exe "C:\Users\user\AppData\Roaming\Seznam.cz\bin"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe szndesktop.exe default restart

Very long cmdline option found, this is very uncommon (may be encrypted or packed)

Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\UNZIP.EXE c:\users\user\appdata\local\temp\~006a2de2.00000dd4.sznpkg\unzip.exe -d c:\users\user\appdata\local\temp\~006a8960.00000dd4.sznpkg -o c:\users\user\appdata\local\temp\~006a2de2.00000dd4.sznpkg\download\cz.seznam.software.lightspeed-1210-12.10.18-win32.zip
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\UNZIP.EXE c:\users\user\appdata\local\temp\~006a2de2.00000dd4.sznpkg\unzip.exe -d c:\users\user\appdata\local\temp\~006a8b64.00000dd4.sznpkg -o c:\users\user\appdata\local\temp\~006a2de2.00000dd4.sznpkg\download\cz.seznam.software.libszndesktop-2.1.35-win32.zip
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\UNZIP.EXE c:\users\user\appdata\local\temp\~006a2de2.00000dd4.sznpkg\unzip.exe -d c:\users\user\appdata\local\temp\~006a8960.00000dd4.sznpkg -o c:\users\user\appdata\local\temp\~006a2de2.00000dd4.sznpkg\download\cz.seznam.software.lightspeed-1210-12.10.18-win32.zip
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\UNZIP.EXE c:\users\user\appdata\local\temp\~006a2de2.00000dd4.sznpkg\unzip.exe -d c:\users\user\appdata\local\temp\~006a8b64.00000dd4.sznpkg -o c:\users\user\appdata\local\temp\~006a2de2.00000dd4.sznpkg\download\cz.seznam.software.libszndesktop-2.1.35-win32.zip

Contains functionality to query CPU information (cpuid)

Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe

Code function: 16_2_04C9EC23 cpuid

16_2_04C9EC23

Contains functionality to query locales information (e.g. system language)

Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	Code function: getlicenselangco,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,wsprintfW,wsprintfW,wsprintfW,GlobalAlloc,GlobalAlloc,lstrcpynW,lstrcpynW,GlobalAlloc,lstrcpynW,GlobalAlloc,lstrcpynW,	16_2_04C92CA0
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	Code function: GlobalAlloc,lstrcpyW,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,ShellExecuteW,	16_2_04C915F0
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	Code function: GetLocaleInfoA,	16_2_04CA0540
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: GetThreadLocale,GetLocaleInfoA,GetACP,	20_2_033DC431
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: GetLocaleInfoA,	20_2_033E79B0
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: InterlockedIncrement,InterlockedIncrement,GetLocaleInfoA,GetLocaleInfoA,GetLocaleInfoA,GetLocaleInfoA,InterlockedIncrement,InterlockedIncrement,GetLocaleInfoA,InterlockedIncrement,InterlockedIncrement,InterlockedIncrement,InterlockedIncrement,	20_2_04043450
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: GetLocaleInfoA,	20_2_0406F48A
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: GetCPInfo,GetLocaleInfoA,GetCPInfo,MultiByteToWideChar,GetCPInfo,_strlen,MultiByteToWideChar,_malloc,_memset,MultiByteToWideChar,WideCharToMultiByte,WideCharToMultiByte,WideCharToMultiByte,__calloc_crt,WideCharToMultiByte,__freea,	20_2_0406F4D1
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: GetLocaleInfoA,_LocaleUpdate::_LocaleUpdate,__isleadbyte_l,___crtGetStringTypeA,	20_2_0406907B
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: _LocaleUpdate::_LocaleUpdate,GetLocaleInfoA,__isctype_l,	20_2_0406A342
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: GetStringTypeW,GetLastError,MultiByteToWideChar,MultiByteToWideChar,_malloc,_memset,MultiByteToWideChar,GetStringTypeW,__freea,___ansicp,GetLocaleInfoA,___convertcp,GetStringTypeA,	20_2_0406EC96
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: GetLocaleInfoA,	20_2_04042FD0
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: InterlockedIncrement,InterlockedIncrement,GetLocaleInfoA,GetLocaleInfoA,GetLocaleInfoA,GetLocaleInfoA,InterlockedIncrement,InterlockedIncrement,GetLocaleInfoA,InterlockedIncrement,InterlockedIncrement,InterlockedIncrement,	20_2_04838D40
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: GetThreadLocale,GetLocaleInfoA,GetACP,	20_2_048724AB
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: GetLocaleInfoA,	20_2_04885422
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: GetLocaleInfoA,	20_2_04837CF0
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: GetLocaleInfoA,GetLocaleInfoA,GetLocaleInfoA,GetNumberFormatA,InterlockedIncrement,	20_2_04839830
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: GetLocaleInfoA,	20_2_04839B90
Source: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\UNZIP.EXE	Code function: GetLocaleInfoA,	38_2_0041713F
Source: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\UNZIP.EXE	Code function: GetLocaleInfoA,IsValidCodePage,IsValidLocale,GetLocaleInfoA,GetLocaleInfoA,	38_2_00416AF5
Source: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\UNZIP.EXE	Code function: GetLocaleInfoW,GetLocaleInfoA,GetLocaleInfoA,GetLocaleInfoW,GetLocaleInfoW,WideCharToMultiByte,	38_2_0041BC50
Source: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\UNZIP.EXE	Code function: EnumSystemLocalesA,	38_2_00417068
Source: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\UNZIP.EXE	Code function: EnumSystemLocalesA,	38_2_00416CCA
Source: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\UNZIP.EXE	Code function: GetLocaleInfoA,	38_2_00411CF0
Source: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\UNZIP.EXE	Code function: GetLocaleInfoA,	38_2_0041709F
Source: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\UNZIP.EXE	Code function: GetLocaleInfoA,	38_2_00411CB0
Source: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\UNZIP.EXE	Code function: GetLocaleInfoA,GetLocaleInfoA,GetLocaleInfoA,	38_2_00416D51
Source: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\UNZIP.EXE	Code function: GetLocaleInfoW,WideCharToMultiByte,	38_2_0041BD13
Source: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\UNZIP.EXE	Code function: GetLocaleInfoA,	38_2_004171C4
Source: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\UNZIP.EXE	Code function: GetLocaleInfoA,	38_2_0041725C
Source: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\UNZIP.EXE	Code function: EnumSystemLocalesA,	38_2_00416F55
Source: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\UNZIP.EXE	Code function: GetLocaleInfoW,GetLocaleInfoA,GetLocaleInfoW,GetLocaleInfoA,GetLocaleInfoA,MultiByteToWideChar,	38_2_0041BB3D
Source: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\UNZIP.EXE	Code function: GetLocaleInfoA,MultiByteToWideChar,	38_2_0041BBFA
Source: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\UNZIP.EXE	Code function: GetLocaleInfoA,	38_2_00416FAB
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: _Getdateorder,___lc_locale_name_func,__crtGetLocaleInfoEx,	135_2_6C10F5AD
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: wcscmp,wcscmp,_wtol,__crtGetLocaleInfoEx,__crtGetLocaleInfoEx,GetACP,	135_2_6C23EC5A
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: _getptd,IsValidCodePage,wcslen,wcsncpy_s,__crtGetLocaleInfoEx,_GetLocaleNameFromLanguage,_GetLocaleNameFromLanguage,__crtGetLocaleInfoEx,_invoke_watson,	135_2_6C23ECA7
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: __crtGetLocaleInfoEx,wcsncmp,	135_2_6C2C4CA0
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: _getptd,_getptd,GetLocaleInfoW,_wcsicmp,	135_2_6C2C4CEA
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: wcschr,wcschr,_itow_s,__crtGetLocaleInfoEx,	135_2_6C23EDA0
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: _getptd,wcslen,EnumSystemLocalesW,	135_2_6C2C4D98
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: _getptd,wcslen,wcslen,_GetPrimaryLen,EnumSystemLocalesW,	135_2_6C2C4DD8
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: _getptd,wcslen,_GetPrimaryLen,EnumSystemLocalesW,	135_2_6C2C4E55
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: _getptd,_getptd,GetLocaleInfoW,_wcsicmp,GetLocaleInfoW,_wcsicmp,_wcsnicmp,wcslen,GetLocaleInfoW,_wcsicmp,wcslen,_wcsicmp,	135_2_6C2C4ED8
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: __crtGetUserDefaultLocaleName,wcslen,wcsncpy_s,_invoke_watson,__crtEnumSystemLocalesEx,	135_2_6C23EF84
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: wcslen,__crtEnumSystemLocalesEx,	135_2_6C2C4BA5
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: _getptd,__crtGetLocaleInfoEx,_wcsicmp,wcslen,wcsncpy_s,_invoke_watson,	135_2_6C2C4BEF
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: _getptd,wcsncpy_s,wcslen,wcscmp,wcscmp,memcpy,wcscpy_s,wcscpy_s,wcslen,wcsncpy_s,wcsncpy_s,__crtIsValidLocaleName,__crtGetLocaleInfoEx,GetACP,wcsncpy_s,wcsncpy_s,wcsncpy_s,wcslen,wcsncpy_s,_invoke_watson,_errno,	135_2_6C23418F
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: __crtEnumSystemLocalesEx,EnumSystemLocalesW,	135_2_6C2C1C7E
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: __crtGetLocaleInfoEx,GetLocaleInfoW,	135_2_6C2C1D04
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: __crtGetLocaleInfoEx,__crtGetLocaleInfoEx,WideCharToMultiByte,_freea_s,malloc,	135_2_6C23DD7B
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: __crtGetLocaleInfoEx,free,_calloc_crt,strncpy_s,__crtGetLocaleInfoEx,_calloc_crt,__crtGetLocaleInfoEx,GetLastError,_calloc_crt,free,free,_invoke_watson,_malloc_crt,memcpy,_siglookup,	135_2_6C23DEF1
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: _getptd,__crtGetLocaleInfoEx,	135_2_6C245941
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: __crtGetLocaleInfoEx,_wcsicmp,wcslen,wcsncpy_s,_getptd,__crtGetLocaleInfoEx,_wcsicmp,__crtGetLocaleInfoEx,_wcsicmp,_wcsnicmp,_TestDefaultCountry,wcslen,wcsncpy_s,wcslen,_TestDefaultCountry,wcslen,_invoke_watson,__crtGetLocaleInfoEx,	135_2_6C245942
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: wcslen,wcslen,__crtEnumSystemLocalesEx,	135_2_6C245B73
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: _getptd,_getptd,GetLocaleInfoW,_wcsicmp,_wcsicmp,	135_2_6C2C50CB
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: wcscmp,wcscmp,GetLocaleInfoW,_wtol,GetLocaleInfoW,GetACP,	135_2_6C2C51F3
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: _getptd,GetLocaleInfoW,_GetPrimaryLen,wcslen,	135_2_6C2C52B4
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: wcschr,wcslen,_calloc_crt,wcslen,wcscpy_s,SetEnvironmentVariableW,free,_errno,_errno,_invalid_parameter_noinfo,___crtGetEnvironmentStringsW,___mbtow_environ,_malloc_crt,_malloc_crt,free,__recalloc_crt,__recalloc_crt,_errno,free,free,_invoke_watson,_invoke_watson,__crtEnumSystemLocalesEx,	135_2_6C24B2F1
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: _getptd,memset,_getptd,_GetLcidFromCountry,GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,_itow_s,	135_2_6C2C531C

Queries the volume information (name, serial number etc) of a device

Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\PicasaPhotoViewer.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-PhotoBasic-PictureTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation
Source: C:\Program Files (x86)\Google\Picasa3\PicasaPhotoViewer.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-PhotoBasic-PictureTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\UNZIP.EXE	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\UNZIP.EXE	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\UNZIP.EXE	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\UNZIP.EXE	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\SysWOW64\cmd.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\UNZIP.EXE	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\UNZIP.EXE	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\UNZIP.EXE	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\SysWOW64\cmd.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\UNZIP.EXE	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\UNZIP.EXE	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\SysWOW64\cmd.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\SysWOW64\cmd.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\SysWOW64\cmd.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\SysWOW64\cmd.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\UNZIP.EXE	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\SysWOW64\cmd.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\SysWOW64\cmd.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\UNZIP.EXE	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\SysWOW64\cmd.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\SysWOW64\cmd.exe	Queries volume information: C:\ VolumeInformation

Source: C:\Users\user\Desktop\1a4e5ccd35a56d84281a143f831563be.exe

Code function: 15_2_73A33F50 GetSystemTimeAsFileTime,GetCurrentProcessId,GetCurrentThreadId,GetTickCount,QueryPerformanceCounter,

15_2_73A33F50

Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe

Code function: 20_2_04820580 __time64,GetTimeZoneInformation,

20_2_04820580

Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe

Code function: 16_2_04C920F0 GlobalAlloc,MessageBoxW,GetVersion,GetFileAttributesW,SHGetSpecialFolderPathW,SHGetSpecialFolderPathW,SHGetSpecialFolderPathW,_wcsrchr,

16_2_04C920F0

Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\sznpp.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Contains functionality to open a port and listen for incoming connection (possibly a backdoor)

Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: 135_2_6C28859A ??0exception@std@@QAE@XZ,??0exception@std@@QAE@XZ,_CxxThrowException,Concurrency::details::WorkItem::BindTo,Concurrency::details::SchedulerBase::ReleaseInternalContext,Concurrency::details::SchedulerBase::ReleaseInternalContext,	135_2_6C28859A
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: 135_2_6C28839B Concurrency::details::WorkItem::BindTo,Concurrency::details::SchedulerBase::ReleaseInternalContext,	135_2_6C28839B
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: 135_2_6C375110 InterlockedIncrement,__RTDynamicCast,InterlockedIncrement,_CxxThrowException,InterlockedIncrement,_CxxThrowException,socket,htons,WSAGetLastError,_CxxThrowException,SetHandleInformation,setsockopt,setsockopt,ioctlsocket,setsockopt,bind,WSAGetLastError,_CxxThrowException,listen,WSAGetLastError,_CxxThrowException,	135_2_6C375110
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: 135_2_6C376830 getaddrinfo,#74,WSAGetLastError,_CxxThrowException,freeaddrinfo,socket,WSAGetLastError,_CxxThrowException,bind,WSAGetLastError,_CxxThrowException,ioctlsocket,setsockopt,socket,WSAGetLastError,_CxxThrowException,	135_2_6C376830

Screenshots

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
142.250.185.228	www2.l.google.com	United States	15169	GOOGLEUS	false
13.107.246.40	unknown	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
104.118.10.106	unknown	United States	16625	AKAMAI-ASUS	false
104.18.187.31	unknown	United States	13335	CLOUDFLARENETUS	false
52.240.245.67	unknown	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
157.240.241.35	unknown	United States	32934	FACEBOOKUS	false
20.114.189.70	unknown	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
162.159.61.3	unknown	United States	13335	CLOUDFLARENETUS	false
23.200.0.9	unknown	United States	20940	AKAMAI-ASN1EU	false
157.240.241.1	unknown	United States	32934	FACEBOOKUS	false
20.110.205.119	unknown	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
13.107.21.237	unknown	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
77.75.78.30	h.seznam.cz	Czech Republic	43037	SEZNAM-CZ	false
13.107.42.14	unknown	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
172.217.23.100	unknown	United States	15169	GOOGLEUS	false
23.57.90.111	unknown	United States	35994	AKAMAI-ASUS	false
152.195.19.97	unknown	United States	15133	EDGECASTUS	false
72.21.81.200	unknown	United States	15133	EDGECASTUS	false
216.58.206.36	www.google.com	United States	15169	GOOGLEUS	false
172.217.23.110	support.google.com	United States	15169	GOOGLEUS	false
172.217.23.97	googlehosted.l.googleusercontent.com	United States	15169	GOOGLEUS	false
142.250.185.161	blogspot.l.googleusercontent.com	United States	15169	GOOGLEUS	false
150.171.28.10	unknown	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
77.75.76.70	download.seznam.cz	Czech Republic	43037	SEZNAM-CZ	false
172.64.41.3	chrome.cloudflare-dns.com	United States	13335	CLOUDFLARENETUS	false
104.118.10.2	unknown	United States	16625	AKAMAI-ASUS	false
68.67.160.114	unknown	United States	29990	ASN-APPNEXUS	false
151.101.1.108	unknown	United States	54113	FASTLYUS	false
20.42.73.30	unknown	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
104.118.9.224	unknown	United States	16625	AKAMAI-ASUS	false
104.70.121.218	unknown	United States	20940	AKAMAI-ASN1EU	false
104.118.8.10	unknown	United States	16625	AKAMAI-ASUS	false
142.250.185.174	plus.l.google.com	United States	15169	GOOGLEUS	false
20.190.152.20	unknown	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
20.190.152.22	unknown	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
142.250.186.65	unknown	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.16

Contacted Domains

Name	IP	Active
chrome.cloudflare-dns.com	172.64.41.3	true
api.software.seznam.cz	77.75.77.161	true
plus.l.google.com	142.250.185.174	true
blogspot.l.googleusercontent.com	142.250.185.161	true
support.google.com	172.217.23.110	true
h.seznam.cz	77.75.78.30	true
sni1gl.wpc.nucdn.net	152.199.21.175	true
download.seznam.cz	77.75.76.70	true
www3.l.google.com	142.250.186.174	true
www2.l.google.com	142.250.185.228	true
www.google.com	216.58.206.36	true
googlehosted.l.googleusercontent.com	172.217.23.97	true
h.imedia.cz	77.75.78.30	true
software.seznam.cz	unknown	unknown
sentry.sklik.cz	unknown	unknown
lh3.googleusercontent.com	unknown	unknown
picasa-readme.blogspot.com	unknown	unknown
picasa.google.com	unknown	unknown
clients2.googleusercontent.com	unknown	unknown
pack.google.com	unknown	unknown
chrome.google.com	unknown	unknown
apis.google.com	unknown	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://download.seznam.cz/update/cz.seznam.software.libfoxcub-3.3.8-win32.zip	false
https://download.seznam.cz/update/cz.seznam.software.libszndesktop-2.1.35-win32.zip	false
https://download.seznam.cz/update/cz.seznam.software.szninstall-1.1.15-win32.zip	false
https://download.seznam.cz/update/cz.seznam.software.ielisticka3-3.3.5-win32.zip	false
https://bzib.nelreports.net/api/report?cat=bingbusiness	false
https://px.ads.linkedin.com/wa/	false
https://download.seznam.cz/update/cz.seznam.software.sznsetup-1.2.7-win32.zip	false
http://picasa.google.com/support/bin/answer.py?hl=en&answer=93773	false
https://h.imedia.cz/hit/?a=event&d=%7B%22action%22%3A%22startup%22%2C%22application%22%3A%22szndesktop%22%2C%22signedhash%22%3A%220%22%2C%22chrv%22%3A48%2C%22che%22%3A48%2C%22chs%22%3A16%2C%22ches%22%3A16%2C%22ie%22%3A1%2C%22osbuild%22%3A19045%2C%22osarch%22%3A9%2C%22chver%22%3A%22117.0.5938.132%22%2C%22ffver%22%3A%22118.0.1%22%2C%22iever%22%3A%2211.00.19041.1%20%28WinBuild.160101.0800%29%22%7D&s=partprog&v=2.1.35&r=-1794028113&u=http://www.seznam.cz&h=B0B7C794-8699-4634-B6F9-24DA47BBD8EF&lsid=1727871011238&lses=1727871002951	false

Uses Microsoft's Enhanced Cryptographic Provider

Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_04819970 CryptAcquireContextA,CryptAcquireContextA,GetLastError,CryptAcquireContextA,CryptCreateHash,CryptHashData,CryptDeriveKey,CryptEncrypt,CryptEncrypt,_strncpy,CryptEncrypt,CryptReleaseContext,InterlockedIncrement,	20_2_04819970
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_04819BA0 CryptAcquireContextA,CryptAcquireContextA,GetLastError,CryptAcquireContextA,CryptCreateHash,CryptHashData,CryptDeriveKey,CryptDecrypt,CryptReleaseContext,	20_2_04819BA0
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_047E7BC0 CryptEncrypt,InterlockedIncrement,	20_2_047E7BC0

Source: https://support.google.com/picasa/answer/6383491?hl=en&visit_id=638634609885905976-1351747924&rd=3

HTTP Parser: No favicon

Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe

Source: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\REG.EXE

Registry value created: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SeznamInstall

Source: C:\Users\user\AppData\Roaming\Seznam.cz\szninstall.exe	File created: C:\Users\user\AppData\Roaming\Seznam.cz\install.log.5868.log
Source: C:\Users\user\AppData\Roaming\Seznam.cz\szninstall.exe	File created: C:\Users\user\AppData\Roaming\Seznam.cz\install.log
Source: C:\Windows\SysWOW64\cmd.exe	File created: C:\Users\user\AppData\Roaming\Seznam.cz\install_packages.log

Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe

File opened: C:\Users\user\AppData\Local\Temp\~006AD463.00000DD4.sznpkg\msvcr100.dll

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49702 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49704 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.75.76.70:443 -> 192.168.2.16:49708 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.217.23.110:443 -> 192.168.2.16:49716 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.217.23.110:443 -> 192.168.2.16:49715 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 142.250.186.65:443 -> 192.168.2.16:49736 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 142.250.186.65:443 -> 192.168.2.16:49737 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 142.250.185.174:443 -> 192.168.2.16:49755 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 142.250.185.174:443 -> 192.168.2.16:49754 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.217.23.110:443 -> 192.168.2.16:49772 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.217.23.110:443 -> 192.168.2.16:49773 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.217.23.110:443 -> 192.168.2.16:49775 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.75.76.70:443 -> 192.168.2.16:49776 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.190.159.64:443 -> 192.168.2.16:49926 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.75.78.30:443 -> 192.168.2.16:49960 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.75.78.30:443 -> 192.168.2.16:49966 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.75.78.30:443 -> 192.168.2.16:49969 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.75.78.30:443 -> 192.168.2.16:49972 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.75.78.30:443 -> 192.168.2.16:49981 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.75.78.30:443 -> 192.168.2.16:49996 version: TLS 1.2

Source:	Binary string: C:\Users\ondrej.novak\Documents\Visual Studio 2008\Projects\software-trunk\SeznamInstall\bin\debug\sznsetup-lt.pdbPV source: sznsetup-lt.exe, 00000017.00000000.1729394687.000000000052B000.00000002.00000001.01000000.0000001F.sdmp
Source:	Binary string: C:\Repository\listicka\ielisticka_new\bin-Release\pdb\listicka-x64.pdb source: UNZIP.EXE, 00000081.00000002.2178378406.0000000000428000.00000040.00000001.01000000.00000026.sdmp, CPY.EXE, 00000086.00000002.2185910879.000000000075A000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \plugins\CDVDR\*.pdb source: setuppicasa39-setup.exe, 00000010.00000003.1659418312.000000000067F000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \plugins\expwebsites\*.pdb source: setuppicasa39-setup.exe, 00000010.00000003.1659418312.000000000067F000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: p:\d\a\wpyh4-vm-6.hot\recipes\840394494\base\googleclient\picasa39-stable\build\Picasa3.pdb source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp
Source:	Binary string: C:\playground\repos\listicka\sznpp\bin\symbols\Release_x86\sznpp_dll.pdb source: UNZIP.EXE, 0000005D.00000002.2105385323.0000000000428000.00000040.00000001.01000000.00000026.sdmp, CPY.EXE, 00000064.00000002.2115643669.0000000000ECA000.00000004.00000020.00020000.00000000.sdmp, sznpp.exe, 0000007C.00000000.2152804918.0000000000BFB000.00000002.00000001.01000000.0000002C.sdmp
Source:	Binary string: msvcp110.i386.pdb source: szndesktop.exe, szndesktop.exe, 00000087.00000002.2193190667.000000006C0E1000.00000020.00000001.01000000.0000002E.sdmp
Source:	Binary string: C:\Users\ondrej.novak\Documents\Visual Studio 2008\Projects\software-trunk\SeznamInstall\bin\debug\sznsetup.pdb source: sznsetup.exe, 00000039.00000000.1850844929.0000000000F0C000.00000002.00000001.01000000.00000023.sdmp
Source:	Binary string: msvcr110.i386.pdb source: UNZIP.EXE, 00000052.00000002.2089014833.0000000000428000.00000040.00000001.01000000.00000026.sdmp, CPY.EXE, 00000057.00000002.2096863979.0000000000B3A000.00000004.00000020.00020000.00000000.sdmp, szndesktop.exe, szndesktop.exe, 00000087.00000002.2195197650.000000006C221000.00000020.00000001.01000000.0000002B.sdmp
Source:	Binary string: C:\playground\repos\listicka\sznpp\bin\symbols\Release_x64\sznpp_64.pdb source: sznpp.exe, 0000007C.00000000.2152804918.0000000000B52000.00000002.00000001.01000000.0000002C.sdmp
Source:	Binary string: PhotoViewer.pdbGCTL source: PicasaPhotoViewer.exe, 00000015.00000003.1748748621.0000000003DBE000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\playground\repos\listicka\sznpp\bin\symbols\Release_x86\sznpp.pdb source: sznpp.exe, 0000007C.00000000.2152425887.0000000000B0C000.00000002.00000001.01000000.0000002C.sdmp
Source:	Binary string: C:\playground\repos\listicka\sznpp\bin\symbols\Release_x86\sznpp.pdb- source: sznpp.exe, 0000007C.00000000.2152425887.0000000000B0C000.00000002.00000001.01000000.0000002C.sdmp
Source:	Binary string: p:\d\a\wpyh4-vm-6.hot\recipes\840394494\base\googleclient\picasa39-stable\build\PicasaPhotoViewer.pdb source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000031AA000.00000004.00000020.00020000.00000000.sdmp, PicasaPhotoViewer.exe, 00000015.00000000.1692209976.000000000070D000.00000002.00000001.01000000.00000019.sdmp
Source:	Binary string: p:\d\a\wpyh4-vm-6.hot\recipes\840394494\base\googleclient\picasa39-stable\build\cdautorun\PicasaCD.pdb source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.0000000004419000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: mi_exe_stub.pdb@;AL source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000029F6000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: p:\d\a\wpyh4-vm-6.hot\recipes\840394494\base\googleclient\picasa39-stable\build\plugins\CDVDR\CDVDR.pdb source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.0000000003831000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2497615129.00000000033F3000.00000002.00000001.01000000.00000015.sdmp
Source:	Binary string: p:\d\a\wpyh4-vm-6.hot\recipes\840394494\base\googleclient\picasa39-stable\build\npPicasa3.pdb source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.0000000002E88000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: d:\Development\googleclient\picasa4\build\plugins\Red.pdb source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.0000000003FAE000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Repository\listicka\ielisticka_new\bin-Release\pdb\szndesktop.pdb source: CPY.EXE, 00000061.00000002.2108099884.0000000000E09000.00000004.00000020.00020000.00000000.sdmp, szndesktop.exe, 00000087.00000000.2188348792.0000000000875000.00000002.00000001.01000000.0000002D.sdmp
Source:	Binary string: p:\d\a\wpyh4-vm-6.hot\recipes\840394494\base\googleclient\picasa39-stable\build\plugins\expwebsites\expwebsites.pdb source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.0000000003DA5000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2533437740.000000000488F000.00000002.00000001.01000000.00000016.sdmp
Source:	Binary string: C:\Users\ondrej.novak\Documents\Visual Studio 2008\Projects\software-trunk\SeznamInstall\bin\debug\sznsetup-lt.pdb source: listicka.exe, 00000016.00000002.2443085483.00000000029E3000.00000004.00000020.00020000.00000000.sdmp, sznsetup-lt.exe, 00000017.00000000.1729394687.000000000052B000.00000002.00000001.01000000.0000001F.sdmp
Source:	Binary string: C:\playground\repos\listicka\sznpp\bin\symbols\Release_x64\sznpp_dll.pdb source: CPY.EXE, 00000064.00000002.2115643669.0000000000ECA000.00000004.00000020.00020000.00000000.sdmp, sznpp.exe, 0000007C.00000000.2152804918.0000000000BFB000.00000002.00000001.01000000.0000002C.sdmp
Source:	Binary string: C:\playground\repos\listicka\sznpp\bin\symbols\Release_x64\sznpp_64.pdb( source: sznpp.exe, 0000007C.00000000.2152804918.0000000000B52000.00000002.00000001.01000000.0000002C.sdmp
Source:	Binary string: p:\d\a\wpyh4-vm-6.hot\recipes\840394494\base\googleclient\picasa39-stable\build\GPhotos.pdb source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000035FF000.00000004.00000020.00020000.00000000.sdmp, GPhotos.scr, 00000011.00000000.1542724484.000000000062E000.00000002.00000001.01000000.0000000F.sdmp
Source:	Binary string: C:\Repository\listicka\ielisticka_new\bin-Release\pdb\szndesktop.pdb44 source: CPY.EXE, 00000061.00000002.2108099884.0000000000E09000.00000004.00000020.00020000.00000000.sdmp, szndesktop.exe, 00000087.00000000.2188348792.0000000000875000.00000002.00000001.01000000.0000002D.sdmp
Source:	Binary string: C:\Repository\listicka-new\ielisticka_new\bin-Release\pdb\lightspeed.pdb source: CPY.EXE, 0000005C.00000002.2102179386.0000000000B00000.00000004.00000020.00020000.00000000.sdmp, szndesktop.exe, 00000087.00000002.2198970614.000000006C384000.00000002.00000001.01000000.0000002A.sdmp
Source:	Binary string: p:\d\a\wpyh4-vm-6.hot\recipes\840394494\base\googleclient\picasa39-stable\build\plugins\ytITivo.pdb source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.0000000003F3F000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2504208079.0000000004079000.00000002.00000001.01000000.00000017.sdmp
Source:	Binary string: C:\Repository\listicka-new\ielisticka_new\bin-Release\pdb\lightspeed.pdbQQ source: CPY.EXE, 0000005C.00000002.2102179386.0000000000B00000.00000004.00000020.00020000.00000000.sdmp, szndesktop.exe, 00000087.00000002.2198970614.000000006C384000.00000002.00000001.01000000.0000002A.sdmp
Source:	Binary string: p:\d\a\wpyh4-vm-6.hot\recipes\840394494\base\googleclient\picasa39-stable\build\cdautorun\PicasaRestore.pdb source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.000000000459F000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Repository\listicka\ielisticka_new\bin-Release\pdb\libfoxloader.pdb source: UNZIP.EXE, 0000007D.00000002.2173171240.000000000042B000.00000040.00000001.01000000.00000026.sdmp, szndesktop.exe, 00000087.00000002.2200176289.000000006C489000.00000002.00000001.01000000.0000002F.sdmp
Source:	Binary string: Rg.pdbH source: listicka.exe, 00000016.00000002.2443085483.00000000029E3000.00000004.00000020.00020000.00000000.sdmp, sznsetup-lt.exe, 00000017.00000000.1730049584.0000000000571000.00000002.00000001.01000000.0000001F.sdmp, REG.EXE, 0000002A.00000000.1818569837.0000000001000000.00000002.00000001.01000000.00000021.sdmp, REG.EXE, 0000002A.00000000.1818621571.0000000001018000.00000080.00000001.01000000.00000021.sdmp, REG.EXE, 0000002A.00000002.1819878005.0000000001000000.00000002.00000001.01000000.00000021.sdmp, sznsetup.exe, 00000039.00000000.1851570101.0000000000F52000.00000002.00000001.01000000.00000023.sdmp
Source:	Binary string: C:\Users\petr.slivon\Documents\Visual Studio 2012\Projects\listicka-trunk\ielisticka_new\bin-Release\pdb\wszndesktop.pdb source: UNZIP.EXE, 00000066.00000002.2120076164.0000000000428000.00000040.00000001.01000000.00000026.sdmp, CPY.EXE, 0000006A.00000002.2122729835.0000000000629000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: msvcp110.i386.pdb0 source: szndesktop.exe, 00000087.00000002.2193190667.000000006C0E1000.00000020.00000001.01000000.0000002E.sdmp
Source:	Binary string: C:\Repository\listicka\ielisticka_new\bin-Release\pdb\listicka-x64.pdbhh source: UNZIP.EXE, 00000081.00000002.2178378406.0000000000428000.00000040.00000001.01000000.00000026.sdmp, CPY.EXE, 00000086.00000002.2185910879.000000000075A000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Repository\listicka\ielisticka_new\bin-Release\pdb\libfoxloader.pdb~{ source: UNZIP.EXE, 0000007D.00000002.2173171240.000000000042B000.00000040.00000001.01000000.00000026.sdmp, szndesktop.exe, 00000087.00000002.2200176289.000000006C489000.00000002.00000001.01000000.0000002F.sdmp
Source:	Binary string: C:\Users\ondrej.novak\Documents\Visual Studio 2008\Projects\software-trunk\SeznamInstall\bin\debug\szninstall.pdb source: szninstall.exe, 00000038.00000000.1847499306.0000000000571000.00000002.00000001.01000000.00000022.sdmp
Source:	Binary string: reg.pdb source: REG.EXE, REG.EXE, 0000002A.00000002.1819912483.0000000001001000.00000040.00000001.01000000.00000021.sdmp
Source:	Binary string: mi_exe_stub.pdb source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000029F6000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: PhotoViewer.pdb source: PicasaPhotoViewer.exe, 00000015.00000003.1748748621.0000000003DBE000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: d:\twbrown-picasa-1\googleclient\picasa4\NSIS_Unicode_v3\Plugins\x86-unicode\NSIS_Picasa_Unicode.pdb source: setuppicasa39-setup.exe, 00000010.00000002.1704699696.0000000004CA3000.00000002.00000001.01000000.0000000C.sdmp
Source:	Binary string: C:\Users\ondrej.novak\Documents\Visual Studio 2008\Projects\software-trunk\SeznamInstall\bin\debug\sznsetup-lt.pdbPP source: listicka.exe, 00000016.00000002.2443085483.00000000029E3000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: p:\d\a\wpyh4-vm-6.hot\recipes\840394494\base\googleclient\picasa39-stable\build\Picasa3i18n.pdb source: Picasa3.exe, 00000014.00000002.2599698862.0000000010008000.00000002.00000001.01000000.00000014.sdmp
Source:	Binary string: C:\Users\ondrej.novak\Documents\Visual Studio 2008\Projects\software-trunk\SeznamInstall\bin\debug\sznsetup.pdb` source: sznsetup.exe, 00000039.00000000.1850844929.0000000000F0C000.00000002.00000001.01000000.00000023.sdmp
Source:	Binary string: p:\d\a\wpyh4-vm-6.hot\recipes\840394494\base\googleclient\picasa39-stable\build\cdautorun\PicasaCD.pdblpW source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.0000000004419000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\ondrej.novak\Documents\Visual Studio 2008\Projects\software-trunk\SeznamInstall\bin\debug\szninstall.pdb0Z source: szninstall.exe, 00000038.00000000.1847499306.0000000000571000.00000002.00000001.01000000.00000022.sdmp

May infect USB drives

Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	Binary or memory string: autorun.inf
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	Binary or memory string: VATAPIytICDVDR::ATAPISCSIytICDVDR::SCSI1394ytICDVDR::1394USBytICDVDR::USBUSB 2.0ytICDVDR::USB2.0Unknown typeytICDVDR::UnknownTypeCD-ROMytICDVDR::CD-ROMCD-RytICDVDR::CD-RCD-RWytICDVDR::CD-RWDVD-ROMytICDVDR::DVD-ROMDVD-RytICDVDR::DVD-RDVD-RWytICDVDR::DVD-RWDVD+RytICDVDR::DVD+RDVD+RWytICDVDR::DVD+RWDVD-RAMytICDVDR::DVD-RAMDVD+R DLytICDVDR::DVD+PR9Not Recordable DiscytICDVDR::MTNotRecRecordable DiscytICDVDR::MTRecIncompatible Recordable DiscytICDVDR::MTNotRecIncomBlank Recordable DiscytICDVDR::MTBlankUnknownytICDVDR::MTUnknownBlank DiscytICDVDR::MF1Data Mode 1 DAO (like the MSVC++ or a typical DOS game)ytICDVDR::MF2vKodak Photo CD - Data multis. Mode 2 TAOytICDVDR::MF3Gold Data Mode 1 - Data multis. Mode 1, closedytICDVDR::MF4Gold Data Mode 2 - Data multis. Mode 2, closedytICDVDR::MF5Data Mode 2 DAO (silver mastered from Corel or Toast gold)ytICDVDR::MF6CDRFS - Fixed packet (from Sony packet writing solution)ytICDVDR::MF7Packet writingytICDVDR::MF8Gold Data Mode 1 - Data multis. Mode 1, openytICDVDR::MF9Gold Data Mode 2 - Data multis. Mode 2, openytICDVDR::MF10Audio DAO Silver, like almost any music disc, or Closed GoldytICDVDR::MF11Audio Gold disc not closed (TAO or SAO)ytICDVDR::MF12First type of Enhanced CD (aborted)ytICDVDR::MF13CD Extra, Blue Book standardytICDVDR::MF14Audio TAO tracks with session not closed, the (HP way)ytICDVDR::MF15First track Data and other audioytICDVDR::MF16Gold TAO (like the ones made with Easy-CD 16 or 32 versions)ytICDVDR::MF17Kodak Portfolio (as the Kodak standard)ytICDVDR::MF18Video CD (as the White Book standard)ytICDVDR::MF19CD-i (as the Green Book standard)ytICDVDR::MF20PlayStation (Sony games)ytICDVDR::MF21ytICDVDR::MF22Recordable DVD-R, closedytICDVDR::MF23Recordable DVD-R, openytICDVDR::MF24DVD-RAM cartridgeytICDVDR::MF25OtherytICDVDR::MFOthershell32.dlloption_imagesizelimitoption_jpegqualityoption_thumbsizeoption_useorigoption_backupoption_createhtmloption_estimateoption_inifileoption_manifestoption_manifestcaptionsoption_manifestfiletimesoption_convertnonjpegoption_preservemoviesoption_noautoruninfoption_isuploadautorun.infd:\cdtemp\temp.isoPicasa CDprimoICDVDRDVDBurnBurnTempCannot create disc due to error when attempting to add folder '%s'.BurnCollection::CantAddFolderCannot create disc due to error when attempting to add item '%s'.BurnCollection::CantAddItemVerifyingContinueil_BurnPanel::InsertNext::1Disc Burningil_BurnPanel::NextDialogTitlecdchooselastcddriveuseddrive%c:\ %s on %sil_CDevChooseDialogWinuploadallinstructionpanelpublish/uploadallactionsrectpublish/uploadalloptionsrectpublish/uploadallstoragerectpublish/replicate_button_grouppublish/backup_gopublish/replicate_gopublish/backup_ejectpublish/presentcd_ejectpublish/uploadallsizepublish/uploadallaccesspublish/uploadallsyncSHCreateQueryCancelAutoPlayMonikerpublish/needed_storagepublish/full_storagepublish/final_storagethis removalil_BurnPanel::removalthis changeil_BurnPanel::changethis uploadil_BurnPanel::uploadCalculating...il_BurnPanel::calculatin
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	Binary or memory string: [autorun]
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	Binary or memory string: \autorun.inf
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	Binary or memory string: option_copysrctotempdestnone[autorun]
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	Binary or memory string: \autorun.infCDPrep%s%s%s%s%s%s%s%d%s%s%s\%s\%s\%sThreadDestroyDirectory %sburndialogIUIManagerIFileDatabaseAlignedImageCollectionPreferences\Plugins\plugins/upload/

Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	Code function: 16_2_04C91B90 lstrcpyW,GlobalAlloc,FindFirstFileW,GetLastError,FindNextFileW,FindClose,	16_2_04C91B90
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	Code function: 16_2_04C91F30 lstrcpyW,FindFirstFileW,GetLastError,GetFileAttributesW,FindNextFileW,FindClose,	16_2_04C91F30
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_033BB710 MultiByteToWideChar,MultiByteToWideChar,MultiByteToWideChar,MultiByteToWideChar,_memset,FindFirstFileW,WideCharToMultiByte,WideCharToMultiByte,WideCharToMultiByte,	20_2_033BB710
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_033F0600 GetVersion,FindFirstFileExA,	20_2_033F0600
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_033F05C0 GetVersion,FindFirstFileA,	20_2_033F05C0
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_033BB850 MultiByteToWideChar,MultiByteToWideChar,MultiByteToWideChar,MultiByteToWideChar,_memset,FindFirstFileExW,WideCharToMultiByte,WideCharToMultiByte,WideCharToMultiByte,	20_2_033BB850
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_040386D0 MultiByteToWideChar,MultiByteToWideChar,MultiByteToWideChar,MultiByteToWideChar,_memset,FindFirstFileW,WideCharToMultiByte,WideCharToMultiByte,WideCharToMultiByte,	20_2_040386D0
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_04038810 MultiByteToWideChar,MultiByteToWideChar,MultiByteToWideChar,MultiByteToWideChar,_memset,FindFirstFileExW,WideCharToMultiByte,WideCharToMultiByte,WideCharToMultiByte,	20_2_04038810
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_04076930 GetVersion,FindFirstFileA,	20_2_04076930
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_04076970 GetVersion,FindFirstFileExA,	20_2_04076970
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_048336A0 MultiByteToWideChar,MultiByteToWideChar,MultiByteToWideChar,MultiByteToWideChar,_memset,FindFirstFileW,WideCharToMultiByte,WideCharToMultiByte,WideCharToMultiByte,	20_2_048336A0
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_048337E0 MultiByteToWideChar,MultiByteToWideChar,MultiByteToWideChar,MultiByteToWideChar,_memset,FindFirstFileExW,WideCharToMultiByte,WideCharToMultiByte,WideCharToMultiByte,	20_2_048337E0
Source: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\UNZIP.EXE	Code function: 38_2_0041C29C FindFirstFileA,GetDriveTypeA,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FindClose,GetLastError,FindClose,	38_2_0041C29C
Source: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\UNZIP.EXE	Code function: 38_2_004107A0 FindFirstFileA,	38_2_004107A0
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: 135_2_6C10D6BF ?_Open_dir@sys@tr2@std@@YAPAXPA_WPB_WAAHAAW4file_type@123@@Z,__EH_prolog3_GS,wcslen,FindFirstFileExW,std::tr2::sys::_Read_dir,FindClose,std::tr2::sys::_Strcpy,	135_2_6C10D6BF
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: 135_2_6C29AAA4 _wstat32i64,__doserrno,_errno,_invalid_parameter_noinfo,_wcspbrk,_errno,__doserrno,_errno,__doserrno,towlower,_getdrive,FindFirstFileExW,_wcspbrk,wcslen,GetDriveTypeW,free,___loctotime32_t,free,_wsopen_s,__fstat32i64,_close,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime32_t,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime32_t,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime32_t,FindClose,GetLastError,__dosmaperr,FindClose,GetLastError,__dosmaperr,FindClose,	135_2_6C29AAA4
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: 135_2_6C298B4F _findfirst64i32,_errno,_invalid_parameter_noinfo,FindFirstFileExA,GetLastError,_errno,_errno,_errno,___time64_t_from_ft,___time64_t_from_ft,___time64_t_from_ft,strcpy_s,_invoke_watson,_findnext64i32,_errno,_invalid_parameter_noinfo,FindNextFileA,GetLastError,_errno,_errno,_errno,___time64_t_from_ft,___time64_t_from_ft,___time64_t_from_ft,strcpy_s,_invoke_watson,_findfirst32i64,_errno,_invalid_parameter_noinfo,FindFirstFileExA,GetLastError,_errno,_errno,_errno,___time64_t_from_ft,___time64_t_from_ft,___time64_t_from_ft,strcpy_s,_invoke_watson,_findnext32i64,_errno,_invalid_parameter_noinfo,FindNextFileA,GetLastError,_errno,_errno,_errno,___time64_t_from_ft,___time64_t_from_ft,___time64_t_from_ft,strcpy_s,_invoke_watson,_seterrormode,SetErrorMode,	135_2_6C298B4F
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: 135_2_6C29A625 _wstat64,__doserrno,_errno,_invalid_parameter_noinfo,_wcspbrk,_errno,__doserrno,_errno,__doserrno,towlower,_getdrive,FindFirstFileExW,_wcspbrk,wcslen,GetDriveTypeW,free,free,_wsopen_s,__fstat64,_close,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FindClose,GetLastError,__dosmaperr,FindClose,GetLastError,__dosmaperr,FindClose,	135_2_6C29A625
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: 135_2_6C298653 _findfirst32,_errno,_invalid_parameter_noinfo,FindFirstFileExA,GetLastError,_errno,_errno,_errno,___time64_t_from_ft,___time64_t_from_ft,___time64_t_from_ft,strcpy_s,_invoke_watson,_findnext32,_errno,_invalid_parameter_noinfo,FindNextFileA,GetLastError,_errno,_errno,_errno,___time64_t_from_ft,___time64_t_from_ft,___time64_t_from_ft,strcpy_s,_invoke_watson,_findfirst64,_errno,_invalid_parameter_noinfo,FindFirstFileExA,GetLastError,_errno,_errno,_errno,___time64_t_from_ft,___time64_t_from_ft,___time64_t_from_ft,strcpy_s,_invoke_watson,_findnext64,_errno,_invalid_parameter_noinfo,FindNextFileA,GetLastError,_errno,_errno,_errno,___time64_t_from_ft,___time64_t_from_ft,___time64_t_from_ft,strcpy_s,_invoke_watson,	135_2_6C298653
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: 135_2_6C29A1C7 _wstat32,__doserrno,_errno,_invalid_parameter_noinfo,_wcspbrk,_errno,__doserrno,towlower,_getdrive,FindFirstFileExW,_wcspbrk,wcslen,GetDriveTypeW,free,___loctotime32_t,free,_wsopen_s,__fstat32,_close,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime32_t,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime32_t,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime32_t,FindClose,_errno,GetLastError,__dosmaperr,FindClose,GetLastError,__dosmaperr,FindClose,	135_2_6C29A1C7
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: 135_2_6C297921 _malloc_crt,FindClose,FindFirstFileExA,FindNextFileA,FindClose,	135_2_6C297921
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: 135_2_6C297B8B _malloc_crt,FindClose,FindFirstFileExW,FindNextFileW,FindClose,	135_2_6C297B8B
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: 135_2_6C2377AA _wstat64i32,_wcspbrk,towlower,FindFirstFileExW,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FindClose,_errno,__doserrno,_getdrive,GetLastError,GetLastError,_wcspbrk,wcslen,__doserrno,_errno,_invalid_parameter_noinfo,GetDriveTypeW,free,free,_wsopen_s,__fstat64i32,_close,_errno,__dosmaperr,FindClose,__dosmaperr,FindClose,	135_2_6C2377AA
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: 135_2_6C299002 _wfindfirst32,_errno,_invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_errno,_errno,_errno,___time64_t_from_ft,___time64_t_from_ft,___time64_t_from_ft,wcscpy_s,_invoke_watson,_wfindnext32,_errno,_invalid_parameter_noinfo,FindNextFileW,GetLastError,_errno,_errno,_errno,___time64_t_from_ft,___time64_t_from_ft,___time64_t_from_ft,wcscpy_s,_invoke_watson,_wfindfirst64,_errno,_invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_errno,_errno,_errno,___time64_t_from_ft,___time64_t_from_ft,___time64_t_from_ft,wcscpy_s,_invoke_watson,_wfindnext64,_errno,_invalid_parameter_noinfo,FindNextFileW,GetLastError,_errno,_errno,_errno,___time64_t_from_ft,___time64_t_from_ft,___time64_t_from_ft,wcscpy_s,_invoke_watson,_wfindfirst64i32,_errno,_invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_errno,_errno,_errno,___time64_t_from_ft,___time64_t_from_ft,___time64_t_from_ft,wcscpy_s,_invoke_watson,_wfindnext64i32,_errno,_invalid_parameter_noinfo,FindNextFileW,GetLastError,_errno,_errno,_errno,___time64_t_from_ft,___time64_t_from_ft,___time64_t_from_ft,wcscpy_s,_invoke_watson,_wfindfirst32i64,_errno,_invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_errno,_errno,_errno,___time64_t_from_ft,___time64_t_from_ft,___time64_t_from_ft,wcscpy_s,_invoke_watson,_wfindnext32i64,_errno,_invalid_parameter_noinfo,FindNextFileW,GetLastError,_errno,_errno,_errno,___time64_t_from_ft,___time64_t_from_ft,___time64_t_from_ft,wcscpy_s,_invoke_watson,_access,_access_s,	135_2_6C299002
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: 135_2_6C35DBA0 FindFirstFileW,#210,FindNextFileW,FindClose,	135_2_6C35DBA0
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: 135_2_6C35EB00 #210,DeleteFileW,GetLastError,_CxxThrowException,#210,MoveFileExW,GetLastError,_CxxThrowException,#210,MoveFileExW,GetLastError,_CxxThrowException,#210,FindFirstFileW,FindClose,CopyFileW,GetLastError,_CxxThrowException,	135_2_6C35EB00

Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	File opened: C:\Users\user	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	File opened: C:\Users\user\Desktop\desktop.ini	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	File opened: C:\Users\user\Documents\desktop.ini	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	File opened: C:\Users\user\AppData\Local\Temp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	File opened: C:\Users\user\AppData	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	File opened: C:\Users\user\AppData\Local	Jump to behavior

Potential browser exploit detected (process start blacklist hit)

Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe

Process created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe

Networking

Queries Google from non browser process on port 80

Source: C:\Windows\SysWOW64\GPhotos.scr

HTTP GET or POST without a user agent

Source: global traffic	HTTP traffic detected: GET /update/packages.inf HTTP/1.1Host: download.seznam.czConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /update/cz.seznam.software.sznsetup-1.2.7-win32.zip HTTP/1.1Host: download.seznam.czConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /update/cz.seznam.software.szninstall-1.1.15-win32.zip HTTP/1.1Host: download.seznam.czConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /update/packages.inf HTTP/1.1Host: download.seznam.czConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /update/cz.seznam.software.lightspeed-1210-12.10.18-win32.zip HTTP/1.1Host: download.seznam.czConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /update/cz.seznam.software.libszndesktop-2.1.35-win32.zip HTTP/1.1Host: download.seznam.czConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /update/cz.seznam.software.szndesktop-2.0.32-win32.zip HTTP/1.1Host: download.seznam.czConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /update/cz.seznam.software.libfoxcub-3.3.8-win32.zip HTTP/1.1Host: download.seznam.czConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /update/cz.seznam.software.libfoxcub64-3.3.8-win32.zip HTTP/1.1Host: download.seznam.czConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /update/cz.seznam.software.ielisticka3-3.3.5-win32.zip HTTP/1.1Host: download.seznam.czConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /update/szn-software-fflisticka-4.0.8-win32.zip HTTP/1.1Host: download.seznam.czConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /hit/?a=event&d=%7B%22application%22%3A%22szndesktop%22%2C%22signedhash%22%3A%220%22%2C%22action%22%3A%22install_ie%22%2C%22status%22%3A0%2C%22osbuild%22%3A19045%2C%22osarch%22%3A9%2C%22iever%22%3A%2211.00.19041.1%20%28WinBuild.160101.0800%29%22%7D&s=partprog&v=2.1.35&r=1218851696&u=http://www.seznam.cz&h=B0B7C794-8699-4634-B6F9-24DA47BBD8EF&lsid=1727870994840&lses=0 HTTP/1.1Host: h.imedia.cz
Source: global traffic	HTTP traffic detected: GET /hit/?a=event&d=%7B%22action%22%3A%22startup%22%2C%22application%22%3A%22szndesktop%22%2C%22signedhash%22%3A%220%22%2C%22chrv%22%3A16%2C%22che%22%3A16%2C%22chs%22%3A16%2C%22ches%22%3A16%2C%22ie%22%3A1%2C%22osbuild%22%3A19045%2C%22osarch%22%3A9%2C%22chver%22%3A%22117.0.5938.132%22%2C%22ffver%22%3A%22118.0.1%22%2C%22iever%22%3A%2211.00.19041.1%20%28WinBuild.160101.0800%29%22%7D&s=partprog&v=2.1.35&r=-442691421&u=http://www.seznam.cz&h=B0B7C794-8699-4634-B6F9-24DA47BBD8EF&lsid=1727870998589&lses=1727870994840 HTTP/1.1Host: h.imedia.cz
Source: global traffic	HTTP traffic detected: GET /hit/?a=event&d=%7B%22application%22%3A%22szndesktop%22%2C%22signedhash%22%3A%220%22%2C%22action%22%3A%22install_ff%22%2C%22status%22%3A0%2C%22osbuild%22%3A19045%2C%22osarch%22%3A9%2C%22ffver%22%3A%22118.0.1%22%7D&s=partprog&v=2.1.35&r=-845759909&u=http://www.seznam.cz&h=B0B7C794-8699-4634-B6F9-24DA47BBD8EF&lsid=1727871000747&lses=1727870998589 HTTP/1.1Host: h.imedia.cz
Source: global traffic	HTTP traffic detected: GET /hit/?a=event&d=%7B%22application%22%3A%22szndesktop%22%2C%22signedhash%22%3A%220%22%2C%22action%22%3A%22install_ff%22%2C%22status%22%3A0%2C%22osbuild%22%3A19045%2C%22osarch%22%3A9%2C%22ffver%22%3A%22118.0.1%22%7D&s=partprog&v=2.1.35&r=-1701293468&u=http://www.seznam.cz&h=B0B7C794-8699-4634-B6F9-24DA47BBD8EF&lsid=1727871002951&lses=1727871000747 HTTP/1.1Host: h.imedia.cz
Source: global traffic	HTTP traffic detected: GET /hit/?a=event&d=%7B%22action%22%3A%22startup%22%2C%22application%22%3A%22szndesktop%22%2C%22signedhash%22%3A%220%22%2C%22chrv%22%3A48%2C%22che%22%3A48%2C%22chs%22%3A16%2C%22ches%22%3A16%2C%22ie%22%3A1%2C%22osbuild%22%3A19045%2C%22osarch%22%3A9%2C%22chver%22%3A%22117.0.5938.132%22%2C%22ffver%22%3A%22118.0.1%22%2C%22iever%22%3A%2211.00.19041.1%20%28WinBuild.160101.0800%29%22%7D&s=partprog&v=2.1.35&r=-1794028113&u=http://www.seznam.cz&h=B0B7C794-8699-4634-B6F9-24DA47BBD8EF&lsid=1727871011238&lses=1727871002951 HTTP/1.1Host: h.imedia.cz
Source: global traffic	HTTP traffic detected: GET /hit/?a=event&d=%7B%22action%22%3A%22startup%22%2C%22application%22%3A%22szndesktop%22%2C%22signedhash%22%3A%220%22%2C%22chrv%22%3A56%2C%22che%22%3A48%2C%22chs%22%3A16%2C%22ches%22%3A16%2C%22ie%22%3A1%2C%22osbuild%22%3A19045%2C%22osarch%22%3A9%2C%22chver%22%3A%22117.0.5938.132%22%2C%22ffver%22%3A%22118.0.1%22%2C%22iever%22%3A%2211.00.19041.1%20%28WinBuild.160101.0800%29%22%7D&s=partprog&v=2.1.35&r=256494956&u=http://www.seznam.cz&h=B0B7C794-8699-4634-B6F9-24DA47BBD8EF&lsid=1727871017325&lses=1727871011238 HTTP/1.1Host: h.imedia.cz
Source: global traffic	HTTP traffic detected: GET /update/packages.inf HTTP/1.1Host: download.seznam.cz
Source: global traffic	HTTP traffic detected: GET /update/cz.seznam.software.sznsetup-1.2.7-win32.zip HTTP/1.1Host: download.seznam.cz
Source: global traffic	HTTP traffic detected: GET /update/cz.seznam.software.szninstall-1.1.15-win32.zip HTTP/1.1Host: download.seznam.cz
Source: global traffic	HTTP traffic detected: GET /update/packages.inf HTTP/1.1Host: download.seznam.cz
Source: global traffic	HTTP traffic detected: GET /update/cz.seznam.software.lightspeed-1210-12.10.18-win32.zip HTTP/1.1Host: download.seznam.cz
Source: global traffic	HTTP traffic detected: GET /update/cz.seznam.software.libszndesktop-2.1.35-win32.zip HTTP/1.1Host: download.seznam.cz
Source: global traffic	HTTP traffic detected: GET /update/cz.seznam.software.szndesktop-2.0.32-win32.zip HTTP/1.1Host: download.seznam.cz
Source: global traffic	HTTP traffic detected: GET /update/cz.seznam.software.libfoxcub-3.3.8-win32.zip HTTP/1.1Host: download.seznam.cz
Source: global traffic	HTTP traffic detected: GET /update/cz.seznam.software.libfoxcub64-3.3.8-win32.zip HTTP/1.1Host: download.seznam.cz
Source: global traffic	HTTP traffic detected: GET /update/cz.seznam.software.ielisticka3-3.3.5-win32.zip HTTP/1.1Host: download.seznam.cz
Source: global traffic	HTTP traffic detected: GET /update/szn-software-fflisticka-4.0.8-win32.zip HTTP/1.1Host: download.seznam.cz

Suricata IDS alerts with low severity for network traffic

Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.16:49707 -> 77.75.76.70:80
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.16:49765 -> 77.75.76.70:80
Source: Network traffic	Suricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.16:49775 -> 172.217.23.110:443
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.16:49969 -> 77.75.78.30:443
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.16:49972 -> 77.75.78.30:443
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.16:49966 -> 77.75.78.30:443
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.16:49960 -> 77.75.78.30:443
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.16:49981 -> 77.75.78.30:443
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.16:49996 -> 77.75.78.30:443

Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 23.200.0.9
Source: unknown	TCP traffic detected without corresponding DNS query: 23.200.0.9
Source: unknown	TCP traffic detected without corresponding DNS query: 23.200.0.9
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.40

Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe

Code function: 20_2_04829380 QueryPerformanceCounter,HttpEndRequestA,InternetSetStatusCallback,GetLastError,InternetReadFile,InternetReadFile,

