Edit tour

Windows Analysis Report
563299efce875400a8d9b44b96597c8e-sample (1).zip

Overview

General Information

Sample name:	563299efce875400a8d9b44b96597c8e-sample (1).zip
Analysis ID:	1524026
MD5:	8625e1f9e8548342a4f9f1641a1ae4eb
SHA1:	3b602c272347d14cc91e07bf0dae686d768d7965
SHA256:	11fe7a13ad470ff3c39423f1ebb5b7abff8cf8a656d2ac97c0183d680d07687c
Infos:

Detection

Score:	72
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Submitted sample is a known malware sample

Creates an undocumented autostart registry key

Creates multiple autostart registry keys

Drops PE files with a suspicious file extension

Drops executables to the windows directory (C:\Windows) and starts them

Queries Google from non browser process on port 80

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Uses cmd line tools excessively to alter registry or file data

Writes many files with high entropy

Contains functionality to call native functions

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)

Contains functionality to check if a window is minimized (may be used to check if an application is visible)

Contains functionality to create guard pages, often used to hinder reverse engineering and debugging

Contains functionality to dynamically determine API calls

Contains functionality to open a port and listen for incoming connection (possibly a backdoor)

Contains functionality to query CPU information (cpuid)

Contains functionality to query locales information (e.g. system language)

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Creates a process in suspended mode (likely to inject code)

Creates files inside the system directory

Creates or modifies windows services

Detected potential crypto function

Drops PE files

Drops PE files to the windows directory (C:\Windows)

Drops files with a non-matching file extension (content does not match file extension)

Extensive use of GetProcAddress (often used to hide API calls)

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Found dropped PE file which has not been started or loaded

Found evasive API chain (date check)

Found evasive API chain (may stop execution after checking a module file name)

Found large amount of non-executed APIs

Found potential string decryption / allocating functions

HTTP GET or POST without a user agent

Launches processes in debugging mode, may be used to hinder debugging

May infect USB drives

May sleep (evasive loops) to hinder dynamic analysis

Monitors certain registry keys / values for changes (often done to protect autostart functionality)

Potential browser exploit detected (process start blacklist hit)

Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)

Queries sensitive Operating System Information (via WMI, Win32_ComputerSystem, often done to detect virtual machines)

Queries the volume information (name, serial number etc) of a device

Sample execution stops while process was sleeping (likely an evasion)

Sigma detected: Common Autorun Keys Modification

Sigma detected: CurrentVersion Autorun Keys Modification

Sigma detected: Direct Autorun Keys Modification

Sigma detected: Potential Persistence Attempt Via Run Keys Using Reg.EXE

Sigma detected: Suspicious Screensaver Binary File Creation

Sigma detected: Use Short Name Path in Command Line

Sleep loop found (likely to delay execution)

Stores files to the Windows start menu directory

Suricata IDS alerts with low severity for network traffic

Too many similar processes found

Uses Microsoft's Enhanced Cryptographic Provider

Uses code obfuscation techniques (call, push, ret)

Uses reg.exe to modify the Windows registry

Very long cmdline option found, this is very uncommon (may be encrypted or packed)

Classification

Process Tree

System is w10x64_ra

rundll32.exe (PID: 6652 cmdline: C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding MD5: EF3179D498793BF4234F708D3BE28633)

1a4e5ccd35a56d84281a143f831563be.exe (PID: 6472 cmdline: "C:\Users\user\Desktop\1a4e5ccd35a56d84281a143f831563be.exe" MD5: 1A4E5CCD35A56D84281A143F831563BE)

1a4e5ccd35a56d84281a143f831563be.exe (PID: 7100 cmdline: "C:\Users\user\Desktop\1a4e5ccd35a56d84281a143f831563be.exe" MD5: 1A4E5CCD35A56D84281A143F831563BE)

setuppicasa39-setup.exe (PID: 6028 cmdline: setuppicasa39-setup.exe MD5: 3DF3D3C125D3BB1A5BD55E88F9E48920)

GPhotos.scr (PID: 5508 cmdline: "C:\Windows\system32\GPhotos.scr" /c /installcheck MD5: 404C6C3C3A59784456DA52660F86C52B)

Picasa3.exe (PID: 3668 cmdline: "C:\Program Files (x86)\Google\Picasa3\Picasa3.exe" /register MD5: 6AD50A491F52B1CBECE23B603037FBDF)

listicka.exe (PID: 4416 cmdline: listicka.exe /S MD5: B29BFD8EE3A426894B4CA3753E5B62A8)

sznsetup-lt.exe (PID: 2412 cmdline: "C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup-lt.exe" -T "C:\Users\user\AppData\Roaming\Seznam.cz" -R "$\install" http://download.seznam.cz/update MD5: 9033DBEE427815F396F63928C3273862)

conhost.exe (PID: 2932 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

sznsetup-lt.exe (PID: 7028 cmdline: "C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup-lt.exe" -T "C:\Users\user\AppData\Roaming\Seznam.cz" -i cz.seznam.software.szninstall MD5: 9033DBEE427815F396F63928C3273862)

conhost.exe (PID: 5744 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

UNZIP.EXE (PID: 6816 cmdline: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\unzip.exe -d C:\Users\user\AppData\Local\Temp\~006A18C4.00001B74.sznpkg -o C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\download\cz.seznam.software.sznsetup-1.2.7-win32.zip MD5: 3FC25896B5B2FB8E20F28FAB8C0E1143)

cmd.exe (PID: 1108 cmdline: cmd /S /C "install.bat C:\Users\user\AppData\Roaming\Seznam.cz" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

UNZIP.EXE (PID: 5988 cmdline: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\unzip.exe -d C:\Users\user\AppData\Local\Temp\~006A1AF6.00001B74.sznpkg -o C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\download\cz.seznam.software.szninstall-1.1.15-win32.zip MD5: 3FC25896B5B2FB8E20F28FAB8C0E1143)

cmd.exe (PID: 6416 cmdline: cmd /S /C "install.bat C:\Users\user\AppData\Roaming\Seznam.cz" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

REG.EXE (PID: 2576 cmdline: REG DELETE "HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SeznamInstall" /f /va MD5: F0C0D05727A4E1E91F4347C2270500AA)

REG.EXE (PID: 3224 cmdline: REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SeznamInstall" /f MD5: F0C0D05727A4E1E91F4347C2270500AA)

REG.EXE (PID: 4796 cmdline: REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SeznamInstall" /f /v "InstallLocation" /d C:\Users\user\AppData\Roaming\Seznam.cz MD5: F0C0D05727A4E1E91F4347C2270500AA)

REG.EXE (PID: 2980 cmdline: REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SeznamInstall" /f /v "DisplayName" /d "Seznam Software" MD5: F0C0D05727A4E1E91F4347C2270500AA)

REG.EXE (PID: 5428 cmdline: REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SeznamInstall" /f /v "DisplayIcon" /d "C:\Users\user\AppData\Roaming\Seznam.cz\szninstall.exe,0" MD5: F0C0D05727A4E1E91F4347C2270500AA)

REG.EXE (PID: 5920 cmdline: REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SeznamInstall" /f /v "UninstallString" /d "\"C:\Users\user\AppData\Roaming\Seznam.cz\szninstall.exe\" -X" MD5: F0C0D05727A4E1E91F4347C2270500AA)

REG.EXE (PID: 3688 cmdline: REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SeznamInstall" /f /v "ModifyPath" /d "C:\Users\user\AppData\Roaming\Seznam.cz\szninstall.exe" MD5: F0C0D05727A4E1E91F4347C2270500AA)

REG.EXE (PID: 2604 cmdline: REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SeznamInstall" /f /v "Publisher" /d "Seznam.cz" MD5: F0C0D05727A4E1E91F4347C2270500AA)

REG.EXE (PID: 4372 cmdline: REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SeznamInstall" /f /v "URLInfoAbout" /d "http://software.seznam.cz" MD5: F0C0D05727A4E1E91F4347C2270500AA)

REG.EXE (PID: 4796 cmdline: REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SeznamInstall" /f /v "HelpLink" /d "http://napoveda.seznam.cz/cz/software.html" MD5: F0C0D05727A4E1E91F4347C2270500AA)

REG.EXE (PID: 3408 cmdline: REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SeznamInstall" /f /v "Comments" /d "Vsechny aplikace spolecnosti Seznam.cz a.s." MD5: F0C0D05727A4E1E91F4347C2270500AA)

REG.EXE (PID: 6044 cmdline: REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SeznamInstall" /f /v "NoRepair" /t REG_DWORD /d 1 MD5: F0C0D05727A4E1E91F4347C2270500AA)

REG.EXE (PID: 4112 cmdline: REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SeznamInstall" /f /v "NoModify" /t REG_DWORD /d 0 MD5: F0C0D05727A4E1E91F4347C2270500AA)

szninstall.exe (PID: 5736 cmdline: "C:\Users\user\AppData\Roaming\Seznam.cz\szninstall.exe" -s -u -i cz.seznam.software.autoupdate szn-software-listicka MD5: C73E94B86ED9B6BDFF199BB7E8BF9D77)

sznsetup.exe (PID: 3940 cmdline: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe -V MD5: D0F5D99C74D568EB9909C7582A775DC7)

conhost.exe (PID: 4132 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

sznsetup.exe (PID: 3540 cmdline: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe -T C:\Users\user\AppData\Roaming\Seznam.cz -i -u cz.seznam.software.autoupdate szn-software-listicka -p MD5: D0F5D99C74D568EB9909C7582A775DC7)

conhost.exe (PID: 5232 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

UNZIP.EXE (PID: 2332 cmdline: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\unzip.exe -d C:\Users\user\AppData\Local\Temp\~006A81A0.00000DD4.sznpkg -o C:\Users\user\AppData\Roaming\Seznam.cz\install\cz.seznam.software.autoupdate-1.0.8-win32.zip MD5: 3FC25896B5B2FB8E20F28FAB8C0E1143)

conhost.exe (PID: 2084 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

cmd.exe (PID: 4956 cmdline: cmd /S /C "install.bat C:\Users\user\AppData\Roaming\Seznam.cz" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

conhost.exe (PID: 2188 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

REG.EXE (PID: 7404 cmdline: REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /f /v "cz.seznam.software.autoupdate" /d "\"C:\Users\user\AppData\Roaming\Seznam.cz\szninstall.exe\" -c" MD5: F0C0D05727A4E1E91F4347C2270500AA)

UNZIP.EXE (PID: 7348 cmdline: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\unzip.exe -d C:\Users\user\AppData\Local\Temp\~006A8374.00000DD4.sznpkg -o C:\Users\user\AppData\Roaming\Seznam.cz\install\szn-software-base-1.0.0-win32.zip MD5: 3FC25896B5B2FB8E20F28FAB8C0E1143)

conhost.exe (PID: 7384 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

cmd.exe (PID: 7420 cmdline: cmd /S /C "install.bat C:\Users\user\AppData\Roaming\Seznam.cz" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

conhost.exe (PID: 7452 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

UNZIP.EXE (PID: 7180 cmdline: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\unzip.exe -d C:\Users\user\AppData\Local\Temp\~006A848E.00000DD4.sznpkg -o C:\Users\user\AppData\Roaming\Seznam.cz\install\com.microsoft.msdn.msvcr110-11.0.51106.1-win32.zip MD5: 3FC25896B5B2FB8E20F28FAB8C0E1143)

conhost.exe (PID: 6464 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

cmd.exe (PID: 932 cmdline: cmd /S /C "install.bat C:\Users\user\AppData\Roaming\Seznam.cz" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

conhost.exe (PID: 304 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

CPY.EXE (PID: 4052 cmdline: cpy msvcp110.dll "C:\Users\user\AppData\Roaming\Seznam.cz\bin" MD5: 68F44C9CCFF3A00B357BD2006F536AA1)

CPY.EXE (PID: 7588 cmdline: cpy msvcr110.dll "C:\Users\user\AppData\Roaming\Seznam.cz\bin" MD5: 68F44C9CCFF3A00B357BD2006F536AA1)

UNZIP.EXE (PID: 72 cmdline: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\unzip.exe -d C:\Users\user\AppData\Local\Temp\~006A8960.00000DD4.sznpkg -o C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\download\cz.seznam.software.lightspeed-1210-12.10.18-win32.zip MD5: 3FC25896B5B2FB8E20F28FAB8C0E1143)

conhost.exe (PID: 4184 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

cmd.exe (PID: 6292 cmdline: cmd /S /C "install.bat C:\Users\user\AppData\Roaming\Seznam.cz" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

conhost.exe (PID: 3616 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

CPY.EXE (PID: 3908 cmdline: cpy lightspeed.dll "C:\Users\user\AppData\Roaming\Seznam.cz\bin" MD5: 68F44C9CCFF3A00B357BD2006F536AA1)

UNZIP.EXE (PID: 5476 cmdline: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\unzip.exe -d C:\Users\user\AppData\Local\Temp\~006A8B64.00000DD4.sznpkg -o C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\download\cz.seznam.software.libszndesktop-2.1.35-win32.zip MD5: 3FC25896B5B2FB8E20F28FAB8C0E1143)

conhost.exe (PID: 3916 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

cmd.exe (PID: 2136 cmdline: cmd /S /C "install.bat C:\Users\user\AppData\Roaming\Seznam.cz" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

conhost.exe (PID: 2080 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

CPY.EXE (PID: 7704 cmdline: cpy "szndesktop.exe" "C:\Users\user\AppData\Roaming\Seznam.cz\bin" MD5: 68F44C9CCFF3A00B357BD2006F536AA1)

CPY.EXE (PID: 7700 cmdline: cpy "szndesktop.conf" "C:\Users\user\AppData\Roaming\Seznam.cz\conf" MD5: 68F44C9CCFF3A00B357BD2006F536AA1)

CPY.EXE (PID: 7772 cmdline: cpy "szndesktop.webpak" "C:\Users\user\AppData\Roaming\Seznam.cz\data" MD5: 68F44C9CCFF3A00B357BD2006F536AA1)

CPY.EXE (PID: 7776 cmdline: cpy "sznpp.exe" "C:\Users\user\AppData\Roaming\Seznam.cz\bin" MD5: 68F44C9CCFF3A00B357BD2006F536AA1)

REG.EXE (PID: 7788 cmdline: reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SeznamInstall" /v DisplayVersion /t REG_SZ /d "2.1.35" /f MD5: F0C0D05727A4E1E91F4347C2270500AA)

UNZIP.EXE (PID: 7804 cmdline: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\unzip.exe -d C:\Users\user\AppData\Local\Temp\~006A9140.00000DD4.sznpkg -o C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\download\cz.seznam.software.szndesktop-2.0.32-win32.zip MD5: 3FC25896B5B2FB8E20F28FAB8C0E1143)

conhost.exe (PID: 7844 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

cmd.exe (PID: 7856 cmdline: cmd /S /C "install.bat C:\Users\user\AppData\Roaming\Seznam.cz" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

conhost.exe (PID: 7872 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

CPY.EXE (PID: 704 cmdline: cpy "wszndesktop.exe" "C:\Users\user\AppData\Roaming\Seznam.cz\bin" MD5: 68F44C9CCFF3A00B357BD2006F536AA1)

REG.EXE (PID: 6764 cmdline: REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /f /v "cz.seznam.software.szndesktop" /d "\"C:\Users\user\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe\" -q" MD5: F0C0D05727A4E1E91F4347C2270500AA)

UNZIP.EXE (PID: 4244 cmdline: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\unzip.exe -d C:\Users\user\AppData\Local\Temp\~006A93FF.00000DD4.sznpkg -o C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\download\cz.seznam.software.libfoxcub-3.3.8-win32.zip MD5: 3FC25896B5B2FB8E20F28FAB8C0E1143)

conhost.exe (PID: 4020 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

cmd.exe (PID: 424 cmdline: cmd /S /C "install.bat C:\Users\user\AppData\Roaming\Seznam.cz" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

conhost.exe (PID: 6608 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

CPY.EXE (PID: 2416 cmdline: cpy libfoxcub.dll "C:\Users\user\AppData\Roaming\Seznam.cz\bin" MD5: 68F44C9CCFF3A00B357BD2006F536AA1)

CPY.EXE (PID: 2476 cmdline: cpy libfoxcub-x64.dll "C:\Users\user\AppData\Roaming\Seznam.cz\bin" MD5: 68F44C9CCFF3A00B357BD2006F536AA1)

CPY.EXE (PID: 3852 cmdline: cpy libfoxcub.conf "C:\Users\user\AppData\Roaming\Seznam.cz\conf\szndesktop.d" MD5: 68F44C9CCFF3A00B357BD2006F536AA1)

CPY.EXE (PID: 2960 cmdline: cpy foxcub.conf "C:\Users\user\AppData\Roaming\Seznam.cz\conf\libfoxcub" MD5: 68F44C9CCFF3A00B357BD2006F536AA1)

CPY.EXE (PID: 2816 cmdline: cpy remote.conf "C:\Users\user\AppData\Roaming\Seznam.cz\conf\libfoxcub" MD5: 68F44C9CCFF3A00B357BD2006F536AA1)

CPY.EXE (PID: 3456 cmdline: cpy listickaconfig.webpak "C:\Users\user\AppData\Roaming\Seznam.cz\data" MD5: 68F44C9CCFF3A00B357BD2006F536AA1)

CPY.EXE (PID: 5076 cmdline: cpy listickanastaveni.webpak "C:\Users\user\AppData\Roaming\Seznam.cz\data" MD5: 68F44C9CCFF3A00B357BD2006F536AA1)

CPY.EXE (PID: 1428 cmdline: cpy speeddial.webpak "C:\Users\user\AppData\Roaming\Seznam.cz\data" MD5: 68F44C9CCFF3A00B357BD2006F536AA1)

rundll32.exe (PID: 2084 cmdline: rundll32.exe libfoxcub.dll,UpgradeListicka MD5: 889B99C52A60DD49227C5E485A016679)

REG.EXE (PID: 2876 cmdline: REG QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\szn-software-listicka" /v "UninstallString" MD5: F0C0D05727A4E1E91F4347C2270500AA)

REG.EXE (PID: 6992 cmdline: REG QUERY "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\szn-software-listicka" /v "UninstallString" MD5: F0C0D05727A4E1E91F4347C2270500AA)

REG.EXE (PID: 2188 cmdline: REG DELETE "HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EA837F48-5AD1-443E-AE34-FFE03CBF3099}" /F MD5: F0C0D05727A4E1E91F4347C2270500AA)

sznpp.exe (PID: 7340 cmdline: "C:\Users\user\AppData\Roaming\Seznam.cz\bin\sznpp.exe" -v report-ielisticka-install --status=0 MD5: 62DF7B2F443CBB0284CB7959AD2228C1)

UNZIP.EXE (PID: 7328 cmdline: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\unzip.exe -d C:\Users\user\AppData\Local\Temp\~006AA61F.00000DD4.sznpkg -o C:\Users\user\AppData\Roaming\Seznam.cz\install\cz.seznam.software.libfoxloader-3.2.7-win32.zip MD5: 3FC25896B5B2FB8E20F28FAB8C0E1143)

conhost.exe (PID: 7324 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

cmd.exe (PID: 1864 cmdline: cmd /S /C "install.bat C:\Users\user\AppData\Roaming\Seznam.cz" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

conhost.exe (PID: 7460 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

UNZIP.EXE (PID: 4584 cmdline: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\unzip.exe -d C:\Users\user\AppData\Local\Temp\~006AA7B6.00000DD4.sznpkg -o C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\download\cz.seznam.software.libfoxcub64-3.3.8-win32.zip MD5: 3FC25896B5B2FB8E20F28FAB8C0E1143)

conhost.exe (PID: 3640 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

cmd.exe (PID: 6496 cmdline: cmd /S /C "install.bat C:\Users\user\AppData\Roaming\Seznam.cz" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

conhost.exe (PID: 5488 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

CPY.EXE (PID: 6484 cmdline: cpy libfoxcub-x64.dll "C:\Users\user\AppData\Roaming\Seznam.cz\bin" MD5: 68F44C9CCFF3A00B357BD2006F536AA1)

CPY.EXE (PID: 5156 cmdline: cpy listicka-x64.exe "C:\Users\user\AppData\Roaming\Seznam.cz\bin" MD5: 68F44C9CCFF3A00B357BD2006F536AA1)

szndesktop.exe (PID: 4888 cmdline: szndesktop.exe default restart MD5: DAC25BB758D6C17C5A8D64CF63702B4E)

szndesktop.exe (PID: 1000 cmdline: szndesktop.exe default restart MD5: DAC25BB758D6C17C5A8D64CF63702B4E)

listicka-x64.exe (PID: 5504 cmdline: "C:\Users\user\AppData\Roaming\Seznam.cz\bin\listicka-x64.exe" MD5: D893A7276D60FD252EAFFE6E91AAC434)

conhost.exe (PID: 5292 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

sznpp.exe (PID: 7156 cmdline: "C:\Users\user\AppData\Roaming\Seznam.cz\bin\sznpp.exe" report-startup MD5: 62DF7B2F443CBB0284CB7959AD2228C1)

UNZIP.EXE (PID: 7584 cmdline: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\unzip.exe -d C:\Users\user\AppData\Local\Temp\~006AB17A.00000DD4.sznpkg -o C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\download\cz.seznam.software.ielisticka3-3.3.5-win32.zip MD5: 3FC25896B5B2FB8E20F28FAB8C0E1143)

conhost.exe (PID: 7180 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

cmd.exe (PID: 6712 cmdline: cmd /S /C "install.bat C:\Users\user\AppData\Roaming\Seznam.cz" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

conhost.exe (PID: 4184 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

UNZIP.EXE (PID: 7672 cmdline: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\unzip.exe -d C:\Users\user\AppData\Local\Temp\~006AB2D1.00000DD4.sznpkg -o C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\download\szn-software-fflisticka-4.0.8-win32.zip MD5: 3FC25896B5B2FB8E20F28FAB8C0E1143)

conhost.exe (PID: 7628 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

cmd.exe (PID: 5860 cmdline: cmd /S /C "install.bat C:\Users\user\AppData\Roaming\Seznam.cz" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

conhost.exe (PID: 2972 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

sznpp.exe (PID: 6508 cmdline: "C:\Users\user\AppData\Roaming\Seznam.cz\bin\sznpp.exe" install_ff "C:\Users\user\AppData\Roaming\Seznam.cz\data\fflisticka\seznam_doplnek_email-4.4.1-fx.xpi" MD5: 62DF7B2F443CBB0284CB7959AD2228C1)

sznpp.exe (PID: 4692 cmdline: "C:\Users\user\AppData\Roaming\Seznam.cz\bin\sznpp.exe" install_ff "C:\Users\user\AppData\Roaming\Seznam.cz\data\fflisticka\sko-extension@firma.seznam.cz.xpi" MD5: 62DF7B2F443CBB0284CB7959AD2228C1)

sznpp.exe (PID: 7720 cmdline: "C:\Users\user\AppData\Roaming\Seznam.cz\bin\sznpp.exe" install-firefox-nm MD5: 62DF7B2F443CBB0284CB7959AD2228C1)

UNZIP.EXE (PID: 3984 cmdline: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\unzip.exe -d C:\Users\user\AppData\Local\Temp\~006AC669.00000DD4.sznpkg -o C:\Users\user\AppData\Roaming\Seznam.cz\install\cz.seznam.software.chromelisticka-2.0.4-win32.zip MD5: 3FC25896B5B2FB8E20F28FAB8C0E1143)

conhost.exe (PID: 7692 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

cmd.exe (PID: 7744 cmdline: cmd /S /C "install.bat C:\Users\user\AppData\Roaming\Seznam.cz" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

conhost.exe (PID: 7776 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

sznpp.exe (PID: 7480 cmdline: "C:\Users\user\AppData\Roaming\Seznam.cz\bin\sznpp.exe" install-chrome all MD5: 62DF7B2F443CBB0284CB7959AD2228C1)

sznpp_64.exe (PID: 7824 cmdline: "C:\Users\user\AppData\Roaming\Seznam.cz\bin\sznpp.exe" install-chrome all MD5: B601F631582DD8D062C306CEB3B7500B)

sznpp.exe (PID: 6776 cmdline: "C:\Users\user\AppData\Roaming\Seznam.cz\bin\sznpp.exe" install-chrome-nm MD5: 62DF7B2F443CBB0284CB7959AD2228C1)

UNZIP.EXE (PID: 6544 cmdline: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\unzip.exe -d C:\Users\user\AppData\Local\Temp\~006AD463.00000DD4.sznpkg -o C:\Users\user\AppData\Roaming\Seznam.cz\install\com.microsoft.msdn.msvcr100-10.0.40219.325-win32.zip MD5: 3FC25896B5B2FB8E20F28FAB8C0E1143)

conhost.exe (PID: 1060 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

cmd.exe (PID: 384 cmdline: cmd /S /C "install.bat C:\Users\user\AppData\Roaming\Seznam.cz" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

conhost.exe (PID: 7864 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

CPY.EXE (PID: 1408 cmdline: cpy msvcp100.dll "C:\Users\user\AppData\Roaming\Seznam.cz\bin" MD5: 68F44C9CCFF3A00B357BD2006F536AA1)

CPY.EXE (PID: 6040 cmdline: cpy msvcr100.dll "C:\Users\user\AppData\Roaming\Seznam.cz\bin" MD5: 68F44C9CCFF3A00B357BD2006F536AA1)

UNZIP.EXE (PID: 6152 cmdline: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\unzip.exe -d C:\Users\user\AppData\Local\Temp\~006AD780.00000DD4.sznpkg -o C:\Users\user\AppData\Roaming\Seznam.cz\install\cz.seznam.software.pp-1.0.2-win32.zip MD5: 3FC25896B5B2FB8E20F28FAB8C0E1143)

conhost.exe (PID: 3176 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

cmd.exe (PID: 3852 cmdline: cmd /S /C "install.bat C:\Users\user\AppData\Roaming\Seznam.cz" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

conhost.exe (PID: 3320 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

CPY.EXE (PID: 552 cmdline: cpy unlockInstance.dll "C:\Users\user\AppData\Roaming\Seznam.cz\bin" MD5: 68F44C9CCFF3A00B357BD2006F536AA1)

CPY.EXE (PID: 3132 cmdline: cpy unlockInstance.conf "C:\Users\user\AppData\Roaming\Seznam.cz\conf\szndesktop.d" MD5: 68F44C9CCFF3A00B357BD2006F536AA1)

szndesktop.exe (PID: 2092 cmdline: szndesktop.exe default restart MD5: DAC25BB758D6C17C5A8D64CF63702B4E)

szndesktop.exe (PID: 3068 cmdline: szndesktop.exe default restart MD5: DAC25BB758D6C17C5A8D64CF63702B4E)

UNZIP.EXE (PID: 7408 cmdline: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\unzip.exe -d C:\Users\user\AppData\Local\Temp\~006AE03A.00000DD4.sznpkg -o C:\Users\user\AppData\Roaming\Seznam.cz\install\szn-software-listicka-3.0.0-win32.zip MD5: 3FC25896B5B2FB8E20F28FAB8C0E1143)

conhost.exe (PID: 7340 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

cmd.exe (PID: 1944 cmdline: cmd /S /C "install.bat C:\Users\user\AppData\Roaming\Seznam.cz" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

conhost.exe (PID: 7332 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

sznsetup.exe (PID: 3720 cmdline: "C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe" -A 49764 cd "C:\Users\user\AppData\Roaming\Seznam.cz" MD5: D0F5D99C74D568EB9909C7582A775DC7)

sznsetup.exe (PID: 612 cmdline: "C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe" -A 49764 "C:\Users\user\AppData\Local\Temp\~006AE03A.00000DD4.sznpkg\install.bat" ADMINPHASE . "C:\Program Files (x86)\Seznam.cz\distribution" MD5: D0F5D99C74D568EB9909C7582A775DC7)

REG.EXE (PID: 7780 cmdline: REG ADD "HKEY_CURRENT_USER\SOFTWARE\Seznam.cz\distribution" /f /v "listicka" /t REG_DWORD /d 1 MD5: F0C0D05727A4E1E91F4347C2270500AA)

cmd.exe (PID: 7764 cmdline: cmd /S /C "C:\Users\user\AppData\Roaming\Seznam.cz\uninstall\cz_seznam_software_libszndesktop_2_1_35.reconfigure.bat C:\Users\user\AppData\Roaming\Seznam.cz" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

conhost.exe (PID: 7876 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

szndesktop.exe (PID: 7776 cmdline: "C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe" default restart MD5: DAC25BB758D6C17C5A8D64CF63702B4E)

szndesktop.exe (PID: 1060 cmdline: "C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe" default restart MD5: DAC25BB758D6C17C5A8D64CF63702B4E)

sznpp.exe (PID: 5344 cmdline: "C:\Users\user\AppData\Roaming\Seznam.cz\bin\sznpp.exe" install-chrome retry MD5: 62DF7B2F443CBB0284CB7959AD2228C1)

conhost.exe (PID: 1416 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

listicka-x64.exe (PID: 5644 cmdline: "C:\Users\user\AppData\Roaming\Seznam.cz\bin\listicka-x64.exe" MD5: D893A7276D60FD252EAFFE6E91AAC434)

conhost.exe (PID: 3300 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

sznpp.exe (PID: 2936 cmdline: "C:\Users\user\AppData\Roaming\Seznam.cz\bin\sznpp.exe" report-startup MD5: 62DF7B2F443CBB0284CB7959AD2228C1)

szninstall.exe (PID: 5908 cmdline: "C:\Users\user\AppData\Roaming\Seznam.cz\szninstall.exe" -S 49764 MD5: C73E94B86ED9B6BDFF199BB7E8BF9D77)

cmd.exe (PID: 5744 cmdline: C:\Windows\system32\cmd.exe /c C:\Users\user\AppData\Local\Temp\~006AE03A.00000DD4.sznpkg\install.bat ADMINPHASE . "C:\Program Files (x86)\Seznam.cz\distribution" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

conhost.exe (PID: 2044 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

sznsetup.exe (PID: 4692 cmdline: ".\sznsetup.exe" -T "C:\Program Files (x86)\Seznam.cz\distribution" -R "C:\Program Files (x86)\Seznam.cz\distribution\install" MD5: D0F5D99C74D568EB9909C7582A775DC7)

xcopy.exe (PID: 7720 cmdline: xcopy /S /Y /G /I ".\install\*.*" "C:\Program Files (x86)\Seznam.cz\distribution\install" MD5: 7E9B7CE496D09F70C072930940F9F02C)

REG.EXE (PID: 7820 cmdline: REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /f /v "seznam-listicka-distribuce" /d "\"C:\Program Files (x86)\Seznam.cz\distribution\szninstall.exe\" -s -d listicka 1 szn-software-listicka cz.seznam.software.autoupdate" MD5: F0C0D05727A4E1E91F4347C2270500AA)

sznsetup.exe (PID: 2180 cmdline: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe -V MD5: D0F5D99C74D568EB9909C7582A775DC7)

conhost.exe (PID: 1172 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

Picasa3.exe (PID: 6516 cmdline: "C:\Program Files (x86)\Google\Picasa3\Picasa3.exe" MD5: 6AD50A491F52B1CBECE23B603037FBDF)