20_2_04829380

Source: global traffic

Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C

Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /update/packages.inf HTTP/1.1Host: download.seznam.czConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /update/cz.seznam.software.sznsetup-1.2.7-win32.zip HTTP/1.1Host: download.seznam.czConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /update/cz.seznam.software.szninstall-1.1.15-win32.zip HTTP/1.1Host: download.seznam.czConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /picasa/answer/93773?hl=en HTTP/1.1Accept: text/html, application/xhtml+xml, image/jxr, /Accept-Language: en-CHUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateConnection: Keep-AliveHost: support.google.com
Source: global traffic	HTTP traffic detected: GET /picasa/answer/157000?hl=en&visit_id=638634609885905976-1351747924&rd=1 HTTP/1.1Accept: text/html, application/xhtml+xml, image/jxr, /Accept-Language: en-CHUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateConnection: Keep-AliveHost: support.google.com
Source: global traffic	HTTP traffic detected: GET /picasa/answer/156347?hl=en&visit_id=638634609885905976-1351747924&rd=2 HTTP/1.1Accept: text/html, application/xhtml+xml, image/jxr, /Accept-Language: en-CHUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateConnection: Keep-AliveHost: support.google.com
Source: global traffic	HTTP traffic detected: GET /picasa/answer/6383491?hl=en&visit_id=638634609885905976-1351747924&rd=3 HTTP/1.1Accept: text/html, application/xhtml+xml, image/jxr, /Accept-Language: en-CHUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateConnection: Keep-AliveHost: support.google.com
Source: global traffic	HTTP traffic detected: GET /crx/blobs/AY4GWKDHKllS27BO_e8bCnbax_jg8ytdTG4Uzua5Kte91Msonmjt9Ssh1u4j53F3UYy-997sHknkzKEy9994XId3zBBDiju_YSunzv5QYwyL8XEx9VuF26n3JIgkmCYaLzIAxlKa5UdUDZoPCHdwU63c7rFT0JUxfsWG/GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_82_1_0.crx HTTP/1.1Host: clients2.googleusercontent.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /euPTmjj_6KOIZQJEA6eBnNPDVsQh79w_GUOZOjxdi8mCA2a5YlFg95RYLD3X8aJkxB0u=w36-h36 HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/;q=0.8, /*;q=0.5Referer: https://support.google.com/picasa/answer/6383491?hl=en&visit_id=638634609885905976-1351747924&rd=3Accept-Language: en-CHUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: lh3.googleusercontent.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /_/scs/abc-static/_/js/k=gapi.gapi.en.SpvAvsXfWWo.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/am=AACA/rs=AHpOoo-MoqWi0fF1M09Ccs-6QfulXvxfdg/cb=gapi.loaded_0 HTTP/1.1Accept: application/javascript, /;q=0.8Referer: https://support.google.com/picasa/answer/6383491?hl=en&visit_id=638634609885905976-1351747924&rd=3Accept-Language: en-CHUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: apis.google.comConnection: Keep-AliveCookie: NID=517=m-X95JoeCPCfoIHtcSxsmDi2wuwakqGlxl54bZGUpbMC8a-isGAbpG2Na1kJthkxyJutWyJR96BInrx1gm8GqFOkcoEY6cxDpArB931-8AEywgrSdlj_NkfkwtkvrNVCdHigO3n64T5OJjG2D0NbQ4RfOIRTD2zql-Sl_sWD3ScVAutPLTLnrvnwfcdARGW7_nOeLc_Xx6R7hL6-4RWij2UVns3pTxlpxWQcdbV_SDnZauyMgzVrmQ
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Accept: /UA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: support.google.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /picasa/answer/favicon.ico HTTP/1.1User-Agent: AutoItHost: support.google.com
Source: global traffic	HTTP traffic detected: GET /update/packages.inf HTTP/1.1Host: download.seznam.czConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/domains_config_gz/2.8.76/asset?assetgroup=EntityExtractionDomainsConfig HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveEdge-Asset-Group: EntityExtractionDomainsConfigSec-Mesh-Client-Edge-Version: 117.0.2045.47Sec-Mesh-Client-Edge-Channel: stableSec-Mesh-Client-OS: WindowsSec-Mesh-Client-OS-Version: 10.0.19045Sec-Mesh-Client-Arch: x86_64Sec-Mesh-Client-WebView: 0Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /assets/edge_hub_apps_manifest_gz/4.7.107/asset?assetgroup=Shoreline HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveEdge-Asset-Group: ShorelineSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /edge/welcome?form=M10004&mb03=true HTTP/1.1Host: www.microsoft.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"sec-ch-ua-platform-version: "10.0.0"Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /fwlink/?linkid=2195291 HTTP/1.1Host: go.microsoft.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"sec-ch-ua-platform-version: "10.0.0"Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /update/cz.seznam.software.lightspeed-1210-12.10.18-win32.zip HTTP/1.1Host: download.seznam.czConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /edge/welcome?form=M10004&mb03=true HTTP/1.1Host: www.microsoft.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version: "117.0.2045.47"sec-ch-ua-arch: "x86"sec-ch-ua-bitness: "64"sec-ch-prefers-color-scheme: lightAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /en-gb/edge/welcome?form=M10004&mb03=true HTTP/1.1Host: www.microsoft.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-full-version: "117.0.2045.47"sec-ch-ua-arch: "x86"sec-ch-ua-platform: "Windows"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-bitness: "64"sec-ch-prefers-color-scheme: lightAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /update/cz.seznam.software.libszndesktop-2.1.35-win32.zip HTTP/1.1Host: download.seznam.czConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /shared/edgeweb/css/2e4b955.css HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/edgeweb/css/105d560.css HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/edgeweb/css/16d7f8e.css HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/edgeweb/css/ec09bb6.css HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/edgeweb/css/659e497.css HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/edgeweb/css/287b8b9.css HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/edgeweb/css/859decd.css HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/edgeweb/5b15c2a.js HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/edgeweb/24b82ee.js HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/edgeweb/1c2ab9a.js HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/edgeweb/f99a53a.js HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /update/cz.seznam.software.szndesktop-2.0.32-win32.zip HTTP/1.1Host: download.seznam.czConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /shared/edgeweb/6e93679.js HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/edgeweb/76250cb.js HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/edgeweb/9f3b99e.js HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/edgeweb/dd71a23.js HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/edgeweb/03948fb.js HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /update/cz.seznam.software.libfoxcub-3.3.8-win32.zip HTTP/1.1Host: download.seznam.czConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /shared/cms/lrs1c69a1j/logos/5a74283229e24d0ca59fb94ed941c3a0.png HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/edgeweb/fonts/segoeui-vf-display.5c8aa5a.woff2 HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.microsoft.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://edgestatic.azureedge.net/shared/edgeweb/css/105d560.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/edgeweb/fonts/segoeui-vf-display-semibold.b7bb141.woff2 HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.microsoft.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://edgestatic.azureedge.net/shared/edgeweb/css/105d560.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/edgeweb/img/arrow-left.0af059d.svg HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Origin: https://www.microsoft.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/edgeweb/img/arrow-right.96b564d.svg HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Origin: https://www.microsoft.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /mscc/lib/v2/wcp-consent.js HTTP/1.1Host: wcpstatic.microsoft.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/cms/lrs1c69a1j/section-images/f1415474cbbc413bbbf3c9fc3fd1b3d0.png HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/cms/lrs1c69a1j/section-images/1c237bd147234b5b8b5ea2624c7de744.png HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/edgeweb/img/fluent-qr.44414bd.svg HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Origin: https://www.microsoft.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/edgeweb/img/fluent-link.baf5bd6.svg HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Origin: https://www.microsoft.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/cms/lrs1c69a1j/section-images/2b2884022b26457e9368c34b176c570c.png HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/edgeweb/img/fluent-dropdown.8618950.svg HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Origin: https://www.microsoft.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/cms/lrs1c69a1j/section-images/a06eb816e83b48758a42ca5dbddb2e67.png HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /bloomfilterfiles/ExpandedDomainsFilterGlobal.json HTTP/1.1Host: www.bing.comConnection: keep-aliveCookie: ANON=; MUID=;_RwBf=;Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/edgeweb/img/win11-explore.553240e.svg HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/edgeweb/img/win11-start.415d423.svg HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/edgeweb/img/fluent-check-bold.0ced02b.svg HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Origin: https://www.microsoft.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /apppack/edgefre HTTP/1.1Host: apps.microsoft.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/edgeweb/img/win11-edge.c5cce66.png HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/cms/lrs1c69a1j/section-images/94713cf7bc7c406d83691315feaf82dd.jpg HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/edgeweb/img/pinning-browser.b02edf1.svg HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/edgeweb/img/pinning-arrow.e9317cd.svg HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/cms/lrs1c69a1j/section-images/89ff15806b9e4b09b2fb21673a1c7094.webp HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /update/cz.seznam.software.libfoxcub64-3.3.8-win32.zip HTTP/1.1Host: download.seznam.czConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /apppack/edgefre?hl=en-us&gl=US HTTP/1.1Host: apps.microsoft.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Referer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR
Source: global traffic	HTTP traffic detected: GET /shared/edgeweb/img/max.5b1398e.png HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/edgeweb/img/pinterest.b958ffd.png HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/edgeweb/img/amazon.a8a5fd1.png HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/edgeweb/img/instagram.4cd031e.png HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/edgeweb/img/facebook.bb606e7.png HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /npm/@shoelace-style/shoelace@2.12.0/cdn/themes/light.css HTTP/1.1Host: cdn.jsdelivr.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://apps.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/edgeweb/img/outlook.dcd709d.png HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /assets/js/index-3c527300.css HTTP/1.1Host: apps.microsoft.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://apps.microsoft.com/apppack/edgefre?hl=en-us&gl=USAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR
Source: global traffic	HTTP traffic detected: GET /assets/js/index-36d30887.js HTTP/1.1Host: apps.microsoft.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://apps.microsoft.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://apps.microsoft.com/apppack/edgefre?hl=en-us&gl=USAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR
Source: global traffic	HTTP traffic detected: GET /shared/edgeweb/img/office.b772a89.png HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/cms/lrs1c69a1j/section-images/935d5e3b261649808ca8fbeb888a5d63.png HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/cms/lrs1c69a1j/section-images/38c8c879d3854390897db9c4b7f3a682.jpg HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/cms/lrs1c69a1j/section-images/2068e415cbe2442b82f2fba24ee0c202.png HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/cms/lrs1c69a1j/section-images/166ba0e92d8b4ad0b18bdf3455bfce5c.jpg HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /filestreamingservice/files/bdc392b9-6b81-4aaa-b3ee-2fffd9562edb?P1=1728468990&P2=404&P3=2&P4=fYCr80phaT2bw%2b97uzl%2bZm4Y9sWhLMBhIRsYhHez6bNE%2fFFZZ4zgZrSJ7EBeaEm2%2fZHS5qyeUFkGOOxDRvW5Gw%3d%3d HTTP/1.1Host: msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.comConnection: keep-aliveMS-CV: xxx6Kkdk1ksoy08AVfOlJeSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /clarity.js HTTP/1.1Host: apps.microsoft.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://apps.microsoft.com/apppack/edgefre?hl=en-us&gl=USAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR
Source: global traffic	HTTP traffic detected: GET /shared/cms/lrs1c69a1j/section-images/cea0e14e0ec44c1a9e8b92a6715ef1c1.png HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /update/cz.seznam.software.ielisticka3-3.3.5-win32.zip HTTP/1.1Host: download.seznam.czConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/js/index-70a46923.js HTTP/1.1Host: apps.microsoft.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://apps.microsoft.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://apps.microsoft.com/assets/js/index-36d30887.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR
Source: global traffic	HTTP traffic detected: GET /louserzed-strings/en-gb/strings.json?v=bd1e6f1fd0 HTTP/1.1Host: apps.microsoft.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/apppack/edgefre?hl=en-us&gl=USAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR
Source: global traffic	HTTP traffic detected: GET /api/settings/flags?gl=US&hl=en-us&sessionId= HTTP/1.1Host: apps.microsoft.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47X-API-Ref: db2c8457ef6ae807db500c0199cc06898be1b23d3cd9b3206a65b7c81f4185f0sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/apppack/edgefre?hl=en-us&gl=USAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR
Source: global traffic	HTTP traffic detected: GET /api/Products/ZeroStateSearch?gl=US&hl=en-us HTTP/1.1Host: apps.microsoft.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47X-API-Ref: ebe1c0636328a720580a52e74af985ddefbb0609f391016b633be0072e31e7fcsec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/apppack/edgefre?hl=en-us&gl=USAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR
Source: global traffic	HTTP traffic detected: GET /shared/cms/lrs1c69a1j/section-images/92176a17dafb4a90a9de118656f92fb2.jpg HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/cms/lrs1c69a1j/section-images/bbd7bff84da242f286f1e64f4f51d171.jpg HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/cms/lrs1c69a1j/section-images/d369d673d1e74d5eb64a9da00f0a2c2b.jpg HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/cms/lrs1c69a1j/section-images/fbee95612d3b45979dd58820b1e0df59.jpg HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/cms/lrs1c69a1j/section-images/e37077f885ed4fa6961e58e8b4c8b10d.jpg HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/cms/lrs1c69a1j/section-images/173b124fd99446babb8439cf477b38fd.jpg HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /dmp/up/pixie.js HTTP/1.1Host: acdn.adnxs.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /scripts/c/ms.jsll-3.min.js HTTP/1.1Host: js.monitor.azure.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/cms/lrs1c69a1j/section-images/ea9d7038df454660bfdb39a6de1c22d8.jpg HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/cms/lrs1c69a1j/section-images/7a62d65e6d6b48d5b5278067c3a78dba.png HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /en_US/fbevents.js HTTP/1.1Host: connect.facebook.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /assets/js/applicationinsights-web-9ad09b9c.js HTTP/1.1Host: apps.microsoft.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://apps.microsoft.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; exp-session-id=b6d0ece2-29a7-4143-931c-d621648d7cb8
Source: global traffic	HTTP traffic detected: GET /assets/js/InstrumentHooks-cd565348.js HTTP/1.1Host: apps.microsoft.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://apps.microsoft.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; exp-session-id=b6d0ece2-29a7-4143-931c-d621648d7cb8
Source: global traffic	HTTP traffic detected: GET /assets/js/applicationinsights-core-js-9783d46c.js HTTP/1.1Host: apps.microsoft.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://apps.microsoft.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; exp-session-id=b6d0ece2-29a7-4143-931c-d621648d7cb8
Source: global traffic	HTTP traffic detected: GET /shared/cms/lrs1c69a1j/section-videos/3dd826a043744d6cbfe55165a35a8ec8.mp4 HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Accept-Encoding: identity;q=1, ;q=0sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: videoReferer: https://www.microsoft.com/Accept-Language: en-GB,en;q=0.9,en-US;q=0.8Range: bytes=0-
Source: global traffic	HTTP traffic detected: GET /assets/js/Index-cbed7ffc.js HTTP/1.1Host: apps.microsoft.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://apps.microsoft.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://apps.microsoft.com/assets/js/index-36d30887.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; exp-session-id=b6d0ece2-29a7-4143-931c-d621648d7cb8
Source: global traffic	HTTP traffic detected: GET /update/szn-software-fflisticka-4.0.8-win32.zip HTTP/1.1Host: download.seznam.czConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /tag/inyago70pn HTTP/1.1Host: www.clarity.msConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://apps.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /tag/edvmnysmkk HTTP/1.1Host: www.clarity.msConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /assets/js/edgefre-0b65e548.js HTTP/1.1Host: apps.microsoft.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://apps.microsoft.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; exp-session-id=b6d0ece2-29a7-4143-931c-d621648d7cb8
Source: global traffic	HTTP traffic detected: GET /li.lms-analytics/insight.min.js HTTP/1.1Host: snap.licdn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /pixie/up?pi=e8619ae9-c189-46ef-bfc8-f39e0ac838fd HTTP/1.1Host: ib.adnxs.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Origin: https://www.microsoft.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /bat.js HTTP/1.1Host: bat.bing.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /X-Edge-Shopping-Flag: 1Sec-MS-GEC: FF699648EBF162654E01182ED0BD24EDB1A2721B7E78C7D8756497D88A893629Sec-MS-GEC-Version: 1-117.0.2045.47Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/edgeweb/fonts/segoeui-vf-display-bold.3b9304c.woff2 HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.microsoft.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://edgestatic.azureedge.net/shared/edgeweb/css/105d560.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /assets/js/product-collection-86c4abf3.js HTTP/1.1Host: apps.microsoft.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://apps.microsoft.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; exp-session-id=b6d0ece2-29a7-4143-931c-d621648d7cb8
Source: global traffic	HTTP traffic detected: GET /assets/js/nav-bar-ed71552c.js HTTP/1.1Host: apps.microsoft.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://apps.microsoft.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; exp-session-id=b6d0ece2-29a7-4143-931c-d621648d7cb8
Source: global traffic	HTTP traffic detected: GET /s/0.7.47/clarity.js HTTP/1.1Host: www.clarity.msConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: CLID=c6083d87285244068a54b7c1410cd9fd.20241002.20251002
Source: global traffic	HTTP traffic detected: GET /s/0.7.47/clarity-extended.js HTTP/1.1Host: www.clarity.msConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://apps.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: CLID=c6083d87285244068a54b7c1410cd9fd.20241002.20251002
Source: global traffic	HTTP traffic detected: GET /shared/cms/lrs1c69a1j/section-videos/3dd826a043744d6cbfe55165a35a8ec8.mp4 HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Accept-Encoding: identity;q=1, ;q=0sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: videoReferer: https://www.microsoft.com/Accept-Language: en-GB,en;q=0.9,en-US;q=0.8Range: bytes=2785280-2823167If-Range: W/"2b1400-18c5bb7f0e4"
Source: global traffic	HTTP traffic detected: GET /assets/js/auto-complete-app-search-c8ed58b0.js HTTP/1.1Host: apps.microsoft.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://apps.microsoft.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; exp-session-id=b6d0ece2-29a7-4143-931c-d621648d7cb8
Source: global traffic	HTTP traffic detected: GET /assets/js/collection-helper-ed90e706.js HTTP/1.1Host: apps.microsoft.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://apps.microsoft.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; exp-session-id=b6d0ece2-29a7-4143-931c-d621648d7cb8
Source: global traffic	HTTP traffic detected: GET /assets/js/paged-list-777752e9.js HTTP/1.1Host: apps.microsoft.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://apps.microsoft.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; exp-session-id=b6d0ece2-29a7-4143-931c-d621648d7cb8
Source: global traffic	HTTP traffic detected: GET /pixie?e=LandingPage&pi=e8619ae9-c189-46ef-bfc8-f39e0ac838fd&it=1727864209441&v=0.0.41&u=https%3A%2F%2Fwww.microsoft.com%2Fen-gb%2Fedge%2Fwelcome%3Fform%3DM10004%26mb03%3Dtrue&st=1727864209440&et=1727864210207&if=0&uetmsmid=ead072c6-87b6-4905-8bcf-231e8931644d&asce=0&ascc=0&tcfhl=0&tcfe=0&tcfgdpr=0&tcfc=0 HTTP/1.1Host: ib.adnxs.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /assets/js/flip-animation-helper-712a32df.js HTTP/1.1Host: apps.microsoft.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://apps.microsoft.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; exp-session-id=b6d0ece2-29a7-4143-931c-d621648d7cb8
Source: global traffic	HTTP traffic detected: GET /p/action/355008692.js HTTP/1.1Host: bat.bing.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /X-Edge-Shopping-Flag: 1Sec-MS-GEC: FF699648EBF162654E01182ED0BD24EDB1A2721B7E78C7D8756497D88A893629Sec-MS-GEC-Version: 1-117.0.2045.47Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /collect?v=2&fmt=js&pid=7850&time=1727864210223&li_adsId=c6366846-7f41-4708-9fb6-3269a23fdc13&url=https%3A%2F%2Fwww.microsoft.com%2Fen-gb%2Fedge%2Fwelcome%3Fform%3DM10004%26mb03%3Dtrue HTTP/1.1Host: px.ads.linkedin.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /assets/js/collection-types-77c388cf.js HTTP/1.1Host: apps.microsoft.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://apps.microsoft.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; exp-session-id=b6d0ece2-29a7-4143-931c-d621648d7cb8
Source: global traffic	HTTP traffic detected: GET /tr/?id=1770559986549030&ev=PageView&dl=https%3A%2F%2Fwww.microsoft.com%2Fen-gb%2Fedge%2Fwelcome%3Fform%3DM10004%26mb03%3Dtrue&rl=&if=false&ts=1727864210807&sw=1280&sh=1024&v=2.9.170&r=stable&ec=0&o=4126&fbp=fb.1.1727864210794.836094937724409315&cs_est=true&ler=empty&it=1727864210083&coo=false&rqm=GET HTTP/1.1Host: www.facebook.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /assets/icons/download-psi.svg HTTP/1.1Host: apps.microsoft.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"traceparent: 00-3b21d183801646059abf60aea5313c9b-493e3c1559104b6e-01request-id: \|3b21d183801646059abf60aea5313c9b.493e3c1559104b6esec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/apppack/edgefre?hl=en-us&gl=USAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; exp-session-id=b6d0ece2-29a7-4143-931c-d621648d7cb8; ai_user=gPFm7QcR2pV4O/zkZSC6dC\|2024-10-02T10:16:49.985Z; ai_session=KeivHP7d5TFls18euJ+R3i\|1727864209993\|1727864209993; _fbp=fb.1.1727864210794.836094937724409315; _clck=1x4xmda%7C2%7Cfpo%7C0%7C1736; _uetsid=70ac830080a711efa9fc9be06d42c5d1; _uetvid=70acc12080a711efa4bbe5908cfb5aee
Source: global traffic	HTTP traffic detected: GET /action/0?ti=355008692&Ver=2&mid=2f7ef59e-c4f4-48b2-910f-313aa21048be&sid=70ac830080a711efa9fc9be06d42c5d1&vid=70acc12080a711efa4bbe5908cfb5aee&vids=1&msclkid=N&uach=pv%3D10.0.0&pi=918639831&lg=en-GB&sw=1280&sh=1024&sc=24&tl=Welcome%20to%20Microsoft%20Edge&p=https%3A%2F%2Fwww.microsoft.com%2Fen-gb%2Fedge%2Fwelcome%3Fform%3DM10004%26mb03%3Dtrue&r=&lt=11581&evt=pageLoad&sv=1&cdb=AQAQ&rn=989132 HTTP/1.1Host: bat.bing.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8X-Edge-Shopping-Flag: 1Sec-MS-GEC: FF699648EBF162654E01182ED0BD24EDB1A2721B7E78C7D8756497D88A893629Sec-MS-GEC-Version: 1-117.0.2045.47Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /action/0?ti=355008692&Ver=2&mid=2f7ef59e-c4f4-48b2-910f-313aa21048be&sid=70ac830080a711efa9fc9be06d42c5d1&vid=70acc12080a711efa4bbe5908cfb5aee&vids=0&msclkid=N&ea=Other-Info-Screenwidth-1280&en=Y&p=https%3A%2F%2Fwww.microsoft.com%2Fen-gb%2Fedge%2Fwelcome&sw=1280&sh=1024&sc=24&evt=custom&cdb=AQAQ&rn=692432 HTTP/1.1Host: bat.bing.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8X-Edge-Shopping-Flag: 1Sec-MS-GEC: FF699648EBF162654E01182ED0BD24EDB1A2721B7E78C7D8756497D88A893629Sec-MS-GEC-Version: 1-117.0.2045.47Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /action/0?ti=355008692&Ver=2&mid=2f7ef59e-c4f4-48b2-910f-313aa21048be&sid=70ac830080a711efa9fc9be06d42c5d1&vid=70acc12080a711efa4bbe5908cfb5aee&vids=0&msclkid=N&ea=Other-Info-Screenheight-1024&en=Y&p=https%3A%2F%2Fwww.microsoft.com%2Fen-gb%2Fedge%2Fwelcome&sw=1280&sh=1024&sc=24&evt=custom&cdb=AQAQ&rn=591063 HTTP/1.1Host: bat.bing.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8X-Edge-Shopping-Flag: 1Sec-MS-GEC: FF699648EBF162654E01182ED0BD24EDB1A2721B7E78C7D8756497D88A893629Sec-MS-GEC-Version: 1-117.0.2045.47Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /action/0?ti=355008692&Ver=2&mid=2f7ef59e-c4f4-48b2-910f-313aa21048be&sid=70ac830080a711efa9fc9be06d42c5d1&vid=70acc12080a711efa4bbe5908cfb5aee&vids=0&msclkid=N&ea=Other-Info-Pixelratio-1&en=Y&p=https%3A%2F%2Fwww.microsoft.com%2Fen-gb%2Fedge%2Fwelcome&sw=1280&sh=1024&sc=24&evt=custom&cdb=AQAQ&rn=953385 HTTP/1.1Host: bat.bing.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8X-Edge-Shopping-Flag: 1Sec-MS-GEC: FF699648EBF162654E01182ED0BD24EDB1A2721B7E78C7D8756497D88A893629Sec-MS-GEC-Version: 1-117.0.2045.47Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /action/0?ti=355008692&Ver=2&mid=2f7ef59e-c4f4-48b2-910f-313aa21048be&sid=70ac830080a711efa9fc9be06d42c5d1&vid=70acc12080a711efa4bbe5908cfb5aee&vids=0&msclkid=N&ea=Action-Firstslide-AiIntro&en=Y&p=https%3A%2F%2Fwww.microsoft.com%2Fen-gb%2Fedge%2Fwelcome&sw=1280&sh=1024&sc=24&evt=custom&cdb=AQAQ&rn=399722 HTTP/1.1Host: bat.bing.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8X-Edge-Shopping-Flag: 1Sec-MS-GEC: FF699648EBF162654E01182ED0BD24EDB1A2721B7E78C7D8756497D88A893629Sec-MS-GEC-Version: 1-117.0.2045.47Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /collect?v=2&fmt=js&pid=7850&time=1727864210223&li_adsId=c6366846-7f41-4708-9fb6-3269a23fdc13&url=https%3A%2F%2Fwww.microsoft.com%2Fen-gb%2Fedge%2Fwelcome%3Fform%3DM10004%26mb03%3Dtrue&cookiesTest=true HTTP/1.1Host: px.ads.linkedin.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: li_sugr=d35b3f83-bdbb-45a3-85ce-a0229f826989; bcookie="v=2&2516b960-85ad-4191-847f-415a33eda43e"; lidc="b=TGST06:s=T:r=T:a=T:p=T:g=3013:u=1:x=1:i=1727864211:t=1727950611:v=2:sig=AQG_p4RFuAy5RLp45N0Pq_b0ZbnDEu0_"
Source: global traffic	HTTP traffic detected: GET /tag/uet/355008692?insights=1 HTTP/1.1Host: www.clarity.msConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: CLID=c6083d87285244068a54b7c1410cd9fd.20241002.20251002
Source: global traffic	HTTP traffic detected: GET /image/apps.8453.13655054093851568.4a371b72-2ce8-4bdb-9d83-be49894d3fa0.7f3687b9-847d-4f86-bb5c-c73259e2b38e?w=75 HTTP/1.1Host: store-images.s-microsoft.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://apps.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /image/apps.56161.9007199266246365.1d5a6a53-3c49-4f80-95d7-78d76b0e05d0.a3e87fea-e03e-4c0a-8f26-9ecef205fa7b?w=75 HTTP/1.1Host: store-images.s-microsoft.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://apps.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /image/apps.25776.14473651905739879.c2c2c20a-48ca-4b7a-a0c5-392cddcd557e.dbe766f0-50a3-4270-957c-d06415f86f39?w=75 HTTP/1.1Host: store-images.s-microsoft.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://apps.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /service-worker.js HTTP/1.1Host: apps.microsoft.comConnection: keep-aliveCache-Control: max-age=0Accept: /Service-Worker: scriptUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Sec-Fetch-Site: same-originSec-Fetch-Mode: same-originSec-Fetch-Dest: serviceworkerReferer: https://apps.microsoft.com/apppack/edgefre?hl=en-us&gl=USAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; exp-session-id=b6d0ece2-29a7-4143-931c-d621648d7cb8; ai_user=gPFm7QcR2pV4O/zkZSC6dC\|2024-10-02T10:16:49.985Z; ai_session=KeivHP7d5TFls18euJ+R3i\|1727864209993\|1727864209993; _fbp=fb.1.1727864210794.836094937724409315; _clck=1x4xmda%7C2%7Cfpo%7C0%7C1736
Source: global traffic	HTTP traffic detected: GET /consumers/oauth2/v2.0/authorize?client_id=929d973a-a08f-46a0-80b5-3c690ee1ee5f&scope=User.Read%20offline_access%20openid%20profile&redirect_uri=https%3A%2F%2Fapps.microsoft.com%2F&client-request-id=01924cbb-87e4-7744-aa7b-63aaf0118cbd&response_mode=fragment&response_type=code&x-client-SKU=msal.js.browser&x-client-VER=3.18.0&client_info=1&code_challenge=12wPOc1UDIDnCIHouMCWAbj0MmuWrsUyf6M21SmFz-A&code_challenge_method=S256&prompt=none&nonce=01924cbb-8810-75ee-8ce9-2c4082eafda8&state=eyJpZCI6IjAxOTI0Y2JiLTg3ZTQtNzBkZi1iZDFhLWVlMzFlYzFkOWE0YSIsIm1ldGEiOnsiaW50ZXJhY3Rpb25UeXBlIjoic2lsZW50In19 HTTP/1.1Host: login.microsoftonline.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://apps.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D7850%26time%3D1727864210223%26li_adsId%3Dc6366846-7f41-4708-9fb6-3269a23fdc13%26url%3Dhttps%253A%252F%252Fwww.microsoft.com%252Fen-gb%252Fedge%252Fwelcome%253Fform%253DM10004%2526mb03%253Dtrue%26cookiesTest%3Dtrue%26liSync%3Dtrue HTTP/1.1Host: www.linkedin.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: li_sugr=d35b3f83-bdbb-45a3-85ce-a0229f826989; bcookie="v=2&2516b960-85ad-4191-847f-415a33eda43e"; lidc="b=TGST06:s=T:r=T:a=T:p=T:g=3013:u=1:x=1:i=1727864211:t=1727950611:v=2:sig=AQG_p4RFuAy5RLp45N0Pq_b0ZbnDEu0_"; UserMatchHistory=AQIyePVLc9XnZgAAAZJMu4yU2_WgOCBxObdkN0Wk2LpTA7gLTgo39UVR7LkM-ElLklnw9wU5PMNQRQ; AnalyticsSyncHistory=AQKSK2PlgfRT2AAAAZJMu4yUVhKeSnIwUJNjMHTmLuEK0NvpIjlatlsxaB_7NFCL0oKdIIi5nD5QhsrMvCHBIw
Source: global traffic	HTTP traffic detected: GET /assets/js/_commonjsHelpers-39b5b250.js HTTP/1.1Host: apps.microsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/service-worker.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; exp-session-id=b6d0ece2-29a7-4143-931c-d621648d7cb8; ai_user=gPFm7QcR2pV4O/zkZSC6dC\|2024-10-02T10:16:49.985Z; ai_session=KeivHP7d5TFls18euJ+R3i\|1727864209993\|1727864209993; _fbp=fb.1.1727864210794.836094937724409315; _clck=1x4xmda%7C2%7Cfpo%7C0%7C1736; _uetsid=70ac830080a711efa9fc9be06d42c5d1; _uetvid=70acc12080a711efa4bbe5908cfb5aee; _clsk=z8aa33%7C1727864211918%7C1%7C0%7Ct.clarity.ms%2Fcollect
Source: global traffic	HTTP traffic detected: GET /collect?v=2&fmt=js&pid=7850&time=1727864210223&li_adsId=c6366846-7f41-4708-9fb6-3269a23fdc13&url=https%3A%2F%2Fwww.microsoft.com%2Fen-gb%2Fedge%2Fwelcome%3Fform%3DM10004%26mb03%3Dtrue&cookiesTest=true&liSync=true HTTP/1.1Host: px.ads.linkedin.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: li_sugr=d35b3f83-bdbb-45a3-85ce-a0229f826989; bcookie="v=2&2516b960-85ad-4191-847f-415a33eda43e"; lidc="b=TGST06:s=T:r=T:a=T:p=T:g=3013:u=1:x=1:i=1727864211:t=1727950611:v=2:sig=AQG_p4RFuAy5RLp45N0Pq_b0ZbnDEu0_"; UserMatchHistory=AQIyePVLc9XnZgAAAZJMu4yU2_WgOCBxObdkN0Wk2LpTA7gLTgo39UVR7LkM-ElLklnw9wU5PMNQRQ; AnalyticsSyncHistory=AQKSK2PlgfRT2AAAAZJMu4yUVhKeSnIwUJNjMHTmLuEK0NvpIjlatlsxaB_7NFCL0oKdIIi5nD5QhsrMvCHBIw
Source: global traffic	HTTP traffic detected: GET /offline.html HTTP/1.1Host: apps.microsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/service-worker.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; exp-session-id=b6d0ece2-29a7-4143-931c-d621648d7cb8; ai_user=gPFm7QcR2pV4O/zkZSC6dC\|2024-10-02T10:16:49.985Z; ai_session=KeivHP7d5TFls18euJ+R3i\|1727864209993\|1727864209993; _fbp=fb.1.1727864210794.836094937724409315; _clck=1x4xmda%7C2%7Cfpo%7C0%7C1736; _uetsid=70ac830080a711efa9fc9be06d42c5d1; _uetvid=70acc12080a711efa4bbe5908cfb5aee; _clsk=z8aa33%7C1727864211918%7C1%7C0%7Ct.clarity.ms%2Fcollect
Source: global traffic	HTTP traffic detected: GET /shared/cms/lrs1c69a1j/section-videos/3dd826a043744d6cbfe55165a35a8ec8.mp4 HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Accept-Encoding: identity;q=1, ;q=0sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: videoReferer: https://www.microsoft.com/Accept-Language: en-GB,en;q=0.9,en-US;q=0.8Range: bytes=32768-
Source: global traffic	HTTP traffic detected: GET /assets/js/about-b1ba6593.js HTTP/1.1Host: apps.microsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/service-worker.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; exp-session-id=b6d0ece2-29a7-4143-931c-d621648d7cb8; ai_user=gPFm7QcR2pV4O/zkZSC6dC\|2024-10-02T10:16:49.985Z; ai_session=KeivHP7d5TFls18euJ+R3i\|1727864209993\|1727864209993; _fbp=fb.1.1727864210794.836094937724409315; _clck=1x4xmda%7C2%7Cfpo%7C0%7C1736; _uetsid=70ac830080a711efa9fc9be06d42c5d1; _uetvid=70acc12080a711efa4bbe5908cfb5aee; _clsk=z8aa33%7C1727864211918%7C1%7C0%7Ct.clarity.ms%2Fcollect; MC1=GUID=40944b817c6f43219ea5caba422ead52&HASH=4094&LV=202410&V=4&LU=1727864214076; MS0=5d5a28dc628a46d8918acde28b77f98f
Source: global traffic	HTTP traffic detected: GET /oauth20_authorize.srf?client_id=929d973a-a08f-46a0-80b5-3c690ee1ee5f&scope=User.Read+offline_access+openid+profile&redirect_uri=https%3a%2f%2fapps.microsoft.com%2f&response_type=code&state=eyJpZCI6IjAxOTI0Y2JiLTg3ZTQtNzBkZi1iZDFhLWVlMzFlYzFkOWE0YSIsIm1ldGEiOnsiaW50ZXJhY3Rpb25UeXBlIjoic2lsZW50In19&response_mode=fragment&nonce=01924cbb-8810-75ee-8ce9-2c4082eafda8&prompt=none&code_challenge=NzfLDfZZ9pa9p594AEIvEIVcYy8SF9QRmo7u5zhFThU&code_challenge_method=S256&x-client-SKU=msal.js.browser&x-client-Ver=3.18.0&uaid=01924cbb87e47744aa7b63aaf0118cbd&msproxy=1&issuer=mso&tenant=consumers&ui_locales=en-GB&client_info=1&epct=PAQABDgEAAADW6jl31mB3T7ugrWTT8pFewSlPCygvk1lyVk6poWg0cXhJYK5z7bDUkD84hYnFfpGk3Dqr8p-SQwUSFQo5nwp3L68_LzPzWl5zH1OvuQD7NdyuHDbID_p9Jf4HLB5epgLIUALB3rtkYUSQiYgSVPxYXqac_1W8-J_7c4W3yxQ9bEdyMvnVmMGhSZsTYIASrVH9UgXMbgwz3xj-5Qd_uUH7-FDN9pHWVUPGxJLoz3Q_BSAA&jshs=0 HTTP/1.1Host: login.live.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Referer: https://apps.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /assets/js/additional-info-b4cc1e57.js HTTP/1.1Host: apps.microsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/service-worker.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; exp-session-id=b6d0ece2-29a7-4143-931c-d621648d7cb8; ai_user=gPFm7QcR2pV4O/zkZSC6dC\|2024-10-02T10:16:49.985Z; ai_session=KeivHP7d5TFls18euJ+R3i\|1727864209993\|1727864209993; _fbp=fb.1.1727864210794.836094937724409315; _clck=1x4xmda%7C2%7Cfpo%7C0%7C1736; _uetsid=70ac830080a711efa9fc9be06d42c5d1; _uetvid=70acc12080a711efa4bbe5908cfb5aee; _clsk=z8aa33%7C1727864211918%7C1%7C0%7Ct.clarity.ms%2Fcollect; MC1=GUID=40944b817c6f43219ea5caba422ead52&HASH=4094&LV=202410&V=4&LU=1727864214076; MS0=5d5a28dc628a46d8918acde28b77f98f
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: apps.microsoft.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Referer: https://apps.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; exp-session-id=b6d0ece2-29a7-4143-931c-d621648d7cb8; ai_user=gPFm7QcR2pV4O/zkZSC6dC\|2024-10-02T10:16:49.985Z; ai_session=KeivHP7d5TFls18euJ+R3i\|1727864209993\|1727864209993; _fbp=fb.1.1727864210794.836094937724409315; _clck=1x4xmda%7C2%7Cfpo%7C0%7C1736; _uetsid=70ac830080a711efa9fc9be06d42c5d1; _uetvid=70acc12080a711efa4bbe5908cfb5aee; _clsk=z8aa33%7C1727864211918%7C1%7C0%7Ct.clarity.ms%2Fcollect; MC1=GUID=40944b817c6f43219ea5caba422ead52&HASH=4094&LV=202410&V=4&LU=1727864214076; MS0=5d5a28dc628a46d8918acde28b77f98f
Source: global traffic	HTTP traffic detected: GET /assets/js/alert-service-3c7acae3.js HTTP/1.1Host: apps.microsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/service-worker.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; exp-session-id=b6d0ece2-29a7-4143-931c-d621648d7cb8; ai_user=gPFm7QcR2pV4O/zkZSC6dC\|2024-10-02T10:16:49.985Z; ai_session=KeivHP7d5TFls18euJ+R3i\|1727864209993\|1727864209993; _fbp=fb.1.1727864210794.836094937724409315; _clck=1x4xmda%7C2%7Cfpo%7C0%7C1736; _uetsid=70ac830080a711efa9fc9be06d42c5d1; _uetvid=70acc12080a711efa4bbe5908cfb5aee; _clsk=z8aa33%7C1727864211918%7C1%7C0%7Ct.clarity.ms%2Fcollect; MC1=GUID=40944b817c6f43219ea5caba422ead52&HASH=4094&LV=202410&V=4&LU=1727864214076; MS0=5d5a28dc628a46d8918acde28b77f98f
Source: global traffic	HTTP traffic detected: GET /?hl=en-gb&gl=US HTTP/1.1Host: apps.microsoft.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Referer: https://apps.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; exp-session-id=b6d0ece2-29a7-4143-931c-d621648d7cb8; ai_user=gPFm7QcR2pV4O/zkZSC6dC\|2024-10-02T10:16:49.985Z; ai_session=KeivHP7d5TFls18euJ+R3i\|1727864209993\|1727864209993; _fbp=fb.1.1727864210794.836094937724409315; _clck=1x4xmda%7C2%7Cfpo%7C0%7C1736; _uetsid=70ac830080a711efa9fc9be06d42c5d1; _uetvid=70acc12080a711efa4bbe5908cfb5aee; _clsk=z8aa33%7C1727864211918%7C1%7C0%7Ct.clarity.ms%2Fcollect; MC1=GUID=40944b817c6f43219ea5caba422ead52&HASH=4094&LV=202410&V=4&LU=1727864214076; MS0=5d5a28dc628a46d8918acde28b77f98f
Source: global traffic	HTTP traffic detected: GET /assets/js/app-badge-dd910ddd.js HTTP/1.1Host: apps.microsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/service-worker.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; exp-session-id=b6d0ece2-29a7-4143-931c-d621648d7cb8; ai_user=gPFm7QcR2pV4O/zkZSC6dC\|2024-10-02T10:16:49.985Z; ai_session=KeivHP7d5TFls18euJ+R3i\|1727864209993\|1727864209993; _fbp=fb.1.1727864210794.836094937724409315; _clck=1x4xmda%7C2%7Cfpo%7C0%7C1736; _uetsid=70ac830080a711efa9fc9be06d42c5d1; _uetvid=70acc12080a711efa4bbe5908cfb5aee; _clsk=z8aa33%7C1727864211918%7C1%7C0%7Ct.clarity.ms%2Fcollect; MC1=GUID=40944b817c6f43219ea5caba422ead52&HASH=4094&LV=202410&V=4&LU=1727864214076; MS0=5d5a28dc628a46d8918acde28b77f98f
Source: global traffic	HTTP traffic detected: GET /welcome/static/favicon.png HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /c.gif HTTP/1.1Host: c.clarity.msConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /assets/js/apps-565c0e30.js HTTP/1.1Host: apps.microsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/service-worker.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; exp-session-id=b6d0ece2-29a7-4143-931c-d621648d7cb8; ai_user=gPFm7QcR2pV4O/zkZSC6dC\|2024-10-02T10:16:49.985Z; ai_session=KeivHP7d5TFls18euJ+R3i\|1727864209993\|1727864209993; _fbp=fb.1.1727864210794.836094937724409315; _clck=1x4xmda%7C2%7Cfpo%7C0%7C1736; _uetsid=70ac830080a711efa9fc9be06d42c5d1; _uetvid=70acc12080a711efa4bbe5908cfb5aee; _clsk=z8aa33%7C1727864211918%7C1%7C0%7Ct.clarity.ms%2Fcollect; MC1=GUID=40944b817c6f43219ea5caba422ead52&HASH=4094&LV=202410&V=4&LU=1727864214076; MS0=5d5a28dc628a46d8918acde28b77f98f
Source: global traffic	HTTP traffic detected: GET /c.gif?ctsa=mr&CtsSyncId=8145D78C597043718658058358F19F5A&RedC=c.clarity.ms&MXFR=29D059AB96C76E5E0C754CA792C7607D HTTP/1.1Host: c.bing.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageSec-MS-GEC: FF699648EBF162654E01182ED0BD24EDB1A2721B7E78C7D8756497D88A893629Sec-MS-GEC-Version: 1-117.0.2045.47Referer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MUID=2609E576E1796E461EBDF07AE01B6F4F
Source: global traffic	HTTP traffic detected: GET /assets/js/auth-control-b8e249cd.js HTTP/1.1Host: apps.microsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/service-worker.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; exp-session-id=b6d0ece2-29a7-4143-931c-d621648d7cb8; ai_user=gPFm7QcR2pV4O/zkZSC6dC\|2024-10-02T10:16:49.985Z; ai_session=KeivHP7d5TFls18euJ+R3i\|1727864209993\|1727864209993; _fbp=fb.1.1727864210794.836094937724409315; _clck=1x4xmda%7C2%7Cfpo%7C0%7C1736; _uetsid=70ac830080a711efa9fc9be06d42c5d1; _uetvid=70acc12080a711efa4bbe5908cfb5aee; _clsk=z8aa33%7C1727864211918%7C1%7C0%7Ct.clarity.ms%2Fcollect; MC1=GUID=40944b817c6f43219ea5caba422ead52&HASH=4094&LV=202410&V=4&LU=1727864214076; MS0=5d5a28dc628a46d8918acde28b77f98f
Source: global traffic	HTTP traffic detected: GET /c.gif?ctsa=mr&CtsSyncId=8145D78C597043718658058358F19F5A&MUID=2609E576E1796E461EBDF07AE01B6F4F HTTP/1.1Host: c.clarity.msConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: SM=T; MUID=29D059AB96C76E5E0C754CA792C7607D
Source: global traffic	HTTP traffic detected: GET /assets/js/cms-page-6f3814da.js HTTP/1.1Host: apps.microsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/service-worker.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; exp-session-id=b6d0ece2-29a7-4143-931c-d621648d7cb8; ai_user=gPFm7QcR2pV4O/zkZSC6dC\|2024-10-02T10:16:49.985Z; ai_session=KeivHP7d5TFls18euJ+R3i\|1727864209993\|1727864209993; _fbp=fb.1.1727864210794.836094937724409315; _clck=1x4xmda%7C2%7Cfpo%7C0%7C1736; _uetsid=70ac830080a711efa9fc9be06d42c5d1; _uetvid=70acc12080a711efa4bbe5908cfb5aee; _clsk=z8aa33%7C1727864211918%7C1%7C0%7Ct.clarity.ms%2Fcollect; MC1=GUID=40944b817c6f43219ea5caba422ead52&HASH=4094&LV=202410&V=4&LU=1727864214076; MS0=5d5a28dc628a46d8918acde28b77f98f
Source: global traffic	HTTP traffic detected: GET /assets/js/collection-group-9730b6e8.js HTTP/1.1Host: apps.microsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/service-worker.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; exp-session-id=b6d0ece2-29a7-4143-931c-d621648d7cb8; ai_user=gPFm7QcR2pV4O/zkZSC6dC\|2024-10-02T10:16:49.985Z; ai_session=KeivHP7d5TFls18euJ+R3i\|1727864209993\|1727864209993; _fbp=fb.1.1727864210794.836094937724409315; _clck=1x4xmda%7C2%7Cfpo%7C0%7C1736; _uetsid=70ac830080a711efa9fc9be06d42c5d1; _uetvid=70acc12080a711efa4bbe5908cfb5aee; _clsk=z8aa33%7C1727864211918%7C1%7C0%7Ct.clarity.ms%2Fcollect; MC1=GUID=40944b817c6f43219ea5caba422ead52&HASH=4094&LV=202410&V=4&LU=1727864214076; MS0=5d5a28dc628a46d8918acde28b77f98f
Source: global traffic	HTTP traffic detected: GET /assets/js/collection-reel-group-3ecad3dd.js HTTP/1.1Host: apps.microsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/service-worker.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; exp-session-id=b6d0ece2-29a7-4143-931c-d621648d7cb8; ai_user=gPFm7QcR2pV4O/zkZSC6dC\|2024-10-02T10:16:49.985Z; ai_session=KeivHP7d5TFls18euJ+R3i\|1727864209993\|1727864209993; _fbp=fb.1.1727864210794.836094937724409315; _clck=1x4xmda%7C2%7Cfpo%7C0%7C1736; _uetsid=70ac830080a711efa9fc9be06d42c5d1; _uetvid=70acc12080a711efa4bbe5908cfb5aee; _clsk=z8aa33%7C1727864211918%7C1%7C0%7Ct.clarity.ms%2Fcollect; MC1=GUID=40944b817c6f43219ea5caba422ead52&HASH=4094&LV=202410&V=4&LU=1727864214076; MS0=5d5a28dc628a46d8918acde28b77f98f
Source: global traffic	HTTP traffic detected: GET /assets/js/collections-0ef93cf0.js HTTP/1.1Host: apps.microsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/service-worker.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; exp-session-id=b6d0ece2-29a7-4143-931c-d621648d7cb8; ai_user=gPFm7QcR2pV4O/zkZSC6dC\|2024-10-02T10:16:49.985Z; ai_session=KeivHP7d5TFls18euJ+R3i\|1727864209993\|1727864209993; _fbp=fb.1.1727864210794.836094937724409315; _clck=1x4xmda%7C2%7Cfpo%7C0%7C1736; _uetsid=70ac830080a711efa9fc9be06d42c5d1; _uetvid=70acc12080a711efa4bbe5908cfb5aee; _clsk=z8aa33%7C1727864211918%7C1%7C0%7Ct.clarity.ms%2Fcollect; MC1=GUID=40944b817c6f43219ea5caba422ead52&HASH=4094&LV=202410&V=4&LU=1727864214076; MS0=5d5a28dc628a46d8918acde28b77f98f
Source: global traffic	HTTP traffic detected: GET /assets/js/collections-browse-06db3db6.js HTTP/1.1Host: apps.microsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/service-worker.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; exp-session-id=b6d0ece2-29a7-4143-931c-d621648d7cb8; ai_user=gPFm7QcR2pV4O/zkZSC6dC\|2024-10-02T10:16:49.985Z; ai_session=KeivHP7d5TFls18euJ+R3i\|1727864209993\|1727864209993; _fbp=fb.1.1727864210794.836094937724409315; _clck=1x4xmda%7C2%7Cfpo%7C0%7C1736; _uetsid=70ac830080a711efa9fc9be06d42c5d1; _uetvid=70acc12080a711efa4bbe5908cfb5aee; _clsk=z8aa33%7C1727864211918%7C1%7C0%7Ct.clarity.ms%2Fcollect; MC1=GUID=40944b817c6f43219ea5caba422ead52&HASH=4094&LV=202410&V=4&LU=1727864214076; MS0=5d5a28dc628a46d8918acde28b77f98f
Source: global traffic	HTTP traffic detected: GET /assets/js/collections-test-fd3115fd.js HTTP/1.1Host: apps.microsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/service-worker.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; exp-session-id=b6d0ece2-29a7-4143-931c-d621648d7cb8; ai_user=gPFm7QcR2pV4O/zkZSC6dC\|2024-10-02T10:16:49.985Z; ai_session=KeivHP7d5TFls18euJ+R3i\|1727864209993\|1727864209993; _fbp=fb.1.1727864210794.836094937724409315; _clck=1x4xmda%7C2%7Cfpo%7C0%7C1736; _uetsid=70ac830080a711efa9fc9be06d42c5d1; _uetvid=70acc12080a711efa4bbe5908cfb5aee; _clsk=z8aa33%7C1727864211918%7C1%7C0%7Ct.clarity.ms%2Fcollect; MC1=GUID=40944b817c6f43219ea5caba422ead52&HASH=4094&LV=202410&V=4&LU=1727864214076; MS0=5d5a28dc628a46d8918acde28b77f98f
Source: global traffic	HTTP traffic detected: GET /hit/?a=event&d=%7B%22application%22%3A%22szndesktop%22%2C%22signedhash%22%3A%220%22%2C%22action%22%3A%22install_ie%22%2C%22status%22%3A0%2C%22osbuild%22%3A19045%2C%22osarch%22%3A9%2C%22iever%22%3A%2211.00.19041.1%20%28WinBuild.160101.0800%29%22%7D&s=partprog&v=2.1.35&r=1218851696&u=http://www.seznam.cz&h=B0B7C794-8699-4634-B6F9-24DA47BBD8EF&lsid=1727870994840&lses=0 HTTP/1.1Host: h.imedia.cz
Source: global traffic	HTTP traffic detected: GET /assets/js/color-worker-bb651d13.js HTTP/1.1Host: apps.microsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/service-worker.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; exp-session-id=b6d0ece2-29a7-4143-931c-d621648d7cb8; ai_user=gPFm7QcR2pV4O/zkZSC6dC\|2024-10-02T10:16:49.985Z; ai_session=KeivHP7d5TFls18euJ+R3i\|1727864209993\|1727864209993; _fbp=fb.1.1727864210794.836094937724409315; _clck=1x4xmda%7C2%7Cfpo%7C0%7C1736; _uetsid=70ac830080a711efa9fc9be06d42c5d1; _uetvid=70acc12080a711efa4bbe5908cfb5aee; _clsk=z8aa33%7C1727864211918%7C1%7C0%7Ct.clarity.ms%2Fcollect; MC1=GUID=40944b817c6f43219ea5caba422ead52&HASH=4094&LV=202410&V=4&LU=1727864214076; MS0=5d5a28dc628a46d8918acde28b77f98f
Source: global traffic	HTTP traffic detected: GET /assets/js/component-telemetry-ids-fc9d7e15.js HTTP/1.1Host: apps.microsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/service-worker.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; exp-session-id=b6d0ece2-29a7-4143-931c-d621648d7cb8; ai_user=gPFm7QcR2pV4O/zkZSC6dC\|2024-10-02T10:16:49.985Z; ai_session=KeivHP7d5TFls18euJ+R3i\|1727864209993\|1727864209993; _fbp=fb.1.1727864210794.836094937724409315; _clck=1x4xmda%7C2%7Cfpo%7C0%7C1736; _uetsid=70ac830080a711efa9fc9be06d42c5d1; _uetvid=70acc12080a711efa4bbe5908cfb5aee; _clsk=z8aa33%7C1727864211918%7C1%7C0%7Ct.clarity.ms%2Fcollect; MC1=GUID=40944b817c6f43219ea5caba422ead52&HASH=4094&LV=202410&V=4&LU=1727864214076; MS0=5d5a28dc628a46d8918acde28b77f98f
Source: global traffic	HTTP traffic detected: GET /assets/js/dash.all.min-f4f61554.js HTTP/1.1Host: apps.microsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/service-worker.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; exp-session-id=b6d0ece2-29a7-4143-931c-d621648d7cb8; ai_user=gPFm7QcR2pV4O/zkZSC6dC\|2024-10-02T10:16:49.985Z; ai_session=KeivHP7d5TFls18euJ+R3i\|1727864209993\|1727864209993; _fbp=fb.1.1727864210794.836094937724409315; _clck=1x4xmda%7C2%7Cfpo%7C0%7C1736; _uetsid=70ac830080a711efa9fc9be06d42c5d1; _uetvid=70acc12080a711efa4bbe5908cfb5aee; _clsk=z8aa33%7C1727864211918%7C1%7C0%7Ct.clarity.ms%2Fcollect; MC1=GUID=40944b817c6f43219ea5caba422ead52&HASH=4094&LV=202410&V=4&LU=1727864214076; MS0=5d5a28dc628a46d8918acde28b77f98f
Source: global traffic	HTTP traffic detected: GET /hit/?a=event&d=%7B%22action%22%3A%22startup%22%2C%22application%22%3A%22szndesktop%22%2C%22signedhash%22%3A%220%22%2C%22chrv%22%3A16%2C%22che%22%3A16%2C%22chs%22%3A16%2C%22ches%22%3A16%2C%22ie%22%3A1%2C%22osbuild%22%3A19045%2C%22osarch%22%3A9%2C%22chver%22%3A%22117.0.5938.132%22%2C%22ffver%22%3A%22118.0.1%22%2C%22iever%22%3A%2211.00.19041.1%20%28WinBuild.160101.0800%29%22%7D&s=partprog&v=2.1.35&r=-442691421&u=http://www.seznam.cz&h=B0B7C794-8699-4634-B6F9-24DA47BBD8EF&lsid=1727870998589&lses=1727870994840 HTTP/1.1Host: h.imedia.cz
Source: global traffic	HTTP traffic detected: GET /assets/js/dash.mss.min-9e6d10cc.js HTTP/1.1Host: apps.microsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/service-worker.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; exp-session-id=b6d0ece2-29a7-4143-931c-d621648d7cb8; ai_user=gPFm7QcR2pV4O/zkZSC6dC\|2024-10-02T10:16:49.985Z; ai_session=KeivHP7d5TFls18euJ+R3i\|1727864209993\|1727864209993; _fbp=fb.1.1727864210794.836094937724409315; _clck=1x4xmda%7C2%7Cfpo%7C0%7C1736; _uetsid=70ac830080a711efa9fc9be06d42c5d1; _uetvid=70acc12080a711efa4bbe5908cfb5aee; _clsk=z8aa33%7C1727864211918%7C1%7C0%7Ct.clarity.ms%2Fcollect; MC1=GUID=40944b817c6f43219ea5caba422ead52&HASH=4094&LV=202410&V=4&LU=1727864214076; MS0=5d5a28dc628a46d8918acde28b77f98f
Source: global traffic	HTTP traffic detected: GET /assets/js/editorial-aabeb52f.js HTTP/1.1Host: apps.microsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/service-worker.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; exp-session-id=b6d0ece2-29a7-4143-931c-d621648d7cb8; ai_user=gPFm7QcR2pV4O/zkZSC6dC\|2024-10-02T10:16:49.985Z; ai_session=KeivHP7d5TFls18euJ+R3i\|1727864209993\|1727864209993; _fbp=fb.1.1727864210794.836094937724409315; _clck=1x4xmda%7C2%7Cfpo%7C0%7C1736; _uetsid=70ac830080a711efa9fc9be06d42c5d1; _uetvid=70acc12080a711efa4bbe5908cfb5aee; _clsk=z8aa33%7C1727864211918%7C1%7C0%7Ct.clarity.ms%2Fcollect; MC1=GUID=40944b817c6f43219ea5caba422ead52&HASH=4094&LV=202410&V=4&LU=1727864214076; MS0=5d5a28dc628a46d8918acde28b77f98f
Source: global traffic	HTTP traffic detected: GET /hit/?a=event&d=%7B%22application%22%3A%22szndesktop%22%2C%22signedhash%22%3A%220%22%2C%22action%22%3A%22install_ff%22%2C%22status%22%3A0%2C%22osbuild%22%3A19045%2C%22osarch%22%3A9%2C%22ffver%22%3A%22118.0.1%22%7D&s=partprog&v=2.1.35&r=-845759909&u=http://www.seznam.cz&h=B0B7C794-8699-4634-B6F9-24DA47BBD8EF&lsid=1727871000747&lses=1727870998589 HTTP/1.1Host: h.imedia.cz
Source: global traffic	HTTP traffic detected: GET /assets/js/error-cba35c53.js HTTP/1.1Host: apps.microsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/service-worker.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; exp-session-id=b6d0ece2-29a7-4143-931c-d621648d7cb8; ai_user=gPFm7QcR2pV4O/zkZSC6dC\|2024-10-02T10:16:49.985Z; ai_session=KeivHP7d5TFls18euJ+R3i\|1727864209993\|1727864209993; _fbp=fb.1.1727864210794.836094937724409315; _clck=1x4xmda%7C2%7Cfpo%7C0%7C1736; _uetsid=70ac830080a711efa9fc9be06d42c5d1; _uetvid=70acc12080a711efa4bbe5908cfb5aee; _clsk=z8aa33%7C1727864211918%7C1%7C0%7Ct.clarity.ms%2Fcollect; MC1=GUID=40944b817c6f43219ea5caba422ead52&HASH=4094&LV=202410&V=4&LU=1727864214076; MS0=5d5a28dc628a46d8918acde28b77f98f
Source: global traffic	HTTP traffic detected: GET /assets/js/filter-menu.styles-c22dcbf5.js HTTP/1.1Host: apps.microsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/service-worker.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; exp-session-id=b6d0ece2-29a7-4143-931c-d621648d7cb8; ai_user=gPFm7QcR2pV4O/zkZSC6dC\|2024-10-02T10:16:49.985Z; ai_session=KeivHP7d5TFls18euJ+R3i\|1727864209993\|1727864209993; _fbp=fb.1.1727864210794.836094937724409315; _clck=1x4xmda%7C2%7Cfpo%7C0%7C1736; _uetsid=70ac830080a711efa9fc9be06d42c5d1; _uetvid=70acc12080a711efa4bbe5908cfb5aee; _clsk=z8aa33%7C1727864211918%7C1%7C0%7Ct.clarity.ms%2Fcollect; MC1=GUID=40944b817c6f43219ea5caba422ead52&HASH=4094&LV=202410&V=4&LU=1727864214076; MS0=5d5a28dc628a46d8918acde28b77f98f
Source: global traffic	HTTP traffic detected: GET /hit/?a=event&d=%7B%22application%22%3A%22szndesktop%22%2C%22signedhash%22%3A%220%22%2C%22action%22%3A%22install_ff%22%2C%22status%22%3A0%2C%22osbuild%22%3A19045%2C%22osarch%22%3A9%2C%22ffver%22%3A%22118.0.1%22%7D&s=partprog&v=2.1.35&r=-1701293468&u=http://www.seznam.cz&h=B0B7C794-8699-4634-B6F9-24DA47BBD8EF&lsid=1727871002951&lses=1727871000747 HTTP/1.1Host: h.imedia.cz
Source: global traffic	HTTP traffic detected: GET /assets/js/flip-animation-demo-c4c759ed.js HTTP/1.1Host: apps.microsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/service-worker.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; exp-session-id=b6d0ece2-29a7-4143-931c-d621648d7cb8; ai_user=gPFm7QcR2pV4O/zkZSC6dC\|2024-10-02T10:16:49.985Z; ai_session=KeivHP7d5TFls18euJ+R3i\|1727864209993\|1727864209993; _fbp=fb.1.1727864210794.836094937724409315; _clck=1x4xmda%7C2%7Cfpo%7C0%7C1736; _uetsid=70ac830080a711efa9fc9be06d42c5d1; _uetvid=70acc12080a711efa4bbe5908cfb5aee; _clsk=z8aa33%7C1727864211918%7C1%7C0%7Ct.clarity.ms%2Fcollect; MC1=GUID=40944b817c6f43219ea5caba422ead52&HASH=4094&LV=202410&V=4&LU=1727864214076; MS0=5d5a28dc628a46d8918acde28b77f98f
Source: global traffic	HTTP traffic detected: GET /assets/js/footer-menu-93708975.js HTTP/1.1Host: apps.microsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/service-worker.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; exp-session-id=b6d0ece2-29a7-4143-931c-d621648d7cb8; ai_user=gPFm7QcR2pV4O/zkZSC6dC\|2024-10-02T10:16:49.985Z; ai_session=KeivHP7d5TFls18euJ+R3i\|1727864209993\|1727864209993; _fbp=fb.1.1727864210794.836094937724409315; _clck=1x4xmda%7C2%7Cfpo%7C0%7C1736; _uetsid=70ac830080a711efa9fc9be06d42c5d1; _uetvid=70acc12080a711efa4bbe5908cfb5aee; _clsk=z8aa33%7C1727864211918%7C1%7C0%7Ct.clarity.ms%2Fcollect; MC1=GUID=40944b817c6f43219ea5caba422ead52&HASH=4094&LV=202410&V=4&LU=1727864214076; MS0=5d5a28dc628a46d8918acde28b77f98f
Source: global traffic	HTTP traffic detected: GET /assets/js/gaming-97ae1c62.js HTTP/1.1Host: apps.microsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/service-worker.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; exp-session-id=b6d0ece2-29a7-4143-931c-d621648d7cb8; ai_user=gPFm7QcR2pV4O/zkZSC6dC\|2024-10-02T10:16:49.985Z; ai_session=KeivHP7d5TFls18euJ+R3i\|1727864209993\|1727864209993; _fbp=fb.1.1727864210794.836094937724409315; _clck=1x4xmda%7C2%7Cfpo%7C0%7C1736; _uetsid=70ac830080a711efa9fc9be06d42c5d1; _uetvid=70acc12080a711efa4bbe5908cfb5aee; _clsk=z8aa33%7C1727864211918%7C1%7C0%7Ct.clarity.ms%2Fcollect; MC1=GUID=40944b817c6f43219ea5caba422ead52&HASH=4094&LV=202410&V=4&LU=1727864214076; MS0=5d5a28dc628a46d8918acde28b77f98f
Source: global traffic	HTTP traffic detected: GET /assets/js/header-1ef6623c.js HTTP/1.1Host: apps.microsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/service-worker.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; exp-session-id=b6d0ece2-29a7-4143-931c-d621648d7cb8; ai_user=gPFm7QcR2pV4O/zkZSC6dC\|2024-10-02T10:16:49.985Z; ai_session=KeivHP7d5TFls18euJ+R3i\|1727864209993\|1727864209993; _fbp=fb.1.1727864210794.836094937724409315; _clck=1x4xmda%7C2%7Cfpo%7C0%7C1736; _uetsid=70ac830080a711efa9fc9be06d42c5d1; _uetvid=70acc12080a711efa4bbe5908cfb5aee; _clsk=z8aa33%7C1727864211918%7C1%7C0%7Ct.clarity.ms%2Fcollect; MC1=GUID=40944b817c6f43219ea5caba422ead52&HASH=4094&LV=202410&V=4&LU=1727864214076; MS0=5d5a28dc628a46d8918acde28b77f98f
Source: global traffic	HTTP traffic detected: GET /assets/js/home-38153ab0.js HTTP/1.1Host: apps.microsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/service-worker.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; exp-session-id=b6d0ece2-29a7-4143-931c-d621648d7cb8; ai_user=gPFm7QcR2pV4O/zkZSC6dC\|2024-10-02T10:16:49.985Z; ai_session=KeivHP7d5TFls18euJ+R3i\|1727864209993\|1727864209993; _fbp=fb.1.1727864210794.836094937724409315; _clck=1x4xmda%7C2%7Cfpo%7C0%7C1736; _uetsid=70ac830080a711efa9fc9be06d42c5d1; _uetvid=70acc12080a711efa4bbe5908cfb5aee; _clsk=z8aa33%7C1727864211918%7C1%7C0%7Ct.clarity.ms%2Fcollect; MC1=GUID=40944b817c6f43219ea5caba422ead52&HASH=4094&LV=202410&V=4&LU=1727864214076; MS0=5d5a28dc628a46d8918acde28b77f98f
Source: global traffic	HTTP traffic detected: GET /assets/js/index-d961e0b8.js HTTP/1.1Host: apps.microsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/service-worker.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; exp-session-id=b6d0ece2-29a7-4143-931c-d621648d7cb8; ai_user=gPFm7QcR2pV4O/zkZSC6dC\|2024-10-02T10:16:49.985Z; ai_session=KeivHP7d5TFls18euJ+R3i\|1727864209993\|1727864209993; _fbp=fb.1.1727864210794.836094937724409315; _clck=1x4xmda%7C2%7Cfpo%7C0%7C1736; _uetsid=70ac830080a711efa9fc9be06d42c5d1; _uetvid=70acc12080a711efa4bbe5908cfb5aee; _clsk=z8aa33%7C1727864211918%7C1%7C0%7Ct.clarity.ms%2Fcollect; MC1=GUID=40944b817c6f43219ea5caba422ead52&HASH=4094&LV=202410&V=4&LU=1727864214076; MS0=5d5a28dc628a46d8918acde28b77f98f
Source: global traffic	HTTP traffic detected: GET /assets/js/info-card-cf23577c.js HTTP/1.1Host: apps.microsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/service-worker.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; exp-session-id=b6d0ece2-29a7-4143-931c-d621648d7cb8; ai_user=gPFm7QcR2pV4O/zkZSC6dC\|2024-10-02T10:16:49.985Z; ai_session=KeivHP7d5TFls18euJ+R3i\|1727864209993\|1727864209993; _fbp=fb.1.1727864210794.836094937724409315; _clck=1x4xmda%7C2%7Cfpo%7C0%7C1736; _uetsid=70ac830080a711efa9fc9be06d42c5d1; _uetvid=70acc12080a711efa4bbe5908cfb5aee; _clsk=z8aa33%7C1727864211918%7C1%7C0%7Ct.clarity.ms%2Fcollect; MC1=GUID=40944b817c6f43219ea5caba422ead52&HASH=4094&LV=202410&V=4&LU=1727864214076; MS0=5d5a28dc628a46d8918acde28b77f98f
Source: global traffic	HTTP traffic detected: GET /assets/js/info-panel-f1f0caf0.js HTTP/1.1Host: apps.microsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/service-worker.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; exp-session-id=b6d0ece2-29a7-4143-931c-d621648d7cb8; ai_user=gPFm7QcR2pV4O/zkZSC6dC\|2024-10-02T10:16:49.985Z; ai_session=KeivHP7d5TFls18euJ+R3i\|1727864209993\|1727864209993; _fbp=fb.1.1727864210794.836094937724409315; _clck=1x4xmda%7C2%7Cfpo%7C0%7C1736; _uetsid=70ac830080a711efa9fc9be06d42c5d1; _uetvid=70acc12080a711efa4bbe5908cfb5aee; _clsk=z8aa33%7C1727864211918%7C1%7C0%7Ct.clarity.ms%2Fcollect; MC1=GUID=40944b817c6f43219ea5caba422ead52&HASH=4094&LV=202410&V=4&LU=1727864214076; MS0=5d5a28dc628a46d8918acde28b77f98f
Source: global traffic	HTTP traffic detected: GET /hit/?a=event&d=%7B%22action%22%3A%22startup%22%2C%22application%22%3A%22szndesktop%22%2C%22signedhash%22%3A%220%22%2C%22chrv%22%3A48%2C%22che%22%3A48%2C%22chs%22%3A16%2C%22ches%22%3A16%2C%22ie%22%3A1%2C%22osbuild%22%3A19045%2C%22osarch%22%3A9%2C%22chver%22%3A%22117.0.5938.132%22%2C%22ffver%22%3A%22118.0.1%22%2C%22iever%22%3A%2211.00.19041.1%20%28WinBuild.160101.0800%29%22%7D&s=partprog&v=2.1.35&r=-1794028113&u=http://www.seznam.cz&h=B0B7C794-8699-4634-B6F9-24DA47BBD8EF&lsid=1727871011238&lses=1727871002951 HTTP/1.1Host: h.imedia.cz
Source: global traffic	HTTP traffic detected: GET /assets/js/landscape-poster-collection-2d9bcc1d.js HTTP/1.1Host: apps.microsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/service-worker.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; exp-session-id=b6d0ece2-29a7-4143-931c-d621648d7cb8; ai_user=gPFm7QcR2pV4O/zkZSC6dC\|2024-10-02T10:16:49.985Z; ai_session=KeivHP7d5TFls18euJ+R3i\|1727864209993\|1727864209993; _fbp=fb.1.1727864210794.836094937724409315; _clck=1x4xmda%7C2%7Cfpo%7C0%7C1736; _uetsid=70ac830080a711efa9fc9be06d42c5d1; _uetvid=70acc12080a711efa4bbe5908cfb5aee; _clsk=z8aa33%7C1727864211918%7C1%7C0%7Ct.clarity.ms%2Fcollect; MC1=GUID=40944b817c6f43219ea5caba422ead52&HASH=4094&LV=202410&V=4&LU=1727864214076; MS0=5d5a28dc628a46d8918acde28b77f98f
Source: global traffic	HTTP traffic detected: GET /assets/js/language-selector-dialog-b96e2be1.js HTTP/1.1Host: apps.microsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/service-worker.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; exp-session-id=b6d0ece2-29a7-4143-931c-d621648d7cb8; ai_user=gPFm7QcR2pV4O/zkZSC6dC\|2024-10-02T10:16:49.985Z; ai_session=KeivHP7d5TFls18euJ+R3i\|1727864209993\|1727864209993; _fbp=fb.1.1727864210794.836094937724409315; _clck=1x4xmda%7C2%7Cfpo%7C0%7C1736; _uetsid=70ac830080a711efa9fc9be06d42c5d1; _uetvid=70acc12080a711efa4bbe5908cfb5aee; _clsk=z8aa33%7C1727864211918%7C1%7C0%7Ct.clarity.ms%2Fcollect; MC1=GUID=40944b817c6f43219ea5caba422ead52&HASH=4094&LV=202410&V=4&LU=1727864214076; MS0=5d5a28dc628a46d8918acde28b77f98f
Source: global traffic	HTTP traffic detected: GET /assets/js/lottie-player.esm-e4b3d620.js HTTP/1.1Host: apps.microsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/service-worker.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; exp-session-id=b6d0ece2-29a7-4143-931c-d621648d7cb8; ai_user=gPFm7QcR2pV4O/zkZSC6dC\|2024-10-02T10:16:49.985Z; ai_session=KeivHP7d5TFls18euJ+R3i\|1727864209993\|1727864209993; _fbp=fb.1.1727864210794.836094937724409315; _clck=1x4xmda%7C2%7Cfpo%7C0%7C1736; _uetsid=70ac830080a711efa9fc9be06d42c5d1; _uetvid=70acc12080a711efa4bbe5908cfb5aee; _clsk=z8aa33%7C1727864211918%7C1%7C0%7Ct.clarity.ms%2Fcollect; MC1=GUID=40944b817c6f43219ea5caba422ead52&HASH=4094&LV=202410&V=4&LU=1727864214076; MS0=5d5a28dc628a46d8918acde28b77f98f
Source: global traffic	HTTP traffic detected: GET /assets/js/market-collection-service-133bf42f.js HTTP/1.1Host: apps.microsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/service-worker.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; exp-session-id=b6d0ece2-29a7-4143-931c-d621648d7cb8; ai_user=gPFm7QcR2pV4O/zkZSC6dC\|2024-10-02T10:16:49.985Z; ai_session=KeivHP7d5TFls18euJ+R3i\|1727864209993\|1727864209993; _fbp=fb.1.1727864210794.836094937724409315; _clck=1x4xmda%7C2%7Cfpo%7C0%7C1736; _uetsid=70ac830080a711efa9fc9be06d42c5d1; _uetvid=70acc12080a711efa4bbe5908cfb5aee; _clsk=z8aa33%7C1727864211918%7C1%7C0%7Ct.clarity.ms%2Fcollect; MC1=GUID=40944b817c6f43219ea5caba422ead52&HASH=4094&LV=202410&V=4&LU=1727864214076; MS0=5d5a28dc628a46d8918acde28b77f98f
Source: global traffic	HTTP traffic detected: GET /assets/js/movies-724e2e75.js HTTP/1.1Host: apps.microsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/service-worker.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; exp-session-id=b6d0ece2-29a7-4143-931c-d621648d7cb8; ai_user=gPFm7QcR2pV4O/zkZSC6dC\|2024-10-02T10:16:49.985Z; ai_session=KeivHP7d5TFls18euJ+R3i\|1727864209993\|1727864209993; _fbp=fb.1.1727864210794.836094937724409315; _clck=1x4xmda%7C2%7Cfpo%7C0%7C1736; _uetsid=70ac830080a711efa9fc9be06d42c5d1; _uetvid=70acc12080a711efa4bbe5908cfb5aee; _clsk=z8aa33%7C1727864211918%7C1%7C0%7Ct.clarity.ms%2Fcollect; MC1=GUID=40944b817c6f43219ea5caba422ead52&HASH=4094&LV=202410&V=4&LU=1727864214076; MS0=5d5a28dc628a46d8918acde28b77f98f
Source: global traffic	HTTP traffic detected: GET /assets/js/not-found-fa055e11.js HTTP/1.1Host: apps.microsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/service-worker.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; exp-session-id=b6d0ece2-29a7-4143-931c-d621648d7cb8; ai_user=gPFm7QcR2pV4O/zkZSC6dC\|2024-10-02T10:16:49.985Z; ai_session=KeivHP7d5TFls18euJ+R3i\|1727864209993\|1727864209993; _fbp=fb.1.1727864210794.836094937724409315; _clck=1x4xmda%7C2%7Cfpo%7C0%7C1736; _uetsid=70ac830080a711efa9fc9be06d42c5d1; _uetvid=70acc12080a711efa4bbe5908cfb5aee; _clsk=z8aa33%7C1727864211918%7C1%7C0%7Ct.clarity.ms%2Fcollect; MC1=GUID=40944b817c6f43219ea5caba422ead52&HASH=4094&LV=202410&V=4&LU=1727864214076; MS0=5d5a28dc628a46d8918acde28b77f98f
Source: global traffic	HTTP traffic detected: GET /assets/js/play-board-b1b7ae54.js HTTP/1.1Host: apps.microsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/service-worker.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; exp-session-id=b6d0ece2-29a7-4143-931c-d621648d7cb8; ai_user=gPFm7QcR2pV4O/zkZSC6dC\|2024-10-02T10:16:49.985Z; ai_session=KeivHP7d5TFls18euJ+R3i\|1727864209993\|1727864209993; _fbp=fb.1.1727864210794.836094937724409315; _clck=1x4xmda%7C2%7Cfpo%7C0%7C1736; _uetsid=70ac830080a711efa9fc9be06d42c5d1; _uetvid=70acc12080a711efa4bbe5908cfb5aee; _clsk=z8aa33%7C1727864211918%7C1%7C0%7Ct.clarity.ms%2Fcollect; MC1=GUID=40944b817c6f43219ea5caba422ead52&HASH=4094&LV=202410&V=4&LU=1727864214076; MS0=5d5a28dc628a46d8918acde28b77f98f
Source: global traffic	HTTP traffic detected: GET /hit/?a=event&d=%7B%22action%22%3A%22startup%22%2C%22application%22%3A%22szndesktop%22%2C%22signedhash%22%3A%220%22%2C%22chrv%22%3A56%2C%22che%22%3A48%2C%22chs%22%3A16%2C%22ches%22%3A16%2C%22ie%22%3A1%2C%22osbuild%22%3A19045%2C%22osarch%22%3A9%2C%22chver%22%3A%22117.0.5938.132%22%2C%22ffver%22%3A%22118.0.1%22%2C%22iever%22%3A%2211.00.19041.1%20%28WinBuild.160101.0800%29%22%7D&s=partprog&v=2.1.35&r=256494956&u=http://www.seznam.cz&h=B0B7C794-8699-4634-B6F9-24DA47BBD8EF&lsid=1727871017325&lses=1727871011238 HTTP/1.1Host: h.imedia.cz
Source: global traffic	HTTP traffic detected: GET /assets/js/play-board-tester-46874b9b.js HTTP/1.1Host: apps.microsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/service-worker.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; exp-session-id=b6d0ece2-29a7-4143-931c-d621648d7cb8; ai_user=gPFm7QcR2pV4O/zkZSC6dC\|2024-10-02T10:16:49.985Z; ai_session=KeivHP7d5TFls18euJ+R3i\|1727864209993\|1727864209993; _fbp=fb.1.1727864210794.836094937724409315; _clck=1x4xmda%7C2%7Cfpo%7C0%7C1736; _uetsid=70ac830080a711efa9fc9be06d42c5d1; _uetvid=70acc12080a711efa4bbe5908cfb5aee; _clsk=z8aa33%7C1727864211918%7C1%7C0%7Ct.clarity.ms%2Fcollect; MC1=GUID=40944b817c6f43219ea5caba422ead52&HASH=4094&LV=202410&V=4&LU=1727864214076; MS0=5d5a28dc628a46d8918acde28b77f98f
Source: global traffic	HTTP traffic detected: GET /assets/js/product-collection-renderer-92dc7aad.js HTTP/1.1Host: apps.microsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/service-worker.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; exp-session-id=b6d0ece2-29a7-4143-931c-d621648d7cb8; ai_user=gPFm7QcR2pV4O/zkZSC6dC\|2024-10-02T10:16:49.985Z; ai_session=KeivHP7d5TFls18euJ+R3i\|1727864209993\|1727864209993; _fbp=fb.1.1727864210794.836094937724409315; _clck=1x4xmda%7C2%7Cfpo%7C0%7C1736; _uetsid=70ac830080a711efa9fc9be06d42c5d1; _uetvid=70acc12080a711efa4bbe5908cfb5aee; _clsk=z8aa33%7C1727864211918%7C1%7C0%7Ct.clarity.ms%2Fcollect; MC1=GUID=40944b817c6f43219ea5caba422ead52&HASH=4094&LV=202410&V=4&LU=1727864214076; MS0=5d5a28dc628a46d8918acde28b77f98f
Source: global traffic	HTTP traffic detected: GET /assets/js/product-details-e165fa07.js HTTP/1.1Host: apps.microsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/service-worker.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; exp-session-id=b6d0ece2-29a7-4143-931c-d621648d7cb8; ai_user=gPFm7QcR2pV4O/zkZSC6dC\|2024-10-02T10:16:49.985Z; ai_session=KeivHP7d5TFls18euJ+R3i\|1727864209993\|1727864209993; _fbp=fb.1.1727864210794.836094937724409315; _clck=1x4xmda%7C2%7Cfpo%7C0%7C1736; _uetsid=70ac830080a711efa9fc9be06d42c5d1; _uetvid=70acc12080a711efa4bbe5908cfb5aee; _clsk=z8aa33%7C1727864211918%7C1%7C0%7Ct.clarity.ms%2Fcollect; MC1=GUID=40944b817c6f43219ea5caba422ead52&HASH=4094&LV=202410&V=4&LU=1727864214076; MS0=5d5a28dc628a46d8918acde28b77f98f
Source: global traffic	HTTP traffic detected: GET /assets/js/product-review-1e817684.js HTTP/1.1Host: apps.microsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/service-worker.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; exp-session-id=b6d0ece2-29a7-4143-931c-d621648d7cb8; ai_user=gPFm7QcR2pV4O/zkZSC6dC\|2024-10-02T10:16:49.985Z; ai_session=KeivHP7d5TFls18euJ+R3i\|1727864209993\|1727864209993; _fbp=fb.1.1727864210794.836094937724409315; _clck=1x4xmda%7C2%7Cfpo%7C0%7C1736; _uetsid=70ac830080a711efa9fc9be06d42c5d1; _uetvid=70acc12080a711efa4bbe5908cfb5aee; _clsk=z8aa33%7C1727864211918%7C1%7C0%7Ct.clarity.ms%2Fcollect; MC1=GUID=40944b817c6f43219ea5caba422ead52&HASH=4094&LV=202410&V=4&LU=1727864214076; MS0=5d5a28dc628a46d8918acde28b77f98f
Source: global traffic	HTTP traffic detected: GET /assets/js/promo-panel-544f890b.js HTTP/1.1Host: apps.microsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/service-worker.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; exp-session-id=b6d0ece2-29a7-4143-931c-d621648d7cb8; ai_user=gPFm7QcR2pV4O/zkZSC6dC\|2024-10-02T10:16:49.985Z; ai_session=KeivHP7d5TFls18euJ+R3i\|1727864209993\|1727864209993; _fbp=fb.1.1727864210794.836094937724409315; _clck=1x4xmda%7C2%7Cfpo%7C0%7C1736; _uetsid=70ac830080a711efa9fc9be06d42c5d1; _uetvid=70acc12080a711efa4bbe5908cfb5aee; _clsk=z8aa33%7C1727864211918%7C1%7C0%7Ct.clarity.ms%2Fcollect; MC1=GUID=40944b817c6f43219ea5caba422ead52&HASH=4094&LV=202410&V=4&LU=1727864214076; MS0=5d5a28dc628a46d8918acde28b77f98f
Source: global traffic	HTTP traffic detected: GET /assets/js/ratings-reviews-list-5a17d118.js HTTP/1.1Host: apps.microsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/service-worker.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; exp-session-id=b6d0ece2-29a7-4143-931c-d621648d7cb8; ai_user=gPFm7QcR2pV4O/zkZSC6dC\|2024-10-02T10:16:49.985Z; ai_session=KeivHP7d5TFls18euJ+R3i\|1727864209993\|1727864209993; _fbp=fb.1.1727864210794.836094937724409315; _clck=1x4xmda%7C2%7Cfpo%7C0%7C1736; _uetsid=70ac830080a711efa9fc9be06d42c5d1; _uetvid=70acc12080a711efa4bbe5908cfb5aee; _clsk=z8aa33%7C1727864211918%7C1%7C0%7Ct.clarity.ms%2Fcollect; MC1=GUID=40944b817c6f43219ea5caba422ead52&HASH=4094&LV=202410&V=4&LU=1727864214076; MS0=5d5a28dc628a46d8918acde28b77f98f
Source: global traffic	HTTP traffic detected: GET /assets/js/ratings-reviews-summary-abe56846.js HTTP/1.1Host: apps.microsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/service-worker.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; exp-session-id=b6d0ece2-29a7-4143-931c-d621648d7cb8; ai_user=gPFm7QcR2pV4O/zkZSC6dC\|2024-10-02T10:16:49.985Z; ai_session=KeivHP7d5TFls18euJ+R3i\|1727864209993\|1727864209993; _fbp=fb.1.1727864210794.836094937724409315; _clck=1x4xmda%7C2%7Cfpo%7C0%7C1736; _uetsid=70ac830080a711efa9fc9be06d42c5d1; _uetvid=70acc12080a711efa4bbe5908cfb5aee; _clsk=z8aa33%7C1727864211918%7C1%7C0%7Ct.clarity.ms%2Fcollect; MC1=GUID=40944b817c6f43219ea5caba422ead52&HASH=4094&LV=202410&V=4&LU=1727864214076; MS0=5d5a28dc628a46d8918acde28b77f98f
Source: global traffic	HTTP traffic detected: GET /assets/js/related-products-76acf8ee.js HTTP/1.1Host: apps.microsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/service-worker.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; exp-session-id=b6d0ece2-29a7-4143-931c-d621648d7cb8; ai_user=gPFm7QcR2pV4O/zkZSC6dC\|2024-10-02T10:16:49.985Z; ai_session=KeivHP7d5TFls18euJ+R3i\|1727864209993\|1727864209993; _fbp=fb.1.1727864210794.836094937724409315; _clck=1x4xmda%7C2%7Cfpo%7C0%7C1736; _uetsid=70ac830080a711efa9fc9be06d42c5d1; _uetvid=70acc12080a711efa4bbe5908cfb5aee; _clsk=z8aa33%7C1727864211918%7C1%7C0%7Ct.clarity.ms%2Fcollect; MC1=GUID=40944b817c6f43219ea5caba422ead52&HASH=4094&LV=202410&V=4&LU=1727864214076; MS0=5d5a28dc628a46d8918acde28b77f98f
Source: global traffic	HTTP traffic detected: GET /assets/js/report-dialog-8539c0d0.js HTTP/1.1Host: apps.microsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/service-worker.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; exp-session-id=b6d0ece2-29a7-4143-931c-d621648d7cb8; ai_user=gPFm7QcR2pV4O/zkZSC6dC\|2024-10-02T10:16:49.985Z; ai_session=KeivHP7d5TFls18euJ+R3i\|1727864209993\|1727864209993; _fbp=fb.1.1727864210794.836094937724409315; _clck=1x4xmda%7C2%7Cfpo%7C0%7C1736; _uetsid=70ac830080a711efa9fc9be06d42c5d1; _uetvid=70acc12080a711efa4bbe5908cfb5aee; _clsk=z8aa33%7C1727864211918%7C1%7C0%7Ct.clarity.ms%2Fcollect; MC1=GUID=40944b817c6f43219ea5caba422ead52&HASH=4094&LV=202410&V=4&LU=1727864214076; MS0=5d5a28dc628a46d8918acde28b77f98f
Source: global traffic	HTTP traffic detected: GET /assets/js/search-results-9f1dba5f.js HTTP/1.1Host: apps.microsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/service-worker.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; exp-session-id=b6d0ece2-29a7-4143-931c-d621648d7cb8; ai_user=gPFm7QcR2pV4O/zkZSC6dC\|2024-10-02T10:16:49.985Z; ai_session=KeivHP7d5TFls18euJ+R3i\|1727864209993\|1727864209993; _fbp=fb.1.1727864210794.836094937724409315; _clck=1x4xmda%7C2%7Cfpo%7C0%7C1736; _uetsid=70ac830080a711efa9fc9be06d42c5d1; _uetvid=70acc12080a711efa4bbe5908cfb5aee; _clsk=z8aa33%7C1727864211918%7C1%7C0%7Ct.clarity.ms%2Fcollect; MC1=GUID=40944b817c6f43219ea5caba422ead52&HASH=4094&LV=202410&V=4&LU=1727864214076; MS0=5d5a28dc628a46d8918acde28b77f98f
Source: global traffic	HTTP traffic detected: GET /assets/js/search-results-publisher-07f4a6c3.js HTTP/1.1Host: apps.microsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/service-worker.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; exp-session-id=b6d0ece2-29a7-4143-931c-d621648d7cb8; ai_user=gPFm7QcR2pV4O/zkZSC6dC\|2024-10-02T10:16:49.985Z; ai_session=KeivHP7d5TFls18euJ+R3i\|1727864209993\|1727864209993; _fbp=fb.1.1727864210794.836094937724409315; _clck=1x4xmda%7C2%7Cfpo%7C0%7C1736; _uetsid=70ac830080a711efa9fc9be06d42c5d1; _uetvid=70acc12080a711efa4bbe5908cfb5aee; _clsk=z8aa33%7C1727864211918%7C1%7C0%7Ct.clarity.ms%2Fcollect; MC1=GUID=40944b817c6f43219ea5caba422ead52&HASH=4094&LV=202410&V=4&LU=1727864214076; MS0=5d5a28dc628a46d8918acde28b77f98f
Source: global traffic	HTTP traffic detected: GET /assets/js/spacing.styles-7155d2ad.js HTTP/1.1Host: apps.microsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/service-worker.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; exp-session-id=b6d0ece2-29a7-4143-931c-d621648d7cb8; ai_user=gPFm7QcR2pV4O/zkZSC6dC\|2024-10-02T10:16:49.985Z; ai_session=KeivHP7d5TFls18euJ+R3i\|1727864209993\|1727864209993; _fbp=fb.1.1727864210794.836094937724409315; _clck=1x4xmda%7C2%7Cfpo%7C0%7C1736; _uetsid=70ac830080a711efa9fc9be06d42c5d1; _uetvid=70acc12080a711efa4bbe5908cfb5aee; _clsk=z8aa33%7C1727864211918%7C1%7C0%7Ct.clarity.ms%2Fcollect; MC1=GUID=40944b817c6f43219ea5caba422ead52&HASH=4094&LV=202410&V=4&LU=1727864214076; MS0=5d5a28dc628a46d8918acde28b77f98f
Source: global traffic	HTTP traffic detected: GET /assets/js/spotlight-card-d6cf8e19.js HTTP/1.1Host: apps.microsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/service-worker.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; exp-session-id=b6d0ece2-29a7-4143-931c-d621648d7cb8; ai_user=gPFm7QcR2pV4O/zkZSC6dC\|2024-10-02T10:16:49.985Z; ai_session=KeivHP7d5TFls18euJ+R3i\|1727864209993\|1727864209993; _fbp=fb.1.1727864210794.836094937724409315; _clck=1x4xmda%7C2%7Cfpo%7C0%7C1736; _uetsid=70ac830080a711efa9fc9be06d42c5d1; _uetvid=70acc12080a711efa4bbe5908cfb5aee; _clsk=z8aa33%7C1727864211918%7C1%7C0%7Ct.clarity.ms%2Fcollect; MC1=GUID=40944b817c6f43219ea5caba422ead52&HASH=4094&LV=202410&V=4&LU=1727864214076; MS0=5d5a28dc628a46d8918acde28b77f98f
Source: global traffic	HTTP traffic detected: GET /assets/js/spotlight-control-43a365a0.js HTTP/1.1Host: apps.microsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/service-worker.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; exp-session-id=b6d0ece2-29a7-4143-931c-d621648d7cb8; ai_user=gPFm7QcR2pV4O/zkZSC6dC\|2024-10-02T10:16:49.985Z; ai_session=KeivHP7d5TFls18euJ+R3i\|1727864209993\|1727864209993; _fbp=fb.1.1727864210794.836094937724409315; _clck=1x4xmda%7C2%7Cfpo%7C0%7C1736; _uetsid=70ac830080a711efa9fc9be06d42c5d1; _uetvid=70acc12080a711efa4bbe5908cfb5aee; _clsk=z8aa33%7C1727864211918%7C1%7C0%7Ct.clarity.ms%2Fcollect; MC1=GUID=40944b817c6f43219ea5caba422ead52&HASH=4094&LV=202410&V=4&LU=1727864214076; MS0=5d5a28dc628a46d8918acde28b77f98f
Source: global traffic	HTTP traffic detected: GET /assets/js/subscript-199a50ce.js HTTP/1.1Host: apps.microsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/service-worker.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; exp-session-id=b6d0ece2-29a7-4143-931c-d621648d7cb8; ai_user=gPFm7QcR2pV4O/zkZSC6dC\|2024-10-02T10:16:49.985Z; ai_session=KeivHP7d5TFls18euJ+R3i\|1727864209993\|1727864209993; _fbp=fb.1.1727864210794.836094937724409315; _clck=1x4xmda%7C2%7Cfpo%7C0%7C1736; _uetsid=70ac830080a711efa9fc9be06d42c5d1; _uetvid=70acc12080a711efa4bbe5908cfb5aee; _clsk=z8aa33%7C1727864211918%7C1%7C0%7Ct.clarity.ms%2Fcollect; MC1=GUID=40944b817c6f43219ea5caba422ead52&HASH=4094&LV=202410&V=4&LU=1727864214076; MS0=5d5a28dc628a46d8918acde28b77f98f
Source: global traffic	HTTP traffic detected: GET /assets/js/system-requirements-7f350381.js HTTP/1.1Host: apps.microsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/service-worker.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; exp-session-id=b6d0ece2-29a7-4143-931c-d621648d7cb8; ai_user=gPFm7QcR2pV4O/zkZSC6dC\|2024-10-02T10:16:49.985Z; ai_session=KeivHP7d5TFls18euJ+R3i\|1727864209993\|1727864209993; _fbp=fb.1.1727864210794.836094937724409315; _clck=1x4xmda%7C2%7Cfpo%7C0%7C1736; _uetsid=70ac830080a711efa9fc9be06d42c5d1; _uetvid=70acc12080a711efa4bbe5908cfb5aee; _clsk=z8aa33%7C1727864211918%7C1%7C0%7Ct.clarity.ms%2Fcollect; MC1=GUID=40944b817c6f43219ea5caba422ead52&HASH=4094&LV=202410&V=4&LU=1727864214076; MS0=5d5a28dc628a46d8918acde28b77f98f
Source: global traffic	HTTP traffic detected: GET /assets/js/tencent-4e399fb0.js HTTP/1.1Host: apps.microsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/service-worker.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; exp-session-id=b6d0ece2-29a7-4143-931c-d621648d7cb8; ai_user=gPFm7QcR2pV4O/zkZSC6dC\|2024-10-02T10:16:49.985Z; ai_session=KeivHP7d5TFls18euJ+R3i\|1727864209993\|1727864209993; _fbp=fb.1.1727864210794.836094937724409315; _clck=1x4xmda%7C2%7Cfpo%7C0%7C1736; _uetsid=70ac830080a711efa9fc9be06d42c5d1; _uetvid=70acc12080a711efa4bbe5908cfb5aee; _clsk=z8aa33%7C1727864211918%7C1%7C0%7Ct.clarity.ms%2Fcollect; MC1=GUID=40944b817c6f43219ea5caba422ead52&HASH=4094&LV=202410&V=4&LU=1727864214076; MS0=5d5a28dc628a46d8918acde28b77f98f
Source: global traffic	HTTP traffic detected: GET /assets/js/trending-collection-dc56edd4.js HTTP/1.1Host: apps.microsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/service-worker.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; exp-session-id=b6d0ece2-29a7-4143-931c-d621648d7cb8; ai_user=gPFm7QcR2pV4O/zkZSC6dC\|2024-10-02T10:16:49.985Z; ai_session=KeivHP7d5TFls18euJ+R3i\|1727864209993\|1727864209993; _fbp=fb.1.1727864210794.836094937724409315; _clck=1x4xmda%7C2%7Cfpo%7C0%7C1736; _uetsid=70ac830080a711efa9fc9be06d42c5d1; _uetvid=70acc12080a711efa4bbe5908cfb5aee; _clsk=z8aa33%7C1727864211918%7C1%7C0%7Ct.clarity.ms%2Fcollect; MC1=GUID=40944b817c6f43219ea5caba422ead52&HASH=4094&LV=202410&V=4&LU=1727864214076; MS0=5d5a28dc628a46d8918acde28b77f98f
Source: global traffic	HTTP traffic detected: GET /assets/js/video-player-aab5351f.js HTTP/1.1Host: apps.microsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/service-worker.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; exp-session-id=b6d0ece2-29a7-4143-931c-d621648d7cb8; ai_user=gPFm7QcR2pV4O/zkZSC6dC\|2024-10-02T10:16:49.985Z; ai_session=KeivHP7d5TFls18euJ+R3i\|1727864209993\|1727864209993; _fbp=fb.1.1727864210794.836094937724409315; _clck=1x4xmda%7C2%7Cfpo%7C0%7C1736; _uetsid=70ac830080a711efa9fc9be06d42c5d1; _uetvid=70acc12080a711efa4bbe5908cfb5aee; _clsk=z8aa33%7C1727864211918%7C1%7C0%7Ct.clarity.ms%2Fcollect; MC1=GUID=40944b817c6f43219ea5caba422ead52&HASH=4094&LV=202410&V=4&LU=1727864214076; MS0=5d5a28dc628a46d8918acde28b77f98f
Source: global traffic	HTTP traffic detected: GET /assets/js/visual-info-panel-112e17cc.js HTTP/1.1Host: apps.microsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/service-worker.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; exp-session-id=b6d0ece2-29a7-4143-931c-d621648d7cb8; ai_user=gPFm7QcR2pV4O/zkZSC6dC\|2024-10-02T10:16:49.985Z; ai_session=KeivHP7d5TFls18euJ+R3i\|1727864209993\|1727864209993; _fbp=fb.1.1727864210794.836094937724409315; _clck=1x4xmda%7C2%7Cfpo%7C0%7C1736; _uetsid=70ac830080a711efa9fc9be06d42c5d1; _uetvid=70acc12080a711efa4bbe5908cfb5aee; _clsk=z8aa33%7C1727864211918%7C1%7C0%7Ct.clarity.ms%2Fcollect; MC1=GUID=40944b817c6f43219ea5caba422ead52&HASH=4094&LV=202410&V=4&LU=1727864214076; MS0=5d5a28dc628a46d8918acde28b77f98f
Source: global traffic	HTTP traffic detected: GET /assets/js/wide-info-card-9b21aa9e.js HTTP/1.1Host: apps.microsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/service-worker.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; exp-session-id=b6d0ece2-29a7-4143-931c-d621648d7cb8; ai_user=gPFm7QcR2pV4O/zkZSC6dC\|2024-10-02T10:16:49.985Z; ai_session=KeivHP7d5TFls18euJ+R3i\|1727864209993\|1727864209993; _fbp=fb.1.1727864210794.836094937724409315; _clck=1x4xmda%7C2%7Cfpo%7C0%7C1736; _uetsid=70ac830080a711efa9fc9be06d42c5d1; _uetvid=70acc12080a711efa4bbe5908cfb5aee; _clsk=z8aa33%7C1727864211918%7C1%7C0%7Ct.clarity.ms%2Fcollect; MC1=GUID=40944b817c6f43219ea5caba422ead52&HASH=4094&LV=202410&V=4&LU=1727864214076; MS0=5d5a28dc628a46d8918acde28b77f98f
Source: global traffic	HTTP traffic detected: GET /baidu_verify_codeva-7XwzFsIV37.html HTTP/1.1Host: apps.microsoft.comConnection: keep-alivePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/service-worker.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; exp-session-id=b6d0ece2-29a7-4143-931c-d621648d7cb8; ai_user=gPFm7QcR2pV4O/zkZSC6dC\|2024-10-02T10:16:49.985Z; ai_session=KeivHP7d5TFls18euJ+R3i\|1727864209993\|1727864209993; _fbp=fb.1.1727864210794.836094937724409315; _clck=1x4xmda%7C2%7Cfpo%7C0%7C1736; _uetsid=70ac830080a711efa9fc9be06d42c5d1; _uetvid=70acc12080a711efa4bbe5908cfb5aee; _clsk=z8aa33%7C1727864211918%7C1%7C0%7Ct.clarity.ms%2Fcollect; MC1=GUID=40944b817c6f43219ea5caba422ead52&HASH=4094&LV=202410&V=4&LU=1727864214076; MS0=5d5a28dc628a46d8918acde28b77f98f
Source: global traffic	HTTP traffic detected: GET /bing-bat.js HTTP/1.1Host: apps.microsoft.comConnection: keep-alivePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/service-worker.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; exp-session-id=b6d0ece2-29a7-4143-931c-d621648d7cb8; ai_user=gPFm7QcR2pV4O/zkZSC6dC\|2024-10-02T10:16:49.985Z; ai_session=KeivHP7d5TFls18euJ+R3i\|1727864209993\|1727864209993; _fbp=fb.1.1727864210794.836094937724409315; _clck=1x4xmda%7C2%7Cfpo%7C0%7C1736; _uetsid=70ac830080a711efa9fc9be06d42c5d1; _uetvid=70acc12080a711efa4bbe5908cfb5aee; _clsk=z8aa33%7C1727864211918%7C1%7C0%7Ct.clarity.ms%2Fcollect; MC1=GUID=40944b817c6f43219ea5caba422ead52&HASH=4094&LV=202410&V=4&LU=1727864214076; MS0=5d5a28dc628a46d8918acde28b77f98f
Source: global traffic	HTTP traffic detected: GET /crx/blobs/AY4GWKDQIk_LzFaPKkVeG5kjrY2DSnx9vAOISkAQOoUiB7UAr3ctR1HE3o70iDC7T1ZWF5lMEcB1tpSB3Nz2v6hUR5ioHSyOWNrjqmubSP1Sq4lVK1emAMZSmuV73iDI0_0bj6Ca_uMOmBP187AlKQ/OLFEABKOENFAOLJNDFECAMGILLLCPIAK_6_0_11_0.crx HTTP/1.1Host: clients2.googleusercontent.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /clarity.js HTTP/1.1Host: apps.microsoft.comConnection: keep-alivePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/service-worker.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; exp-session-id=b6d0ece2-29a7-4143-931c-d621648d7cb8; ai_user=gPFm7QcR2pV4O/zkZSC6dC\|2024-10-02T10:16:49.985Z; ai_session=KeivHP7d5TFls18euJ+R3i\|1727864209993\|1727864209993; _fbp=fb.1.1727864210794.836094937724409315; _clck=1x4xmda%7C2%7Cfpo%7C0%7C1736; _uetsid=70ac830080a711efa9fc9be06d42c5d1; _uetvid=70acc12080a711efa4bbe5908cfb5aee; _clsk=z8aa33%7C1727864211918%7C1%7C0%7Ct.clarity.ms%2Fcollect; MC1=GUID=40944b817c6f43219ea5caba422ead52&HASH=4094&LV=202410&V=4&LU=1727864214076; MS0=5d5a28dc628a46d8918acde28b77f98f
Source: global traffic	HTTP traffic detected: GET /color-worker.js HTTP/1.1Host: apps.microsoft.comConnection: keep-alivePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/service-worker.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; exp-session-id=b6d0ece2-29a7-4143-931c-d621648d7cb8; ai_user=gPFm7QcR2pV4O/zkZSC6dC\|2024-10-02T10:16:49.985Z; ai_session=KeivHP7d5TFls18euJ+R3i\|1727864209993\|1727864209993; _fbp=fb.1.1727864210794.836094937724409315; _clck=1x4xmda%7C2%7Cfpo%7C0%7C1736; _uetsid=70ac830080a711efa9fc9be06d42c5d1; _uetvid=70acc12080a711efa4bbe5908cfb5aee; _clsk=z8aa33%7C1727864211918%7C1%7C0%7Ct.clarity.ms%2Fcollect; MC1=GUID=40944b817c6f43219ea5caba422ead52&HASH=4094&LV=202410&V=4&LU=1727864214076; MS0=5d5a28dc628a46d8918acde28b77f98f
Source: global traffic	HTTP traffic detected: GET /webstore/inlineinstall/detail/olfeabkoenfaoljndfecamgilllcpiak HTTP/1.1Host: chrome.google.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /offline.html HTTP/1.1Host: apps.microsoft.comConnection: keep-alivePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/service-worker.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; exp-session-id=b6d0ece2-29a7-4143-931c-d621648d7cb8; ai_user=gPFm7QcR2pV4O/zkZSC6dC\|2024-10-02T10:16:49.985Z; ai_session=KeivHP7d5TFls18euJ+R3i\|1727864209993\|1727864209993; _fbp=fb.1.1727864210794.836094937724409315; _clck=1x4xmda%7C2%7Cfpo%7C0%7C1736; _uetsid=70ac830080a711efa9fc9be06d42c5d1; _uetvid=70acc12080a711efa4bbe5908cfb5aee; _clsk=z8aa33%7C1727864211918%7C1%7C0%7Ct.clarity.ms%2Fcollect; MC1=GUID=40944b817c6f43219ea5caba422ead52&HASH=4094&LV=202410&V=4&LU=1727864214076; MS0=5d5a28dc628a46d8918acde28b77f98f
Source: global traffic	HTTP traffic detected: GET /shoelace-dark-2.15.1.css HTTP/1.1Host: apps.microsoft.comConnection: keep-alivePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/service-worker.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; exp-session-id=b6d0ece2-29a7-4143-931c-d621648d7cb8; ai_user=gPFm7QcR2pV4O/zkZSC6dC\|2024-10-02T10:16:49.985Z; ai_session=KeivHP7d5TFls18euJ+R3i\|1727864209993\|1727864209993; _fbp=fb.1.1727864210794.836094937724409315; _clck=1x4xmda%7C2%7Cfpo%7C0%7C1736; _uetsid=70ac830080a711efa9fc9be06d42c5d1; _uetvid=70acc12080a711efa4bbe5908cfb5aee; _clsk=z8aa33%7C1727864211918%7C1%7C0%7Ct.clarity.ms%2Fcollect; MC1=GUID=40944b817c6f43219ea5caba422ead52&HASH=4094&LV=202410&V=4&LU=1727864214076; MS0=5d5a28dc628a46d8918acde28b77f98f
Source: global traffic	HTTP traffic detected: GET /phishinglist/list/v2 HTTP/1.1Host: software.seznam.czConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Origin: chrome-extension://olfeabkoenfaoljndfecamgilllcpiakSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shoelace-light-2.15.1.css HTTP/1.1Host: apps.microsoft.comConnection: keep-alivePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/service-worker.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; exp-session-id=b6d0ece2-29a7-4143-931c-d621648d7cb8; ai_user=gPFm7QcR2pV4O/zkZSC6dC\|2024-10-02T10:16:49.985Z; ai_session=KeivHP7d5TFls18euJ+R3i\|1727864209993\|1727864209993; _fbp=fb.1.1727864210794.836094937724409315; _clck=1x4xmda%7C2%7Cfpo%7C0%7C1736; _uetsid=70ac830080a711efa9fc9be06d42c5d1; _uetvid=70acc12080a711efa4bbe5908cfb5aee; _clsk=z8aa33%7C1727864211918%7C1%7C0%7Ct.clarity.ms%2Fcollect; MC1=GUID=40944b817c6f43219ea5caba422ead52&HASH=4094&LV=202410&V=4&LU=1727864214076; MS0=5d5a28dc628a46d8918acde28b77f98f
Source: global traffic	HTTP traffic detected: GET /vite-index.html HTTP/1.1Host: apps.microsoft.comConnection: keep-alivePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/service-worker.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; exp-session-id=b6d0ece2-29a7-4143-931c-d621648d7cb8; ai_user=gPFm7QcR2pV4O/zkZSC6dC\|2024-10-02T10:16:49.985Z; ai_session=KeivHP7d5TFls18euJ+R3i\|1727864209993\|1727864209993; _fbp=fb.1.1727864210794.836094937724409315; _clck=1x4xmda%7C2%7Cfpo%7C0%7C1736; _uetsid=70ac830080a711efa9fc9be06d42c5d1; _uetvid=70acc12080a711efa4bbe5908cfb5aee; _clsk=z8aa33%7C1727864211918%7C1%7C0%7Ct.clarity.ms%2Fcollect; MC1=GUID=40944b817c6f43219ea5caba422ead52&HASH=4094&LV=202410&V=4&LU=1727864214076; MS0=5d5a28dc628a46d8918acde28b77f98f
Source: global traffic	HTTP traffic detected: GET /phishinglist/list/v2 HTTP/1.1Host: software.seznam.czConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Origin: chrome-extension://olfeabkoenfaoljndfecamgilllcpiakSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9If-None-Match: "0d3d9b65b89032e8640ff38a07a98de029eb2e9846c242e1ee11ffb96f927d03"
Source: global traffic	HTTP traffic detected: GET /crx/blobs/AY4GWKA7rRcfuiuOTi8MMh_yoPCiNMHFVQA6NVDkcJ6zsobnt4zWcbRwYlrOwIINIn3dxpNWaiKHNeuobj12XqBwh5d8WNR7RnSviL81nMFK9aE9MaMvmUFs3QvljNfFE-4AxlKa5T2E6wPqA8HFDB89XXj_lJRRoGXW/BGJPFHPJCGDPPJBGNPNJLLOKBMCDLLIG_6_1_11_0.crx HTTP/1.1Host: clients2.googleusercontent.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /webstore/inlineinstall/detail/bgjpfhpjcgdppjbgnpnjllokbmcdllig HTTP/1.1Host: chrome.google.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /gphotos?action=install&hl=en&gl=ch&brand=GGLA&scrid=AD0E3D47-9B39-483F-83C6-9B8C783457F6&v=(null) HTTP/1.1Accept: /Accept-Encoding: gzipUser-Agent: Google Photos Screensaver 2.0 (gzip)Host: pack.google.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /update/packages.inf HTTP/1.1Host: download.seznam.cz
Source: global traffic	HTTP traffic detected: GET /update/cz.seznam.software.sznsetup-1.2.7-win32.zip HTTP/1.1Host: download.seznam.cz
Source: global traffic	HTTP traffic detected: GET /update/cz.seznam.software.szninstall-1.1.15-win32.zip HTTP/1.1Host: download.seznam.cz
Source: global traffic	HTTP traffic detected: GET /feeds/posts/default HTTP/1.1Accept: /Accept-Encoding: gzipUser-Agent: Picasa/3.9.141.255 (gzip)Host: picasa-readme.blogspot.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /support/bin/answer.py?hl=en&answer=93773 HTTP/1.1Accept: text/html, application/xhtml+xml, image/jxr, /Accept-Language: en-CHUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: picasa.google.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /update/packages.inf HTTP/1.1Host: download.seznam.cz
Source: global traffic	HTTP traffic detected: GET /update/cz.seznam.software.lightspeed-1210-12.10.18-win32.zip HTTP/1.1Host: download.seznam.cz
Source: global traffic	HTTP traffic detected: GET /update/cz.seznam.software.libszndesktop-2.1.35-win32.zip HTTP/1.1Host: download.seznam.cz
Source: global traffic	HTTP traffic detected: GET /update/cz.seznam.software.szndesktop-2.0.32-win32.zip HTTP/1.1Host: download.seznam.cz
Source: global traffic	HTTP traffic detected: GET /update/cz.seznam.software.libfoxcub-3.3.8-win32.zip HTTP/1.1Host: download.seznam.cz
Source: global traffic	HTTP traffic detected: GET /update/cz.seznam.software.libfoxcub64-3.3.8-win32.zip HTTP/1.1Host: download.seznam.cz
Source: global traffic	HTTP traffic detected: GET /update/cz.seznam.software.ielisticka3-3.3.5-win32.zip HTTP/1.1Host: download.seznam.cz
Source: global traffic	HTTP traffic detected: GET /update/szn-software-fflisticka-4.0.8-win32.zip HTTP/1.1Host: download.seznam.cz

Source: Picasa3.exe, 00000014.00000002.2593399186.0000000007223000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Minor bugfixes to the text tool, web sync, and virtual albums</span></span></div><div><br /></div></span></span></div><div><br /></div></content><link rel='edit' type='application/atom+xml' href='http://www.blogger.com/feeds/1456569655786168306/posts/default/3576455443803502313'/><link rel='self' type='application/atom+xml' href='http://www.blogger.com/feeds/1456569655786168306/posts/default/3576455443803502313'/><link rel='alternate' type='text/html' href='http://picasa-readme.blogspot.com/2008/10/picasa-30-out-of-beta-build-xxxx.html' title='Picasa 3.0 (out of beta!) -- Build 57.53'/><author><name>Picasa Team</name><uri>http://www.blogger.com/profile/00823187511285450623</uri><email>noreply@blogger.com</email><gd:image rel='http://schemas.google.com/g/2005#thumbnail' width='16' height='16' src='https://img1.blogblog.com/img/b16-rounded.gif'/></author></entry><entry><id>tag:blogger.com,1999:blog-1456569655786168306.post-6597548198970830433</id><published>2008-09-30T16:40:00.000-07:00</published><updated>2008-09-30T16:43:01.938-07:00</updated><category scheme="http://www.blogger.com/atom/ns#" term="autoupdate"/><title type='text'>Build 57.24</title><content type='html'><span style="font-style: italic;">Automatic update for Picasa 3 beta testers.</span><br /><br />Changes in this release are:<br /><ul><li>Bug fixes.</li><li>Updated RAW support for more cameras including: Canon 1000D and the Powershot A720, Nikon D700, and Olympus E-520.<br /></li><li>Increased YouTube file size upload limit to 1GB.<br /></li></ul>Visit our <a href="http://groups.google.com/group/picasa">Google Group</a> to give us feedback, and discuss Picasa with other users.</content><link rel='edit' type='application/atom+xml' href='http://www.blogger.com/feeds/1456569655786168306/posts/default/6597548198970830433'/><link rel='self' type='application/atom+xml' href='http://www.blogger.com/feeds/1456569655786168306/posts/default/6597548198970830433'/><link rel='alternate' type='text/html' href='http://picasa-readme.blogspot.com/2008/09/build-5724.html' title='Build 57.24'/><author><name>Picasa Team</name><uri>http://www.blogger.com/profile/00823187511285450623</uri><email>noreply@blogger.com</email><gd:image rel='http://schemas.google.com/g/2005#thumbnail' width='16' height='16' src='https://img1.blogblog.com/img/b16-rounded.gif'/></author></entry><entry><id>tag:blogger.com,1999:blog-1456569655786168306.post-1237605142260003533</id><published>2008-09-02T12:00:00.000-07:00</published><updated>2008-10-29T16:15:59.995-07:00</updated><title type='text'>Picasa 3.0 (beta) -- Build 57.19</title><content type='html'><span class="Apple-style-span" style="font-style: italic;">Initial public beta release of Picasa 3.0. equals www.youtube.com (Youtube)
Source: Picasa3.exe, 00000014.00000002.2593399186.0000000007223000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: </content><link rel='edit' type='application/atom+xml' href='http://www.blogger.com/feeds/1456569655786168306/posts/default/2231948156028307071'/><link rel='self' type='application/atom+xml' href='http://www.blogger.com/feeds/1456569655786168306/posts/default/2231948156028307071'/><link rel='alternate' type='text/html' href='http://picasa-readme.blogspot.com/2012/04/picasa-3.html' title='Picasa 3.9: Now with Google+ sharing and tagging'/><author><name>Picasa Team</name><uri>http://www.blogger.com/profile/00823187511285450623</uri><email>noreply@blogger.com</email><gd:image rel='http://schemas.google.com/g/2005#thumbnail' width='16' height='16' src='https://img1.blogblog.com/img/b16-rounded.gif'/></author><media:thumbnail xmlns:media="http://search.yahoo.com/mrss/" url="https://lh5.googleusercontent.com/torawRKsQC9zYeAfBTnwj0vDXOgZc_h0dLzbT9cuJHTARJVy8hKIualz1K6Eyxrk5N0BqzOcE0q033Bobgt1A4ugxIGsBqnvlYQG1zqx4F28kqDOzhg=s72-c" height="72" width="72"/></entry><entry><id>tag:blogger.com,1999:blog-1456569655786168306.post-1272700194270571942</id><published>2010-10-20T13:09:00.000-07:00</published><updated>2010-10-20T21:45:11.829-07:00</updated><title type='text'>Picasa 3.8 now available in 38 languages</title><content type='html'>People around the world can now enjoy the updates in Picasa 3.8. The latest Picasa update is now available in 38 languages. This update includes; batch uploading and other synchronization controls with Picasa Web Albums, the addition of Picnik's photo-editor, Face Movie and more. Face Movie is a fun way to showcase photos centered around one person. <br /> equals www.yahoo.com (Yahoo)
Source: Picasa3.exe, 00000014.00000002.2593399186.0000000007223000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Feedback and questions are also welcome in our <a href="http://groups.google.com/group/Picasa">forums</a>.</span></span></div><br /><br /><object width="425" height="344"><param name="movie" value="http://www.youtube.com/v/rskC6c_5L1M&amp;hl=en&amp;fs=1"><param name="allowFullScreen" value="true"><param name="allowscriptaccess" value="always"><embed src="http://www.youtube.com/v/rskC6c_5L1M&amp;hl=en&amp;fs=1" type="application/x-shockwave-flash" allowscriptaccess="always" allowfullscreen="true" width="425" height="344"></embed></object><br /><br /><div><span class="Apple-style-span" style="color: rgb(51, 51, 51); ">A brief summary of changes in this release, versus Picasa 2:</span><br /></div><div><span class="Apple-style-span" style="font-size:small;"><span class="Apple-style-span" style="color: rgb(51, 51, 51);"><br /></span></span></div><div><span class="Apple-style-span" style="line-height: 20px; "><div><span class="Apple-style-span" style="font-weight: bold; "><span class="Apple-style-span" style="font-size:small;"><span class="Apple-style-span" style="color: rgb(51, 51, 51);">Better integration between desktop and the web</span></span></span></div><div><span class="Apple-style-span" style="font-size:small;"><span class="Apple-style-span" style="color: rgb(51, 51, 51);"> equals www.youtube.com (Youtube)
Source: Picasa3.exe, 00000014.00000002.2593399186.000000000716B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Feedback and questions are also welcome in our <a href="http://groups.google.com/group/Picasa">forums</a>.</span></span></div><br /><br /><object width="425" height="344"><param name="movie" value="http://www.youtube.com/v/rskC6c_5L1M&hl=en&fs=1"><param name="allowFullScreen" value="true"><param name="allowscriptaccess" value="always"><embed src="http://www.youtube.com/v/rskC6c_5L1M&hl=en&fs=1" type="application/x-shockwave-flash" allowscriptaccess="always" allowfullscreen="true" width="425" height="344"></embed></object><br /><br /><div><span class="Apple-style-span" style="color: rgb(51, 51, 51); ">A brief summary of changes in this release, versus Picasa 2:</span><br /></div><div><span class="Apple-style-span" style="font-size:small;"><span class="Apple-style-span" style="color: rgb(51, 51, 51);"><br /></span></span></div><div><span class="Apple-style-span" style="line-height: 20px; "><div><span class="Apple-style-span" style="font-weight: bold; "><span class="Apple-style-span" style="font-size:small;"><span class="Apple-style-span" style="color: rgb(51, 51, 51);">Better integration between desktop and the web</span></span></span></div><div><span class="Apple-style-span" style="font-size:small;"><span class="Apple-style-span" style="color: rgb(51, 51, 51);"> equals www.youtube.com (Youtube)
Source: GPhotos.scr, 00000011.00000000.1542724484.000000000062E000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: Fgaiahttps://www.google.com/accounts/OAuthLoginhttps://picasaweb.google.com/c/https://www.google.com/m8/feeds/https://mail.google.com/http://gdata.youtube.comhttps://www.googleapis.com/auth/plus.settingshttps://www.googleapis.com/auth/plus.media.readonlyhttps://www.googleapis.com/auth/plus.media.uploadhttps://www.googleapis.com/auth/plus.mehttps://www.googleapis.com/auth/plus.profiles.readhttps://www.googleapis.com/auth/plus.circles.readhttps://www.googleapis.com/auth/plus.stream.writehttps://www.googleapis.com/auth/photoshttps://www.googleapis.com/auth/userinfo%23emailhttps://www.google.comGaiaUrlwebupdatesoauthloginyoutubeplus.settingsplus.media.readonlyplus.media.uploadplus.meplus.profiles.readplus.circles.readplus.firstpartyplus.stream.writemailrelaycp.managercplh2mailThis account is not enabled for Google Photos.Gaia:NoPWAThis account is not enabled for Google+Gaia::NoGPlusYou are not signed up for a Gmail AccountGaia::NoGmailYou are either not signed up for YouTube or your YouTube account is not connected to your Google accountGaia::NoYouTubeYou are not signed up for this serviceGaia::NoServicehttps://picasaweb.google.com/lh/picasaSignupRedirhttps://plus.google.com/https://www.google.com/accounts/NewAccount?service=mailhttps://www.youtube.com/create_channel?upsell=uploadPUTHEADPOSTGET%s: %sContent-encodinggzipGZip detected- inflatingFailed to inflate GZip dataFailed to inflate GZIP dataContent-typeimageReceived response: equals www.youtube.com (Youtube)
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: Fgaiahttps://www.google.com/accounts/OAuthLoginhttps://picasaweb.google.com/c/https://www.google.com/m8/feeds/https://mail.google.com/https://www.googleapis.com/auth/plus.settingshttps://www.googleapis.com/auth/plus.media.readonlyhttps://www.googleapis.com/auth/plus.media.uploadhttps://www.googleapis.com/auth/plus.mehttps://www.googleapis.com/auth/plus.profiles.readhttps://www.googleapis.com/auth/plus.circles.readhttps://www.googleapis.com/auth/plus.stream.writehttps://www.googleapis.com/auth/photoshttps://www.googleapis.com/auth/userinfo%23emailhttps://www.google.comGaiaUrlwebupdatesoauthloginplus.settingsplus.media.readonlyplus.media.uploadplus.meplus.profiles.readplus.circles.readplus.firstpartyplus.stream.writemailrelaycp.managercplh2mailThis account is not enabled for Google Photos.Gaia:NoPWAThis account is not enabled for Google+Gaia::NoGPlusYou are not signed up for a Gmail AccountGaia::NoGmailYou are either not signed up for YouTube or your YouTube account is not connected to your Google accountGaia::NoYouTubeYou are not signed up for this serviceGaia::NoServicehttps://picasaweb.google.com/lh/picasaSignupRedirhttps://plus.google.com/https://www.google.com/accounts/NewAccount?service=mailhttps://www.youtube.com/create_channel?upsell=upload%3B%3A%25%disable_contact_sync{id}https://picasaweb.google.com/data/urls?version=1&alt=rss{username}Software\Google\Photos%s URL not foundLighthouse::urlerrorgphoto:settingsgphoto:syncgphoto:uploadgphoto:quotalimitpaidgphoto:etaggphoto:frOptinOptedOutUndecided&gl=%sFailed to parse URL listLHUrls::ParseErrorLDomain://lh::userpostemailAlbumrecentCommentsgalleryalbumPagealbum_entryphotoPageupgradeStoragehttps://photos.google.comvideoPostTargetresumableVideoUploadUrlupgradeVideoemailRelayupdateRequiredGoogle Photos is temporarily unavailableLighthouse::ServiceUnavailableESWeb Albums is temporarily unavailableLighthouse::ServiceUnavailablelhpicasaweb.google.comlh2.google.comphotos.google.com/feed/entry//feed/?alt=rss equals www.youtube.com (Youtube)
Source: Picasa3.exe, 00000014.00000002.2506191744.0000000004241000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: In addition, the Photo Viewer software that accompanies Picasa 3 on Windows is not included on the Mac.</div><div><br /></div><div>Picasa for Mac requires an Intel-based Mac and Mac OS X 10.4+.</div><div><br /></div><div>We'd like to hear your feedback on this beta -- please visit our <a href="http://www.google.com/support/forum/p/Picasa?hl=en">support forum</a> and let us know how Picasa works for you, and how we can make it better.</div><div><br /></div><div><span class="Apple-style-span" style="border-collapse: separate; white-space: pre; font-family:Arial;font-size:10px;"><object width="425" height="344"><param name="movie" value="http://www.youtube.com/v/NDKFjc3_wrk&hl=en&fs=1"><param name="allowFullScreen" value="true"><param name="allowscriptaccess" value="always"><embed src="http://www.youtube.com/v/NDKFjc3_wrk&hl=en&fs=1" type="application/x-shockwave-flash" allowscriptaccess="always" allowfullscreen="true" width="425" height="344"></embed></object></span><br /></div><div><br /></div></span> equals www.youtube.com (Youtube)
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: K<style><!--span{width: 220px; height: 20px; white-space:nowrap; overflow:hidden; text-overflow:ellipsis} body,td,a,p,.h{background-color: #F3F3F3;font-family:arial,sans-serif;font-size: 14px;}.h{font-size: 20px;}.q{color:#0000cc;}//--></style><meta http-equiv='refresh' content='60'><style><!--body,td,a,p,.h{background-color: #EFEFEF;font-family:arial,sans-serif;font-size: 14px;}.h{font-size: 20px;}.q{color:#0000cc;}//--></style><html><head>%s<body topmargin=20 leftmargin=8><html><head>%s<body topmargin=4 leftmargin=4><form action=search><input size=45 maxLength=256 name=q><input type=submit value='Picasa Search'></form><html><head>%s<body topmargin=20 leftmargin=20><form action=search><input size=55 maxLength=256 name=q><input type=submit value='Picasa Search'></form>OkytSocketytHTTPdimage/jpegimagedbidhttp://%s/%s/thumb/%s.jpghttp://%s/%s/image/%s.jpghttp://%s/%s/original/%s<?xml version="1.0" encoding="utf-8" ?>rss2.0versionhttp://www.pheed.com/pheed/xmlns:photohttp://search.yahoo.com/msrss/xmlns:mediahttp://picasaweb.google.com/lh/picasaweb/xmlns:gphotochanneltitlelinkgphoto:usergphoto:idgphoto:locationpicasa:dbidpicasa:albumidhttp://%s/%s/album%d.htmlhttp://%s/%s/rssalbum%d.rssitempubDategphoto:filenamepubdategphoto:rsslinkgphoto:widthgphoto:heightphoto:thumbnailphoto:imgsrcmedia:groupmedia:contenturltrueisDefaultmedia:thumbnailfileSizetype, equals www.yahoo.com (Yahoo)
Source: Picasa3.exe, 00000014.00000002.2586100840.0000000006F6F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: We're happy to announce the launch of Picasa 3.5, the latest release of Picasa photo management software. If you don't want to wait until we autoupdate everyone to Picasa 3.5, you can download it at <a href="http://picasa.google.com/">picasa.google.com</a>.<br /><br />This ReadMe page appears when a new version of Picasa software is available, and tells you what changes and improvements are in each release.<br /><br />Picasa 3.5 is a significant upgrade from Picasa 3.1. For an in-depth overview of what's new, you can play the video below, read our launch post on the <a href="http://googlephotos.blogspot.com/">Google Photos blog</a>, or consult the "<a href="http://picasa.google.com/support/bin/answer.py?answer=93773&ctx=readme">Picasa 3 New Features</a>" support document. Feedback and questions are also welcome in our <a href="http://groups.google.com/group/Picasa">user forums</a>.<br /><br /><object width="560" height="340"><param name="movie" value="http://www.youtube.com/v/gYO2uhrIZJ4&hl=en& equals www.youtube.com (Youtube)
Source: Picasa3.exe, 00000014.00000002.2506191744.0000000004241000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: We're happy to announce the launch of Picasa 3.5, the latest release of Picasa photo management software. If you don't want to wait until we autoupdate everyone to Picasa 3.5, you can download it at <a href="http://picasa.google.com/">picasa.google.com</a>.<br /><br />This ReadMe page appears when a new version of Picasa software is available, and tells you what changes and improvements are in each release.<br /><br />Picasa 3.5 is a significant upgrade from Picasa 3.1. For an in-depth overview of what's new, you can play the video below, read our launch post on the <a href="http://googlephotos.blogspot.com/">Google Photos blog</a>, or consult the "<a href="http://picasa.google.com/support/bin/answer.py?answer=93773&ctx=readme">Picasa 3 New Features</a>" support document. Feedback and questions are also welcome in our <a href="http://groups.google.com/group/Picasa">user forums</a>.<br /><br /><object width="560" height="340"><param name="movie" value="http://www.youtube.com/v/gYO2uhrIZJ4&hl=en&fs=1 equals www.youtube.com (Youtube)
Source: Picasa3.exe, 00000014.00000002.2506191744.0000000004241000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: We're happy to announce the launch of Picasa 3.5, the latest release of Picasa photo management software. If you don't want to wait until we autoupdate everyone to Picasa 3.5, you can download it at <a href="http://picasa.google.com/">picasa.google.com</a>.<br /><br />This ReadMe page appears when a new version of Picasa software is available, and tells you what changes and improvements are in each release.<br /><br />Picasa 3.5 is a significant upgrade from Picasa 3.1. For an in-depth overview of what's new, you can play the video below, read our launch post on the <a href="http://googlephotos.blogspot.com/">Google Photos blog</a>, or consult the "<a href="http://picasa.google.com/support/bin/answer.py?answer=93773&ctx=readme">Picasa 3 New Features</a>" support document. Feedback and questions are also welcome in our <a href="http://groups.google.com/group/Picasa">user forums</a>.<br /><br /><object width="560" height="340"><param name="movie" value="http://www.youtube.com/v/gYO2uhrIZJ4&hl=en&fs=1&rel=0&hd=1"><param name="allowFullScreen" value="true"><param name="allowscriptaccess" value="always"><embed src="http://www.youtube.com/v/gYO2uhrIZJ4&hl=en&fs=1&rel=0&hd=1" type="application/x-shockwave-flash" allowscriptaccess="always" allowfullscreen="true" width="560" height="340"></embed></object><br /><br />A brief summary of changes in this release, versus Picasa 3.1:<br /><br /><strong>Name tags</strong><br /><ul><li>Name tags help you organize your photos by what matters most: the people in them.<br /></li><li>Picasa identifies similar faces in your photos and puts these into the "Unnamed people" album. To add a name tag, just click "Add a name" and type the person's name.<br /></li><li>After you've tagged some pictures, you can do creative things with your name tags, like finding all the photos with the same two people in them or creating a face collage with just one click.<br /></li><li> equals www.youtube.com (Youtube)
Source: Picasa3.exe, 00000014.00000002.2506191744.0000000004241000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: We're happy to announce the launch of Picasa 3.5, the latest release of Picasa photo management software. If you don't want to wait until we autoupdate everyone to Picasa 3.5, you can download it at <a href="http://picasa.google.com/">picasa.google.com</a>.<br /><br />This ReadMe page appears when a new version of Picasa software is available, and tells you what changes and improvements are in each release.<br /><br />Picasa 3.5 is a significant upgrade from Picasa 3.1. For an in-depth overview of what's new, you can play the video below, read our launch post on the <a href="http://googlephotos.blogspot.com/">Google Photos blog</a>, or consult the "<a href="http://picasa.google.com/support/bin/answer.py?answer=93773&ctx=readme">Picasa 3 New Features</a>" support document. Feedback and questions are also welcome in our <a href="http://groups.google.com/group/Picasa">user forums</a>.<br /><br /><object width="560" height="340"><param name="movie" value="http://www.youtube.com/v/gYO2uhrIZJ4&hl=en&fs=1&rel=0&hd=1"><param name="allowFullScreen" value="true"><param name="allowscriptaccess" value="always"><embed src="http://www.youtube.com/v/gYO2uhrIZJ4&hl=en&fs=1&rel=0&hd=1" type="application/x-shockwave-flash" allowscriptaccess="always" allowfullscreen="true" width="560" height="340"></embed></object><br /><br />A brief summary of changes in this release, versus Picasa 3.1:<br /><br /><strong>Name tags</strong><br /><ul><li>Name tags help you organize your photos by what matters most: the people in them.<br /></li><li>Picasa identifies similar faces in your photos and puts these into the "Unnamed people" album. To add a name tag, just click "Add a name" and type the person's name.<br /></li><li>After you've tagged some pictures, you can do creative things with your name tags, like finding all the photos with the same two people in them or creating a face collage with just one click.<br /></li><li>x0 equals www.youtube.com (Youtube)
Source: Picasa3.exe, 00000014.00000002.2563942835.0000000006D99000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: aram name="allowscriptaccess" value="always"><embed src="http://www.youtube.com/v/NDKFjc3_wrk&hl=en&fs=1" type="application/x-shockwave-flash" allowscriptaccess="always" allowfullscreen="true" width="425" height="344"></embed></object></span><br /></div><div><br /></div></span> equals www.youtube.com (Youtube)
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000031AA000.00000004.00000020.00020000.00000000.sdmp, setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000035FF000.00000004.00000020.00020000.00000000.sdmp, GPhotos.scr, 00000011.00000000.1542724484.000000000062E000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: https://www.youtube.com/create_channel?upsell=upload equals www.youtube.com (Youtube)
Source: PicasaPhotoViewer.exe, 00000015.00000000.1692209976.000000000070D000.00000002.00000001.01000000.00000019.sdmp	String found in binary or memory: ugp7Dgaiahttps://www.google.com/accounts/OAuthLoginhttps://picasaweb.google.com/c/https://www.google.com/m8/feeds/https://mail.google.com/http://gdata.youtube.comhttps://www.googleapis.com/auth/plus.settingshttps://www.googleapis.com/auth/plus.media.readonlyhttps://www.googleapis.com/auth/plus.media.uploadhttps://www.googleapis.com/auth/plus.mehttps://www.googleapis.com/auth/plus.profiles.readhttps://www.googleapis.com/auth/plus.circles.readhttps://www.googleapis.com/auth/plus.stream.writehttps://www.googleapis.com/auth/photoshttps://www.googleapis.com/auth/userinfo%23emailhttps://www.google.comGaiaUrlwebupdatesoauthloginyoutubeplus.settingsplus.media.readonlyplus.media.uploadplus.meplus.profiles.readplus.circles.readplus.firstpartyplus.stream.writemailrelaycp.managercplh2mailThis account is not enabled for Google Photos.Gaia:NoPWAThis account is not enabled for Google+Gaia::NoGPlusYou are not signed up for a Gmail AccountGaia::NoGmailYou are either not signed up for YouTube or your YouTube account is not connected to your Google accountGaia::NoYouTubeYou are not signed up for this serviceGaia::NoServicehttps://picasaweb.google.com/lh/picasaSignupRedirhttps://plus.google.com/https://www.google.com/accounts/NewAccount?service=mailhttps://www.youtube.com/create_channel?upsell=uploadConnection failedUploadError::ConnectFailedRequest failedUploadError::RequestFailedimageentryreledit-mediahrefalternatetext/htmlcontentsrcpublishedpubDateupdatedgphoto:idgphoto:widthgphoto:heightgphoto:clientgphoto:checksumgphoto:sizemedia:keywordscodeinternalReasonapplication/atom+xml%s/data/feed/api/user/%s/albumid/%s?xmlerrors=1PUT%s/data/feed/api/user/%s?kind=album&access=privatevisible equals www.youtube.com (Youtube)