PicasaPhotoViewer.exe (PID: 3496 cmdline: /config MD5: 69B20702DEBC005CD1DA0906B4A3C4F5)

iexplore.exe (PID: 3720 cmdline: "C:\Program Files\Internet Explorer\iexplore.exe" -nohome "http://picasa.google.com/support/bin/answer.py?hl=en&answer=93773" MD5: CFE2E6942AC1B72981B3105E22D3224E)

iexplore.exe (PID: 3184 cmdline: "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3720 CREDAT:9474 /prefetch:2 MD5: 6F0F06D6AB125A99E43335427066A4A1)

ie_to_edge_stub.exe (PID: 2188 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe" --from-ie-to-edge=3 --ie-frame-hwnd=602e8 MD5: 89CF8972D683795DAB6901BC9456675D)

ssvagent.exe (PID: 3068 cmdline: "C:\PROGRA~2\Java\jre-1.8\bin\ssvagent.exe" -new MD5: F9A898A606E7F5A1CD7CFFA8079253A0)

sznpp.exe (PID: 3196 cmdline: "C:\Users\user\AppData\Roaming\Seznam.cz\bin\sznpp.exe" install-chrome retry MD5: 62DF7B2F443CBB0284CB7959AD2228C1)

conhost.exe (PID: 3920 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

sznpp_64.exe (PID: 2272 cmdline: "C:\Users\user\AppData\Roaming\Seznam.cz\bin\sznpp.exe" install-chrome retry MD5: B601F631582DD8D062C306CEB3B7500B)

chrome.exe (PID: 7384 cmdline: chrome.exe --no-default-browser-check --new-window about:blank MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 7328 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2216 --field-trial-handle=1932,i,14273124409084968856,4101485093560783332,262144 /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 3828 cmdline: chrome.exe --no-default-browser-check --new-window about:blank MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

listicka-x64.exe (PID: 1940 cmdline: "C:\Users\user\AppData\Roaming\Seznam.cz\bin\listicka-x64.exe" MD5: D893A7276D60FD252EAFFE6E91AAC434)

conhost.exe (PID: 6164 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

sznpp.exe (PID: 5768 cmdline: "C:\Users\user\AppData\Roaming\Seznam.cz\bin\sznpp.exe" report-startup MD5: 62DF7B2F443CBB0284CB7959AD2228C1)

ie_to_edge_stub.exe (PID: 2280 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe" --from-ie-to-edge=3 --ie-frame-hwnd=602e8 MD5: 89CF8972D683795DAB6901BC9456675D)

msedge.exe (PID: 2064 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --from-ie-to-edge=3 --ie-frame-hwnd=602e8 MD5: 69222B8101B0601CC6663F8381E7E00F)

msedge.exe (PID: 4912 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2244 --field-trial-handle=2004,i,1639013666010223883,15040558206664522354,262144 /prefetch:3 MD5: 69222B8101B0601CC6663F8381E7E00F)

msedge.exe (PID: 2756 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=1724 --field-trial-handle=2004,i,1639013666010223883,15040558206664522354,262144 /prefetch:8 MD5: 69222B8101B0601CC6663F8381E7E00F)

msedge.exe (PID: 6524 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.ProfileImport --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=6596 --field-trial-handle=2004,i,1639013666010223883,15040558206664522354,262144 /prefetch:8 MD5: 69222B8101B0601CC6663F8381E7E00F)

cookie_exporter.exe (PID: 3648 cmdline: cookie_exporter.exe --cookie-json=1188 MD5: 3DD7152D6D33725EA5958D7DE2586B97)

msedge.exe (PID: 6532 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=3720 --field-trial-handle=2004,i,1639013666010223883,15040558206664522354,262144 /prefetch:8 MD5: 69222B8101B0601CC6663F8381E7E00F)

msedge.exe (PID: 8112 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-GB --service-sandbox-type=audio --mojo-platform-channel-handle=4984 --field-trial-handle=2004,i,1639013666010223883,15040558206664522354,262144 /prefetch:8 MD5: 69222B8101B0601CC6663F8381E7E00F)

msedge.exe (PID: 456 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-GB --service-sandbox-type=search_indexer --message-loop-type-ui --mojo-platform-channel-handle=6084 --field-trial-handle=2004,i,1639013666010223883,15040558206664522354,262144 /prefetch:8 MD5: 69222B8101B0601CC6663F8381E7E00F)

ssvagent.exe (PID: 3652 cmdline: "C:\PROGRA~2\Java\jre-1.8\bin\ssvagent.exe" -new MD5: F9A898A606E7F5A1CD7CFFA8079253A0)

iexplore.exe (PID: 7244 cmdline: "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3720 CREDAT:202066 /prefetch:2 MD5: 6F0F06D6AB125A99E43335427066A4A1)

cleanup

Sigma Signatures

System Summary

Sigma detected: Common Autorun Keys Modification

Source: Registry Key set

Author: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split), wagga (name): Data: Details: , EventID: 13, EventType: SetValue, Image: C:\Windows\SysWOW64\GPhotos.scr, ProcessId: 5508, TargetObject: HKEY_USERS.DEFAULT\Control Panel\Desktop\SCRNSAVE.EXE

Sigma detected: CurrentVersion Autorun Keys Modification

Source: Registry Key set

Author: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: "C:\Users\user\AppData\Roaming\Seznam.cz\szninstall.exe" -c, EventID: 13, EventType: SetValue, Image: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\REG.EXE, ProcessId: 7404, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cz.seznam.software.autoupdate

Sigma detected: Direct Autorun Keys Modification

Source: Process started

Author: Victor Sergeev, Daniil Yugoslavskiy, oscd.community: Data: Command: REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /f /v "cz.seznam.software.autoupdate" /d "\"C:\Users\user\AppData\Roaming\Seznam.cz\szninstall.exe\" -c", CommandLine: REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /f /v "cz.seznam.software.autoupdate" /d "\"C:\Users\user\AppData\Roaming\Seznam.cz\szninstall.exe\" -c", CommandLine|base64offset|contains: DA, Image: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\REG.EXE, NewProcessName: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\REG.EXE, OriginalFileName: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\REG.EXE, ParentCommandLine: cmd /S /C "install.bat C:\Users\user\AppData\Roaming\Seznam.cz", ParentImage: C:\Windows\SysWOW64\cmd.exe, ParentProcessId: 4956, ParentProcessName: cmd.exe, ProcessCommandLine: REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /f /v "cz.seznam.software.autoupdate" /d "\"C:\Users\user\AppData\Roaming\Seznam.cz\szninstall.exe\" -c", ProcessId: 7404, ProcessName: REG.EXE

Sigma detected: Potential Persistence Attempt Via Run Keys Using Reg.EXE

Source: Process started

Author: Florian Roth (Nextron Systems): Data: Command: REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /f /v "cz.seznam.software.autoupdate" /d "\"C:\Users\user\AppData\Roaming\Seznam.cz\szninstall.exe\" -c", CommandLine: REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /f /v "cz.seznam.software.autoupdate" /d "\"C:\Users\user\AppData\Roaming\Seznam.cz\szninstall.exe\" -c", CommandLine|base64offset|contains: DA, Image: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\REG.EXE, NewProcessName: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\REG.EXE, OriginalFileName: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\REG.EXE, ParentCommandLine: cmd /S /C "install.bat C:\Users\user\AppData\Roaming\Seznam.cz", ParentImage: C:\Windows\SysWOW64\cmd.exe, ParentProcessId: 4956, ParentProcessName: cmd.exe, ProcessCommandLine: REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /f /v "cz.seznam.software.autoupdate" /d "\"C:\Users\user\AppData\Roaming\Seznam.cz\szninstall.exe\" -c", ProcessId: 7404, ProcessName: REG.EXE

Sigma detected: Suspicious Screensaver Binary File Creation

Source: File created

Author: frack113: Data: EventID: 11, Image: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe, ProcessId: 6028, TargetFilename: C:\Windows\SysWOW64\GPhotos.scr

Sigma detected: Use Short Name Path in Command Line

Source: Process started

Author: frack113, Nasreddine Bencherchali: Data: Command: "C:\PROGRA~2\Java\jre-1.8\bin\ssvagent.exe" -new, CommandLine: "C:\PROGRA~2\Java\jre-1.8\bin\ssvagent.exe" -new, CommandLine|base64offset|contains: w, Image: C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe, NewProcessName: C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe, OriginalFileName: C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe, ParentCommandLine: "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3720 CREDAT:9474 /prefetch:2, ParentImage: C:\Program Files (x86)\Internet Explorer\iexplore.exe, ParentProcessId: 3184, ParentProcessName: iexplore.exe, ProcessCommandLine: "C:\PROGRA~2\Java\jre-1.8\bin\ssvagent.exe" -new, ProcessId: 3068, ProcessName: ssvagent.exe

Sigma detected: Modification of IE Registry Settings

Source: Registry Key set

Author: frack113: Data: Details: 1, EventID: 13, EventType: SetValue, Image: C:\Program Files\Internet Explorer\iexplore.exe, ProcessId: 3720, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\SecuritySafe

Suricata Signatures

ETPRO MALWARE Common Downloader Header Pattern H

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-02T12:16:22.113361+0200	2803305	3	Unknown Traffic	192.168.2.16	49707	77.75.76.70	80	TCP
2024-10-02T12:16:23.980004+0200	2803305	3	Unknown Traffic	192.168.2.16	49707	77.75.76.70	80	TCP
2024-10-02T12:16:26.673684+0200	2803305	3	Unknown Traffic	192.168.2.16	49707	77.75.76.70	80	TCP
2024-10-02T12:16:35.593694+0200	2803305	3	Unknown Traffic	192.168.2.16	49765	77.75.76.70	80	TCP
2024-10-02T12:16:37.099132+0200	2803305	3	Unknown Traffic	192.168.2.16	49765	77.75.76.70	80	TCP
2024-10-02T12:16:38.974886+0200	2803305	3	Unknown Traffic	192.168.2.16	49765	77.75.76.70	80	TCP
2024-10-02T12:16:41.372917+0200	2803305	3	Unknown Traffic	192.168.2.16	49765	77.75.76.70	80	TCP
2024-10-02T12:16:43.050976+0200	2803305	3	Unknown Traffic	192.168.2.16	49765	77.75.76.70	80	TCP
2024-10-02T12:16:46.292462+0200	2803305	3	Unknown Traffic	192.168.2.16	49765	77.75.76.70	80	TCP
2024-10-02T12:16:48.599342+0200	2803305	3	Unknown Traffic	192.168.2.16	49765	77.75.76.70	80	TCP
2024-10-02T12:16:49.917865+0200	2803305	3	Unknown Traffic	192.168.2.16	49765	77.75.76.70	80	TCP
2024-10-02T12:17:04.630823+0200	2803305	3	Unknown Traffic	192.168.2.16	49960	77.75.78.30	443	TCP
2024-10-02T12:17:08.501285+0200	2803305	3	Unknown Traffic	192.168.2.16	49966	77.75.78.30	443	TCP
2024-10-02T12:17:10.907798+0200	2803305	3	Unknown Traffic	192.168.2.16	49969	77.75.78.30	443	TCP
2024-10-02T12:17:12.823071+0200	2803305	3	Unknown Traffic	192.168.2.16	49972	77.75.78.30	443	TCP
2024-10-02T12:17:21.078549+0200	2803305	3	Unknown Traffic	192.168.2.16	49981	77.75.78.30	443	TCP
2024-10-02T12:17:27.273153+0200	2803305	3	Unknown Traffic	192.168.2.16	49996	77.75.78.30	443	TCP

ETPRO MALWARE Common Downloader Header Pattern UH

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-02T12:16:36.357307+0200	2803274	2	Potentially Bad Traffic	192.168.2.16	49775	172.217.23.110	443	TCP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_04819970 CryptAcquireContextA,CryptAcquireContextA,GetLastError,CryptAcquireContextA,CryptCreateHash,CryptHashData,CryptDeriveKey,CryptEncrypt,CryptEncrypt,_strncpy,CryptEncrypt,CryptReleaseContext,InterlockedIncrement,	20_2_04819970
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_04819BA0 CryptAcquireContextA,CryptAcquireContextA,GetLastError,CryptAcquireContextA,CryptCreateHash,CryptHashData,CryptDeriveKey,CryptDecrypt,CryptReleaseContext,	20_2_04819BA0
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_047E7BC0 CryptEncrypt,InterlockedIncrement,	20_2_047E7BC0

Source: https://support.google.com/picasa/answer/6383491?hl=en&visit_id=638634609885905976-1351747924&rd=3

HTTP Parser: No favicon

Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe

Window detected: I AgreeCancelNullsoft Install System v3.0b1 Nullsoft Install System v3.0b1License AgreementPlease review the license terms before installing Picasa 3By using Picasa 3 you agree to the Google Terms of Service and Privacy Policy.Terms of ServicePrivacy Policy

Source: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\REG.EXE

Registry value created: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SeznamInstall

Source: C:\Users\user\AppData\Roaming\Seznam.cz\szninstall.exe	File created: C:\Users\user\AppData\Roaming\Seznam.cz\install.log.5868.log
Source: C:\Users\user\AppData\Roaming\Seznam.cz\szninstall.exe	File created: C:\Users\user\AppData\Roaming\Seznam.cz\install.log
Source: C:\Windows\SysWOW64\cmd.exe	File created: C:\Users\user\AppData\Roaming\Seznam.cz\install_packages.log

Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe

File opened: C:\Users\user\AppData\Local\Temp\~006AD463.00000DD4.sznpkg\msvcr100.dll

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49702 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49704 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.75.76.70:443 -> 192.168.2.16:49708 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.217.23.110:443 -> 192.168.2.16:49716 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.217.23.110:443 -> 192.168.2.16:49715 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 142.250.186.65:443 -> 192.168.2.16:49736 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 142.250.186.65:443 -> 192.168.2.16:49737 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 142.250.185.174:443 -> 192.168.2.16:49755 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 142.250.185.174:443 -> 192.168.2.16:49754 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.217.23.110:443 -> 192.168.2.16:49772 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.217.23.110:443 -> 192.168.2.16:49773 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.217.23.110:443 -> 192.168.2.16:49775 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.75.76.70:443 -> 192.168.2.16:49776 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.190.159.64:443 -> 192.168.2.16:49926 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.75.78.30:443 -> 192.168.2.16:49960 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.75.78.30:443 -> 192.168.2.16:49966 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.75.78.30:443 -> 192.168.2.16:49969 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.75.78.30:443 -> 192.168.2.16:49972 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.75.78.30:443 -> 192.168.2.16:49981 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.75.78.30:443 -> 192.168.2.16:49996 version: TLS 1.2

Source:	Binary string: C:\Users\ondrej.novak\Documents\Visual Studio 2008\Projects\software-trunk\SeznamInstall\bin\debug\sznsetup-lt.pdbPV source: sznsetup-lt.exe, 00000017.00000000.1729394687.000000000052B000.00000002.00000001.01000000.0000001F.sdmp
Source:	Binary string: C:\Repository\listicka\ielisticka_new\bin-Release\pdb\listicka-x64.pdb source: UNZIP.EXE, 00000081.00000002.2178378406.0000000000428000.00000040.00000001.01000000.00000026.sdmp, CPY.EXE, 00000086.00000002.2185910879.000000000075A000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \plugins\CDVDR\*.pdb source: setuppicasa39-setup.exe, 00000010.00000003.1659418312.000000000067F000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \plugins\expwebsites\*.pdb source: setuppicasa39-setup.exe, 00000010.00000003.1659418312.000000000067F000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: p:\d\a\wpyh4-vm-6.hot\recipes\840394494\base\googleclient\picasa39-stable\build\Picasa3.pdb source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp
Source:	Binary string: C:\playground\repos\listicka\sznpp\bin\symbols\Release_x86\sznpp_dll.pdb source: UNZIP.EXE, 0000005D.00000002.2105385323.0000000000428000.00000040.00000001.01000000.00000026.sdmp, CPY.EXE, 00000064.00000002.2115643669.0000000000ECA000.00000004.00000020.00020000.00000000.sdmp, sznpp.exe, 0000007C.00000000.2152804918.0000000000BFB000.00000002.00000001.01000000.0000002C.sdmp
Source:	Binary string: msvcp110.i386.pdb source: szndesktop.exe, szndesktop.exe, 00000087.00000002.2193190667.000000006C0E1000.00000020.00000001.01000000.0000002E.sdmp
Source:	Binary string: C:\Users\ondrej.novak\Documents\Visual Studio 2008\Projects\software-trunk\SeznamInstall\bin\debug\sznsetup.pdb source: sznsetup.exe, 00000039.00000000.1850844929.0000000000F0C000.00000002.00000001.01000000.00000023.sdmp
Source:	Binary string: msvcr110.i386.pdb source: UNZIP.EXE, 00000052.00000002.2089014833.0000000000428000.00000040.00000001.01000000.00000026.sdmp, CPY.EXE, 00000057.00000002.2096863979.0000000000B3A000.00000004.00000020.00020000.00000000.sdmp, szndesktop.exe, szndesktop.exe, 00000087.00000002.2195197650.000000006C221000.00000020.00000001.01000000.0000002B.sdmp
Source:	Binary string: C:\playground\repos\listicka\sznpp\bin\symbols\Release_x64\sznpp_64.pdb source: sznpp.exe, 0000007C.00000000.2152804918.0000000000B52000.00000002.00000001.01000000.0000002C.sdmp
Source:	Binary string: PhotoViewer.pdbGCTL source: PicasaPhotoViewer.exe, 00000015.00000003.1748748621.0000000003DBE000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\playground\repos\listicka\sznpp\bin\symbols\Release_x86\sznpp.pdb source: sznpp.exe, 0000007C.00000000.2152425887.0000000000B0C000.00000002.00000001.01000000.0000002C.sdmp
Source:	Binary string: C:\playground\repos\listicka\sznpp\bin\symbols\Release_x86\sznpp.pdb- source: sznpp.exe, 0000007C.00000000.2152425887.0000000000B0C000.00000002.00000001.01000000.0000002C.sdmp
Source:	Binary string: p:\d\a\wpyh4-vm-6.hot\recipes\840394494\base\googleclient\picasa39-stable\build\PicasaPhotoViewer.pdb source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000031AA000.00000004.00000020.00020000.00000000.sdmp, PicasaPhotoViewer.exe, 00000015.00000000.1692209976.000000000070D000.00000002.00000001.01000000.00000019.sdmp
Source:	Binary string: p:\d\a\wpyh4-vm-6.hot\recipes\840394494\base\googleclient\picasa39-stable\build\cdautorun\PicasaCD.pdb source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.0000000004419000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: mi_exe_stub.pdb@;AL source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000029F6000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: p:\d\a\wpyh4-vm-6.hot\recipes\840394494\base\googleclient\picasa39-stable\build\plugins\CDVDR\CDVDR.pdb source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.0000000003831000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2497615129.00000000033F3000.00000002.00000001.01000000.00000015.sdmp
Source:	Binary string: p:\d\a\wpyh4-vm-6.hot\recipes\840394494\base\googleclient\picasa39-stable\build\npPicasa3.pdb source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.0000000002E88000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: d:\Development\googleclient\picasa4\build\plugins\Red.pdb source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.0000000003FAE000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Repository\listicka\ielisticka_new\bin-Release\pdb\szndesktop.pdb source: CPY.EXE, 00000061.00000002.2108099884.0000000000E09000.00000004.00000020.00020000.00000000.sdmp, szndesktop.exe, 00000087.00000000.2188348792.0000000000875000.00000002.00000001.01000000.0000002D.sdmp
Source:	Binary string: p:\d\a\wpyh4-vm-6.hot\recipes\840394494\base\googleclient\picasa39-stable\build\plugins\expwebsites\expwebsites.pdb source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.0000000003DA5000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2533437740.000000000488F000.00000002.00000001.01000000.00000016.sdmp
Source:	Binary string: C:\Users\ondrej.novak\Documents\Visual Studio 2008\Projects\software-trunk\SeznamInstall\bin\debug\sznsetup-lt.pdb source: listicka.exe, 00000016.00000002.2443085483.00000000029E3000.00000004.00000020.00020000.00000000.sdmp, sznsetup-lt.exe, 00000017.00000000.1729394687.000000000052B000.00000002.00000001.01000000.0000001F.sdmp
Source:	Binary string: C:\playground\repos\listicka\sznpp\bin\symbols\Release_x64\sznpp_dll.pdb source: CPY.EXE, 00000064.00000002.2115643669.0000000000ECA000.00000004.00000020.00020000.00000000.sdmp, sznpp.exe, 0000007C.00000000.2152804918.0000000000BFB000.00000002.00000001.01000000.0000002C.sdmp
Source:	Binary string: C:\playground\repos\listicka\sznpp\bin\symbols\Release_x64\sznpp_64.pdb( source: sznpp.exe, 0000007C.00000000.2152804918.0000000000B52000.00000002.00000001.01000000.0000002C.sdmp
Source:	Binary string: p:\d\a\wpyh4-vm-6.hot\recipes\840394494\base\googleclient\picasa39-stable\build\GPhotos.pdb source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000035FF000.00000004.00000020.00020000.00000000.sdmp, GPhotos.scr, 00000011.00000000.1542724484.000000000062E000.00000002.00000001.01000000.0000000F.sdmp
Source:	Binary string: C:\Repository\listicka\ielisticka_new\bin-Release\pdb\szndesktop.pdb44 source: CPY.EXE, 00000061.00000002.2108099884.0000000000E09000.00000004.00000020.00020000.00000000.sdmp, szndesktop.exe, 00000087.00000000.2188348792.0000000000875000.00000002.00000001.01000000.0000002D.sdmp
Source:	Binary string: C:\Repository\listicka-new\ielisticka_new\bin-Release\pdb\lightspeed.pdb source: CPY.EXE, 0000005C.00000002.2102179386.0000000000B00000.00000004.00000020.00020000.00000000.sdmp, szndesktop.exe, 00000087.00000002.2198970614.000000006C384000.00000002.00000001.01000000.0000002A.sdmp
Source:	Binary string: p:\d\a\wpyh4-vm-6.hot\recipes\840394494\base\googleclient\picasa39-stable\build\plugins\ytITivo.pdb source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.0000000003F3F000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2504208079.0000000004079000.00000002.00000001.01000000.00000017.sdmp
Source:	Binary string: C:\Repository\listicka-new\ielisticka_new\bin-Release\pdb\lightspeed.pdbQQ source: CPY.EXE, 0000005C.00000002.2102179386.0000000000B00000.00000004.00000020.00020000.00000000.sdmp, szndesktop.exe, 00000087.00000002.2198970614.000000006C384000.00000002.00000001.01000000.0000002A.sdmp
Source:	Binary string: p:\d\a\wpyh4-vm-6.hot\recipes\840394494\base\googleclient\picasa39-stable\build\cdautorun\PicasaRestore.pdb source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.000000000459F000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Repository\listicka\ielisticka_new\bin-Release\pdb\libfoxloader.pdb source: UNZIP.EXE, 0000007D.00000002.2173171240.000000000042B000.00000040.00000001.01000000.00000026.sdmp, szndesktop.exe, 00000087.00000002.2200176289.000000006C489000.00000002.00000001.01000000.0000002F.sdmp
Source:	Binary string: Rg.pdbH source: listicka.exe, 00000016.00000002.2443085483.00000000029E3000.00000004.00000020.00020000.00000000.sdmp, sznsetup-lt.exe, 00000017.00000000.1730049584.0000000000571000.00000002.00000001.01000000.0000001F.sdmp, REG.EXE, 0000002A.00000000.1818569837.0000000001000000.00000002.00000001.01000000.00000021.sdmp, REG.EXE, 0000002A.00000000.1818621571.0000000001018000.00000080.00000001.01000000.00000021.sdmp, REG.EXE, 0000002A.00000002.1819878005.0000000001000000.00000002.00000001.01000000.00000021.sdmp, sznsetup.exe, 00000039.00000000.1851570101.0000000000F52000.00000002.00000001.01000000.00000023.sdmp
Source:	Binary string: C:\Users\petr.slivon\Documents\Visual Studio 2012\Projects\listicka-trunk\ielisticka_new\bin-Release\pdb\wszndesktop.pdb source: UNZIP.EXE, 00000066.00000002.2120076164.0000000000428000.00000040.00000001.01000000.00000026.sdmp, CPY.EXE, 0000006A.00000002.2122729835.0000000000629000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: msvcp110.i386.pdb0 source: szndesktop.exe, 00000087.00000002.2193190667.000000006C0E1000.00000020.00000001.01000000.0000002E.sdmp
Source:	Binary string: C:\Repository\listicka\ielisticka_new\bin-Release\pdb\listicka-x64.pdbhh source: UNZIP.EXE, 00000081.00000002.2178378406.0000000000428000.00000040.00000001.01000000.00000026.sdmp, CPY.EXE, 00000086.00000002.2185910879.000000000075A000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Repository\listicka\ielisticka_new\bin-Release\pdb\libfoxloader.pdb~{ source: UNZIP.EXE, 0000007D.00000002.2173171240.000000000042B000.00000040.00000001.01000000.00000026.sdmp, szndesktop.exe, 00000087.00000002.2200176289.000000006C489000.00000002.00000001.01000000.0000002F.sdmp
Source:	Binary string: C:\Users\ondrej.novak\Documents\Visual Studio 2008\Projects\software-trunk\SeznamInstall\bin\debug\szninstall.pdb source: szninstall.exe, 00000038.00000000.1847499306.0000000000571000.00000002.00000001.01000000.00000022.sdmp
Source:	Binary string: reg.pdb source: REG.EXE, REG.EXE, 0000002A.00000002.1819912483.0000000001001000.00000040.00000001.01000000.00000021.sdmp
Source:	Binary string: mi_exe_stub.pdb source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000029F6000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: PhotoViewer.pdb source: PicasaPhotoViewer.exe, 00000015.00000003.1748748621.0000000003DBE000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: d:\twbrown-picasa-1\googleclient\picasa4\NSIS_Unicode_v3\Plugins\x86-unicode\NSIS_Picasa_Unicode.pdb source: setuppicasa39-setup.exe, 00000010.00000002.1704699696.0000000004CA3000.00000002.00000001.01000000.0000000C.sdmp
Source:	Binary string: C:\Users\ondrej.novak\Documents\Visual Studio 2008\Projects\software-trunk\SeznamInstall\bin\debug\sznsetup-lt.pdbPP source: listicka.exe, 00000016.00000002.2443085483.00000000029E3000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: p:\d\a\wpyh4-vm-6.hot\recipes\840394494\base\googleclient\picasa39-stable\build\Picasa3i18n.pdb source: Picasa3.exe, 00000014.00000002.2599698862.0000000010008000.00000002.00000001.01000000.00000014.sdmp
Source:	Binary string: C:\Users\ondrej.novak\Documents\Visual Studio 2008\Projects\software-trunk\SeznamInstall\bin\debug\sznsetup.pdb` source: sznsetup.exe, 00000039.00000000.1850844929.0000000000F0C000.00000002.00000001.01000000.00000023.sdmp
Source:	Binary string: p:\d\a\wpyh4-vm-6.hot\recipes\840394494\base\googleclient\picasa39-stable\build\cdautorun\PicasaCD.pdblpW source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.0000000004419000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\ondrej.novak\Documents\Visual Studio 2008\Projects\software-trunk\SeznamInstall\bin\debug\szninstall.pdb0Z source: szninstall.exe, 00000038.00000000.1847499306.0000000000571000.00000002.00000001.01000000.00000022.sdmp

Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	Binary or memory string: autorun.inf
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	Binary or memory string: VATAPIytICDVDR::ATAPISCSIytICDVDR::SCSI1394ytICDVDR::1394USBytICDVDR::USBUSB 2.0ytICDVDR::USB2.0Unknown typeytICDVDR::UnknownTypeCD-ROMytICDVDR::CD-ROMCD-RytICDVDR::CD-RCD-RWytICDVDR::CD-RWDVD-ROMytICDVDR::DVD-ROMDVD-RytICDVDR::DVD-RDVD-RWytICDVDR::DVD-RWDVD+RytICDVDR::DVD+RDVD+RWytICDVDR::DVD+RWDVD-RAMytICDVDR::DVD-RAMDVD+R DLytICDVDR::DVD+PR9Not Recordable DiscytICDVDR::MTNotRecRecordable DiscytICDVDR::MTRecIncompatible Recordable DiscytICDVDR::MTNotRecIncomBlank Recordable DiscytICDVDR::MTBlankUnknownytICDVDR::MTUnknownBlank DiscytICDVDR::MF1Data Mode 1 DAO (like the MSVC++ or a typical DOS game)ytICDVDR::MF2vKodak Photo CD - Data multis. Mode 2 TAOytICDVDR::MF3Gold Data Mode 1 - Data multis. Mode 1, closedytICDVDR::MF4Gold Data Mode 2 - Data multis. Mode 2, closedytICDVDR::MF5Data Mode 2 DAO (silver mastered from Corel or Toast gold)ytICDVDR::MF6CDRFS - Fixed packet (from Sony packet writing solution)ytICDVDR::MF7Packet writingytICDVDR::MF8Gold Data Mode 1 - Data multis. Mode 1, openytICDVDR::MF9Gold Data Mode 2 - Data multis. Mode 2, openytICDVDR::MF10Audio DAO Silver, like almost any music disc, or Closed GoldytICDVDR::MF11Audio Gold disc not closed (TAO or SAO)ytICDVDR::MF12First type of Enhanced CD (aborted)ytICDVDR::MF13CD Extra, Blue Book standardytICDVDR::MF14Audio TAO tracks with session not closed, the (HP way)ytICDVDR::MF15First track Data and other audioytICDVDR::MF16Gold TAO (like the ones made with Easy-CD 16 or 32 versions)ytICDVDR::MF17Kodak Portfolio (as the Kodak standard)ytICDVDR::MF18Video CD (as the White Book standard)ytICDVDR::MF19CD-i (as the Green Book standard)ytICDVDR::MF20PlayStation (Sony games)ytICDVDR::MF21ytICDVDR::MF22Recordable DVD-R, closedytICDVDR::MF23Recordable DVD-R, openytICDVDR::MF24DVD-RAM cartridgeytICDVDR::MF25OtherytICDVDR::MFOthershell32.dlloption_imagesizelimitoption_jpegqualityoption_thumbsizeoption_useorigoption_backupoption_createhtmloption_estimateoption_inifileoption_manifestoption_manifestcaptionsoption_manifestfiletimesoption_convertnonjpegoption_preservemoviesoption_noautoruninfoption_isuploadautorun.infd:\cdtemp\temp.isoPicasa CDprimoICDVDRDVDBurnBurnTempCannot create disc due to error when attempting to add folder '%s'.BurnCollection::CantAddFolderCannot create disc due to error when attempting to add item '%s'.BurnCollection::CantAddItemVerifyingContinueil_BurnPanel::InsertNext::1Disc Burningil_BurnPanel::NextDialogTitlecdchooselastcddriveuseddrive%c:\ %s on %sil_CDevChooseDialogWinuploadallinstructionpanelpublish/uploadallactionsrectpublish/uploadalloptionsrectpublish/uploadallstoragerectpublish/replicate_button_grouppublish/backup_gopublish/replicate_gopublish/backup_ejectpublish/presentcd_ejectpublish/uploadallsizepublish/uploadallaccesspublish/uploadallsyncSHCreateQueryCancelAutoPlayMonikerpublish/needed_storagepublish/full_storagepublish/final_storagethis removalil_BurnPanel::removalthis changeil_BurnPanel::changethis uploadil_BurnPanel::uploadCalculating...il_BurnPanel::calculatin
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	Binary or memory string: [autorun]
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	Binary or memory string: \autorun.inf
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	Binary or memory string: option_copysrctotempdestnone[autorun]
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	Binary or memory string: \autorun.infCDPrep%s%s%s%s%s%s%s%d%s%s%s\%s\%s\%sThreadDestroyDirectory %sburndialogIUIManagerIFileDatabaseAlignedImageCollectionPreferences\Plugins\plugins/upload/

Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	Code function: 16_2_04C91B90 lstrcpyW,GlobalAlloc,FindFirstFileW,GetLastError,FindNextFileW,FindClose,	16_2_04C91B90
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	Code function: 16_2_04C91F30 lstrcpyW,FindFirstFileW,GetLastError,GetFileAttributesW,FindNextFileW,FindClose,	16_2_04C91F30
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_033BB710 MultiByteToWideChar,MultiByteToWideChar,MultiByteToWideChar,MultiByteToWideChar,_memset,FindFirstFileW,WideCharToMultiByte,WideCharToMultiByte,WideCharToMultiByte,	20_2_033BB710
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_033F0600 GetVersion,FindFirstFileExA,	20_2_033F0600
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_033F05C0 GetVersion,FindFirstFileA,	20_2_033F05C0
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_033BB850 MultiByteToWideChar,MultiByteToWideChar,MultiByteToWideChar,MultiByteToWideChar,_memset,FindFirstFileExW,WideCharToMultiByte,WideCharToMultiByte,WideCharToMultiByte,	20_2_033BB850
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_040386D0 MultiByteToWideChar,MultiByteToWideChar,MultiByteToWideChar,MultiByteToWideChar,_memset,FindFirstFileW,WideCharToMultiByte,WideCharToMultiByte,WideCharToMultiByte,	20_2_040386D0
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_04038810 MultiByteToWideChar,MultiByteToWideChar,MultiByteToWideChar,MultiByteToWideChar,_memset,FindFirstFileExW,WideCharToMultiByte,WideCharToMultiByte,WideCharToMultiByte,	20_2_04038810
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_04076930 GetVersion,FindFirstFileA,	20_2_04076930
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_04076970 GetVersion,FindFirstFileExA,	20_2_04076970
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_048336A0 MultiByteToWideChar,MultiByteToWideChar,MultiByteToWideChar,MultiByteToWideChar,_memset,FindFirstFileW,WideCharToMultiByte,WideCharToMultiByte,WideCharToMultiByte,	20_2_048336A0
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_048337E0 MultiByteToWideChar,MultiByteToWideChar,MultiByteToWideChar,MultiByteToWideChar,_memset,FindFirstFileExW,WideCharToMultiByte,WideCharToMultiByte,WideCharToMultiByte,	20_2_048337E0
Source: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\UNZIP.EXE	Code function: 38_2_0041C29C FindFirstFileA,GetDriveTypeA,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FindClose,GetLastError,FindClose,	38_2_0041C29C
Source: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\UNZIP.EXE	Code function: 38_2_004107A0 FindFirstFileA,	38_2_004107A0
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: 135_2_6C10D6BF ?_Open_dir@sys@tr2@std@@YAPAXPA_WPB_WAAHAAW4file_type@123@@Z,__EH_prolog3_GS,wcslen,FindFirstFileExW,std::tr2::sys::_Read_dir,FindClose,std::tr2::sys::_Strcpy,	135_2_6C10D6BF
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: 135_2_6C29AAA4 _wstat32i64,__doserrno,_errno,_invalid_parameter_noinfo,_wcspbrk,_errno,__doserrno,_errno,__doserrno,towlower,_getdrive,FindFirstFileExW,_wcspbrk,wcslen,GetDriveTypeW,free,___loctotime32_t,free,_wsopen_s,__fstat32i64,_close,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime32_t,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime32_t,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime32_t,FindClose,GetLastError,__dosmaperr,FindClose,GetLastError,__dosmaperr,FindClose,	135_2_6C29AAA4
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: 135_2_6C298B4F _findfirst64i32,_errno,_invalid_parameter_noinfo,FindFirstFileExA,GetLastError,_errno,_errno,_errno,___time64_t_from_ft,___time64_t_from_ft,___time64_t_from_ft,strcpy_s,_invoke_watson,_findnext64i32,_errno,_invalid_parameter_noinfo,FindNextFileA,GetLastError,_errno,_errno,_errno,___time64_t_from_ft,___time64_t_from_ft,___time64_t_from_ft,strcpy_s,_invoke_watson,_findfirst32i64,_errno,_invalid_parameter_noinfo,FindFirstFileExA,GetLastError,_errno,_errno,_errno,___time64_t_from_ft,___time64_t_from_ft,___time64_t_from_ft,strcpy_s,_invoke_watson,_findnext32i64,_errno,_invalid_parameter_noinfo,FindNextFileA,GetLastError,_errno,_errno,_errno,___time64_t_from_ft,___time64_t_from_ft,___time64_t_from_ft,strcpy_s,_invoke_watson,_seterrormode,SetErrorMode,	135_2_6C298B4F
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: 135_2_6C29A625 _wstat64,__doserrno,_errno,_invalid_parameter_noinfo,_wcspbrk,_errno,__doserrno,_errno,__doserrno,towlower,_getdrive,FindFirstFileExW,_wcspbrk,wcslen,GetDriveTypeW,free,free,_wsopen_s,__fstat64,_close,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FindClose,GetLastError,__dosmaperr,FindClose,GetLastError,__dosmaperr,FindClose,	135_2_6C29A625
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: 135_2_6C298653 _findfirst32,_errno,_invalid_parameter_noinfo,FindFirstFileExA,GetLastError,_errno,_errno,_errno,___time64_t_from_ft,___time64_t_from_ft,___time64_t_from_ft,strcpy_s,_invoke_watson,_findnext32,_errno,_invalid_parameter_noinfo,FindNextFileA,GetLastError,_errno,_errno,_errno,___time64_t_from_ft,___time64_t_from_ft,___time64_t_from_ft,strcpy_s,_invoke_watson,_findfirst64,_errno,_invalid_parameter_noinfo,FindFirstFileExA,GetLastError,_errno,_errno,_errno,___time64_t_from_ft,___time64_t_from_ft,___time64_t_from_ft,strcpy_s,_invoke_watson,_findnext64,_errno,_invalid_parameter_noinfo,FindNextFileA,GetLastError,_errno,_errno,_errno,___time64_t_from_ft,___time64_t_from_ft,___time64_t_from_ft,strcpy_s,_invoke_watson,	135_2_6C298653
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: 135_2_6C29A1C7 _wstat32,__doserrno,_errno,_invalid_parameter_noinfo,_wcspbrk,_errno,__doserrno,towlower,_getdrive,FindFirstFileExW,_wcspbrk,wcslen,GetDriveTypeW,free,___loctotime32_t,free,_wsopen_s,__fstat32,_close,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime32_t,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime32_t,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime32_t,FindClose,_errno,GetLastError,__dosmaperr,FindClose,GetLastError,__dosmaperr,FindClose,	135_2_6C29A1C7
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: 135_2_6C297921 _malloc_crt,FindClose,FindFirstFileExA,FindNextFileA,FindClose,	135_2_6C297921
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: 135_2_6C297B8B _malloc_crt,FindClose,FindFirstFileExW,FindNextFileW,FindClose,	135_2_6C297B8B
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: 135_2_6C2377AA _wstat64i32,_wcspbrk,towlower,FindFirstFileExW,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FindClose,_errno,__doserrno,_getdrive,GetLastError,GetLastError,_wcspbrk,wcslen,__doserrno,_errno,_invalid_parameter_noinfo,GetDriveTypeW,free,free,_wsopen_s,__fstat64i32,_close,_errno,__dosmaperr,FindClose,__dosmaperr,FindClose,	135_2_6C2377AA
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: 135_2_6C299002 _wfindfirst32,_errno,_invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_errno,_errno,_errno,___time64_t_from_ft,___time64_t_from_ft,___time64_t_from_ft,wcscpy_s,_invoke_watson,_wfindnext32,_errno,_invalid_parameter_noinfo,FindNextFileW,GetLastError,_errno,_errno,_errno,___time64_t_from_ft,___time64_t_from_ft,___time64_t_from_ft,wcscpy_s,_invoke_watson,_wfindfirst64,_errno,_invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_errno,_errno,_errno,___time64_t_from_ft,___time64_t_from_ft,___time64_t_from_ft,wcscpy_s,_invoke_watson,_wfindnext64,_errno,_invalid_parameter_noinfo,FindNextFileW,GetLastError,_errno,_errno,_errno,___time64_t_from_ft,___time64_t_from_ft,___time64_t_from_ft,wcscpy_s,_invoke_watson,_wfindfirst64i32,_errno,_invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_errno,_errno,_errno,___time64_t_from_ft,___time64_t_from_ft,___time64_t_from_ft,wcscpy_s,_invoke_watson,_wfindnext64i32,_errno,_invalid_parameter_noinfo,FindNextFileW,GetLastError,_errno,_errno,_errno,___time64_t_from_ft,___time64_t_from_ft,___time64_t_from_ft,wcscpy_s,_invoke_watson,_wfindfirst32i64,_errno,_invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_errno,_errno,_errno,___time64_t_from_ft,___time64_t_from_ft,___time64_t_from_ft,wcscpy_s,_invoke_watson,_wfindnext32i64,_errno,_invalid_parameter_noinfo,FindNextFileW,GetLastError,_errno,_errno,_errno,___time64_t_from_ft,___time64_t_from_ft,___time64_t_from_ft,wcscpy_s,_invoke_watson,_access,_access_s,	135_2_6C299002
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: 135_2_6C35DBA0 FindFirstFileW,#210,FindNextFileW,FindClose,	135_2_6C35DBA0
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: 135_2_6C35EB00 #210,DeleteFileW,GetLastError,_CxxThrowException,#210,MoveFileExW,GetLastError,_CxxThrowException,#210,MoveFileExW,GetLastError,_CxxThrowException,#210,FindFirstFileW,FindClose,CopyFileW,GetLastError,_CxxThrowException,	135_2_6C35EB00

Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	File opened: C:\Users\user	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	File opened: C:\Users\user\Desktop\desktop.ini	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	File opened: C:\Users\user\Documents\desktop.ini	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	File opened: C:\Users\user\AppData\Local\Temp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	File opened: C:\Users\user\AppData	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	File opened: C:\Users\user\AppData\Local	Jump to behavior

Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe

Process created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe

Networking

Queries Google from non browser process on port 80

Source: C:\Windows\SysWOW64\GPhotos.scr

HTTP traffic: GET /gphotos?action=install&hl=en&gl=ch&brand=GGLA&scrid=AD0E3D47-9B39-483F-83C6-9B8C783457F6&v=(null) HTTP/1.1 Accept: */* Accept-Encoding: gzip User-Agent: Google Photos Screensaver 2.0 (gzip) Host: pack.google.com Connection: Keep-Alive

Source: global traffic	HTTP traffic detected: GET /update/packages.inf HTTP/1.1Host: download.seznam.czConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /update/cz.seznam.software.sznsetup-1.2.7-win32.zip HTTP/1.1Host: download.seznam.czConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /update/cz.seznam.software.szninstall-1.1.15-win32.zip HTTP/1.1Host: download.seznam.czConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /update/packages.inf HTTP/1.1Host: download.seznam.czConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /update/cz.seznam.software.lightspeed-1210-12.10.18-win32.zip HTTP/1.1Host: download.seznam.czConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /update/cz.seznam.software.libszndesktop-2.1.35-win32.zip HTTP/1.1Host: download.seznam.czConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /update/cz.seznam.software.szndesktop-2.0.32-win32.zip HTTP/1.1Host: download.seznam.czConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /update/cz.seznam.software.libfoxcub-3.3.8-win32.zip HTTP/1.1Host: download.seznam.czConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /update/cz.seznam.software.libfoxcub64-3.3.8-win32.zip HTTP/1.1Host: download.seznam.czConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /update/cz.seznam.software.ielisticka3-3.3.5-win32.zip HTTP/1.1Host: download.seznam.czConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /update/szn-software-fflisticka-4.0.8-win32.zip HTTP/1.1Host: download.seznam.czConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /hit/?a=event&d=%7B%22application%22%3A%22szndesktop%22%2C%22signedhash%22%3A%220%22%2C%22action%22%3A%22install_ie%22%2C%22status%22%3A0%2C%22osbuild%22%3A19045%2C%22osarch%22%3A9%2C%22iever%22%3A%2211.00.19041.1%20%28WinBuild.160101.0800%29%22%7D&s=partprog&v=2.1.35&r=1218851696&u=http://www.seznam.cz&h=B0B7C794-8699-4634-B6F9-24DA47BBD8EF&lsid=1727870994840&lses=0 HTTP/1.1Host: h.imedia.cz
Source: global traffic	HTTP traffic detected: GET /hit/?a=event&d=%7B%22action%22%3A%22startup%22%2C%22application%22%3A%22szndesktop%22%2C%22signedhash%22%3A%220%22%2C%22chrv%22%3A16%2C%22che%22%3A16%2C%22chs%22%3A16%2C%22ches%22%3A16%2C%22ie%22%3A1%2C%22osbuild%22%3A19045%2C%22osarch%22%3A9%2C%22chver%22%3A%22117.0.5938.132%22%2C%22ffver%22%3A%22118.0.1%22%2C%22iever%22%3A%2211.00.19041.1%20%28WinBuild.160101.0800%29%22%7D&s=partprog&v=2.1.35&r=-442691421&u=http://www.seznam.cz&h=B0B7C794-8699-4634-B6F9-24DA47BBD8EF&lsid=1727870998589&lses=1727870994840 HTTP/1.1Host: h.imedia.cz
Source: global traffic	HTTP traffic detected: GET /hit/?a=event&d=%7B%22application%22%3A%22szndesktop%22%2C%22signedhash%22%3A%220%22%2C%22action%22%3A%22install_ff%22%2C%22status%22%3A0%2C%22osbuild%22%3A19045%2C%22osarch%22%3A9%2C%22ffver%22%3A%22118.0.1%22%7D&s=partprog&v=2.1.35&r=-845759909&u=http://www.seznam.cz&h=B0B7C794-8699-4634-B6F9-24DA47BBD8EF&lsid=1727871000747&lses=1727870998589 HTTP/1.1Host: h.imedia.cz
Source: global traffic	HTTP traffic detected: GET /hit/?a=event&d=%7B%22application%22%3A%22szndesktop%22%2C%22signedhash%22%3A%220%22%2C%22action%22%3A%22install_ff%22%2C%22status%22%3A0%2C%22osbuild%22%3A19045%2C%22osarch%22%3A9%2C%22ffver%22%3A%22118.0.1%22%7D&s=partprog&v=2.1.35&r=-1701293468&u=http://www.seznam.cz&h=B0B7C794-8699-4634-B6F9-24DA47BBD8EF&lsid=1727871002951&lses=1727871000747 HTTP/1.1Host: h.imedia.cz
Source: global traffic	HTTP traffic detected: GET /hit/?a=event&d=%7B%22action%22%3A%22startup%22%2C%22application%22%3A%22szndesktop%22%2C%22signedhash%22%3A%220%22%2C%22chrv%22%3A48%2C%22che%22%3A48%2C%22chs%22%3A16%2C%22ches%22%3A16%2C%22ie%22%3A1%2C%22osbuild%22%3A19045%2C%22osarch%22%3A9%2C%22chver%22%3A%22117.0.5938.132%22%2C%22ffver%22%3A%22118.0.1%22%2C%22iever%22%3A%2211.00.19041.1%20%28WinBuild.160101.0800%29%22%7D&s=partprog&v=2.1.35&r=-1794028113&u=http://www.seznam.cz&h=B0B7C794-8699-4634-B6F9-24DA47BBD8EF&lsid=1727871011238&lses=1727871002951 HTTP/1.1Host: h.imedia.cz
Source: global traffic	HTTP traffic detected: GET /hit/?a=event&d=%7B%22action%22%3A%22startup%22%2C%22application%22%3A%22szndesktop%22%2C%22signedhash%22%3A%220%22%2C%22chrv%22%3A56%2C%22che%22%3A48%2C%22chs%22%3A16%2C%22ches%22%3A16%2C%22ie%22%3A1%2C%22osbuild%22%3A19045%2C%22osarch%22%3A9%2C%22chver%22%3A%22117.0.5938.132%22%2C%22ffver%22%3A%22118.0.1%22%2C%22iever%22%3A%2211.00.19041.1%20%28WinBuild.160101.0800%29%22%7D&s=partprog&v=2.1.35&r=256494956&u=http://www.seznam.cz&h=B0B7C794-8699-4634-B6F9-24DA47BBD8EF&lsid=1727871017325&lses=1727871011238 HTTP/1.1Host: h.imedia.cz
Source: global traffic	HTTP traffic detected: GET /update/packages.inf HTTP/1.1Host: download.seznam.cz
Source: global traffic	HTTP traffic detected: GET /update/cz.seznam.software.sznsetup-1.2.7-win32.zip HTTP/1.1Host: download.seznam.cz
Source: global traffic	HTTP traffic detected: GET /update/cz.seznam.software.szninstall-1.1.15-win32.zip HTTP/1.1Host: download.seznam.cz
Source: global traffic	HTTP traffic detected: GET /update/packages.inf HTTP/1.1Host: download.seznam.cz
Source: global traffic	HTTP traffic detected: GET /update/cz.seznam.software.lightspeed-1210-12.10.18-win32.zip HTTP/1.1Host: download.seznam.cz
Source: global traffic	HTTP traffic detected: GET /update/cz.seznam.software.libszndesktop-2.1.35-win32.zip HTTP/1.1Host: download.seznam.cz
Source: global traffic	HTTP traffic detected: GET /update/cz.seznam.software.szndesktop-2.0.32-win32.zip HTTP/1.1Host: download.seznam.cz
Source: global traffic	HTTP traffic detected: GET /update/cz.seznam.software.libfoxcub-3.3.8-win32.zip HTTP/1.1Host: download.seznam.cz
Source: global traffic	HTTP traffic detected: GET /update/cz.seznam.software.libfoxcub64-3.3.8-win32.zip HTTP/1.1Host: download.seznam.cz
Source: global traffic	HTTP traffic detected: GET /update/cz.seznam.software.ielisticka3-3.3.5-win32.zip HTTP/1.1Host: download.seznam.cz
Source: global traffic	HTTP traffic detected: GET /update/szn-software-fflisticka-4.0.8-win32.zip HTTP/1.1Host: download.seznam.cz

Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.16:49707 -> 77.75.76.70:80
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.16:49765 -> 77.75.76.70:80
Source: Network traffic	Suricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.16:49775 -> 172.217.23.110:443
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.16:49969 -> 77.75.78.30:443
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.16:49972 -> 77.75.78.30:443
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.16:49966 -> 77.75.78.30:443
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.16:49960 -> 77.75.78.30:443
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.16:49981 -> 77.75.78.30:443
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.16:49996 -> 77.75.78.30:443

Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 23.200.0.9
Source: unknown	TCP traffic detected without corresponding DNS query: 23.200.0.9
Source: unknown	TCP traffic detected without corresponding DNS query: 23.200.0.9
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.40

Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe

Code function: 20_2_04829380 QueryPerformanceCounter,HttpEndRequestA,InternetSetStatusCallback,GetLastError,InternetReadFile,InternetReadFile,

20_2_04829380

Source: global traffic

HTTP traffic detected: HTTP/1.1 200 OKCross-Origin-Resource-Policy: cross-originContent-Encoding: gzipETag: W/"c0cf1b4023295e310be6a0c4867471a65178b3c614f7cf80069684d27704e64f"Date: Wed, 02 Oct 2024 10:16:27 GMTContent-Type: application/atom+xml; charset=UTF-8Server: blogger-renderdCache-Control: public, must-revalidate, proxy-revalidate, max-age=1Vary: Accept-EncodingExpires: Wed, 02 Oct 2024 10:16:28 GMTX-Content-Type-Options: nosniffX-XSS-Protection: 0Last-Modified: Wed, 28 Aug 2024 14:47:25 GMTContent-Length: 9776X-Frame-Options: SAMEORIGINData Raw: 1f 8b 08 00 00 00 00 00 00 03 ed 7d d9 72 db c8 d2 e6 7d 3f 05 da 27 e2 d8 1d 16 48 2c 04 37 cb 3e 23 c9 4b ab 6d d9 b2 2d b7 ed be e9 00 81 22 09 13 04 60 2c a2 e8 ab 7e 88 b9 99 88 7f 22 fe 98 47 f9 1f a5 9f 64 32 b3 0a 1b 09 6e 12 25 ca 6e 75 d8 6d 89 04 0a 59 59 55 99 5f ae d8 ff cf c5 d8 95 ce 59 18 39 be f7 f8 be 5a 53 ee 4b cc b3 7c db f1 06 8f ef 7f 38 7b 2e b7 ef ff e7 c9 3e 5e 25 47 f1 d4 65 d1 90 b1 58 1a 86 ac ff f8 de 30 8e 83 6e bd 3e 99 4c 6a 3d d7 1f 0c 58 58 b3 fc 71 9d 5f 57 37 63 7f 5c b3 a2 e8 9e 14 4f 03 f6 f8 5e cc 2e e2 3a fe 0e e3 f5 19 b3 25 18 d3 8b 1e df 2f 8c 32 d1 6b 7e 38 a8 6b 8a 62 d4 0f e0 f6 fb fc 9a ae 1f 30 ef 3d 33 43 6b 98 5d 6e 76 e8 59 72 3d 0a 98 55 c7 0b 22 ba 20 8c a2 3a cc a2 9e de 2a 08 cb ee 8b ac 21 1b 9b 51 6d e0 fb 03 97 d1 18 e2 12 7c 6c 3b bd 6d c0 7c 18 a9 44 1c ff 88 08 e4 3f 66 d7 da 19 2b 2a 46 e7 d3 b9 27 ae 8d 87 39 29 41 12 ba 34 5c 34 f5 6c c7 32 63 58 82 3a 5c c0 4c 1b a7 70 ff c9 be 63 3f 89 cd 41 b7 c0 dc 3d b5 d3 e9 d0 07 b2 da 30 9a 46 b3 d3 34 8c 56 bb a9 36 db ba d2 dc af c3 1d fb 49 60 9b 31 b3 9f 68 8a d6 90 95 b6 ac b5 cf 94 56 b7 d1 ea 6a 46 ad d3 69 cb f0 8b a2 ec d7 d3 cb f6 e1 c9 6c e0 87 53 29 66 e1 f8 f1 3d 33 89 7d fe dd bd fa 93 fd d8 89 5d c6 57 f0 3e ae e0 fd 27 67 43 26 9d 02 b9 91 29 e9 d2 3b 20 f6 84 ed d7 e9 b2 27 fb 51 d2 2b de 30 8c c7 2e 4c a3 9e 7e fc 64 df 75 bc 91 14 32 77 d9 7a 70 8e fd 0b f7 c8 7d 31 90 19 04 6e ca 21 dc 57 0f 81 9b f7 f9 2e cc b8 49 24 c9 c8 bd 31 a3 fd 18 05 7e 4c 03 e2 48 51 3d f0 a3 38 aa db ac 6f 26 6e 7c bf 5e a4 25 62 6e 7f 83 47 cd 6e 78 3e 7e c5 7a 2c 7b a6 e9 02 bb 3d e0 f2 fd 02 77 eb c4 b1 b5 27 56 1e 71 98 f4 66 6f 4d 7a c0 7a f8 bc 97 f4 6a 30 b1 d2 8d b0 ce 43 3f 7c b2 ef 99 63 f6 44 2c e8 19 33 c7 fb 75 fa 64 3f 09 9d 27 0b 26 1c 84 7e df 71 59 1d 0e 8c a6 ab ed 96 a1 aa 5a db 68 18 4a 53 d3 61 63 c1 8d fb b0 a8 8e fb c4 f3 43 16 b8 d3 ff 55 b8 79 bf ce bf da 1f d8 5d 67 6c 0e d8 9a db 21 1e 26 e3 9e 07 77 de 97 26 8e 1d 83 24 50 9b 30 5d e6 0c 86 31 ff 39 0a 2d 3e 4e 04 03 Data Ascii: }r}?'H,7>#Km-"`,~"Gd2n%numYYU_Y9ZSK|8{.>^%GeX0n>Lj=XXq_W7c\O^.:%/2k~8kb0=3Ck]nvYr=U" :*!Qm|l;m|D?f+*F'9)A4\4l2cX:\Lpc?A=0F4V6I`1hVjFi

Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C

Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /update/packages.inf HTTP/1.1Host: download.seznam.czConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /update/cz.seznam.software.sznsetup-1.2.7-win32.zip HTTP/1.1Host: download.seznam.czConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /update/cz.seznam.software.szninstall-1.1.15-win32.zip HTTP/1.1Host: download.seznam.czConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /picasa/answer/93773?hl=en HTTP/1.1Accept: text/html, application/xhtml+xml, image/jxr, /Accept-Language: en-CHUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateConnection: Keep-AliveHost: support.google.com
Source: global traffic	HTTP traffic detected: GET /picasa/answer/157000?hl=en&visit_id=638634609885905976-1351747924&rd=1 HTTP/1.1Accept: text/html, application/xhtml+xml, image/jxr, /Accept-Language: en-CHUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateConnection: Keep-AliveHost: support.google.com
Source: global traffic	HTTP traffic detected: GET /picasa/answer/156347?hl=en&visit_id=638634609885905976-1351747924&rd=2 HTTP/1.1Accept: text/html, application/xhtml+xml, image/jxr, /Accept-Language: en-CHUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateConnection: Keep-AliveHost: support.google.com
Source: global traffic	HTTP traffic detected: GET /picasa/answer/6383491?hl=en&visit_id=638634609885905976-1351747924&rd=3 HTTP/1.1Accept: text/html, application/xhtml+xml, image/jxr, /Accept-Language: en-CHUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateConnection: Keep-AliveHost: support.google.com
Source: global traffic	HTTP traffic detected: GET /crx/blobs/AY4GWKDHKllS27BO_e8bCnbax_jg8ytdTG4Uzua5Kte91Msonmjt9Ssh1u4j53F3UYy-997sHknkzKEy9994XId3zBBDiju_YSunzv5QYwyL8XEx9VuF26n3JIgkmCYaLzIAxlKa5UdUDZoPCHdwU63c7rFT0JUxfsWG/GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_82_1_0.crx HTTP/1.1Host: clients2.googleusercontent.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /euPTmjj_6KOIZQJEA6eBnNPDVsQh79w_GUOZOjxdi8mCA2a5YlFg95RYLD3X8aJkxB0u=w36-h36 HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/;q=0.8, /*;q=0.5Referer: https://support.google.com/picasa/answer/6383491?hl=en&visit_id=638634609885905976-1351747924&rd=3Accept-Language: en-CHUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: lh3.googleusercontent.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /_/scs/abc-static/_/js/k=gapi.gapi.en.SpvAvsXfWWo.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/am=AACA/rs=AHpOoo-MoqWi0fF1M09Ccs-6QfulXvxfdg/cb=gapi.loaded_0 HTTP/1.1Accept: application/javascript, /;q=0.8Referer: https://support.google.com/picasa/answer/6383491?hl=en&visit_id=638634609885905976-1351747924&rd=3Accept-Language: en-CHUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: apis.google.comConnection: Keep-AliveCookie: NID=517=m-X95JoeCPCfoIHtcSxsmDi2wuwakqGlxl54bZGUpbMC8a-isGAbpG2Na1kJthkxyJutWyJR96BInrx1gm8GqFOkcoEY6cxDpArB931-8AEywgrSdlj_NkfkwtkvrNVCdHigO3n64T5OJjG2D0NbQ4RfOIRTD2zql-Sl_sWD3ScVAutPLTLnrvnwfcdARGW7_nOeLc_Xx6R7hL6-4RWij2UVns3pTxlpxWQcdbV_SDnZauyMgzVrmQ
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Accept: /UA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: support.google.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /picasa/answer/favicon.ico HTTP/1.1User-Agent: AutoItHost: support.google.com
Source: global traffic	HTTP traffic detected: GET /update/packages.inf HTTP/1.1Host: download.seznam.czConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/domains_config_gz/2.8.76/asset?assetgroup=EntityExtractionDomainsConfig HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveEdge-Asset-Group: EntityExtractionDomainsConfigSec-Mesh-Client-Edge-Version: 117.0.2045.47Sec-Mesh-Client-Edge-Channel: stableSec-Mesh-Client-OS: WindowsSec-Mesh-Client-OS-Version: 10.0.19045Sec-Mesh-Client-Arch: x86_64Sec-Mesh-Client-WebView: 0Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /assets/edge_hub_apps_manifest_gz/4.7.107/asset?assetgroup=Shoreline HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveEdge-Asset-Group: ShorelineSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /edge/welcome?form=M10004&mb03=true HTTP/1.1Host: www.microsoft.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"sec-ch-ua-platform-version: "10.0.0"Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /fwlink/?linkid=2195291 HTTP/1.1Host: go.microsoft.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"sec-ch-ua-platform-version: "10.0.0"Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /update/cz.seznam.software.lightspeed-1210-12.10.18-win32.zip HTTP/1.1Host: download.seznam.czConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /edge/welcome?form=M10004&mb03=true HTTP/1.1Host: www.microsoft.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version: "117.0.2045.47"sec-ch-ua-arch: "x86"sec-ch-ua-bitness: "64"sec-ch-prefers-color-scheme: lightAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /en-gb/edge/welcome?form=M10004&mb03=true HTTP/1.1Host: www.microsoft.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-full-version: "117.0.2045.47"sec-ch-ua-arch: "x86"sec-ch-ua-platform: "Windows"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-bitness: "64"sec-ch-prefers-color-scheme: lightAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /update/cz.seznam.software.libszndesktop-2.1.35-win32.zip HTTP/1.1Host: download.seznam.czConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /shared/edgeweb/css/2e4b955.css HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/edgeweb/css/105d560.css HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/edgeweb/css/16d7f8e.css HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/edgeweb/css/ec09bb6.css HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/edgeweb/css/659e497.css HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/edgeweb/css/287b8b9.css HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/edgeweb/css/859decd.css HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/edgeweb/5b15c2a.js HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/edgeweb/24b82ee.js HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/edgeweb/1c2ab9a.js HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/edgeweb/f99a53a.js HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /update/cz.seznam.software.szndesktop-2.0.32-win32.zip HTTP/1.1Host: download.seznam.czConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /shared/edgeweb/6e93679.js HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/edgeweb/76250cb.js HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/edgeweb/9f3b99e.js HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/edgeweb/dd71a23.js HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/edgeweb/03948fb.js HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /update/cz.seznam.software.libfoxcub-3.3.8-win32.zip HTTP/1.1Host: download.seznam.czConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /shared/cms/lrs1c69a1j/logos/5a74283229e24d0ca59fb94ed941c3a0.png HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/edgeweb/fonts/segoeui-vf-display.5c8aa5a.woff2 HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.microsoft.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://edgestatic.azureedge.net/shared/edgeweb/css/105d560.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/edgeweb/fonts/segoeui-vf-display-semibold.b7bb141.woff2 HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.microsoft.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://edgestatic.azureedge.net/shared/edgeweb/css/105d560.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/edgeweb/img/arrow-left.0af059d.svg HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Origin: https://www.microsoft.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/edgeweb/img/arrow-right.96b564d.svg HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Origin: https://www.microsoft.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /mscc/lib/v2/wcp-consent.js HTTP/1.1Host: wcpstatic.microsoft.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/cms/lrs1c69a1j/section-images/f1415474cbbc413bbbf3c9fc3fd1b3d0.png HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/cms/lrs1c69a1j/section-images/1c237bd147234b5b8b5ea2624c7de744.png HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/edgeweb/img/fluent-qr.44414bd.svg HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Origin: https://www.microsoft.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/edgeweb/img/fluent-link.baf5bd6.svg HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Origin: https://www.microsoft.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/cms/lrs1c69a1j/section-images/2b2884022b26457e9368c34b176c570c.png HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/edgeweb/img/fluent-dropdown.8618950.svg HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Origin: https://www.microsoft.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/cms/lrs1c69a1j/section-images/a06eb816e83b48758a42ca5dbddb2e67.png HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /bloomfilterfiles/ExpandedDomainsFilterGlobal.json HTTP/1.1Host: www.bing.comConnection: keep-aliveCookie: ANON=; MUID=;_RwBf=;Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/edgeweb/img/win11-explore.553240e.svg HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/edgeweb/img/win11-start.415d423.svg HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/edgeweb/img/fluent-check-bold.0ced02b.svg HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Origin: https://www.microsoft.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /apppack/edgefre HTTP/1.1Host: apps.microsoft.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/edgeweb/img/win11-edge.c5cce66.png HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/cms/lrs1c69a1j/section-images/94713cf7bc7c406d83691315feaf82dd.jpg HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/edgeweb/img/pinning-browser.b02edf1.svg HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/edgeweb/img/pinning-arrow.e9317cd.svg HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/cms/lrs1c69a1j/section-images/89ff15806b9e4b09b2fb21673a1c7094.webp HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /update/cz.seznam.software.libfoxcub64-3.3.8-win32.zip HTTP/1.1Host: download.seznam.czConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /apppack/edgefre?hl=en-us&gl=US HTTP/1.1Host: apps.microsoft.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Referer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR
Source: global traffic	HTTP traffic detected: GET /shared/edgeweb/img/max.5b1398e.png HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/edgeweb/img/pinterest.b958ffd.png HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/edgeweb/img/amazon.a8a5fd1.png HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/edgeweb/img/instagram.4cd031e.png HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/edgeweb/img/facebook.bb606e7.png HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /npm/@shoelace-style/shoelace@2.12.0/cdn/themes/light.css HTTP/1.1Host: cdn.jsdelivr.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://apps.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/edgeweb/img/outlook.dcd709d.png HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /assets/js/index-3c527300.css HTTP/1.1Host: apps.microsoft.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://apps.microsoft.com/apppack/edgefre?hl=en-us&gl=USAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR
Source: global traffic	HTTP traffic detected: GET /assets/js/index-36d30887.js HTTP/1.1Host: apps.microsoft.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://apps.microsoft.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://apps.microsoft.com/apppack/edgefre?hl=en-us&gl=USAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR
Source: global traffic	HTTP traffic detected: GET /shared/edgeweb/img/office.b772a89.png HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/cms/lrs1c69a1j/section-images/935d5e3b261649808ca8fbeb888a5d63.png HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/cms/lrs1c69a1j/section-images/38c8c879d3854390897db9c4b7f3a682.jpg HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/cms/lrs1c69a1j/section-images/2068e415cbe2442b82f2fba24ee0c202.png HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/cms/lrs1c69a1j/section-images/166ba0e92d8b4ad0b18bdf3455bfce5c.jpg HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /filestreamingservice/files/bdc392b9-6b81-4aaa-b3ee-2fffd9562edb?P1=1728468990&P2=404&P3=2&P4=fYCr80phaT2bw%2b97uzl%2bZm4Y9sWhLMBhIRsYhHez6bNE%2fFFZZ4zgZrSJ7EBeaEm2%2fZHS5qyeUFkGOOxDRvW5Gw%3d%3d HTTP/1.1Host: msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.comConnection: keep-aliveMS-CV: xxx6Kkdk1ksoy08AVfOlJeSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /clarity.js HTTP/1.1Host: apps.microsoft.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://apps.microsoft.com/apppack/edgefre?hl=en-us&gl=USAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR
Source: global traffic	HTTP traffic detected: GET /shared/cms/lrs1c69a1j/section-images/cea0e14e0ec44c1a9e8b92a6715ef1c1.png HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /update/cz.seznam.software.ielisticka3-3.3.5-win32.zip HTTP/1.1Host: download.seznam.czConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /assets/js/index-70a46923.js HTTP/1.1Host: apps.microsoft.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://apps.microsoft.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://apps.microsoft.com/assets/js/index-36d30887.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR
Source: global traffic	HTTP traffic detected: GET /louserzed-strings/en-gb/strings.json?v=bd1e6f1fd0 HTTP/1.1Host: apps.microsoft.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/apppack/edgefre?hl=en-us&gl=USAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR
Source: global traffic	HTTP traffic detected: GET /api/settings/flags?gl=US&hl=en-us&sessionId= HTTP/1.1Host: apps.microsoft.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47X-API-Ref: db2c8457ef6ae807db500c0199cc06898be1b23d3cd9b3206a65b7c81f4185f0sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/apppack/edgefre?hl=en-us&gl=USAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR
Source: global traffic	HTTP traffic detected: GET /api/Products/ZeroStateSearch?gl=US&hl=en-us HTTP/1.1Host: apps.microsoft.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47X-API-Ref: ebe1c0636328a720580a52e74af985ddefbb0609f391016b633be0072e31e7fcsec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/apppack/edgefre?hl=en-us&gl=USAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR
Source: global traffic	HTTP traffic detected: GET /shared/cms/lrs1c69a1j/section-images/92176a17dafb4a90a9de118656f92fb2.jpg HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/cms/lrs1c69a1j/section-images/bbd7bff84da242f286f1e64f4f51d171.jpg HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/cms/lrs1c69a1j/section-images/d369d673d1e74d5eb64a9da00f0a2c2b.jpg HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/cms/lrs1c69a1j/section-images/fbee95612d3b45979dd58820b1e0df59.jpg HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/cms/lrs1c69a1j/section-images/e37077f885ed4fa6961e58e8b4c8b10d.jpg HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/cms/lrs1c69a1j/section-images/173b124fd99446babb8439cf477b38fd.jpg HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /dmp/up/pixie.js HTTP/1.1Host: acdn.adnxs.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /scripts/c/ms.jsll-3.min.js HTTP/1.1Host: js.monitor.azure.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/cms/lrs1c69a1j/section-images/ea9d7038df454660bfdb39a6de1c22d8.jpg HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/cms/lrs1c69a1j/section-images/7a62d65e6d6b48d5b5278067c3a78dba.png HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /en_US/fbevents.js HTTP/1.1Host: connect.facebook.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /assets/js/applicationinsights-web-9ad09b9c.js HTTP/1.1Host: apps.microsoft.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://apps.microsoft.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; exp-session-id=b6d0ece2-29a7-4143-931c-d621648d7cb8
Source: global traffic	HTTP traffic detected: GET /assets/js/InstrumentHooks-cd565348.js HTTP/1.1Host: apps.microsoft.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://apps.microsoft.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; exp-session-id=b6d0ece2-29a7-4143-931c-d621648d7cb8
Source: global traffic	HTTP traffic detected: GET /assets/js/applicationinsights-core-js-9783d46c.js HTTP/1.1Host: apps.microsoft.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://apps.microsoft.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; exp-session-id=b6d0ece2-29a7-4143-931c-d621648d7cb8
Source: global traffic	HTTP traffic detected: GET /shared/cms/lrs1c69a1j/section-videos/3dd826a043744d6cbfe55165a35a8ec8.mp4 HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Accept-Encoding: identity;q=1, ;q=0sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: videoReferer: https://www.microsoft.com/Accept-Language: en-GB,en;q=0.9,en-US;q=0.8Range: bytes=0-
Source: global traffic	HTTP traffic detected: GET /assets/js/Index-cbed7ffc.js HTTP/1.1Host: apps.microsoft.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://apps.microsoft.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://apps.microsoft.com/assets/js/index-36d30887.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; exp-session-id=b6d0ece2-29a7-4143-931c-d621648d7cb8
Source: global traffic	HTTP traffic detected: GET /update/szn-software-fflisticka-4.0.8-win32.zip HTTP/1.1Host: download.seznam.czConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /tag/inyago70pn HTTP/1.1Host: www.clarity.msConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://apps.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /tag/edvmnysmkk HTTP/1.1Host: www.clarity.msConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /assets/js/edgefre-0b65e548.js HTTP/1.1Host: apps.microsoft.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://apps.microsoft.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; exp-session-id=b6d0ece2-29a7-4143-931c-d621648d7cb8
Source: global traffic	HTTP traffic detected: GET /li.lms-analytics/insight.min.js HTTP/1.1Host: snap.licdn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /pixie/up?pi=e8619ae9-c189-46ef-bfc8-f39e0ac838fd HTTP/1.1Host: ib.adnxs.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Origin: https://www.microsoft.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /bat.js HTTP/1.1Host: bat.bing.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /X-Edge-Shopping-Flag: 1Sec-MS-GEC: FF699648EBF162654E01182ED0BD24EDB1A2721B7E78C7D8756497D88A893629Sec-MS-GEC-Version: 1-117.0.2045.47Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /shared/edgeweb/fonts/segoeui-vf-display-bold.3b9304c.woff2 HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.microsoft.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://edgestatic.azureedge.net/shared/edgeweb/css/105d560.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /assets/js/product-collection-86c4abf3.js HTTP/1.1Host: apps.microsoft.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://apps.microsoft.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; exp-session-id=b6d0ece2-29a7-4143-931c-d621648d7cb8
Source: global traffic	HTTP traffic detected: GET /assets/js/nav-bar-ed71552c.js HTTP/1.1Host: apps.microsoft.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://apps.microsoft.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; exp-session-id=b6d0ece2-29a7-4143-931c-d621648d7cb8
Source: global traffic	HTTP traffic detected: GET /s/0.7.47/clarity.js HTTP/1.1Host: www.clarity.msConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: CLID=c6083d87285244068a54b7c1410cd9fd.20241002.20251002
Source: global traffic	HTTP traffic detected: GET /s/0.7.47/clarity-extended.js HTTP/1.1Host: www.clarity.msConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://apps.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: CLID=c6083d87285244068a54b7c1410cd9fd.20241002.20251002
Source: global traffic	HTTP traffic detected: GET /shared/cms/lrs1c69a1j/section-videos/3dd826a043744d6cbfe55165a35a8ec8.mp4 HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Accept-Encoding: identity;q=1, ;q=0sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: videoReferer: https://www.microsoft.com/Accept-Language: en-GB,en;q=0.9,en-US;q=0.8Range: bytes=2785280-2823167If-Range: W/"2b1400-18c5bb7f0e4"
Source: global traffic	HTTP traffic detected: GET /assets/js/auto-complete-app-search-c8ed58b0.js HTTP/1.1Host: apps.microsoft.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://apps.microsoft.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; exp-session-id=b6d0ece2-29a7-4143-931c-d621648d7cb8
Source: global traffic	HTTP traffic detected: GET /assets/js/collection-helper-ed90e706.js HTTP/1.1Host: apps.microsoft.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://apps.microsoft.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; exp-session-id=b6d0ece2-29a7-4143-931c-d621648d7cb8
Source: global traffic	HTTP traffic detected: GET /assets/js/paged-list-777752e9.js HTTP/1.1Host: apps.microsoft.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://apps.microsoft.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; exp-session-id=b6d0ece2-29a7-4143-931c-d621648d7cb8
Source: global traffic	HTTP traffic detected: GET /pixie?e=LandingPage&pi=e8619ae9-c189-46ef-bfc8-f39e0ac838fd&it=1727864209441&v=0.0.41&u=https%3A%2F%2Fwww.microsoft.com%2Fen-gb%2Fedge%2Fwelcome%3Fform%3DM10004%26mb03%3Dtrue&st=1727864209440&et=1727864210207&if=0&uetmsmid=ead072c6-87b6-4905-8bcf-231e8931644d&asce=0&ascc=0&tcfhl=0&tcfe=0&tcfgdpr=0&tcfc=0 HTTP/1.1Host: ib.adnxs.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /assets/js/flip-animation-helper-712a32df.js HTTP/1.1Host: apps.microsoft.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://apps.microsoft.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; exp-session-id=b6d0ece2-29a7-4143-931c-d621648d7cb8
Source: global traffic	HTTP traffic detected: GET /p/action/355008692.js HTTP/1.1Host: bat.bing.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /X-Edge-Shopping-Flag: 1Sec-MS-GEC: FF699648EBF162654E01182ED0BD24EDB1A2721B7E78C7D8756497D88A893629Sec-MS-GEC-Version: 1-117.0.2045.47Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /collect?v=2&fmt=js&pid=7850&time=1727864210223&li_adsId=c6366846-7f41-4708-9fb6-3269a23fdc13&url=https%3A%2F%2Fwww.microsoft.com%2Fen-gb%2Fedge%2Fwelcome%3Fform%3DM10004%26mb03%3Dtrue HTTP/1.1Host: px.ads.linkedin.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /assets/js/collection-types-77c388cf.js HTTP/1.1Host: apps.microsoft.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://apps.microsoft.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; exp-session-id=b6d0ece2-29a7-4143-931c-d621648d7cb8
Source: global traffic	HTTP traffic detected: GET /tr/?id=1770559986549030&ev=PageView&dl=https%3A%2F%2Fwww.microsoft.com%2Fen-gb%2Fedge%2Fwelcome%3Fform%3DM10004%26mb03%3Dtrue&rl=&if=false&ts=1727864210807&sw=1280&sh=1024&v=2.9.170&r=stable&ec=0&o=4126&fbp=fb.1.1727864210794.836094937724409315&cs_est=true&ler=empty&it=1727864210083&coo=false&rqm=GET HTTP/1.1Host: www.facebook.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /assets/icons/download-psi.svg HTTP/1.1Host: apps.microsoft.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"traceparent: 00-3b21d183801646059abf60aea5313c9b-493e3c1559104b6e-01request-id: \|3b21d183801646059abf60aea5313c9b.493e3c1559104b6esec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/apppack/edgefre?hl=en-us&gl=USAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; exp-session-id=b6d0ece2-29a7-4143-931c-d621648d7cb8; ai_user=gPFm7QcR2pV4O/zkZSC6dC\|2024-10-02T10:16:49.985Z; ai_session=KeivHP7d5TFls18euJ+R3i\|1727864209993\|1727864209993; _fbp=fb.1.1727864210794.836094937724409315; _clck=1x4xmda%7C2%7Cfpo%7C0%7C1736; _uetsid=70ac830080a711efa9fc9be06d42c5d1; _uetvid=70acc12080a711efa4bbe5908cfb5aee
Source: global traffic	HTTP traffic detected: GET /action/0?ti=355008692&Ver=2&mid=2f7ef59e-c4f4-48b2-910f-313aa21048be&sid=70ac830080a711efa9fc9be06d42c5d1&vid=70acc12080a711efa4bbe5908cfb5aee&vids=1&msclkid=N&uach=pv%3D10.0.0&pi=918639831&lg=en-GB&sw=1280&sh=1024&sc=24&tl=Welcome%20to%20Microsoft%20Edge&p=https%3A%2F%2Fwww.microsoft.com%2Fen-gb%2Fedge%2Fwelcome%3Fform%3DM10004%26mb03%3Dtrue&r=&lt=11581&evt=pageLoad&sv=1&cdb=AQAQ&rn=989132 HTTP/1.1Host: bat.bing.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8X-Edge-Shopping-Flag: 1Sec-MS-GEC: FF699648EBF162654E01182ED0BD24EDB1A2721B7E78C7D8756497D88A893629Sec-MS-GEC-Version: 1-117.0.2045.47Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /action/0?ti=355008692&Ver=2&mid=2f7ef59e-c4f4-48b2-910f-313aa21048be&sid=70ac830080a711efa9fc9be06d42c5d1&vid=70acc12080a711efa4bbe5908cfb5aee&vids=0&msclkid=N&ea=Other-Info-Screenwidth-1280&en=Y&p=https%3A%2F%2Fwww.microsoft.com%2Fen-gb%2Fedge%2Fwelcome&sw=1280&sh=1024&sc=24&evt=custom&cdb=AQAQ&rn=692432 HTTP/1.1Host: bat.bing.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8X-Edge-Shopping-Flag: 1Sec-MS-GEC: FF699648EBF162654E01182ED0BD24EDB1A2721B7E78C7D8756497D88A893629Sec-MS-GEC-Version: 1-117.0.2045.47Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /action/0?ti=355008692&Ver=2&mid=2f7ef59e-c4f4-48b2-910f-313aa21048be&sid=70ac830080a711efa9fc9be06d42c5d1&vid=70acc12080a711efa4bbe5908cfb5aee&vids=0&msclkid=N&ea=Other-Info-Screenheight-1024&en=Y&p=https%3A%2F%2Fwww.microsoft.com%2Fen-gb%2Fedge%2Fwelcome&sw=1280&sh=1024&sc=24&evt=custom&cdb=AQAQ&rn=591063 HTTP/1.1Host: bat.bing.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8X-Edge-Shopping-Flag: 1Sec-MS-GEC: FF699648EBF162654E01182ED0BD24EDB1A2721B7E78C7D8756497D88A893629Sec-MS-GEC-Version: 1-117.0.2045.47Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /action/0?ti=355008692&Ver=2&mid=2f7ef59e-c4f4-48b2-910f-313aa21048be&sid=70ac830080a711efa9fc9be06d42c5d1&vid=70acc12080a711efa4bbe5908cfb5aee&vids=0&msclkid=N&ea=Other-Info-Pixelratio-1&en=Y&p=https%3A%2F%2Fwww.microsoft.com%2Fen-gb%2Fedge%2Fwelcome&sw=1280&sh=1024&sc=24&evt=custom&cdb=AQAQ&rn=953385 HTTP/1.1Host: bat.bing.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8X-Edge-Shopping-Flag: 1Sec-MS-GEC: FF699648EBF162654E01182ED0BD24EDB1A2721B7E78C7D8756497D88A893629Sec-MS-GEC-Version: 1-117.0.2045.47Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /action/0?ti=355008692&Ver=2&mid=2f7ef59e-c4f4-48b2-910f-313aa21048be&sid=70ac830080a711efa9fc9be06d42c5d1&vid=70acc12080a711efa4bbe5908cfb5aee&vids=0&msclkid=N&ea=Action-Firstslide-AiIntro&en=Y&p=https%3A%2F%2Fwww.microsoft.com%2Fen-gb%2Fedge%2Fwelcome&sw=1280&sh=1024&sc=24&evt=custom&cdb=AQAQ&rn=399722 HTTP/1.1Host: bat.bing.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8X-Edge-Shopping-Flag: 1Sec-MS-GEC: FF699648EBF162654E01182ED0BD24EDB1A2721B7E78C7D8756497D88A893629Sec-MS-GEC-Version: 1-117.0.2045.47Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /collect?v=2&fmt=js&pid=7850&time=1727864210223&li_adsId=c6366846-7f41-4708-9fb6-3269a23fdc13&url=https%3A%2F%2Fwww.microsoft.com%2Fen-gb%2Fedge%2Fwelcome%3Fform%3DM10004%26mb03%3Dtrue&cookiesTest=true HTTP/1.1Host: px.ads.linkedin.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: li_sugr=d35b3f83-bdbb-45a3-85ce-a0229f826989; bcookie="v=2&2516b960-85ad-4191-847f-415a33eda43e"; lidc="b=TGST06:s=T:r=T:a=T:p=T:g=3013:u=1:x=1:i=1727864211:t=1727950611:v=2:sig=AQG_p4RFuAy5RLp45N0Pq_b0ZbnDEu0_"
Source: global traffic	HTTP traffic detected: GET /tag/uet/355008692?insights=1 HTTP/1.1Host: www.clarity.msConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: CLID=c6083d87285244068a54b7c1410cd9fd.20241002.20251002
Source: global traffic	HTTP traffic detected: GET /image/apps.8453.13655054093851568.4a371b72-2ce8-4bdb-9d83-be49894d3fa0.7f3687b9-847d-4f86-bb5c-c73259e2b38e?w=75 HTTP/1.1Host: store-images.s-microsoft.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://apps.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /image/apps.56161.9007199266246365.1d5a6a53-3c49-4f80-95d7-78d76b0e05d0.a3e87fea-e03e-4c0a-8f26-9ecef205fa7b?w=75 HTTP/1.1Host: store-images.s-microsoft.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://apps.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /image/apps.25776.14473651905739879.c2c2c20a-48ca-4b7a-a0c5-392cddcd557e.dbe766f0-50a3-4270-957c-d06415f86f39?w=75 HTTP/1.1Host: store-images.s-microsoft.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://apps.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /service-worker.js HTTP/1.1Host: apps.microsoft.comConnection: keep-aliveCache-Control: max-age=0Accept: /Service-Worker: scriptUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Sec-Fetch-Site: same-originSec-Fetch-Mode: same-originSec-Fetch-Dest: serviceworkerReferer: https://apps.microsoft.com/apppack/edgefre?hl=en-us&gl=USAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; exp-session-id=b6d0ece2-29a7-4143-931c-d621648d7cb8; ai_user=gPFm7QcR2pV4O/zkZSC6dC\|2024-10-02T10:16:49.985Z; ai_session=KeivHP7d5TFls18euJ+R3i\|1727864209993\|1727864209993; _fbp=fb.1.1727864210794.836094937724409315; _clck=1x4xmda%7C2%7Cfpo%7C0%7C1736
Source: global traffic	HTTP traffic detected: GET /consumers/oauth2/v2.0/authorize?client_id=929d973a-a08f-46a0-80b5-3c690ee1ee5f&scope=User.Read%20offline_access%20openid%20profile&redirect_uri=https%3A%2F%2Fapps.microsoft.com%2F&client-request-id=01924cbb-87e4-7744-aa7b-63aaf0118cbd&response_mode=fragment&response_type=code&x-client-SKU=msal.js.browser&x-client-VER=3.18.0&client_info=1&code_challenge=12wPOc1UDIDnCIHouMCWAbj0MmuWrsUyf6M21SmFz-A&code_challenge_method=S256&prompt=none&nonce=01924cbb-8810-75ee-8ce9-2c4082eafda8&state=eyJpZCI6IjAxOTI0Y2JiLTg3ZTQtNzBkZi1iZDFhLWVlMzFlYzFkOWE0YSIsIm1ldGEiOnsiaW50ZXJhY3Rpb25UeXBlIjoic2lsZW50In19 HTTP/1.1Host: login.microsoftonline.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://apps.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D7850%26time%3D1727864210223%26li_adsId%3Dc6366846-7f41-4708-9fb6-3269a23fdc13%26url%3Dhttps%253A%252F%252Fwww.microsoft.com%252Fen-gb%252Fedge%252Fwelcome%253Fform%253DM10004%2526mb03%253Dtrue%26cookiesTest%3Dtrue%26liSync%3Dtrue HTTP/1.1Host: www.linkedin.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: li_sugr=d35b3f83-bdbb-45a3-85ce-a0229f826989; bcookie="v=2&2516b960-85ad-4191-847f-415a33eda43e"; lidc="b=TGST06:s=T:r=T:a=T:p=T:g=3013:u=1:x=1:i=1727864211:t=1727950611:v=2:sig=AQG_p4RFuAy5RLp45N0Pq_b0ZbnDEu0_"; UserMatchHistory=AQIyePVLc9XnZgAAAZJMu4yU2_WgOCBxObdkN0Wk2LpTA7gLTgo39UVR7LkM-ElLklnw9wU5PMNQRQ; AnalyticsSyncHistory=AQKSK2PlgfRT2AAAAZJMu4yUVhKeSnIwUJNjMHTmLuEK0NvpIjlatlsxaB_7NFCL0oKdIIi5nD5QhsrMvCHBIw
Source: global traffic	HTTP traffic detected: GET /assets/js/_commonjsHelpers-39b5b250.js HTTP/1.1Host: apps.microsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/service-worker.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; exp-session-id=b6d0ece2-29a7-4143-931c-d621648d7cb8; ai_user=gPFm7QcR2pV4O/zkZSC6dC\|2024-10-02T10:16:49.985Z; ai_session=KeivHP7d5TFls18euJ+R3i\|1727864209993\|1727864209993; _fbp=fb.1.1727864210794.836094937724409315; _clck=1x4xmda%7C2%7Cfpo%7C0%7C1736; _uetsid=70ac830080a711efa9fc9be06d42c5d1; _uetvid=70acc12080a711efa4bbe5908cfb5aee; _clsk=z8aa33%7C1727864211918%7C1%7C0%7Ct.clarity.ms%2Fcollect
Source: global traffic	HTTP traffic detected: GET /collect?v=2&fmt=js&pid=7850&time=1727864210223&li_adsId=c6366846-7f41-4708-9fb6-3269a23fdc13&url=https%3A%2F%2Fwww.microsoft.com%2Fen-gb%2Fedge%2Fwelcome%3Fform%3DM10004%26mb03%3Dtrue&cookiesTest=true&liSync=true HTTP/1.1Host: px.ads.linkedin.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: li_sugr=d35b3f83-bdbb-45a3-85ce-a0229f826989; bcookie="v=2&2516b960-85ad-4191-847f-415a33eda43e"; lidc="b=TGST06:s=T:r=T:a=T:p=T:g=3013:u=1:x=1:i=1727864211:t=1727950611:v=2:sig=AQG_p4RFuAy5RLp45N0Pq_b0ZbnDEu0_"; UserMatchHistory=AQIyePVLc9XnZgAAAZJMu4yU2_WgOCBxObdkN0Wk2LpTA7gLTgo39UVR7LkM-ElLklnw9wU5PMNQRQ; AnalyticsSyncHistory=AQKSK2PlgfRT2AAAAZJMu4yUVhKeSnIwUJNjMHTmLuEK0NvpIjlatlsxaB_7NFCL0oKdIIi5nD5QhsrMvCHBIw
Source: global traffic	HTTP traffic detected: GET /offline.html HTTP/1.1Host: apps.microsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/service-worker.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; exp-session-id=b6d0ece2-29a7-4143-931c-d621648d7cb8; ai_user=gPFm7QcR2pV4O/zkZSC6dC\|2024-10-02T10:16:49.985Z; ai_session=KeivHP7d5TFls18euJ+R3i\|1727864209993\|1727864209993; _fbp=fb.1.1727864210794.836094937724409315; _clck=1x4xmda%7C2%7Cfpo%7C0%7C1736; _uetsid=70ac830080a711efa9fc9be06d42c5d1; _uetvid=70acc12080a711efa4bbe5908cfb5aee; _clsk=z8aa33%7C1727864211918%7C1%7C0%7Ct.clarity.ms%2Fcollect
Source: global traffic	HTTP traffic detected: GET /shared/cms/lrs1c69a1j/section-videos/3dd826a043744d6cbfe55165a35a8ec8.mp4 HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Accept-Encoding: identity;q=1, ;q=0sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: videoReferer: https://www.microsoft.com/Accept-Language: en-GB,en;q=0.9,en-US;q=0.8Range: bytes=32768-
Source: global traffic	HTTP traffic detected: GET /assets/js/about-b1ba6593.js HTTP/1.1Host: apps.microsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/service-worker.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; exp-session-id=b6d0ece2-29a7-4143-931c-d621648d7cb8; ai_user=gPFm7QcR2pV4O/zkZSC6dC\|2024-10-02T10:16:49.985Z; ai_session=KeivHP7d5TFls18euJ+R3i\|1727864209993\|1727864209993; _fbp=fb.1.1727864210794.836094937724409315; _clck=1x4xmda%7C2%7Cfpo%7C0%7C1736; _uetsid=70ac830080a711efa9fc9be06d42c5d1; _uetvid=70acc12080a711efa4bbe5908cfb5aee; _clsk=z8aa33%7C1727864211918%7C1%7C0%7Ct.clarity.ms%2Fcollect; MC1=GUID=40944b817c6f43219ea5caba422ead52&HASH=4094&LV=202410&V=4&LU=1727864214076; MS0=5d5a28dc628a46d8918acde28b77f98f
Source: global traffic	HTTP traffic detected: GET /oauth20_authorize.srf?client_id=929d973a-a08f-46a0-80b5-3c690ee1ee5f&scope=User.Read+offline_access+openid+profile&redirect_uri=https%3a%2f%2fapps.microsoft.com%2f&response_type=code&state=eyJpZCI6IjAxOTI0Y2JiLTg3ZTQtNzBkZi1iZDFhLWVlMzFlYzFkOWE0YSIsIm1ldGEiOnsiaW50ZXJhY3Rpb25UeXBlIjoic2lsZW50In19&response_mode=fragment&nonce=01924cbb-8810-75ee-8ce9-2c4082eafda8&prompt=none&code_challenge=NzfLDfZZ9pa9p594AEIvEIVcYy8SF9QRmo7u5zhFThU&code_challenge_method=S256&x-client-SKU=msal.js.browser&x-client-Ver=3.18.0&uaid=01924cbb87e47744aa7b63aaf0118cbd&msproxy=1&issuer=mso&tenant=consumers&ui_locales=en-GB&client_info=1&epct=PAQABDgEAAADW6jl31mB3T7ugrWTT8pFewSlPCygvk1lyVk6poWg0cXhJYK5z7bDUkD84hYnFfpGk3Dqr8p-SQwUSFQo5nwp3L68_LzPzWl5zH1OvuQD7NdyuHDbID_p9Jf4HLB5epgLIUALB3rtkYUSQiYgSVPxYXqac_1W8-J_7c4W3yxQ9bEdyMvnVmMGhSZsTYIASrVH9UgXMbgwz3xj-5Qd_uUH7-FDN9pHWVUPGxJLoz3Q_BSAA&jshs=0 HTTP/1.1Host: login.live.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Referer: https://apps.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /assets/js/additional-info-b4cc1e57.js HTTP/1.1Host: apps.microsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/service-worker.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; exp-session-id=b6d0ece2-29a7-4143-931c-d621648d7cb8; ai_user=gPFm7QcR2pV4O/zkZSC6dC\|2024-10-02T10:16:49.985Z; ai_session=KeivHP7d5TFls18euJ+R3i\|1727864209993\|1727864209993; _fbp=fb.1.1727864210794.836094937724409315; _clck=1x4xmda%7C2%7Cfpo%7C0%7C1736; _uetsid=70ac830080a711efa9fc9be06d42c5d1; _uetvid=70acc12080a711efa4bbe5908cfb5aee; _clsk=z8aa33%7C1727864211918%7C1%7C0%7Ct.clarity.ms%2Fcollect; MC1=GUID=40944b817c6f43219ea5caba422ead52&HASH=4094&LV=202410&V=4&LU=1727864214076; MS0=5d5a28dc628a46d8918acde28b77f98f
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: apps.microsoft.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Referer: https://apps.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; exp-session-id=b6d0ece2-29a7-4143-931c-d621648d7cb8; ai_user=gPFm7QcR2pV4O/zkZSC6dC\|2024-10-02T10:16:49.985Z; ai_session=KeivHP7d5TFls18euJ+R3i\|1727864209993\|1727864209993; _fbp=fb.1.1727864210794.836094937724409315; _clck=1x4xmda%7C2%7Cfpo%7C0%7C1736; _uetsid=70ac830080a711efa9fc9be06d42c5d1; _uetvid=70acc12080a711efa4bbe5908cfb5aee; _clsk=z8aa33%7C1727864211918%7C1%7C0%7Ct.clarity.ms%2Fcollect; MC1=GUID=40944b817c6f43219ea5caba422ead52&HASH=4094&LV=202410&V=4&LU=1727864214076; MS0=5d5a28dc628a46d8918acde28b77f98f
Source: global traffic	HTTP traffic detected: GET /assets/js/alert-service-3c7acae3.js HTTP/1.1Host: apps.microsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/service-worker.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; exp-session-id=b6d0ece2-29a7-4143-931c-d621648d7cb8; ai_user=gPFm7QcR2pV4O/zkZSC6dC\|2024-10-02T10:16:49.985Z; ai_session=KeivHP7d5TFls18euJ+R3i\|1727864209993\|1727864209993; _fbp=fb.1.1727864210794.836094937724409315; _clck=1x4xmda%7C2%7Cfpo%7C0%7C1736; _uetsid=70ac830080a711efa9fc9be06d42c5d1; _uetvid=70acc12080a711efa4bbe5908cfb5aee; _clsk=z8aa33%7C1727864211918%7C1%7C0%7Ct.clarity.ms%2Fcollect; MC1=GUID=40944b817c6f43219ea5caba422ead52&HASH=4094&LV=202410&V=4&LU=1727864214076; MS0=5d5a28dc628a46d8918acde28b77f98f
Source: global traffic	HTTP traffic detected: GET /?hl=en-gb&gl=US HTTP/1.1Host: apps.microsoft.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Referer: https://apps.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; exp-session-id=b6d0ece2-29a7-4143-931c-d621648d7cb8; ai_user=gPFm7QcR2pV4O/zkZSC6dC\|2024-10-02T10:16:49.985Z; ai_session=KeivHP7d5TFls18euJ+R3i\|1727864209993\|1727864209993; _fbp=fb.1.1727864210794.836094937724409315; _clck=1x4xmda%7C2%7Cfpo%7C0%7C1736; _uetsid=70ac830080a711efa9fc9be06d42c5d1; _uetvid=70acc12080a711efa4bbe5908cfb5aee; _clsk=z8aa33%7C1727864211918%7C1%7C0%7Ct.clarity.ms%2Fcollect; MC1=GUID=40944b817c6f43219ea5caba422ead52&HASH=4094&LV=202410&V=4&LU=1727864214076; MS0=5d5a28dc628a46d8918acde28b77f98f
Source: global traffic	HTTP traffic detected: GET /assets/js/app-badge-dd910ddd.js HTTP/1.1Host: apps.microsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/service-worker.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; exp-session-id=b6d0ece2-29a7-4143-931c-d621648d7cb8; ai_user=gPFm7QcR2pV4O/zkZSC6dC\|2024-10-02T10:16:49.985Z; ai_session=KeivHP7d5TFls18euJ+R3i\|1727864209993\|1727864209993; _fbp=fb.1.1727864210794.836094937724409315; _clck=1x4xmda%7C2%7Cfpo%7C0%7C1736; _uetsid=70ac830080a711efa9fc9be06d42c5d1; _uetvid=70acc12080a711efa4bbe5908cfb5aee; _clsk=z8aa33%7C1727864211918%7C1%7C0%7Ct.clarity.ms%2Fcollect; MC1=GUID=40944b817c6f43219ea5caba422ead52&HASH=4094&LV=202410&V=4&LU=1727864214076; MS0=5d5a28dc628a46d8918acde28b77f98f
Source: global traffic	HTTP traffic detected: GET /welcome/static/favicon.png HTTP/1.1Host: edgestatic.azureedge.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /c.gif HTTP/1.1Host: c.clarity.msConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /assets/js/apps-565c0e30.js HTTP/1.1Host: apps.microsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/service-worker.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; exp-session-id=b6d0ece2-29a7-4143-931c-d621648d7cb8; ai_user=gPFm7QcR2pV4O/zkZSC6dC\|2024-10-02T10:16:49.985Z; ai_session=KeivHP7d5TFls18euJ+R3i\|1727864209993\|1727864209993; _fbp=fb.1.1727864210794.836094937724409315; _clck=1x4xmda%7C2%7Cfpo%7C0%7C1736; _uetsid=70ac830080a711efa9fc9be06d42c5d1; _uetvid=70acc12080a711efa4bbe5908cfb5aee; _clsk=z8aa33%7C1727864211918%7C1%7C0%7Ct.clarity.ms%2Fcollect; MC1=GUID=40944b817c6f43219ea5caba422ead52&HASH=4094&LV=202410&V=4&LU=1727864214076; MS0=5d5a28dc628a46d8918acde28b77f98f
Source: global traffic	HTTP traffic detected: GET /c.gif?ctsa=mr&CtsSyncId=8145D78C597043718658058358F19F5A&RedC=c.clarity.ms&MXFR=29D059AB96C76E5E0C754CA792C7607D HTTP/1.1Host: c.bing.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageSec-MS-GEC: FF699648EBF162654E01182ED0BD24EDB1A2721B7E78C7D8756497D88A893629Sec-MS-GEC-Version: 1-117.0.2045.47Referer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MUID=2609E576E1796E461EBDF07AE01B6F4F
Source: global traffic	HTTP traffic detected: GET /assets/js/auth-control-b8e249cd.js HTTP/1.1Host: apps.microsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/service-worker.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; exp-session-id=b6d0ece2-29a7-4143-931c-d621648d7cb8; ai_user=gPFm7QcR2pV4O/zkZSC6dC\|2024-10-02T10:16:49.985Z; ai_session=KeivHP7d5TFls18euJ+R3i\|1727864209993\|1727864209993; _fbp=fb.1.1727864210794.836094937724409315; _clck=1x4xmda%7C2%7Cfpo%7C0%7C1736; _uetsid=70ac830080a711efa9fc9be06d42c5d1; _uetvid=70acc12080a711efa4bbe5908cfb5aee; _clsk=z8aa33%7C1727864211918%7C1%7C0%7Ct.clarity.ms%2Fcollect; MC1=GUID=40944b817c6f43219ea5caba422ead52&HASH=4094&LV=202410&V=4&LU=1727864214076; MS0=5d5a28dc628a46d8918acde28b77f98f
Source: global traffic	HTTP traffic detected: GET /c.gif?ctsa=mr&CtsSyncId=8145D78C597043718658058358F19F5A&MUID=2609E576E1796E461EBDF07AE01B6F4F HTTP/1.1Host: c.clarity.msConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: SM=T; MUID=29D059AB96C76E5E0C754CA792C7607D
Source: global traffic	HTTP traffic detected: GET /assets/js/cms-page-6f3814da.js HTTP/1.1Host: apps.microsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/service-worker.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; exp-session-id=b6d0ece2-29a7-4143-931c-d621648d7cb8; ai_user=gPFm7QcR2pV4O/zkZSC6dC\|2024-10-02T10:16:49.985Z; ai_session=KeivHP7d5TFls18euJ+R3i\|1727864209993\|1727864209993; _fbp=fb.1.1727864210794.836094937724409315; _clck=1x4xmda%7C2%7Cfpo%7C0%7C1736; _uetsid=70ac830080a711efa9fc9be06d42c5d1; _uetvid=70acc12080a711efa4bbe5908cfb5aee; _clsk=z8aa33%7C1727864211918%7C1%7C0%7Ct.clarity.ms%2Fcollect; MC1=GUID=40944b817c6f43219ea5caba422ead52&HASH=4094&LV=202410&V=4&LU=1727864214076; MS0=5d5a28dc628a46d8918acde28b77f98f
Source: global traffic	HTTP traffic detected: GET /assets/js/collection-group-9730b6e8.js HTTP/1.1Host: apps.microsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/service-worker.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; exp-session-id=b6d0ece2-29a7-4143-931c-d621648d7cb8; ai_user=gPFm7QcR2pV4O/zkZSC6dC\|2024-10-02T10:16:49.985Z; ai_session=KeivHP7d5TFls18euJ+R3i\|1727864209993\|1727864209993; _fbp=fb.1.1727864210794.836094937724409315; _clck=1x4xmda%7C2%7Cfpo%7C0%7C1736; _uetsid=70ac830080a711efa9fc9be06d42c5d1; _uetvid=70acc12080a711efa4bbe5908cfb5aee; _clsk=z8aa33%7C1727864211918%7C1%7C0%7Ct.clarity.ms%2Fcollect; MC1=GUID=40944b817c6f43219ea5caba422ead52&HASH=4094&LV=202410&V=4&LU=1727864214076; MS0=5d5a28dc628a46d8918acde28b77f98f
Source: global traffic	HTTP traffic detected: GET /assets/js/collection-reel-group-3ecad3dd.js HTTP/1.1Host: apps.microsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/service-worker.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; exp-session-id=b6d0ece2-29a7-4143-931c-d621648d7cb8; ai_user=gPFm7QcR2pV4O/zkZSC6dC\|2024-10-02T10:16:49.985Z; ai_session=KeivHP7d5TFls18euJ+R3i\|1727864209993\|1727864209993; _fbp=fb.1.1727864210794.836094937724409315; _clck=1x4xmda%7C2%7Cfpo%7C0%7C1736; _uetsid=70ac830080a711efa9fc9be06d42c5d1; _uetvid=70acc12080a711efa4bbe5908cfb5aee; _clsk=z8aa33%7C1727864211918%7C1%7C0%7Ct.clarity.ms%2Fcollect; MC1=GUID=40944b817c6f43219ea5caba422ead52&HASH=4094&LV=202410&V=4&LU=1727864214076; MS0=5d5a28dc628a46d8918acde28b77f98f
Source: global traffic	HTTP traffic detected: GET /assets/js/collections-0ef93cf0.js HTTP/1.1Host: apps.microsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/service-worker.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; exp-session-id=b6d0ece2-29a7-4143-931c-d621648d7cb8; ai_user=gPFm7QcR2pV4O/zkZSC6dC\|2024-10-02T10:16:49.985Z; ai_session=KeivHP7d5TFls18euJ+R3i\|1727864209993\|1727864209993; _fbp=fb.1.1727864210794.836094937724409315; _clck=1x4xmda%7C2%7Cfpo%7C0%7C1736; _uetsid=70ac830080a711efa9fc9be06d42c5d1; _uetvid=70acc12080a711efa4bbe5908cfb5aee; _clsk=z8aa33%7C1727864211918%7C1%7C0%7Ct.clarity.ms%2Fcollect; MC1=GUID=40944b817c6f43219ea5caba422ead52&HASH=4094&LV=202410&V=4&LU=1727864214076; MS0=5d5a28dc628a46d8918acde28b77f98f
Source: global traffic	HTTP traffic detected: GET /assets/js/collections-browse-06db3db6.js HTTP/1.1Host: apps.microsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/service-worker.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; exp-session-id=b6d0ece2-29a7-4143-931c-d621648d7cb8; ai_user=gPFm7QcR2pV4O/zkZSC6dC\|2024-10-02T10:16:49.985Z; ai_session=KeivHP7d5TFls18euJ+R3i\|1727864209993\|1727864209993; _fbp=fb.1.1727864210794.836094937724409315; _clck=1x4xmda%7C2%7Cfpo%7C0%7C1736; _uetsid=70ac830080a711efa9fc9be06d42c5d1; _uetvid=70acc12080a711efa4bbe5908cfb5aee; _clsk=z8aa33%7C1727864211918%7C1%7C0%7Ct.clarity.ms%2Fcollect; MC1=GUID=40944b817c6f43219ea5caba422ead52&HASH=4094&LV=202410&V=4&LU=1727864214076; MS0=5d5a28dc628a46d8918acde28b77f98f
Source: global traffic	HTTP traffic detected: GET /assets/js/collections-test-fd3115fd.js HTTP/1.1Host: apps.microsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/service-worker.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; exp-session-id=b6d0ece2-29a7-4143-931c-d621648d7cb8; ai_user=gPFm7QcR2pV4O/zkZSC6dC\|2024-10-02T10:16:49.985Z; ai_session=KeivHP7d5TFls18euJ+R3i\|1727864209993\|1727864209993; _fbp=fb.1.1727864210794.836094937724409315; _clck=1x4xmda%7C2%7Cfpo%7C0%7C1736; _uetsid=70ac830080a711efa9fc9be06d42c5d1; _uetvid=70acc12080a711efa4bbe5908cfb5aee; _clsk=z8aa33%7C1727864211918%7C1%7C0%7Ct.clarity.ms%2Fcollect; MC1=GUID=40944b817c6f43219ea5caba422ead52&HASH=4094&LV=202410&V=4&LU=1727864214076; MS0=5d5a28dc628a46d8918acde28b77f98f