Source: global traffic	DNS traffic detected: DNS query: pack.google.com
Source: global traffic	DNS traffic detected: DNS query: download.seznam.cz
Source: global traffic	DNS traffic detected: DNS query: picasa.google.com
Source: global traffic	DNS traffic detected: DNS query: picasa-readme.blogspot.com
Source: global traffic	DNS traffic detected: DNS query: support.google.com
Source: global traffic	DNS traffic detected: DNS query: clients2.googleusercontent.com
Source: global traffic	DNS traffic detected: DNS query: lh3.googleusercontent.com
Source: global traffic	DNS traffic detected: DNS query: chrome.cloudflare-dns.com
Source: global traffic	DNS traffic detected: DNS query: apis.google.com
Source: global traffic	DNS traffic detected: DNS query: h.imedia.cz
Source: global traffic	DNS traffic detected: DNS query: sentry.sklik.cz
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: chrome.google.com
Source: global traffic	DNS traffic detected: DNS query: software.seznam.cz
Source: global traffic	DNS traffic detected: DNS query: h.seznam.cz

Source: unknown

Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundP3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."Strict-Transport-Security: max-age=31536000; includeSubdomainsContent-Type: text/html; charset=UTF-8Date: Wed, 02 Oct 2024 10:16:36 GMTExpires: Wed, 02 Oct 2024 10:16:36 GMTCache-Control: private, max-age=0Content-Security-Policy-Report-Only: object-src 'none';base-uri 'self';script-src 'nonce-IP6YhjyZ5zH1GbKIYwQC' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' https: http: 'report-sample';report-uri https://csp.withgoogle.com/csp/scfeP3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."X-Content-Type-Options: nosniffServer: support-content-uiX-XSS-Protection: 0X-Frame-Options: SAMEORIGINSet-Cookie: NID=517=6vc2afBzm5gk4mPKuql_mQ3rKSVagR0-666zy5fO9R-BJd9VVHTKac1hL8PYBKfsE7QKQj--ZkI9P2x8fL0XJIMzeE4-wSN0Cx7P3rE203XNog8Dh9kYHu1KGT7J4c_LQKQm2PrvT5_GZStgW-Jm8tj9Ltn_84w_euix-7o-Le3edvPI2Q; expires=Thu, 03-Apr-2025 10:16:36 GMT; path=/; domain=.google.com; HttpOnlySet-Cookie: NID=517=6vc2afBzm5gk4mPKuql_mQ3rKSVagR0-666zy5fO9R-BJd9VVHTKac1hL8PYBKfsE7QKQj--ZkI9P2x8fL0XJIMzeE4-wSN0Cx7P3rE203XNog8Dh9kYHu1KGT7J4c_LQKQm2PrvT5_GZStgW-Jm8tj9Ltn_84w_euix-7o-Le3edvPI2Q; expires=Thu, 03-Apr-2025 10:16:36 GMT; path=/; domain=.google.com; HttpOnlyAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=UTF-8Referrer-Policy: no-referrerContent-Length: 1568Date: Wed, 02 Oct 2024 10:16:02 GMTData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67 3a 33 30 70 78 20 30 20 31 35 70 78 7d 2a 20 3e 20 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 65 72 72 6f 72 73 2f 72 6f 62 6f 74 2e 70 6e 67 29 20 31 30 30 25 20 35 70 78 20 6e 6f 2d 72 65 70 65 61 74 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 32 30 35 70 78 7d 70 7b 6d 61 72 67 69 6e 3a 31 31 70 78 20 30 20 32 32 70 78 3b 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 7d 69 6e 73 7b 63 6f 6c 6f 72 3a 23 37 37 37 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 7d 61 20 69 6d 67 7b 62 6f 72 64 65 72 3a 30 7d 40 6d 65 64 69 61 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 61 78 2d 77 69 64 74 68 3a 37 37 32 70 78 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 6e 6f 6e 65 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 30 3b 6d 61 78 2d 77 69 64 74 68 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 30 7d 7d 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 31 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 6e 6f 2d 72 65 70 65 61 74 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 35 70 78 7d 40 6d 65 64 69 61 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 69 6e 2d 72 65 73 6f 6c 75 74 69 6f 6e 3a 31 39 32 64 70 69 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 32 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20

Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: http://%s/%s/album%d.html
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: http://%s/%s/image/%s.jpg
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: http://%s/%s/rssalbum%d.rss
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: http://%s/%s/thumb/%s.jpg
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: http://%s/%s/thumb/%s.jpghttp://%s/%s/image/%s.jpghttp://%s/%s/original/%s
Source: Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://Picasa.google.com/
Source: Picasa3.exe, 00000014.00000002.2482072226.0000000002E92000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2596878839.000000000862D000.00000004.00000010.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2596878839.000000000863C000.00000004.00000010.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2482072226.0000000002EAA000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000003.2141243034.0000000001215000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000003.2142383735.00000000011D3000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000003.2141243034.0000000001221000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2467205779.00000000011A2000.00000004.00000020.00020000.00000000.sdmp, PicasaPhotoViewer.exe, 00000015.00000000.1692209976.000000000070D000.00000002.00000001.01000000.00000019.sdmp	String found in binary or memory: http://clients2.google.com/service/update2
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: http://clients2.google.com/service/update2omahaURLLifescapeUpdaterupdate
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000029F6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.thawte.com/ThawtePremiumServerCA.crl0
Source: 1a4e5ccd35a56d84281a143f831563be.exe, 0000000F.00000002.2435414779.0000000000414000.00000004.00000001.01000000.00000006.sdmp, setuppicasa39-setup.exe, 00000010.00000002.1664870898.000000000459F000.00000004.00000020.00020000.00000000.sdmp, setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000032A7000.00000004.00000020.00020000.00000000.sdmp, setuppicasa39-setup.exe, 00000010.00000002.1664870898.0000000002E88000.00000004.00000020.00020000.00000000.sdmp, setuppicasa39-setup.exe, 00000010.00000002.1664870898.000000000467E000.00000004.00000020.00020000.00000000.sdmp, setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000029F6000.00000004.00000020.00020000.00000000.sdmp, PicasaPhotoViewer.exe, 00000015.00000003.1750777100.0000000000AF4000.00000004.00000020.00020000.00000000.sdmp, PicasaPhotoViewer.exe, 00000015.00000002.1780753263.0000000003B00000.00000004.00000020.00020000.00000000.sdmp, PicasaPhotoViewer.exe, 00000015.00000003.1775638859.0000000000A66000.00000004.00000020.00020000.00000000.sdmp, UNZIP.EXE, 00000026.00000002.1812336800.0000000000430000.00000040.00000001.01000000.00000020.sdmp, UNZIP.EXE, 00000028.00000002.1816767609.000000000042B000.00000040.00000001.01000000.00000020.sdmp, UNZIP.EXE, 00000058.00000002.2099499225.0000000000428000.00000040.00000001.01000000.00000026.sdmp, CPY.EXE, 0000005C.00000002.2102179386.0000000000B00000.00000004.00000020.00020000.00000000.sdmp, UNZIP.EXE, 0000005D.00000002.2105385323.0000000000428000.00000040.00000001.01000000.00000026.sdmp, CPY.EXE, 00000061.00000002.2108099884.0000000000E09000.00000004.00000020.00020000.00000000.sdmp, CPY.EXE, 00000064.00000002.2115643669.0000000000ECA000.00000004.00000020.00020000.00000000.sdmp, UNZIP.EXE, 00000066.00000002.2120076164.0000000000428000.00000040.00000001.01000000.00000026.sdmp, CPY.EXE, 0000006A.00000002.2122729835.0000000000629000.00000004.00000020.00020000.00000000.sdmp, CPY.EXE, 00000070.00000002.2131296204.0000000000CD9000.00000004.00000020.00020000.00000000.sdmp, sznpp.exe, 0000007C.00000000.2152804918.0000000000BFB000.00000002.00000001.01000000.0000002C.sdmp, UNZIP.EXE, 0000007D.00000002.2173171240.000000000042B000.00000040.00000001.01000000.00000026.sdmp	String found in binary or memory: http://crl.thawte.com/ThawteTimestampingCA.crl0
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000029F6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cs-g2-crl.thawte.com/ThawteCSG2.crl0
Source: Picasa3.exe, 00000014.00000002.2593399186.0000000007244000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.google.com/photos/picasamac38.dmg
Source: Picasa3.exe, 00000014.00000002.2593399186.0000000007223000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.google.com/photos/picasamac38.dmg"><span
Source: Picasa3.exe, 00000014.00000002.2563942835.0000000006D99000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2586100840.0000000006F6F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.google.com/picasa/picasa3-setup.exe
Source: Picasa3.exe, 00000014.00000002.2593399186.0000000007244000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.google.com/picasa/picasa38-setup.exe
Source: Picasa3.exe, 00000014.00000002.2593399186.0000000007223000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.google.com/picasa/picasa38-setup.exe"><span
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=6
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: http://earth.google.com
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: http://earth.google.com/kml/2.0
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: http://earth.google.com/kml/2.0xmlnsFolderPicasa
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000031AA000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp, PicasaPhotoViewer.exe, 00000015.00000000.1692209976.000000000070D000.00000002.00000001.01000000.00000019.sdmp	String found in binary or memory: http://earth.google.com/kml/2.1
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000031AA000.00000004.00000020.00020000.00000000.sdmp, PicasaPhotoViewer.exe, 00000015.00000000.1692209976.000000000070D000.00000002.00000001.01000000.00000019.sdmp	String found in binary or memory: http://earth.google.com/kml/2.1xmlnsgphoto:timestampgphoto:starexif:tagsexif:distanceexif:exposureex
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: http://earth.google.comTag
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000035FF000.00000004.00000020.00020000.00000000.sdmp, GPhotos.scr, 00000011.00000000.1542724484.000000000062E000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: http://ericorth.kir.corp.google.com:8888
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000035FF000.00000004.00000020.00020000.00000000.sdmp, GPhotos.scr, 00000011.00000000.1542724484.000000000062E000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: http://ericorth.kir.corp.google.com:8888/gphotos?action=retrconfig&email=/gphotos?action=postconfigr
Source: Picasa3.exe, 00000012.00000000.1604678624.0000000000DF8000.00000002.00000001.01000000.00000012.sdmp, Picasa3.exe, 00000014.00000003.1626531844.00000000040E2000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2599824731.000000001140C000.00000002.00000001.01000000.00000014.sdmp, Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp, Picasa3.exe, 00000014.00000002.2482072226.0000000002EAA000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000003.1626203204.0000000003FB3000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2599824731.000000001000C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://forums.picasa.com/
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000031AA000.00000004.00000020.00020000.00000000.sdmp, setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000035FF000.00000004.00000020.00020000.00000000.sdmp, GPhotos.scr, 00000011.00000000.1542724484.000000000062E000.00000002.00000001.01000000.0000000F.sdmp, Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp, PicasaPhotoViewer.exe, 00000015.00000000.1692209976.000000000070D000.00000002.00000001.01000000.00000019.sdmp	String found in binary or memory: http://gdata.youtube.com
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: http://gdata.youtube.com/schemas/2007
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: http://gdata.youtube.com/schemas/2007/categories.cat
Source: Picasa3.exe, 00000014.00000002.2506191744.0000000004241000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2599824731.000000001140C000.00000002.00000001.01000000.00000014.sdmp, Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp, Picasa3.exe, 00000014.00000003.1626203204.0000000003FB3000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2599824731.000000001000C000.00000002.00000001.01000000.00000014.sdmp, Picasa3.exe, 00000014.00000002.2586100840.0000000006F6F000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2593399186.000000000716B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://googlephotos.blogspot.com/
Source: Picasa3.exe, 00000014.00000002.2593399186.0000000007223000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://googlephotos.blogspot.com/">Google
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: http://googlephotos.blogspot.com/HelpURL::ReadMehttp://picasa.google.com/support/bin/answer.py?answe
Source: Picasa3.exe, 00000014.00000002.2506191744.0000000004241000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2586100840.0000000006F6F000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2593399186.000000000716B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://groups.google.com/group/Picasa
Source: Picasa3.exe, 00000014.00000002.2593399186.0000000007223000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://groups.google.com/group/Picasa">forums</a>.</span></span></div&g
Source: Picasa3.exe, 00000014.00000002.2506191744.0000000004241000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://groups.google.com/group/picasa
Source: Picasa3.exe, 00000014.00000002.2593399186.0000000007223000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://groups.google.com/group/picasa">Google
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.0000000003831000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://internet.e-mail
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.0000000004788000.00000004.00000020.00020000.00000000.sdmp, setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000031AA000.00000004.00000020.00020000.00000000.sdmp, setuppicasa39-setup.exe, 00000010.00000002.1664870898.0000000004419000.00000004.00000020.00020000.00000000.sdmp, setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000035FF000.00000004.00000020.00020000.00000000.sdmp, GPhotos.scr, 00000011.00000002.1554998935.0000000002750000.00000004.00000020.00020000.00000000.sdmp, GPhotos.scr, 00000011.00000000.1542724484.000000000062E000.00000002.00000001.01000000.0000000F.sdmp, Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp, Picasa3.exe, 00000014.00000002.2482072226.0000000002EAA000.00000004.00000020.00020000.00000000.sdmp, PicasaPhotoViewer.exe, 00000015.00000003.1768334402.000000000284E000.00000004.00000020.00020000.00000000.sdmp, PicasaPhotoViewer.exe, 00000015.00000002.1779527117.0000000002854000.00000004.00000020.00020000.00000000.sdmp, PicasaPhotoViewer.exe, 00000015.00000000.1692209976.000000000070D000.00000002.00000001.01000000.00000019.sdmp	String found in binary or memory: http://iptc.org/std/Iptc4xmpCore/1.0/xmlns/
Source: Picasa3.exe, 00000014.00000002.2482072226.0000000002EAA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://iptc.org/std/Iptc4xmpCore/1.0/xmlns/em#
Source: GPhotos.scr, 00000011.00000002.1554998935.0000000002750000.00000004.00000020.00020000.00000000.sdmp, GPhotos.scr, 00000011.00000000.1542724484.000000000062E000.00000002.00000001.01000000.0000000F.sdmp, Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp, Picasa3.exe, 00000014.00000002.2482072226.0000000002EAA000.00000004.00000020.00020000.00000000.sdmp, PicasaPhotoViewer.exe, 00000015.00000003.1768334402.000000000284E000.00000004.00000020.00020000.00000000.sdmp, PicasaPhotoViewer.exe, 00000015.00000002.1779527117.0000000002854000.00000004.00000020.00020000.00000000.sdmp, PicasaPhotoViewer.exe, 00000015.00000000.1692209976.000000000070D000.00000002.00000001.01000000.00000019.sdmp	String found in binary or memory: http://iptc.org/std/Iptc4xmpExt/2008-02-29/
Source: Picasa3.exe, 00000014.00000002.2482072226.0000000002EAA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://iptc.org/std/Iptc4xmpExt/2008-02-29/e2
Source: Picasa3.exe, 00000014.00000002.2482072226.0000000002EAA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://iptc.org/std/Iptc4xmpExt/2008-02-29/j2
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.000000000369C000.00000004.00000020.00020000.00000000.sdmp, GPhotos.scr, 00000011.00000000.1542961815.00000000006EF000.00000002.00000001.01000000.0000000F.sdmp, Picasa3.exe, 00000014.00000002.2599824731.000000001140C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://lh2.google.com.vn/data/feed/api/all?kind=photo&filter=1&max-results=100&alt=rss
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.000000000369C000.00000004.00000020.00020000.00000000.sdmp, GPhotos.scr, 00000011.00000000.1542961815.00000000006EF000.00000002.00000001.01000000.0000000F.sdmp, Picasa3.exe, 00000014.00000002.2599824731.000000001140C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://lh2.google.com/data/feed/api/all?kind=photo&filter=1&
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.000000000369C000.00000004.00000020.00020000.00000000.sdmp, GPhotos.scr, 00000011.00000000.1542961815.00000000006EF000.00000002.00000001.01000000.0000000F.sdmp, Picasa3.exe, 00000014.00000003.1626531844.00000000040E2000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2599824731.000000001140C000.00000002.00000001.01000000.00000014.sdmp, Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp, Picasa3.exe, 00000014.00000003.1626203204.0000000003FB3000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2599824731.000000001000C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://lh2.google.com/data/feed/api/all?kind=photo&filter=1&max-results=100&alt=rss
Source: GPhotos.scr, 00000011.00000002.1554998935.0000000002744000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2482072226.0000000002E32000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://lh2.google.com/data/feed/api/all?kind=photo&filter=1&max-results=100&alt=rss
Source: GPhotos.scr, 00000011.00000002.1554998935.0000000002744000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://lh2.google.com/data/feed/api/all?kind=photo&filter=1&max-results=100&alt=rssu
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.000000000369C000.00000004.00000020.00020000.00000000.sdmp, GPhotos.scr, 00000011.00000000.1542961815.00000000006EF000.00000002.00000001.01000000.0000000F.sdmp, Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://lh2.google.rs/data/feed/api/all?kind=photo&filter=1&max-results=100&alt=rss
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: http://localhost:%d/%s/image/%s.jpg
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: http://localhost:%d/%s/thumb/%s.jpg
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.0000000003831000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2599824731.000000001000C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://mail.google.com
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: http://mail.google.com/mail/help/intl/%s/about.html
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: http://mail.google.com/mail/help/intl/%s/about.htmli18n
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000032A7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://maps.google.com/maps?file=api&v=2&client=google-picasa-client&sensor=false
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: http://maps.google.com/maps?q=%g
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000032A7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://maps.googleapis.com/maps/api/js?client=google-picasa-client&sensor=false&v=3
Source: 1a4e5ccd35a56d84281a143f831563be.exe, 0000000C.00000000.1432448821.000000000040C000.00000002.00000001.01000000.00000006.sdmp, setuppicasa39-setup.exe, 00000010.00000000.1489441264.0000000000409000.00000008.00000001.01000000.0000000B.sdmp, setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000032A7000.00000004.00000020.00020000.00000000.sdmp, setuppicasa39-setup.exe, 00000010.00000002.1660522898.0000000000409000.00000004.00000001.01000000.0000000B.sdmp, listicka.exe, 00000016.00000000.1706188175.0000000000409000.00000008.00000001.01000000.0000001A.sdmp, listicka.exe, 00000016.00000002.2422886994.0000000000409000.00000004.00000001.01000000.0000001A.sdmp	String found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
Source: 1a4e5ccd35a56d84281a143f831563be.exe, 0000000F.00000002.2435414779.0000000000414000.00000004.00000001.01000000.00000006.sdmp, setuppicasa39-setup.exe, 00000010.00000002.1664870898.000000000459F000.00000004.00000020.00020000.00000000.sdmp, setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000032A7000.00000004.00000020.00020000.00000000.sdmp, setuppicasa39-setup.exe, 00000010.00000002.1664870898.0000000002E88000.00000004.00000020.00020000.00000000.sdmp, setuppicasa39-setup.exe, 00000010.00000002.1664870898.000000000467E000.00000004.00000020.00020000.00000000.sdmp, setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000029F6000.00000004.00000020.00020000.00000000.sdmp, PicasaPhotoViewer.exe, 00000015.00000003.1750777100.0000000000AF4000.00000004.00000020.00020000.00000000.sdmp, PicasaPhotoViewer.exe, 00000015.00000002.1780753263.0000000003B00000.00000004.00000020.00020000.00000000.sdmp, PicasaPhotoViewer.exe, 00000015.00000003.1775638859.0000000000A66000.00000004.00000020.00020000.00000000.sdmp, UNZIP.EXE, 00000026.00000002.1812336800.0000000000430000.00000040.00000001.01000000.00000020.sdmp, UNZIP.EXE, 00000028.00000002.1816767609.000000000042B000.00000040.00000001.01000000.00000020.sdmp, UNZIP.EXE, 00000058.00000002.2099499225.0000000000428000.00000040.00000001.01000000.00000026.sdmp, CPY.EXE, 0000005C.00000002.2102179386.0000000000B00000.00000004.00000020.00020000.00000000.sdmp, UNZIP.EXE, 0000005D.00000002.2105385323.0000000000428000.00000040.00000001.01000000.00000026.sdmp, CPY.EXE, 00000061.00000002.2108099884.0000000000E09000.00000004.00000020.00020000.00000000.sdmp, CPY.EXE, 00000064.00000002.2115643669.0000000000ECA000.00000004.00000020.00020000.00000000.sdmp, UNZIP.EXE, 00000066.00000002.2120076164.0000000000428000.00000040.00000001.01000000.00000026.sdmp, CPY.EXE, 0000006A.00000002.2122729835.0000000000629000.00000004.00000020.00020000.00000000.sdmp, CPY.EXE, 00000070.00000002.2131296204.0000000000CD9000.00000004.00000020.00020000.00000000.sdmp, sznpp.exe, 0000007C.00000000.2152804918.0000000000BFB000.00000002.00000001.01000000.0000002C.sdmp, UNZIP.EXE, 0000007D.00000002.2173171240.000000000042B000.00000040.00000001.01000000.00000026.sdmp	String found in binary or memory: http://ocsp.thawte.com0
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.000000000369C000.00000004.00000020.00020000.00000000.sdmp, GPhotos.scr, 00000011.00000000.1542961815.00000000006EF000.00000002.00000001.01000000.0000000F.sdmp, Picasa3.exe, 00000014.00000002.2599824731.000000001000C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://pack.google.co.uk/feeds.
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.000000000369C000.00000004.00000020.00020000.00000000.sdmp, GPhotos.scr, 00000011.00000000.1542961815.00000000006EF000.00000002.00000001.01000000.0000000F.sdmp, Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://pack.google.com.br/feeds.
Source: Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp, Picasa3.exe, 00000014.00000002.2599824731.000000001000C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://pack.google.com/feeds
Source: Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp, Picasa3.exe, 00000014.00000003.1626203204.0000000003FB3000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2599824731.000000001000C000.00000002.00000001.01000000.00000014.sdmp, Picasa3.exe, 00000014.00000002.2482072226.0000000002E7B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://pack.google.com/feeds.
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000035FF000.00000004.00000020.00020000.00000000.sdmp, GPhotos.scr, 00000011.00000000.1542724484.000000000062E000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: http://pack.google.com/feeds.MetadataNode::TipDiscoverMeasure
Source: GPhotos.scr, 00000011.00000003.1552747031.0000000000B45000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://pack.google.com/gphotos?action=install&hl=en&gl=ch&brand=GGLA&scrid=AD0E3D47-9B39-483F-83C6-9
Source: GPhotos.scr, 00000011.00000002.1553040041.0000000000199000.00000004.00000010.00020000.00000000.sdmp	String found in binary or memory: http://pack.google.com/gphotos?action=install&hl=en&gl=ch&brand=GGLA&scrid=AD0E3D47-9B39-483F-8Profi
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.000000000369C000.00000004.00000020.00020000.00000000.sdmp, GPhotos.scr, 00000011.00000000.1542961815.00000000006EF000.00000002.00000001.01000000.0000000F.sdmp, Picasa3.exe, 00000014.00000002.2599824731.000000001000C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://pack.google.dk/feeds.
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.000000000369C000.00000004.00000020.00020000.00000000.sdmp, GPhotos.scr, 00000011.00000000.1542961815.00000000006EF000.00000002.00000001.01000000.0000000F.sdmp, Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://pack.google.rs/feeds.
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: http://photos.hello.com/interface/AlbumStack.gif
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: http://photos.hello.com/interface/AlbumStackSelected.gif
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: http://photos.hello.com/interface/AppsBtn-hello.gif
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: http://photos.hello.com/interface/AppsBtn-picasa.gif
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: http://photos.hello.com/interface/AppsBtn.gif
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: http://photos.hello.com/interface/boxes/B11.gif
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: http://photos.hello.com/interface/boxes/B13.gif
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: http://photos.hello.com/interface/boxes/B31.gif
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: http://photos.hello.com/interface/boxes/B33.gif
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: http://photos.hello.com/interface/boxes/S11.gif
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: http://photos.hello.com/interface/boxes/S12.gif
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: http://photos.hello.com/interface/boxes/S13.gif
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: http://photos.hello.com/interface/boxes/S21.gif
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: http://photos.hello.com/interface/boxes/S23.gif
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: http://photos.hello.com/interface/boxes/S31.gif
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: http://photos.hello.com/interface/boxes/S32.gif
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: http://photos.hello.com/interface/boxes/S33.gif
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: http://photos.hello.com/interface/boxes/spacer.gif
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: http://photos.hello.com/interface/spacer.gif
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: http://photos.hello.com/scripts.js
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: http://photos.hello.com/styles.css
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.0000000003831000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2482072226.0000000002E92000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2506191744.0000000004114000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://picasa-readme.blogspot.com/
Source: Picasa3.exe, 00000014.00000002.2593399186.0000000007223000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2506191744.0000000004114000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://picasa-readme.blogspot.com/2008/08/picasa-30-beta-build-3717.html
Source: Picasa3.exe, 00000014.00000002.2593399186.0000000007223000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://picasa-readme.blogspot.com/2008/09/build-5724.html
Source: Picasa3.exe, 00000014.00000002.2593399186.0000000007223000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2589400232.0000000007039000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://picasa-readme.blogspot.com/2008/10/picasa-30-out-of-beta-build-xxxx.html
Source: Picasa3.exe, 00000014.00000002.2482072226.0000000002EAA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://picasa-readme.blogspot.com/2009/09/picasa-35-now-with-name-tags-build-7967.html
Source: Picasa3.exe, 00000014.00000002.2482072226.0000000002EAA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://picasa-readme.blogspot.com/2009/12/picasa-36-now-with-collaborative-albums.html
Source: Picasa3.exe, 00000014.00000002.2593399186.0000000007223000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2482072226.0000000002EAA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://picasa-readme.blogspot.com/2010/10/picasa-38-now-available-in-35-languages.html
Source: Picasa3.exe, 00000014.00000002.2482072226.0000000002EAA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://picasa-readme.blogspot.com/2010/10/picasa-38-now-available-in-35-languages.htmliew
Source: Picasa3.exe, 00000014.00000002.2593399186.0000000007223000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://picasa-readme.blogspot.com/2012/04/picasa-3.html
Source: Picasa3.exe, 00000014.00000002.2467205779.00000000011B6000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2482072226.0000000002EAA000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000003.2141243034.0000000001205000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000003.2144975853.0000000001231000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2597529140.00000000091DD000.00000004.00000010.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000003.2141243034.0000000001221000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2467205779.0000000001230000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2482072226.0000000002E7B000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2506191744.0000000004114000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2467205779.000000000120E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://picasa-readme.blogspot.com/feeds/posts/default
Source: Picasa3.exe, 00000014.00000002.2467205779.00000000011B6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://picasa-readme.blogspot.com/feeds/posts/default(
Source: Picasa3.exe, 00000014.00000002.2482072226.0000000002E92000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://picasa-readme.blogspot.com/update2
Source: Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://picasa.google.co.jp/
Source: Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://picasa.google.co.kr/support?ctx=picasa
Source: Picasa3.exe, 00000014.00000002.2599824731.000000001140C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://picasa.google.com.tr/support/bin/answer.py?answer=11139
Source: Picasa3.exe, 00000014.00000002.2599824731.000000001140C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://picasa.google.com.tr/support/bin/answer.py?answer=141059
Source: Picasa3.exe, 00000014.00000002.2599824731.000000001140C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://picasa.google.com.tr/support/bin/answer.py?answer=53209
Source: Picasa3.exe, 00000014.00000002.2599824731.000000001140C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://picasa.google.com.tr/support/bin/topic.py?topic=16056
Source: Picasa3.exe, 00000014.00000002.2599824731.000000001140C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://picasa.google.com.vn/support?ctx=picasa
Source: Picasa3.exe, 00000014.00000002.2482072226.0000000002EAA000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2589400232.0000000007039000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000003.1626203204.0000000003FB3000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2599824731.000000001000C000.00000002.00000001.01000000.00000014.sdmp, Picasa3.exe, 00000014.00000002.2586100840.0000000006F6F000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2482072226.0000000002E7B000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2593399186.000000000716B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://picasa.google.com/
Source: Picasa3.exe, 00000014.00000002.2593399186.0000000007223000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://picasa.google.com/"><span
Source: Picasa3.exe, 00000014.00000002.2593399186.0000000007223000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://picasa.google.com/">picasa.google.com</a>.<br
Source: Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp, Picasa3.exe, 00000014.00000002.2599824731.000000001000C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://picasa.google.com/.
Source: Picasa3.exe, 00000012.00000000.1604678624.0000000000DF8000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: http://picasa.google.com/AOne
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: http://picasa.google.com/assets/logo.gif
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.0000000003831000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://picasa.google.com/assets/logo_kmz.gif
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000032A7000.00000004.00000020.00020000.00000000.sdmp, PicasaPhotoViewer.exe, 00000015.00000003.1769352161.0000000003272000.00000004.00000020.00020000.00000000.sdmp, PicasaPhotoViewer.exe, 00000015.00000003.1770457054.0000000002831000.00000004.00000020.00020000.00000000.sdmp, PicasaPhotoViewer.exe, 00000015.00000003.1770788161.0000000003273000.00000004.00000020.00020000.00000000.sdmp, PicasaPhotoViewer.exe, 00000015.00000003.1774735111.0000000002835000.00000004.00000020.00020000.00000000.sdmp, PicasaPhotoViewer.exe, 00000015.00000003.1771353717.0000000003273000.00000004.00000020.00020000.00000000.sdmp, PicasaPhotoViewer.exe, 00000015.00000003.1761252169.0000000003255000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://picasa.google.com/features.html
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: http://picasa.google.com/index.html
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: http://picasa.google.com/intl/%s/terms.html
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.000000000369C000.00000004.00000020.00020000.00000000.sdmp, GPhotos.scr, 00000011.00000000.1542961815.00000000006EF000.00000002.00000001.01000000.0000000F.sdmp, Picasa3.exe, 00000014.00000002.2599824731.000000001000C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://picasa.google.com/intl/ar/#utm_source=gph-et-ar&utm_medium=et&utm_campaign=ar-screens
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.000000000369C000.00000004.00000020.00020000.00000000.sdmp, GPhotos.scr, 00000011.00000000.1542961815.00000000006EF000.00000002.00000001.01000000.0000000F.sdmp, Picasa3.exe, 00000014.00000002.2599824731.000000001000C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://picasa.google.com/intl/bg/#utm_source=gph-et-bg&utm_medium=et&utm_campaign=bg-screens
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.000000000369C000.00000004.00000020.00020000.00000000.sdmp, GPhotos.scr, 00000011.00000000.1542961815.00000000006EF000.00000002.00000001.01000000.0000000F.sdmp, Picasa3.exe, 00000014.00000002.2599824731.000000001000C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://picasa.google.com/intl/ca/#utm_source=gph-et-en&utm_medium=et&utm_campaign=en-protect
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.000000000369C000.00000004.00000020.00020000.00000000.sdmp, GPhotos.scr, 00000011.00000000.1542961815.00000000006EF000.00000002.00000001.01000000.0000000F.sdmp, Picasa3.exe, 00000014.00000002.2599824731.000000001000C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://picasa.google.com/intl/cs/#utm_source=gph-et-en&utm_medium=et&utm_campaign=cs-screens
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.000000000369C000.00000004.00000020.00020000.00000000.sdmp, GPhotos.scr, 00000011.00000000.1542961815.00000000006EF000.00000002.00000001.01000000.0000000F.sdmp, Picasa3.exe, 00000014.00000002.2599824731.000000001000C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://picasa.google.com/intl/de/#utm_source=gph-et-de&utm_medium=et&utm_campaign=de-screens
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.000000000369C000.00000004.00000020.00020000.00000000.sdmp, GPhotos.scr, 00000011.00000000.1542961815.00000000006EF000.00000002.00000001.01000000.0000000F.sdmp, Picasa3.exe, 00000014.00000002.2599824731.000000001000C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://picasa.google.com/intl/el/#utm_source=gph-et-el&utm_medium=et&utm_campaign=el-screens
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.000000000369C000.00000004.00000020.00020000.00000000.sdmp, GPhotos.scr, 00000011.00000000.1542961815.00000000006EF000.00000002.00000001.01000000.0000000F.sdmp, Picasa3.exe, 00000014.00000003.1626531844.00000000040E2000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2599824731.000000001140C000.00000002.00000001.01000000.00000014.sdmp, Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp, Picasa3.exe, 00000014.00000003.1626203204.0000000003FB3000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2599824731.000000001000C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://picasa.google.com/intl/en/#utm_source=gph-et-en&utm_medium=et&utm_campaign=en-screens
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.000000000369C000.00000004.00000020.00020000.00000000.sdmp, GPhotos.scr, 00000011.00000000.1542961815.00000000006EF000.00000002.00000001.01000000.0000000F.sdmp, Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://picasa.google.com/intl/en/#utm_source=gph-et-en&utm_medium=et&utm_campaign=fil-screen
Source: Picasa3.exe, 00000014.00000002.2482072226.0000000002EAA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://picasa.google.com/intl/en/#utm_source=gph-et-en&utm_medium=et&utm_campaign=en-screensaver
Source: GPhotos.scr, 00000011.00000002.1554998935.0000000002750000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://picasa.google.com/intl/en/#utm_source=gph-et-en&utm_medium=et&utm_campaign=en-screensaver.
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000035FF000.00000004.00000020.00020000.00000000.sdmp, GPhotos.scr, 00000011.00000000.1542724484.000000000062E000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: http://picasa.google.com/intl/en/#utm_source=gph-et-en&utm_medium=et&utm_campaign=en-screensaverCGen
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.000000000369C000.00000004.00000020.00020000.00000000.sdmp, GPhotos.scr, 00000011.00000000.1542961815.00000000006EF000.00000002.00000001.01000000.0000000F.sdmp, Picasa3.exe, 00000014.00000002.2599824731.000000001000C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://picasa.google.com/intl/en_uk/#utm_source=gph-et-en&utm_medium=et&utm_campaign=en-scre
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.000000000369C000.00000004.00000020.00020000.00000000.sdmp, GPhotos.scr, 00000011.00000000.1542961815.00000000006EF000.00000002.00000001.01000000.0000000F.sdmp, Picasa3.exe, 00000014.00000002.2599824731.000000001000C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://picasa.google.com/intl/es/#utm_source=gph-et-en&utm_medium=et&utm_campaign=es-screens
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.000000000369C000.00000004.00000020.00020000.00000000.sdmp, GPhotos.scr, 00000011.00000000.1542961815.00000000006EF000.00000002.00000001.01000000.0000000F.sdmp, Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://picasa.google.com/intl/fi/#utm_source=gph-et-fi&utm_medium=et&utm_campaign=fi-screens
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.000000000369C000.00000004.00000020.00020000.00000000.sdmp, GPhotos.scr, 00000011.00000000.1542961815.00000000006EF000.00000002.00000001.01000000.0000000F.sdmp, Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://picasa.google.com/intl/fr/#utm_source=gph-et-fr&utm_medium=et&utm_campaign=fr-screens
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.000000000369C000.00000004.00000020.00020000.00000000.sdmp, GPhotos.scr, 00000011.00000000.1542961815.00000000006EF000.00000002.00000001.01000000.0000000F.sdmp, Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://picasa.google.com/intl/hi/#utm_source=gph-et-hi&utm_medium=et&utm_campaign=hi-screens
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.000000000369C000.00000004.00000020.00020000.00000000.sdmp, GPhotos.scr, 00000011.00000000.1542961815.00000000006EF000.00000002.00000001.01000000.0000000F.sdmp, Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://picasa.google.com/intl/hu/#utm_source=gph-et-hu&utm_medium=et&utm_campaign=hu-screens
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.000000000369C000.00000004.00000020.00020000.00000000.sdmp, GPhotos.scr, 00000011.00000000.1542961815.00000000006EF000.00000002.00000001.01000000.0000000F.sdmp, Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://picasa.google.com/intl/id/#utm_source=gph-et-id&utm_medium=et&utm_campaign=id-screens
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.000000000369C000.00000004.00000020.00020000.00000000.sdmp, GPhotos.scr, 00000011.00000000.1542961815.00000000006EF000.00000002.00000001.01000000.0000000F.sdmp, Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://picasa.google.com/intl/ja/#utm_source=gph-et-ja&utm_medium=et&utm_campaign=ja-screens
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.000000000369C000.00000004.00000020.00020000.00000000.sdmp, GPhotos.scr, 00000011.00000000.1542961815.00000000006EF000.00000002.00000001.01000000.0000000F.sdmp, Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://picasa.google.com/intl/ko/#utm_source=gph-et-en&utm_medium=et&utm_campaign=en-screens
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.000000000369C000.00000004.00000020.00020000.00000000.sdmp, GPhotos.scr, 00000011.00000000.1542961815.00000000006EF000.00000002.00000001.01000000.0000000F.sdmp, Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://picasa.google.com/intl/lt/#utm_source=gph-et-lt&utm_medium=et&utm_campaign=lt-screens
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.000000000369C000.00000004.00000020.00020000.00000000.sdmp, GPhotos.scr, 00000011.00000000.1542961815.00000000006EF000.00000002.00000001.01000000.0000000F.sdmp, Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://picasa.google.com/intl/lv/#utm_source=gph-et-lv&utm_medium=et&utm_campaign=lv-screens
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.000000000369C000.00000004.00000020.00020000.00000000.sdmp, GPhotos.scr, 00000011.00000000.1542961815.00000000006EF000.00000002.00000001.01000000.0000000F.sdmp, Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://picasa.google.com/intl/nl/#utm_source=gph-et-nl&utm_medium=et&utm_campaign=nl-screens
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.000000000369C000.00000004.00000020.00020000.00000000.sdmp, GPhotos.scr, 00000011.00000000.1542961815.00000000006EF000.00000002.00000001.01000000.0000000F.sdmp, Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://picasa.google.com/intl/pl/#utm_source=gph-et-en&utm_medium=et&utm_campaign=en-screens
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.000000000369C000.00000004.00000020.00020000.00000000.sdmp, GPhotos.scr, 00000011.00000000.1542961815.00000000006EF000.00000002.00000001.01000000.0000000F.sdmp, Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://picasa.google.com/intl/pt-BR/#utm_source=gph-et-en&utm_medium=et&utm_campaign=en-scre
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.000000000369C000.00000004.00000020.00020000.00000000.sdmp, GPhotos.scr, 00000011.00000000.1542961815.00000000006EF000.00000002.00000001.01000000.0000000F.sdmp, Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://picasa.google.com/intl/pt_PT/#utm_source=gph-et-pt_PT&utm_medium=et&utm_campaign=pt_P
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.000000000369C000.00000004.00000020.00020000.00000000.sdmp, GPhotos.scr, 00000011.00000000.1542961815.00000000006EF000.00000002.00000001.01000000.0000000F.sdmp, Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://picasa.google.com/intl/ro/#utm_source=gph-et-ro&utm_medium=et&utm_campaign=ro-screens
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.000000000369C000.00000004.00000020.00020000.00000000.sdmp, GPhotos.scr, 00000011.00000000.1542961815.00000000006EF000.00000002.00000001.01000000.0000000F.sdmp, Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://picasa.google.com/intl/ru/#utm_source=gph-et-ru&utm_medium=et&utm_campaign=ru-screens
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.000000000369C000.00000004.00000020.00020000.00000000.sdmp, GPhotos.scr, 00000011.00000000.1542961815.00000000006EF000.00000002.00000001.01000000.0000000F.sdmp, Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://picasa.google.com/intl/sk/#utm_source=gph-et-sk&utm_medium=et&utm_campaign=sk-screens
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.000000000369C000.00000004.00000020.00020000.00000000.sdmp, GPhotos.scr, 00000011.00000000.1542961815.00000000006EF000.00000002.00000001.01000000.0000000F.sdmp, Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://picasa.google.com/intl/sl/#utm_source=gph-et-sl&utm_medium=et&utm_campaign=sl-screens
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.000000000369C000.00000004.00000020.00020000.00000000.sdmp, GPhotos.scr, 00000011.00000000.1542961815.00000000006EF000.00000002.00000001.01000000.0000000F.sdmp, Picasa3.exe, 00000014.00000002.2599824731.000000001140C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://picasa.google.com/intl/th/#utm_source=gph-et-en&utm_medium=et&utm_campaign=en-screens
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.000000000369C000.00000004.00000020.00020000.00000000.sdmp, GPhotos.scr, 00000011.00000000.1542961815.00000000006EF000.00000002.00000001.01000000.0000000F.sdmp, Picasa3.exe, 00000014.00000002.2599824731.000000001140C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://picasa.google.com/intl/tr/#utm_source=gph-et-en&utm_medium=et&utm_campaign=en-screens
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.000000000369C000.00000004.00000020.00020000.00000000.sdmp, GPhotos.scr, 00000011.00000000.1542961815.00000000006EF000.00000002.00000001.01000000.0000000F.sdmp, Picasa3.exe, 00000014.00000002.2599824731.000000001140C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://picasa.google.com/intl/vi/#utm_source=gph-et-en&utm_medium=et&utm_campaign=en-screens
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.000000000369C000.00000004.00000020.00020000.00000000.sdmp, GPhotos.scr, 00000011.00000000.1542961815.00000000006EF000.00000002.00000001.01000000.0000000F.sdmp, Picasa3.exe, 00000014.00000002.2599824731.000000001140C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://picasa.google.com/intl/zh-CN/#utm_source=gph-et-zh_CN&utm_medium=et&utm_campaign=zh_C
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.000000000369C000.00000004.00000020.00020000.00000000.sdmp, GPhotos.scr, 00000011.00000000.1542961815.00000000006EF000.00000002.00000001.01000000.0000000F.sdmp, Picasa3.exe, 00000014.00000002.2599824731.000000001140C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://picasa.google.com/intl/zh-TW/#utm_source=gph-et-zh-TW&utm_medium=et&utm_campaign=zh-T
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp, Picasa3.exe, 00000014.00000003.1626531844.00000000040E2000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp, Picasa3.exe, 00000014.00000003.1626203204.0000000003FB3000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2599824731.000000001000C000.00000002.00000001.01000000.00000014.sdmp, Picasa3.exe, 00000014.00000002.2482072226.0000000002E7B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://picasa.google.com/support/bin/answer.py?answer=11139
Source: Picasa3.exe, 00000014.00000002.2599824731.000000001140C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://picasa.google.com/support/bin/answer.py?answer=11139&hl=th
Source: Picasa3.exe, 00000014.00000002.2599824731.000000001140C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://picasa.google.com/support/bin/answer.py?answer=11139&hl=uk
Source: Picasa3.exe, 00000014.00000002.2599824731.000000001140C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://picasa.google.com/support/bin/answer.py?answer=11139&hl=vi
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: http://picasa.google.com/support/bin/answer.py?answer=11511
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.0000000003831000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp, Picasa3.exe, 00000014.00000003.1626531844.00000000040E2000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2599824731.000000001140C000.00000002.00000001.01000000.00000014.sdmp, Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp, Picasa3.exe, 00000014.00000002.2482072226.0000000002EAA000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000003.1626203204.0000000003FB3000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2599824731.000000001000C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://picasa.google.com/support/bin/answer.py?answer=139492
Source: Picasa3.exe, 00000014.00000002.2599824731.000000001140C000.00000002.00000001.01000000.00000014.sdmp, Picasa3.exe, 00000014.00000002.2599824731.000000001000C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://picasa.google.com/support/bin/answer.py?answer=139492&hl=uk
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: http://picasa.google.com/support/bin/answer.py?answer=139492&hl=%sSplashThreadruntime
Source: Picasa3.exe, 00000014.00000002.2482072226.0000000002EAA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://picasa.google.com/support/bin/answer.py?answer=139492ar)
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp, Picasa3.exe, 00000014.00000003.1626531844.00000000040E2000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp, Picasa3.exe, 00000014.00000002.2482072226.0000000002EAA000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000003.1626203204.0000000003FB3000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2599824731.000000001000C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://picasa.google.com/support/bin/answer.py?answer=141059
Source: Picasa3.exe, 00000014.00000002.2599824731.000000001140C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://picasa.google.com/support/bin/answer.py?answer=141059&hl=th
Source: Picasa3.exe, 00000014.00000002.2599824731.000000001140C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://picasa.google.com/support/bin/answer.py?answer=141059&hl=uk
Source: Picasa3.exe, 00000014.00000002.2599824731.000000001140C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://picasa.google.com/support/bin/answer.py?answer=141059&hl=vi
Source: Picasa3.exe, 00000014.00000002.2482072226.0000000002EAA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://picasa.google.com/support/bin/answer.py?answer=141059)V
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: http://picasa.google.com/support/bin/answer.py?answer=141059iPhotoError::HelpURL
Source: Picasa3.exe, 00000014.00000002.2482072226.0000000002EAA000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2586100840.0000000006F6F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://picasa.google.com/support/bin/answer.py?answer=26374
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: http://picasa.google.com/support/bin/answer.py?answer=39551
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: http://picasa.google.com/support/bin/answer.py?answer=39551-----------------------------------------
Source: Picasa3.exe, 00000014.00000002.2593399186.0000000007244000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://picasa.google.com/support/bin/answer.py?answer=43901
Source: Picasa3.exe, 00000014.00000002.2593399186.0000000007223000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://picasa.google.com/support/bin/answer.py?answer=43901"><span
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp, Picasa3.exe, 00000014.00000003.1626531844.00000000040E2000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2599824731.000000001140C000.00000002.00000001.01000000.00000014.sdmp, Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp, Picasa3.exe, 00000014.00000003.1626203204.0000000003FB3000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2599824731.000000001000C000.00000002.00000001.01000000.00000014.sdmp, Picasa3.exe, 00000014.00000002.2482072226.0000000002E7B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://picasa.google.com/support/bin/answer.py?answer=53209
Source: Picasa3.exe, 00000014.00000002.2599824731.000000001140C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://picasa.google.com/support/bin/answer.py?answer=53209&hl=th
Source: Picasa3.exe, 00000014.00000002.2599824731.000000001140C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://picasa.google.com/support/bin/answer.py?answer=53209&hl=uk
Source: Picasa3.exe, 00000014.00000002.2506191744.0000000004241000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2586100840.0000000006F6F000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2593399186.000000000716B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://picasa.google.com/support/bin/answer.py?answer=93773
Source: Picasa3.exe, 00000014.00000002.2506191744.0000000004241000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2586100840.0000000006F6F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://picasa.google.com/support/bin/answer.py?answer=93773&ctx=readme
Source: Picasa3.exe, 00000014.00000002.2593399186.0000000007223000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://picasa.google.com/support/bin/answer.py?answer=93773"><span
Source: Picasa3.exe, 00000014.00000002.2593399186.0000000007223000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://picasa.google.com/support/bin/answer.py?answer=93773">Picasa
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: http://picasa.google.com/support/bin/answer.py?hl=%s&answer=156272
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: http://picasa.google.com/support/bin/answer.py?hl=%s&answer=156272InfoTextUnnamedShownclustering_con
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.0000000003831000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2599824731.000000001000C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://picasa.google.com/support/bin/answer.py?hl=en&answer=15625
Source: Picasa3.exe, 00000014.00000003.1626531844.00000000040E2000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2599824731.000000001140C000.00000002.00000001.01000000.00000014.sdmp, Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp, Picasa3.exe, 00000014.00000003.1626203204.0000000003FB3000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2599824731.000000001000C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://picasa.google.com/support/bin/answer.py?hl=en&answer=93773
Source: Picasa3.exe, 00000014.00000002.2593399186.0000000007223000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://picasa.google.com/support/bin/answer.py?hl=en&answer=93773">Picasa
Source: Picasa3.exe, 00000014.00000002.2482072226.0000000002EAA000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2419587665.0000000000180000.00000004.00000010.00020000.00000000.sdmp	String found in binary or memory: http://picasa.google.com/support/bin/answer.py?hl=en&answer=93773
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: http://picasa.google.com/support/bin/answer.py?hl=en&answer=93773CThumbUI::showfeatureslinkSaverUpgr
Source: Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://picasa.google.com/support/bin/answer.py?hl=fi&answer=93773
Source: Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://picasa.google.com/support/bin/answer.py?hl=fil&answer=93773
Source: Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://picasa.google.com/support/bin/answer.py?hl=fr&answer=93773
Source: Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://picasa.google.com/support/bin/answer.py?hl=hi&answer=93773
Source: Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://picasa.google.com/support/bin/answer.py?hl=hu&answer=93773
Source: Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://picasa.google.com/support/bin/answer.py?hl=id&answer=93773
Source: Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://picasa.google.com/support/bin/answer.py?hl=it&answer=93773
Source: Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://picasa.google.com/support/bin/answer.py?hl=iw&answer=93773
Source: Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://picasa.google.com/support/bin/answer.py?hl=ja&answer=93773
Source: Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://picasa.google.com/support/bin/answer.py?hl=ko&answer=93773
Source: Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://picasa.google.com/support/bin/answer.py?hl=lt&answer=93773
Source: Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://picasa.google.com/support/bin/answer.py?hl=lv&answer=93773
Source: Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://picasa.google.com/support/bin/answer.py?hl=nl&answer=93773
Source: Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://picasa.google.com/support/bin/answer.py?hl=no&answer=93773
Source: Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://picasa.google.com/support/bin/answer.py?hl=pl&answer=93773
Source: Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://picasa.google.com/support/bin/answer.py?hl=pt-BR&answer=93773
Source: Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://picasa.google.com/support/bin/answer.py?hl=pt_PT&answer=93773
Source: Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://picasa.google.com/support/bin/answer.py?hl=ro&answer=93773
Source: Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://picasa.google.com/support/bin/answer.py?hl=ru&answer=93773
Source: Picasa3.exe, 00000014.00000002.2599824731.000000001140C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://picasa.google.com/support/bin/answer.py?hl=se&answer=11139
Source: Picasa3.exe, 00000014.00000002.2599824731.000000001140C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://picasa.google.com/support/bin/answer.py?hl=se&answer=141059
Source: Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://picasa.google.com/support/bin/answer.py?hl=sk&answer=93773
Source: Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://picasa.google.com/support/bin/answer.py?hl=sl&answer=93773
Source: Picasa3.exe, 00000014.00000002.2599824731.000000001140C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://picasa.google.com/support/bin/answer.py?hl=sv&answer=53209
Source: Picasa3.exe, 00000014.00000002.2599824731.000000001140C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://picasa.google.com/support/bin/answer.py?hl=sv&answer=93773
Source: Picasa3.exe, 00000014.00000002.2599824731.000000001140C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://picasa.google.com/support/bin/answer.py?hl=th&answer=93773
Source: Picasa3.exe, 00000014.00000002.2599824731.000000001140C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://picasa.google.com/support/bin/answer.py?hl=tr&answer=93773
Source: Picasa3.exe, 00000014.00000002.2599824731.000000001140C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://picasa.google.com/support/bin/answer.py?hl=vi&answer=93773
Source: Picasa3.exe, 00000014.00000002.2599824731.000000001140C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://picasa.google.com/support/bin/answer.py?hl=zh-TW&answer=11139
Source: Picasa3.exe, 00000014.00000002.2599824731.000000001140C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://picasa.google.com/support/bin/answer.py?hl=zh-TW&answer=141059
Source: Picasa3.exe, 00000014.00000002.2599824731.000000001140C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://picasa.google.com/support/bin/answer.py?hl=zh-TW&answer=53209
Source: Picasa3.exe, 00000014.00000002.2599824731.000000001140C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://picasa.google.com/support/bin/answer.py?hl=zh-TW&answer=93773
Source: Picasa3.exe, 00000014.00000002.2599824731.000000001140C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://picasa.google.com/support/bin/answer.py?hl=zh_CN&answer=11139
Source: Picasa3.exe, 00000014.00000002.2599824731.000000001140C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://picasa.google.com/support/bin/answer.py?hl=zh_CN&answer=141059
Source: Picasa3.exe, 00000014.00000002.2599824731.000000001140C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://picasa.google.com/support/bin/answer.py?hl=zh_CN&answer=53209
Source: Picasa3.exe, 00000014.00000002.2599824731.000000001140C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://picasa.google.com/support/bin/answer.py?hl=zh_CN&answer=93773
Source: setuppicasa39-setup.exe	String found in binary or memory: http://picasa.google.com/support/bin/request.py?contact_type=uninstall
Source: setuppicasa39-setup.exe, 00000010.00000002.1704699696.0000000004CA3000.00000002.00000001.01000000.0000000C.sdmp	String found in binary or memory: http://picasa.google.com/support/bin/request.py?contact_type=uninstallptPTpt_PTpt_BRzhCNzh_CNzh_TW&h
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp, Picasa3.exe, 00000014.00000003.1626531844.00000000040E2000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2599824731.000000001140C000.00000002.00000001.01000000.00000014.sdmp, Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp, Picasa3.exe, 00000014.00000003.1626203204.0000000003FB3000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2599824731.000000001000C000.00000002.00000001.01000000.00000014.sdmp, Picasa3.exe, 00000014.00000002.2482072226.0000000002E7B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://picasa.google.com/support/bin/topic.py?topic=16056
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: http://picasa.google.com/support/bin/topic.py?topic=16056il_BurnPanel::imapierrorlinkError
Source: Picasa3.exe, 00000014.00000002.2482072226.0000000002E92000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2599824731.000000001140C000.00000002.00000001.01000000.00000014.sdmp, Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp, Picasa3.exe, 00000014.00000003.1626203204.0000000003FB3000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2599824731.000000001000C000.00000002.00000001.01000000.00000014.sdmp, PicasaPhotoViewer.exe, 00000015.00000000.1692209976.000000000070D000.00000002.00000001.01000000.00000019.sdmp	String found in binary or memory: http://picasa.google.com/support?ctx=picasa
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: http://picasa.google.com/support?ctx=picasaHELPID_DEFAULTi18n
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000031AA000.00000004.00000020.00020000.00000000.sdmp, PicasaPhotoViewer.exe, 00000015.00000000.1692209976.000000000070D000.00000002.00000001.01000000.00000019.sdmp	String found in binary or memory: http://picasa.google.com/support?ctx=picasatooltip3dfilmstripprintlocateemailblogslingshot_minimizep
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.000000000369C000.00000004.00000020.00020000.00000000.sdmp, GPhotos.scr, 00000011.00000000.1542961815.00000000006EF000.00000002.00000001.01000000.0000000F.sdmp, Picasa3.exe, 00000014.00000002.2599824731.000000001000C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://picasa.google.dk/intl/da/#utm_source=gph-et-en&utm_medium=et&utm_campaign=da-screensa
Source: Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://picasa.google.it/support/bin/answer.py?answer=11139
Source: Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp, Picasa3.exe, 00000014.00000002.2599824731.000000001000C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://picasa.google.it/support/bin/answer.py?answer=139492
Source: Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://picasa.google.it/support/bin/answer.py?answer=141059
Source: Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://picasa.google.it/support/bin/answer.py?answer=53209
Source: Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://picasa.google.nl/support/bin/answer.py?answer=11139
Source: Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp, Picasa3.exe, 00000014.00000002.2599824731.000000001000C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://picasa.google.nl/support/bin/answer.py?answer=139492
Source: Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://picasa.google.nl/support/bin/answer.py?answer=141059
Source: Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://picasa.google.nl/support/bin/answer.py?answer=53209
Source: Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://picasa.google.nl/support/bin/topic.py?topic=14609
Source: Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://picasa.google.ro/
Source: Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://picasa.google.rs/
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.000000000369C000.00000004.00000020.00020000.00000000.sdmp, GPhotos.scr, 00000011.00000000.1542961815.00000000006EF000.00000002.00000001.01000000.0000000F.sdmp, Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://picasa.google.rs/intl/sr/#utm_source=gph-et-sr&utm_medium=et&utm_campaign=sr-screensa
Source: Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://picasa.google.rs/support/bin/answer.py?answer=11139
Source: Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://picasa.google.rs/support/bin/answer.py?answer=141059
Source: Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://picasa.google.rs/support/bin/answer.py?answer=53209
Source: Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://picasa.google.rs/support/bin/answer.py?hl=sr&answer=93773
Source: Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://picasa.google.rs/support/bin/topic.py?topic=16056
Source: Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://picasa.google.rs/support?ctx=picasa
Source: Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://picasa.google.ru/support?ctx=picasa
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: http://picasa.smo/buttons
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: http://picasa.smo/buttonsP
Source: Picasa3.exe, 00000014.00000003.1626531844.00000000040E2000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2482072226.0000000002E92000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2599824731.000000001140C000.00000002.00000001.01000000.00000014.sdmp, Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp, Picasa3.exe, 00000014.00000003.1626203204.0000000003FB3000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2599824731.000000001000C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://picasa2.blogspot.com/
Source: Picasa3.exe, 00000012.00000000.1604678624.0000000000DF8000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: http://picasa2.blogspot.com/3Some
Source: Picasa3.exe, 00000014.00000002.2599824731.000000001140C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://picasa2.blogspot.com/?hl=vi
Source: Picasa3.exe, 00000014.00000002.2482072226.0000000002E92000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://picasa2.blogspot.com/e.
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000035FF000.00000004.00000020.00020000.00000000.sdmp, GPhotos.scr, 00000011.00000000.1542724484.000000000062E000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: http://picasaweb.google.com/data/feed/base/user/
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000035FF000.00000004.00000020.00020000.00000000.sdmp, GPhotos.scr, 00000011.00000000.1542724484.000000000062E000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: http://picasaweb.google.com/home
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000035FF000.00000004.00000020.00020000.00000000.sdmp, GPhotos.scr, 00000011.00000000.1542724484.000000000062E000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: http://picasaweb.google.com/lh/favorites
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000035FF000.00000004.00000020.00020000.00000000.sdmp, GPhotos.scr, 00000011.00000000.1542724484.000000000062E000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: http://picasaweb.google.com/lh/favoriteshttp://picasaweb.google.com/home?kind=album&alt=rss&hl=en_US
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: http://picasaweb.google.com/lh/nameTagOpt
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: http://picasaweb.google.com/lh/nameTagOptDoNotConfirmReducedUploadquotalearnmorehttps://support.goog
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: http://picasaweb.google.com/lh/picasaweb/
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: http://picasaweb.google.com/support/bin/request.py?contact_type=bug
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: http://picasaweb.google.com/support/bin/request.py?contact_type=bugPicasa2
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: http://schemas.google.com/contacts/2008/rel#photo
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000031AA000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp, PicasaPhotoViewer.exe, 00000015.00000000.1692209976.000000000070D000.00000002.00000001.01000000.00000019.sdmp	String found in binary or memory: http://schemas.google.com/g/2005
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: http://schemas.google.com/g/2005#home
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: http://schemas.google.com/g/2005#homerelgd:deletedgContact:systemGroupFriendsFocusGroup::FriendsFami
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp, PicasaPhotoViewer.exe, 00000015.00000000.1692209976.000000000070D000.00000002.00000001.01000000.00000019.sdmp	String found in binary or memory: http://schemas.google.com/g/2005#kind
Source: Picasa3.exe, 00000014.00000002.2593399186.0000000007223000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://schemas.google.com/g/2005#thumbnail
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: http://schemas.google.com/g/2008/ordering#comesAfter
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: http://schemas.google.com/g/2008/ordering#first
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000031AA000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp, PicasaPhotoViewer.exe, 00000015.00000000.1692209976.000000000070D000.00000002.00000001.01000000.00000019.sdmp	String found in binary or memory: http://schemas.google.com/photos/2007
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: http://schemas.google.com/photos/2007#album
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: http://schemas.google.com/photos/2007#albumDownload
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp, PicasaPhotoViewer.exe, 00000015.00000000.1692209976.000000000070D000.00000002.00000001.01000000.00000019.sdmp	String found in binary or memory: http://schemas.google.com/photos/2007#photo
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: http://schemas.google.com/photos/20073.9.6picasa_versioncreateSubjectgphoto:opgphoto:itemidgphoto:ga
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000031AA000.00000004.00000020.00020000.00000000.sdmp, PicasaPhotoViewer.exe, 00000015.00000000.1692209976.000000000070D000.00000002.00000001.01000000.00000019.sdmp	String found in binary or memory: http://schemas.google.com/photos/2007xmlns:gphotohttp://search.yahoo.com/mrss/xmlns:mediahttp://sche
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000031AA000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp, PicasaPhotoViewer.exe, 00000015.00000000.1692209976.000000000070D000.00000002.00000001.01000000.00000019.sdmp	String found in binary or memory: http://schemas.google.com/photos/exif/2007
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000031AA000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp, Picasa3.exe, 00000014.00000002.2593399186.0000000007223000.00000004.00000020.00020000.00000000.sdmp, PicasaPhotoViewer.exe, 00000015.00000000.1692209976.000000000070D000.00000002.00000001.01000000.00000019.sdmp	String found in binary or memory: http://search.yahoo.com/mrss/
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: http://search.yahoo.com/msrss/
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.0000000003DA5000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, Picasa3.exe, 00000014.00000002.2533437740.000000000488F000.00000002.00000001.01000000.00000016.sdmp	String found in binary or memory: http://stats.picasa.com/apps/get.stats.uploader.php
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.0000000003DA5000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2533437740.000000000488F000.00000002.00000001.01000000.00000016.sdmp	String found in binary or memory: http://stats.picasa.com/apps/get.stats.uploader.phpPluginNameOverrideXmlOverrideUrlOverrideytIAction
Source: Picasa3.exe, 00000014.00000002.2593399186.0000000007223000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://support.google.com/picasa/bin/answer.py?hl=en&amp;answer=1319659&amp;topic=1751920&qu
Source: Picasa3.exe, 00000014.00000002.2593399186.0000000007223000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://support.google.com/picasa/bin/answer.py?hl=en&amp;answer=39500&amp;topic=1751920&quot
Source: Picasa3.exe, 00000014.00000002.2506191744.000000000417F000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2593399186.000000000716B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://support.google.com/picasa/bin/answer.py?hl=en&answer=39500&topic=1751920
Source: Picasa3.exe, 00000014.00000002.2506191744.000000000417F000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2593399186.000000000716B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://support.google.com/plus/bin/answer.py?answer=2370124
Source: Picasa3.exe, 00000014.00000002.2593399186.0000000007223000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://support.google.com/plus/bin/answer.py?answer=2370124"><span
Source: 1a4e5ccd35a56d84281a143f831563be.exe, 0000000F.00000002.2435414779.0000000000414000.00000004.00000001.01000000.00000006.sdmp, setuppicasa39-setup.exe, 00000010.00000002.1664870898.000000000459F000.00000004.00000020.00020000.00000000.sdmp, setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000032A7000.00000004.00000020.00020000.00000000.sdmp, setuppicasa39-setup.exe, 00000010.00000002.1664870898.0000000002E88000.00000004.00000020.00020000.00000000.sdmp, setuppicasa39-setup.exe, 00000010.00000002.1664870898.000000000467E000.00000004.00000020.00020000.00000000.sdmp, setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000029F6000.00000004.00000020.00020000.00000000.sdmp, PicasaPhotoViewer.exe, 00000015.00000003.1750870600.0000000000AEB000.00000004.00000020.00020000.00000000.sdmp, PicasaPhotoViewer.exe, 00000015.00000002.1780753263.0000000003B00000.00000004.00000020.00020000.00000000.sdmp, PicasaPhotoViewer.exe, 00000015.00000003.1775638859.0000000000A66000.00000004.00000020.00020000.00000000.sdmp, UNZIP.EXE, 00000026.00000002.1812336800.0000000000430000.00000040.00000001.01000000.00000020.sdmp, UNZIP.EXE, 00000028.00000002.1816767609.000000000042B000.00000040.00000001.01000000.00000020.sdmp, UNZIP.EXE, 00000058.00000002.2099499225.0000000000428000.00000040.00000001.01000000.00000026.sdmp, CPY.EXE, 0000005C.00000002.2102179386.0000000000B00000.00000004.00000020.00020000.00000000.sdmp, UNZIP.EXE, 0000005D.00000002.2105385323.0000000000428000.00000040.00000001.01000000.00000026.sdmp, CPY.EXE, 00000061.00000002.2108099884.0000000000E09000.00000004.00000020.00020000.00000000.sdmp, CPY.EXE, 00000064.00000002.2115643669.0000000000ECA000.00000004.00000020.00020000.00000000.sdmp, UNZIP.EXE, 00000066.00000002.2120076164.0000000000428000.00000040.00000001.01000000.00000026.sdmp, CPY.EXE, 0000006A.00000002.2122729835.0000000000629000.00000004.00000020.00020000.00000000.sdmp, CPY.EXE, 00000070.00000002.2131296204.0000000000CD9000.00000004.00000020.00020000.00000000.sdmp, sznpp.exe, 0000007C.00000000.2152804918.0000000000BFB000.00000002.00000001.01000000.0000002C.sdmp, UNZIP.EXE, 0000007D.00000002.2173171240.000000000042B000.00000040.00000001.01000000.00000026.sdmp	String found in binary or memory: http://ts-aia.ws.symantec.com/tss-ca-g2.cer0
Source: 1a4e5ccd35a56d84281a143f831563be.exe, 0000000F.00000002.2435414779.0000000000414000.00000004.00000001.01000000.00000006.sdmp, setuppicasa39-setup.exe, 00000010.00000002.1664870898.000000000459F000.00000004.00000020.00020000.00000000.sdmp, setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000032A7000.00000004.00000020.00020000.00000000.sdmp, setuppicasa39-setup.exe, 00000010.00000002.1664870898.0000000002E88000.00000004.00000020.00020000.00000000.sdmp, setuppicasa39-setup.exe, 00000010.00000002.1664870898.000000000467E000.00000004.00000020.00020000.00000000.sdmp, setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000029F6000.00000004.00000020.00020000.00000000.sdmp, PicasaPhotoViewer.exe, 00000015.00000003.1750870600.0000000000AEB000.00000004.00000020.00020000.00000000.sdmp, PicasaPhotoViewer.exe, 00000015.00000002.1780753263.0000000003B00000.00000004.00000020.00020000.00000000.sdmp, PicasaPhotoViewer.exe, 00000015.00000003.1775638859.0000000000A66000.00000004.00000020.00020000.00000000.sdmp, UNZIP.EXE, 00000026.00000002.1812336800.0000000000430000.00000040.00000001.01000000.00000020.sdmp, UNZIP.EXE, 00000028.00000002.1816767609.000000000042B000.00000040.00000001.01000000.00000020.sdmp, UNZIP.EXE, 00000058.00000002.2099499225.0000000000428000.00000040.00000001.01000000.00000026.sdmp, CPY.EXE, 0000005C.00000002.2102179386.0000000000B00000.00000004.00000020.00020000.00000000.sdmp, UNZIP.EXE, 0000005D.00000002.2105385323.0000000000428000.00000040.00000001.01000000.00000026.sdmp, CPY.EXE, 00000061.00000002.2108099884.0000000000E09000.00000004.00000020.00020000.00000000.sdmp, CPY.EXE, 00000064.00000002.2115643669.0000000000ECA000.00000004.00000020.00020000.00000000.sdmp, UNZIP.EXE, 00000066.00000002.2120076164.0000000000428000.00000040.00000001.01000000.00000026.sdmp, CPY.EXE, 0000006A.00000002.2122729835.0000000000629000.00000004.00000020.00020000.00000000.sdmp, CPY.EXE, 00000070.00000002.2131296204.0000000000CD9000.00000004.00000020.00020000.00000000.sdmp, sznpp.exe, 0000007C.00000000.2152804918.0000000000BFB000.00000002.00000001.01000000.0000002C.sdmp, UNZIP.EXE, 0000007D.00000002.2173171240.000000000042B000.00000040.00000001.01000000.00000026.sdmp	String found in binary or memory: http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
Source: 1a4e5ccd35a56d84281a143f831563be.exe, 0000000F.00000002.2435414779.0000000000414000.00000004.00000001.01000000.00000006.sdmp, setuppicasa39-setup.exe, 00000010.00000002.1664870898.000000000459F000.00000004.00000020.00020000.00000000.sdmp, setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000032A7000.00000004.00000020.00020000.00000000.sdmp, setuppicasa39-setup.exe, 00000010.00000002.1664870898.0000000002E88000.00000004.00000020.00020000.00000000.sdmp, setuppicasa39-setup.exe, 00000010.00000002.1664870898.000000000467E000.00000004.00000020.00020000.00000000.sdmp, setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000029F6000.00000004.00000020.00020000.00000000.sdmp, PicasaPhotoViewer.exe, 00000015.00000003.1750870600.0000000000AEB000.00000004.00000020.00020000.00000000.sdmp, PicasaPhotoViewer.exe, 00000015.00000002.1780753263.0000000003B00000.00000004.00000020.00020000.00000000.sdmp, PicasaPhotoViewer.exe, 00000015.00000003.1775638859.0000000000A66000.00000004.00000020.00020000.00000000.sdmp, UNZIP.EXE, 00000026.00000002.1812336800.0000000000430000.00000040.00000001.01000000.00000020.sdmp, UNZIP.EXE, 00000028.00000002.1816767609.000000000042B000.00000040.00000001.01000000.00000020.sdmp, UNZIP.EXE, 00000058.00000002.2099499225.0000000000428000.00000040.00000001.01000000.00000026.sdmp, CPY.EXE, 0000005C.00000002.2102179386.0000000000B00000.00000004.00000020.00020000.00000000.sdmp, UNZIP.EXE, 0000005D.00000002.2105385323.0000000000428000.00000040.00000001.01000000.00000026.sdmp, CPY.EXE, 00000061.00000002.2108099884.0000000000E09000.00000004.00000020.00020000.00000000.sdmp, CPY.EXE, 00000064.00000002.2115643669.0000000000ECA000.00000004.00000020.00020000.00000000.sdmp, UNZIP.EXE, 00000066.00000002.2120076164.0000000000428000.00000040.00000001.01000000.00000026.sdmp, CPY.EXE, 0000006A.00000002.2122729835.0000000000629000.00000004.00000020.00020000.00000000.sdmp, CPY.EXE, 00000070.00000002.2131296204.0000000000CD9000.00000004.00000020.00020000.00000000.sdmp, sznpp.exe, 0000007C.00000000.2152804918.0000000000BFB000.00000002.00000001.01000000.0000002C.sdmp, UNZIP.EXE, 0000007D.00000002.2173171240.000000000042B000.00000040.00000001.01000000.00000026.sdmp	String found in binary or memory: http://ts-ocsp.ws.symantec.com07
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.0000000003831000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://updates.picasasoftware.com/picasa2/public/currentversion.ini
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: http://uploads.gdata.youtube.com
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: http://uploads.gdata.youtube.comhttp://gdata.youtube.comhttp://search.yahoo.com/mrss/http://gdata.yo
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: http://video.google.com
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: http://video.google.com/googleplayer.swf?videoUrl=%s
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: http://video.google.com/googleplayer.swf?videoUrl=%s&autoplay=yes
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: http://vp.video.google.com/videodownload?version=0&secureurl=jgAAADNI5rdEqehq2NF9eKwMNPUIAAq3YqAYcNm
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.0000000004788000.00000004.00000020.00020000.00000000.sdmp, setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000031AA000.00000004.00000020.00020000.00000000.sdmp, setuppicasa39-setup.exe, 00000010.00000002.1664870898.0000000004419000.00000004.00000020.00020000.00000000.sdmp, setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000035FF000.00000004.00000020.00020000.00000000.sdmp, GPhotos.scr, 00000011.00000002.1554998935.0000000002750000.00000004.00000020.00020000.00000000.sdmp, GPhotos.scr, 00000011.00000000.1542724484.000000000062E000.00000002.00000001.01000000.0000000F.sdmp, Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp, Picasa3.exe, 00000014.00000002.2482072226.0000000002EAA000.00000004.00000020.00020000.00000000.sdmp, PicasaPhotoViewer.exe, 00000015.00000000.1692209976.000000000070D000.00000002.00000001.01000000.00000019.sdmp, PicasaPhotoViewer.exe, 00000015.00000003.1775225286.0000000002848000.00000004.00000020.00020000.00000000.sdmp, PicasaPhotoViewer.exe, 00000015.00000003.1770457054.0000000002847000.00000004.00000020.00020000.00000000.sdmp, PicasaPhotoViewer.exe, 00000015.00000003.1774341456.0000000002847000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.aiim.org/pdfa/ns/extension/
Source: Picasa3.exe, 00000014.00000002.2482072226.0000000002EAA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.aiim.org/pdfa/ns/extension/#6
Source: GPhotos.scr, 00000011.00000002.1554998935.0000000002750000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.aiim.org/pdfa/ns/extension/rceRef#
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.0000000004788000.00000004.00000020.00020000.00000000.sdmp, setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000031AA000.00000004.00000020.00020000.00000000.sdmp, setuppicasa39-setup.exe, 00000010.00000002.1664870898.0000000004419000.00000004.00000020.00020000.00000000.sdmp, setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000035FF000.00000004.00000020.00020000.00000000.sdmp, GPhotos.scr, 00000011.00000002.1554998935.0000000002750000.00000004.00000020.00020000.00000000.sdmp, GPhotos.scr, 00000011.00000000.1542724484.000000000062E000.00000002.00000001.01000000.0000000F.sdmp, Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp, Picasa3.exe, 00000014.00000002.2482072226.0000000002EAA000.00000004.00000020.00020000.00000000.sdmp, PicasaPhotoViewer.exe, 00000015.00000003.1768334402.000000000284E000.00000004.00000020.00020000.00000000.sdmp, PicasaPhotoViewer.exe, 00000015.00000002.1779527117.0000000002854000.00000004.00000020.00020000.00000000.sdmp, PicasaPhotoViewer.exe, 00000015.00000000.1692209976.000000000070D000.00000002.00000001.01000000.00000019.sdmp	String found in binary or memory: http://www.aiim.org/pdfa/ns/field#
Source: GPhotos.scr, 00000011.00000002.1554998935.0000000002750000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.aiim.org/pdfa/ns/field#ersion#
Source: Picasa3.exe, 00000014.00000002.2482072226.0000000002EAA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.aiim.org/pdfa/ns/field#y#festItem#
Source: GPhotos.scr, 00000011.00000002.1554998935.0000000002750000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.aiim.org/pdfa/ns/field#y#mlns/o
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.0000000004788000.00000004.00000020.00020000.00000000.sdmp, setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000031AA000.00000004.00000020.00020000.00000000.sdmp, setuppicasa39-setup.exe, 00000010.00000002.1664870898.0000000004419000.00000004.00000020.00020000.00000000.sdmp, setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000035FF000.00000004.00000020.00020000.00000000.sdmp, GPhotos.scr, 00000011.00000002.1554998935.0000000002750000.00000004.00000020.00020000.00000000.sdmp, GPhotos.scr, 00000011.00000000.1542724484.000000000062E000.00000002.00000001.01000000.0000000F.sdmp, Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp, Picasa3.exe, 00000014.00000002.2482072226.0000000002EAA000.00000004.00000020.00020000.00000000.sdmp, PicasaPhotoViewer.exe, 00000015.00000000.1692209976.000000000070D000.00000002.00000001.01000000.00000019.sdmp, PicasaPhotoViewer.exe, 00000015.00000003.1775225286.0000000002848000.00000004.00000020.00020000.00000000.sdmp, PicasaPhotoViewer.exe, 00000015.00000003.1770457054.0000000002847000.00000004.00000020.00020000.00000000.sdmp, PicasaPhotoViewer.exe, 00000015.00000003.1774341456.0000000002847000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.aiim.org/pdfa/ns/id/
Source: GPhotos.scr, 00000011.00000002.1554998935.0000000002750000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.aiim.org/pdfa/ns/id/&#W
Source: Picasa3.exe, 00000014.00000002.2482072226.0000000002EAA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.aiim.org/pdfa/ns/id/9
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.0000000004788000.00000004.00000020.00020000.00000000.sdmp, setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000031AA000.00000004.00000020.00020000.00000000.sdmp, setuppicasa39-setup.exe, 00000010.00000002.1664870898.0000000004419000.00000004.00000020.00020000.00000000.sdmp, setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000035FF000.00000004.00000020.00020000.00000000.sdmp, GPhotos.scr, 00000011.00000002.1554998935.0000000002750000.00000004.00000020.00020000.00000000.sdmp, GPhotos.scr, 00000011.00000000.1542724484.000000000062E000.00000002.00000001.01000000.0000000F.sdmp, Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp, Picasa3.exe, 00000014.00000002.2482072226.0000000002EAA000.00000004.00000020.00020000.00000000.sdmp, PicasaPhotoViewer.exe, 00000015.00000003.1768334402.000000000284E000.00000004.00000020.00020000.00000000.sdmp, PicasaPhotoViewer.exe, 00000015.00000002.1779527117.0000000002854000.00000004.00000020.00020000.00000000.sdmp, PicasaPhotoViewer.exe, 00000015.00000000.1692209976.000000000070D000.00000002.00000001.01000000.00000019.sdmp	String found in binary or memory: http://www.aiim.org/pdfa/ns/property#
Source: GPhotos.scr, 00000011.00000002.1554998935.0000000002750000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.aiim.org/pdfa/ns/property#festItem#
Source: GPhotos.scr, 00000011.00000002.1554998935.0000000002750000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.aiim.org/pdfa/ns/property#mlns/
Source: Picasa3.exe, 00000014.00000002.2482072226.0000000002EAA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.aiim.org/pdfa/ns/property#mlns/m#_6
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.0000000004788000.00000004.00000020.00020000.00000000.sdmp, setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000031AA000.00000004.00000020.00020000.00000000.sdmp, setuppicasa39-setup.exe, 00000010.00000002.1664870898.0000000004419000.00000004.00000020.00020000.00000000.sdmp, setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000035FF000.00000004.00000020.00020000.00000000.sdmp, GPhotos.scr, 00000011.00000002.1554998935.0000000002750000.00000004.00000020.00020000.00000000.sdmp, GPhotos.scr, 00000011.00000000.1542724484.000000000062E000.00000002.00000001.01000000.0000000F.sdmp, Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp, Picasa3.exe, 00000014.00000002.2482072226.0000000002EAA000.00000004.00000020.00020000.00000000.sdmp, PicasaPhotoViewer.exe, 00000015.00000003.1768334402.000000000284E000.00000004.00000020.00020000.00000000.sdmp, PicasaPhotoViewer.exe, 00000015.00000002.1779527117.0000000002854000.00000004.00000020.00020000.00000000.sdmp, PicasaPhotoViewer.exe, 00000015.00000000.1692209976.000000000070D000.00000002.00000001.01000000.00000019.sdmp	String found in binary or memory: http://www.aiim.org/pdfa/ns/schema#
Source: GPhotos.scr, 00000011.00000002.1554998935.0000000002750000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.aiim.org/pdfa/ns/schema#nifestItem#
Source: Picasa3.exe, 00000014.00000002.2482072226.0000000002EAA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.aiim.org/pdfa/ns/schema#ual/1.0/
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.0000000004788000.00000004.00000020.00020000.00000000.sdmp, setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000031AA000.00000004.00000020.00020000.00000000.sdmp, setuppicasa39-setup.exe, 00000010.00000002.1664870898.0000000004419000.00000004.00000020.00020000.00000000.sdmp, setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000035FF000.00000004.00000020.00020000.00000000.sdmp, GPhotos.scr, 00000011.00000002.1554998935.0000000002750000.00000004.00000020.00020000.00000000.sdmp, GPhotos.scr, 00000011.00000000.1542724484.000000000062E000.00000002.00000001.01000000.0000000F.sdmp, Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp, Picasa3.exe, 00000014.00000002.2482072226.0000000002EAA000.00000004.00000020.00020000.00000000.sdmp, PicasaPhotoViewer.exe, 00000015.00000003.1768334402.000000000284E000.00000004.00000020.00020000.00000000.sdmp, PicasaPhotoViewer.exe, 00000015.00000002.1779527117.0000000002854000.00000004.00000020.00020000.00000000.sdmp, PicasaPhotoViewer.exe, 00000015.00000000.1692209976.000000000070D000.00000002.00000001.01000000.00000019.sdmp	String found in binary or memory: http://www.aiim.org/pdfa/ns/type#
Source: GPhotos.scr, 00000011.00000002.1554998935.0000000002750000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.aiim.org/pdfa/ns/type#ManifestItem#
Source: GPhotos.scr, 00000011.00000002.1554998935.0000000002750000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.aiim.org/pdfa/ns/type#ty#
Source: Picasa3.exe, 00000014.00000002.2482072226.0000000002EAA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.aiim.org/pdfa/ns/type#ty#mlns/
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.0000000004749000.00000004.00000020.00020000.00000000.sdmp, setuppicasa39-setup.exe, 00000010.00000002.1664870898.0000000004788000.00000004.00000020.00020000.00000000.sdmp, setuppicasa39-setup.exe, 00000010.00000002.1664870898.000000000467E000.00000004.00000020.00020000.00000000.sdmp, setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000029F6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.apple.com/DTDs/PropertyList-1.0.dtd
Source: Picasa3.exe, 00000014.00000002.2593399186.0000000007223000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.blogger.com/atom/ns#
Source: Picasa3.exe, 00000014.00000002.2506191744.0000000004241000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.blogger.com/feeds/1456569655786168306/posts/default
Source: Picasa3.exe, 00000014.00000002.2593399186.0000000007223000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2589400232.0000000007039000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.blogger.com/feeds/1456569655786168306/posts/default/1237605142260003533
Source: Picasa3.exe, 00000014.00000002.2593399186.0000000007223000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.blogger.com/feeds/1456569655786168306/posts/default/1272700194270571942
Source: Picasa3.exe, 00000014.00000002.2593399186.0000000007223000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2589400232.0000000007039000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.blogger.com/feeds/1456569655786168306/posts/default/2231948156028307071
Source: Picasa3.exe, 00000014.00000002.2593399186.0000000007223000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.blogger.com/feeds/1456569655786168306/posts/default/3576455443803502313
Source: Picasa3.exe, 00000014.00000002.2593399186.0000000007223000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2589400232.0000000007039000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.blogger.com/feeds/1456569655786168306/posts/default/6597548198970830433
Source: Picasa3.exe, 00000014.00000002.2593399186.0000000007223000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2482072226.0000000002E7B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.blogger.com/profile/00823187511285450623
Source: Picasa3.exe, 00000014.00000002.2593399186.0000000007223000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.blogger.com/styles/atom.css
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000031AA000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp, PicasaPhotoViewer.exe, 00000015.00000000.1692209976.000000000070D000.00000002.00000001.01000000.00000019.sdmp	String found in binary or memory: http://www.georss.org/georss
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: http://www.georss.org/georssxmlns:georsshttp://www.opengis.net/gmlxmlns:gmlhttp://schemas.google.com
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.0000000003831000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp, Picasa3.exe, 00000014.00000002.2599824731.000000001000C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://www.google.com
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp, Picasa3.exe, 00000014.00000002.2506191744.000000000417F000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2506191744.0000000004241000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2593399186.0000000007223000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2593399186.000000000716B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.google.com/
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: http://www.google.com/You
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: http://www.google.com/intl/%s/privacypolicy.html
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.000000000467E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.google.com/picasa
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.0000000004788000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: http://www.google.com/privacypolicy.html
Source: setuppicasa39-setup.exe, setuppicasa39-setup.exe, 00000010.00000002.1704699696.0000000004CA3000.00000002.00000001.01000000.0000000C.sdmp	String found in binary or memory: http://www.google.com/search?q=
Source: Picasa3.exe, 00000014.00000002.2593399186.0000000007223000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.google.com/support/forum/p/Picasa">our
Source: Picasa3.exe, 00000014.00000002.2593399186.0000000007244000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2506191744.0000000004241000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.google.com/support/forum/p/Picasa?hl=en
Source: Picasa3.exe, 00000014.00000002.2593399186.0000000007223000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.google.com/support/forum/p/Picasa?hl=en"><span
Source: Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://www.google.com/support/forum/p/picasa?hl=pt_PT
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: http://www.google.com/support/picasa/?p=picasa_get_started
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: http://www.google.com/support/picasa/?p=picasa_get_startedUploadOptionMenu::usesize800800
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000031AA000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp, Picasa3.exe, 00000014.00000002.2596878839.000000000862D000.00000004.00000010.00020000.00000000.sdmp, PicasaPhotoViewer.exe, 00000015.00000000.1692209976.000000000070D000.00000002.00000001.01000000.00000019.sdmp	String found in binary or memory: http://www.google.com/update2/request
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: http://www.google.com/video/uploader/form/videoonline
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: http://www.google.com/video/uploader/form/videoonlinesessionStatusadditionalInfouploader_service.Goo
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: http://www.google.comLastCommentsPubDateLastActivityPubDateCActivityBackground
Source: Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://www.google.ro/policies/privacy/
Source: Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://www.google.ro/policies/terms/
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: http://www.macromedia.com/shockwave/download/index.cgi?P1_Prod_Version=ShockwaveFlash
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000031AA000.00000004.00000020.00020000.00000000.sdmp, setuppicasa39-setup.exe, 00000010.00000002.1664870898.0000000004419000.00000004.00000020.00020000.00000000.sdmp, setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000035FF000.00000004.00000020.00020000.00000000.sdmp, GPhotos.scr, 00000011.00000002.1554998935.0000000002750000.00000004.00000020.00020000.00000000.sdmp, GPhotos.scr, 00000011.00000000.1542724484.000000000062E000.00000002.00000001.01000000.0000000F.sdmp, Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp, Picasa3.exe, 00000014.00000002.2482072226.0000000002EAA000.00000004.00000020.00020000.00000000.sdmp, PicasaPhotoViewer.exe, 00000015.00000003.1768334402.000000000284E000.00000004.00000020.00020000.00000000.sdmp, PicasaPhotoViewer.exe, 00000015.00000002.1779527117.0000000002854000.00000004.00000020.00020000.00000000.sdmp, PicasaPhotoViewer.exe, 00000015.00000000.1692209976.000000000070D000.00000002.00000001.01000000.00000019.sdmp	String found in binary or memory: http://www.metadataworkinggroup.com/schemas/regions/
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.0000000004788000.00000004.00000020.00020000.00000000.sdmp, setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000031AA000.00000004.00000020.00020000.00000000.sdmp, setuppicasa39-setup.exe, 00000010.00000002.1664870898.0000000004419000.00000004.00000020.00020000.00000000.sdmp, setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000035FF000.00000004.00000020.00020000.00000000.sdmp, GPhotos.scr, 00000011.00000002.1554998935.0000000002750000.00000004.00000020.00020000.00000000.sdmp, GPhotos.scr, 00000011.00000000.1542724484.000000000062E000.00000002.00000001.01000000.0000000F.sdmp, Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp, Picasa3.exe, 00000014.00000002.2482072226.0000000002EAA000.00000004.00000020.00020000.00000000.sdmp, PicasaPhotoViewer.exe, 00000015.00000000.1692209976.000000000070D000.00000002.00000001.01000000.00000019.sdmp, PicasaPhotoViewer.exe, 00000015.00000003.1775225286.0000000002848000.00000004.00000020.00020000.00000000.sdmp, PicasaPhotoViewer.exe, 00000015.00000003.1770457054.0000000002847000.00000004.00000020.00020000.00000000.sdmp, PicasaPhotoViewer.exe, 00000015.00000003.1774341456.0000000002847000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.npes.org/pdfx/ns/id/
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000031AA000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp, PicasaPhotoViewer.exe, 00000015.00000000.1692209976.000000000070D000.00000002.00000001.01000000.00000019.sdmp	String found in binary or memory: http://www.opengis.net/gml
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: http://www.pheed.com/pheed/
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: http://www.pheed.com/pheed/xmlns:photohttp://search.yahoo.com/msrss/xmlns:mediahttp://picasaweb.goog
Source: Picasa3.exe, 00000014.00000002.2482072226.0000000002E92000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2599824731.000000001140C000.00000002.00000001.01000000.00000014.sdmp, Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp, Picasa3.exe, 00000014.00000003.1626203204.0000000003FB3000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2599824731.000000001000C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://www.picasa.com/contact/feedback.php
Source: Picasa3.exe, 00000012.00000000.1604678624.0000000000DF8000.00000002.00000001.01000000.00000012.sdmp, Picasa3.exe, 00000014.00000003.1626531844.00000000040E2000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2482072226.0000000002E92000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2599824731.000000001140C000.00000002.00000001.01000000.00000014.sdmp, Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp, Picasa3.exe, 00000014.00000003.1626203204.0000000003FB3000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2599824731.000000001000C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://www.picasa.com/support/
Source: Picasa3.exe, 00000014.00000002.2482072226.0000000002E92000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.picasa.com/support/n
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: http://www.picnik.com/service/
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: http://www.picnik.com/service/_ckeditpanel/picnikbasePicnikWarnDon
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.0000000003831000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.stereopsis.com/bg.gif);
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C40000.00000002.00000001.01000000.00000012.sdmp, PicasaPhotoViewer.exe, 00000015.00000000.1692209976.00000000006EA000.00000002.00000001.01000000.00000019.sdmp	String found in binary or memory: http://www.winimage.com/zLibDll
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000032A7000.00000004.00000020.00020000.00000000.sdmp, GPhotos.scr, 00000011.00000000.1542724484.0000000000610000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: http://www.winimage.com/zLibDlll
Source: Picasa3.exe, 00000014.00000002.2506191744.0000000004241000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.youtube.com/v/NDKFjc3_wrk&hl=en&fs=1
Source: Picasa3.exe, 00000014.00000002.2506191744.0000000004241000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.youtube.com/v/gYO2uhrIZJ4&hl=en&fs=1
Source: Picasa3.exe, 00000014.00000002.2506191744.0000000004241000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.youtube.com/v/gYO2uhrIZJ4&hl=en&fs=1&rel=0&hd=1
Source: Picasa3.exe, 00000014.00000002.2593399186.0000000007223000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.youtube.com/v/rskC6c_5L1M&amp;hl=en&amp;fs=1"
Source: Picasa3.exe, 00000014.00000002.2593399186.0000000007223000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.youtube.com/v/rskC6c_5L1M&amp;hl=en&amp;fs=1"><param
Source: Picasa3.exe, 00000014.00000002.2506191744.000000000417F000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2593399186.000000000716B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.youtube.com/v/rskC6c_5L1M&hl=en&fs=1
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp, Picasa3.exe, 00000014.00000003.1626531844.00000000040E2000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2482072226.0000000002E92000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2599824731.000000001140C000.00000002.00000001.01000000.00000014.sdmp, Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp, Picasa3.exe, 00000014.00000003.1626203204.0000000003FB3000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2599824731.000000001000C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://youtube.com/my_videos
Source: Picasa3.exe, 00000014.00000002.2599824731.000000001140C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://youtube.com/my_videos?hl=vi
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: http://youtube.com/my_videosCYouTubeUploader::urlmyvideosThere
Source: Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://youtube.com/sajat_videoklipek
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000031AA000.00000004.00000020.00020000.00000000.sdmp, setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000035FF000.00000004.00000020.00020000.00000000.sdmp, GPhotos.scr, 00000011.00000000.1542724484.000000000062E000.00000002.00000001.01000000.0000000F.sdmp, Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp, PicasaPhotoViewer.exe, 00000015.00000000.1692209976.000000000070D000.00000002.00000001.01000000.00000019.sdmp	String found in binary or memory: https://accounts.google.com/o/oauth2/
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000035FF000.00000004.00000020.00020000.00000000.sdmp, GPhotos.scr, 00000011.00000000.1542724484.000000000062E000.00000002.00000001.01000000.0000000F.sdmp, Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: https://accounts.google.com/o/oauth2/962788293942.apps.googleusercontent.comUigxU4n_nVPLcipw7lmKSWRn
Source: Picasa3.exe, 00000014.00000002.2593399186.0000000007223000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2593399186.000000000716B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhdYMorlhvaoU2vdx-Au0-wABULVhkz6vqRku4godi
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.0000000003831000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2563942835.0000000006BBD000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2506191744.0000000004114000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://client4.google.com/providers/printers2.html
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.0000000003831000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2563942835.0000000006BBD000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2506191744.0000000004114000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://client4.google.com/providers/xml
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.0000000004749000.00000004.00000020.00020000.00000000.sdmp, setuppicasa39-setup.exe, 00000010.00000002.1664870898.000000000467E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://clients2.google.com/cr
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000031AA000.00000004.00000020.00020000.00000000.sdmp, setuppicasa39-setup.exe, 00000010.00000002.1664870898.0000000004419000.00000004.00000020.00020000.00000000.sdmp, setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000035FF000.00000004.00000020.00020000.00000000.sdmp, GPhotos.scr, 00000011.00000000.1542724484.000000000062E000.00000002.00000001.01000000.0000000F.sdmp, Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp, PicasaPhotoViewer.exe, 00000015.00000000.1692209976.000000000070D000.00000002.00000001.01000000.00000019.sdmp	String found in binary or memory: https://clients2.google.com/cr/report
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000031AA000.00000004.00000020.00020000.00000000.sdmp, setuppicasa39-setup.exe, 00000010.00000002.1664870898.0000000004419000.00000004.00000020.00020000.00000000.sdmp, setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000035FF000.00000004.00000020.00020000.00000000.sdmp, GPhotos.scr, 00000011.00000000.1542724484.000000000062E000.00000002.00000001.01000000.0000000F.sdmp, Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp, PicasaPhotoViewer.exe, 00000015.00000000.1692209976.000000000070D000.00000002.00000001.01000000.00000019.sdmp	String found in binary or memory: https://clients2.google.com/cr/reportPicasaLastCrashDump
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.0000000004749000.00000004.00000020.00020000.00000000.sdmp, setuppicasa39-setup.exe, 00000010.00000002.1664870898.000000000467E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://clients2.google.com/cr3600200000YESTRUE1NOFALSE0Could
Source: Picasa3.exe, 00000014.00000003.2144975853.000000000123E000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000003.2141243034.0000000001221000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2467205779.000000000123E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://csp.withgoogle.com/csp/clientupdate-aus/1
Source: Picasa3.exe, 00000014.00000002.2593399186.0000000007223000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://img1.blogblog.com/img/b16-rounded.gif
Source: Picasa3.exe, 00000014.00000002.2593399186.0000000007223000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2593399186.000000000716B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://lh5.googleusercontent.com/torawRKsQC9zYeAfBTnwj0vDXOgZc_h0dLzbT9cuJHTARJVy8hKIualz1K6Eyxrk5N
Source: Picasa3.exe, 00000014.00000002.2593399186.0000000007223000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2593399186.000000000716B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://lh6.googleusercontent.com/U1Wgkz0b0L79g0MrXkIR-u3WrLnN-6LfWpKMewRPk7cimpKgDjQOFOB8iYJlE0WMtl
Source: Picasa3.exe, 00000014.00000002.2593399186.0000000007244000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2593399186.0000000007223000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://lh6.googleusercontent.com/cj7rHSEh-D7AQlIfvrTNPlz54826dAcKs41-1aVifrCkILBD5-XDZMBfl7sfLOw6oC
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000031AA000.00000004.00000020.00020000.00000000.sdmp, setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000035FF000.00000004.00000020.00020000.00000000.sdmp, GPhotos.scr, 00000011.00000000.1542724484.000000000062E000.00000002.00000001.01000000.0000000F.sdmp, Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp, PicasaPhotoViewer.exe, 00000015.00000000.1692209976.000000000070D000.00000002.00000001.01000000.00000019.sdmp	String found in binary or memory: https://mail.google.com/
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: https://mail.google.com/a/%s/?ui=pb&v=sm
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: https://mail.google.com/a/%s/?ui=pb&v=smhttps://mail.google.com/mail?ui=pb&v=sm%x%x%x%x-GMAIL_ATGMAI
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: https://mail.google.com/mail?ui=pb&v=sm
Source: 1a4e5ccd35a56d84281a143f831563be.exe, 0000000F.00000002.2419971867.000000000012E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://napoveda.seznam.cz/cz/smluvni-podminky/podminky-seznam-doplnky/0x00F1
Source: 1a4e5ccd35a56d84281a143f831563be.exe, 0000000F.00000002.2419971867.000000000012E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://napoveda.seznam.cz/cz/smluvni-podminky/podminky-seznam-doplnky/open
Source: Picasa3.exe, 00000014.00000002.2482072226.0000000002E92000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2506191744.0000000004241000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://photos.blogger.com/picasa-post.g
Source: Picasa3.exe, 00000014.00000002.2482072226.0000000002E92000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://photos.blogger.com/picasa-post.g(s
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: https://photos.google.com
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: https://photos.google.com/apps
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: https://photos.google.com/appslistboxcaptionpopuplistOriginal
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: https://photos.google.comvideoPostTargetresumableVideoUploadUrlupgradeVideoemailRelayupdateRequiredG
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000031AA000.00000004.00000020.00020000.00000000.sdmp, setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000035FF000.00000004.00000020.00020000.00000000.sdmp, GPhotos.scr, 00000011.00000000.1542724484.000000000062E000.00000002.00000001.01000000.0000000F.sdmp, Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp, PicasaPhotoViewer.exe, 00000015.00000000.1692209976.000000000070D000.00000002.00000001.01000000.00000019.sdmp	String found in binary or memory: https://picasaweb.google.com
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000031AA000.00000004.00000020.00020000.00000000.sdmp, setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000035FF000.00000004.00000020.00020000.00000000.sdmp, GPhotos.scr, 00000011.00000000.1542724484.000000000062E000.00000002.00000001.01000000.0000000F.sdmp, Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp, PicasaPhotoViewer.exe, 00000015.00000000.1692209976.000000000070D000.00000002.00000001.01000000.00000019.sdmp	String found in binary or memory: https://picasaweb.google.com/c/
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000035FF000.00000004.00000020.00020000.00000000.sdmp, GPhotos.scr, 00000011.00000000.1542724484.000000000062E000.00000002.00000001.01000000.0000000F.sdmp, Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: https://picasaweb.google.com/data/urls?version=1&alt=rss
Source: Picasa3.exe, 00000014.00000002.2506191744.0000000004241000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://picasaweb.google.com/data/urls?version=1&alt=rss&gl=CH
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000031AA000.00000004.00000020.00020000.00000000.sdmp, PicasaPhotoViewer.exe, 00000015.00000000.1692209976.000000000070D000.00000002.00000001.01000000.00000019.sdmp	String found in binary or memory: https://picasaweb.google.com/data/urls?version=1&alt=rssSoftware
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000031AA000.00000004.00000020.00020000.00000000.sdmp, setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000035FF000.00000004.00000020.00020000.00000000.sdmp, GPhotos.scr, 00000011.00000000.1542724484.000000000062E000.00000002.00000001.01000000.0000000F.sdmp, Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp, PicasaPhotoViewer.exe, 00000015.00000000.1692209976.000000000070D000.00000002.00000001.01000000.00000019.sdmp	String found in binary or memory: https://picasaweb.google.com/lh/picasaSignupRedir
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000031AA000.00000004.00000020.00020000.00000000.sdmp, setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000035FF000.00000004.00000020.00020000.00000000.sdmp, GPhotos.scr, 00000011.00000000.1542724484.000000000062E000.00000002.00000001.01000000.0000000F.sdmp, Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp, PicasaPhotoViewer.exe, 00000015.00000000.1692209976.000000000070D000.00000002.00000001.01000000.00000019.sdmp	String found in binary or memory: https://picasaweb.google.com/lh/picasaSignupRedirhttps://plus.google.com/https://www.google.com/acco
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000031AA000.00000004.00000020.00020000.00000000.sdmp, setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000035FF000.00000004.00000020.00020000.00000000.sdmp, GPhotos.scr, 00000011.00000000.1542724484.000000000062E000.00000002.00000001.01000000.0000000F.sdmp, Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp, PicasaPhotoViewer.exe, 00000015.00000000.1692209976.000000000070D000.00000002.00000001.01000000.00000019.sdmp	String found in binary or memory: https://plus.google.com/
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: https://plus.google.com/photos/%s/albums/%s
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: https://plus.google.com/photos/%s/albums/%sNot
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.0000000003831000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2506191744.0000000004241000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2482072226.0000000002E7B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://secure.picasa.com/support/account.php
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.0000000003831000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2506191744.0000000004241000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2482072226.0000000002F0B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://secure.picasa.com/support/account.php?do=password
Source: Picasa3.exe, 00000014.00000002.2506191744.0000000004241000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2599824731.000000001140C000.00000002.00000001.01000000.00000014.sdmp, Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp, Picasa3.exe, 00000014.00000003.1626203204.0000000003FB3000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2599824731.000000001000C000.00000002.00000001.01000000.00000014.sdmp, Picasa3.exe, 00000014.00000002.2482072226.0000000002E7B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://secure.picasa.com/support/register.php
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: https://support.google.com/drive/?p=picasa
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.0000000003831000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2599824731.000000001000C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: https://support.google.com/photos/?p=storage
Source: Picasa3.exe, 00000014.00000002.2506191744.0000000004241000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://support.google.com/picasa/answer/52532?hl=en
Source: setuppicasa39-setup.exe, 00000010.00000003.1659418312.000000000067F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://support.google.com/plus/?p=gpautobackupPublisherGoogle
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.0000000003831000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://support.google.com/plus/answer/1647509#cost
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: https://uploader.picasa.com/froogle.php?q=%s
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: https://uploader.picasa.com/froogle.php?q=%sthumbui/mainuipanelthumbui/acquirepanelthumbui/infowellt
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: https://uploader.picasa.com/providers/php/generate.xml.php?prID=%s&country=%s
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: https://uploader.picasa.com/providers/php/generate.xml.php?prID=%s&country=%sclientlanguagehttp://lo
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000031AA000.00000004.00000020.00020000.00000000.sdmp, setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000035FF000.00000004.00000020.00020000.00000000.sdmp, GPhotos.scr, 00000011.00000000.1542724484.000000000062E000.00000002.00000001.01000000.0000000F.sdmp, Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp, PicasaPhotoViewer.exe, 00000015.00000000.1692209976.000000000070D000.00000002.00000001.01000000.00000019.sdmp	String found in binary or memory: https://www-googleapis-staging.sandbox.google.com
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000031AA000.00000004.00000020.00020000.00000000.sdmp, setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000035FF000.00000004.00000020.00020000.00000000.sdmp, GPhotos.scr, 00000011.00000000.1542724484.000000000062E000.00000002.00000001.01000000.0000000F.sdmp, Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp, PicasaPhotoViewer.exe, 00000015.00000000.1692209976.000000000070D000.00000002.00000001.01000000.00000019.sdmp	String found in binary or memory: https://www-googleapis-test.sandbox.google.com
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000031AA000.00000004.00000020.00020000.00000000.sdmp, setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000035FF000.00000004.00000020.00020000.00000000.sdmp, GPhotos.scr, 00000011.00000000.1542724484.000000000062E000.00000002.00000001.01000000.0000000F.sdmp, Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp, PicasaPhotoViewer.exe, 00000015.00000000.1692209976.000000000070D000.00000002.00000001.01000000.00000019.sdmp	String found in binary or memory: https://www-googleapis-test.sandbox.google.comhttps://www-googleapis-staging.sandbox.google.comhttps
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.0000000003831000.00000004.00000020.00020000.00000000.sdmp, setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000031AA000.00000004.00000020.00020000.00000000.sdmp, setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000035FF000.00000004.00000020.00020000.00000000.sdmp, GPhotos.scr, 00000011.00000000.1542724484.000000000062E000.00000002.00000001.01000000.0000000F.sdmp, Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp, Picasa3.exe, 00000014.00000002.2506191744.0000000004241000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2482072226.0000000002EAA000.00000004.00000020.00020000.00000000.sdmp, PicasaPhotoViewer.exe, 00000015.00000000.1692209976.000000000070D000.00000002.00000001.01000000.00000019.sdmp	String found in binary or memory: https://www.google.com
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000032A7000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2599824731.000000001140C000.00000002.00000001.01000000.00000014.sdmp, PicasaPhotoViewer.exe, 00000015.00000000.1697683801.0000000000864000.00000002.00000001.01000000.00000019.sdmp	String found in binary or memory: https://www.google.com.tr/accounts/ForgotPasswd
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000031AA000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp, PicasaPhotoViewer.exe, 00000015.00000000.1692209976.000000000070D000.00000002.00000001.01000000.00000019.sdmp	String found in binary or memory: https://www.google.com/
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000031AA000.00000004.00000020.00020000.00000000.sdmp, PicasaPhotoViewer.exe, 00000015.00000000.1692209976.000000000070D000.00000002.00000001.01000000.00000019.sdmp	String found in binary or memory: https://www.google.com/Working
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000032A7000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000003.1626531844.00000000040E2000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2599824731.000000001140C000.00000002.00000001.01000000.00000014.sdmp, Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp, Picasa3.exe, 00000014.00000003.1626203204.0000000003FB3000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2599824731.000000001000C000.00000002.00000001.01000000.00000014.sdmp, Picasa3.exe, 00000014.00000002.2482072226.0000000002E7B000.00000004.00000020.00020000.00000000.sdmp, PicasaPhotoViewer.exe, 00000015.00000003.1768334402.000000000284E000.00000004.00000020.00020000.00000000.sdmp, PicasaPhotoViewer.exe, 00000015.00000003.1770457054.0000000002831000.00000004.00000020.00020000.00000000.sdmp, PicasaPhotoViewer.exe, 00000015.00000003.1774735111.0000000002835000.00000004.00000020.00020000.00000000.sdmp, PicasaPhotoViewer.exe, 00000015.00000000.1697683801.0000000000864000.00000002.00000001.01000000.00000019.sdmp, PicasaPhotoViewer.exe, 00000015.00000003.1775225286.000000000283A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/accounts/ForgotPasswd
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000032A7000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp, PicasaPhotoViewer.exe, 00000015.00000000.1697683801.0000000000864000.00000002.00000001.01000000.00000019.sdmp	String found in binary or memory: https://www.google.com/accounts/ForgotPasswd?hl=pt_BR
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000031AA000.00000004.00000020.00020000.00000000.sdmp, setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000035FF000.00000004.00000020.00020000.00000000.sdmp, GPhotos.scr, 00000011.00000000.1542724484.000000000062E000.00000002.00000001.01000000.0000000F.sdmp, Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp, PicasaPhotoViewer.exe, 00000015.00000000.1692209976.000000000070D000.00000002.00000001.01000000.00000019.sdmp	String found in binary or memory: https://www.google.com/accounts/NewAccount?service=mail
Source: Picasa3.exe, 00000014.00000002.2506191744.0000000004241000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/accounts/NewAccount?service=videoonline
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000031AA000.00000004.00000020.00020000.00000000.sdmp, setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000035FF000.00000004.00000020.00020000.00000000.sdmp, GPhotos.scr, 00000011.00000000.1542724484.000000000062E000.00000002.00000001.01000000.0000000F.sdmp, Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp, PicasaPhotoViewer.exe, 00000015.00000000.1692209976.000000000070D000.00000002.00000001.01000000.00000019.sdmp	String found in binary or memory: https://www.google.com/accounts/OAuthLogin
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000031AA000.00000004.00000020.00020000.00000000.sdmp, setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000035FF000.00000004.00000020.00020000.00000000.sdmp, GPhotos.scr, 00000011.00000000.1542724484.000000000062E000.00000002.00000001.01000000.0000000F.sdmp, Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp, PicasaPhotoViewer.exe, 00000015.00000000.1692209976.000000000070D000.00000002.00000001.01000000.00000019.sdmp	String found in binary or memory: https://www.google.com/accounts/OAuthLoginhttps://picasaweb.google.com/c/https://www.google.com/m8/f
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000032A7000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2599824731.000000001000C000.00000002.00000001.01000000.00000014.sdmp, PicasaPhotoViewer.exe, 00000015.00000000.1697683801.0000000000864000.00000002.00000001.01000000.00000019.sdmp	String found in binary or memory: https://www.google.com/accounts/ServiceLogin?hl=ar_US&continue=http%3A%2F%2Fpicasaweb.google.com
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000032A7000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2599824731.000000001000C000.00000002.00000001.01000000.00000014.sdmp, PicasaPhotoViewer.exe, 00000015.00000000.1697683801.0000000000864000.00000002.00000001.01000000.00000019.sdmp	String found in binary or memory: https://www.google.com/accounts/ServiceLogin?hl=bg&continue=http%3A%2F%2Fpicasaweb.google.com%2F
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000032A7000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2599824731.000000001000C000.00000002.00000001.01000000.00000014.sdmp, PicasaPhotoViewer.exe, 00000015.00000000.1697683801.0000000000864000.00000002.00000001.01000000.00000019.sdmp	String found in binary or memory: https://www.google.com/accounts/ServiceLogin?hl=ca_ES&continue=http%3A%2F%2Fpicasaweb.google.com
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000032A7000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2599824731.000000001000C000.00000002.00000001.01000000.00000014.sdmp, PicasaPhotoViewer.exe, 00000015.00000000.1697683801.0000000000864000.00000002.00000001.01000000.00000019.sdmp	String found in binary or memory: https://www.google.com/accounts/ServiceLogin?hl=cs&continue=http%3A%2F%2Fpicasaweb.google.com%2F
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000032A7000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2599824731.000000001000C000.00000002.00000001.01000000.00000014.sdmp, PicasaPhotoViewer.exe, 00000015.00000000.1697683801.0000000000864000.00000002.00000001.01000000.00000019.sdmp	String found in binary or memory: https://www.google.com/accounts/ServiceLogin?hl=de_DE&continue=http%3A%2F%2Fpicasaweb.google.com
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000032A7000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2599824731.000000001000C000.00000002.00000001.01000000.00000014.sdmp, PicasaPhotoViewer.exe, 00000015.00000000.1697683801.0000000000864000.00000002.00000001.01000000.00000019.sdmp	String found in binary or memory: https://www.google.com/accounts/ServiceLogin?hl=el&continue=http%3A%2F%2Fpicasaweb.google.com%2F
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000032A7000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2599824731.000000001000C000.00000002.00000001.01000000.00000014.sdmp, PicasaPhotoViewer.exe, 00000015.00000000.1697683801.0000000000864000.00000002.00000001.01000000.00000019.sdmp	String found in binary or memory: https://www.google.com/accounts/ServiceLogin?hl=en_GB&continue=http%3A%2F%2Fpicasaweb.google.com
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000032A7000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000003.1626531844.00000000040E2000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2599824731.000000001140C000.00000002.00000001.01000000.00000014.sdmp, Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp, Picasa3.exe, 00000014.00000003.1626203204.0000000003FB3000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2599824731.000000001000C000.00000002.00000001.01000000.00000014.sdmp, PicasaPhotoViewer.exe, 00000015.00000003.1768334402.000000000284E000.00000004.00000020.00020000.00000000.sdmp, PicasaPhotoViewer.exe, 00000015.00000000.1697683801.0000000000864000.00000002.00000001.01000000.00000019.sdmp	String found in binary or memory: https://www.google.com/accounts/ServiceLogin?hl=en_US&continue=http%3A%2F%2Fpicasaweb.google.com
Source: Picasa3.exe, 00000014.00000002.2482072226.0000000002EAA000.00000004.00000020.00020000.00000000.sdmp, PicasaPhotoViewer.exe, 00000015.00000003.1768334402.000000000284E000.00000004.00000020.00020000.00000000.sdmp, PicasaPhotoViewer.exe, 00000015.00000002.1779594524.000000000285D000.00000004.00000020.00020000.00000000.sdmp, PicasaPhotoViewer.exe, 00000015.00000003.1775391488.000000000285D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/accounts/ServiceLogin?hl=en_US&continue=http%3A%2F%2Fpicasaweb.google.com%2Fh
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000032A7000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2599824731.000000001000C000.00000002.00000001.01000000.00000014.sdmp, PicasaPhotoViewer.exe, 00000015.00000000.1697683801.0000000000864000.00000002.00000001.01000000.00000019.sdmp	String found in binary or memory: https://www.google.com/accounts/ServiceLogin?hl=es_ES&continue=http%3A%2F%2Fpicasaweb.google.com
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000032A7000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp, PicasaPhotoViewer.exe, 00000015.00000000.1697683801.0000000000864000.00000002.00000001.01000000.00000019.sdmp	String found in binary or memory: https://www.google.com/accounts/ServiceLogin?hl=fi_fi&continue=http%3A%2F%2Fpicasaweb.google.com
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000032A7000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp, PicasaPhotoViewer.exe, 00000015.00000000.1697683801.0000000000864000.00000002.00000001.01000000.00000019.sdmp	String found in binary or memory: https://www.google.com/accounts/ServiceLogin?hl=fil_PH&continue=http%3A%2F%2Fpicasaweb.google.co
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000032A7000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp, PicasaPhotoViewer.exe, 00000015.00000000.1697683801.0000000000864000.00000002.00000001.01000000.00000019.sdmp	String found in binary or memory: https://www.google.com/accounts/ServiceLogin?hl=fr_FR&continue=http%3A%2F%2Fpicasaweb.google.com
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000032A7000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp, PicasaPhotoViewer.exe, 00000015.00000000.1697683801.0000000000864000.00000002.00000001.01000000.00000019.sdmp	String found in binary or memory: https://www.google.com/accounts/ServiceLogin?hl=hu_HU&continue=http%3A%2F%2Fpicasaweb.google.com
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000032A7000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp, PicasaPhotoViewer.exe, 00000015.00000000.1697683801.0000000000864000.00000002.00000001.01000000.00000019.sdmp	String found in binary or memory: https://www.google.com/accounts/ServiceLogin?hl=id_ID&continue=http%3A%2F%2Fpicasaweb.google.com
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000032A7000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp, PicasaPhotoViewer.exe, 00000015.00000000.1697683801.0000000000864000.00000002.00000001.01000000.00000019.sdmp	String found in binary or memory: https://www.google.com/accounts/ServiceLogin?hl=it&continue=http%3A%2F%2Fpicasaweb.google.com%2F
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000032A7000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp, PicasaPhotoViewer.exe, 00000015.00000000.1697683801.0000000000864000.00000002.00000001.01000000.00000019.sdmp	String found in binary or memory: https://www.google.com/accounts/ServiceLogin?hl=ja_JP&continue=http%3A%2F%2Fpicasaweb.google.com
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000032A7000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp, PicasaPhotoViewer.exe, 00000015.00000000.1697683801.0000000000864000.00000002.00000001.01000000.00000019.sdmp	String found in binary or memory: https://www.google.com/accounts/ServiceLogin?hl=ko_KR&continue=http%3A%2F%2Fpicasaweb.google.com
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000032A7000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp, PicasaPhotoViewer.exe, 00000015.00000000.1697683801.0000000000864000.00000002.00000001.01000000.00000019.sdmp	String found in binary or memory: https://www.google.com/accounts/ServiceLogin?hl=lv_LV&continue=http%3A%2F%2Fpicasaweb.google.com
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000032A7000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp, PicasaPhotoViewer.exe, 00000015.00000000.1697683801.0000000000864000.00000002.00000001.01000000.00000019.sdmp	String found in binary or memory: https://www.google.com/accounts/ServiceLogin?hl=nl_US&continue=http%3A%2F%2Fpicasaweb.google.com
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000032A7000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp, PicasaPhotoViewer.exe, 00000015.00000000.1697683801.0000000000864000.00000002.00000001.01000000.00000019.sdmp	String found in binary or memory: https://www.google.com/accounts/ServiceLogin?hl=no_US&continue=http%3A%2F%2Fpicasaweb.google.com
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000032A7000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp, PicasaPhotoViewer.exe, 00000015.00000000.1697683801.0000000000864000.00000002.00000001.01000000.00000019.sdmp	String found in binary or memory: https://www.google.com/accounts/ServiceLogin?hl=pl&continue=http%3A%2F%2Fpicasaweb.google.com%2F
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000032A7000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp, PicasaPhotoViewer.exe, 00000015.00000000.1697683801.0000000000864000.00000002.00000001.01000000.00000019.sdmp	String found in binary or memory: https://www.google.com/accounts/ServiceLogin?hl=pt_BR&continue=http%3A%2F%2Fpicasaweb.google.com
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000032A7000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp, PicasaPhotoViewer.exe, 00000015.00000000.1697683801.0000000000864000.00000002.00000001.01000000.00000019.sdmp	String found in binary or memory: https://www.google.com/accounts/ServiceLogin?hl=pt_PT&continue=http%3A%2F%2Fpicasaweb.google.com
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000032A7000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp, PicasaPhotoViewer.exe, 00000015.00000000.1697683801.0000000000864000.00000002.00000001.01000000.00000019.sdmp	String found in binary or memory: https://www.google.com/accounts/ServiceLogin?hl=ro&continue=http%3A%2F%2Fpicasaweb.google.com%2F
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000032A7000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp, PicasaPhotoViewer.exe, 00000015.00000000.1697683801.0000000000864000.00000002.00000001.01000000.00000019.sdmp	String found in binary or memory: https://www.google.com/accounts/ServiceLogin?hl=ru&continue=http%3A%2F%2Fpicasaweb.google.com%2F
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000032A7000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp, PicasaPhotoViewer.exe, 00000015.00000000.1697683801.0000000000864000.00000002.00000001.01000000.00000019.sdmp	String found in binary or memory: https://www.google.com/accounts/ServiceLogin?hl=sl_SI&continue=http%3A%2F%2Fpicasaweb.google.com
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000032A7000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp, PicasaPhotoViewer.exe, 00000015.00000000.1697683801.0000000000864000.00000002.00000001.01000000.00000019.sdmp	String found in binary or memory: https://www.google.com/accounts/ServiceLogin?hl=sv_SE&continue=http%3A%2F%2Fpicasaweb.google.com
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000032A7000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2599824731.000000001140C000.00000002.00000001.01000000.00000014.sdmp, PicasaPhotoViewer.exe, 00000015.00000000.1697683801.0000000000864000.00000002.00000001.01000000.00000019.sdmp	String found in binary or memory: https://www.google.com/accounts/ServiceLogin?hl=th&
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000032A7000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2599824731.000000001140C000.00000002.00000001.01000000.00000014.sdmp, PicasaPhotoViewer.exe, 00000015.00000000.1697683801.0000000000864000.00000002.00000001.01000000.00000019.sdmp	String found in binary or memory: https://www.google.com/accounts/ServiceLogin?hl=tr&continue=http%3A%2F%2Fpicasaweb.google.com%2F
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000032A7000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2599824731.000000001140C000.00000002.00000001.01000000.00000014.sdmp, PicasaPhotoViewer.exe, 00000015.00000000.1697683801.0000000000864000.00000002.00000001.01000000.00000019.sdmp	String found in binary or memory: https://www.google.com/accounts/ServiceLogin?hl=vi_VN&continue=http%3A%2F%2Fpicasaweb.google.com
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000032A7000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2599824731.000000001140C000.00000002.00000001.01000000.00000014.sdmp, PicasaPhotoViewer.exe, 00000015.00000000.1697683801.0000000000864000.00000002.00000001.01000000.00000019.sdmp	String found in binary or memory: https://www.google.com/accounts/ServiceLogin?hl=zh_CN&continue=http%3A%2F%2Fpicasaweb.google.com
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: https://www.google.com/contacts
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: https://www.google.com/contactsrefresh_contactsonline_contactcountsyncgplusrevertcreateemailsfullnam
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.0000000003831000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2599824731.000000001000C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: https://www.google.com/intl/en/policies/privacy/
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.0000000003831000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2599824731.000000001000C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: https://www.google.com/intl/en/policies/terms/
Source: Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: https://www.google.com/intl/iw/policies/privacy/
Source: Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: https://www.google.com/intl/iw/policies/terms/
Source: Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp, Picasa3.exe, 00000014.00000002.2599824731.000000001000C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: https://www.google.com/intl/pt-BR/policies/privacy/
Source: Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp, Picasa3.exe, 00000014.00000002.2599824731.000000001000C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: https://www.google.com/intl/pt-BR/policies/terms/
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000031AA000.00000004.00000020.00020000.00000000.sdmp, setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000035FF000.00000004.00000020.00020000.00000000.sdmp, GPhotos.scr, 00000011.00000000.1542724484.000000000062E000.00000002.00000001.01000000.0000000F.sdmp, Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp, PicasaPhotoViewer.exe, 00000015.00000000.1692209976.000000000070D000.00000002.00000001.01000000.00000019.sdmp	String found in binary or memory: https://www.google.com/m8/feeds/
Source: Picasa3.exe, 00000014.00000002.2482072226.0000000002E92000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2599824731.000000001140C000.00000002.00000001.01000000.00000014.sdmp, Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp, Picasa3.exe, 00000014.00000003.1626203204.0000000003FB3000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2599824731.000000001000C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: https://www.google.com/policies/privacy/
Source: setuppicasa39-setup.exe, 00000010.00000003.1659418312.000000000067F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/policies/privacy/http://www.google.ro/policies/privacy/https://www.google.com
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.0000000003831000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2599824731.000000001000C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: https://www.google.com/policies/terms
Source: Picasa3.exe, 00000014.00000002.2482072226.0000000002E92000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2599824731.000000001140C000.00000002.00000001.01000000.00000014.sdmp, Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp, Picasa3.exe, 00000014.00000003.1626203204.0000000003FB3000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2599824731.000000001000C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: https://www.google.com/policies/terms/
Source: setuppicasa39-setup.exe, 00000010.00000003.1659418312.000000000067F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/policies/terms/http://www.google.ro/policies/terms/https://www.google.com/int
Source: Picasa3.exe, 00000014.00000002.2482072226.0000000002E92000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/tbproxy/usagestats
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: https://www.google.com/tbproxy/usagestatsLastStatsTransmissionpicasa
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000032A7000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2599824731.000000001000C000.00000002.00000001.01000000.00000014.sdmp, PicasaPhotoViewer.exe, 00000015.00000000.1697683801.0000000000864000.00000002.00000001.01000000.00000019.sdmp	String found in binary or memory: https://www.google.cz/accounts/ForgotPasswd
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000032A7000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2599824731.000000001000C000.00000002.00000001.01000000.00000014.sdmp, PicasaPhotoViewer.exe, 00000015.00000000.1697683801.0000000000864000.00000002.00000001.01000000.00000019.sdmp	String found in binary or memory: https://www.google.de/accounts/ForgotPasswd
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000032A7000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2599824731.000000001000C000.00000002.00000001.01000000.00000014.sdmp, PicasaPhotoViewer.exe, 00000015.00000000.1697683801.0000000000864000.00000002.00000001.01000000.00000019.sdmp	String found in binary or memory: https://www.google.es/accounts/ForgotPasswd
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000032A7000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp, PicasaPhotoViewer.exe, 00000015.00000000.1697683801.0000000000864000.00000002.00000001.01000000.00000019.sdmp	String found in binary or memory: https://www.google.nl/accounts/ForgotPasswd
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000032A7000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp, PicasaPhotoViewer.exe, 00000015.00000000.1697683801.0000000000864000.00000002.00000001.01000000.00000019.sdmp	String found in binary or memory: https://www.google.rs/accounts/ForgotPasswd
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000032A7000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp, PicasaPhotoViewer.exe, 00000015.00000000.1697683801.0000000000864000.00000002.00000001.01000000.00000019.sdmp	String found in binary or memory: https://www.google.rs/accounts/ServiceLogin?hl=sr&continue=http%3A%2F%2Fpicasaweb.google.rs%2Fho
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000031AA000.00000004.00000020.00020000.00000000.sdmp, setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000035FF000.00000004.00000020.00020000.00000000.sdmp, GPhotos.scr, 00000011.00000000.1542724484.000000000062E000.00000002.00000001.01000000.0000000F.sdmp, Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp, PicasaPhotoViewer.exe, 00000015.00000000.1692209976.000000000070D000.00000002.00000001.01000000.00000019.sdmp	String found in binary or memory: https://www.googleapis.com
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000031AA000.00000004.00000020.00020000.00000000.sdmp, setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000035FF000.00000004.00000020.00020000.00000000.sdmp, GPhotos.scr, 00000011.00000000.1542724484.000000000062E000.00000002.00000001.01000000.0000000F.sdmp, Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp, PicasaPhotoViewer.exe, 00000015.00000000.1692209976.000000000070D000.00000002.00000001.01000000.00000019.sdmp	String found in binary or memory: https://www.googleapis.com/auth/photos
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000031AA000.00000004.00000020.00020000.00000000.sdmp, setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000035FF000.00000004.00000020.00020000.00000000.sdmp, GPhotos.scr, 00000011.00000000.1542724484.000000000062E000.00000002.00000001.01000000.0000000F.sdmp, Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp, PicasaPhotoViewer.exe, 00000015.00000000.1692209976.000000000070D000.00000002.00000001.01000000.00000019.sdmp	String found in binary or memory: https://www.googleapis.com/auth/plus.circles.read
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000031AA000.00000004.00000020.00020000.00000000.sdmp, setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000035FF000.00000004.00000020.00020000.00000000.sdmp, GPhotos.scr, 00000011.00000000.1542724484.000000000062E000.00000002.00000001.01000000.0000000F.sdmp, Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp, PicasaPhotoViewer.exe, 00000015.00000000.1692209976.000000000070D000.00000002.00000001.01000000.00000019.sdmp	String found in binary or memory: https://www.googleapis.com/auth/plus.me
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000031AA000.00000004.00000020.00020000.00000000.sdmp, setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000035FF000.00000004.00000020.00020000.00000000.sdmp, GPhotos.scr, 00000011.00000000.1542724484.000000000062E000.00000002.00000001.01000000.0000000F.sdmp, Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp, PicasaPhotoViewer.exe, 00000015.00000000.1692209976.000000000070D000.00000002.00000001.01000000.00000019.sdmp	String found in binary or memory: https://www.googleapis.com/auth/plus.media.readonly
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000031AA000.00000004.00000020.00020000.00000000.sdmp, setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000035FF000.00000004.00000020.00020000.00000000.sdmp, GPhotos.scr, 00000011.00000000.1542724484.000000000062E000.00000002.00000001.01000000.0000000F.sdmp, Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp, PicasaPhotoViewer.exe, 00000015.00000000.1692209976.000000000070D000.00000002.00000001.01000000.00000019.sdmp	String found in binary or memory: https://www.googleapis.com/auth/plus.media.upload
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000031AA000.00000004.00000020.00020000.00000000.sdmp, setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000035FF000.00000004.00000020.00020000.00000000.sdmp, GPhotos.scr, 00000011.00000000.1542724484.000000000062E000.00000002.00000001.01000000.0000000F.sdmp, Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp, PicasaPhotoViewer.exe, 00000015.00000000.1692209976.000000000070D000.00000002.00000001.01000000.00000019.sdmp	String found in binary or memory: https://www.googleapis.com/auth/plus.profiles.read
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000031AA000.00000004.00000020.00020000.00000000.sdmp, setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000035FF000.00000004.00000020.00020000.00000000.sdmp, GPhotos.scr, 00000011.00000000.1542724484.000000000062E000.00000002.00000001.01000000.0000000F.sdmp, Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp, PicasaPhotoViewer.exe, 00000015.00000000.1692209976.000000000070D000.00000002.00000001.01000000.00000019.sdmp	String found in binary or memory: https://www.googleapis.com/auth/plus.settings
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000031AA000.00000004.00000020.00020000.00000000.sdmp, setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000035FF000.00000004.00000020.00020000.00000000.sdmp, GPhotos.scr, 00000011.00000000.1542724484.000000000062E000.00000002.00000001.01000000.0000000F.sdmp, Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp, PicasaPhotoViewer.exe, 00000015.00000000.1692209976.000000000070D000.00000002.00000001.01000000.00000019.sdmp	String found in binary or memory: https://www.googleapis.com/auth/plus.stream.write
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000031AA000.00000004.00000020.00020000.00000000.sdmp, setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000035FF000.00000004.00000020.00020000.00000000.sdmp, GPhotos.scr, 00000011.00000000.1542724484.000000000062E000.00000002.00000001.01000000.0000000F.sdmp, Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp, PicasaPhotoViewer.exe, 00000015.00000000.1692209976.000000000070D000.00000002.00000001.01000000.00000019.sdmp	String found in binary or memory: https://www.googleapis.com/auth/userinfo%23email
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000031AA000.00000004.00000020.00020000.00000000.sdmp, setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000035FF000.00000004.00000020.00020000.00000000.sdmp, GPhotos.scr, 00000011.00000000.1542724484.000000000062E000.00000002.00000001.01000000.0000000F.sdmp, Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp, PicasaPhotoViewer.exe, 00000015.00000000.1692209976.000000000070D000.00000002.00000001.01000000.00000019.sdmp	String found in binary or memory: https://www.youtube.com/create_channel?upsell=upload