Source: global traffic	HTTP traffic detected: GET /hit/?a=event&d=%7B%22application%22%3A%22szndesktop%22%2C%22signedhash%22%3A%220%22%2C%22action%22%3A%22install_ie%22%2C%22status%22%3A0%2C%22osbuild%22%3A19045%2C%22osarch%22%3A9%2C%22iever%22%3A%2211.00.19041.1%20%28WinBuild.160101.0800%29%22%7D&s=partprog&v=2.1.35&r=1218851696&u=http://www.seznam.cz&h=B0B7C794-8699-4634-B6F9-24DA47BBD8EF&lsid=1727870994840&lses=0 HTTP/1.1Host: h.imedia.cz
Source: global traffic	HTTP traffic detected: GET /assets/js/color-worker-bb651d13.js HTTP/1.1Host: apps.microsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/service-worker.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; exp-session-id=b6d0ece2-29a7-4143-931c-d621648d7cb8; ai_user=gPFm7QcR2pV4O/zkZSC6dC\|2024-10-02T10:16:49.985Z; ai_session=KeivHP7d5TFls18euJ+R3i\|1727864209993\|1727864209993; _fbp=fb.1.1727864210794.836094937724409315; _clck=1x4xmda%7C2%7Cfpo%7C0%7C1736; _uetsid=70ac830080a711efa9fc9be06d42c5d1; _uetvid=70acc12080a711efa4bbe5908cfb5aee; _clsk=z8aa33%7C1727864211918%7C1%7C0%7Ct.clarity.ms%2Fcollect; MC1=GUID=40944b817c6f43219ea5caba422ead52&HASH=4094&LV=202410&V=4&LU=1727864214076; MS0=5d5a28dc628a46d8918acde28b77f98f
Source: global traffic	HTTP traffic detected: GET /assets/js/component-telemetry-ids-fc9d7e15.js HTTP/1.1Host: apps.microsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/service-worker.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; exp-session-id=b6d0ece2-29a7-4143-931c-d621648d7cb8; ai_user=gPFm7QcR2pV4O/zkZSC6dC\|2024-10-02T10:16:49.985Z; ai_session=KeivHP7d5TFls18euJ+R3i\|1727864209993\|1727864209993; _fbp=fb.1.1727864210794.836094937724409315; _clck=1x4xmda%7C2%7Cfpo%7C0%7C1736; _uetsid=70ac830080a711efa9fc9be06d42c5d1; _uetvid=70acc12080a711efa4bbe5908cfb5aee; _clsk=z8aa33%7C1727864211918%7C1%7C0%7Ct.clarity.ms%2Fcollect; MC1=GUID=40944b817c6f43219ea5caba422ead52&HASH=4094&LV=202410&V=4&LU=1727864214076; MS0=5d5a28dc628a46d8918acde28b77f98f
Source: global traffic	HTTP traffic detected: GET /assets/js/dash.all.min-f4f61554.js HTTP/1.1Host: apps.microsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/service-worker.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; exp-session-id=b6d0ece2-29a7-4143-931c-d621648d7cb8; ai_user=gPFm7QcR2pV4O/zkZSC6dC\|2024-10-02T10:16:49.985Z; ai_session=KeivHP7d5TFls18euJ+R3i\|1727864209993\|1727864209993; _fbp=fb.1.1727864210794.836094937724409315; _clck=1x4xmda%7C2%7Cfpo%7C0%7C1736; _uetsid=70ac830080a711efa9fc9be06d42c5d1; _uetvid=70acc12080a711efa4bbe5908cfb5aee; _clsk=z8aa33%7C1727864211918%7C1%7C0%7Ct.clarity.ms%2Fcollect; MC1=GUID=40944b817c6f43219ea5caba422ead52&HASH=4094&LV=202410&V=4&LU=1727864214076; MS0=5d5a28dc628a46d8918acde28b77f98f
Source: global traffic	HTTP traffic detected: GET /hit/?a=event&d=%7B%22action%22%3A%22startup%22%2C%22application%22%3A%22szndesktop%22%2C%22signedhash%22%3A%220%22%2C%22chrv%22%3A16%2C%22che%22%3A16%2C%22chs%22%3A16%2C%22ches%22%3A16%2C%22ie%22%3A1%2C%22osbuild%22%3A19045%2C%22osarch%22%3A9%2C%22chver%22%3A%22117.0.5938.132%22%2C%22ffver%22%3A%22118.0.1%22%2C%22iever%22%3A%2211.00.19041.1%20%28WinBuild.160101.0800%29%22%7D&s=partprog&v=2.1.35&r=-442691421&u=http://www.seznam.cz&h=B0B7C794-8699-4634-B6F9-24DA47BBD8EF&lsid=1727870998589&lses=1727870994840 HTTP/1.1Host: h.imedia.cz
Source: global traffic	HTTP traffic detected: GET /assets/js/dash.mss.min-9e6d10cc.js HTTP/1.1Host: apps.microsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/service-worker.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; exp-session-id=b6d0ece2-29a7-4143-931c-d621648d7cb8; ai_user=gPFm7QcR2pV4O/zkZSC6dC\|2024-10-02T10:16:49.985Z; ai_session=KeivHP7d5TFls18euJ+R3i\|1727864209993\|1727864209993; _fbp=fb.1.1727864210794.836094937724409315; _clck=1x4xmda%7C2%7Cfpo%7C0%7C1736; _uetsid=70ac830080a711efa9fc9be06d42c5d1; _uetvid=70acc12080a711efa4bbe5908cfb5aee; _clsk=z8aa33%7C1727864211918%7C1%7C0%7Ct.clarity.ms%2Fcollect; MC1=GUID=40944b817c6f43219ea5caba422ead52&HASH=4094&LV=202410&V=4&LU=1727864214076; MS0=5d5a28dc628a46d8918acde28b77f98f
Source: global traffic	HTTP traffic detected: GET /assets/js/editorial-aabeb52f.js HTTP/1.1Host: apps.microsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/service-worker.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; exp-session-id=b6d0ece2-29a7-4143-931c-d621648d7cb8; ai_user=gPFm7QcR2pV4O/zkZSC6dC\|2024-10-02T10:16:49.985Z; ai_session=KeivHP7d5TFls18euJ+R3i\|1727864209993\|1727864209993; _fbp=fb.1.1727864210794.836094937724409315; _clck=1x4xmda%7C2%7Cfpo%7C0%7C1736; _uetsid=70ac830080a711efa9fc9be06d42c5d1; _uetvid=70acc12080a711efa4bbe5908cfb5aee; _clsk=z8aa33%7C1727864211918%7C1%7C0%7Ct.clarity.ms%2Fcollect; MC1=GUID=40944b817c6f43219ea5caba422ead52&HASH=4094&LV=202410&V=4&LU=1727864214076; MS0=5d5a28dc628a46d8918acde28b77f98f
Source: global traffic	HTTP traffic detected: GET /hit/?a=event&d=%7B%22application%22%3A%22szndesktop%22%2C%22signedhash%22%3A%220%22%2C%22action%22%3A%22install_ff%22%2C%22status%22%3A0%2C%22osbuild%22%3A19045%2C%22osarch%22%3A9%2C%22ffver%22%3A%22118.0.1%22%7D&s=partprog&v=2.1.35&r=-845759909&u=http://www.seznam.cz&h=B0B7C794-8699-4634-B6F9-24DA47BBD8EF&lsid=1727871000747&lses=1727870998589 HTTP/1.1Host: h.imedia.cz
Source: global traffic	HTTP traffic detected: GET /assets/js/error-cba35c53.js HTTP/1.1Host: apps.microsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/service-worker.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; exp-session-id=b6d0ece2-29a7-4143-931c-d621648d7cb8; ai_user=gPFm7QcR2pV4O/zkZSC6dC\|2024-10-02T10:16:49.985Z; ai_session=KeivHP7d5TFls18euJ+R3i\|1727864209993\|1727864209993; _fbp=fb.1.1727864210794.836094937724409315; _clck=1x4xmda%7C2%7Cfpo%7C0%7C1736; _uetsid=70ac830080a711efa9fc9be06d42c5d1; _uetvid=70acc12080a711efa4bbe5908cfb5aee; _clsk=z8aa33%7C1727864211918%7C1%7C0%7Ct.clarity.ms%2Fcollect; MC1=GUID=40944b817c6f43219ea5caba422ead52&HASH=4094&LV=202410&V=4&LU=1727864214076; MS0=5d5a28dc628a46d8918acde28b77f98f
Source: global traffic	HTTP traffic detected: GET /assets/js/filter-menu.styles-c22dcbf5.js HTTP/1.1Host: apps.microsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/service-worker.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; exp-session-id=b6d0ece2-29a7-4143-931c-d621648d7cb8; ai_user=gPFm7QcR2pV4O/zkZSC6dC\|2024-10-02T10:16:49.985Z; ai_session=KeivHP7d5TFls18euJ+R3i\|1727864209993\|1727864209993; _fbp=fb.1.1727864210794.836094937724409315; _clck=1x4xmda%7C2%7Cfpo%7C0%7C1736; _uetsid=70ac830080a711efa9fc9be06d42c5d1; _uetvid=70acc12080a711efa4bbe5908cfb5aee; _clsk=z8aa33%7C1727864211918%7C1%7C0%7Ct.clarity.ms%2Fcollect; MC1=GUID=40944b817c6f43219ea5caba422ead52&HASH=4094&LV=202410&V=4&LU=1727864214076; MS0=5d5a28dc628a46d8918acde28b77f98f
Source: global traffic	HTTP traffic detected: GET /hit/?a=event&d=%7B%22application%22%3A%22szndesktop%22%2C%22signedhash%22%3A%220%22%2C%22action%22%3A%22install_ff%22%2C%22status%22%3A0%2C%22osbuild%22%3A19045%2C%22osarch%22%3A9%2C%22ffver%22%3A%22118.0.1%22%7D&s=partprog&v=2.1.35&r=-1701293468&u=http://www.seznam.cz&h=B0B7C794-8699-4634-B6F9-24DA47BBD8EF&lsid=1727871002951&lses=1727871000747 HTTP/1.1Host: h.imedia.cz
Source: global traffic	HTTP traffic detected: GET /assets/js/flip-animation-demo-c4c759ed.js HTTP/1.1Host: apps.microsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/service-worker.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; exp-session-id=b6d0ece2-29a7-4143-931c-d621648d7cb8; ai_user=gPFm7QcR2pV4O/zkZSC6dC\|2024-10-02T10:16:49.985Z; ai_session=KeivHP7d5TFls18euJ+R3i\|1727864209993\|1727864209993; _fbp=fb.1.1727864210794.836094937724409315; _clck=1x4xmda%7C2%7Cfpo%7C0%7C1736; _uetsid=70ac830080a711efa9fc9be06d42c5d1; _uetvid=70acc12080a711efa4bbe5908cfb5aee; _clsk=z8aa33%7C1727864211918%7C1%7C0%7Ct.clarity.ms%2Fcollect; MC1=GUID=40944b817c6f43219ea5caba422ead52&HASH=4094&LV=202410&V=4&LU=1727864214076; MS0=5d5a28dc628a46d8918acde28b77f98f
Source: global traffic	HTTP traffic detected: GET /assets/js/footer-menu-93708975.js HTTP/1.1Host: apps.microsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/service-worker.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; exp-session-id=b6d0ece2-29a7-4143-931c-d621648d7cb8; ai_user=gPFm7QcR2pV4O/zkZSC6dC\|2024-10-02T10:16:49.985Z; ai_session=KeivHP7d5TFls18euJ+R3i\|1727864209993\|1727864209993; _fbp=fb.1.1727864210794.836094937724409315; _clck=1x4xmda%7C2%7Cfpo%7C0%7C1736; _uetsid=70ac830080a711efa9fc9be06d42c5d1; _uetvid=70acc12080a711efa4bbe5908cfb5aee; _clsk=z8aa33%7C1727864211918%7C1%7C0%7Ct.clarity.ms%2Fcollect; MC1=GUID=40944b817c6f43219ea5caba422ead52&HASH=4094&LV=202410&V=4&LU=1727864214076; MS0=5d5a28dc628a46d8918acde28b77f98f
Source: global traffic	HTTP traffic detected: GET /assets/js/gaming-97ae1c62.js HTTP/1.1Host: apps.microsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/service-worker.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; exp-session-id=b6d0ece2-29a7-4143-931c-d621648d7cb8; ai_user=gPFm7QcR2pV4O/zkZSC6dC\|2024-10-02T10:16:49.985Z; ai_session=KeivHP7d5TFls18euJ+R3i\|1727864209993\|1727864209993; _fbp=fb.1.1727864210794.836094937724409315; _clck=1x4xmda%7C2%7Cfpo%7C0%7C1736; _uetsid=70ac830080a711efa9fc9be06d42c5d1; _uetvid=70acc12080a711efa4bbe5908cfb5aee; _clsk=z8aa33%7C1727864211918%7C1%7C0%7Ct.clarity.ms%2Fcollect; MC1=GUID=40944b817c6f43219ea5caba422ead52&HASH=4094&LV=202410&V=4&LU=1727864214076; MS0=5d5a28dc628a46d8918acde28b77f98f
Source: global traffic	HTTP traffic detected: GET /assets/js/header-1ef6623c.js HTTP/1.1Host: apps.microsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/service-worker.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; exp-session-id=b6d0ece2-29a7-4143-931c-d621648d7cb8; ai_user=gPFm7QcR2pV4O/zkZSC6dC\|2024-10-02T10:16:49.985Z; ai_session=KeivHP7d5TFls18euJ+R3i\|1727864209993\|1727864209993; _fbp=fb.1.1727864210794.836094937724409315; _clck=1x4xmda%7C2%7Cfpo%7C0%7C1736; _uetsid=70ac830080a711efa9fc9be06d42c5d1; _uetvid=70acc12080a711efa4bbe5908cfb5aee; _clsk=z8aa33%7C1727864211918%7C1%7C0%7Ct.clarity.ms%2Fcollect; MC1=GUID=40944b817c6f43219ea5caba422ead52&HASH=4094&LV=202410&V=4&LU=1727864214076; MS0=5d5a28dc628a46d8918acde28b77f98f
Source: global traffic	HTTP traffic detected: GET /assets/js/home-38153ab0.js HTTP/1.1Host: apps.microsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/service-worker.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; exp-session-id=b6d0ece2-29a7-4143-931c-d621648d7cb8; ai_user=gPFm7QcR2pV4O/zkZSC6dC\|2024-10-02T10:16:49.985Z; ai_session=KeivHP7d5TFls18euJ+R3i\|1727864209993\|1727864209993; _fbp=fb.1.1727864210794.836094937724409315; _clck=1x4xmda%7C2%7Cfpo%7C0%7C1736; _uetsid=70ac830080a711efa9fc9be06d42c5d1; _uetvid=70acc12080a711efa4bbe5908cfb5aee; _clsk=z8aa33%7C1727864211918%7C1%7C0%7Ct.clarity.ms%2Fcollect; MC1=GUID=40944b817c6f43219ea5caba422ead52&HASH=4094&LV=202410&V=4&LU=1727864214076; MS0=5d5a28dc628a46d8918acde28b77f98f
Source: global traffic	HTTP traffic detected: GET /assets/js/index-d961e0b8.js HTTP/1.1Host: apps.microsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/service-worker.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; exp-session-id=b6d0ece2-29a7-4143-931c-d621648d7cb8; ai_user=gPFm7QcR2pV4O/zkZSC6dC\|2024-10-02T10:16:49.985Z; ai_session=KeivHP7d5TFls18euJ+R3i\|1727864209993\|1727864209993; _fbp=fb.1.1727864210794.836094937724409315; _clck=1x4xmda%7C2%7Cfpo%7C0%7C1736; _uetsid=70ac830080a711efa9fc9be06d42c5d1; _uetvid=70acc12080a711efa4bbe5908cfb5aee; _clsk=z8aa33%7C1727864211918%7C1%7C0%7Ct.clarity.ms%2Fcollect; MC1=GUID=40944b817c6f43219ea5caba422ead52&HASH=4094&LV=202410&V=4&LU=1727864214076; MS0=5d5a28dc628a46d8918acde28b77f98f
Source: global traffic	HTTP traffic detected: GET /assets/js/info-card-cf23577c.js HTTP/1.1Host: apps.microsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/service-worker.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; exp-session-id=b6d0ece2-29a7-4143-931c-d621648d7cb8; ai_user=gPFm7QcR2pV4O/zkZSC6dC\|2024-10-02T10:16:49.985Z; ai_session=KeivHP7d5TFls18euJ+R3i\|1727864209993\|1727864209993; _fbp=fb.1.1727864210794.836094937724409315; _clck=1x4xmda%7C2%7Cfpo%7C0%7C1736; _uetsid=70ac830080a711efa9fc9be06d42c5d1; _uetvid=70acc12080a711efa4bbe5908cfb5aee; _clsk=z8aa33%7C1727864211918%7C1%7C0%7Ct.clarity.ms%2Fcollect; MC1=GUID=40944b817c6f43219ea5caba422ead52&HASH=4094&LV=202410&V=4&LU=1727864214076; MS0=5d5a28dc628a46d8918acde28b77f98f
Source: global traffic	HTTP traffic detected: GET /assets/js/info-panel-f1f0caf0.js HTTP/1.1Host: apps.microsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/service-worker.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; exp-session-id=b6d0ece2-29a7-4143-931c-d621648d7cb8; ai_user=gPFm7QcR2pV4O/zkZSC6dC\|2024-10-02T10:16:49.985Z; ai_session=KeivHP7d5TFls18euJ+R3i\|1727864209993\|1727864209993; _fbp=fb.1.1727864210794.836094937724409315; _clck=1x4xmda%7C2%7Cfpo%7C0%7C1736; _uetsid=70ac830080a711efa9fc9be06d42c5d1; _uetvid=70acc12080a711efa4bbe5908cfb5aee; _clsk=z8aa33%7C1727864211918%7C1%7C0%7Ct.clarity.ms%2Fcollect; MC1=GUID=40944b817c6f43219ea5caba422ead52&HASH=4094&LV=202410&V=4&LU=1727864214076; MS0=5d5a28dc628a46d8918acde28b77f98f
Source: global traffic	HTTP traffic detected: GET /hit/?a=event&d=%7B%22action%22%3A%22startup%22%2C%22application%22%3A%22szndesktop%22%2C%22signedhash%22%3A%220%22%2C%22chrv%22%3A48%2C%22che%22%3A48%2C%22chs%22%3A16%2C%22ches%22%3A16%2C%22ie%22%3A1%2C%22osbuild%22%3A19045%2C%22osarch%22%3A9%2C%22chver%22%3A%22117.0.5938.132%22%2C%22ffver%22%3A%22118.0.1%22%2C%22iever%22%3A%2211.00.19041.1%20%28WinBuild.160101.0800%29%22%7D&s=partprog&v=2.1.35&r=-1794028113&u=http://www.seznam.cz&h=B0B7C794-8699-4634-B6F9-24DA47BBD8EF&lsid=1727871011238&lses=1727871002951 HTTP/1.1Host: h.imedia.cz
Source: global traffic	HTTP traffic detected: GET /assets/js/landscape-poster-collection-2d9bcc1d.js HTTP/1.1Host: apps.microsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/service-worker.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; exp-session-id=b6d0ece2-29a7-4143-931c-d621648d7cb8; ai_user=gPFm7QcR2pV4O/zkZSC6dC\|2024-10-02T10:16:49.985Z; ai_session=KeivHP7d5TFls18euJ+R3i\|1727864209993\|1727864209993; _fbp=fb.1.1727864210794.836094937724409315; _clck=1x4xmda%7C2%7Cfpo%7C0%7C1736; _uetsid=70ac830080a711efa9fc9be06d42c5d1; _uetvid=70acc12080a711efa4bbe5908cfb5aee; _clsk=z8aa33%7C1727864211918%7C1%7C0%7Ct.clarity.ms%2Fcollect; MC1=GUID=40944b817c6f43219ea5caba422ead52&HASH=4094&LV=202410&V=4&LU=1727864214076; MS0=5d5a28dc628a46d8918acde28b77f98f
Source: global traffic	HTTP traffic detected: GET /assets/js/language-selector-dialog-b96e2be1.js HTTP/1.1Host: apps.microsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/service-worker.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; exp-session-id=b6d0ece2-29a7-4143-931c-d621648d7cb8; ai_user=gPFm7QcR2pV4O/zkZSC6dC\|2024-10-02T10:16:49.985Z; ai_session=KeivHP7d5TFls18euJ+R3i\|1727864209993\|1727864209993; _fbp=fb.1.1727864210794.836094937724409315; _clck=1x4xmda%7C2%7Cfpo%7C0%7C1736; _uetsid=70ac830080a711efa9fc9be06d42c5d1; _uetvid=70acc12080a711efa4bbe5908cfb5aee; _clsk=z8aa33%7C1727864211918%7C1%7C0%7Ct.clarity.ms%2Fcollect; MC1=GUID=40944b817c6f43219ea5caba422ead52&HASH=4094&LV=202410&V=4&LU=1727864214076; MS0=5d5a28dc628a46d8918acde28b77f98f
Source: global traffic	HTTP traffic detected: GET /assets/js/lottie-player.esm-e4b3d620.js HTTP/1.1Host: apps.microsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/service-worker.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; exp-session-id=b6d0ece2-29a7-4143-931c-d621648d7cb8; ai_user=gPFm7QcR2pV4O/zkZSC6dC\|2024-10-02T10:16:49.985Z; ai_session=KeivHP7d5TFls18euJ+R3i\|1727864209993\|1727864209993; _fbp=fb.1.1727864210794.836094937724409315; _clck=1x4xmda%7C2%7Cfpo%7C0%7C1736; _uetsid=70ac830080a711efa9fc9be06d42c5d1; _uetvid=70acc12080a711efa4bbe5908cfb5aee; _clsk=z8aa33%7C1727864211918%7C1%7C0%7Ct.clarity.ms%2Fcollect; MC1=GUID=40944b817c6f43219ea5caba422ead52&HASH=4094&LV=202410&V=4&LU=1727864214076; MS0=5d5a28dc628a46d8918acde28b77f98f
Source: global traffic	HTTP traffic detected: GET /assets/js/market-collection-service-133bf42f.js HTTP/1.1Host: apps.microsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/service-worker.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; exp-session-id=b6d0ece2-29a7-4143-931c-d621648d7cb8; ai_user=gPFm7QcR2pV4O/zkZSC6dC\|2024-10-02T10:16:49.985Z; ai_session=KeivHP7d5TFls18euJ+R3i\|1727864209993\|1727864209993; _fbp=fb.1.1727864210794.836094937724409315; _clck=1x4xmda%7C2%7Cfpo%7C0%7C1736; _uetsid=70ac830080a711efa9fc9be06d42c5d1; _uetvid=70acc12080a711efa4bbe5908cfb5aee; _clsk=z8aa33%7C1727864211918%7C1%7C0%7Ct.clarity.ms%2Fcollect; MC1=GUID=40944b817c6f43219ea5caba422ead52&HASH=4094&LV=202410&V=4&LU=1727864214076; MS0=5d5a28dc628a46d8918acde28b77f98f
Source: global traffic	HTTP traffic detected: GET /assets/js/movies-724e2e75.js HTTP/1.1Host: apps.microsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/service-worker.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; exp-session-id=b6d0ece2-29a7-4143-931c-d621648d7cb8; ai_user=gPFm7QcR2pV4O/zkZSC6dC\|2024-10-02T10:16:49.985Z; ai_session=KeivHP7d5TFls18euJ+R3i\|1727864209993\|1727864209993; _fbp=fb.1.1727864210794.836094937724409315; _clck=1x4xmda%7C2%7Cfpo%7C0%7C1736; _uetsid=70ac830080a711efa9fc9be06d42c5d1; _uetvid=70acc12080a711efa4bbe5908cfb5aee; _clsk=z8aa33%7C1727864211918%7C1%7C0%7Ct.clarity.ms%2Fcollect; MC1=GUID=40944b817c6f43219ea5caba422ead52&HASH=4094&LV=202410&V=4&LU=1727864214076; MS0=5d5a28dc628a46d8918acde28b77f98f
Source: global traffic	HTTP traffic detected: GET /assets/js/not-found-fa055e11.js HTTP/1.1Host: apps.microsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/service-worker.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; exp-session-id=b6d0ece2-29a7-4143-931c-d621648d7cb8; ai_user=gPFm7QcR2pV4O/zkZSC6dC\|2024-10-02T10:16:49.985Z; ai_session=KeivHP7d5TFls18euJ+R3i\|1727864209993\|1727864209993; _fbp=fb.1.1727864210794.836094937724409315; _clck=1x4xmda%7C2%7Cfpo%7C0%7C1736; _uetsid=70ac830080a711efa9fc9be06d42c5d1; _uetvid=70acc12080a711efa4bbe5908cfb5aee; _clsk=z8aa33%7C1727864211918%7C1%7C0%7Ct.clarity.ms%2Fcollect; MC1=GUID=40944b817c6f43219ea5caba422ead52&HASH=4094&LV=202410&V=4&LU=1727864214076; MS0=5d5a28dc628a46d8918acde28b77f98f
Source: global traffic	HTTP traffic detected: GET /assets/js/play-board-b1b7ae54.js HTTP/1.1Host: apps.microsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/service-worker.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; exp-session-id=b6d0ece2-29a7-4143-931c-d621648d7cb8; ai_user=gPFm7QcR2pV4O/zkZSC6dC\|2024-10-02T10:16:49.985Z; ai_session=KeivHP7d5TFls18euJ+R3i\|1727864209993\|1727864209993; _fbp=fb.1.1727864210794.836094937724409315; _clck=1x4xmda%7C2%7Cfpo%7C0%7C1736; _uetsid=70ac830080a711efa9fc9be06d42c5d1; _uetvid=70acc12080a711efa4bbe5908cfb5aee; _clsk=z8aa33%7C1727864211918%7C1%7C0%7Ct.clarity.ms%2Fcollect; MC1=GUID=40944b817c6f43219ea5caba422ead52&HASH=4094&LV=202410&V=4&LU=1727864214076; MS0=5d5a28dc628a46d8918acde28b77f98f
Source: global traffic	HTTP traffic detected: GET /hit/?a=event&d=%7B%22action%22%3A%22startup%22%2C%22application%22%3A%22szndesktop%22%2C%22signedhash%22%3A%220%22%2C%22chrv%22%3A56%2C%22che%22%3A48%2C%22chs%22%3A16%2C%22ches%22%3A16%2C%22ie%22%3A1%2C%22osbuild%22%3A19045%2C%22osarch%22%3A9%2C%22chver%22%3A%22117.0.5938.132%22%2C%22ffver%22%3A%22118.0.1%22%2C%22iever%22%3A%2211.00.19041.1%20%28WinBuild.160101.0800%29%22%7D&s=partprog&v=2.1.35&r=256494956&u=http://www.seznam.cz&h=B0B7C794-8699-4634-B6F9-24DA47BBD8EF&lsid=1727871017325&lses=1727871011238 HTTP/1.1Host: h.imedia.cz
Source: global traffic	HTTP traffic detected: GET /assets/js/play-board-tester-46874b9b.js HTTP/1.1Host: apps.microsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/service-worker.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; exp-session-id=b6d0ece2-29a7-4143-931c-d621648d7cb8; ai_user=gPFm7QcR2pV4O/zkZSC6dC\|2024-10-02T10:16:49.985Z; ai_session=KeivHP7d5TFls18euJ+R3i\|1727864209993\|1727864209993; _fbp=fb.1.1727864210794.836094937724409315; _clck=1x4xmda%7C2%7Cfpo%7C0%7C1736; _uetsid=70ac830080a711efa9fc9be06d42c5d1; _uetvid=70acc12080a711efa4bbe5908cfb5aee; _clsk=z8aa33%7C1727864211918%7C1%7C0%7Ct.clarity.ms%2Fcollect; MC1=GUID=40944b817c6f43219ea5caba422ead52&HASH=4094&LV=202410&V=4&LU=1727864214076; MS0=5d5a28dc628a46d8918acde28b77f98f
Source: global traffic	HTTP traffic detected: GET /assets/js/product-collection-renderer-92dc7aad.js HTTP/1.1Host: apps.microsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/service-worker.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; exp-session-id=b6d0ece2-29a7-4143-931c-d621648d7cb8; ai_user=gPFm7QcR2pV4O/zkZSC6dC\|2024-10-02T10:16:49.985Z; ai_session=KeivHP7d5TFls18euJ+R3i\|1727864209993\|1727864209993; _fbp=fb.1.1727864210794.836094937724409315; _clck=1x4xmda%7C2%7Cfpo%7C0%7C1736; _uetsid=70ac830080a711efa9fc9be06d42c5d1; _uetvid=70acc12080a711efa4bbe5908cfb5aee; _clsk=z8aa33%7C1727864211918%7C1%7C0%7Ct.clarity.ms%2Fcollect; MC1=GUID=40944b817c6f43219ea5caba422ead52&HASH=4094&LV=202410&V=4&LU=1727864214076; MS0=5d5a28dc628a46d8918acde28b77f98f
Source: global traffic	HTTP traffic detected: GET /assets/js/product-details-e165fa07.js HTTP/1.1Host: apps.microsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/service-worker.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; exp-session-id=b6d0ece2-29a7-4143-931c-d621648d7cb8; ai_user=gPFm7QcR2pV4O/zkZSC6dC\|2024-10-02T10:16:49.985Z; ai_session=KeivHP7d5TFls18euJ+R3i\|1727864209993\|1727864209993; _fbp=fb.1.1727864210794.836094937724409315; _clck=1x4xmda%7C2%7Cfpo%7C0%7C1736; _uetsid=70ac830080a711efa9fc9be06d42c5d1; _uetvid=70acc12080a711efa4bbe5908cfb5aee; _clsk=z8aa33%7C1727864211918%7C1%7C0%7Ct.clarity.ms%2Fcollect; MC1=GUID=40944b817c6f43219ea5caba422ead52&HASH=4094&LV=202410&V=4&LU=1727864214076; MS0=5d5a28dc628a46d8918acde28b77f98f
Source: global traffic	HTTP traffic detected: GET /assets/js/product-review-1e817684.js HTTP/1.1Host: apps.microsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/service-worker.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; exp-session-id=b6d0ece2-29a7-4143-931c-d621648d7cb8; ai_user=gPFm7QcR2pV4O/zkZSC6dC\|2024-10-02T10:16:49.985Z; ai_session=KeivHP7d5TFls18euJ+R3i\|1727864209993\|1727864209993; _fbp=fb.1.1727864210794.836094937724409315; _clck=1x4xmda%7C2%7Cfpo%7C0%7C1736; _uetsid=70ac830080a711efa9fc9be06d42c5d1; _uetvid=70acc12080a711efa4bbe5908cfb5aee; _clsk=z8aa33%7C1727864211918%7C1%7C0%7Ct.clarity.ms%2Fcollect; MC1=GUID=40944b817c6f43219ea5caba422ead52&HASH=4094&LV=202410&V=4&LU=1727864214076; MS0=5d5a28dc628a46d8918acde28b77f98f
Source: global traffic	HTTP traffic detected: GET /assets/js/promo-panel-544f890b.js HTTP/1.1Host: apps.microsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/service-worker.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; exp-session-id=b6d0ece2-29a7-4143-931c-d621648d7cb8; ai_user=gPFm7QcR2pV4O/zkZSC6dC\|2024-10-02T10:16:49.985Z; ai_session=KeivHP7d5TFls18euJ+R3i\|1727864209993\|1727864209993; _fbp=fb.1.1727864210794.836094937724409315; _clck=1x4xmda%7C2%7Cfpo%7C0%7C1736; _uetsid=70ac830080a711efa9fc9be06d42c5d1; _uetvid=70acc12080a711efa4bbe5908cfb5aee; _clsk=z8aa33%7C1727864211918%7C1%7C0%7Ct.clarity.ms%2Fcollect; MC1=GUID=40944b817c6f43219ea5caba422ead52&HASH=4094&LV=202410&V=4&LU=1727864214076; MS0=5d5a28dc628a46d8918acde28b77f98f
Source: global traffic	HTTP traffic detected: GET /assets/js/ratings-reviews-list-5a17d118.js HTTP/1.1Host: apps.microsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/service-worker.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; exp-session-id=b6d0ece2-29a7-4143-931c-d621648d7cb8; ai_user=gPFm7QcR2pV4O/zkZSC6dC\|2024-10-02T10:16:49.985Z; ai_session=KeivHP7d5TFls18euJ+R3i\|1727864209993\|1727864209993; _fbp=fb.1.1727864210794.836094937724409315; _clck=1x4xmda%7C2%7Cfpo%7C0%7C1736; _uetsid=70ac830080a711efa9fc9be06d42c5d1; _uetvid=70acc12080a711efa4bbe5908cfb5aee; _clsk=z8aa33%7C1727864211918%7C1%7C0%7Ct.clarity.ms%2Fcollect; MC1=GUID=40944b817c6f43219ea5caba422ead52&HASH=4094&LV=202410&V=4&LU=1727864214076; MS0=5d5a28dc628a46d8918acde28b77f98f
Source: global traffic	HTTP traffic detected: GET /assets/js/ratings-reviews-summary-abe56846.js HTTP/1.1Host: apps.microsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/service-worker.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; exp-session-id=b6d0ece2-29a7-4143-931c-d621648d7cb8; ai_user=gPFm7QcR2pV4O/zkZSC6dC\|2024-10-02T10:16:49.985Z; ai_session=KeivHP7d5TFls18euJ+R3i\|1727864209993\|1727864209993; _fbp=fb.1.1727864210794.836094937724409315; _clck=1x4xmda%7C2%7Cfpo%7C0%7C1736; _uetsid=70ac830080a711efa9fc9be06d42c5d1; _uetvid=70acc12080a711efa4bbe5908cfb5aee; _clsk=z8aa33%7C1727864211918%7C1%7C0%7Ct.clarity.ms%2Fcollect; MC1=GUID=40944b817c6f43219ea5caba422ead52&HASH=4094&LV=202410&V=4&LU=1727864214076; MS0=5d5a28dc628a46d8918acde28b77f98f
Source: global traffic	HTTP traffic detected: GET /assets/js/related-products-76acf8ee.js HTTP/1.1Host: apps.microsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/service-worker.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; exp-session-id=b6d0ece2-29a7-4143-931c-d621648d7cb8; ai_user=gPFm7QcR2pV4O/zkZSC6dC\|2024-10-02T10:16:49.985Z; ai_session=KeivHP7d5TFls18euJ+R3i\|1727864209993\|1727864209993; _fbp=fb.1.1727864210794.836094937724409315; _clck=1x4xmda%7C2%7Cfpo%7C0%7C1736; _uetsid=70ac830080a711efa9fc9be06d42c5d1; _uetvid=70acc12080a711efa4bbe5908cfb5aee; _clsk=z8aa33%7C1727864211918%7C1%7C0%7Ct.clarity.ms%2Fcollect; MC1=GUID=40944b817c6f43219ea5caba422ead52&HASH=4094&LV=202410&V=4&LU=1727864214076; MS0=5d5a28dc628a46d8918acde28b77f98f
Source: global traffic	HTTP traffic detected: GET /assets/js/report-dialog-8539c0d0.js HTTP/1.1Host: apps.microsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/service-worker.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; exp-session-id=b6d0ece2-29a7-4143-931c-d621648d7cb8; ai_user=gPFm7QcR2pV4O/zkZSC6dC\|2024-10-02T10:16:49.985Z; ai_session=KeivHP7d5TFls18euJ+R3i\|1727864209993\|1727864209993; _fbp=fb.1.1727864210794.836094937724409315; _clck=1x4xmda%7C2%7Cfpo%7C0%7C1736; _uetsid=70ac830080a711efa9fc9be06d42c5d1; _uetvid=70acc12080a711efa4bbe5908cfb5aee; _clsk=z8aa33%7C1727864211918%7C1%7C0%7Ct.clarity.ms%2Fcollect; MC1=GUID=40944b817c6f43219ea5caba422ead52&HASH=4094&LV=202410&V=4&LU=1727864214076; MS0=5d5a28dc628a46d8918acde28b77f98f
Source: global traffic	HTTP traffic detected: GET /assets/js/search-results-9f1dba5f.js HTTP/1.1Host: apps.microsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/service-worker.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; exp-session-id=b6d0ece2-29a7-4143-931c-d621648d7cb8; ai_user=gPFm7QcR2pV4O/zkZSC6dC\|2024-10-02T10:16:49.985Z; ai_session=KeivHP7d5TFls18euJ+R3i\|1727864209993\|1727864209993; _fbp=fb.1.1727864210794.836094937724409315; _clck=1x4xmda%7C2%7Cfpo%7C0%7C1736; _uetsid=70ac830080a711efa9fc9be06d42c5d1; _uetvid=70acc12080a711efa4bbe5908cfb5aee; _clsk=z8aa33%7C1727864211918%7C1%7C0%7Ct.clarity.ms%2Fcollect; MC1=GUID=40944b817c6f43219ea5caba422ead52&HASH=4094&LV=202410&V=4&LU=1727864214076; MS0=5d5a28dc628a46d8918acde28b77f98f
Source: global traffic	HTTP traffic detected: GET /assets/js/search-results-publisher-07f4a6c3.js HTTP/1.1Host: apps.microsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/service-worker.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; exp-session-id=b6d0ece2-29a7-4143-931c-d621648d7cb8; ai_user=gPFm7QcR2pV4O/zkZSC6dC\|2024-10-02T10:16:49.985Z; ai_session=KeivHP7d5TFls18euJ+R3i\|1727864209993\|1727864209993; _fbp=fb.1.1727864210794.836094937724409315; _clck=1x4xmda%7C2%7Cfpo%7C0%7C1736; _uetsid=70ac830080a711efa9fc9be06d42c5d1; _uetvid=70acc12080a711efa4bbe5908cfb5aee; _clsk=z8aa33%7C1727864211918%7C1%7C0%7Ct.clarity.ms%2Fcollect; MC1=GUID=40944b817c6f43219ea5caba422ead52&HASH=4094&LV=202410&V=4&LU=1727864214076; MS0=5d5a28dc628a46d8918acde28b77f98f
Source: global traffic	HTTP traffic detected: GET /assets/js/spacing.styles-7155d2ad.js HTTP/1.1Host: apps.microsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/service-worker.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; exp-session-id=b6d0ece2-29a7-4143-931c-d621648d7cb8; ai_user=gPFm7QcR2pV4O/zkZSC6dC\|2024-10-02T10:16:49.985Z; ai_session=KeivHP7d5TFls18euJ+R3i\|1727864209993\|1727864209993; _fbp=fb.1.1727864210794.836094937724409315; _clck=1x4xmda%7C2%7Cfpo%7C0%7C1736; _uetsid=70ac830080a711efa9fc9be06d42c5d1; _uetvid=70acc12080a711efa4bbe5908cfb5aee; _clsk=z8aa33%7C1727864211918%7C1%7C0%7Ct.clarity.ms%2Fcollect; MC1=GUID=40944b817c6f43219ea5caba422ead52&HASH=4094&LV=202410&V=4&LU=1727864214076; MS0=5d5a28dc628a46d8918acde28b77f98f
Source: global traffic	HTTP traffic detected: GET /assets/js/spotlight-card-d6cf8e19.js HTTP/1.1Host: apps.microsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/service-worker.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; exp-session-id=b6d0ece2-29a7-4143-931c-d621648d7cb8; ai_user=gPFm7QcR2pV4O/zkZSC6dC\|2024-10-02T10:16:49.985Z; ai_session=KeivHP7d5TFls18euJ+R3i\|1727864209993\|1727864209993; _fbp=fb.1.1727864210794.836094937724409315; _clck=1x4xmda%7C2%7Cfpo%7C0%7C1736; _uetsid=70ac830080a711efa9fc9be06d42c5d1; _uetvid=70acc12080a711efa4bbe5908cfb5aee; _clsk=z8aa33%7C1727864211918%7C1%7C0%7Ct.clarity.ms%2Fcollect; MC1=GUID=40944b817c6f43219ea5caba422ead52&HASH=4094&LV=202410&V=4&LU=1727864214076; MS0=5d5a28dc628a46d8918acde28b77f98f
Source: global traffic	HTTP traffic detected: GET /assets/js/spotlight-control-43a365a0.js HTTP/1.1Host: apps.microsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/service-worker.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; exp-session-id=b6d0ece2-29a7-4143-931c-d621648d7cb8; ai_user=gPFm7QcR2pV4O/zkZSC6dC\|2024-10-02T10:16:49.985Z; ai_session=KeivHP7d5TFls18euJ+R3i\|1727864209993\|1727864209993; _fbp=fb.1.1727864210794.836094937724409315; _clck=1x4xmda%7C2%7Cfpo%7C0%7C1736; _uetsid=70ac830080a711efa9fc9be06d42c5d1; _uetvid=70acc12080a711efa4bbe5908cfb5aee; _clsk=z8aa33%7C1727864211918%7C1%7C0%7Ct.clarity.ms%2Fcollect; MC1=GUID=40944b817c6f43219ea5caba422ead52&HASH=4094&LV=202410&V=4&LU=1727864214076; MS0=5d5a28dc628a46d8918acde28b77f98f
Source: global traffic	HTTP traffic detected: GET /assets/js/subscript-199a50ce.js HTTP/1.1Host: apps.microsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/service-worker.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; exp-session-id=b6d0ece2-29a7-4143-931c-d621648d7cb8; ai_user=gPFm7QcR2pV4O/zkZSC6dC\|2024-10-02T10:16:49.985Z; ai_session=KeivHP7d5TFls18euJ+R3i\|1727864209993\|1727864209993; _fbp=fb.1.1727864210794.836094937724409315; _clck=1x4xmda%7C2%7Cfpo%7C0%7C1736; _uetsid=70ac830080a711efa9fc9be06d42c5d1; _uetvid=70acc12080a711efa4bbe5908cfb5aee; _clsk=z8aa33%7C1727864211918%7C1%7C0%7Ct.clarity.ms%2Fcollect; MC1=GUID=40944b817c6f43219ea5caba422ead52&HASH=4094&LV=202410&V=4&LU=1727864214076; MS0=5d5a28dc628a46d8918acde28b77f98f
Source: global traffic	HTTP traffic detected: GET /assets/js/system-requirements-7f350381.js HTTP/1.1Host: apps.microsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/service-worker.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; exp-session-id=b6d0ece2-29a7-4143-931c-d621648d7cb8; ai_user=gPFm7QcR2pV4O/zkZSC6dC\|2024-10-02T10:16:49.985Z; ai_session=KeivHP7d5TFls18euJ+R3i\|1727864209993\|1727864209993; _fbp=fb.1.1727864210794.836094937724409315; _clck=1x4xmda%7C2%7Cfpo%7C0%7C1736; _uetsid=70ac830080a711efa9fc9be06d42c5d1; _uetvid=70acc12080a711efa4bbe5908cfb5aee; _clsk=z8aa33%7C1727864211918%7C1%7C0%7Ct.clarity.ms%2Fcollect; MC1=GUID=40944b817c6f43219ea5caba422ead52&HASH=4094&LV=202410&V=4&LU=1727864214076; MS0=5d5a28dc628a46d8918acde28b77f98f
Source: global traffic	HTTP traffic detected: GET /assets/js/tencent-4e399fb0.js HTTP/1.1Host: apps.microsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/service-worker.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; exp-session-id=b6d0ece2-29a7-4143-931c-d621648d7cb8; ai_user=gPFm7QcR2pV4O/zkZSC6dC\|2024-10-02T10:16:49.985Z; ai_session=KeivHP7d5TFls18euJ+R3i\|1727864209993\|1727864209993; _fbp=fb.1.1727864210794.836094937724409315; _clck=1x4xmda%7C2%7Cfpo%7C0%7C1736; _uetsid=70ac830080a711efa9fc9be06d42c5d1; _uetvid=70acc12080a711efa4bbe5908cfb5aee; _clsk=z8aa33%7C1727864211918%7C1%7C0%7Ct.clarity.ms%2Fcollect; MC1=GUID=40944b817c6f43219ea5caba422ead52&HASH=4094&LV=202410&V=4&LU=1727864214076; MS0=5d5a28dc628a46d8918acde28b77f98f
Source: global traffic	HTTP traffic detected: GET /assets/js/trending-collection-dc56edd4.js HTTP/1.1Host: apps.microsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/service-worker.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; exp-session-id=b6d0ece2-29a7-4143-931c-d621648d7cb8; ai_user=gPFm7QcR2pV4O/zkZSC6dC\|2024-10-02T10:16:49.985Z; ai_session=KeivHP7d5TFls18euJ+R3i\|1727864209993\|1727864209993; _fbp=fb.1.1727864210794.836094937724409315; _clck=1x4xmda%7C2%7Cfpo%7C0%7C1736; _uetsid=70ac830080a711efa9fc9be06d42c5d1; _uetvid=70acc12080a711efa4bbe5908cfb5aee; _clsk=z8aa33%7C1727864211918%7C1%7C0%7Ct.clarity.ms%2Fcollect; MC1=GUID=40944b817c6f43219ea5caba422ead52&HASH=4094&LV=202410&V=4&LU=1727864214076; MS0=5d5a28dc628a46d8918acde28b77f98f
Source: global traffic	HTTP traffic detected: GET /assets/js/video-player-aab5351f.js HTTP/1.1Host: apps.microsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/service-worker.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; exp-session-id=b6d0ece2-29a7-4143-931c-d621648d7cb8; ai_user=gPFm7QcR2pV4O/zkZSC6dC\|2024-10-02T10:16:49.985Z; ai_session=KeivHP7d5TFls18euJ+R3i\|1727864209993\|1727864209993; _fbp=fb.1.1727864210794.836094937724409315; _clck=1x4xmda%7C2%7Cfpo%7C0%7C1736; _uetsid=70ac830080a711efa9fc9be06d42c5d1; _uetvid=70acc12080a711efa4bbe5908cfb5aee; _clsk=z8aa33%7C1727864211918%7C1%7C0%7Ct.clarity.ms%2Fcollect; MC1=GUID=40944b817c6f43219ea5caba422ead52&HASH=4094&LV=202410&V=4&LU=1727864214076; MS0=5d5a28dc628a46d8918acde28b77f98f
Source: global traffic	HTTP traffic detected: GET /assets/js/visual-info-panel-112e17cc.js HTTP/1.1Host: apps.microsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/service-worker.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; exp-session-id=b6d0ece2-29a7-4143-931c-d621648d7cb8; ai_user=gPFm7QcR2pV4O/zkZSC6dC\|2024-10-02T10:16:49.985Z; ai_session=KeivHP7d5TFls18euJ+R3i\|1727864209993\|1727864209993; _fbp=fb.1.1727864210794.836094937724409315; _clck=1x4xmda%7C2%7Cfpo%7C0%7C1736; _uetsid=70ac830080a711efa9fc9be06d42c5d1; _uetvid=70acc12080a711efa4bbe5908cfb5aee; _clsk=z8aa33%7C1727864211918%7C1%7C0%7Ct.clarity.ms%2Fcollect; MC1=GUID=40944b817c6f43219ea5caba422ead52&HASH=4094&LV=202410&V=4&LU=1727864214076; MS0=5d5a28dc628a46d8918acde28b77f98f
Source: global traffic	HTTP traffic detected: GET /assets/js/wide-info-card-9b21aa9e.js HTTP/1.1Host: apps.microsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/service-worker.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; exp-session-id=b6d0ece2-29a7-4143-931c-d621648d7cb8; ai_user=gPFm7QcR2pV4O/zkZSC6dC\|2024-10-02T10:16:49.985Z; ai_session=KeivHP7d5TFls18euJ+R3i\|1727864209993\|1727864209993; _fbp=fb.1.1727864210794.836094937724409315; _clck=1x4xmda%7C2%7Cfpo%7C0%7C1736; _uetsid=70ac830080a711efa9fc9be06d42c5d1; _uetvid=70acc12080a711efa4bbe5908cfb5aee; _clsk=z8aa33%7C1727864211918%7C1%7C0%7Ct.clarity.ms%2Fcollect; MC1=GUID=40944b817c6f43219ea5caba422ead52&HASH=4094&LV=202410&V=4&LU=1727864214076; MS0=5d5a28dc628a46d8918acde28b77f98f
Source: global traffic	HTTP traffic detected: GET /baidu_verify_codeva-7XwzFsIV37.html HTTP/1.1Host: apps.microsoft.comConnection: keep-alivePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/service-worker.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; exp-session-id=b6d0ece2-29a7-4143-931c-d621648d7cb8; ai_user=gPFm7QcR2pV4O/zkZSC6dC\|2024-10-02T10:16:49.985Z; ai_session=KeivHP7d5TFls18euJ+R3i\|1727864209993\|1727864209993; _fbp=fb.1.1727864210794.836094937724409315; _clck=1x4xmda%7C2%7Cfpo%7C0%7C1736; _uetsid=70ac830080a711efa9fc9be06d42c5d1; _uetvid=70acc12080a711efa4bbe5908cfb5aee; _clsk=z8aa33%7C1727864211918%7C1%7C0%7Ct.clarity.ms%2Fcollect; MC1=GUID=40944b817c6f43219ea5caba422ead52&HASH=4094&LV=202410&V=4&LU=1727864214076; MS0=5d5a28dc628a46d8918acde28b77f98f
Source: global traffic	HTTP traffic detected: GET /bing-bat.js HTTP/1.1Host: apps.microsoft.comConnection: keep-alivePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/service-worker.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; exp-session-id=b6d0ece2-29a7-4143-931c-d621648d7cb8; ai_user=gPFm7QcR2pV4O/zkZSC6dC\|2024-10-02T10:16:49.985Z; ai_session=KeivHP7d5TFls18euJ+R3i\|1727864209993\|1727864209993; _fbp=fb.1.1727864210794.836094937724409315; _clck=1x4xmda%7C2%7Cfpo%7C0%7C1736; _uetsid=70ac830080a711efa9fc9be06d42c5d1; _uetvid=70acc12080a711efa4bbe5908cfb5aee; _clsk=z8aa33%7C1727864211918%7C1%7C0%7Ct.clarity.ms%2Fcollect; MC1=GUID=40944b817c6f43219ea5caba422ead52&HASH=4094&LV=202410&V=4&LU=1727864214076; MS0=5d5a28dc628a46d8918acde28b77f98f
Source: global traffic	HTTP traffic detected: GET /crx/blobs/AY4GWKDQIk_LzFaPKkVeG5kjrY2DSnx9vAOISkAQOoUiB7UAr3ctR1HE3o70iDC7T1ZWF5lMEcB1tpSB3Nz2v6hUR5ioHSyOWNrjqmubSP1Sq4lVK1emAMZSmuV73iDI0_0bj6Ca_uMOmBP187AlKQ/OLFEABKOENFAOLJNDFECAMGILLLCPIAK_6_0_11_0.crx HTTP/1.1Host: clients2.googleusercontent.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /clarity.js HTTP/1.1Host: apps.microsoft.comConnection: keep-alivePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/service-worker.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; exp-session-id=b6d0ece2-29a7-4143-931c-d621648d7cb8; ai_user=gPFm7QcR2pV4O/zkZSC6dC\|2024-10-02T10:16:49.985Z; ai_session=KeivHP7d5TFls18euJ+R3i\|1727864209993\|1727864209993; _fbp=fb.1.1727864210794.836094937724409315; _clck=1x4xmda%7C2%7Cfpo%7C0%7C1736; _uetsid=70ac830080a711efa9fc9be06d42c5d1; _uetvid=70acc12080a711efa4bbe5908cfb5aee; _clsk=z8aa33%7C1727864211918%7C1%7C0%7Ct.clarity.ms%2Fcollect; MC1=GUID=40944b817c6f43219ea5caba422ead52&HASH=4094&LV=202410&V=4&LU=1727864214076; MS0=5d5a28dc628a46d8918acde28b77f98f
Source: global traffic	HTTP traffic detected: GET /color-worker.js HTTP/1.1Host: apps.microsoft.comConnection: keep-alivePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/service-worker.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; exp-session-id=b6d0ece2-29a7-4143-931c-d621648d7cb8; ai_user=gPFm7QcR2pV4O/zkZSC6dC\|2024-10-02T10:16:49.985Z; ai_session=KeivHP7d5TFls18euJ+R3i\|1727864209993\|1727864209993; _fbp=fb.1.1727864210794.836094937724409315; _clck=1x4xmda%7C2%7Cfpo%7C0%7C1736; _uetsid=70ac830080a711efa9fc9be06d42c5d1; _uetvid=70acc12080a711efa4bbe5908cfb5aee; _clsk=z8aa33%7C1727864211918%7C1%7C0%7Ct.clarity.ms%2Fcollect; MC1=GUID=40944b817c6f43219ea5caba422ead52&HASH=4094&LV=202410&V=4&LU=1727864214076; MS0=5d5a28dc628a46d8918acde28b77f98f
Source: global traffic	HTTP traffic detected: GET /webstore/inlineinstall/detail/olfeabkoenfaoljndfecamgilllcpiak HTTP/1.1Host: chrome.google.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /offline.html HTTP/1.1Host: apps.microsoft.comConnection: keep-alivePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/service-worker.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; exp-session-id=b6d0ece2-29a7-4143-931c-d621648d7cb8; ai_user=gPFm7QcR2pV4O/zkZSC6dC\|2024-10-02T10:16:49.985Z; ai_session=KeivHP7d5TFls18euJ+R3i\|1727864209993\|1727864209993; _fbp=fb.1.1727864210794.836094937724409315; _clck=1x4xmda%7C2%7Cfpo%7C0%7C1736; _uetsid=70ac830080a711efa9fc9be06d42c5d1; _uetvid=70acc12080a711efa4bbe5908cfb5aee; _clsk=z8aa33%7C1727864211918%7C1%7C0%7Ct.clarity.ms%2Fcollect; MC1=GUID=40944b817c6f43219ea5caba422ead52&HASH=4094&LV=202410&V=4&LU=1727864214076; MS0=5d5a28dc628a46d8918acde28b77f98f
Source: global traffic	HTTP traffic detected: GET /shoelace-dark-2.15.1.css HTTP/1.1Host: apps.microsoft.comConnection: keep-alivePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/service-worker.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; exp-session-id=b6d0ece2-29a7-4143-931c-d621648d7cb8; ai_user=gPFm7QcR2pV4O/zkZSC6dC\|2024-10-02T10:16:49.985Z; ai_session=KeivHP7d5TFls18euJ+R3i\|1727864209993\|1727864209993; _fbp=fb.1.1727864210794.836094937724409315; _clck=1x4xmda%7C2%7Cfpo%7C0%7C1736; _uetsid=70ac830080a711efa9fc9be06d42c5d1; _uetvid=70acc12080a711efa4bbe5908cfb5aee; _clsk=z8aa33%7C1727864211918%7C1%7C0%7Ct.clarity.ms%2Fcollect; MC1=GUID=40944b817c6f43219ea5caba422ead52&HASH=4094&LV=202410&V=4&LU=1727864214076; MS0=5d5a28dc628a46d8918acde28b77f98f
Source: global traffic	HTTP traffic detected: GET /phishinglist/list/v2 HTTP/1.1Host: software.seznam.czConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Origin: chrome-extension://olfeabkoenfaoljndfecamgilllcpiakSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shoelace-light-2.15.1.css HTTP/1.1Host: apps.microsoft.comConnection: keep-alivePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/service-worker.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; exp-session-id=b6d0ece2-29a7-4143-931c-d621648d7cb8; ai_user=gPFm7QcR2pV4O/zkZSC6dC\|2024-10-02T10:16:49.985Z; ai_session=KeivHP7d5TFls18euJ+R3i\|1727864209993\|1727864209993; _fbp=fb.1.1727864210794.836094937724409315; _clck=1x4xmda%7C2%7Cfpo%7C0%7C1736; _uetsid=70ac830080a711efa9fc9be06d42c5d1; _uetvid=70acc12080a711efa4bbe5908cfb5aee; _clsk=z8aa33%7C1727864211918%7C1%7C0%7Ct.clarity.ms%2Fcollect; MC1=GUID=40944b817c6f43219ea5caba422ead52&HASH=4094&LV=202410&V=4&LU=1727864214076; MS0=5d5a28dc628a46d8918acde28b77f98f
Source: global traffic	HTTP traffic detected: GET /vite-index.html HTTP/1.1Host: apps.microsoft.comConnection: keep-alivePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://apps.microsoft.com/service-worker.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: MSCC=NR; exp-session-id=b6d0ece2-29a7-4143-931c-d621648d7cb8; ai_user=gPFm7QcR2pV4O/zkZSC6dC\|2024-10-02T10:16:49.985Z; ai_session=KeivHP7d5TFls18euJ+R3i\|1727864209993\|1727864209993; _fbp=fb.1.1727864210794.836094937724409315; _clck=1x4xmda%7C2%7Cfpo%7C0%7C1736; _uetsid=70ac830080a711efa9fc9be06d42c5d1; _uetvid=70acc12080a711efa4bbe5908cfb5aee; _clsk=z8aa33%7C1727864211918%7C1%7C0%7Ct.clarity.ms%2Fcollect; MC1=GUID=40944b817c6f43219ea5caba422ead52&HASH=4094&LV=202410&V=4&LU=1727864214076; MS0=5d5a28dc628a46d8918acde28b77f98f
Source: global traffic	HTTP traffic detected: GET /phishinglist/list/v2 HTTP/1.1Host: software.seznam.czConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Origin: chrome-extension://olfeabkoenfaoljndfecamgilllcpiakSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9If-None-Match: "0d3d9b65b89032e8640ff38a07a98de029eb2e9846c242e1ee11ffb96f927d03"
Source: global traffic	HTTP traffic detected: GET /crx/blobs/AY4GWKA7rRcfuiuOTi8MMh_yoPCiNMHFVQA6NVDkcJ6zsobnt4zWcbRwYlrOwIINIn3dxpNWaiKHNeuobj12XqBwh5d8WNR7RnSviL81nMFK9aE9MaMvmUFs3QvljNfFE-4AxlKa5T2E6wPqA8HFDB89XXj_lJRRoGXW/BGJPFHPJCGDPPJBGNPNJLLOKBMCDLLIG_6_1_11_0.crx HTTP/1.1Host: clients2.googleusercontent.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /webstore/inlineinstall/detail/bgjpfhpjcgdppjbgnpnjllokbmcdllig HTTP/1.1Host: chrome.google.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /gphotos?action=install&hl=en&gl=ch&brand=GGLA&scrid=AD0E3D47-9B39-483F-83C6-9B8C783457F6&v=(null) HTTP/1.1Accept: /Accept-Encoding: gzipUser-Agent: Google Photos Screensaver 2.0 (gzip)Host: pack.google.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /update/packages.inf HTTP/1.1Host: download.seznam.cz
Source: global traffic	HTTP traffic detected: GET /update/cz.seznam.software.sznsetup-1.2.7-win32.zip HTTP/1.1Host: download.seznam.cz
Source: global traffic	HTTP traffic detected: GET /update/cz.seznam.software.szninstall-1.1.15-win32.zip HTTP/1.1Host: download.seznam.cz
Source: global traffic	HTTP traffic detected: GET /feeds/posts/default HTTP/1.1Accept: /Accept-Encoding: gzipUser-Agent: Picasa/3.9.141.255 (gzip)Host: picasa-readme.blogspot.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /support/bin/answer.py?hl=en&answer=93773 HTTP/1.1Accept: text/html, application/xhtml+xml, image/jxr, /Accept-Language: en-CHUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: picasa.google.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /update/packages.inf HTTP/1.1Host: download.seznam.cz
Source: global traffic	HTTP traffic detected: GET /update/cz.seznam.software.lightspeed-1210-12.10.18-win32.zip HTTP/1.1Host: download.seznam.cz
Source: global traffic	HTTP traffic detected: GET /update/cz.seznam.software.libszndesktop-2.1.35-win32.zip HTTP/1.1Host: download.seznam.cz
Source: global traffic	HTTP traffic detected: GET /update/cz.seznam.software.szndesktop-2.0.32-win32.zip HTTP/1.1Host: download.seznam.cz
Source: global traffic	HTTP traffic detected: GET /update/cz.seznam.software.libfoxcub-3.3.8-win32.zip HTTP/1.1Host: download.seznam.cz
Source: global traffic	HTTP traffic detected: GET /update/cz.seznam.software.libfoxcub64-3.3.8-win32.zip HTTP/1.1Host: download.seznam.cz
Source: global traffic	HTTP traffic detected: GET /update/cz.seznam.software.ielisticka3-3.3.5-win32.zip HTTP/1.1Host: download.seznam.cz
Source: global traffic	HTTP traffic detected: GET /update/szn-software-fflisticka-4.0.8-win32.zip HTTP/1.1Host: download.seznam.cz