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49865
Source: unknown	Network traffic detected: HTTP traffic on port 49817 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49863
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49862
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49861
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49982
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49860
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49981
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49980
Source: unknown	Network traffic detected: HTTP traffic on port 49932 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49898 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49875 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49852 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49795 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49990 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49859
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49979
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49857
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49978
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49856
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49977
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49855
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49976
Source: unknown	Network traffic detected: HTTP traffic on port 49841 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49854
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49975
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49853
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49974
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49852
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49973
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49851
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49972
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49850
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49971
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49970
Source: unknown	Network traffic detected: HTTP traffic on port 49967 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49784 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50004 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49909 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49806 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49943 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49849
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49848
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49969
Source: unknown	Network traffic detected: HTTP traffic on port 49978 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49847
Source: unknown	Network traffic detected: HTTP traffic on port 49886 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49968
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49846
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49967
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49845
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49966
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49844
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49965
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49843
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49964
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49842
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49963
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49841
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49962
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49840
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49961
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49960
Source: unknown	Network traffic detected: HTTP traffic on port 50015 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50040 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49966 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49989 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49828 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49933 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49805 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49839
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49838
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49959
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49837
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49958
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49836
Source: unknown	Network traffic detected: HTTP traffic on port 49921 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49957
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49835
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49956
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49834
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49955
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49833
Source: unknown	Network traffic detected: HTTP traffic on port 49887 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49954
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49832
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49953
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49831
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49952
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49830
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49951
Source: unknown	Network traffic detected: HTTP traffic on port 49839 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49950
Source: unknown	Network traffic detected: HTTP traffic on port 49944 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49910 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49853 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49796 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown	Network traffic detected: HTTP traffic on port 49955 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49708
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49829
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49828
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49949
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49827
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49948
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49826
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49947
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49704
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49825
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49946
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49824
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49945
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49702
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49823
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49944
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49822
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49943
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49788
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49787
Source: unknown	Network traffic detected: HTTP traffic on port 50061 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49786
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49785
Source: unknown	Network traffic detected: HTTP traffic on port 49922 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49784
Source: unknown	Network traffic detected: HTTP traffic on port 49945 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49783
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49782
Source: unknown	Network traffic detected: HTTP traffic on port 50017 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49781
Source: unknown	Network traffic detected: HTTP traffic on port 49968 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49785 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50049 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49807 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49980 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown	Network traffic detected: HTTP traffic on port 49885 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49778
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49899
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49898
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49897
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49896
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49895
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 49862 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49894
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49893
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49892
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49891
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49890
Source: unknown	Network traffic detected: HTTP traffic on port 49897 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49911 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49957 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49851 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49830 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49889
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49888
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49887
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49886
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49885
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 49863 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49884
Source: unknown	Network traffic detected: HTTP traffic on port 50038 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49883
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49882
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49881
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 49840 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49880
Source: unknown	Network traffic detected: HTTP traffic on port 49702 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49896 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49797 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49956 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50005 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49979 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49879
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49878
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49999
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49877
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49998
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49876
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49997
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49875
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49996
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49874
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49995
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49873
Source: unknown	Network traffic detected: HTTP traffic on port 49923 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49994
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49872
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49993
Source: unknown	Network traffic detected: HTTP traffic on port 50016 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49818 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49871
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49992
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49870
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49990
Source: unknown	Network traffic detected: HTTP traffic on port 49786 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49874 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49829 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49934 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50027 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49869
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49868
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49989
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49867
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49866
Source: unknown	Network traffic detected: HTTP traffic on port 50013 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50059 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49803 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49826 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49906 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49849 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49900 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49837 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49975 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49929 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49872 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49964 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49798 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49861 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49999 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49918 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49873 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49787 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49930 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50001 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49850 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49963 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49799
Source: unknown	Network traffic detected: HTTP traffic on port 50037 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49798
Source: unknown	Network traffic detected: HTTP traffic on port 50012 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49797
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50009
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49796
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49795
Source: unknown	Network traffic detected: HTTP traffic on port 49952 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49794
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49793
Source: unknown	Network traffic detected: HTTP traffic on port 49814 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49792
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49791
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49790
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50001
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50003
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50002
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50005
Source: unknown	Network traffic detected: HTTP traffic on port 49895 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50004
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50048 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49825 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49884 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49907 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49941 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49789
Source: unknown	Network traffic detected: HTTP traffic on port 49997 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49859 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49871 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49894 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50003 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49965 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49799 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49942 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49977 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49816 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50035 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49919 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49954 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50014 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49788 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49827 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49882 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49848 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49838 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49976 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49953 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49815 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49908 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50024 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49883 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49860 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49778 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49998 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49931 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50058 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49804 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50002 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49920 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49708 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49926 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49949 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49800 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49789 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50056
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50058
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50057
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50059
Source: unknown	Network traffic detected: HTTP traffic on port 49961 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50022 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50061
Source: unknown	Network traffic detected: HTTP traffic on port 50045 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49881 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49950 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49996 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50010 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49812 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50056 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49893 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49915 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49823 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49790 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49869 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50009 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49972 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49834 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50057 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49892 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49904 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49847 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49927 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49822 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49870 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49938 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49811 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50018
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50017
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50019
Source: unknown	Network traffic detected: HTTP traffic on port 49813 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49951 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49974 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50010
Source: unknown	Network traffic detected: HTTP traffic on port 49836 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49916 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50012
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50011
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50014
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50013
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50016
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50015
Source: unknown	Network traffic detected: HTTP traffic on port 49939 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49845 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49791 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49868 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50021
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50020
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50022
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50024
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50027
Source: unknown	Network traffic detected: HTTP traffic on port 49879 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49802 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50021 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50030
Source: unknown	Network traffic detected: HTTP traffic on port 49905 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49995 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50011 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49928 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50031
Source: unknown	Network traffic detected: HTTP traffic on port 49857 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50033
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50035
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50038
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50037
Source: unknown	Network traffic detected: HTTP traffic on port 49801 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49940 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49824 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50041
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50040
Source: unknown	Network traffic detected: HTTP traffic on port 49973 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49891 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50033 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50043
Source: unknown	Network traffic detected: HTTP traffic on port 49835 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49917 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50042
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50045
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50044
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50049
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50048
Source: unknown	Network traffic detected: HTTP traffic on port 49880 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49962 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49775 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50044 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49846 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49792 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49890 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49970 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50042 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49781 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49878 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49912 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49935 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49958 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49889 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49866 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49820 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49946 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50018 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49855 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49981 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49901 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49924 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49819 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49844 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49947 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49793 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49831 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50031 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49992 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50043 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49782 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49969 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49994 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50020 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49856 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49913 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49808 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49867 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49821
Source: unknown	Network traffic detected: HTTP traffic on port 49865 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49942
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49820
Source: unknown	Network traffic detected: HTTP traffic on port 49842 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49941
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49940
Source: unknown	Network traffic detected: HTTP traffic on port 49704 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49833 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49819
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49818
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49939
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49938
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49817
Source: unknown	Network traffic detected: HTTP traffic on port 49810 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49816
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49937
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49815
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49936
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49814
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49935
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49813
Source: unknown	Network traffic detected: HTTP traffic on port 49902 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49934
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49812
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49933
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49811
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49932
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49810
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49931
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49930
Source: unknown	Network traffic detected: HTTP traffic on port 49925 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49971 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49794 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49936 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49876 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49960 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49809
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49808

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49702 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49704 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.75.76.70:443 -> 192.168.2.16:49708 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.217.23.110:443 -> 192.168.2.16:49716 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.217.23.110:443 -> 192.168.2.16:49715 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 142.250.186.65:443 -> 192.168.2.16:49736 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 142.250.186.65:443 -> 192.168.2.16:49737 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 142.250.185.174:443 -> 192.168.2.16:49755 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 142.250.185.174:443 -> 192.168.2.16:49754 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.217.23.110:443 -> 192.168.2.16:49772 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.217.23.110:443 -> 192.168.2.16:49773 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.217.23.110:443 -> 192.168.2.16:49775 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.75.76.70:443 -> 192.168.2.16:49776 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.190.159.64:443 -> 192.168.2.16:49926 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.75.78.30:443 -> 192.168.2.16:49960 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.75.78.30:443 -> 192.168.2.16:49966 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.75.78.30:443 -> 192.168.2.16:49969 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.75.78.30:443 -> 192.168.2.16:49972 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.75.78.30:443 -> 192.168.2.16:49981 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.75.78.30:443 -> 192.168.2.16:49996 version: TLS 1.2

Spam, unwanted Advertisements and Ransom Demands

Writes many files with high entropy

Source: C:\Users\user\Desktop\1a4e5ccd35a56d84281a143f831563be.exe	File created: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\listicka.exe entropy: 7.99973343481	Jump to dropped file
Source: C:\Users\user\Desktop\1a4e5ccd35a56d84281a143f831563be.exe	File created: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe entropy: 7.99944334747	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\listicka.exe	File created: C:\Users\user\AppData\Roaming\Seznam.cz\install\com.microsoft.msdn.msvcr100-10.0.40219.325-win32.zip entropy: 7.99902013967	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\listicka.exe	File created: C:\Users\user\AppData\Roaming\Seznam.cz\install\com.microsoft.msdn.msvcr110-11.0.51106.1-win32.zip entropy: 7.99803893501	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\listicka.exe	File created: C:\Users\user\AppData\Roaming\Seznam.cz\install\cz.seznam.software.libfoxcub-3.3.4-win32.zip entropy: 7.99937504474	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\listicka.exe	File created: C:\Users\user\AppData\Roaming\Seznam.cz\install\cz.seznam.software.libfoxcub64-3.3.4-win32.zip entropy: 7.9934403699	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\listicka.exe	File created: C:\Users\user\AppData\Roaming\Seznam.cz\install\cz.seznam.software.libszndesktop-2.1.29-win32.zip entropy: 7.9975528811	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\listicka.exe	File created: C:\Users\user\AppData\Roaming\Seznam.cz\install\cz.seznam.software.lightspeed-1210-12.10.12-win32.zip entropy: 7.99527419193	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\listicka.exe	File created: C:\Users\user\AppData\Roaming\Seznam.cz\install\cz.seznam.software.lightspeed-1210-12.10.17-win32.zip entropy: 7.99527148225	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\listicka.exe	File created: C:\Users\user\AppData\Roaming\Seznam.cz\install\cz.seznam.software.pp-1.0.2-win32.zip entropy: 7.99611761346	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\listicka.exe	File created: C:\Users\user\AppData\Roaming\Seznam.cz\install\cz.seznam.software.szndesktop-2.0.31-win32.zip entropy: 7.99148015785	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\listicka.exe	File created: C:\Users\user\AppData\Roaming\Seznam.cz\install\cz.seznam.software.szninstall-1.1.14-win32.zip entropy: 7.99734638525	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\listicka.exe	File created: C:\Users\user\AppData\Roaming\Seznam.cz\install\cz.seznam.software.sznsetup-1.2.6-win32.zip entropy: 7.99808441613	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\listicka.exe	File created: C:\Users\user\AppData\Roaming\Seznam.cz\install\szn-software-fflisticka-4.0.4-win32.zip entropy: 7.99500794712	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup-lt.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\90SNK17T\cz.seznam.software.sznsetup-1.2.7-win32[1].zip entropy: 7.99751989556	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup-lt.exe	File created: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\download\cz.seznam.software.sznsetup-1.2.7-win32.zip entropy: 7.99751989556	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup-lt.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\AN5UOLP8\cz.seznam.software.szninstall-1.1.15-win32[1].zip entropy: 7.99622148951	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup-lt.exe	File created: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\download\cz.seznam.software.szninstall-1.1.15-win32.zip entropy: 7.99622148951	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\90SNK17T\cz.seznam.software.libfoxcub-3.3.8-win32[1].zip entropy: 7.99928054353	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	File created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\download\cz.seznam.software.libfoxcub-3.3.8-win32.zip entropy: 7.99928054353	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\AN5UOLP8\cz.seznam.software.libfoxcub64-3.3.8-win32[1].zip entropy: 7.99330512834	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	File created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\download\cz.seznam.software.libfoxcub64-3.3.8-win32.zip entropy: 7.99330512834	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\AN5UOLP8\szn-software-fflisticka-4.0.8-win32[1].zip entropy: 7.99598048244	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	File created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\download\szn-software-fflisticka-4.0.8-win32.zip entropy: 7.99598048244	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\C7S8M5VS\cz.seznam.software.lightspeed-1210-12.10.18-win32[1].zip entropy: 7.99452128979	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	File created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\download\cz.seznam.software.lightspeed-1210-12.10.18-win32.zip entropy: 7.99452128979	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\33CUD2J1\cz.seznam.software.libszndesktop-2.1.35-win32[1].zip entropy: 7.99829572997	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	File created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\download\cz.seznam.software.libszndesktop-2.1.35-win32.zip entropy: 7.99829572997	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\AN5UOLP8\cz.seznam.software.szndesktop-2.0.32-win32[1].zip entropy: 7.991462256	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	File created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\download\cz.seznam.software.szndesktop-2.0.32-win32.zip entropy: 7.991462256	Jump to dropped file

Too many similar processes found

Source: conhost.exe

Process created: 41

System Summary

Submitted sample is a known malware sample

Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	Dropped file: MD5: 23b7d7d024abb0f558420e098800bf27 Family: OceanLotus Alias: OceanLotus, , Cobalt Kitty , APT-C-00, SeaLotus, APT32 Description: OceanLotus is an APT group that was first disclosed and named by QI-ANXIN. The APT group carried out targeted attacks against Chinese government, research institutes, maritime institutions, and shipping companies since 2012. The group, called as APT32 by FireEye, also targeted corporations with a vested interest in Vietnams manufacturing, consumer products, and hospitality sectors. Furthermore, it has also targeted foreign governments, as well as Vietnamese dissidents and journalists since at least 2013. References: https://www.fireeye.com/blog/threat-research/2017/05/cyber-espionage-apt32.html https://www.cybereason.com/labs-operation-cobalt-kitty-a-large-scale-apt-in-asia-carried-out-by-the-oceanlotus-group/https://www.scmagazineuk.com/ocean-lotus-groupapt-32-identified-as-vietnamese-apt-group/article/663565/Data Source: https://github.com/RedDrip7/APT_Digital_Weapon
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	Dropped file: MD5: 23b7d7d024abb0f558420e098800bf27 Family: OceanLotus Alias: OceanLotus, , Cobalt Kitty , APT-C-00, SeaLotus, APT32 Description: OceanLotus is an APT group that was first disclosed and named by QI-ANXIN. The APT group carried out targeted attacks against Chinese government, research institutes, maritime institutions, and shipping companies since 2012. The group, called as APT32 by FireEye, also targeted corporations with a vested interest in Vietnams manufacturing, consumer products, and hospitality sectors. Furthermore, it has also targeted foreign governments, as well as Vietnamese dissidents and journalists since at least 2013. References: https://www.fireeye.com/blog/threat-research/2017/05/cyber-espionage-apt32.html https://www.cybereason.com/labs-operation-cobalt-kitty-a-large-scale-apt-in-asia-carried-out-by-the-oceanlotus-group/https://www.scmagazineuk.com/ocean-lotus-groupapt-32-identified-as-vietnamese-apt-group/article/663565/Data Source: https://github.com/RedDrip7/APT_Digital_Weapon
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	Dropped file: MD5: 23b7d7d024abb0f558420e098800bf27 Family: OceanLotus Alias: OceanLotus, , Cobalt Kitty , APT-C-00, SeaLotus, APT32 Description: OceanLotus is an APT group that was first disclosed and named by QI-ANXIN. The APT group carried out targeted attacks against Chinese government, research institutes, maritime institutions, and shipping companies since 2012. The group, called as APT32 by FireEye, also targeted corporations with a vested interest in Vietnams manufacturing, consumer products, and hospitality sectors. Furthermore, it has also targeted foreign governments, as well as Vietnamese dissidents and journalists since at least 2013. References: https://www.fireeye.com/blog/threat-research/2017/05/cyber-espionage-apt32.html https://www.cybereason.com/labs-operation-cobalt-kitty-a-large-scale-apt-in-asia-carried-out-by-the-oceanlotus-group/https://www.scmagazineuk.com/ocean-lotus-groupapt-32-identified-as-vietnamese-apt-group/article/663565/Data Source: https://github.com/RedDrip7/APT_Digital_Weapon
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	Dropped file: MD5: 23b7d7d024abb0f558420e098800bf27 Family: OceanLotus Alias: OceanLotus, , Cobalt Kitty , APT-C-00, SeaLotus, APT32 Description: OceanLotus is an APT group that was first disclosed and named by QI-ANXIN. The APT group carried out targeted attacks against Chinese government, research institutes, maritime institutions, and shipping companies since 2012. The group, called as APT32 by FireEye, also targeted corporations with a vested interest in Vietnams manufacturing, consumer products, and hospitality sectors. Furthermore, it has also targeted foreign governments, as well as Vietnamese dissidents and journalists since at least 2013. References: https://www.fireeye.com/blog/threat-research/2017/05/cyber-espionage-apt32.html https://www.cybereason.com/labs-operation-cobalt-kitty-a-large-scale-apt-in-asia-carried-out-by-the-oceanlotus-group/https://www.scmagazineuk.com/ocean-lotus-groupapt-32-identified-as-vietnamese-apt-group/article/663565/Data Source: https://github.com/RedDrip7/APT_Digital_Weapon

Contains functionality to call native functions

Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe

Code function: 16_2_04C926E0 ntusercheck,GlobalAlloc,lstrcpynW,

16_2_04C926E0

Creates files inside the system directory

Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe

File created: C:\Windows\SysWOW64\GPhotos.scr

Jump to behavior

Detected potential crypto function

Source: C:\Users\user\Desktop\1a4e5ccd35a56d84281a143f831563be.exe	Code function: 15_2_73A34F30	15_2_73A34F30
Source: C:\Users\user\Desktop\1a4e5ccd35a56d84281a143f831563be.exe	Code function: 15_2_73A32077	15_2_73A32077
Source: C:\Users\user\Desktop\1a4e5ccd35a56d84281a143f831563be.exe	Code function: 15_2_73A34C40	15_2_73A34C40
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	Code function: 16_2_04C97CF0	16_2_04C97CF0
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	Code function: 16_2_04C9F421	16_2_04C9F421
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	Code function: 16_2_04C96A7D	16_2_04C96A7D
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	Code function: 16_2_04C98F8D	16_2_04C98F8D
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_033E522B	20_2_033E522B
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_033E9229	20_2_033E9229
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_033E4112	20_2_033E4112
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_033C0100	20_2_033C0100
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_033D1190	20_2_033D1190
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_033EB1F1	20_2_033EB1F1
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_033BE0B0	20_2_033BE0B0
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_033EB733	20_2_033EB733
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_033EC6B9	20_2_033EC6B9
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_033E141B	20_2_033E141B
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_033DA8B0	20_2_033DA8B0
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_033EDE49	20_2_033EDE49
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_033DFD20	20_2_033DFD20
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_033EBDF3	20_2_033EBDF3
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_033EACAF	20_2_033EACAF
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_04043450	20_2_04043450
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_04065468	20_2_04065468
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_04042500	20_2_04042500
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_04056560	20_2_04056560
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_04042600	20_2_04042600
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_04071701	20_2_04071701
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_04032730	20_2_04032730
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_0406F73C	20_2_0406F73C
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_0403B070	20_2_0403B070
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_04065070	20_2_04065070
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_040340B0	20_2_040340B0
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_040711BF	20_2_040711BF
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_040691CB	20_2_040691CB
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_04037280	20_2_04037280
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_04072303	20_2_04072303
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_04074359	20_2_04074359
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_04071C43	20_2_04071C43
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_04060E40	20_2_04060E40
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_0403DEF0	20_2_0403DEF0
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_04036F10	20_2_04036F10
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_04044810	20_2_04044810
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_04059810	20_2_04059810
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_0406B890	20_2_0406B890
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_04067B7F	20_2_04067B7F
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_04072BC9	20_2_04072BC9
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_04838D40	20_2_04838D40
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_04831410	20_2_04831410
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_0481F430	20_2_0481F430
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_04879445	20_2_04879445
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_0488A469	20_2_0488A469
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_0483D470	20_2_0483D470
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_048275B0	20_2_048275B0
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_048835EB	20_2_048835EB
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_0480B510	20_2_0480B510
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_04828510	20_2_04828510
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_04823680	20_2_04823680
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_048126C0	20_2_048126C0
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_04865600	20_2_04865600
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_04884640	20_2_04884640
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_047E66B0	20_2_047E66B0
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_04836670	20_2_04836670
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_0487D78E	20_2_0487D78E
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_048687C0	20_2_048687C0
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_048107F0	20_2_048107F0
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_0483A710	20_2_0483A710
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_048830A9	20_2_048830A9
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_047F3050	20_2_047F3050
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_04802020	20_2_04802020
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_04836040	20_2_04836040
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_04813180	20_2_04813180
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_047E8150	20_2_047E8150
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_0483E1F0	20_2_0483E1F0
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_047EC190	20_2_047EC190
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_04880233	20_2_04880233
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_04811380	20_2_04811380
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_04874325	20_2_04874325
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_047E53B8	20_2_047E53B8
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_04847360	20_2_04847360
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_0480CDF0	20_2_0480CDF0
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_047F1D00	20_2_047F1D00
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_0486FD20	20_2_0486FD20
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_0481AD70	20_2_0481AD70
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_047EBE50	20_2_047EBE50
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_04887EA7	20_2_04887EA7
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_0487DEEC	20_2_0487DEEC
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_0481AEF0	20_2_0481AEF0
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_047FFEF0	20_2_047FFEF0
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_0487BE1D	20_2_0487BE1D
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_0480BE40	20_2_0480BE40
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_047E3EB0	20_2_047E3EB0
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_04815880	20_2_04815880
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_04842890	20_2_04842890
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_048778B0	20_2_048778B0
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_0488499F	20_2_0488499F
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_047FCAE0	20_2_047FCAE0
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_0481FA40	20_2_0481FA40
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_047E5A90	20_2_047E5A90
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_04871A70	20_2_04871A70
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_047F4B30	20_2_047F4B30
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_047EFB10	20_2_047EFB10
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_04808B70	20_2_04808B70
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_047F6B80	20_2_047F6B80
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_100028F0	20_2_100028F0
Source: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\UNZIP.EXE	Code function: 38_2_00408850	38_2_00408850
Source: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\UNZIP.EXE	Code function: 38_2_0040C820	38_2_0040C820
Source: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\UNZIP.EXE	Code function: 38_2_00403490	38_2_00403490
Source: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\UNZIP.EXE	Code function: 38_2_00411170	38_2_00411170
Source: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\UNZIP.EXE	Code function: 38_2_0040E900	38_2_0040E900
Source: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\UNZIP.EXE	Code function: 38_2_0040CE49	38_2_0040CE49
Source: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\UNZIP.EXE	Code function: 38_2_0040CE50	38_2_0040CE50
Source: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\UNZIP.EXE	Code function: 38_2_00402210	38_2_00402210
Source: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\UNZIP.EXE	Code function: 38_2_00408EC0	38_2_00408EC0
Source: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\UNZIP.EXE	Code function: 38_2_00417EE3	38_2_00417EE3
Source: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\UNZIP.EXE	Code function: 38_2_00402EF0	38_2_00402EF0
Source: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\UNZIP.EXE	Code function: 38_2_0040F280	38_2_0040F280
Source: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\UNZIP.EXE	Code function: 38_2_00409FD0	38_2_00409FD0
Source: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\UNZIP.EXE	Code function: 38_2_004093E0	38_2_004093E0
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: 135_2_6C28CD7F	135_2_6C28CD7F
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: 135_2_6C2C8DB8	135_2_6C2C8DB8
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: 135_2_6C23AEB5	135_2_6C23AEB5
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: 135_2_6C2D6F10	135_2_6C2D6F10
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: 135_2_6C2309FB	135_2_6C2309FB
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: 135_2_6C23AB7B	135_2_6C23AB7B
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: 135_2_6C2DEBA7	135_2_6C2DEBA7
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: 135_2_6C2D2B84	135_2_6C2D2B84
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: 135_2_6C230BC8	135_2_6C230BC8
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: 135_2_6C24EBDD	135_2_6C24EBDD
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: 135_2_6C230549	135_2_6C230549
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: 135_2_6C2605BE	135_2_6C2605BE
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: 135_2_6C23059C	135_2_6C23059C
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: 135_2_6C2405D2	135_2_6C2405D2
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: 135_2_6C2486A2	135_2_6C2486A2
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: 135_2_6C2AC698	135_2_6C2AC698
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: 135_2_6C2AA693	135_2_6C2AA693
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: 135_2_6C2B86F4	135_2_6C2B86F4
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: 135_2_6C2DE7B6	135_2_6C2DE7B6
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: 135_2_6C23A7EB	135_2_6C23A7EB
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: 135_2_6C24208B	135_2_6C24208B
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: 135_2_6C2C20CF	135_2_6C2C20CF
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: 135_2_6C2B2146	135_2_6C2B2146
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: 135_2_6C24DCBB	135_2_6C24DCBB
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: 135_2_6C23BDA0	135_2_6C23BDA0
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: 135_2_6C275837	135_2_6C275837
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: 135_2_6C259840	135_2_6C259840
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: 135_2_6C2DD8C3	135_2_6C2DD8C3
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: 135_2_6C2AD8DA	135_2_6C2AD8DA
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: 135_2_6C241906	135_2_6C241906
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: 135_2_6C23BA5E	135_2_6C23BA5E
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: 135_2_6C2DBB66	135_2_6C2DBB66
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: 135_2_6C267579	135_2_6C267579
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: 135_2_6C2AB63B	135_2_6C2AB63B
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: 135_2_6C2CD670	135_2_6C2CD670
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: 135_2_6C2B56B4	135_2_6C2B56B4
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: 135_2_6C299002	135_2_6C299002
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: 135_2_6C2E10E6	135_2_6C2E10E6
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: 135_2_6C2370ED	135_2_6C2370ED
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: 135_2_6C231137	135_2_6C231137
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: 135_2_6C2C714C	135_2_6C2C714C
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: 135_2_6C253155	135_2_6C253155
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: 135_2_6C247216	135_2_6C247216
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: 135_2_6C2492E9	135_2_6C2492E9
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: 135_2_6C23B35D	135_2_6C23B35D
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: 135_2_6C35EB00	135_2_6C35EB00
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: 135_2_6C36E4A0	135_2_6C36E4A0
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: 135_2_6C33E670	135_2_6C33E670
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: 135_2_6C3707E0	135_2_6C3707E0
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: 135_2_6C36E240	135_2_6C36E240

Found potential string decryption / allocating functions

Source: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\UNZIP.EXE	Code function: String function: 00412920 appears 297 times
Source: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\UNZIP.EXE	Code function: String function: 00406640 appears 57 times
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	Code function: String function: 04C97C8C appears 38 times
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: String function: 0487784C appears 46 times
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: String function: 0482BBE0 appears 33 times
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: String function: 048734CE appears 109 times
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: String function: 0404A590 appears 51 times
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: String function: 047E7C90 appears 40 times
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: String function: 04859BE0 appears 40 times
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: String function: 033DFCBC appears 39 times
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: String function: 04832DE0 appears 88 times
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: String function: 047E3300 appears 67 times
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: String function: 033CDD30 appears 51 times
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: String function: 04065014 appears 39 times
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: String function: 6C234BAC appears 37 times
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: String function: 6C11A5B1 appears 82 times
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: String function: 6C36CA60 appears 56 times
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: String function: 6C23517A appears 64 times
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: String function: 6C11A5E7 appears 128 times
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: String function: 6C11A57E appears 282 times
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: String function: 6C22E590 appears 34 times
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: String function: 6C22FF6A appears 136 times
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: String function: 6C22FFE8 appears 71 times

Uses reg.exe to modify the Windows registry

Source: C:\Windows\SysWOW64\cmd.exe

Process created: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\REG.EXE REG DELETE "HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SeznamInstall" /f /va

Source: classification engine

Classification label: mal72.rans.evad.winZIP@317/1031@40/38

Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe

Code function: 20_2_04036450 GetLastError,FormatMessageA,LocalFree,

20_2_04036450

Source: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\UNZIP.EXE	Code function: 38_2_00412830 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,LookupPrivilegeValueA,GetLastError,AdjustTokenPrivileges,AdjustTokenPrivileges,GetLastError,CloseHandle,LookupPrivilegeValueA,AdjustTokenPrivileges,GetLastError,CloseHandle,		38_2_00412830
Source: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\REG.EXE	Code function: 42_2_01003280 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,		42_2_01003280

Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe

Code function: 135_2_6C10DAAA ?_Statvfs@sys@tr2@std@@YA?AUspace_info@123@PB_W@Z,__EH_prolog3_GS,wcslen,GetDiskFreeSpaceExW,

135_2_6C10DAAA

Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe

Code function: 16_2_04C91D20 CoCreateInstance,

16_2_04C91D20

Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe

Code function: 20_2_033B2780 lstrlenW,_malloc,WideCharToMultiByte,LoadLibraryExA,FindResourceA,LoadResource,SizeofResource,FreeLibrary,

20_2_033B2780

Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe

File created: C:\Program Files (x86)\Google\Picasa3

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe

File created: C:\Users\Public\Desktop\Picasa 3.lnk

Jump to behavior

Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2080:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5744:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4132:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7324:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3916:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6608:120:WilError_03
Source: C:\Program Files (x86)\Google\Picasa3\PicasaPhotoViewer.exe	Mutant created: \Sessions\1\BaseNamedObjects\Slingshot
Source: C:\Windows\SysWOW64\rundll32.exe	Mutant created: \Sessions\1\BaseNamedObjects\{42FD847D-5CAE-41A6-ACA4-9BDF58CE3344}
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7384:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:304:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3616:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4020:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2932:120:WilError_03
Source: C:\Program Files (x86)\Google\Picasa3\PicasaPhotoViewer.exe	Mutant created: \Sessions\1\BaseNamedObjects\Slingshot_setup
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Mutant created: \Sessions\1\BaseNamedObjects\Picasa
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Mutant created: \Sessions\1\BaseNamedObjects\szn-install-2012-d258fa602b6b6016a83aa6553428620f
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Mutant created: \Sessions\1\BaseNamedObjects\LightSpeed-ServiceApp-runmutexszndesktop.exe
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2084:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4184:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7452:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5232:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6464:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7460:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2188:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3640:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7872:120:WilError_03
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Mutant created: \Sessions\1\BaseNamedObjects\Picasa2
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7844:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5488:120:WilError_03

Source: C:\Users\user\Desktop\1a4e5ccd35a56d84281a143f831563be.exe

File created: C:\Users\user\AppData\Local\Temp\nsf8723.tmp

Jump to behavior

Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup-lt.exe

Process created: C:\Windows\SysWOW64\cmd.exe cmd /S /C "install.bat C:\Users\user\AppData\Roaming\Seznam.cz"

Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

System information queried: HandleInformation

Source: C:\Users\user\Desktop\1a4e5ccd35a56d84281a143f831563be.exe

File read: C:\Users\desktop.ini

Jump to behavior

Source: C:\Windows\System32\rundll32.exe

Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: unknown

Process created: C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

Source: UNZIP.EXE

String found in binary or memory: C:/Users/user/AppData/Roaming/Seznam.cz/install/com.microsoft.msdn.msvcr110-11.0.51106.1-win32.zip

Source: unknown	Process created: C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
Source: unknown	Process created: C:\Users\user\Desktop\1a4e5ccd35a56d84281a143f831563be.exe "C:\Users\user\Desktop\1a4e5ccd35a56d84281a143f831563be.exe"
Source: unknown	Process created: C:\Users\user\Desktop\1a4e5ccd35a56d84281a143f831563be.exe "C:\Users\user\Desktop\1a4e5ccd35a56d84281a143f831563be.exe"
Source: C:\Users\user\Desktop\1a4e5ccd35a56d84281a143f831563be.exe	Process created: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe setuppicasa39-setup.exe
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	Process created: C:\Windows\SysWOW64\GPhotos.scr "C:\Windows\system32\GPhotos.scr" /c /installcheck
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	Process created: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe "C:\Program Files (x86)\Google\Picasa3\Picasa3.exe" /register
Source: unknown	Process created: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe "C:\Program Files (x86)\Google\Picasa3\Picasa3.exe"
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Process created: C:\Program Files (x86)\Google\Picasa3\PicasaPhotoViewer.exe /config
Source: C:\Users\user\Desktop\1a4e5ccd35a56d84281a143f831563be.exe	Process created: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\listicka.exe listicka.exe /S
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\listicka.exe	Process created: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup-lt.exe "C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup-lt.exe" -T "C:\Users\user\AppData\Roaming\Seznam.cz" -R "$\install" http://download.seznam.cz/update
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup-lt.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\listicka.exe	Process created: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup-lt.exe "C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup-lt.exe" -T "C:\Users\user\AppData\Roaming\Seznam.cz" -i cz.seznam.software.szninstall
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup-lt.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Process created: C:\Program Files\Internet Explorer\iexplore.exe "C:\Program Files\Internet Explorer\iexplore.exe" -nohome "http://picasa.google.com/support/bin/answer.py?hl=en&answer=93773"
Source: C:\Program Files\Internet Explorer\iexplore.exe	Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3720 CREDAT:9474 /prefetch:2
Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe "C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe" --from-ie-to-edge=3 --ie-frame-hwnd=602e8
Source: C:\Program Files\Internet Explorer\iexplore.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe "C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe" --from-ie-to-edge=3 --ie-frame-hwnd=602e8
Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe	Process created: C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe "C:\PROGRA~2\Java\jre-1.8\bin\ssvagent.exe" -new
Source: C:\Program Files\Internet Explorer\iexplore.exe	Process created: C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe "C:\PROGRA~2\Java\jre-1.8\bin\ssvagent.exe" -new
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --from-ie-to-edge=3 --ie-frame-hwnd=602e8
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2244 --field-trial-handle=2004,i,1639013666010223883,15040558206664522354,262144 /prefetch:3
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup-lt.exe	Process created: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\UNZIP.EXE C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\unzip.exe -d C:\Users\user\AppData\Local\Temp\~006A18C4.00001B74.sznpkg -o C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\download\cz.seznam.software.sznsetup-1.2.7-win32.zip
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup-lt.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /S /C "install.bat C:\Users\user\AppData\Roaming\Seznam.cz"
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup-lt.exe	Process created: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\UNZIP.EXE C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\unzip.exe -d C:\Users\user\AppData\Local\Temp\~006A1AF6.00001B74.sznpkg -o C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\download\cz.seznam.software.szninstall-1.1.15-win32.zip
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup-lt.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /S /C "install.bat C:\Users\user\AppData\Roaming\Seznam.cz"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\REG.EXE REG DELETE "HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SeznamInstall" /f /va
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\REG.EXE REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SeznamInstall" /f
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\REG.EXE REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SeznamInstall" /f /v "InstallLocation" /d C:\Users\user\AppData\Roaming\Seznam.cz
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\REG.EXE REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SeznamInstall" /f /v "DisplayName" /d "Seznam Software"
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=1724 --field-trial-handle=2004,i,1639013666010223883,15040558206664522354,262144 /prefetch:8
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\REG.EXE REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SeznamInstall" /f /v "DisplayIcon" /d "C:\Users\user\AppData\Roaming\Seznam.cz\szninstall.exe,0"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\REG.EXE REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SeznamInstall" /f /v "UninstallString" /d "\"C:\Users\user\AppData\Roaming\Seznam.cz\szninstall.exe\" -X"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\REG.EXE REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SeznamInstall" /f /v "ModifyPath" /d "C:\Users\user\AppData\Roaming\Seznam.cz\szninstall.exe"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\REG.EXE REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SeznamInstall" /f /v "Publisher" /d "Seznam.cz"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\REG.EXE REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SeznamInstall" /f /v "URLInfoAbout" /d "http://software.seznam.cz"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\REG.EXE REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SeznamInstall" /f /v "Comments" /d "Vsechny aplikace spolecnosti Seznam.cz a.s."
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\REG.EXE REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SeznamInstall" /f /v "NoRepair" /t REG_DWORD /d 1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\REG.EXE REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SeznamInstall" /f /v "NoModify" /t REG_DWORD /d 0
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\listicka.exe	Process created: C:\Users\user\AppData\Roaming\Seznam.cz\szninstall.exe "C:\Users\user\AppData\Roaming\Seznam.cz\szninstall.exe" -s -u -i cz.seznam.software.autoupdate szn-software-listicka
Source: C:\Users\user\AppData\Roaming\Seznam.cz\szninstall.exe	Process created: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe -V
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.ProfileImport --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=6596 --field-trial-handle=2004,i,1639013666010223883,15040558206664522354,262144 /prefetch:8
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=3720 --field-trial-handle=2004,i,1639013666010223883,15040558206664522354,262144 /prefetch:8
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\cookie_exporter.exe cookie_exporter.exe --cookie-json=1188
Source: C:\Users\user\AppData\Roaming\Seznam.cz\szninstall.exe	Process created: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe -T C:\Users\user\AppData\Roaming\Seznam.cz -i -u cz.seznam.software.autoupdate szn-software-listicka -p
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Program Files\Internet Explorer\iexplore.exe	Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3720 CREDAT:202066 /prefetch:2
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-GB --service-sandbox-type=audio --mojo-platform-channel-handle=4984 --field-trial-handle=2004,i,1639013666010223883,15040558206664522354,262144 /prefetch:8
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\UNZIP.EXE C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\unzip.exe -d C:\Users\user\AppData\Local\Temp\~006A81A0.00000DD4.sznpkg -o C:\Users\user\AppData\Roaming\Seznam.cz\install\cz.seznam.software.autoupdate-1.0.8-win32.zip
Source: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\UNZIP.EXE	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /S /C "install.bat C:\Users\user\AppData\Roaming\Seznam.cz"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\REG.EXE REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /f /v "cz.seznam.software.autoupdate" /d "\"C:\Users\user\AppData\Roaming\Seznam.cz\szninstall.exe\" -c"
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\UNZIP.EXE C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\unzip.exe -d C:\Users\user\AppData\Local\Temp\~006A8374.00000DD4.sznpkg -o C:\Users\user\AppData\Roaming\Seznam.cz\install\szn-software-base-1.0.0-win32.zip
Source: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\UNZIP.EXE	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /S /C "install.bat C:\Users\user\AppData\Roaming\Seznam.cz"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\UNZIP.EXE C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\unzip.exe -d C:\Users\user\AppData\Local\Temp\~006A848E.00000DD4.sznpkg -o C:\Users\user\AppData\Roaming\Seznam.cz\install\com.microsoft.msdn.msvcr110-11.0.51106.1-win32.zip
Source: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\UNZIP.EXE	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /S /C "install.bat C:\Users\user\AppData\Roaming\Seznam.cz"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\CPY.EXE cpy msvcp110.dll "C:\Users\user\AppData\Roaming\Seznam.cz\bin"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\CPY.EXE cpy msvcr110.dll "C:\Users\user\AppData\Roaming\Seznam.cz\bin"
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\UNZIP.EXE C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\unzip.exe -d C:\Users\user\AppData\Local\Temp\~006A8960.00000DD4.sznpkg -o C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\download\cz.seznam.software.lightspeed-1210-12.10.18-win32.zip
Source: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\UNZIP.EXE	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /S /C "install.bat C:\Users\user\AppData\Roaming\Seznam.cz"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\CPY.EXE cpy lightspeed.dll "C:\Users\user\AppData\Roaming\Seznam.cz\bin"
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\UNZIP.EXE C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\unzip.exe -d C:\Users\user\AppData\Local\Temp\~006A8B64.00000DD4.sznpkg -o C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\download\cz.seznam.software.libszndesktop-2.1.35-win32.zip
Source: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\UNZIP.EXE	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /S /C "install.bat C:\Users\user\AppData\Roaming\Seznam.cz"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\CPY.EXE cpy "szndesktop.exe" "C:\Users\user\AppData\Roaming\Seznam.cz\bin"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\CPY.EXE cpy "szndesktop.conf" "C:\Users\user\AppData\Roaming\Seznam.cz\conf"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\CPY.EXE cpy "szndesktop.webpak" "C:\Users\user\AppData\Roaming\Seznam.cz\data"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\CPY.EXE cpy "sznpp.exe" "C:\Users\user\AppData\Roaming\Seznam.cz\bin"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\REG.EXE reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SeznamInstall" /v DisplayVersion /t REG_SZ /d "2.1.35" /f
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\UNZIP.EXE C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\unzip.exe -d C:\Users\user\AppData\Local\Temp\~006A9140.00000DD4.sznpkg -o C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\download\cz.seznam.software.szndesktop-2.0.32-win32.zip
Source: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\UNZIP.EXE	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /S /C "install.bat C:\Users\user\AppData\Roaming\Seznam.cz"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\CPY.EXE cpy "wszndesktop.exe" "C:\Users\user\AppData\Roaming\Seznam.cz\bin"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\REG.EXE REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /f /v "cz.seznam.software.szndesktop" /d "\"C:\Users\user\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe\" -q"
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\UNZIP.EXE C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\unzip.exe -d C:\Users\user\AppData\Local\Temp\~006A93FF.00000DD4.sznpkg -o C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\download\cz.seznam.software.libfoxcub-3.3.8-win32.zip
Source: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\UNZIP.EXE	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /S /C "install.bat C:\Users\user\AppData\Roaming\Seznam.cz"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\CPY.EXE cpy libfoxcub.dll "C:\Users\user\AppData\Roaming\Seznam.cz\bin"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\CPY.EXE cpy libfoxcub-x64.dll "C:\Users\user\AppData\Roaming\Seznam.cz\bin"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\CPY.EXE cpy libfoxcub.conf "C:\Users\user\AppData\Roaming\Seznam.cz\conf\szndesktop.d"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\CPY.EXE cpy foxcub.conf "C:\Users\user\AppData\Roaming\Seznam.cz\conf\libfoxcub"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\CPY.EXE cpy remote.conf "C:\Users\user\AppData\Roaming\Seznam.cz\conf\libfoxcub"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\CPY.EXE cpy listickaconfig.webpak "C:\Users\user\AppData\Roaming\Seznam.cz\data"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\CPY.EXE cpy listickanastaveni.webpak "C:\Users\user\AppData\Roaming\Seznam.cz\data"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\CPY.EXE cpy speeddial.webpak "C:\Users\user\AppData\Roaming\Seznam.cz\data"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe libfoxcub.dll,UpgradeListicka
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\REG.EXE REG QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\szn-software-listicka" /v "UninstallString"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\REG.EXE REG QUERY "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\szn-software-listicka" /v "UninstallString"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\REG.EXE REG DELETE "HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EA837F48-5AD1-443E-AE34-FFE03CBF3099}" /F
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Roaming\Seznam.cz\bin\sznpp.exe "C:\Users\user\AppData\Roaming\Seznam.cz\bin\sznpp.exe" -v report-ielisticka-install --status=0
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\UNZIP.EXE C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\unzip.exe -d C:\Users\user\AppData\Local\Temp\~006AA61F.00000DD4.sznpkg -o C:\Users\user\AppData\Roaming\Seznam.cz\install\cz.seznam.software.libfoxloader-3.2.7-win32.zip
Source: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\UNZIP.EXE	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /S /C "install.bat C:\Users\user\AppData\Roaming\Seznam.cz"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\UNZIP.EXE C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\unzip.exe -d C:\Users\user\AppData\Local\Temp\~006AA7B6.00000DD4.sznpkg -o C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\download\cz.seznam.software.libfoxcub64-3.3.8-win32.zip
Source: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\UNZIP.EXE	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /S /C "install.bat C:\Users\user\AppData\Roaming\Seznam.cz"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\CPY.EXE cpy libfoxcub-x64.dll "C:\Users\user\AppData\Roaming\Seznam.cz\bin"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\CPY.EXE cpy listicka-x64.exe "C:\Users\user\AppData\Roaming\Seznam.cz\bin"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe szndesktop.exe default restart
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Process created: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe szndesktop.exe default restart
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Process created: C:\Users\user\AppData\Roaming\Seznam.cz\bin\listicka-x64.exe "C:\Users\user\AppData\Roaming\Seznam.cz\bin\listicka-x64.exe"
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Process created: C:\Users\user\AppData\Roaming\Seznam.cz\bin\sznpp.exe "C:\Users\user\AppData\Roaming\Seznam.cz\bin\sznpp.exe" report-startup
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\listicka-x64.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\UNZIP.EXE C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\unzip.exe -d C:\Users\user\AppData\Local\Temp\~006AB17A.00000DD4.sznpkg -o C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\download\cz.seznam.software.ielisticka3-3.3.5-win32.zip
Source: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\UNZIP.EXE	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /S /C "install.bat C:\Users\user\AppData\Roaming\Seznam.cz"
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\UNZIP.EXE C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\unzip.exe -d C:\Users\user\AppData\Local\Temp\~006AB2D1.00000DD4.sznpkg -o C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\download\szn-software-fflisticka-4.0.8-win32.zip
Source: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\UNZIP.EXE	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /S /C "install.bat C:\Users\user\AppData\Roaming\Seznam.cz"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Roaming\Seznam.cz\bin\sznpp.exe "C:\Users\user\AppData\Roaming\Seznam.cz\bin\sznpp.exe" install_ff "C:\Users\user\AppData\Roaming\Seznam.cz\data\fflisticka\seznam_doplnek_email-4.4.1-fx.xpi"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Roaming\Seznam.cz\bin\sznpp.exe "C:\Users\user\AppData\Roaming\Seznam.cz\bin\sznpp.exe" install_ff "C:\Users\user\AppData\Roaming\Seznam.cz\data\fflisticka\sko-extension@firma.seznam.cz.xpi"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Roaming\Seznam.cz\bin\sznpp.exe "C:\Users\user\AppData\Roaming\Seznam.cz\bin\sznpp.exe" install-firefox-nm
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\UNZIP.EXE C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\unzip.exe -d C:\Users\user\AppData\Local\Temp\~006AC669.00000DD4.sznpkg -o C:\Users\user\AppData\Roaming\Seznam.cz\install\cz.seznam.software.chromelisticka-2.0.4-win32.zip
Source: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\UNZIP.EXE	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /S /C "install.bat C:\Users\user\AppData\Roaming\Seznam.cz"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Roaming\Seznam.cz\bin\sznpp.exe "C:\Users\user\AppData\Roaming\Seznam.cz\bin\sznpp.exe" install-chrome all
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\sznpp.exe	Process created: C:\Users\user\AppData\Roaming\Seznam.cz\bin\sznpp_64.exe "C:\Users\user\AppData\Roaming\Seznam.cz\bin\sznpp.exe" install-chrome all
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Roaming\Seznam.cz\bin\sznpp.exe "C:\Users\user\AppData\Roaming\Seznam.cz\bin\sznpp.exe" install-chrome-nm
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\UNZIP.EXE C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\unzip.exe -d C:\Users\user\AppData\Local\Temp\~006AD463.00000DD4.sznpkg -o C:\Users\user\AppData\Roaming\Seznam.cz\install\com.microsoft.msdn.msvcr100-10.0.40219.325-win32.zip
Source: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\UNZIP.EXE	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /S /C "install.bat C:\Users\user\AppData\Roaming\Seznam.cz"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\CPY.EXE cpy msvcp100.dll "C:\Users\user\AppData\Roaming\Seznam.cz\bin"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\CPY.EXE cpy msvcr100.dll "C:\Users\user\AppData\Roaming\Seznam.cz\bin"
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\UNZIP.EXE C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\unzip.exe -d C:\Users\user\AppData\Local\Temp\~006AD780.00000DD4.sznpkg -o C:\Users\user\AppData\Roaming\Seznam.cz\install\cz.seznam.software.pp-1.0.2-win32.zip
Source: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\UNZIP.EXE	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /S /C "install.bat C:\Users\user\AppData\Roaming\Seznam.cz"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\CPY.EXE cpy unlockInstance.dll "C:\Users\user\AppData\Roaming\Seznam.cz\bin"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\CPY.EXE cpy unlockInstance.conf "C:\Users\user\AppData\Roaming\Seznam.cz\conf\szndesktop.d"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe szndesktop.exe default restart
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Process created: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe szndesktop.exe default restart
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Process created: C:\Users\user\AppData\Roaming\Seznam.cz\bin\sznpp.exe "C:\Users\user\AppData\Roaming\Seznam.cz\bin\sznpp.exe" install-chrome retry
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\sznpp.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Process created: C:\Users\user\AppData\Roaming\Seznam.cz\bin\listicka-x64.exe "C:\Users\user\AppData\Roaming\Seznam.cz\bin\listicka-x64.exe"
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Process created: C:\Users\user\AppData\Roaming\Seznam.cz\bin\sznpp.exe "C:\Users\user\AppData\Roaming\Seznam.cz\bin\sznpp.exe" report-startup
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\listicka-x64.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\sznpp.exe	Process created: C:\Users\user\AppData\Roaming\Seznam.cz\bin\sznpp_64.exe "C:\Users\user\AppData\Roaming\Seznam.cz\bin\sznpp.exe" install-chrome retry
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\UNZIP.EXE C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\unzip.exe -d C:\Users\user\AppData\Local\Temp\~006AE03A.00000DD4.sznpkg -o C:\Users\user\AppData\Roaming\Seznam.cz\install\szn-software-listicka-3.0.0-win32.zip
Source: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\UNZIP.EXE	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\sznpp_64.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe chrome.exe --no-default-browser-check --new-window about:blank
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /S /C "install.bat C:\Users\user\AppData\Roaming\Seznam.cz"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe "C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe" -A 49764 cd "C:\Users\user\AppData\Roaming\Seznam.cz"
Source: C:\Users\user\AppData\Roaming\Seznam.cz\szninstall.exe	Process created: C:\Users\user\AppData\Roaming\Seznam.cz\szninstall.exe "C:\Users\user\AppData\Roaming\Seznam.cz\szninstall.exe" -S 49764
Source: C:\Windows\System32\conhost.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2216 --field-trial-handle=1932,i,14273124409084968856,4101485093560783332,262144 /prefetch:8
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe "C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe" -A 49764 "C:\Users\user\AppData\Local\Temp\~006AE03A.00000DD4.sznpkg\install.bat" ADMINPHASE . "C:\Program Files (x86)\Seznam.cz\distribution"
Source: C:\Users\user\AppData\Roaming\Seznam.cz\szninstall.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c C:\Users\user\AppData\Local\Temp\~006AE03A.00000DD4.sznpkg\install.bat ADMINPHASE . "C:\Program Files (x86)\Seznam.cz\distribution"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe ".\sznsetup.exe" -T "C:\Program Files (x86)\Seznam.cz\distribution" -R "C:\Program Files (x86)\Seznam.cz\distribution\install"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\xcopy.exe xcopy /S /Y /G /I ".\install\." "C:\Program Files (x86)\Seznam.cz\distribution\install"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\REG.EXE REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /f /v "seznam-listicka-distribuce" /d "\"C:\Program Files (x86)\Seznam.cz\distribution\szninstall.exe\" -s -d listicka 1 szn-software-listicka cz.seznam.software.autoupdate"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\REG.EXE REG ADD "HKEY_CURRENT_USER\SOFTWARE\Seznam.cz\distribution" /f /v "listicka" /t REG_DWORD /d 1
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /S /C "C:\Users\user\AppData\Roaming\Seznam.cz\uninstall\cz_seznam_software_libszndesktop_2_1_35.reconfigure.bat C:\Users\user\AppData\Roaming\Seznam.cz"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe "C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe" default restart
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Process created: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe "C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe" default restart
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Process created: C:\Users\user\AppData\Roaming\Seznam.cz\bin\sznpp.exe "C:\Users\user\AppData\Roaming\Seznam.cz\bin\sznpp.exe" install-chrome retry
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\sznpp.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Process created: C:\Users\user\AppData\Roaming\Seznam.cz\bin\listicka-x64.exe "C:\Users\user\AppData\Roaming\Seznam.cz\bin\listicka-x64.exe"
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Process created: C:\Users\user\AppData\Roaming\Seznam.cz\bin\sznpp.exe "C:\Users\user\AppData\Roaming\Seznam.cz\bin\sznpp.exe" report-startup
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\listicka-x64.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Roaming\Seznam.cz\szninstall.exe	Process created: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe -V
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-GB --service-sandbox-type=search_indexer --message-loop-type-ui --mojo-platform-channel-handle=6084 --field-trial-handle=2004,i,1639013666010223883,15040558206664522354,262144 /prefetch:8
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\sznpp_64.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe chrome.exe --no-default-browser-check --new-window about:blank
Source: C:\Users\user\Desktop\1a4e5ccd35a56d84281a143f831563be.exe	Process created: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe setuppicasa39-setup.exe	Jump to behavior
Source: C:\Users\user\Desktop\1a4e5ccd35a56d84281a143f831563be.exe	Process created: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\listicka.exe listicka.exe /S	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	Process created: C:\Windows\SysWOW64\GPhotos.scr "C:\Windows\system32\GPhotos.scr" /c /installcheck	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	Process created: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe "C:\Program Files (x86)\Google\Picasa3\Picasa3.exe" /register	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Process created: C:\Program Files (x86)\Google\Picasa3\PicasaPhotoViewer.exe /config	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Process created: C:\Program Files\Internet Explorer\iexplore.exe "C:\Program Files\Internet Explorer\iexplore.exe" -nohome "http://picasa.google.com/support/bin/answer.py?hl=en&answer=93773"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\listicka.exe	Process created: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup-lt.exe "C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup-lt.exe" -T "C:\Users\user\AppData\Roaming\Seznam.cz" -R "$\install" http://download.seznam.cz/update
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\listicka.exe	Process created: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup-lt.exe "C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup-lt.exe" -T "C:\Users\user\AppData\Roaming\Seznam.cz" -i cz.seznam.software.szninstall
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\listicka.exe	Process created: C:\Users\user\AppData\Roaming\Seznam.cz\szninstall.exe "C:\Users\user\AppData\Roaming\Seznam.cz\szninstall.exe" -s -u -i cz.seznam.software.autoupdate szn-software-listicka
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup-lt.exe	Process created: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\UNZIP.EXE C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\unzip.exe -d C:\Users\user\AppData\Local\Temp\~006A18C4.00001B74.sznpkg -o C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\download\cz.seznam.software.sznsetup-1.2.7-win32.zip
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup-lt.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /S /C "install.bat C:\Users\user\AppData\Roaming\Seznam.cz"
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup-lt.exe	Process created: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\UNZIP.EXE C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\unzip.exe -d C:\Users\user\AppData\Local\Temp\~006A1AF6.00001B74.sznpkg -o C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\download\cz.seznam.software.szninstall-1.1.15-win32.zip
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup-lt.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /S /C "install.bat C:\Users\user\AppData\Roaming\Seznam.cz"
Source: C:\Program Files\Internet Explorer\iexplore.exe	Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3720 CREDAT:9474 /prefetch:2
Source: C:\Program Files\Internet Explorer\iexplore.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe "C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe" --from-ie-to-edge=3 --ie-frame-hwnd=602e8
Source: C:\Program Files\Internet Explorer\iexplore.exe	Process created: C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe "C:\PROGRA~2\Java\jre-1.8\bin\ssvagent.exe" -new
Source: C:\Program Files\Internet Explorer\iexplore.exe	Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3720 CREDAT:202066 /prefetch:2
Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe "C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe" --from-ie-to-edge=3 --ie-frame-hwnd=602e8
Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe	Process created: C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe "C:\PROGRA~2\Java\jre-1.8\bin\ssvagent.exe" -new
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --from-ie-to-edge=3 --ie-frame-hwnd=602e8
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2244 --field-trial-handle=2004,i,1639013666010223883,15040558206664522354,262144 /prefetch:3
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=1724 --field-trial-handle=2004,i,1639013666010223883,15040558206664522354,262144 /prefetch:8
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=1724 --field-trial-handle=2004,i,1639013666010223883,15040558206664522354,262144 /prefetch:8
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\CPY.EXE cpy speeddial.webpak "C:\Users\user\AppData\Roaming\Seznam.cz\data"
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /S /C "install.bat C:\Users\user\AppData\Roaming\Seznam.cz"
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\REG.EXE REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /f /v "cz.seznam.software.szndesktop" /d "\"C:\Users\user\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe\" -q"
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\UNZIP.EXE C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\unzip.exe -d C:\Users\user\AppData\Local\Temp\~006A18C4.00001B74.sznpkg -o C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\download\cz.seznam.software.sznsetup-1.2.7-win32.zip
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.ProfileImport --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=6596 --field-trial-handle=2004,i,1639013666010223883,15040558206664522354,262144 /prefetch:8
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=3720 --field-trial-handle=2004,i,1639013666010223883,15040558206664522354,262144 /prefetch:8
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\CPY.EXE cpy "szndesktop.conf" "C:\Users\user\AppData\Roaming\Seznam.cz\conf"
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /S /C "install.bat C:\Users\user\AppData\Roaming\Seznam.cz"
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\REG.EXE REG ADD "HKEY_CURRENT_USER\SOFTWARE\Seznam.cz\distribution" /f /v "listicka" /t REG_DWORD /d 1
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-GB --service-sandbox-type=audio --mojo-platform-channel-handle=4984 --field-trial-handle=2004,i,1639013666010223883,15040558206664522354,262144 /prefetch:8
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-GB --service-sandbox-type=search_indexer --message-loop-type-ui --mojo-platform-channel-handle=6084 --field-trial-handle=2004,i,1639013666010223883,15040558206664522354,262144 /prefetch:8
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\REG.EXE REG DELETE "HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SeznamInstall" /f /va
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\REG.EXE REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SeznamInstall" /f
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\REG.EXE REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SeznamInstall" /f /v "InstallLocation" /d C:\Users\user\AppData\Roaming\Seznam.cz
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\REG.EXE REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SeznamInstall" /f /v "DisplayName" /d "Seznam Software"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\REG.EXE REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SeznamInstall" /f /v "DisplayIcon" /d "C:\Users\user\AppData\Roaming\Seznam.cz\szninstall.exe,0"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\REG.EXE REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SeznamInstall" /f /v "UninstallString" /d "\"C:\Users\user\AppData\Roaming\Seznam.cz\szninstall.exe\" -X"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\REG.EXE REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SeznamInstall" /f /v "ModifyPath" /d "C:\Users\user\AppData\Roaming\Seznam.cz\szninstall.exe"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\REG.EXE REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SeznamInstall" /f /v "Publisher" /d "Seznam.cz"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\REG.EXE REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SeznamInstall" /f /v "URLInfoAbout" /d "http://software.seznam.cz"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\REG.EXE REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SeznamInstall" /f /v "InstallLocation" /d C:\Users\user\AppData\Roaming\Seznam.cz
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\REG.EXE REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SeznamInstall" /f /v "Comments" /d "Vsechny aplikace spolecnosti Seznam.cz a.s."
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\REG.EXE REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SeznamInstall" /f /v "NoRepair" /t REG_DWORD /d 1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\REG.EXE REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SeznamInstall" /f /v "NoModify" /t REG_DWORD /d 0
Source: C:\Users\user\AppData\Roaming\Seznam.cz\szninstall.exe	Process created: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe -V
Source: C:\Users\user\AppData\Roaming\Seznam.cz\szninstall.exe	Process created: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe -T C:\Users\user\AppData\Roaming\Seznam.cz -i -u cz.seznam.software.autoupdate szn-software-listicka -p
Source: C:\Users\user\AppData\Roaming\Seznam.cz\szninstall.exe	Process created: C:\Users\user\AppData\Roaming\Seznam.cz\szninstall.exe "C:\Users\user\AppData\Roaming\Seznam.cz\szninstall.exe" -S 49764
Source: C:\Users\user\AppData\Roaming\Seznam.cz\szninstall.exe	Process created: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe -V
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\cookie_exporter.exe cookie_exporter.exe --cookie-json=1188
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\UNZIP.EXE C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\unzip.exe -d C:\Users\user\AppData\Local\Temp\~006A81A0.00000DD4.sznpkg -o C:\Users\user\AppData\Roaming\Seznam.cz\install\cz.seznam.software.autoupdate-1.0.8-win32.zip
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /S /C "install.bat C:\Users\user\AppData\Roaming\Seznam.cz"
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\UNZIP.EXE C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\unzip.exe -d C:\Users\user\AppData\Local\Temp\~006A8374.00000DD4.sznpkg -o C:\Users\user\AppData\Roaming\Seznam.cz\install\szn-software-base-1.0.0-win32.zip
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /S /C "install.bat C:\Users\user\AppData\Roaming\Seznam.cz"
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\UNZIP.EXE C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\unzip.exe -d C:\Users\user\AppData\Local\Temp\~006A848E.00000DD4.sznpkg -o C:\Users\user\AppData\Roaming\Seznam.cz\install\com.microsoft.msdn.msvcr110-11.0.51106.1-win32.zip
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /S /C "install.bat C:\Users\user\AppData\Roaming\Seznam.cz"
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\UNZIP.EXE C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\unzip.exe -d C:\Users\user\AppData\Local\Temp\~006A8960.00000DD4.sznpkg -o C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\download\cz.seznam.software.lightspeed-1210-12.10.18-win32.zip
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /S /C "install.bat C:\Users\user\AppData\Roaming\Seznam.cz"
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\UNZIP.EXE C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\unzip.exe -d C:\Users\user\AppData\Local\Temp\~006A8B64.00000DD4.sznpkg -o C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\download\cz.seznam.software.libszndesktop-2.1.35-win32.zip
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /S /C "install.bat C:\Users\user\AppData\Roaming\Seznam.cz"
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\UNZIP.EXE C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\unzip.exe -d C:\Users\user\AppData\Local\Temp\~006A9140.00000DD4.sznpkg -o C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\download\cz.seznam.software.szndesktop-2.0.32-win32.zip
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /S /C "install.bat C:\Users\user\AppData\Roaming\Seznam.cz"
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\UNZIP.EXE C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\unzip.exe -d C:\Users\user\AppData\Local\Temp\~006A93FF.00000DD4.sznpkg -o C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\download\cz.seznam.software.libfoxcub-3.3.8-win32.zip
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /S /C "install.bat C:\Users\user\AppData\Roaming\Seznam.cz"
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\UNZIP.EXE C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\unzip.exe -d C:\Users\user\AppData\Local\Temp\~006AA61F.00000DD4.sznpkg -o C:\Users\user\AppData\Roaming\Seznam.cz\install\cz.seznam.software.libfoxloader-3.2.7-win32.zip
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /S /C "install.bat C:\Users\user\AppData\Roaming\Seznam.cz"
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\UNZIP.EXE C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\unzip.exe -d C:\Users\user\AppData\Local\Temp\~006AA7B6.00000DD4.sznpkg -o C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\download\cz.seznam.software.libfoxcub64-3.3.8-win32.zip
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /S /C "install.bat C:\Users\user\AppData\Roaming\Seznam.cz"
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\UNZIP.EXE C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\unzip.exe -d C:\Users\user\AppData\Local\Temp\~006AB17A.00000DD4.sznpkg -o C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\download\cz.seznam.software.ielisticka3-3.3.5-win32.zip
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /S /C "install.bat C:\Users\user\AppData\Roaming\Seznam.cz"
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\UNZIP.EXE C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\unzip.exe -d C:\Users\user\AppData\Local\Temp\~006AB2D1.00000DD4.sznpkg -o C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\download\szn-software-fflisticka-4.0.8-win32.zip
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /S /C "install.bat C:\Users\user\AppData\Roaming\Seznam.cz"
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\UNZIP.EXE C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\unzip.exe -d C:\Users\user\AppData\Local\Temp\~006AC669.00000DD4.sznpkg -o C:\Users\user\AppData\Roaming\Seznam.cz\install\cz.seznam.software.chromelisticka-2.0.4-win32.zip
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /S /C "install.bat C:\Users\user\AppData\Roaming\Seznam.cz"
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\UNZIP.EXE C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\unzip.exe -d C:\Users\user\AppData\Local\Temp\~006AD463.00000DD4.sznpkg -o C:\Users\user\AppData\Roaming\Seznam.cz\install\com.microsoft.msdn.msvcr100-10.0.40219.325-win32.zip
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /S /C "install.bat C:\Users\user\AppData\Roaming\Seznam.cz"
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\UNZIP.EXE C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\unzip.exe -d C:\Users\user\AppData\Local\Temp\~006AD780.00000DD4.sznpkg -o C:\Users\user\AppData\Roaming\Seznam.cz\install\cz.seznam.software.pp-1.0.2-win32.zip
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\CPY.EXE cpy libfoxcub.conf "C:\Users\user\AppData\Roaming\Seznam.cz\conf\szndesktop.d"
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\UNZIP.EXE C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\unzip.exe -d C:\Users\user\AppData\Local\Temp\~006AE03A.00000DD4.sznpkg -o C:\Users\user\AppData\Roaming\Seznam.cz\install\szn-software-listicka-3.0.0-win32.zip
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /S /C "install.bat C:\Users\user\AppData\Roaming\Seznam.cz"
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /S /C "C:\Users\user\AppData\Roaming\Seznam.cz\uninstall\cz_seznam_software_libszndesktop_2_1_35.reconfigure.bat C:\Users\user\AppData\Roaming\Seznam.cz"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\REG.EXE REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /f /v "cz.seznam.software.autoupdate" /d "\"C:\Users\user\AppData\Roaming\Seznam.cz\szninstall.exe\" -c"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\CPY.EXE cpy msvcp110.dll "C:\Users\user\AppData\Roaming\Seznam.cz\bin"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\CPY.EXE cpy msvcr110.dll "C:\Users\user\AppData\Roaming\Seznam.cz\bin"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\CPY.EXE cpy lightspeed.dll "C:\Users\user\AppData\Roaming\Seznam.cz\bin"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\CPY.EXE cpy "szndesktop.exe" "C:\Users\user\AppData\Roaming\Seznam.cz\bin"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\CPY.EXE cpy "szndesktop.conf" "C:\Users\user\AppData\Roaming\Seznam.cz\conf"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\CPY.EXE cpy "szndesktop.webpak" "C:\Users\user\AppData\Roaming\Seznam.cz\data"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\CPY.EXE cpy "sznpp.exe" "C:\Users\user\AppData\Roaming\Seznam.cz\bin"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\REG.EXE reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SeznamInstall" /v DisplayVersion /t REG_SZ /d "2.1.35" /f
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\CPY.EXE cpy "wszndesktop.exe" "C:\Users\user\AppData\Roaming\Seznam.cz\bin"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\REG.EXE REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /f /v "cz.seznam.software.szndesktop" /d "\"C:\Users\user\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe\" -q"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\CPY.EXE cpy libfoxcub.dll "C:\Users\user\AppData\Roaming\Seznam.cz\bin"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\CPY.EXE cpy libfoxcub-x64.dll "C:\Users\user\AppData\Roaming\Seznam.cz\bin"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\CPY.EXE cpy libfoxcub.conf "C:\Users\user\AppData\Roaming\Seznam.cz\conf\szndesktop.d"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\CPY.EXE cpy foxcub.conf "C:\Users\user\AppData\Roaming\Seznam.cz\conf\libfoxcub"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\CPY.EXE cpy remote.conf "C:\Users\user\AppData\Roaming\Seznam.cz\conf\libfoxcub"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\CPY.EXE cpy listickaconfig.webpak "C:\Users\user\AppData\Roaming\Seznam.cz\data"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\CPY.EXE cpy listickanastaveni.webpak "C:\Users\user\AppData\Roaming\Seznam.cz\data"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\CPY.EXE cpy speeddial.webpak "C:\Users\user\AppData\Roaming\Seznam.cz\data"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe libfoxcub.dll,UpgradeListicka
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\REG.EXE REG QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\szn-software-listicka" /v "UninstallString"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\REG.EXE REG QUERY "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\szn-software-listicka" /v "UninstallString"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\REG.EXE REG DELETE "HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EA837F48-5AD1-443E-AE34-FFE03CBF3099}" /F
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Roaming\Seznam.cz\bin\sznpp.exe "C:\Users\user\AppData\Roaming\Seznam.cz\bin\sznpp.exe" -v report-ielisticka-install --status=0
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\CPY.EXE cpy libfoxcub-x64.dll "C:\Users\user\AppData\Roaming\Seznam.cz\bin"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\CPY.EXE cpy listicka-x64.exe "C:\Users\user\AppData\Roaming\Seznam.cz\bin"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe szndesktop.exe default restart
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Process created: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe szndesktop.exe default restart

Source: C:\Users\user\Desktop\1a4e5ccd35a56d84281a143f831563be.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\1a4e5ccd35a56d84281a143f831563be.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\1a4e5ccd35a56d84281a143f831563be.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\1a4e5ccd35a56d84281a143f831563be.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\Desktop\1a4e5ccd35a56d84281a143f831563be.exe	Section loaded: dwmapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\1a4e5ccd35a56d84281a143f831563be.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\1a4e5ccd35a56d84281a143f831563be.exe	Section loaded: oleacc.dll	Jump to behavior
Source: C:\Users\user\Desktop\1a4e5ccd35a56d84281a143f831563be.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\Desktop\1a4e5ccd35a56d84281a143f831563be.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\1a4e5ccd35a56d84281a143f831563be.exe	Section loaded: shfolder.dll	Jump to behavior
Source: C:\Users\user\Desktop\1a4e5ccd35a56d84281a143f831563be.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\1a4e5ccd35a56d84281a143f831563be.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\1a4e5ccd35a56d84281a143f831563be.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\1a4e5ccd35a56d84281a143f831563be.exe	Section loaded: riched20.dll	Jump to behavior
Source: C:\Users\user\Desktop\1a4e5ccd35a56d84281a143f831563be.exe	Section loaded: usp10.dll	Jump to behavior
Source: C:\Users\user\Desktop\1a4e5ccd35a56d84281a143f831563be.exe	Section loaded: msls31.dll	Jump to behavior
Source: C:\Users\user\Desktop\1a4e5ccd35a56d84281a143f831563be.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Users\user\Desktop\1a4e5ccd35a56d84281a143f831563be.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Users\user\Desktop\1a4e5ccd35a56d84281a143f831563be.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\Desktop\1a4e5ccd35a56d84281a143f831563be.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\1a4e5ccd35a56d84281a143f831563be.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\1a4e5ccd35a56d84281a143f831563be.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\1a4e5ccd35a56d84281a143f831563be.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	Section loaded: shfolder.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	Section loaded: riched20.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	Section loaded: usp10.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	Section loaded: msls31.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	Section loaded: sti.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	Section loaded: sti.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	Section loaded: linkinfo.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	Section loaded: ntshrui.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	Section loaded: cscapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	Section loaded: sti.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	Section loaded: sxs.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\GPhotos.scr	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\GPhotos.scr	Section loaded: rasapi32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\GPhotos.scr	Section loaded: wininet.dll	Jump to behavior
Source: C:\Windows\SysWOW64\GPhotos.scr	Section loaded: mscms.dll	Jump to behavior
Source: C:\Windows\SysWOW64\GPhotos.scr	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Windows\SysWOW64\GPhotos.scr	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\GPhotos.scr	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Windows\SysWOW64\GPhotos.scr	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\GPhotos.scr	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\GPhotos.scr	Section loaded: rasman.dll	Jump to behavior
Source: C:\Windows\SysWOW64\GPhotos.scr	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\GPhotos.scr	Section loaded: coloradapterclient.dll	Jump to behavior
Source: C:\Windows\SysWOW64\GPhotos.scr	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\SysWOW64\GPhotos.scr	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\SysWOW64\GPhotos.scr	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\GPhotos.scr	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\GPhotos.scr	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\GPhotos.scr	Section loaded: rtutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\GPhotos.scr	Section loaded: netprofm.dll	Jump to behavior
Source: C:\Windows\SysWOW64\GPhotos.scr	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\GPhotos.scr	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Windows\SysWOW64\GPhotos.scr	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\GPhotos.scr	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\GPhotos.scr	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Windows\SysWOW64\GPhotos.scr	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\GPhotos.scr	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\GPhotos.scr	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\GPhotos.scr	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Section loaded: ddraw.dll	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Section loaded: mscms.dll	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Section loaded: msvfw32.dll	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Section loaded: avifil32.dll	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Section loaded: coloradapterclient.dll	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Section loaded: dxgi.dll	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Section loaded: msacm32.dll	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Section loaded: winmmbase.dll	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Section loaded: winmmbase.dll	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Section loaded: ddraw.dll	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Section loaded: mscms.dll	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Section loaded: msvfw32.dll	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Section loaded: avifil32.dll	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Section loaded: dxgi.dll	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Section loaded: coloradapterclient.dll	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Section loaded: msacm32.dll	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Section loaded: winmmbase.dll	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Section loaded: winmmbase.dll	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Section loaded: rasapi32.dll	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Section loaded: rasman.dll	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Section loaded: rtutils.dll	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Section loaded: netprofm.dll	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Section loaded: dataexchange.dll	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Section loaded: d3d11.dll	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Section loaded: dcomp.dll	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Section loaded: twinapi.appcore.dll	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Section loaded: devenum.dll	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Section loaded: devobj.dll	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Section loaded: msdmo.dll	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Section loaded: avicap32.dll	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\PicasaPhotoViewer.exe	Section loaded: apphelp.dll
Source: C:\Program Files (x86)\Google\Picasa3\PicasaPhotoViewer.exe	Section loaded: wininet.dll
Source: C:\Program Files (x86)\Google\Picasa3\PicasaPhotoViewer.exe	Section loaded: mscms.dll
Source: C:\Program Files (x86)\Google\Picasa3\PicasaPhotoViewer.exe	Section loaded: urlmon.dll
Source: C:\Program Files (x86)\Google\Picasa3\PicasaPhotoViewer.exe	Section loaded: version.dll
Source: C:\Program Files (x86)\Google\Picasa3\PicasaPhotoViewer.exe	Section loaded: userenv.dll
Source: C:\Program Files (x86)\Google\Picasa3\PicasaPhotoViewer.exe	Section loaded: coloradapterclient.dll
Source: C:\Program Files (x86)\Google\Picasa3\PicasaPhotoViewer.exe	Section loaded: iertutil.dll
Source: C:\Program Files (x86)\Google\Picasa3\PicasaPhotoViewer.exe	Section loaded: srvcli.dll
Source: C:\Program Files (x86)\Google\Picasa3\PicasaPhotoViewer.exe	Section loaded: netutils.dll
Source: C:\Program Files (x86)\Google\Picasa3\PicasaPhotoViewer.exe	Section loaded: msasn1.dll
Source: C:\Program Files (x86)\Google\Picasa3\PicasaPhotoViewer.exe	Section loaded: uxtheme.dll
Source: C:\Program Files (x86)\Google\Picasa3\PicasaPhotoViewer.exe	Section loaded: windows.storage.dll
Source: C:\Program Files (x86)\Google\Picasa3\PicasaPhotoViewer.exe	Section loaded: wldp.dll
Source: C:\Program Files (x86)\Google\Picasa3\PicasaPhotoViewer.exe	Section loaded: profapi.dll
Source: C:\Program Files (x86)\Google\Picasa3\PicasaPhotoViewer.exe	Section loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\Google\Picasa3\PicasaPhotoViewer.exe	Section loaded: propsys.dll
Source: C:\Program Files (x86)\Google\Picasa3\PicasaPhotoViewer.exe	Section loaded: mrmcorer.dll
Source: C:\Program Files (x86)\Google\Picasa3\PicasaPhotoViewer.exe	Section loaded: windows.staterepositorycore.dll
Source: C:\Program Files (x86)\Google\Picasa3\PicasaPhotoViewer.exe	Section loaded: appxdeploymentclient.dll
Source: C:\Program Files (x86)\Google\Picasa3\PicasaPhotoViewer.exe	Section loaded: bcp47mrm.dll
Source: C:\Program Files (x86)\Google\Picasa3\PicasaPhotoViewer.exe	Section loaded: windows.ui.dll
Source: C:\Program Files (x86)\Google\Picasa3\PicasaPhotoViewer.exe	Section loaded: windowmanagementapi.dll
Source: C:\Program Files (x86)\Google\Picasa3\PicasaPhotoViewer.exe	Section loaded: textinputframework.dll
Source: C:\Program Files (x86)\Google\Picasa3\PicasaPhotoViewer.exe	Section loaded: inputhost.dll
Source: C:\Program Files (x86)\Google\Picasa3\PicasaPhotoViewer.exe	Section loaded: wintypes.dll
Source: C:\Program Files (x86)\Google\Picasa3\PicasaPhotoViewer.exe	Section loaded: twinapi.appcore.dll
Source: C:\Program Files (x86)\Google\Picasa3\PicasaPhotoViewer.exe	Section loaded: coremessaging.dll
Source: C:\Program Files (x86)\Google\Picasa3\PicasaPhotoViewer.exe	Section loaded: twinapi.appcore.dll
Source: C:\Program Files (x86)\Google\Picasa3\PicasaPhotoViewer.exe	Section loaded: coreuicomponents.dll
Source: C:\Program Files (x86)\Google\Picasa3\PicasaPhotoViewer.exe	Section loaded: coremessaging.dll
Source: C:\Program Files (x86)\Google\Picasa3\PicasaPhotoViewer.exe	Section loaded: coremessaging.dll
Source: C:\Program Files (x86)\Google\Picasa3\PicasaPhotoViewer.exe	Section loaded: coreuicomponents.dll
Source: C:\Program Files (x86)\Google\Picasa3\PicasaPhotoViewer.exe	Section loaded: ntmarta.dll
Source: C:\Program Files (x86)\Google\Picasa3\PicasaPhotoViewer.exe	Section loaded: appxdeploymentclient.dll
Source: C:\Program Files (x86)\Google\Picasa3\PicasaPhotoViewer.exe	Section loaded: appxdeploymentclient.dll
Source: C:\Program Files (x86)\Google\Picasa3\PicasaPhotoViewer.exe	Section loaded: appxdeploymentclient.dll
Source: C:\Program Files (x86)\Google\Picasa3\PicasaPhotoViewer.exe	Section loaded: appxdeploymentclient.dll
Source: C:\Program Files (x86)\Google\Picasa3\PicasaPhotoViewer.exe	Section loaded: appxdeploymentclient.dll
Source: C:\Program Files (x86)\Google\Picasa3\PicasaPhotoViewer.exe	Section loaded: appxdeploymentclient.dll
Source: C:\Program Files (x86)\Google\Picasa3\PicasaPhotoViewer.exe	Section loaded: appxdeploymentclient.dll
Source: C:\Program Files (x86)\Google\Picasa3\PicasaPhotoViewer.exe	Section loaded: windows.staterepositoryps.dll
Source: C:\Program Files (x86)\Google\Picasa3\PicasaPhotoViewer.exe	Section loaded: appxdeploymentclient.dll
Source: C:\Program Files (x86)\Google\Picasa3\PicasaPhotoViewer.exe	Section loaded: appxdeploymentclient.dll
Source: C:\Program Files (x86)\Google\Picasa3\PicasaPhotoViewer.exe	Section loaded: appxdeploymentclient.dll
Source: C:\Program Files (x86)\Google\Picasa3\PicasaPhotoViewer.exe	Section loaded: appxdeploymentclient.dll
Source: C:\Program Files (x86)\Google\Picasa3\PicasaPhotoViewer.exe	Section loaded: appxdeploymentclient.dll
Source: C:\Program Files (x86)\Google\Picasa3\PicasaPhotoViewer.exe	Section loaded: appxdeploymentclient.dll
Source: C:\Program Files (x86)\Google\Picasa3\PicasaPhotoViewer.exe	Section loaded: appxdeploymentclient.dll
Source: C:\Program Files (x86)\Google\Picasa3\PicasaPhotoViewer.exe	Section loaded: appxdeploymentclient.dll
Source: C:\Program Files (x86)\Google\Picasa3\PicasaPhotoViewer.exe	Section loaded: appxdeploymentclient.dll
Source: C:\Program Files (x86)\Google\Picasa3\PicasaPhotoViewer.exe	Section loaded: appxdeploymentclient.dll
Source: C:\Program Files (x86)\Google\Picasa3\PicasaPhotoViewer.exe	Section loaded: appxdeploymentclient.dll
Source: C:\Program Files (x86)\Google\Picasa3\PicasaPhotoViewer.exe	Section loaded: appxdeploymentclient.dll
Source: C:\Program Files (x86)\Google\Picasa3\PicasaPhotoViewer.exe	Section loaded: cryptsp.dll
Source: C:\Program Files (x86)\Google\Picasa3\PicasaPhotoViewer.exe	Section loaded: rsaenh.dll
Source: C:\Program Files (x86)\Google\Picasa3\PicasaPhotoViewer.exe	Section loaded: cryptbase.dll
Source: C:\Program Files (x86)\Google\Picasa3\PicasaPhotoViewer.exe	Section loaded: gpapi.dll
Source: C:\Program Files (x86)\Google\Picasa3\PicasaPhotoViewer.exe	Section loaded: cryptnet.dll
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\listicka.exe	Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\listicka.exe	Section loaded: version.dll
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\listicka.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\listicka.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\listicka.exe	Section loaded: shfolder.dll
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\listicka.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\listicka.exe	Section loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\listicka.exe	Section loaded: propsys.dll
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\listicka.exe	Section loaded: profapi.dll
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\listicka.exe	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup-lt.exe	Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup-lt.exe	Section loaded: wininet.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup-lt.exe	Section loaded: wininet.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup-lt.exe	Section loaded: iertutil.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup-lt.exe	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup-lt.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup-lt.exe	Section loaded: wldp.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup-lt.exe	Section loaded: profapi.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup-lt.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup-lt.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup-lt.exe	Section loaded: winhttp.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup-lt.exe	Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup-lt.exe	Section loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup-lt.exe	Section loaded: winnsi.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup-lt.exe	Section loaded: dnsapi.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup-lt.exe	Section loaded: rasadhlp.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup-lt.exe	Section loaded: fwpuclnt.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup-lt.exe	Section loaded: urlmon.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup-lt.exe	Section loaded: srvcli.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup-lt.exe	Section loaded: netutils.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup-lt.exe	Section loaded: schannel.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup-lt.exe	Section loaded: mskeyprotect.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup-lt.exe	Section loaded: ntasn1.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup-lt.exe	Section loaded: msasn1.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup-lt.exe	Section loaded: dpapi.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup-lt.exe	Section loaded: cryptsp.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup-lt.exe	Section loaded: rsaenh.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup-lt.exe	Section loaded: cryptbase.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup-lt.exe	Section loaded: gpapi.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup-lt.exe	Section loaded: ncrypt.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup-lt.exe	Section loaded: ncryptsslp.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup-lt.exe	Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup-lt.exe	Section loaded: ntmarta.dll
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe	Section loaded: wininet.dll
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe	Section loaded: urlmon.dll
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe	Section loaded: iertutil.dll
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe	Section loaded: srvcli.dll
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe	Section loaded: netutils.dll
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe	Section loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe	Section loaded: uxtheme.dll
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe	Section loaded: windows.storage.dll
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe	Section loaded: wldp.dll
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe	Section loaded: propsys.dll
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe	Section loaded: profapi.dll
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe	Section loaded: edputil.dll
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe	Section loaded: windows.staterepositoryps.dll
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe	Section loaded: sspicli.dll
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe	Section loaded: wintypes.dll
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe	Section loaded: appresolver.dll
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe	Section loaded: bcp47langs.dll
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe	Section loaded: slc.dll
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe	Section loaded: userenv.dll
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe	Section loaded: sppc.dll
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe	Section loaded: onecorecommonproxystub.dll
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe	Section loaded: onecoreuapcommonproxystub.dll
Source: C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe	Section loaded: vcruntime140.dll
Source: C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe	Section loaded: wininet.dll
Source: C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe	Section loaded: version.dll
Source: C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe	Section loaded: urlmon.dll
Source: C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe	Section loaded: msvcp140.dll
Source: C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe	Section loaded: iertutil.dll
Source: C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe	Section loaded: srvcli.dll
Source: C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe	Section loaded: netutils.dll
Source: C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe	Section loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\UNZIP.EXE	Section loaded: apphelp.dll
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: cmdext.dll
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: ntmarta.dll
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: cmdext.dll
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: ntmarta.dll
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\REG.EXE	Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\szninstall.exe	Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\szninstall.exe	Section loaded: wtsapi32.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\szninstall.exe	Section loaded: userenv.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\szninstall.exe	Section loaded: wininet.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\szninstall.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\szninstall.exe	Section loaded: wldp.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\szninstall.exe	Section loaded: profapi.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\szninstall.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\szninstall.exe	Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\szninstall.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\szninstall.exe	Section loaded: propsys.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\szninstall.exe	Section loaded: edputil.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\szninstall.exe	Section loaded: urlmon.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\szninstall.exe	Section loaded: iertutil.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\szninstall.exe	Section loaded: srvcli.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\szninstall.exe	Section loaded: netutils.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\szninstall.exe	Section loaded: windows.staterepositoryps.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\szninstall.exe	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\szninstall.exe	Section loaded: wintypes.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\szninstall.exe	Section loaded: appresolver.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\szninstall.exe	Section loaded: bcp47langs.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\szninstall.exe	Section loaded: slc.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\szninstall.exe	Section loaded: sppc.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\szninstall.exe	Section loaded: onecorecommonproxystub.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\szninstall.exe	Section loaded: onecoreuapcommonproxystub.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Section loaded: wininet.dll
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\cookie_exporter.exe	Section loaded: msedge.dll
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\cookie_exporter.exe	Section loaded: winmm.dll
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\cookie_exporter.exe	Section loaded: msedge_elf.dll
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\cookie_exporter.exe	Section loaded: wininet.dll
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\cookie_exporter.exe	Section loaded: iertutil.dll
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\cookie_exporter.exe	Section loaded: sspicli.dll
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\cookie_exporter.exe	Section loaded: windows.storage.dll
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\cookie_exporter.exe	Section loaded: wldp.dll
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\cookie_exporter.exe	Section loaded: profapi.dll
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\cookie_exporter.exe	Section loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\cookie_exporter.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\cookie_exporter.exe	Section loaded: winhttp.dll
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\cookie_exporter.exe	Section loaded: mswsock.dll
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\cookie_exporter.exe	Section loaded: iphlpapi.dll
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\cookie_exporter.exe	Section loaded: winnsi.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Section loaded: wininet.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Section loaded: iertutil.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Section loaded: wldp.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Section loaded: profapi.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Section loaded: winhttp.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Section loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Section loaded: winnsi.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Section loaded: dnsapi.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Section loaded: rasadhlp.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Section loaded: fwpuclnt.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Section loaded: urlmon.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Section loaded: srvcli.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Section loaded: netutils.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Section loaded: schannel.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Section loaded: mskeyprotect.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Section loaded: ntasn1.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Section loaded: msasn1.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Section loaded: dpapi.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Section loaded: cryptsp.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Section loaded: rsaenh.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Section loaded: cryptbase.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Section loaded: gpapi.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Section loaded: ncrypt.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Section loaded: ncryptsslp.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Section loaded: ntmarta.dll
Source: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\UNZIP.EXE	Section loaded: apphelp.dll
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: cmdext.dll
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\REG.EXE	Section loaded: apphelp.dll
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: cmdext.dll
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: cmdext.dll
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\CPY.EXE	Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\CPY.EXE	Section loaded: ntmarta.dll
Source: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\CPY.EXE	Section loaded: ntmarta.dll
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: cmdext.dll
Source: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\CPY.EXE	Section loaded: ntmarta.dll
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: cmdext.dll
Source: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\CPY.EXE	Section loaded: ntmarta.dll
Source: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\CPY.EXE	Section loaded: ntmarta.dll
Source: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\CPY.EXE	Section loaded: ntmarta.dll
Source: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\CPY.EXE	Section loaded: ntmarta.dll
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: cmdext.dll
Source: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\CPY.EXE	Section loaded: ntmarta.dll
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: cmdext.dll
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\CPY.EXE	Section loaded: ntmarta.dll
Source: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\CPY.EXE	Section loaded: ntmarta.dll
Source: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\CPY.EXE	Section loaded: ntmarta.dll
Source: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\CPY.EXE	Section loaded: ntmarta.dll
Source: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\CPY.EXE	Section loaded: ntmarta.dll
Source: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\CPY.EXE	Section loaded: ntmarta.dll
Source: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\CPY.EXE	Section loaded: ntmarta.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\sznpp.exe	Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\sznpp.exe	Section loaded: version.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\sznpp.exe	Section loaded: wininet.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\sznpp.exe	Section loaded: secur32.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\sznpp.exe	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\sznpp.exe	Section loaded: dbghelp.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\sznpp.exe	Section loaded: dbgcore.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\sznpp.exe	Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\sznpp.exe	Section loaded: napinsp.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\sznpp.exe	Section loaded: pnrpnsp.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\sznpp.exe	Section loaded: wshbth.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\sznpp.exe	Section loaded: nlaapi.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\sznpp.exe	Section loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\sznpp.exe	Section loaded: dnsapi.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\sznpp.exe	Section loaded: winrnr.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\sznpp.exe	Section loaded: fwpuclnt.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\sznpp.exe	Section loaded: rasadhlp.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\sznpp.exe	Section loaded: msasn1.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\sznpp.exe	Section loaded: cryptsp.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\sznpp.exe	Section loaded: rsaenh.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\sznpp.exe	Section loaded: profapi.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\sznpp.exe	Section loaded: cryptbase.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\sznpp.exe	Section loaded: dpapi.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\sznpp.exe	Section loaded: ncrypt.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\sznpp.exe	Section loaded: ntasn1.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\sznpp.exe	Section loaded: schannel.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\sznpp.exe	Section loaded: mskeyprotect.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\sznpp.exe	Section loaded: ncryptprov.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\sznpp.exe	Section loaded: ncryptsslp.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\sznpp.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: cmdext.dll
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: ntmarta.dll
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: cmdext.dll
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: ntmarta.dll
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\CPY.EXE	Section loaded: ntmarta.dll
Source: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\CPY.EXE	Section loaded: ntmarta.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Section loaded: wininet.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Section loaded: version.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Section loaded: lightspeed.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Section loaded: msvcp110.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Section loaded: msvcr110.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Section loaded: dbghelp.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Section loaded: dbgcore.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Section loaded: mswsock.dll

Source: C:\Users\user\Desktop\1a4e5ccd35a56d84281a143f831563be.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32

Jump to behavior

Source: Picasa 3.lnk.16.dr	LNK file: ..\..\..\..\..\..\Program Files (x86)\Google\Picasa3\Picasa3.exe
Source: Configure Picasa Photo Viewer.lnk.16.dr	LNK file: ..\..\..\..\..\..\Program Files (x86)\Google\Picasa3\PicasaPhotoViewer.exe
Source: Uninstall.lnk.16.dr	LNK file: ..\..\..\..\..\..\Program Files (x86)\Google\Picasa3\uninstall.exe
Source: Picasa 3.lnk0.16.dr	LNK file: ..\..\..\Program Files (x86)\Google\Picasa3\Picasa3.exe
Source: Picasa 3.lnk1.16.dr	LNK file: ..\..\..\..\..\..\..\Program Files (x86)\Google\Picasa3\Picasa3.exe

Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe

File written: C:\Program Files (x86)\Google\Picasa3\web\templates\blackfrm\xLifescape.ini

Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe

Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe

Key opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2246122658-3693405117-2476756634-1003\Software\Microsoft\Office\16.0\Lync

Source: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\REG.EXE

Registry value created: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SeznamInstall

Source: 563299efce875400a8d9b44b96597c8e-sample (1).zip

Static file information: File size 25085622 > 1048576

Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe

File opened: C:\Users\user\AppData\Local\Temp\~006AD463.00000DD4.sznpkg\msvcr100.dll

Source:	Binary string: C:\Users\ondrej.novak\Documents\Visual Studio 2008\Projects\software-trunk\SeznamInstall\bin\debug\sznsetup-lt.pdbPV source: sznsetup-lt.exe, 00000017.00000000.1729394687.000000000052B000.00000002.00000001.01000000.0000001F.sdmp
Source:	Binary string: C:\Repository\listicka\ielisticka_new\bin-Release\pdb\listicka-x64.pdb source: UNZIP.EXE, 00000081.00000002.2178378406.0000000000428000.00000040.00000001.01000000.00000026.sdmp, CPY.EXE, 00000086.00000002.2185910879.000000000075A000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \plugins\CDVDR\*.pdb source: setuppicasa39-setup.exe, 00000010.00000003.1659418312.000000000067F000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \plugins\expwebsites\*.pdb source: setuppicasa39-setup.exe, 00000010.00000003.1659418312.000000000067F000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: p:\d\a\wpyh4-vm-6.hot\recipes\840394494\base\googleclient\picasa39-stable\build\Picasa3.pdb source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp
Source:	Binary string: C:\playground\repos\listicka\sznpp\bin\symbols\Release_x86\sznpp_dll.pdb source: UNZIP.EXE, 0000005D.00000002.2105385323.0000000000428000.00000040.00000001.01000000.00000026.sdmp, CPY.EXE, 00000064.00000002.2115643669.0000000000ECA000.00000004.00000020.00020000.00000000.sdmp, sznpp.exe, 0000007C.00000000.2152804918.0000000000BFB000.00000002.00000001.01000000.0000002C.sdmp
Source:	Binary string: msvcp110.i386.pdb source: szndesktop.exe, szndesktop.exe, 00000087.00000002.2193190667.000000006C0E1000.00000020.00000001.01000000.0000002E.sdmp
Source:	Binary string: C:\Users\ondrej.novak\Documents\Visual Studio 2008\Projects\software-trunk\SeznamInstall\bin\debug\sznsetup.pdb source: sznsetup.exe, 00000039.00000000.1850844929.0000000000F0C000.00000002.00000001.01000000.00000023.sdmp
Source:	Binary string: msvcr110.i386.pdb source: UNZIP.EXE, 00000052.00000002.2089014833.0000000000428000.00000040.00000001.01000000.00000026.sdmp, CPY.EXE, 00000057.00000002.2096863979.0000000000B3A000.00000004.00000020.00020000.00000000.sdmp, szndesktop.exe, szndesktop.exe, 00000087.00000002.2195197650.000000006C221000.00000020.00000001.01000000.0000002B.sdmp
Source:	Binary string: C:\playground\repos\listicka\sznpp\bin\symbols\Release_x64\sznpp_64.pdb source: sznpp.exe, 0000007C.00000000.2152804918.0000000000B52000.00000002.00000001.01000000.0000002C.sdmp
Source:	Binary string: PhotoViewer.pdbGCTL source: PicasaPhotoViewer.exe, 00000015.00000003.1748748621.0000000003DBE000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\playground\repos\listicka\sznpp\bin\symbols\Release_x86\sznpp.pdb source: sznpp.exe, 0000007C.00000000.2152425887.0000000000B0C000.00000002.00000001.01000000.0000002C.sdmp
Source:	Binary string: C:\playground\repos\listicka\sznpp\bin\symbols\Release_x86\sznpp.pdb- source: sznpp.exe, 0000007C.00000000.2152425887.0000000000B0C000.00000002.00000001.01000000.0000002C.sdmp
Source:	Binary string: p:\d\a\wpyh4-vm-6.hot\recipes\840394494\base\googleclient\picasa39-stable\build\PicasaPhotoViewer.pdb source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000031AA000.00000004.00000020.00020000.00000000.sdmp, PicasaPhotoViewer.exe, 00000015.00000000.1692209976.000000000070D000.00000002.00000001.01000000.00000019.sdmp
Source:	Binary string: p:\d\a\wpyh4-vm-6.hot\recipes\840394494\base\googleclient\picasa39-stable\build\cdautorun\PicasaCD.pdb source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.0000000004419000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: mi_exe_stub.pdb@;AL source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000029F6000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: p:\d\a\wpyh4-vm-6.hot\recipes\840394494\base\googleclient\picasa39-stable\build\plugins\CDVDR\CDVDR.pdb source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.0000000003831000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2497615129.00000000033F3000.00000002.00000001.01000000.00000015.sdmp
Source:	Binary string: p:\d\a\wpyh4-vm-6.hot\recipes\840394494\base\googleclient\picasa39-stable\build\npPicasa3.pdb source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.0000000002E88000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: d:\Development\googleclient\picasa4\build\plugins\Red.pdb source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.0000000003FAE000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Repository\listicka\ielisticka_new\bin-Release\pdb\szndesktop.pdb source: CPY.EXE, 00000061.00000002.2108099884.0000000000E09000.00000004.00000020.00020000.00000000.sdmp, szndesktop.exe, 00000087.00000000.2188348792.0000000000875000.00000002.00000001.01000000.0000002D.sdmp
Source:	Binary string: p:\d\a\wpyh4-vm-6.hot\recipes\840394494\base\googleclient\picasa39-stable\build\plugins\expwebsites\expwebsites.pdb source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.0000000003DA5000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2533437740.000000000488F000.00000002.00000001.01000000.00000016.sdmp
Source:	Binary string: C:\Users\ondrej.novak\Documents\Visual Studio 2008\Projects\software-trunk\SeznamInstall\bin\debug\sznsetup-lt.pdb source: listicka.exe, 00000016.00000002.2443085483.00000000029E3000.00000004.00000020.00020000.00000000.sdmp, sznsetup-lt.exe, 00000017.00000000.1729394687.000000000052B000.00000002.00000001.01000000.0000001F.sdmp
Source:	Binary string: C:\playground\repos\listicka\sznpp\bin\symbols\Release_x64\sznpp_dll.pdb source: CPY.EXE, 00000064.00000002.2115643669.0000000000ECA000.00000004.00000020.00020000.00000000.sdmp, sznpp.exe, 0000007C.00000000.2152804918.0000000000BFB000.00000002.00000001.01000000.0000002C.sdmp
Source:	Binary string: C:\playground\repos\listicka\sznpp\bin\symbols\Release_x64\sznpp_64.pdb( source: sznpp.exe, 0000007C.00000000.2152804918.0000000000B52000.00000002.00000001.01000000.0000002C.sdmp
Source:	Binary string: p:\d\a\wpyh4-vm-6.hot\recipes\840394494\base\googleclient\picasa39-stable\build\GPhotos.pdb source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000035FF000.00000004.00000020.00020000.00000000.sdmp, GPhotos.scr, 00000011.00000000.1542724484.000000000062E000.00000002.00000001.01000000.0000000F.sdmp
Source:	Binary string: C:\Repository\listicka\ielisticka_new\bin-Release\pdb\szndesktop.pdb44 source: CPY.EXE, 00000061.00000002.2108099884.0000000000E09000.00000004.00000020.00020000.00000000.sdmp, szndesktop.exe, 00000087.00000000.2188348792.0000000000875000.00000002.00000001.01000000.0000002D.sdmp
Source:	Binary string: C:\Repository\listicka-new\ielisticka_new\bin-Release\pdb\lightspeed.pdb source: CPY.EXE, 0000005C.00000002.2102179386.0000000000B00000.00000004.00000020.00020000.00000000.sdmp, szndesktop.exe, 00000087.00000002.2198970614.000000006C384000.00000002.00000001.01000000.0000002A.sdmp
Source:	Binary string: p:\d\a\wpyh4-vm-6.hot\recipes\840394494\base\googleclient\picasa39-stable\build\plugins\ytITivo.pdb source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.0000000003F3F000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2504208079.0000000004079000.00000002.00000001.01000000.00000017.sdmp
Source:	Binary string: C:\Repository\listicka-new\ielisticka_new\bin-Release\pdb\lightspeed.pdbQQ source: CPY.EXE, 0000005C.00000002.2102179386.0000000000B00000.00000004.00000020.00020000.00000000.sdmp, szndesktop.exe, 00000087.00000002.2198970614.000000006C384000.00000002.00000001.01000000.0000002A.sdmp
Source:	Binary string: p:\d\a\wpyh4-vm-6.hot\recipes\840394494\base\googleclient\picasa39-stable\build\cdautorun\PicasaRestore.pdb source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.000000000459F000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Repository\listicka\ielisticka_new\bin-Release\pdb\libfoxloader.pdb source: UNZIP.EXE, 0000007D.00000002.2173171240.000000000042B000.00000040.00000001.01000000.00000026.sdmp, szndesktop.exe, 00000087.00000002.2200176289.000000006C489000.00000002.00000001.01000000.0000002F.sdmp
Source:	Binary string: Rg.pdbH source: listicka.exe, 00000016.00000002.2443085483.00000000029E3000.00000004.00000020.00020000.00000000.sdmp, sznsetup-lt.exe, 00000017.00000000.1730049584.0000000000571000.00000002.00000001.01000000.0000001F.sdmp, REG.EXE, 0000002A.00000000.1818569837.0000000001000000.00000002.00000001.01000000.00000021.sdmp, REG.EXE, 0000002A.00000000.1818621571.0000000001018000.00000080.00000001.01000000.00000021.sdmp, REG.EXE, 0000002A.00000002.1819878005.0000000001000000.00000002.00000001.01000000.00000021.sdmp, sznsetup.exe, 00000039.00000000.1851570101.0000000000F52000.00000002.00000001.01000000.00000023.sdmp
Source:	Binary string: C:\Users\petr.slivon\Documents\Visual Studio 2012\Projects\listicka-trunk\ielisticka_new\bin-Release\pdb\wszndesktop.pdb source: UNZIP.EXE, 00000066.00000002.2120076164.0000000000428000.00000040.00000001.01000000.00000026.sdmp, CPY.EXE, 0000006A.00000002.2122729835.0000000000629000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: msvcp110.i386.pdb0 source: szndesktop.exe, 00000087.00000002.2193190667.000000006C0E1000.00000020.00000001.01000000.0000002E.sdmp
Source:	Binary string: C:\Repository\listicka\ielisticka_new\bin-Release\pdb\listicka-x64.pdbhh source: UNZIP.EXE, 00000081.00000002.2178378406.0000000000428000.00000040.00000001.01000000.00000026.sdmp, CPY.EXE, 00000086.00000002.2185910879.000000000075A000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Repository\listicka\ielisticka_new\bin-Release\pdb\libfoxloader.pdb~{ source: UNZIP.EXE, 0000007D.00000002.2173171240.000000000042B000.00000040.00000001.01000000.00000026.sdmp, szndesktop.exe, 00000087.00000002.2200176289.000000006C489000.00000002.00000001.01000000.0000002F.sdmp
Source:	Binary string: C:\Users\ondrej.novak\Documents\Visual Studio 2008\Projects\software-trunk\SeznamInstall\bin\debug\szninstall.pdb source: szninstall.exe, 00000038.00000000.1847499306.0000000000571000.00000002.00000001.01000000.00000022.sdmp
Source:	Binary string: reg.pdb source: REG.EXE, REG.EXE, 0000002A.00000002.1819912483.0000000001001000.00000040.00000001.01000000.00000021.sdmp
Source:	Binary string: mi_exe_stub.pdb source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000029F6000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: PhotoViewer.pdb source: PicasaPhotoViewer.exe, 00000015.00000003.1748748621.0000000003DBE000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: d:\twbrown-picasa-1\googleclient\picasa4\NSIS_Unicode_v3\Plugins\x86-unicode\NSIS_Picasa_Unicode.pdb source: setuppicasa39-setup.exe, 00000010.00000002.1704699696.0000000004CA3000.00000002.00000001.01000000.0000000C.sdmp
Source:	Binary string: C:\Users\ondrej.novak\Documents\Visual Studio 2008\Projects\software-trunk\SeznamInstall\bin\debug\sznsetup-lt.pdbPP source: listicka.exe, 00000016.00000002.2443085483.00000000029E3000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: p:\d\a\wpyh4-vm-6.hot\recipes\840394494\base\googleclient\picasa39-stable\build\Picasa3i18n.pdb source: Picasa3.exe, 00000014.00000002.2599698862.0000000010008000.00000002.00000001.01000000.00000014.sdmp
Source:	Binary string: C:\Users\ondrej.novak\Documents\Visual Studio 2008\Projects\software-trunk\SeznamInstall\bin\debug\sznsetup.pdb` source: sznsetup.exe, 00000039.00000000.1850844929.0000000000F0C000.00000002.00000001.01000000.00000023.sdmp
Source:	Binary string: p:\d\a\wpyh4-vm-6.hot\recipes\840394494\base\googleclient\picasa39-stable\build\cdautorun\PicasaCD.pdblpW source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.0000000004419000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\ondrej.novak\Documents\Visual Studio 2008\Projects\software-trunk\SeznamInstall\bin\debug\szninstall.pdb0Z source: szninstall.exe, 00000038.00000000.1847499306.0000000000571000.00000002.00000001.01000000.00000022.sdmp

Contains functionality to dynamically determine API calls

Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe

Code function: 16_2_04C92490 GetVersion,LoadLibraryW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,

16_2_04C92490

Uses code obfuscation techniques (call, push, ret)

Source: C:\Users\user\Desktop\1a4e5ccd35a56d84281a143f831563be.exe	Code function: 15_2_73A33299 push ebx; mov dword ptr [esp], 00000001h	15_2_73A332D5
Source: C:\Users\user\Desktop\1a4e5ccd35a56d84281a143f831563be.exe	Code function: 15_2_73A314B4 push edx; mov dword ptr [esp], eax	15_2_73A31535
Source: C:\Users\user\Desktop\1a4e5ccd35a56d84281a143f831563be.exe	Code function: 15_2_73A34BE0 push dword ptr [eax+04h]; ret	15_2_73A34C0F
Source: C:\Users\user\Desktop\1a4e5ccd35a56d84281a143f831563be.exe	Code function: 15_2_73A32ACE push ecx; mov dword ptr [esp], 00000000h	15_2_73A32B06
Source: C:\Users\user\Desktop\1a4e5ccd35a56d84281a143f831563be.exe	Code function: 15_2_73A33A03 push edx; mov dword ptr [esp], eax	15_2_73A33A27
Source: C:\Users\user\Desktop\1a4e5ccd35a56d84281a143f831563be.exe	Code function: 15_2_73A31C11 push ecx; mov dword ptr [esp], ebx	15_2_73A31CC9
Source: C:\Users\user\Desktop\1a4e5ccd35a56d84281a143f831563be.exe	Code function: 15_2_73A3147E push edx; mov dword ptr [esp], eax	15_2_73A31471
Source: C:\Users\user\Desktop\1a4e5ccd35a56d84281a143f831563be.exe	Code function: 15_2_741C21CA push eax; mov dword ptr [esp], ebx	15_2_741C227B
Source: C:\Users\user\Desktop\1a4e5ccd35a56d84281a143f831563be.exe	Code function: 15_2_741C113F push eax; mov dword ptr [esp], ebx	15_2_741C11D9
Source: C:\Users\user\Desktop\1a4e5ccd35a56d84281a143f831563be.exe	Code function: 15_2_741C113F push edx; mov dword ptr [esp], 741C5000h	15_2_741C11EE
Source: C:\Users\user\Desktop\1a4e5ccd35a56d84281a143f831563be.exe	Code function: 15_2_741C113F push eax; mov dword ptr [esp], esi	15_2_741C1298
Source: C:\Users\user\Desktop\1a4e5ccd35a56d84281a143f831563be.exe	Code function: 15_2_741C113F push eax; mov dword ptr [esp], 741C4000h	15_2_741C12F6
Source: C:\Users\user\Desktop\1a4e5ccd35a56d84281a143f831563be.exe	Code function: 15_2_741C1038 push edx; mov dword ptr [esp], ebx	15_2_741C112D
Source: C:\Users\user\Desktop\1a4e5ccd35a56d84281a143f831563be.exe	Code function: 15_2_741C164A push edx; mov dword ptr [esp], eax	15_2_741C1685
Source: C:\Users\user\Desktop\1a4e5ccd35a56d84281a143f831563be.exe	Code function: 15_2_741C16C7 push edx; mov dword ptr [esp], eax	15_2_741C1743
Source: C:\Users\user\Desktop\1a4e5ccd35a56d84281a143f831563be.exe	Code function: 15_2_741C24EF push edx; mov dword ptr [esp], eax	15_2_741C2513
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	Code function: 16_2_04C97CD1 push ecx; ret	16_2_04C97CE4
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_033DFD01 push ecx; ret	20_2_033DFD14
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_04065059 push ecx; ret	20_2_0406506C
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_0482E67A push esi; ret	20_2_0482E685
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_04877891 push ecx; ret	20_2_048778A4
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_100028CD push ecx; ret	20_2_100028E0
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\listicka.exe	Code function: 22_2_10002A10 push eax; ret	22_2_10002A3E
Source: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\UNZIP.EXE	Code function: 38_2_0041B280 push eax; ret	38_2_0041B2AE
Source: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\REG.EXE	Code function: 42_2_01006F30 push eax; ret	42_2_01006F44
Source: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\REG.EXE	Code function: 42_2_01006F30 push eax; ret	42_2_01006F6C
Source: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\UNZIP.EXE	Code function: 82_2_006120DB pushad ; ret	82_2_006120EA
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: 135_2_6C11AC05 push ecx; ret	135_2_6C11AC18
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: 135_2_6C0E7FFA push edi; iretd	135_2_6C0E8001
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: 135_2_6C0E3834 push ss; iretd	135_2_6C0E3CA1
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: 135_2_6C0E3BF6 push ss; iretd	135_2_6C0E3CA1

Persistence and Installation Behavior

Drops PE files with a suspicious file extension

Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe

File created: C:\Windows\SysWOW64\GPhotos.scr

Jump to dropped file

Drops executables to the windows directory (C:\Windows) and starts them

Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe

Executable created and started: C:\Windows\SysWOW64\GPhotos.scr

Jump to behavior

Uses cmd line tools excessively to alter registry or file data

Source: C:\Windows\SysWOW64\cmd.exe	Process created: reg.exe
Source: C:\Windows\SysWOW64\cmd.exe	Process created: reg.exe
Source: C:\Windows\SysWOW64\cmd.exe	Process created: reg.exe
Source: C:\Windows\SysWOW64\cmd.exe	Process created: reg.exe
Source: C:\Windows\SysWOW64\cmd.exe	Process created: reg.exe
Source: C:\Windows\SysWOW64\cmd.exe	Process created: reg.exe
Source: C:\Windows\SysWOW64\cmd.exe	Process created: reg.exe
Source: C:\Windows\SysWOW64\cmd.exe	Process created: reg.exe
Source: C:\Windows\SysWOW64\cmd.exe	Process created: reg.exe
Source: C:\Windows\SysWOW64\cmd.exe	Process created: reg.exe
Source: C:\Windows\SysWOW64\cmd.exe	Process created: reg.exe
Source: C:\Windows\SysWOW64\cmd.exe	Process created: reg.exe
Source: C:\Windows\SysWOW64\cmd.exe	Process created: reg.exe
Source: C:\Windows\SysWOW64\cmd.exe	Process created: reg.exe
Source: C:\Windows\SysWOW64\cmd.exe	Process created: reg.exe
Source: C:\Windows\SysWOW64\cmd.exe	Process created: reg.exe
Source: C:\Windows\SysWOW64\cmd.exe	Process created: reg.exe
Source: C:\Windows\SysWOW64\cmd.exe	Process created: reg.exe
Source: C:\Windows\SysWOW64\cmd.exe	Process created: reg.exe
Source: C:\Windows\SysWOW64\cmd.exe	Process created: reg.exe
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: reg.exe
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: reg.exe
Source: C:\Windows\SysWOW64\cmd.exe	Process created: reg.exe
Source: C:\Windows\SysWOW64\cmd.exe	Process created: reg.exe
Source: C:\Windows\SysWOW64\cmd.exe	Process created: reg.exe
Source: C:\Windows\SysWOW64\cmd.exe	Process created: reg.exe
Source: C:\Windows\SysWOW64\cmd.exe	Process created: reg.exe
Source: C:\Windows\SysWOW64\cmd.exe	Process created: reg.exe
Source: C:\Windows\SysWOW64\cmd.exe	Process created: reg.exe
Source: C:\Windows\SysWOW64\cmd.exe	Process created: reg.exe
Source: C:\Windows\SysWOW64\cmd.exe	Process created: reg.exe
Source: C:\Windows\SysWOW64\cmd.exe	Process created: reg.exe
Source: C:\Windows\SysWOW64\cmd.exe	Process created: reg.exe
Source: C:\Windows\SysWOW64\cmd.exe	Process created: reg.exe
Source: C:\Windows\SysWOW64\cmd.exe	Process created: reg.exe
Source: C:\Windows\SysWOW64\cmd.exe	Process created: reg.exe
Source: C:\Windows\SysWOW64\cmd.exe	Process created: reg.exe
Source: C:\Windows\SysWOW64\cmd.exe	Process created: reg.exe
Source: C:\Windows\SysWOW64\cmd.exe	Process created: reg.exe
Source: C:\Windows\SysWOW64\cmd.exe	Process created: reg.exe
Source: C:\Windows\SysWOW64\cmd.exe	Process created: reg.exe

Drops PE files

Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	File created: C:\Users\user\AppData\Local\Temp\nst9CEF.tmp\NSIS_Picasa_Unicode.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	File created: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\CPY.EXE	File created: C:\Users\user\AppData\Roaming\Seznam.cz\bin\listicka-x64.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	File created: C:\Program Files (x86)\Google\Picasa3\MovieThumb.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	File created: C:\Users\user\AppData\Local\Temp\nst9CEF.tmp\System.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\UNZIP.EXE	File created: C:\Users\user\AppData\Local\Temp\~006A8B64.00000DD4.sznpkg\sznpp.exe	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	File created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\CPY.EXE	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	File created: C:\Program Files (x86)\Google\Picasa3\qtsupport.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\UNZIP.EXE	File created: C:\Users\user\AppData\Local\Temp\~006A9140.00000DD4.sznpkg\wszndesktop.exe	Jump to dropped file
Source: C:\Users\user\Desktop\1a4e5ccd35a56d84281a143f831563be.exe	File created: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\listicka.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	File created: C:\Users\user\AppData\Local\Temp\nst9CEF.tmp\StdUtils.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\CPY.EXE	File created: C:\Users\user\AppData\Roaming\Seznam.cz\bin\lightspeed.dll	Jump to dropped file
Source: C:\Users\user\Desktop\1a4e5ccd35a56d84281a143f831563be.exe	File created: C:\Users\user\AppData\Local\Temp\nsu8781.tmp\ButtonEvent.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\UNZIP.EXE	File created: C:\Users\user\AppData\Local\Temp\~006AA7B6.00000DD4.sznpkg\libfoxloader-x64.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\listicka.exe	File created: C:\Users\user\AppData\Local\Temp\nsrF139.tmp\nsExec.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\CPY.EXE	File created: C:\Users\user\AppData\Roaming\Seznam.cz\bin\sznpp.exe	Jump to dropped file
Source: C:\Windows\SysWOW64\cmd.exe	File created: C:\Users\user\AppData\Roaming\Seznam.cz\bin\24557libfoxloader.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	File created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\UNZIP.EXE	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\UNZIP.EXE	File created: C:\Users\user\AppData\Local\Temp\~006A1AF6.00001B74.sznpkg\szninstall.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\UNZIP.EXE	File created: C:\Users\user\AppData\Local\Temp\~006A8960.00000DD4.sznpkg\lightspeed.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	File created: C:\Windows\SysWOW64\GPhotos.scr	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\listicka.exe	File created: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup-lt.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\UNZIP.EXE	File created: C:\Users\user\AppData\Local\Temp\~006A93FF.00000DD4.sznpkg\libfoxcub.dll	Jump to dropped file
Source: C:\Users\user\Desktop\1a4e5ccd35a56d84281a143f831563be.exe	File created: C:\Users\user\AppData\Local\Temp\nsu8781.tmp\nsDialogs.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup-lt.exe	File created: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\UNZIP.EXE	Jump to dropped file
Source: C:\Windows\SysWOW64\cmd.exe	File created: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\listicka.exe	File created: C:\Users\user\AppData\Local\Temp\nsrF139.tmp\System.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\UNZIP.EXE	File created: C:\Users\user\AppData\Local\Temp\~006AA7B6.00000DD4.sznpkg\libfoxcub-x64.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	File created: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\UNZIP.EXE	File created: C:\Users\user\AppData\Local\Temp\~006A848E.00000DD4.sznpkg\msvcr110.dll	Jump to dropped file
Source: C:\Windows\SysWOW64\cmd.exe	File created: C:\Users\user\AppData\Roaming\Seznam.cz\szninstall.exe	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	File created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\RM.EXE	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	File created: C:\Program Files (x86)\Google\Picasa3\cdautorun\PicasaRestore.exe	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	File created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\REG.EXE	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup-lt.exe	File created: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\REG.EXE	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	File created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\RUNBG.EXE	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\CPY.EXE	File created: C:\Users\user\AppData\Roaming\Seznam.cz\bin\msvcp110.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\UNZIP.EXE	File created: C:\Users\user\AppData\Local\Temp\~006A848E.00000DD4.sznpkg\msvcp110.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\listicka.exe	File created: C:\Users\user\AppData\Local\Temp\nsrF139.tmp\UserInfo.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\CPY.EXE	File created: C:\Users\user\AppData\Roaming\Seznam.cz\bin\msvcr110.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	File created: C:\Program Files (x86)\Google\Picasa3\plugins\Red.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	File created: C:\Program Files (x86)\Google\Picasa3\plugins\ytITivo.yti	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	File created: C:\Program Files (x86)\Google\Picasa3\cdautorun\PicasaCD.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\UNZIP.EXE	File created: C:\Users\user\AppData\Local\Temp\~006A8B64.00000DD4.sznpkg\szndesktop.exe	Jump to dropped file
Source: C:\Users\user\Desktop\1a4e5ccd35a56d84281a143f831563be.exe	File created: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	File created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\MKLNK.EXE	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	File created: C:\Program Files (x86)\Google\Picasa3\plugins\expwebsites\expwebsites.yti	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	File created: C:\Program Files (x86)\Google\Picasa3\uninstall.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\CPY.EXE	File created: C:\Users\user\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\UNZIP.EXE	File created: C:\Users\user\AppData\Local\Temp\~006AA61F.00000DD4.sznpkg\libfoxloader.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	File created: C:\Program Files (x86)\Google\Picasa3\Picasa3i18n.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	File created: C:\Program Files (x86)\Google\Picasa3\plugins\CDVDR\CDVDR.yti	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\CPY.EXE	File created: C:\Users\user\AppData\Roaming\Seznam.cz\bin\libfoxcub.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\UNZIP.EXE	File created: C:\Users\user\AppData\Local\Temp\~006AA7B6.00000DD4.sznpkg\listicka-x64.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	File created: C:\Program Files (x86)\Google\Picasa3\PicasaPhotoViewer.exe	Jump to dropped file
Source: C:\Users\user\Desktop\1a4e5ccd35a56d84281a143f831563be.exe	File created: C:\Users\user\AppData\Local\Temp\nsu8781.tmp\System.dll	Jump to dropped file
Source: C:\Windows\SysWOW64\cmd.exe	File created: C:\Users\user\AppData\Roaming\Seznam.cz\bin\24557libfoxloader-x64.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\UNZIP.EXE	File created: C:\Users\user\AppData\Local\Temp\~006A18C4.00001B74.sznpkg\sznsetup.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	File created: C:\Users\user\AppData\Local\Temp\nst9CEF.tmp\nsDialogs.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	File created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\SHELLFLD.EXE	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\CPY.EXE	File created: C:\Users\user\AppData\Roaming\Seznam.cz\bin\libfoxcub-x64.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\CPY.EXE	File created: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Jump to dropped file