Source: Picasa3.exe, 00000014.00000002.2593399186.0000000007223000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Minor bugfixes to the text tool, web sync, and virtual albums</span></span></div><div><br /></div></span></span></div><div><br /></div></content><link rel='edit' type='application/atom+xml' href='http://www.blogger.com/feeds/1456569655786168306/posts/default/3576455443803502313'/><link rel='self' type='application/atom+xml' href='http://www.blogger.com/feeds/1456569655786168306/posts/default/3576455443803502313'/><link rel='alternate' type='text/html' href='http://picasa-readme.blogspot.com/2008/10/picasa-30-out-of-beta-build-xxxx.html' title='Picasa 3.0 (out of beta!) -- Build 57.53'/><author><name>Picasa Team</name><uri>http://www.blogger.com/profile/00823187511285450623</uri><email>noreply@blogger.com</email><gd:image rel='http://schemas.google.com/g/2005#thumbnail' width='16' height='16' src='https://img1.blogblog.com/img/b16-rounded.gif'/></author></entry><entry><id>tag:blogger.com,1999:blog-1456569655786168306.post-6597548198970830433</id><published>2008-09-30T16:40:00.000-07:00</published><updated>2008-09-30T16:43:01.938-07:00</updated><category scheme="http://www.blogger.com/atom/ns#" term="autoupdate"/><title type='text'>Build 57.24</title><content type='html'><span style="font-style: italic;">Automatic update for Picasa 3 beta testers.</span><br /><br />Changes in this release are:<br /><ul><li>Bug fixes.</li><li>Updated RAW support for more cameras including: Canon 1000D and the Powershot A720, Nikon D700, and Olympus E-520.<br /></li><li>Increased YouTube file size upload limit to 1GB.<br /></li></ul>Visit our <a href="http://groups.google.com/group/picasa">Google Group</a> to give us feedback, and discuss Picasa with other users.</content><link rel='edit' type='application/atom+xml' href='http://www.blogger.com/feeds/1456569655786168306/posts/default/6597548198970830433'/><link rel='self' type='application/atom+xml' href='http://www.blogger.com/feeds/1456569655786168306/posts/default/6597548198970830433'/><link rel='alternate' type='text/html' href='http://picasa-readme.blogspot.com/2008/09/build-5724.html' title='Build 57.24'/><author><name>Picasa Team</name><uri>http://www.blogger.com/profile/00823187511285450623</uri><email>noreply@blogger.com</email><gd:image rel='http://schemas.google.com/g/2005#thumbnail' width='16' height='16' src='https://img1.blogblog.com/img/b16-rounded.gif'/></author></entry><entry><id>tag:blogger.com,1999:blog-1456569655786168306.post-1237605142260003533</id><published>2008-09-02T12:00:00.000-07:00</published><updated>2008-10-29T16:15:59.995-07:00</updated><title type='text'>Picasa 3.0 (beta) -- Build 57.19</title><content type='html'><span class="Apple-style-span" style="font-style: italic;">Initial public beta release of Picasa 3.0. equals www.youtube.com (Youtube)
Source: Picasa3.exe, 00000014.00000002.2593399186.0000000007223000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: </content><link rel='edit' type='application/atom+xml' href='http://www.blogger.com/feeds/1456569655786168306/posts/default/2231948156028307071'/><link rel='self' type='application/atom+xml' href='http://www.blogger.com/feeds/1456569655786168306/posts/default/2231948156028307071'/><link rel='alternate' type='text/html' href='http://picasa-readme.blogspot.com/2012/04/picasa-3.html' title='Picasa 3.9: Now with Google+ sharing and tagging'/><author><name>Picasa Team</name><uri>http://www.blogger.com/profile/00823187511285450623</uri><email>noreply@blogger.com</email><gd:image rel='http://schemas.google.com/g/2005#thumbnail' width='16' height='16' src='https://img1.blogblog.com/img/b16-rounded.gif'/></author><media:thumbnail xmlns:media="http://search.yahoo.com/mrss/" url="https://lh5.googleusercontent.com/torawRKsQC9zYeAfBTnwj0vDXOgZc_h0dLzbT9cuJHTARJVy8hKIualz1K6Eyxrk5N0BqzOcE0q033Bobgt1A4ugxIGsBqnvlYQG1zqx4F28kqDOzhg=s72-c" height="72" width="72"/></entry><entry><id>tag:blogger.com,1999:blog-1456569655786168306.post-1272700194270571942</id><published>2010-10-20T13:09:00.000-07:00</published><updated>2010-10-20T21:45:11.829-07:00</updated><title type='text'>Picasa 3.8 now available in 38 languages</title><content type='html'>People around the world can now enjoy the updates in Picasa 3.8. The latest Picasa update is now available in 38 languages. This update includes; batch uploading and other synchronization controls with Picasa Web Albums, the addition of Picnik's photo-editor, Face Movie and more. Face Movie is a fun way to showcase photos centered around one person. <br /> equals www.yahoo.com (Yahoo)
Source: Picasa3.exe, 00000014.00000002.2593399186.0000000007223000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Feedback and questions are also welcome in our <a href="http://groups.google.com/group/Picasa">forums</a>.</span></span></div><br /><br /><object width="425" height="344"><param name="movie" value="http://www.youtube.com/v/rskC6c_5L1M&amp;hl=en&amp;fs=1"><param name="allowFullScreen" value="true"><param name="allowscriptaccess" value="always"><embed src="http://www.youtube.com/v/rskC6c_5L1M&amp;hl=en&amp;fs=1" type="application/x-shockwave-flash" allowscriptaccess="always" allowfullscreen="true" width="425" height="344"></embed></object><br /><br /><div><span class="Apple-style-span" style="color: rgb(51, 51, 51); ">A brief summary of changes in this release, versus Picasa 2:</span><br /></div><div><span class="Apple-style-span" style="font-size:small;"><span class="Apple-style-span" style="color: rgb(51, 51, 51);"><br /></span></span></div><div><span class="Apple-style-span" style="line-height: 20px; "><div><span class="Apple-style-span" style="font-weight: bold; "><span class="Apple-style-span" style="font-size:small;"><span class="Apple-style-span" style="color: rgb(51, 51, 51);">Better integration between desktop and the web</span></span></span></div><div><span class="Apple-style-span" style="font-size:small;"><span class="Apple-style-span" style="color: rgb(51, 51, 51);"> equals www.youtube.com (Youtube)
Source: Picasa3.exe, 00000014.00000002.2593399186.000000000716B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Feedback and questions are also welcome in our <a href="http://groups.google.com/group/Picasa">forums</a>.</span></span></div><br /><br /><object width="425" height="344"><param name="movie" value="http://www.youtube.com/v/rskC6c_5L1M&hl=en&fs=1"><param name="allowFullScreen" value="true"><param name="allowscriptaccess" value="always"><embed src="http://www.youtube.com/v/rskC6c_5L1M&hl=en&fs=1" type="application/x-shockwave-flash" allowscriptaccess="always" allowfullscreen="true" width="425" height="344"></embed></object><br /><br /><div><span class="Apple-style-span" style="color: rgb(51, 51, 51); ">A brief summary of changes in this release, versus Picasa 2:</span><br /></div><div><span class="Apple-style-span" style="font-size:small;"><span class="Apple-style-span" style="color: rgb(51, 51, 51);"><br /></span></span></div><div><span class="Apple-style-span" style="line-height: 20px; "><div><span class="Apple-style-span" style="font-weight: bold; "><span class="Apple-style-span" style="font-size:small;"><span class="Apple-style-span" style="color: rgb(51, 51, 51);">Better integration between desktop and the web</span></span></span></div><div><span class="Apple-style-span" style="font-size:small;"><span class="Apple-style-span" style="color: rgb(51, 51, 51);"> equals www.youtube.com (Youtube)
Source: GPhotos.scr, 00000011.00000000.1542724484.000000000062E000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: Fgaiahttps://www.google.com/accounts/OAuthLoginhttps://picasaweb.google.com/c/https://www.google.com/m8/feeds/https://mail.google.com/http://gdata.youtube.comhttps://www.googleapis.com/auth/plus.settingshttps://www.googleapis.com/auth/plus.media.readonlyhttps://www.googleapis.com/auth/plus.media.uploadhttps://www.googleapis.com/auth/plus.mehttps://www.googleapis.com/auth/plus.profiles.readhttps://www.googleapis.com/auth/plus.circles.readhttps://www.googleapis.com/auth/plus.stream.writehttps://www.googleapis.com/auth/photoshttps://www.googleapis.com/auth/userinfo%23emailhttps://www.google.comGaiaUrlwebupdatesoauthloginyoutubeplus.settingsplus.media.readonlyplus.media.uploadplus.meplus.profiles.readplus.circles.readplus.firstpartyplus.stream.writemailrelaycp.managercplh2mailThis account is not enabled for Google Photos.Gaia:NoPWAThis account is not enabled for Google+Gaia::NoGPlusYou are not signed up for a Gmail AccountGaia::NoGmailYou are either not signed up for YouTube or your YouTube account is not connected to your Google accountGaia::NoYouTubeYou are not signed up for this serviceGaia::NoServicehttps://picasaweb.google.com/lh/picasaSignupRedirhttps://plus.google.com/https://www.google.com/accounts/NewAccount?service=mailhttps://www.youtube.com/create_channel?upsell=uploadPUTHEADPOSTGET%s: %sContent-encodinggzipGZip detected- inflatingFailed to inflate GZip dataFailed to inflate GZIP dataContent-typeimageReceived response: equals www.youtube.com (Youtube)
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: Fgaiahttps://www.google.com/accounts/OAuthLoginhttps://picasaweb.google.com/c/https://www.google.com/m8/feeds/https://mail.google.com/https://www.googleapis.com/auth/plus.settingshttps://www.googleapis.com/auth/plus.media.readonlyhttps://www.googleapis.com/auth/plus.media.uploadhttps://www.googleapis.com/auth/plus.mehttps://www.googleapis.com/auth/plus.profiles.readhttps://www.googleapis.com/auth/plus.circles.readhttps://www.googleapis.com/auth/plus.stream.writehttps://www.googleapis.com/auth/photoshttps://www.googleapis.com/auth/userinfo%23emailhttps://www.google.comGaiaUrlwebupdatesoauthloginplus.settingsplus.media.readonlyplus.media.uploadplus.meplus.profiles.readplus.circles.readplus.firstpartyplus.stream.writemailrelaycp.managercplh2mailThis account is not enabled for Google Photos.Gaia:NoPWAThis account is not enabled for Google+Gaia::NoGPlusYou are not signed up for a Gmail AccountGaia::NoGmailYou are either not signed up for YouTube or your YouTube account is not connected to your Google accountGaia::NoYouTubeYou are not signed up for this serviceGaia::NoServicehttps://picasaweb.google.com/lh/picasaSignupRedirhttps://plus.google.com/https://www.google.com/accounts/NewAccount?service=mailhttps://www.youtube.com/create_channel?upsell=upload%3B%3A%25%disable_contact_sync{id}https://picasaweb.google.com/data/urls?version=1&alt=rss{username}Software\Google\Photos%s URL not foundLighthouse::urlerrorgphoto:settingsgphoto:syncgphoto:uploadgphoto:quotalimitpaidgphoto:etaggphoto:frOptinOptedOutUndecided&gl=%sFailed to parse URL listLHUrls::ParseErrorLDomain://lh::userpostemailAlbumrecentCommentsgalleryalbumPagealbum_entryphotoPageupgradeStoragehttps://photos.google.comvideoPostTargetresumableVideoUploadUrlupgradeVideoemailRelayupdateRequiredGoogle Photos is temporarily unavailableLighthouse::ServiceUnavailableESWeb Albums is temporarily unavailableLighthouse::ServiceUnavailablelhpicasaweb.google.comlh2.google.comphotos.google.com/feed/entry//feed/?alt=rss equals www.youtube.com (Youtube)
Source: Picasa3.exe, 00000014.00000002.2506191744.0000000004241000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: In addition, the Photo Viewer software that accompanies Picasa 3 on Windows is not included on the Mac.</div><div><br /></div><div>Picasa for Mac requires an Intel-based Mac and Mac OS X 10.4+.</div><div><br /></div><div>We'd like to hear your feedback on this beta -- please visit our <a href="http://www.google.com/support/forum/p/Picasa?hl=en">support forum</a> and let us know how Picasa works for you, and how we can make it better.</div><div><br /></div><div><span class="Apple-style-span" style="border-collapse: separate; white-space: pre; font-family:Arial;font-size:10px;"><object width="425" height="344"><param name="movie" value="http://www.youtube.com/v/NDKFjc3_wrk&hl=en&fs=1"><param name="allowFullScreen" value="true"><param name="allowscriptaccess" value="always"><embed src="http://www.youtube.com/v/NDKFjc3_wrk&hl=en&fs=1" type="application/x-shockwave-flash" allowscriptaccess="always" allowfullscreen="true" width="425" height="344"></embed></object></span><br /></div><div><br /></div></span> equals www.youtube.com (Youtube)
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: K<style><!--span{width: 220px; height: 20px; white-space:nowrap; overflow:hidden; text-overflow:ellipsis} body,td,a,p,.h{background-color: #F3F3F3;font-family:arial,sans-serif;font-size: 14px;}.h{font-size: 20px;}.q{color:#0000cc;}//--></style><meta http-equiv='refresh' content='60'><style><!--body,td,a,p,.h{background-color: #EFEFEF;font-family:arial,sans-serif;font-size: 14px;}.h{font-size: 20px;}.q{color:#0000cc;}//--></style><html><head>%s<body topmargin=20 leftmargin=8><html><head>%s<body topmargin=4 leftmargin=4><form action=search><input size=45 maxLength=256 name=q><input type=submit value='Picasa Search'></form><html><head>%s<body topmargin=20 leftmargin=20><form action=search><input size=55 maxLength=256 name=q><input type=submit value='Picasa Search'></form>OkytSocketytHTTPdimage/jpegimagedbidhttp://%s/%s/thumb/%s.jpghttp://%s/%s/image/%s.jpghttp://%s/%s/original/%s<?xml version="1.0" encoding="utf-8" ?>rss2.0versionhttp://www.pheed.com/pheed/xmlns:photohttp://search.yahoo.com/msrss/xmlns:mediahttp://picasaweb.google.com/lh/picasaweb/xmlns:gphotochanneltitlelinkgphoto:usergphoto:idgphoto:locationpicasa:dbidpicasa:albumidhttp://%s/%s/album%d.htmlhttp://%s/%s/rssalbum%d.rssitempubDategphoto:filenamepubdategphoto:rsslinkgphoto:widthgphoto:heightphoto:thumbnailphoto:imgsrcmedia:groupmedia:contenturltrueisDefaultmedia:thumbnailfileSizetype, equals www.yahoo.com (Yahoo)
Source: Picasa3.exe, 00000014.00000002.2586100840.0000000006F6F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: We're happy to announce the launch of Picasa 3.5, the latest release of Picasa photo management software. If you don't want to wait until we autoupdate everyone to Picasa 3.5, you can download it at <a href="http://picasa.google.com/">picasa.google.com</a>.<br /><br />This ReadMe page appears when a new version of Picasa software is available, and tells you what changes and improvements are in each release.<br /><br />Picasa 3.5 is a significant upgrade from Picasa 3.1. For an in-depth overview of what's new, you can play the video below, read our launch post on the <a href="http://googlephotos.blogspot.com/">Google Photos blog</a>, or consult the "<a href="http://picasa.google.com/support/bin/answer.py?answer=93773&ctx=readme">Picasa 3 New Features</a>" support document. Feedback and questions are also welcome in our <a href="http://groups.google.com/group/Picasa">user forums</a>.<br /><br /><object width="560" height="340"><param name="movie" value="http://www.youtube.com/v/gYO2uhrIZJ4&hl=en& equals www.youtube.com (Youtube)
Source: Picasa3.exe, 00000014.00000002.2506191744.0000000004241000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: We're happy to announce the launch of Picasa 3.5, the latest release of Picasa photo management software. If you don't want to wait until we autoupdate everyone to Picasa 3.5, you can download it at <a href="http://picasa.google.com/">picasa.google.com</a>.<br /><br />This ReadMe page appears when a new version of Picasa software is available, and tells you what changes and improvements are in each release.<br /><br />Picasa 3.5 is a significant upgrade from Picasa 3.1. For an in-depth overview of what's new, you can play the video below, read our launch post on the <a href="http://googlephotos.blogspot.com/">Google Photos blog</a>, or consult the "<a href="http://picasa.google.com/support/bin/answer.py?answer=93773&ctx=readme">Picasa 3 New Features</a>" support document. Feedback and questions are also welcome in our <a href="http://groups.google.com/group/Picasa">user forums</a>.<br /><br /><object width="560" height="340"><param name="movie" value="http://www.youtube.com/v/gYO2uhrIZJ4&hl=en&fs=1 equals www.youtube.com (Youtube)
Source: Picasa3.exe, 00000014.00000002.2506191744.0000000004241000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: We're happy to announce the launch of Picasa 3.5, the latest release of Picasa photo management software. If you don't want to wait until we autoupdate everyone to Picasa 3.5, you can download it at <a href="http://picasa.google.com/">picasa.google.com</a>.<br /><br />This ReadMe page appears when a new version of Picasa software is available, and tells you what changes and improvements are in each release.<br /><br />Picasa 3.5 is a significant upgrade from Picasa 3.1. For an in-depth overview of what's new, you can play the video below, read our launch post on the <a href="http://googlephotos.blogspot.com/">Google Photos blog</a>, or consult the "<a href="http://picasa.google.com/support/bin/answer.py?answer=93773&ctx=readme">Picasa 3 New Features</a>" support document. Feedback and questions are also welcome in our <a href="http://groups.google.com/group/Picasa">user forums</a>.<br /><br /><object width="560" height="340"><param name="movie" value="http://www.youtube.com/v/gYO2uhrIZJ4&hl=en&fs=1&rel=0&hd=1"><param name="allowFullScreen" value="true"><param name="allowscriptaccess" value="always"><embed src="http://www.youtube.com/v/gYO2uhrIZJ4&hl=en&fs=1&rel=0&hd=1" type="application/x-shockwave-flash" allowscriptaccess="always" allowfullscreen="true" width="560" height="340"></embed></object><br /><br />A brief summary of changes in this release, versus Picasa 3.1:<br /><br /><strong>Name tags</strong><br /><ul><li>Name tags help you organize your photos by what matters most: the people in them.<br /></li><li>Picasa identifies similar faces in your photos and puts these into the "Unnamed people" album. To add a name tag, just click "Add a name" and type the person's name.<br /></li><li>After you've tagged some pictures, you can do creative things with your name tags, like finding all the photos with the same two people in them or creating a face collage with just one click.<br /></li><li> equals www.youtube.com (Youtube)
Source: Picasa3.exe, 00000014.00000002.2506191744.0000000004241000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: We're happy to announce the launch of Picasa 3.5, the latest release of Picasa photo management software. If you don't want to wait until we autoupdate everyone to Picasa 3.5, you can download it at <a href="http://picasa.google.com/">picasa.google.com</a>.<br /><br />This ReadMe page appears when a new version of Picasa software is available, and tells you what changes and improvements are in each release.<br /><br />Picasa 3.5 is a significant upgrade from Picasa 3.1. For an in-depth overview of what's new, you can play the video below, read our launch post on the <a href="http://googlephotos.blogspot.com/">Google Photos blog</a>, or consult the "<a href="http://picasa.google.com/support/bin/answer.py?answer=93773&ctx=readme">Picasa 3 New Features</a>" support document. Feedback and questions are also welcome in our <a href="http://groups.google.com/group/Picasa">user forums</a>.<br /><br /><object width="560" height="340"><param name="movie" value="http://www.youtube.com/v/gYO2uhrIZJ4&hl=en&fs=1&rel=0&hd=1"><param name="allowFullScreen" value="true"><param name="allowscriptaccess" value="always"><embed src="http://www.youtube.com/v/gYO2uhrIZJ4&hl=en&fs=1&rel=0&hd=1" type="application/x-shockwave-flash" allowscriptaccess="always" allowfullscreen="true" width="560" height="340"></embed></object><br /><br />A brief summary of changes in this release, versus Picasa 3.1:<br /><br /><strong>Name tags</strong><br /><ul><li>Name tags help you organize your photos by what matters most: the people in them.<br /></li><li>Picasa identifies similar faces in your photos and puts these into the "Unnamed people" album. To add a name tag, just click "Add a name" and type the person's name.<br /></li><li>After you've tagged some pictures, you can do creative things with your name tags, like finding all the photos with the same two people in them or creating a face collage with just one click.<br /></li><li>x0 equals www.youtube.com (Youtube)
Source: Picasa3.exe, 00000014.00000002.2563942835.0000000006D99000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: aram name="allowscriptaccess" value="always"><embed src="http://www.youtube.com/v/NDKFjc3_wrk&hl=en&fs=1" type="application/x-shockwave-flash" allowscriptaccess="always" allowfullscreen="true" width="425" height="344"></embed></object></span><br /></div><div><br /></div></span> equals www.youtube.com (Youtube)
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000031AA000.00000004.00000020.00020000.00000000.sdmp, setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000035FF000.00000004.00000020.00020000.00000000.sdmp, GPhotos.scr, 00000011.00000000.1542724484.000000000062E000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: https://www.youtube.com/create_channel?upsell=upload equals www.youtube.com (Youtube)
Source: PicasaPhotoViewer.exe, 00000015.00000000.1692209976.000000000070D000.00000002.00000001.01000000.00000019.sdmp	String found in binary or memory: ugp7Dgaiahttps://www.google.com/accounts/OAuthLoginhttps://picasaweb.google.com/c/https://www.google.com/m8/feeds/https://mail.google.com/http://gdata.youtube.comhttps://www.googleapis.com/auth/plus.settingshttps://www.googleapis.com/auth/plus.media.readonlyhttps://www.googleapis.com/auth/plus.media.uploadhttps://www.googleapis.com/auth/plus.mehttps://www.googleapis.com/auth/plus.profiles.readhttps://www.googleapis.com/auth/plus.circles.readhttps://www.googleapis.com/auth/plus.stream.writehttps://www.googleapis.com/auth/photoshttps://www.googleapis.com/auth/userinfo%23emailhttps://www.google.comGaiaUrlwebupdatesoauthloginyoutubeplus.settingsplus.media.readonlyplus.media.uploadplus.meplus.profiles.readplus.circles.readplus.firstpartyplus.stream.writemailrelaycp.managercplh2mailThis account is not enabled for Google Photos.Gaia:NoPWAThis account is not enabled for Google+Gaia::NoGPlusYou are not signed up for a Gmail AccountGaia::NoGmailYou are either not signed up for YouTube or your YouTube account is not connected to your Google accountGaia::NoYouTubeYou are not signed up for this serviceGaia::NoServicehttps://picasaweb.google.com/lh/picasaSignupRedirhttps://plus.google.com/https://www.google.com/accounts/NewAccount?service=mailhttps://www.youtube.com/create_channel?upsell=uploadConnection failedUploadError::ConnectFailedRequest failedUploadError::RequestFailedimageentryreledit-mediahrefalternatetext/htmlcontentsrcpublishedpubDateupdatedgphoto:idgphoto:widthgphoto:heightgphoto:clientgphoto:checksumgphoto:sizemedia:keywordscodeinternalReasonapplication/atom+xml%s/data/feed/api/user/%s/albumid/%s?xmlerrors=1PUT%s/data/feed/api/user/%s?kind=album&access=privatevisible equals www.youtube.com (Youtube)