Drops PE files to the windows directory (C:\Windows)

Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe

File created: C:\Windows\SysWOW64\GPhotos.scr

Jump to dropped file

Drops files with a non-matching file extension (content does not match file extension)

Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	File created: C:\Program Files (x86)\Google\Picasa3\plugins\CDVDR\CDVDR.yti	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	File created: C:\Program Files (x86)\Google\Picasa3\plugins\expwebsites\expwebsites.yti	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	File created: C:\Program Files (x86)\Google\Picasa3\plugins\ytITivo.yti	Jump to dropped file

Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe

Code function: 16_2_04C910B0 lstrcpyW,lstrcatW,GetPrivateProfileStringW,

16_2_04C910B0

Source: C:\Users\user\AppData\Roaming\Seznam.cz\szninstall.exe	File created: C:\Users\user\AppData\Roaming\Seznam.cz\install.log.5868.log
Source: C:\Users\user\AppData\Roaming\Seznam.cz\szninstall.exe	File created: C:\Users\user\AppData\Roaming\Seznam.cz\install.log
Source: C:\Windows\SysWOW64\cmd.exe	File created: C:\Users\user\AppData\Roaming\Seznam.cz\install_packages.log

Boot Survival

Creates an undocumented autostart registry key

Source: C:\Windows\SysWOW64\GPhotos.scr

Key value created or modified: HKEY_USERS.DEFAULT\Control Panel\Desktop SCRNSAVE.EXE

Jump to behavior

Creates multiple autostart registry keys

Source: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\REG.EXE	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run cz.seznam.software.szndesktop
Source: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\REG.EXE	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run cz.seznam.software.autoupdate

Creates or modifies windows services

Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe

Registry key created: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Application\Picasa3

Jump to behavior

Stores files to the Windows start menu directory

Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3\Picasa 3.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3\Configure Picasa Photo Viewer.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3\Uninstall.lnk	Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\REG.EXE	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run cz.seznam.software.autoupdate
Source: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\REG.EXE	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run cz.seznam.software.autoupdate
Source: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\REG.EXE	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run cz.seznam.software.szndesktop
Source: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\REG.EXE	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run cz.seznam.software.szndesktop

Contains functionality to check if a window is minimized (may be used to check if an application is visible)

Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_04035CD0 IsWindowVisible,IsWindow,IsWindow,IsWindowVisible,GetCurrentThreadId,GetCurrentThreadId,EnumThreadWindows,IsWindowVisible,IsIconic,IsIconic,IsWindow,IsWindowVisible,IsWindowVisible,IsIconic,GetCurrentThreadId,SetWindowsHookExA,	20_2_04035CD0
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_04035CD0 IsWindowVisible,IsWindow,IsWindow,IsWindowVisible,GetCurrentThreadId,GetCurrentThreadId,EnumThreadWindows,IsWindowVisible,IsIconic,IsIconic,IsWindow,IsWindowVisible,IsWindowVisible,IsIconic,GetCurrentThreadId,SetWindowsHookExA,	20_2_04035CD0
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_04035CD0 IsWindowVisible,IsWindow,IsWindow,IsWindowVisible,GetCurrentThreadId,GetCurrentThreadId,EnumThreadWindows,IsWindowVisible,IsIconic,IsIconic,IsWindow,IsWindowVisible,IsWindowVisible,IsIconic,GetCurrentThreadId,SetWindowsHookExA,	20_2_04035CD0
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_04041930 IsIconic,ShowWindow,DialogBoxIndirectParamW,GlobalFree,	20_2_04041930
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_0483F400 IsIconic,ShowWindow,DialogBoxIndirectParamW,GlobalFree,	20_2_0483F400
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_0480E0E0 IsIconic,ShowWindow,DialogBoxIndirectParamW,GlobalFree,	20_2_0480E0E0
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_0480E060 ShowWindow,IsIconic,ShowWindow,CreateDialogIndirectParamA,GlobalFree,ShowWindow,	20_2_0480E060
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_0482DEC0 IsWindowVisible,GetCurrentThreadId,IsWindow,IsWindow,IsWindowVisible,GetCurrentThreadId,EnumThreadWindows,IsWindowVisible,IsIconic,IsIconic,IsWindow,IsWindowVisible,IsWindowVisible,IsIconic,GetCurrentThreadId,SetWindowsHookExA,	20_2_0482DEC0
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_0482DEC0 IsWindowVisible,GetCurrentThreadId,IsWindow,IsWindow,IsWindowVisible,GetCurrentThreadId,EnumThreadWindows,IsWindowVisible,IsIconic,IsIconic,IsWindow,IsWindowVisible,IsWindowVisible,IsIconic,GetCurrentThreadId,SetWindowsHookExA,	20_2_0482DEC0
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_0482DEC0 IsWindowVisible,GetCurrentThreadId,IsWindow,IsWindow,IsWindowVisible,GetCurrentThreadId,EnumThreadWindows,IsWindowVisible,IsIconic,IsIconic,IsWindow,IsWindowVisible,IsWindowVisible,IsIconic,GetCurrentThreadId,SetWindowsHookExA,	20_2_0482DEC0

Extensive use of GetProcAddress (often used to hide API calls)

Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe

135_2_6C247216

Monitors certain registry keys / values for changes (often done to protect autostart functionality)

Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Registry key monitored for changes: HKEY_CURRENT_USER_Classes	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\PicasaPhotoViewer.exe	Registry key monitored for changes: HKEY_CURRENT_USER_Classes
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe	Registry key monitored for changes: HKEY_CURRENT_USER_Classes

Source: C:\Windows\System32\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\1a4e5ccd35a56d84281a143f831563be.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\GPhotos.scr	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\GPhotos.scr	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\GPhotos.scr	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\GPhotos.scr	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\GPhotos.scr	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\GPhotos.scr	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\GPhotos.scr	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\GPhotos.scr	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\GPhotos.scr	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\GPhotos.scr	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\GPhotos.scr	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\PicasaPhotoViewer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Google\Picasa3\PicasaPhotoViewer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Google\Picasa3\PicasaPhotoViewer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Google\Picasa3\PicasaPhotoViewer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Google\Picasa3\PicasaPhotoViewer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Google\Picasa3\PicasaPhotoViewer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Google\Picasa3\PicasaPhotoViewer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Google\Picasa3\PicasaPhotoViewer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Google\Picasa3\PicasaPhotoViewer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Google\Picasa3\PicasaPhotoViewer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Google\Picasa3\PicasaPhotoViewer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Google\Picasa3\PicasaPhotoViewer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Google\Picasa3\PicasaPhotoViewer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Google\Picasa3\PicasaPhotoViewer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Google\Picasa3\PicasaPhotoViewer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Google\Picasa3\PicasaPhotoViewer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Google\Picasa3\PicasaPhotoViewer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Google\Picasa3\PicasaPhotoViewer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Google\Picasa3\PicasaPhotoViewer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Google\Picasa3\PicasaPhotoViewer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Google\Picasa3\PicasaPhotoViewer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Google\Picasa3\PicasaPhotoViewer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Google\Picasa3\PicasaPhotoViewer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Google\Picasa3\PicasaPhotoViewer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Google\Picasa3\PicasaPhotoViewer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Google\Picasa3\PicasaPhotoViewer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\listicka.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup-lt.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup-lt.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup-lt.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup-lt.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup-lt.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup-lt.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup-lt.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup-lt.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup-lt.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup-lt.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\UNZIP.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\UNZIP.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\UNZIP.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\UNZIP.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\UNZIP.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\UNZIP.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\REG.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\REG.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\REG.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\REG.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\REG.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\REG.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Seznam.cz\szninstall.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Seznam.cz\szninstall.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Seznam.cz\szninstall.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Seznam.cz\szninstall.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Seznam.cz\szninstall.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Seznam.cz\szninstall.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Seznam.cz\szninstall.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Seznam.cz\szninstall.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\cookie_exporter.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\cookie_exporter.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\cookie_exporter.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\UNZIP.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\UNZIP.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\UNZIP.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\UNZIP.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\UNZIP.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\UNZIP.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\REG.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\REG.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\REG.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\REG.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\REG.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\REG.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\CPY.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\CPY.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\CPY.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\CPY.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\CPY.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\CPY.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\sznpp.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\sznpp.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exe	Process information set: NOOPENFILEERRORBOX

Malware Analysis System Evasion

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000031AA000.00000004.00000020.00020000.00000000.sdmp, PicasaPhotoViewer.exe, 00000015.00000000.1692209976.000000000070D000.00000002.00000001.01000000.00000019.sdmp	Binary or memory string: LROOTEDITSOFTWARE\GOOGLE\%SGOOGLE\%SRASENUMENTRIESARASAPI32.DLLJPEG FILESYTAPP::JPEGFILTER.JPG;.JPEGGETFILESINFOYTAPP::INFOTITLEEXPLORER/SELECT,"%S"SOFTWARE\CLIENTS\STARTMENUINTERNET%S\%S\SHELL\OPEN\COMMAND.EXEIEXPLORE-NOHOME RUNTIME\DISTRO.INIDISTROWINELINUX_%SLINUX_UNKNOWNWINEWINDOWSWINDOWS_%D_%DWINE_GET_UNIX_FILE_NAMEKERNEL32
Source: Picasa3.exe, Picasa3.exe, 00000014.00000002.2533437740.000000000488F000.00000002.00000001.01000000.00000016.sdmp, Picasa3.exe, 00000014.00000002.2504208079.0000000004079000.00000002.00000001.01000000.00000017.sdmp, PicasaPhotoViewer.exe, 00000015.00000000.1692209976.000000000070D000.00000002.00000001.01000000.00000019.sdmp	Binary or memory string: WINE_GET_UNIX_FILE_NAME
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000035FF000.00000004.00000020.00020000.00000000.sdmp, GPhotos.scr, 00000011.00000000.1542724484.000000000062E000.00000002.00000001.01000000.0000000F.sdmp	Binary or memory string: W RK0RKSOFTWARE\GOOGLE\%SGOOGLE\%SRASENUMENTRIESARASAPI32.DLLTAHOMAWJPEG FILESYTAPP::JPEGFILTER.JPG;.JPEGGETFILESINFOYTAPP::INFOTITLEEXPLORER/E,/SELECT,"%S"SOFTWARE\CLIENTS\STARTMENUINTERNET%S\%S\SHELL\OPEN\COMMANDIEXPLORE.EXE.EXEIEXPLORE-NOHOME RUNTIME\DISTRO.INIDISTROWINELINUX_%SLINUX_UNKNOWNWINEWINDOWSWINDOWS_%D_%DWINE_GET_UNIX_FILE_NAMEKERNEL32
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.0000000003DA5000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2533437740.000000000488F000.00000002.00000001.01000000.00000016.sdmp	Binary or memory string: SOFTWARE\GOOGLE\%SGOOGLE\%SRASENUMENTRIESARASAPI32.DLLJPEG FILESYTAPP::JPEGFILTER.JPG;.JPEGGETFILESYTAPP::ERRORTITLEINFOYTAPP::INFOTITLE"%S"SOFTWARE\CLIENTS\STARTMENUINTERNET%S\%S\SHELL\OPEN\COMMANDIEXPLORE.EXE.EXE.EXEIEXPLORE-NOHOME WINE_GET_UNIX_FILE_NAMEKERNEL32LW
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.000000000459F000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: EHELPCLOSENOYESIGNORERETRYABORTCANCELOK%S/%S_BSOFTWARE\GOOGLE\%SGOOGLE\%SRASENUMENTRIESARASAPI32.DLLTAHOMAJPEG FILESYTAPP::JPEGFILTER.JPG;.JPEGGETFILESYTAPP::ERRORTITLEOPENEXPLORER/SELECT,"%S"WINE_GET_UNIX_FILE_NAMEKERNEL32
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	Binary or memory string: WINE_GET_UNIX_REAL_NAMEKERNEL32WINE_GET_UNIX_FILE_NAMERUNTIME\WINEDISABLE.TXTSUPPORTHTTP%S_PAUTOINFOCHECKSHOWTOOLTIPSPRINTERQUALITYPRINTRESAMPLERQUALITYPRINTPROXYPREVIEWLOOPSLIDESHOWPLAYMP3TRACKSARIAL UNICODE MSWEB_ALBUMS_TABCGENERALPREFSPAGE::WEBALBUMSTABESENABLEFRUPLOADSTAGS_GROUPUPLOADCONTACTPHOTOSUSAGESTATSPRIVACYAUTOUPDATEIMPORTDESTEMAILSINGLEPICTUREEMAILMOVIEUSEHTMLMAILEREMAILPREPTYPEDONOTPROMPTFOREMAILPREFEMAILEXPORTSIZEMAILPROGPICSIZEDEFAULTMAILIDS_EMAILCLIENTRADIOPRINT%DPROXYUSERPROXYPASSCONN:PROXYMETHODAUTOPROXYLOGLEVELLOGLEVELLOG ALL (INSECURE)NETWORKPREFS::LOGINSECURELOGPWASTARREDPWASYNCORDERPWASTRIPEDPWAUSEHIQUALITYJPEGPWADEFAULTSIZEORIGINAL SIZE (SLOWEST UPLOAD)CGENERALPREFSPAGE::ORIGINALBEST FOR WEB SHARING (2048PX)CGENERALPREFSPAGE::2048RECOMMENDED: 1600 PIXELS (FOR PRINTS, SCREENSAVERS, AND SHARING)CGENERALPREFSPAGE::1600MEDIUM: 1024 PIXELS (FOR SHARING)CGENERALPREFSPAGE::1024SMALL: 800 PIXELS (FOR BLOGS AND WEBPAGES)CGENERALPREFSPAGE::800HASWATERMARKPWAWATERMARKENABLEFACEDETECTIONENABLEFACESUGGESTIONSPERSISTFACETOFILEFACETHRESH0FACETHRESH1CHANGE THE LANGUAGE PICASA USES?
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.0000000003F3F000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2504208079.0000000004079000.00000002.00000001.01000000.00000017.sdmp	Binary or memory string: \PREFERENCESSOFTWARE\GOOGLE\%SGOOGLE\%SRASENUMENTRIESARASAPI32.DLLTAHOMAERRORYTAPP::ERRORTITLEOPENEXPLORER/SELECT,"%S"WINE_GET_UNIX_FILE_NAMEKERNEL32
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.0000000004419000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: BSOFTWARE\GOOGLE\%SGOOGLE\%SRASENUMENTRIESARASAPI32.DLLTAHOMAJPEG FILESYTAPP::JPEGFILTER.JPG;.JPEGGETFILESERRORYTAPP::ERRORTITLEINFOYTAPP::INFOTITLEEXPLORER/SELECT,"%S""%S"SOFTWARE\CLIENTS\STARTMENUINTERNET%S\%S\SHELL\OPEN\COMMANDIEXPLORE.EXE.EXE.EXEIEXPLORE-NOHOME RUNTIME\DISTRO.INIDISTROWINELINUX_%SLINUX_UNKNOWNWINDOWS_%D_%DWINE_GET_UNIX_FILE_NAMEKERNEL32

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Window / User API: threadDelayed 1344			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\listicka.exe	Window / User API: threadDelayed 1044

Found dropped PE file which has not been started or loaded

Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nst9CEF.tmp\NSIS_Picasa_Unicode.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\UNZIP.EXE	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\~006AA7B6.00000DD4.sznpkg\libfoxcub-x64.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\listicka.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsrF139.tmp\System.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\RM.EXE	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Google\Picasa3\MovieThumb.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Google\Picasa3\cdautorun\PicasaRestore.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nst9CEF.tmp\System.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\RUNBG.EXE	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Google\Picasa3\qtsupport.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\listicka.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsrF139.tmp\UserInfo.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Google\Picasa3\plugins\Red.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\UNZIP.EXE	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\~006A9140.00000DD4.sznpkg\wszndesktop.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Google\Picasa3\cdautorun\PicasaCD.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Google\Picasa3\plugins\ytITivo.yti	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nst9CEF.tmp\StdUtils.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\MKLNK.EXE	Jump to dropped file
Source: C:\Users\user\Desktop\1a4e5ccd35a56d84281a143f831563be.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsu8781.tmp\ButtonEvent.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Google\Picasa3\plugins\expwebsites\expwebsites.yti	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\UNZIP.EXE	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\~006AA7B6.00000DD4.sznpkg\libfoxloader-x64.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\CPY.EXE	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Google\Picasa3\uninstall.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\listicka.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsrF139.tmp\nsExec.dll	Jump to dropped file
Source: C:\Windows\SysWOW64\cmd.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Seznam.cz\bin\24557libfoxloader.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\UNZIP.EXE	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\~006AA61F.00000DD4.sznpkg\libfoxloader.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Google\Picasa3\Picasa3i18n.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Google\Picasa3\plugins\CDVDR\CDVDR.yti	Jump to dropped file
Source: C:\Windows\SysWOW64\cmd.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Seznam.cz\bin\24557libfoxloader-x64.dll	Jump to dropped file
Source: C:\Users\user\Desktop\1a4e5ccd35a56d84281a143f831563be.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsu8781.tmp\System.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\SHELLFLD.EXE	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nst9CEF.tmp\nsDialogs.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\CPY.EXE	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Seznam.cz\bin\libfoxcub-x64.dll	Jump to dropped file
Source: C:\Users\user\Desktop\1a4e5ccd35a56d84281a143f831563be.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsu8781.tmp\nsDialogs.dll	Jump to dropped file

Found evasive API chain (date check)

Source: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\UNZIP.EXE

Evasive API call chain: GetSystemTime,DecisionNodes

Found evasive API chain (may stop execution after checking a module file name)

Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe

Evasive API call chain: GetModuleFileName,DecisionNodes,ExitProcess

Found large amount of non-executed APIs

Source: C:\Users\user\Desktop\1a4e5ccd35a56d84281a143f831563be.exe	API coverage: 8.0 %
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	API coverage: 1.3 %
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	API coverage: 1.6 %
Source: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\REG.EXE	API coverage: 5.2 %
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	API coverage: 2.1 %

May sleep (evasive loops) to hinder dynamic analysis

Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\listicka.exe TID: 5972	Thread sleep count: 1044 > 30
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\listicka.exe TID: 5972	Thread sleep time: -104400s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\listicka.exe TID: 5972	Thread sleep count: 51 > 30

Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)

Source: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\CPY.EXE	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BIOS
Source: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\CPY.EXE	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BIOS

Queries sensitive Operating System Information (via WMI, Win32_ComputerSystem, often done to detect virtual machines)

Source: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\CPY.EXE	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_ComputerSystem
Source: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\CPY.EXE	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_ComputerSystem

Sample execution stops while process was sleeping (likely an evasion)

Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Last function: Thread delayed
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\listicka.exe	Last function: Thread delayed
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\listicka.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed

Sleep loop found (likely to delay execution)

Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe

Thread sleep count: Count: 1344 delay: -20

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	File Volume queried: C:\Program Files (x86)\Google FullSizeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	File Volume queried: C:\Program Files (x86)\Google FullSizeInformation	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	File Volume queried: C:\Windows\SysWOW64 FullSizeInformation	Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	Code function: 16_2_04C91B90 lstrcpyW,GlobalAlloc,FindFirstFileW,GetLastError,FindNextFileW,FindClose,	16_2_04C91B90
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	Code function: 16_2_04C91F30 lstrcpyW,FindFirstFileW,GetLastError,GetFileAttributesW,FindNextFileW,FindClose,	16_2_04C91F30
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_033BB710 MultiByteToWideChar,MultiByteToWideChar,MultiByteToWideChar,MultiByteToWideChar,_memset,FindFirstFileW,WideCharToMultiByte,WideCharToMultiByte,WideCharToMultiByte,	20_2_033BB710
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_033F0600 GetVersion,FindFirstFileExA,	20_2_033F0600
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_033F05C0 GetVersion,FindFirstFileA,	20_2_033F05C0
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_033BB850 MultiByteToWideChar,MultiByteToWideChar,MultiByteToWideChar,MultiByteToWideChar,_memset,FindFirstFileExW,WideCharToMultiByte,WideCharToMultiByte,WideCharToMultiByte,	20_2_033BB850
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_040386D0 MultiByteToWideChar,MultiByteToWideChar,MultiByteToWideChar,MultiByteToWideChar,_memset,FindFirstFileW,WideCharToMultiByte,WideCharToMultiByte,WideCharToMultiByte,	20_2_040386D0
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_04038810 MultiByteToWideChar,MultiByteToWideChar,MultiByteToWideChar,MultiByteToWideChar,_memset,FindFirstFileExW,WideCharToMultiByte,WideCharToMultiByte,WideCharToMultiByte,	20_2_04038810
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_04076930 GetVersion,FindFirstFileA,	20_2_04076930
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_04076970 GetVersion,FindFirstFileExA,	20_2_04076970
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_048336A0 MultiByteToWideChar,MultiByteToWideChar,MultiByteToWideChar,MultiByteToWideChar,_memset,FindFirstFileW,WideCharToMultiByte,WideCharToMultiByte,WideCharToMultiByte,	20_2_048336A0
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_048337E0 MultiByteToWideChar,MultiByteToWideChar,MultiByteToWideChar,MultiByteToWideChar,_memset,FindFirstFileExW,WideCharToMultiByte,WideCharToMultiByte,WideCharToMultiByte,	20_2_048337E0
Source: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\UNZIP.EXE	Code function: 38_2_0041C29C FindFirstFileA,GetDriveTypeA,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FindClose,GetLastError,FindClose,	38_2_0041C29C
Source: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\UNZIP.EXE	Code function: 38_2_004107A0 FindFirstFileA,	38_2_004107A0
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: 135_2_6C10D6BF ?_Open_dir@sys@tr2@std@@YAPAXPA_WPB_WAAHAAW4file_type@123@@Z,__EH_prolog3_GS,wcslen,FindFirstFileExW,std::tr2::sys::_Read_dir,FindClose,std::tr2::sys::_Strcpy,	135_2_6C10D6BF
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: 135_2_6C29AAA4 _wstat32i64,__doserrno,_errno,_invalid_parameter_noinfo,_wcspbrk,_errno,__doserrno,_errno,__doserrno,towlower,_getdrive,FindFirstFileExW,_wcspbrk,wcslen,GetDriveTypeW,free,___loctotime32_t,free,_wsopen_s,__fstat32i64,_close,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime32_t,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime32_t,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime32_t,FindClose,GetLastError,__dosmaperr,FindClose,GetLastError,__dosmaperr,FindClose,	135_2_6C29AAA4
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: 135_2_6C298B4F _findfirst64i32,_errno,_invalid_parameter_noinfo,FindFirstFileExA,GetLastError,_errno,_errno,_errno,___time64_t_from_ft,___time64_t_from_ft,___time64_t_from_ft,strcpy_s,_invoke_watson,_findnext64i32,_errno,_invalid_parameter_noinfo,FindNextFileA,GetLastError,_errno,_errno,_errno,___time64_t_from_ft,___time64_t_from_ft,___time64_t_from_ft,strcpy_s,_invoke_watson,_findfirst32i64,_errno,_invalid_parameter_noinfo,FindFirstFileExA,GetLastError,_errno,_errno,_errno,___time64_t_from_ft,___time64_t_from_ft,___time64_t_from_ft,strcpy_s,_invoke_watson,_findnext32i64,_errno,_invalid_parameter_noinfo,FindNextFileA,GetLastError,_errno,_errno,_errno,___time64_t_from_ft,___time64_t_from_ft,___time64_t_from_ft,strcpy_s,_invoke_watson,_seterrormode,SetErrorMode,	135_2_6C298B4F
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: 135_2_6C29A625 _wstat64,__doserrno,_errno,_invalid_parameter_noinfo,_wcspbrk,_errno,__doserrno,_errno,__doserrno,towlower,_getdrive,FindFirstFileExW,_wcspbrk,wcslen,GetDriveTypeW,free,free,_wsopen_s,__fstat64,_close,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FindClose,GetLastError,__dosmaperr,FindClose,GetLastError,__dosmaperr,FindClose,	135_2_6C29A625
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: 135_2_6C298653 _findfirst32,_errno,_invalid_parameter_noinfo,FindFirstFileExA,GetLastError,_errno,_errno,_errno,___time64_t_from_ft,___time64_t_from_ft,___time64_t_from_ft,strcpy_s,_invoke_watson,_findnext32,_errno,_invalid_parameter_noinfo,FindNextFileA,GetLastError,_errno,_errno,_errno,___time64_t_from_ft,___time64_t_from_ft,___time64_t_from_ft,strcpy_s,_invoke_watson,_findfirst64,_errno,_invalid_parameter_noinfo,FindFirstFileExA,GetLastError,_errno,_errno,_errno,___time64_t_from_ft,___time64_t_from_ft,___time64_t_from_ft,strcpy_s,_invoke_watson,_findnext64,_errno,_invalid_parameter_noinfo,FindNextFileA,GetLastError,_errno,_errno,_errno,___time64_t_from_ft,___time64_t_from_ft,___time64_t_from_ft,strcpy_s,_invoke_watson,	135_2_6C298653
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: 135_2_6C29A1C7 _wstat32,__doserrno,_errno,_invalid_parameter_noinfo,_wcspbrk,_errno,__doserrno,towlower,_getdrive,FindFirstFileExW,_wcspbrk,wcslen,GetDriveTypeW,free,___loctotime32_t,free,_wsopen_s,__fstat32,_close,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime32_t,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime32_t,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime32_t,FindClose,_errno,GetLastError,__dosmaperr,FindClose,GetLastError,__dosmaperr,FindClose,	135_2_6C29A1C7
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: 135_2_6C297921 _malloc_crt,FindClose,FindFirstFileExA,FindNextFileA,FindClose,	135_2_6C297921
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: 135_2_6C297B8B _malloc_crt,FindClose,FindFirstFileExW,FindNextFileW,FindClose,	135_2_6C297B8B
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: 135_2_6C2377AA _wstat64i32,_wcspbrk,towlower,FindFirstFileExW,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FindClose,_errno,__doserrno,_getdrive,GetLastError,GetLastError,_wcspbrk,wcslen,__doserrno,_errno,_invalid_parameter_noinfo,GetDriveTypeW,free,free,_wsopen_s,__fstat64i32,_close,_errno,__dosmaperr,FindClose,__dosmaperr,FindClose,	135_2_6C2377AA
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: 135_2_6C299002 _wfindfirst32,_errno,_invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_errno,_errno,_errno,___time64_t_from_ft,___time64_t_from_ft,___time64_t_from_ft,wcscpy_s,_invoke_watson,_wfindnext32,_errno,_invalid_parameter_noinfo,FindNextFileW,GetLastError,_errno,_errno,_errno,___time64_t_from_ft,___time64_t_from_ft,___time64_t_from_ft,wcscpy_s,_invoke_watson,_wfindfirst64,_errno,_invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_errno,_errno,_errno,___time64_t_from_ft,___time64_t_from_ft,___time64_t_from_ft,wcscpy_s,_invoke_watson,_wfindnext64,_errno,_invalid_parameter_noinfo,FindNextFileW,GetLastError,_errno,_errno,_errno,___time64_t_from_ft,___time64_t_from_ft,___time64_t_from_ft,wcscpy_s,_invoke_watson,_wfindfirst64i32,_errno,_invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_errno,_errno,_errno,___time64_t_from_ft,___time64_t_from_ft,___time64_t_from_ft,wcscpy_s,_invoke_watson,_wfindnext64i32,_errno,_invalid_parameter_noinfo,FindNextFileW,GetLastError,_errno,_errno,_errno,___time64_t_from_ft,___time64_t_from_ft,___time64_t_from_ft,wcscpy_s,_invoke_watson,_wfindfirst32i64,_errno,_invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_errno,_errno,_errno,___time64_t_from_ft,___time64_t_from_ft,___time64_t_from_ft,wcscpy_s,_invoke_watson,_wfindnext32i64,_errno,_invalid_parameter_noinfo,FindNextFileW,GetLastError,_errno,_errno,_errno,___time64_t_from_ft,___time64_t_from_ft,___time64_t_from_ft,wcscpy_s,_invoke_watson,_access,_access_s,	135_2_6C299002
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: 135_2_6C35DBA0 FindFirstFileW,#210,FindNextFileW,FindClose,	135_2_6C35DBA0
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: 135_2_6C35EB00 #210,DeleteFileW,GetLastError,_CxxThrowException,#210,MoveFileExW,GetLastError,_CxxThrowException,#210,MoveFileExW,GetLastError,_CxxThrowException,#210,FindFirstFileW,FindClose,CopyFileW,GetLastError,_CxxThrowException,	135_2_6C35EB00

Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe

Code function: 20_2_033F18F0 GetSystemInfo,

20_2_033F18F0

Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	File opened: C:\Users\user	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	File opened: C:\Users\user\Desktop\desktop.ini	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	File opened: C:\Users\user\Documents\desktop.ini	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	File opened: C:\Users\user\AppData\Local\Temp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	File opened: C:\Users\user\AppData	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	File opened: C:\Users\user\AppData\Local	Jump to behavior

Source: sznsetup.exe, 0000003E.00000002.2385836381.0000000000A48000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWP0
Source: sznsetup.exe, 0000003E.00000002.2385836381.0000000000A84000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWx
Source: 1a4e5ccd35a56d84281a143f831563be.exe, 0000000F.00000002.2419971867.0000000000107000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\\?\Volume{a33c736e-61ca-11ee-8c18-806e6f6e6963}\
Source: GPhotos.scr, 00000011.00000003.1552747031.0000000000B6A000.00000004.00000020.00020000.00000000.sdmp, GPhotos.scr, 00000011.00000002.1554743880.0000000000B6F000.00000004.00000020.00020000.00000000.sdmp, GPhotos.scr, 00000011.00000003.1552747031.0000000000B20000.00000004.00000020.00020000.00000000.sdmp, GPhotos.scr, 00000011.00000003.1552747031.0000000000B45000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2467205779.00000000011B6000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000003.2141243034.0000000001221000.00000004.00000020.00020000.00000000.sdmp, sznsetup-lt.exe, 00000019.00000002.1841305644.0000000000A88000.00000004.00000020.00020000.00000000.sdmp, sznsetup-lt.exe, 00000019.00000002.1841305644.0000000000AE4000.00000004.00000020.00020000.00000000.sdmp, sznsetup-lt.exe, 00000019.00000003.1808801224.0000000000ACB000.00000004.00000020.00020000.00000000.sdmp, sznsetup.exe, 0000003E.00000002.2385836381.0000000000A84000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: Picasa3.exe, 00000014.00000003.2144975853.000000000123E000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000003.2141243034.0000000001221000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2467205779.000000000123E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWen-GBn
Source: szndesktop.exe, 00000087.00000002.2191704797.0000000000F6E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll_
Source: szninstall.exe, 00000038.00000003.2400647328.0000000001295000.00000004.00000020.00020000.00000000.sdmp, cookie_exporter.exe, 0000003D.00000002.1866617987.000001CC03C45000.00000004.00000020.00020000.00000000.sdmp, sznpp.exe, 0000007C.00000003.2168700578.0000000000861000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll

Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	API call chain: ExitProcess graph end node
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	API call chain: ExitProcess graph end node
Source: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\UNZIP.EXE	API call chain: ExitProcess graph end node
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	API call chain: ExitProcess graph end node
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	API call chain: ExitProcess graph end node

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe

Code function: 16_2_04C9680C _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,

16_2_04C9680C

Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)

Source: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\REG.EXE

42_2_01006900

Contains functionality to create guard pages, often used to hinder reverse engineering and debugging

Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe

Code function: 135_2_6C2BBD84 VirtualProtect ?,-00000001,00000104,?,?,?,0000001C

135_2_6C2BBD84

Contains functionality to dynamically determine API calls

Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe

Code function: 16_2_04C92490 GetVersion,LoadLibraryW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,

16_2_04C92490

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Source: C:\Users\user\Desktop\1a4e5ccd35a56d84281a143f831563be.exe

Code function: 15_2_741C1A8C Create,GetDlgItem,GetWindowRect,MapWindowPoints,CreateDialogParamW,SetWindowPos,SetWindowLongW,GetProcessHeap,HeapAlloc,

15_2_741C1A8C

Launches processes in debugging mode, may be used to hinder debugging

Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup-lt.exe

Process created: C:\Windows\SysWOW64\cmd.exe cmd /S /C "install.bat C:\Users\user\AppData\Roaming\Seznam.cz"

Source: C:\Users\user\Desktop\1a4e5ccd35a56d84281a143f831563be.exe	Code function: 15_2_73A3400C SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,abort,	15_2_73A3400C
Source: C:\Users\user\Desktop\1a4e5ccd35a56d84281a143f831563be.exe	Code function: 15_2_73A34010 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,abort,	15_2_73A34010
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	Code function: 16_2_04C9680C _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	16_2_04C9680C
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	Code function: 16_2_04C9519A IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	16_2_04C9519A
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	Code function: 16_2_04CA1FEE _raise,_memset,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	16_2_04CA1FEE
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_033E00B8 _raise,_memset,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	20_2_033E00B8
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_033DC711 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	20_2_033DC711
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_033E2C6A _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	20_2_033E2C6A
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_040610AC IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	20_2_040610AC
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_04065E06 _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	20_2_04065E06
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_04065F26 _raise,_memset,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	20_2_04065F26
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_04877CA4 _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	20_2_04877CA4
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_0487A82B _raise,_memset,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	20_2_0487A82B
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_04872924 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	20_2_04872924
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_1000102A IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	20_2_1000102A
Source: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\REG.EXE	Code function: 42_2_01006C92 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	42_2_01006C92
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: 135_2_6C2C00DD __crtUnhandledException,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	135_2_6C2C00DD
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: 135_2_6C247B39 __crtSetUnhandledExceptionFilter,SetUnhandledExceptionFilter,	135_2_6C247B39

Creates a process in suspended mode (likely to inject code)

Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Process created: C:\Program Files\Internet Explorer\iexplore.exe "C:\Program Files\Internet Explorer\iexplore.exe" -nohome "http://picasa.google.com/support/bin/answer.py?hl=en&answer=93773"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\listicka.exe	Process created: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup-lt.exe "C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup-lt.exe" -T "C:\Users\user\AppData\Roaming\Seznam.cz" -R "$\install" http://download.seznam.cz/update
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\listicka.exe	Process created: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup-lt.exe "C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup-lt.exe" -T "C:\Users\user\AppData\Roaming\Seznam.cz" -i cz.seznam.software.szninstall
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\listicka.exe	Process created: C:\Users\user\AppData\Roaming\Seznam.cz\szninstall.exe "C:\Users\user\AppData\Roaming\Seznam.cz\szninstall.exe" -s -u -i cz.seznam.software.autoupdate szn-software-listicka
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup-lt.exe	Process created: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\UNZIP.EXE C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\unzip.exe -d C:\Users\user\AppData\Local\Temp\~006A18C4.00001B74.sznpkg -o C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\download\cz.seznam.software.sznsetup-1.2.7-win32.zip
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup-lt.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /S /C "install.bat C:\Users\user\AppData\Roaming\Seznam.cz"
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup-lt.exe	Process created: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\UNZIP.EXE C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\unzip.exe -d C:\Users\user\AppData\Local\Temp\~006A1AF6.00001B74.sznpkg -o C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\download\cz.seznam.software.szninstall-1.1.15-win32.zip
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup-lt.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /S /C "install.bat C:\Users\user\AppData\Roaming\Seznam.cz"
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --from-ie-to-edge=3 --ie-frame-hwnd=602e8
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\REG.EXE REG DELETE "HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SeznamInstall" /f /va
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\REG.EXE REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SeznamInstall" /f
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\REG.EXE REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SeznamInstall" /f /v "InstallLocation" /d C:\Users\user\AppData\Roaming\Seznam.cz
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\REG.EXE REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SeznamInstall" /f /v "DisplayName" /d "Seznam Software"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\REG.EXE REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SeznamInstall" /f /v "DisplayIcon" /d "C:\Users\user\AppData\Roaming\Seznam.cz\szninstall.exe,0"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\REG.EXE REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SeznamInstall" /f /v "UninstallString" /d "\"C:\Users\user\AppData\Roaming\Seznam.cz\szninstall.exe\" -X"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\REG.EXE REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SeznamInstall" /f /v "ModifyPath" /d "C:\Users\user\AppData\Roaming\Seznam.cz\szninstall.exe"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\REG.EXE REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SeznamInstall" /f /v "Publisher" /d "Seznam.cz"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\REG.EXE REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SeznamInstall" /f /v "URLInfoAbout" /d "http://software.seznam.cz"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\REG.EXE REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SeznamInstall" /f /v "InstallLocation" /d C:\Users\user\AppData\Roaming\Seznam.cz
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\REG.EXE REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SeznamInstall" /f /v "Comments" /d "Vsechny aplikace spolecnosti Seznam.cz a.s."
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\REG.EXE REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SeznamInstall" /f /v "NoRepair" /t REG_DWORD /d 1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\REG.EXE REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SeznamInstall" /f /v "NoModify" /t REG_DWORD /d 0
Source: C:\Users\user\AppData\Roaming\Seznam.cz\szninstall.exe	Process created: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe -V
Source: C:\Users\user\AppData\Roaming\Seznam.cz\szninstall.exe	Process created: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe -T C:\Users\user\AppData\Roaming\Seznam.cz -i -u cz.seznam.software.autoupdate szn-software-listicka -p
Source: C:\Users\user\AppData\Roaming\Seznam.cz\szninstall.exe	Process created: C:\Users\user\AppData\Roaming\Seznam.cz\szninstall.exe "C:\Users\user\AppData\Roaming\Seznam.cz\szninstall.exe" -S 49764
Source: C:\Users\user\AppData\Roaming\Seznam.cz\szninstall.exe	Process created: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe -V
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\UNZIP.EXE C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\unzip.exe -d C:\Users\user\AppData\Local\Temp\~006A81A0.00000DD4.sznpkg -o C:\Users\user\AppData\Roaming\Seznam.cz\install\cz.seznam.software.autoupdate-1.0.8-win32.zip
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /S /C "install.bat C:\Users\user\AppData\Roaming\Seznam.cz"
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\UNZIP.EXE C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\unzip.exe -d C:\Users\user\AppData\Local\Temp\~006A8374.00000DD4.sznpkg -o C:\Users\user\AppData\Roaming\Seznam.cz\install\szn-software-base-1.0.0-win32.zip
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /S /C "install.bat C:\Users\user\AppData\Roaming\Seznam.cz"
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\UNZIP.EXE C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\unzip.exe -d C:\Users\user\AppData\Local\Temp\~006A848E.00000DD4.sznpkg -o C:\Users\user\AppData\Roaming\Seznam.cz\install\com.microsoft.msdn.msvcr110-11.0.51106.1-win32.zip
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /S /C "install.bat C:\Users\user\AppData\Roaming\Seznam.cz"
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\UNZIP.EXE C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\unzip.exe -d C:\Users\user\AppData\Local\Temp\~006A8960.00000DD4.sznpkg -o C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\download\cz.seznam.software.lightspeed-1210-12.10.18-win32.zip
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /S /C "install.bat C:\Users\user\AppData\Roaming\Seznam.cz"
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\UNZIP.EXE C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\unzip.exe -d C:\Users\user\AppData\Local\Temp\~006A8B64.00000DD4.sznpkg -o C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\download\cz.seznam.software.libszndesktop-2.1.35-win32.zip
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /S /C "install.bat C:\Users\user\AppData\Roaming\Seznam.cz"
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\UNZIP.EXE C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\unzip.exe -d C:\Users\user\AppData\Local\Temp\~006A9140.00000DD4.sznpkg -o C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\download\cz.seznam.software.szndesktop-2.0.32-win32.zip
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /S /C "install.bat C:\Users\user\AppData\Roaming\Seznam.cz"
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\UNZIP.EXE C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\unzip.exe -d C:\Users\user\AppData\Local\Temp\~006A93FF.00000DD4.sznpkg -o C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\download\cz.seznam.software.libfoxcub-3.3.8-win32.zip
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /S /C "install.bat C:\Users\user\AppData\Roaming\Seznam.cz"
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\UNZIP.EXE C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\unzip.exe -d C:\Users\user\AppData\Local\Temp\~006AA61F.00000DD4.sznpkg -o C:\Users\user\AppData\Roaming\Seznam.cz\install\cz.seznam.software.libfoxloader-3.2.7-win32.zip
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /S /C "install.bat C:\Users\user\AppData\Roaming\Seznam.cz"
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\UNZIP.EXE C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\unzip.exe -d C:\Users\user\AppData\Local\Temp\~006AA7B6.00000DD4.sznpkg -o C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\download\cz.seznam.software.libfoxcub64-3.3.8-win32.zip
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /S /C "install.bat C:\Users\user\AppData\Roaming\Seznam.cz"
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\UNZIP.EXE C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\unzip.exe -d C:\Users\user\AppData\Local\Temp\~006AB17A.00000DD4.sznpkg -o C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\download\cz.seznam.software.ielisticka3-3.3.5-win32.zip
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /S /C "install.bat C:\Users\user\AppData\Roaming\Seznam.cz"
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\UNZIP.EXE C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\unzip.exe -d C:\Users\user\AppData\Local\Temp\~006AB2D1.00000DD4.sznpkg -o C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\download\szn-software-fflisticka-4.0.8-win32.zip
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /S /C "install.bat C:\Users\user\AppData\Roaming\Seznam.cz"
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\UNZIP.EXE C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\unzip.exe -d C:\Users\user\AppData\Local\Temp\~006AC669.00000DD4.sznpkg -o C:\Users\user\AppData\Roaming\Seznam.cz\install\cz.seznam.software.chromelisticka-2.0.4-win32.zip
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /S /C "install.bat C:\Users\user\AppData\Roaming\Seznam.cz"
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\UNZIP.EXE C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\unzip.exe -d C:\Users\user\AppData\Local\Temp\~006AD463.00000DD4.sznpkg -o C:\Users\user\AppData\Roaming\Seznam.cz\install\com.microsoft.msdn.msvcr100-10.0.40219.325-win32.zip
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /S /C "install.bat C:\Users\user\AppData\Roaming\Seznam.cz"
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\UNZIP.EXE C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\unzip.exe -d C:\Users\user\AppData\Local\Temp\~006AD780.00000DD4.sznpkg -o C:\Users\user\AppData\Roaming\Seznam.cz\install\cz.seznam.software.pp-1.0.2-win32.zip
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\CPY.EXE cpy libfoxcub.conf "C:\Users\user\AppData\Roaming\Seznam.cz\conf\szndesktop.d"
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\UNZIP.EXE C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\unzip.exe -d C:\Users\user\AppData\Local\Temp\~006AE03A.00000DD4.sznpkg -o C:\Users\user\AppData\Roaming\Seznam.cz\install\szn-software-listicka-3.0.0-win32.zip
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /S /C "install.bat C:\Users\user\AppData\Roaming\Seznam.cz"
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /S /C "C:\Users\user\AppData\Roaming\Seznam.cz\uninstall\cz_seznam_software_libszndesktop_2_1_35.reconfigure.bat C:\Users\user\AppData\Roaming\Seznam.cz"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\REG.EXE REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /f /v "cz.seznam.software.autoupdate" /d "\"C:\Users\user\AppData\Roaming\Seznam.cz\szninstall.exe\" -c"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\CPY.EXE cpy msvcp110.dll "C:\Users\user\AppData\Roaming\Seznam.cz\bin"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\CPY.EXE cpy msvcr110.dll "C:\Users\user\AppData\Roaming\Seznam.cz\bin"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\CPY.EXE cpy lightspeed.dll "C:\Users\user\AppData\Roaming\Seznam.cz\bin"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\CPY.EXE cpy "szndesktop.exe" "C:\Users\user\AppData\Roaming\Seznam.cz\bin"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\CPY.EXE cpy "szndesktop.conf" "C:\Users\user\AppData\Roaming\Seznam.cz\conf"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\CPY.EXE cpy "szndesktop.webpak" "C:\Users\user\AppData\Roaming\Seznam.cz\data"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\CPY.EXE cpy "sznpp.exe" "C:\Users\user\AppData\Roaming\Seznam.cz\bin"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\REG.EXE reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SeznamInstall" /v DisplayVersion /t REG_SZ /d "2.1.35" /f
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\CPY.EXE cpy "wszndesktop.exe" "C:\Users\user\AppData\Roaming\Seznam.cz\bin"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\REG.EXE REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /f /v "cz.seznam.software.szndesktop" /d "\"C:\Users\user\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe\" -q"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\CPY.EXE cpy libfoxcub.dll "C:\Users\user\AppData\Roaming\Seznam.cz\bin"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\CPY.EXE cpy libfoxcub-x64.dll "C:\Users\user\AppData\Roaming\Seznam.cz\bin"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\CPY.EXE cpy libfoxcub.conf "C:\Users\user\AppData\Roaming\Seznam.cz\conf\szndesktop.d"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\CPY.EXE cpy foxcub.conf "C:\Users\user\AppData\Roaming\Seznam.cz\conf\libfoxcub"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\CPY.EXE cpy remote.conf "C:\Users\user\AppData\Roaming\Seznam.cz\conf\libfoxcub"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\CPY.EXE cpy listickaconfig.webpak "C:\Users\user\AppData\Roaming\Seznam.cz\data"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\CPY.EXE cpy listickanastaveni.webpak "C:\Users\user\AppData\Roaming\Seznam.cz\data"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\CPY.EXE cpy speeddial.webpak "C:\Users\user\AppData\Roaming\Seznam.cz\data"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe libfoxcub.dll,UpgradeListicka
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\REG.EXE REG QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\szn-software-listicka" /v "UninstallString"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\REG.EXE REG QUERY "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\szn-software-listicka" /v "UninstallString"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\REG.EXE REG DELETE "HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EA837F48-5AD1-443E-AE34-FFE03CBF3099}" /F
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Roaming\Seznam.cz\bin\sznpp.exe "C:\Users\user\AppData\Roaming\Seznam.cz\bin\sznpp.exe" -v report-ielisticka-install --status=0
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\CPY.EXE cpy libfoxcub-x64.dll "C:\Users\user\AppData\Roaming\Seznam.cz\bin"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\CPY.EXE cpy listicka-x64.exe "C:\Users\user\AppData\Roaming\Seznam.cz\bin"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe szndesktop.exe default restart

Very long cmdline option found, this is very uncommon (may be encrypted or packed)

Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\UNZIP.EXE c:\users\user\appdata\local\temp\~006a2de2.00000dd4.sznpkg\unzip.exe -d c:\users\user\appdata\local\temp\~006a8960.00000dd4.sznpkg -o c:\users\user\appdata\local\temp\~006a2de2.00000dd4.sznpkg\download\cz.seznam.software.lightspeed-1210-12.10.18-win32.zip
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\UNZIP.EXE c:\users\user\appdata\local\temp\~006a2de2.00000dd4.sznpkg\unzip.exe -d c:\users\user\appdata\local\temp\~006a8b64.00000dd4.sznpkg -o c:\users\user\appdata\local\temp\~006a2de2.00000dd4.sznpkg\download\cz.seznam.software.libszndesktop-2.1.35-win32.zip
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\UNZIP.EXE c:\users\user\appdata\local\temp\~006a2de2.00000dd4.sznpkg\unzip.exe -d c:\users\user\appdata\local\temp\~006a8960.00000dd4.sznpkg -o c:\users\user\appdata\local\temp\~006a2de2.00000dd4.sznpkg\download\cz.seznam.software.lightspeed-1210-12.10.18-win32.zip
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\UNZIP.EXE c:\users\user\appdata\local\temp\~006a2de2.00000dd4.sznpkg\unzip.exe -d c:\users\user\appdata\local\temp\~006a8b64.00000dd4.sznpkg -o c:\users\user\appdata\local\temp\~006a2de2.00000dd4.sznpkg\download\cz.seznam.software.libszndesktop-2.1.35-win32.zip

Contains functionality to query CPU information (cpuid)

Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe

Code function: 16_2_04C9EC23 cpuid

16_2_04C9EC23

Contains functionality to query locales information (e.g. system language)

Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	Code function: getlicenselangco,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,wsprintfW,wsprintfW,wsprintfW,GlobalAlloc,GlobalAlloc,lstrcpynW,lstrcpynW,GlobalAlloc,lstrcpynW,GlobalAlloc,lstrcpynW,	16_2_04C92CA0
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	Code function: GlobalAlloc,lstrcpyW,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,ShellExecuteW,	16_2_04C915F0
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	Code function: GetLocaleInfoA,	16_2_04CA0540
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: GetThreadLocale,GetLocaleInfoA,GetACP,	20_2_033DC431
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: GetLocaleInfoA,	20_2_033E79B0
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: InterlockedIncrement,InterlockedIncrement,GetLocaleInfoA,GetLocaleInfoA,GetLocaleInfoA,GetLocaleInfoA,InterlockedIncrement,InterlockedIncrement,GetLocaleInfoA,InterlockedIncrement,InterlockedIncrement,InterlockedIncrement,InterlockedIncrement,	20_2_04043450
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: GetLocaleInfoA,	20_2_0406F48A
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: GetCPInfo,GetLocaleInfoA,GetCPInfo,MultiByteToWideChar,GetCPInfo,_strlen,MultiByteToWideChar,_malloc,_memset,MultiByteToWideChar,WideCharToMultiByte,WideCharToMultiByte,WideCharToMultiByte,__calloc_crt,WideCharToMultiByte,__freea,	20_2_0406F4D1
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: GetLocaleInfoA,_LocaleUpdate::_LocaleUpdate,__isleadbyte_l,___crtGetStringTypeA,	20_2_0406907B
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: _LocaleUpdate::_LocaleUpdate,GetLocaleInfoA,__isctype_l,	20_2_0406A342
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: GetStringTypeW,GetLastError,MultiByteToWideChar,MultiByteToWideChar,_malloc,_memset,MultiByteToWideChar,GetStringTypeW,__freea,___ansicp,GetLocaleInfoA,___convertcp,GetStringTypeA,	20_2_0406EC96
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: GetLocaleInfoA,	20_2_04042FD0
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: InterlockedIncrement,InterlockedIncrement,GetLocaleInfoA,GetLocaleInfoA,GetLocaleInfoA,GetLocaleInfoA,InterlockedIncrement,InterlockedIncrement,GetLocaleInfoA,InterlockedIncrement,InterlockedIncrement,InterlockedIncrement,	20_2_04838D40
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: GetThreadLocale,GetLocaleInfoA,GetACP,	20_2_048724AB
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: GetLocaleInfoA,	20_2_04885422
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: GetLocaleInfoA,	20_2_04837CF0
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: GetLocaleInfoA,GetLocaleInfoA,GetLocaleInfoA,GetNumberFormatA,InterlockedIncrement,	20_2_04839830
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: GetLocaleInfoA,	20_2_04839B90
Source: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\UNZIP.EXE	Code function: GetLocaleInfoA,	38_2_0041713F
Source: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\UNZIP.EXE	Code function: GetLocaleInfoA,IsValidCodePage,IsValidLocale,GetLocaleInfoA,GetLocaleInfoA,	38_2_00416AF5
Source: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\UNZIP.EXE	Code function: GetLocaleInfoW,GetLocaleInfoA,GetLocaleInfoA,GetLocaleInfoW,GetLocaleInfoW,WideCharToMultiByte,	38_2_0041BC50
Source: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\UNZIP.EXE	Code function: EnumSystemLocalesA,	38_2_00417068
Source: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\UNZIP.EXE	Code function: EnumSystemLocalesA,	38_2_00416CCA
Source: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\UNZIP.EXE	Code function: GetLocaleInfoA,	38_2_00411CF0
Source: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\UNZIP.EXE	Code function: GetLocaleInfoA,	38_2_0041709F
Source: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\UNZIP.EXE	Code function: GetLocaleInfoA,	38_2_00411CB0
Source: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\UNZIP.EXE	Code function: GetLocaleInfoA,GetLocaleInfoA,GetLocaleInfoA,	38_2_00416D51
Source: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\UNZIP.EXE	Code function: GetLocaleInfoW,WideCharToMultiByte,	38_2_0041BD13
Source: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\UNZIP.EXE	Code function: GetLocaleInfoA,	38_2_004171C4
Source: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\UNZIP.EXE	Code function: GetLocaleInfoA,	38_2_0041725C
Source: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\UNZIP.EXE	Code function: EnumSystemLocalesA,	38_2_00416F55
Source: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\UNZIP.EXE	Code function: GetLocaleInfoW,GetLocaleInfoA,GetLocaleInfoW,GetLocaleInfoA,GetLocaleInfoA,MultiByteToWideChar,	38_2_0041BB3D
Source: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\UNZIP.EXE	Code function: GetLocaleInfoA,MultiByteToWideChar,	38_2_0041BBFA
Source: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\UNZIP.EXE	Code function: GetLocaleInfoA,	38_2_00416FAB
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: _Getdateorder,___lc_locale_name_func,__crtGetLocaleInfoEx,	135_2_6C10F5AD
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: wcscmp,wcscmp,_wtol,__crtGetLocaleInfoEx,__crtGetLocaleInfoEx,GetACP,	135_2_6C23EC5A
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: _getptd,IsValidCodePage,wcslen,wcsncpy_s,__crtGetLocaleInfoEx,_GetLocaleNameFromLanguage,_GetLocaleNameFromLanguage,__crtGetLocaleInfoEx,_invoke_watson,	135_2_6C23ECA7
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: __crtGetLocaleInfoEx,wcsncmp,	135_2_6C2C4CA0
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: _getptd,_getptd,GetLocaleInfoW,_wcsicmp,	135_2_6C2C4CEA
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: wcschr,wcschr,_itow_s,__crtGetLocaleInfoEx,	135_2_6C23EDA0
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: _getptd,wcslen,EnumSystemLocalesW,	135_2_6C2C4D98
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: _getptd,wcslen,wcslen,_GetPrimaryLen,EnumSystemLocalesW,	135_2_6C2C4DD8
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: _getptd,wcslen,_GetPrimaryLen,EnumSystemLocalesW,	135_2_6C2C4E55
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: _getptd,_getptd,GetLocaleInfoW,_wcsicmp,GetLocaleInfoW,_wcsicmp,_wcsnicmp,wcslen,GetLocaleInfoW,_wcsicmp,wcslen,_wcsicmp,	135_2_6C2C4ED8
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: __crtGetUserDefaultLocaleName,wcslen,wcsncpy_s,_invoke_watson,__crtEnumSystemLocalesEx,	135_2_6C23EF84
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: wcslen,__crtEnumSystemLocalesEx,	135_2_6C2C4BA5
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: _getptd,__crtGetLocaleInfoEx,_wcsicmp,wcslen,wcsncpy_s,_invoke_watson,	135_2_6C2C4BEF
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: _getptd,wcsncpy_s,wcslen,wcscmp,wcscmp,memcpy,wcscpy_s,wcscpy_s,wcslen,wcsncpy_s,wcsncpy_s,__crtIsValidLocaleName,__crtGetLocaleInfoEx,GetACP,wcsncpy_s,wcsncpy_s,wcsncpy_s,wcslen,wcsncpy_s,_invoke_watson,_errno,	135_2_6C23418F
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: __crtEnumSystemLocalesEx,EnumSystemLocalesW,	135_2_6C2C1C7E
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: __crtGetLocaleInfoEx,GetLocaleInfoW,	135_2_6C2C1D04
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: __crtGetLocaleInfoEx,__crtGetLocaleInfoEx,WideCharToMultiByte,_freea_s,malloc,	135_2_6C23DD7B
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: __crtGetLocaleInfoEx,free,_calloc_crt,strncpy_s,__crtGetLocaleInfoEx,_calloc_crt,__crtGetLocaleInfoEx,GetLastError,_calloc_crt,free,free,_invoke_watson,_malloc_crt,memcpy,_siglookup,	135_2_6C23DEF1
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: _getptd,__crtGetLocaleInfoEx,	135_2_6C245941
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: __crtGetLocaleInfoEx,_wcsicmp,wcslen,wcsncpy_s,_getptd,__crtGetLocaleInfoEx,_wcsicmp,__crtGetLocaleInfoEx,_wcsicmp,_wcsnicmp,_TestDefaultCountry,wcslen,wcsncpy_s,wcslen,_TestDefaultCountry,wcslen,_invoke_watson,__crtGetLocaleInfoEx,	135_2_6C245942
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: wcslen,wcslen,__crtEnumSystemLocalesEx,	135_2_6C245B73
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: _getptd,_getptd,GetLocaleInfoW,_wcsicmp,_wcsicmp,	135_2_6C2C50CB
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: wcscmp,wcscmp,GetLocaleInfoW,_wtol,GetLocaleInfoW,GetACP,	135_2_6C2C51F3
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: _getptd,GetLocaleInfoW,_GetPrimaryLen,wcslen,	135_2_6C2C52B4
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: wcschr,wcslen,_calloc_crt,wcslen,wcscpy_s,SetEnvironmentVariableW,free,_errno,_errno,_invalid_parameter_noinfo,___crtGetEnvironmentStringsW,___mbtow_environ,_malloc_crt,_malloc_crt,free,__recalloc_crt,__recalloc_crt,_errno,free,free,_invoke_watson,_invoke_watson,__crtEnumSystemLocalesEx,	135_2_6C24B2F1
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: _getptd,memset,_getptd,_GetLcidFromCountry,GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,_itow_s,	135_2_6C2C531C

Queries the volume information (name, serial number etc) of a device

Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\PicasaPhotoViewer.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-PhotoBasic-PictureTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation
Source: C:\Program Files (x86)\Google\Picasa3\PicasaPhotoViewer.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-PhotoBasic-PictureTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\UNZIP.EXE	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\UNZIP.EXE	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\UNZIP.EXE	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\UNZIP.EXE	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\SysWOW64\cmd.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\UNZIP.EXE	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\UNZIP.EXE	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\UNZIP.EXE	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\SysWOW64\cmd.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\UNZIP.EXE	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\UNZIP.EXE	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\SysWOW64\cmd.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\SysWOW64\cmd.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\SysWOW64\cmd.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\SysWOW64\cmd.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\UNZIP.EXE	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\SysWOW64\cmd.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\SysWOW64\cmd.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\UNZIP.EXE	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\SysWOW64\cmd.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\SysWOW64\cmd.exe	Queries volume information: C:\ VolumeInformation

Source: C:\Users\user\Desktop\1a4e5ccd35a56d84281a143f831563be.exe

Code function: 15_2_73A33F50 GetSystemTimeAsFileTime,GetCurrentProcessId,GetCurrentThreadId,GetTickCount,QueryPerformanceCounter,

15_2_73A33F50

Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe

Code function: 20_2_04820580 __time64,GetTimeZoneInformation,

20_2_04820580

Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe

Code function: 16_2_04C920F0 GlobalAlloc,MessageBoxW,GetVersion,GetFileAttributesW,SHGetSpecialFolderPathW,SHGetSpecialFolderPathW,SHGetSpecialFolderPathW,_wcsrchr,

16_2_04C920F0

Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\sznpp.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Contains functionality to open a port and listen for incoming connection (possibly a backdoor)

Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: 135_2_6C28859A ??0exception@std@@QAE@XZ,??0exception@std@@QAE@XZ,_CxxThrowException,Concurrency::details::WorkItem::BindTo,Concurrency::details::SchedulerBase::ReleaseInternalContext,Concurrency::details::SchedulerBase::ReleaseInternalContext,	135_2_6C28859A
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: 135_2_6C28839B Concurrency::details::WorkItem::BindTo,Concurrency::details::SchedulerBase::ReleaseInternalContext,	135_2_6C28839B
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: 135_2_6C375110 InterlockedIncrement,__RTDynamicCast,InterlockedIncrement,_CxxThrowException,InterlockedIncrement,_CxxThrowException,socket,htons,WSAGetLastError,_CxxThrowException,SetHandleInformation,setsockopt,setsockopt,ioctlsocket,setsockopt,bind,WSAGetLastError,_CxxThrowException,listen,WSAGetLastError,_CxxThrowException,	135_2_6C375110
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: 135_2_6C376830 getaddrinfo,#74,WSAGetLastError,_CxxThrowException,freeaddrinfo,socket,WSAGetLastError,_CxxThrowException,bind,WSAGetLastError,_CxxThrowException,ioctlsocket,setsockopt,socket,WSAGetLastError,_CxxThrowException,	135_2_6C376830

Windows Analysis Report
563299efce875400a8d9b44b96597c8e-sample (1).zip

Overview

General Information

Detection

Signatures

Classification

Signatures

Cryptography

Phishing

Compliance

Spreading

Software Vulnerabilities

Networking

Spam, unwanted Advertisements and Ransom Demands

DDoS

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Remote Access Functionality

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

ID:	1524026
Product:	CloudBasic
Start time:	12:14:51
Start date:	02.10.2024
Sample:	563299efce875400a8d9b44b96597c8e-sample (1).zip
Cookbook:	defaultwindowsinteractivecookbook.jbs
System description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Architecture:	WINDOWS
MD5:	8625e1f9e8548342a4f9f1641a1ae4eb
SHA1:	3b602c272347d14cc91e07bf0dae686d768d7965
SHA256:	11fe7a13ad470ff3c39423f1ebb5b7abff8cf8a656d2ac97c0183d680d07687c
Filetype:	ZIP compressed archive (8000/1) 99.91%

Windows Analysis Report 563299efce875400a8d9b44b96597c8e-sample (1).zip

Overview

General Information

Detection

Signatures

Classification

Signatures

Cryptography

Phishing

Compliance

Spreading

Software Vulnerabilities

Networking

Spam, unwanted Advertisements and Ransom Demands

DDoS

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Remote Access Functionality

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

Windows Analysis Report
563299efce875400a8d9b44b96597c8e-sample (1).zip