Source: global traffic	DNS traffic detected: DNS query: pack.google.com
Source: global traffic	DNS traffic detected: DNS query: download.seznam.cz
Source: global traffic	DNS traffic detected: DNS query: picasa.google.com
Source: global traffic	DNS traffic detected: DNS query: picasa-readme.blogspot.com
Source: global traffic	DNS traffic detected: DNS query: support.google.com
Source: global traffic	DNS traffic detected: DNS query: clients2.googleusercontent.com
Source: global traffic	DNS traffic detected: DNS query: lh3.googleusercontent.com
Source: global traffic	DNS traffic detected: DNS query: chrome.cloudflare-dns.com
Source: global traffic	DNS traffic detected: DNS query: apis.google.com
Source: global traffic	DNS traffic detected: DNS query: h.imedia.cz
Source: global traffic	DNS traffic detected: DNS query: sentry.sklik.cz
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: chrome.google.com
Source: global traffic	DNS traffic detected: DNS query: software.seznam.cz
Source: global traffic	DNS traffic detected: DNS query: h.seznam.cz

Source: unknown

HTTP traffic detected: POST /dns-query HTTP/1.1Host: chrome.cloudflare-dns.comConnection: keep-aliveContent-Length: 128Accept: application/dns-messageAccept-Language: *User-Agent: ChromeAccept-Encoding: identityContent-Type: application/dns-message

Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundP3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."Strict-Transport-Security: max-age=31536000; includeSubdomainsContent-Type: text/html; charset=UTF-8Date: Wed, 02 Oct 2024 10:16:36 GMTExpires: Wed, 02 Oct 2024 10:16:36 GMTCache-Control: private, max-age=0Content-Security-Policy-Report-Only: object-src 'none';base-uri 'self';script-src 'nonce-IP6YhjyZ5zH1GbKIYwQC' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' https: http: 'report-sample';report-uri https://csp.withgoogle.com/csp/scfeP3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."X-Content-Type-Options: nosniffServer: support-content-uiX-XSS-Protection: 0X-Frame-Options: SAMEORIGINSet-Cookie: NID=517=6vc2afBzm5gk4mPKuql_mQ3rKSVagR0-666zy5fO9R-BJd9VVHTKac1hL8PYBKfsE7QKQj--ZkI9P2x8fL0XJIMzeE4-wSN0Cx7P3rE203XNog8Dh9kYHu1KGT7J4c_LQKQm2PrvT5_GZStgW-Jm8tj9Ltn_84w_euix-7o-Le3edvPI2Q; expires=Thu, 03-Apr-2025 10:16:36 GMT; path=/; domain=.google.com; HttpOnlySet-Cookie: NID=517=6vc2afBzm5gk4mPKuql_mQ3rKSVagR0-666zy5fO9R-BJd9VVHTKac1hL8PYBKfsE7QKQj--ZkI9P2x8fL0XJIMzeE4-wSN0Cx7P3rE203XNog8Dh9kYHu1KGT7J4c_LQKQm2PrvT5_GZStgW-Jm8tj9Ltn_84w_euix-7o-Le3edvPI2Q; expires=Thu, 03-Apr-2025 10:16:36 GMT; path=/; domain=.google.com; HttpOnlyAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=UTF-8Referrer-Policy: no-referrerContent-Length: 1568Date: Wed, 02 Oct 2024 10:16:02 GMTData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67 3a 33 30 70 78 20 30 20 31 35 70 78 7d 2a 20 3e 20 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 65 72 72 6f 72 73 2f 72 6f 62 6f 74 2e 70 6e 67 29 20 31 30 30 25 20 35 70 78 20 6e 6f 2d 72 65 70 65 61 74 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 32 30 35 70 78 7d 70 7b 6d 61 72 67 69 6e 3a 31 31 70 78 20 30 20 32 32 70 78 3b 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 7d 69 6e 73 7b 63 6f 6c 6f 72 3a 23 37 37 37 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 7d 61 20 69 6d 67 7b 62 6f 72 64 65 72 3a 30 7d 40 6d 65 64 69 61 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 61 78 2d 77 69 64 74 68 3a 37 37 32 70 78 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 6e 6f 6e 65 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 30 3b 6d 61 78 2d 77 69 64 74 68 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 30 7d 7d 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 31 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 6e 6f 2d 72 65 70 65 61 74 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 35 70 78 7d 40 6d 65 64 69 61 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 69 6e 2d 72 65 73 6f 6c 75 74 69 6f 6e 3a 31 39 32 64 70 69 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 32 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20

Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: http://%s/%s/album%d.html
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: http://%s/%s/image/%s.jpg
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: http://%s/%s/rssalbum%d.rss
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: http://%s/%s/thumb/%s.jpg
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: http://%s/%s/thumb/%s.jpghttp://%s/%s/image/%s.jpghttp://%s/%s/original/%s
Source: Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://Picasa.google.com/
Source: Picasa3.exe, 00000014.00000002.2482072226.0000000002E92000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2596878839.000000000862D000.00000004.00000010.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2596878839.000000000863C000.00000004.00000010.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2482072226.0000000002EAA000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000003.2141243034.0000000001215000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000003.2142383735.00000000011D3000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000003.2141243034.0000000001221000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2467205779.00000000011A2000.00000004.00000020.00020000.00000000.sdmp, PicasaPhotoViewer.exe, 00000015.00000000.1692209976.000000000070D000.00000002.00000001.01000000.00000019.sdmp	String found in binary or memory: http://clients2.google.com/service/update2
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: http://clients2.google.com/service/update2omahaURLLifescapeUpdaterupdate
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000029F6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.thawte.com/ThawtePremiumServerCA.crl0
Source: 1a4e5ccd35a56d84281a143f831563be.exe, 0000000F.00000002.2435414779.0000000000414000.00000004.00000001.01000000.00000006.sdmp, setuppicasa39-setup.exe, 00000010.00000002.1664870898.000000000459F000.00000004.00000020.00020000.00000000.sdmp, setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000032A7000.00000004.00000020.00020000.00000000.sdmp, setuppicasa39-setup.exe, 00000010.00000002.1664870898.0000000002E88000.00000004.00000020.00020000.00000000.sdmp, setuppicasa39-setup.exe, 00000010.00000002.1664870898.000000000467E000.00000004.00000020.00020000.00000000.sdmp, setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000029F6000.00000004.00000020.00020000.00000000.sdmp, PicasaPhotoViewer.exe, 00000015.00000003.1750777100.0000000000AF4000.00000004.00000020.00020000.00000000.sdmp, PicasaPhotoViewer.exe, 00000015.00000002.1780753263.0000000003B00000.00000004.00000020.00020000.00000000.sdmp, PicasaPhotoViewer.exe, 00000015.00000003.1775638859.0000000000A66000.00000004.00000020.00020000.00000000.sdmp, UNZIP.EXE, 00000026.00000002.1812336800.0000000000430000.00000040.00000001.01000000.00000020.sdmp, UNZIP.EXE, 00000028.00000002.1816767609.000000000042B000.00000040.00000001.01000000.00000020.sdmp, UNZIP.EXE, 00000058.00000002.2099499225.0000000000428000.00000040.00000001.01000000.00000026.sdmp, CPY.EXE, 0000005C.00000002.2102179386.0000000000B00000.00000004.00000020.00020000.00000000.sdmp, UNZIP.EXE, 0000005D.00000002.2105385323.0000000000428000.00000040.00000001.01000000.00000026.sdmp, CPY.EXE, 00000061.00000002.2108099884.0000000000E09000.00000004.00000020.00020000.00000000.sdmp, CPY.EXE, 00000064.00000002.2115643669.0000000000ECA000.00000004.00000020.00020000.00000000.sdmp, UNZIP.EXE, 00000066.00000002.2120076164.0000000000428000.00000040.00000001.01000000.00000026.sdmp, CPY.EXE, 0000006A.00000002.2122729835.0000000000629000.00000004.00000020.00020000.00000000.sdmp, CPY.EXE, 00000070.00000002.2131296204.0000000000CD9000.00000004.00000020.00020000.00000000.sdmp, sznpp.exe, 0000007C.00000000.2152804918.0000000000BFB000.00000002.00000001.01000000.0000002C.sdmp, UNZIP.EXE, 0000007D.00000002.2173171240.000000000042B000.00000040.00000001.01000000.00000026.sdmp	String found in binary or memory: http://crl.thawte.com/ThawteTimestampingCA.crl0
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000029F6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cs-g2-crl.thawte.com/ThawteCSG2.crl0
Source: Picasa3.exe, 00000014.00000002.2593399186.0000000007244000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.google.com/photos/picasamac38.dmg
Source: Picasa3.exe, 00000014.00000002.2593399186.0000000007223000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.google.com/photos/picasamac38.dmg"><span
Source: Picasa3.exe, 00000014.00000002.2563942835.0000000006D99000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2586100840.0000000006F6F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.google.com/picasa/picasa3-setup.exe
Source: Picasa3.exe, 00000014.00000002.2593399186.0000000007244000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.google.com/picasa/picasa38-setup.exe
Source: Picasa3.exe, 00000014.00000002.2593399186.0000000007223000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dl.google.com/picasa/picasa38-setup.exe"><span
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=6
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: http://earth.google.com
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: http://earth.google.com/kml/2.0
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: http://earth.google.com/kml/2.0xmlnsFolderPicasa
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000031AA000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp, PicasaPhotoViewer.exe, 00000015.00000000.1692209976.000000000070D000.00000002.00000001.01000000.00000019.sdmp	String found in binary or memory: http://earth.google.com/kml/2.1
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000031AA000.00000004.00000020.00020000.00000000.sdmp, PicasaPhotoViewer.exe, 00000015.00000000.1692209976.000000000070D000.00000002.00000001.01000000.00000019.sdmp	String found in binary or memory: http://earth.google.com/kml/2.1xmlnsgphoto:timestampgphoto:starexif:tagsexif:distanceexif:exposureex
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: http://earth.google.comTag
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000035FF000.00000004.00000020.00020000.00000000.sdmp, GPhotos.scr, 00000011.00000000.1542724484.000000000062E000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: http://ericorth.kir.corp.google.com:8888
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000035FF000.00000004.00000020.00020000.00000000.sdmp, GPhotos.scr, 00000011.00000000.1542724484.000000000062E000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: http://ericorth.kir.corp.google.com:8888/gphotos?action=retrconfig&email=/gphotos?action=postconfigr
Source: Picasa3.exe, 00000012.00000000.1604678624.0000000000DF8000.00000002.00000001.01000000.00000012.sdmp, Picasa3.exe, 00000014.00000003.1626531844.00000000040E2000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2599824731.000000001140C000.00000002.00000001.01000000.00000014.sdmp, Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp, Picasa3.exe, 00000014.00000002.2482072226.0000000002EAA000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000003.1626203204.0000000003FB3000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2599824731.000000001000C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://forums.picasa.com/
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000031AA000.00000004.00000020.00020000.00000000.sdmp, setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000035FF000.00000004.00000020.00020000.00000000.sdmp, GPhotos.scr, 00000011.00000000.1542724484.000000000062E000.00000002.00000001.01000000.0000000F.sdmp, Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp, PicasaPhotoViewer.exe, 00000015.00000000.1692209976.000000000070D000.00000002.00000001.01000000.00000019.sdmp	String found in binary or memory: http://gdata.youtube.com
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: http://gdata.youtube.com/schemas/2007
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: http://gdata.youtube.com/schemas/2007/categories.cat
Source: Picasa3.exe, 00000014.00000002.2506191744.0000000004241000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2599824731.000000001140C000.00000002.00000001.01000000.00000014.sdmp, Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp, Picasa3.exe, 00000014.00000003.1626203204.0000000003FB3000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2599824731.000000001000C000.00000002.00000001.01000000.00000014.sdmp, Picasa3.exe, 00000014.00000002.2586100840.0000000006F6F000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2593399186.000000000716B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://googlephotos.blogspot.com/
Source: Picasa3.exe, 00000014.00000002.2593399186.0000000007223000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://googlephotos.blogspot.com/">Google
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: http://googlephotos.blogspot.com/HelpURL::ReadMehttp://picasa.google.com/support/bin/answer.py?answe
Source: Picasa3.exe, 00000014.00000002.2506191744.0000000004241000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2586100840.0000000006F6F000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2593399186.000000000716B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://groups.google.com/group/Picasa
Source: Picasa3.exe, 00000014.00000002.2593399186.0000000007223000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://groups.google.com/group/Picasa">forums</a>.</span></span></div&g
Source: Picasa3.exe, 00000014.00000002.2506191744.0000000004241000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://groups.google.com/group/picasa
Source: Picasa3.exe, 00000014.00000002.2593399186.0000000007223000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://groups.google.com/group/picasa">Google
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.0000000003831000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://internet.e-mail
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.0000000004788000.00000004.00000020.00020000.00000000.sdmp, setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000031AA000.00000004.00000020.00020000.00000000.sdmp, setuppicasa39-setup.exe, 00000010.00000002.1664870898.0000000004419000.00000004.00000020.00020000.00000000.sdmp, setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000035FF000.00000004.00000020.00020000.00000000.sdmp, GPhotos.scr, 00000011.00000002.1554998935.0000000002750000.00000004.00000020.00020000.00000000.sdmp, GPhotos.scr, 00000011.00000000.1542724484.000000000062E000.00000002.00000001.01000000.0000000F.sdmp, Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp, Picasa3.exe, 00000014.00000002.2482072226.0000000002EAA000.00000004.00000020.00020000.00000000.sdmp, PicasaPhotoViewer.exe, 00000015.00000003.1768334402.000000000284E000.00000004.00000020.00020000.00000000.sdmp, PicasaPhotoViewer.exe, 00000015.00000002.1779527117.0000000002854000.00000004.00000020.00020000.00000000.sdmp, PicasaPhotoViewer.exe, 00000015.00000000.1692209976.000000000070D000.00000002.00000001.01000000.00000019.sdmp	String found in binary or memory: http://iptc.org/std/Iptc4xmpCore/1.0/xmlns/
Source: Picasa3.exe, 00000014.00000002.2482072226.0000000002EAA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://iptc.org/std/Iptc4xmpCore/1.0/xmlns/em#
Source: GPhotos.scr, 00000011.00000002.1554998935.0000000002750000.00000004.00000020.00020000.00000000.sdmp, GPhotos.scr, 00000011.00000000.1542724484.000000000062E000.00000002.00000001.01000000.0000000F.sdmp, Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp, Picasa3.exe, 00000014.00000002.2482072226.0000000002EAA000.00000004.00000020.00020000.00000000.sdmp, PicasaPhotoViewer.exe, 00000015.00000003.1768334402.000000000284E000.00000004.00000020.00020000.00000000.sdmp, PicasaPhotoViewer.exe, 00000015.00000002.1779527117.0000000002854000.00000004.00000020.00020000.00000000.sdmp, PicasaPhotoViewer.exe, 00000015.00000000.1692209976.000000000070D000.00000002.00000001.01000000.00000019.sdmp	String found in binary or memory: http://iptc.org/std/Iptc4xmpExt/2008-02-29/
Source: Picasa3.exe, 00000014.00000002.2482072226.0000000002EAA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://iptc.org/std/Iptc4xmpExt/2008-02-29/e2
Source: Picasa3.exe, 00000014.00000002.2482072226.0000000002EAA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://iptc.org/std/Iptc4xmpExt/2008-02-29/j2
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.000000000369C000.00000004.00000020.00020000.00000000.sdmp, GPhotos.scr, 00000011.00000000.1542961815.00000000006EF000.00000002.00000001.01000000.0000000F.sdmp, Picasa3.exe, 00000014.00000002.2599824731.000000001140C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://lh2.google.com.vn/data/feed/api/all?kind=photo&filter=1&max-results=100&alt=rss
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.000000000369C000.00000004.00000020.00020000.00000000.sdmp, GPhotos.scr, 00000011.00000000.1542961815.00000000006EF000.00000002.00000001.01000000.0000000F.sdmp, Picasa3.exe, 00000014.00000002.2599824731.000000001140C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://lh2.google.com/data/feed/api/all?kind=photo&filter=1&
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.000000000369C000.00000004.00000020.00020000.00000000.sdmp, GPhotos.scr, 00000011.00000000.1542961815.00000000006EF000.00000002.00000001.01000000.0000000F.sdmp, Picasa3.exe, 00000014.00000003.1626531844.00000000040E2000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2599824731.000000001140C000.00000002.00000001.01000000.00000014.sdmp, Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp, Picasa3.exe, 00000014.00000003.1626203204.0000000003FB3000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2599824731.000000001000C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://lh2.google.com/data/feed/api/all?kind=photo&filter=1&max-results=100&alt=rss
Source: GPhotos.scr, 00000011.00000002.1554998935.0000000002744000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2482072226.0000000002E32000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://lh2.google.com/data/feed/api/all?kind=photo&filter=1&max-results=100&alt=rss
Source: GPhotos.scr, 00000011.00000002.1554998935.0000000002744000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://lh2.google.com/data/feed/api/all?kind=photo&filter=1&max-results=100&alt=rssu
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.000000000369C000.00000004.00000020.00020000.00000000.sdmp, GPhotos.scr, 00000011.00000000.1542961815.00000000006EF000.00000002.00000001.01000000.0000000F.sdmp, Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://lh2.google.rs/data/feed/api/all?kind=photo&filter=1&max-results=100&alt=rss
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: http://localhost:%d/%s/image/%s.jpg
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: http://localhost:%d/%s/thumb/%s.jpg
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.0000000003831000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2599824731.000000001000C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://mail.google.com
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: http://mail.google.com/mail/help/intl/%s/about.html
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: http://mail.google.com/mail/help/intl/%s/about.htmli18n
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000032A7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://maps.google.com/maps?file=api&v=2&client=google-picasa-client&sensor=false
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: http://maps.google.com/maps?q=%g
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000032A7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://maps.googleapis.com/maps/api/js?client=google-picasa-client&sensor=false&v=3
Source: 1a4e5ccd35a56d84281a143f831563be.exe, 0000000C.00000000.1432448821.000000000040C000.00000002.00000001.01000000.00000006.sdmp, setuppicasa39-setup.exe, 00000010.00000000.1489441264.0000000000409000.00000008.00000001.01000000.0000000B.sdmp, setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000032A7000.00000004.00000020.00020000.00000000.sdmp, setuppicasa39-setup.exe, 00000010.00000002.1660522898.0000000000409000.00000004.00000001.01000000.0000000B.sdmp, listicka.exe, 00000016.00000000.1706188175.0000000000409000.00000008.00000001.01000000.0000001A.sdmp, listicka.exe, 00000016.00000002.2422886994.0000000000409000.00000004.00000001.01000000.0000001A.sdmp	String found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
Source: 1a4e5ccd35a56d84281a143f831563be.exe, 0000000F.00000002.2435414779.0000000000414000.00000004.00000001.01000000.00000006.sdmp, setuppicasa39-setup.exe, 00000010.00000002.1664870898.000000000459F000.00000004.00000020.00020000.00000000.sdmp, setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000032A7000.00000004.00000020.00020000.00000000.sdmp, setuppicasa39-setup.exe, 00000010.00000002.1664870898.0000000002E88000.00000004.00000020.00020000.00000000.sdmp, setuppicasa39-setup.exe, 00000010.00000002.1664870898.000000000467E000.00000004.00000020.00020000.00000000.sdmp, setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000029F6000.00000004.00000020.00020000.00000000.sdmp, PicasaPhotoViewer.exe, 00000015.00000003.1750777100.0000000000AF4000.00000004.00000020.00020000.00000000.sdmp, PicasaPhotoViewer.exe, 00000015.00000002.1780753263.0000000003B00000.00000004.00000020.00020000.00000000.sdmp, PicasaPhotoViewer.exe, 00000015.00000003.1775638859.0000000000A66000.00000004.00000020.00020000.00000000.sdmp, UNZIP.EXE, 00000026.00000002.1812336800.0000000000430000.00000040.00000001.01000000.00000020.sdmp, UNZIP.EXE, 00000028.00000002.1816767609.000000000042B000.00000040.00000001.01000000.00000020.sdmp, UNZIP.EXE, 00000058.00000002.2099499225.0000000000428000.00000040.00000001.01000000.00000026.sdmp, CPY.EXE, 0000005C.00000002.2102179386.0000000000B00000.00000004.00000020.00020000.00000000.sdmp, UNZIP.EXE, 0000005D.00000002.2105385323.0000000000428000.00000040.00000001.01000000.00000026.sdmp, CPY.EXE, 00000061.00000002.2108099884.0000000000E09000.00000004.00000020.00020000.00000000.sdmp, CPY.EXE, 00000064.00000002.2115643669.0000000000ECA000.00000004.00000020.00020000.00000000.sdmp, UNZIP.EXE, 00000066.00000002.2120076164.0000000000428000.00000040.00000001.01000000.00000026.sdmp, CPY.EXE, 0000006A.00000002.2122729835.0000000000629000.00000004.00000020.00020000.00000000.sdmp, CPY.EXE, 00000070.00000002.2131296204.0000000000CD9000.00000004.00000020.00020000.00000000.sdmp, sznpp.exe, 0000007C.00000000.2152804918.0000000000BFB000.00000002.00000001.01000000.0000002C.sdmp, UNZIP.EXE, 0000007D.00000002.2173171240.000000000042B000.00000040.00000001.01000000.00000026.sdmp	String found in binary or memory: http://ocsp.thawte.com0
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.000000000369C000.00000004.00000020.00020000.00000000.sdmp, GPhotos.scr, 00000011.00000000.1542961815.00000000006EF000.00000002.00000001.01000000.0000000F.sdmp, Picasa3.exe, 00000014.00000002.2599824731.000000001000C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://pack.google.co.uk/feeds.
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.000000000369C000.00000004.00000020.00020000.00000000.sdmp, GPhotos.scr, 00000011.00000000.1542961815.00000000006EF000.00000002.00000001.01000000.0000000F.sdmp, Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://pack.google.com.br/feeds.
Source: Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp, Picasa3.exe, 00000014.00000002.2599824731.000000001000C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://pack.google.com/feeds
Source: Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp, Picasa3.exe, 00000014.00000003.1626203204.0000000003FB3000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2599824731.000000001000C000.00000002.00000001.01000000.00000014.sdmp, Picasa3.exe, 00000014.00000002.2482072226.0000000002E7B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://pack.google.com/feeds.
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000035FF000.00000004.00000020.00020000.00000000.sdmp, GPhotos.scr, 00000011.00000000.1542724484.000000000062E000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: http://pack.google.com/feeds.MetadataNode::TipDiscoverMeasure
Source: GPhotos.scr, 00000011.00000003.1552747031.0000000000B45000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://pack.google.com/gphotos?action=install&hl=en&gl=ch&brand=GGLA&scrid=AD0E3D47-9B39-483F-83C6-9
Source: GPhotos.scr, 00000011.00000002.1553040041.0000000000199000.00000004.00000010.00020000.00000000.sdmp	String found in binary or memory: http://pack.google.com/gphotos?action=install&hl=en&gl=ch&brand=GGLA&scrid=AD0E3D47-9B39-483F-8Profi
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.000000000369C000.00000004.00000020.00020000.00000000.sdmp, GPhotos.scr, 00000011.00000000.1542961815.00000000006EF000.00000002.00000001.01000000.0000000F.sdmp, Picasa3.exe, 00000014.00000002.2599824731.000000001000C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://pack.google.dk/feeds.
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.000000000369C000.00000004.00000020.00020000.00000000.sdmp, GPhotos.scr, 00000011.00000000.1542961815.00000000006EF000.00000002.00000001.01000000.0000000F.sdmp, Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://pack.google.rs/feeds.
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: http://photos.hello.com/interface/AlbumStack.gif
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: http://photos.hello.com/interface/AlbumStackSelected.gif
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: http://photos.hello.com/interface/AppsBtn-hello.gif
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: http://photos.hello.com/interface/AppsBtn-picasa.gif
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: http://photos.hello.com/interface/AppsBtn.gif
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: http://photos.hello.com/interface/boxes/B11.gif
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: http://photos.hello.com/interface/boxes/B13.gif
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: http://photos.hello.com/interface/boxes/B31.gif
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: http://photos.hello.com/interface/boxes/B33.gif
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: http://photos.hello.com/interface/boxes/S11.gif
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: http://photos.hello.com/interface/boxes/S12.gif
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: http://photos.hello.com/interface/boxes/S13.gif
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: http://photos.hello.com/interface/boxes/S21.gif
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: http://photos.hello.com/interface/boxes/S23.gif
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: http://photos.hello.com/interface/boxes/S31.gif
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: http://photos.hello.com/interface/boxes/S32.gif
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: http://photos.hello.com/interface/boxes/S33.gif
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: http://photos.hello.com/interface/boxes/spacer.gif
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: http://photos.hello.com/interface/spacer.gif
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: http://photos.hello.com/scripts.js
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: http://photos.hello.com/styles.css
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.0000000003831000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2482072226.0000000002E92000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2506191744.0000000004114000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://picasa-readme.blogspot.com/
Source: Picasa3.exe, 00000014.00000002.2593399186.0000000007223000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2506191744.0000000004114000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://picasa-readme.blogspot.com/2008/08/picasa-30-beta-build-3717.html
Source: Picasa3.exe, 00000014.00000002.2593399186.0000000007223000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://picasa-readme.blogspot.com/2008/09/build-5724.html
Source: Picasa3.exe, 00000014.00000002.2593399186.0000000007223000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2589400232.0000000007039000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://picasa-readme.blogspot.com/2008/10/picasa-30-out-of-beta-build-xxxx.html
Source: Picasa3.exe, 00000014.00000002.2482072226.0000000002EAA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://picasa-readme.blogspot.com/2009/09/picasa-35-now-with-name-tags-build-7967.html
Source: Picasa3.exe, 00000014.00000002.2482072226.0000000002EAA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://picasa-readme.blogspot.com/2009/12/picasa-36-now-with-collaborative-albums.html
Source: Picasa3.exe, 00000014.00000002.2593399186.0000000007223000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2482072226.0000000002EAA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://picasa-readme.blogspot.com/2010/10/picasa-38-now-available-in-35-languages.html
Source: Picasa3.exe, 00000014.00000002.2482072226.0000000002EAA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://picasa-readme.blogspot.com/2010/10/picasa-38-now-available-in-35-languages.htmliew
Source: Picasa3.exe, 00000014.00000002.2593399186.0000000007223000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://picasa-readme.blogspot.com/2012/04/picasa-3.html
Source: Picasa3.exe, 00000014.00000002.2467205779.00000000011B6000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2482072226.0000000002EAA000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000003.2141243034.0000000001205000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000003.2144975853.0000000001231000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2597529140.00000000091DD000.00000004.00000010.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000003.2141243034.0000000001221000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2467205779.0000000001230000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2482072226.0000000002E7B000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2506191744.0000000004114000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2467205779.000000000120E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://picasa-readme.blogspot.com/feeds/posts/default
Source: Picasa3.exe, 00000014.00000002.2467205779.00000000011B6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://picasa-readme.blogspot.com/feeds/posts/default(
Source: Picasa3.exe, 00000014.00000002.2482072226.0000000002E92000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://picasa-readme.blogspot.com/update2
Source: Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://picasa.google.co.jp/
Source: Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://picasa.google.co.kr/support?ctx=picasa
Source: Picasa3.exe, 00000014.00000002.2599824731.000000001140C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://picasa.google.com.tr/support/bin/answer.py?answer=11139
Source: Picasa3.exe, 00000014.00000002.2599824731.000000001140C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://picasa.google.com.tr/support/bin/answer.py?answer=141059
Source: Picasa3.exe, 00000014.00000002.2599824731.000000001140C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://picasa.google.com.tr/support/bin/answer.py?answer=53209
Source: Picasa3.exe, 00000014.00000002.2599824731.000000001140C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://picasa.google.com.tr/support/bin/topic.py?topic=16056
Source: Picasa3.exe, 00000014.00000002.2599824731.000000001140C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://picasa.google.com.vn/support?ctx=picasa
Source: Picasa3.exe, 00000014.00000002.2482072226.0000000002EAA000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2589400232.0000000007039000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000003.1626203204.0000000003FB3000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2599824731.000000001000C000.00000002.00000001.01000000.00000014.sdmp, Picasa3.exe, 00000014.00000002.2586100840.0000000006F6F000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2482072226.0000000002E7B000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2593399186.000000000716B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://picasa.google.com/
Source: Picasa3.exe, 00000014.00000002.2593399186.0000000007223000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://picasa.google.com/"><span
Source: Picasa3.exe, 00000014.00000002.2593399186.0000000007223000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://picasa.google.com/">picasa.google.com</a>.<br
Source: Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp, Picasa3.exe, 00000014.00000002.2599824731.000000001000C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://picasa.google.com/.
Source: Picasa3.exe, 00000012.00000000.1604678624.0000000000DF8000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: http://picasa.google.com/AOne
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: http://picasa.google.com/assets/logo.gif
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.0000000003831000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://picasa.google.com/assets/logo_kmz.gif
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000032A7000.00000004.00000020.00020000.00000000.sdmp, PicasaPhotoViewer.exe, 00000015.00000003.1769352161.0000000003272000.00000004.00000020.00020000.00000000.sdmp, PicasaPhotoViewer.exe, 00000015.00000003.1770457054.0000000002831000.00000004.00000020.00020000.00000000.sdmp, PicasaPhotoViewer.exe, 00000015.00000003.1770788161.0000000003273000.00000004.00000020.00020000.00000000.sdmp, PicasaPhotoViewer.exe, 00000015.00000003.1774735111.0000000002835000.00000004.00000020.00020000.00000000.sdmp, PicasaPhotoViewer.exe, 00000015.00000003.1771353717.0000000003273000.00000004.00000020.00020000.00000000.sdmp, PicasaPhotoViewer.exe, 00000015.00000003.1761252169.0000000003255000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://picasa.google.com/features.html
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: http://picasa.google.com/index.html
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: http://picasa.google.com/intl/%s/terms.html
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.000000000369C000.00000004.00000020.00020000.00000000.sdmp, GPhotos.scr, 00000011.00000000.1542961815.00000000006EF000.00000002.00000001.01000000.0000000F.sdmp, Picasa3.exe, 00000014.00000002.2599824731.000000001000C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://picasa.google.com/intl/ar/#utm_source=gph-et-ar&utm_medium=et&utm_campaign=ar-screens
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.000000000369C000.00000004.00000020.00020000.00000000.sdmp, GPhotos.scr, 00000011.00000000.1542961815.00000000006EF000.00000002.00000001.01000000.0000000F.sdmp, Picasa3.exe, 00000014.00000002.2599824731.000000001000C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://picasa.google.com/intl/bg/#utm_source=gph-et-bg&utm_medium=et&utm_campaign=bg-screens
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.000000000369C000.00000004.00000020.00020000.00000000.sdmp, GPhotos.scr, 00000011.00000000.1542961815.00000000006EF000.00000002.00000001.01000000.0000000F.sdmp, Picasa3.exe, 00000014.00000002.2599824731.000000001000C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://picasa.google.com/intl/ca/#utm_source=gph-et-en&utm_medium=et&utm_campaign=en-protect
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.000000000369C000.00000004.00000020.00020000.00000000.sdmp, GPhotos.scr, 00000011.00000000.1542961815.00000000006EF000.00000002.00000001.01000000.0000000F.sdmp, Picasa3.exe, 00000014.00000002.2599824731.000000001000C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://picasa.google.com/intl/cs/#utm_source=gph-et-en&utm_medium=et&utm_campaign=cs-screens
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.000000000369C000.00000004.00000020.00020000.00000000.sdmp, GPhotos.scr, 00000011.00000000.1542961815.00000000006EF000.00000002.00000001.01000000.0000000F.sdmp, Picasa3.exe, 00000014.00000002.2599824731.000000001000C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://picasa.google.com/intl/de/#utm_source=gph-et-de&utm_medium=et&utm_campaign=de-screens
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.000000000369C000.00000004.00000020.00020000.00000000.sdmp, GPhotos.scr, 00000011.00000000.1542961815.00000000006EF000.00000002.00000001.01000000.0000000F.sdmp, Picasa3.exe, 00000014.00000002.2599824731.000000001000C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://picasa.google.com/intl/el/#utm_source=gph-et-el&utm_medium=et&utm_campaign=el-screens
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.000000000369C000.00000004.00000020.00020000.00000000.sdmp, GPhotos.scr, 00000011.00000000.1542961815.00000000006EF000.00000002.00000001.01000000.0000000F.sdmp, Picasa3.exe, 00000014.00000003.1626531844.00000000040E2000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2599824731.000000001140C000.00000002.00000001.01000000.00000014.sdmp, Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp, Picasa3.exe, 00000014.00000003.1626203204.0000000003FB3000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2599824731.000000001000C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://picasa.google.com/intl/en/#utm_source=gph-et-en&utm_medium=et&utm_campaign=en-screens
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.000000000369C000.00000004.00000020.00020000.00000000.sdmp, GPhotos.scr, 00000011.00000000.1542961815.00000000006EF000.00000002.00000001.01000000.0000000F.sdmp, Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://picasa.google.com/intl/en/#utm_source=gph-et-en&utm_medium=et&utm_campaign=fil-screen
Source: Picasa3.exe, 00000014.00000002.2482072226.0000000002EAA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://picasa.google.com/intl/en/#utm_source=gph-et-en&utm_medium=et&utm_campaign=en-screensaver
Source: GPhotos.scr, 00000011.00000002.1554998935.0000000002750000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://picasa.google.com/intl/en/#utm_source=gph-et-en&utm_medium=et&utm_campaign=en-screensaver.
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000035FF000.00000004.00000020.00020000.00000000.sdmp, GPhotos.scr, 00000011.00000000.1542724484.000000000062E000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: http://picasa.google.com/intl/en/#utm_source=gph-et-en&utm_medium=et&utm_campaign=en-screensaverCGen
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.000000000369C000.00000004.00000020.00020000.00000000.sdmp, GPhotos.scr, 00000011.00000000.1542961815.00000000006EF000.00000002.00000001.01000000.0000000F.sdmp, Picasa3.exe, 00000014.00000002.2599824731.000000001000C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://picasa.google.com/intl/en_uk/#utm_source=gph-et-en&utm_medium=et&utm_campaign=en-scre
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.000000000369C000.00000004.00000020.00020000.00000000.sdmp, GPhotos.scr, 00000011.00000000.1542961815.00000000006EF000.00000002.00000001.01000000.0000000F.sdmp, Picasa3.exe, 00000014.00000002.2599824731.000000001000C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://picasa.google.com/intl/es/#utm_source=gph-et-en&utm_medium=et&utm_campaign=es-screens
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.000000000369C000.00000004.00000020.00020000.00000000.sdmp, GPhotos.scr, 00000011.00000000.1542961815.00000000006EF000.00000002.00000001.01000000.0000000F.sdmp, Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://picasa.google.com/intl/fi/#utm_source=gph-et-fi&utm_medium=et&utm_campaign=fi-screens
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.000000000369C000.00000004.00000020.00020000.00000000.sdmp, GPhotos.scr, 00000011.00000000.1542961815.00000000006EF000.00000002.00000001.01000000.0000000F.sdmp, Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://picasa.google.com/intl/fr/#utm_source=gph-et-fr&utm_medium=et&utm_campaign=fr-screens
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.000000000369C000.00000004.00000020.00020000.00000000.sdmp, GPhotos.scr, 00000011.00000000.1542961815.00000000006EF000.00000002.00000001.01000000.0000000F.sdmp, Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://picasa.google.com/intl/hi/#utm_source=gph-et-hi&utm_medium=et&utm_campaign=hi-screens
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.000000000369C000.00000004.00000020.00020000.00000000.sdmp, GPhotos.scr, 00000011.00000000.1542961815.00000000006EF000.00000002.00000001.01000000.0000000F.sdmp, Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://picasa.google.com/intl/hu/#utm_source=gph-et-hu&utm_medium=et&utm_campaign=hu-screens
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.000000000369C000.00000004.00000020.00020000.00000000.sdmp, GPhotos.scr, 00000011.00000000.1542961815.00000000006EF000.00000002.00000001.01000000.0000000F.sdmp, Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://picasa.google.com/intl/id/#utm_source=gph-et-id&utm_medium=et&utm_campaign=id-screens
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.000000000369C000.00000004.00000020.00020000.00000000.sdmp, GPhotos.scr, 00000011.00000000.1542961815.00000000006EF000.00000002.00000001.01000000.0000000F.sdmp, Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://picasa.google.com/intl/ja/#utm_source=gph-et-ja&utm_medium=et&utm_campaign=ja-screens
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.000000000369C000.00000004.00000020.00020000.00000000.sdmp, GPhotos.scr, 00000011.00000000.1542961815.00000000006EF000.00000002.00000001.01000000.0000000F.sdmp, Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://picasa.google.com/intl/ko/#utm_source=gph-et-en&utm_medium=et&utm_campaign=en-screens
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.000000000369C000.00000004.00000020.00020000.00000000.sdmp, GPhotos.scr, 00000011.00000000.1542961815.00000000006EF000.00000002.00000001.01000000.0000000F.sdmp, Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://picasa.google.com/intl/lt/#utm_source=gph-et-lt&utm_medium=et&utm_campaign=lt-screens
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.000000000369C000.00000004.00000020.00020000.00000000.sdmp, GPhotos.scr, 00000011.00000000.1542961815.00000000006EF000.00000002.00000001.01000000.0000000F.sdmp, Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://picasa.google.com/intl/lv/#utm_source=gph-et-lv&utm_medium=et&utm_campaign=lv-screens
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.000000000369C000.00000004.00000020.00020000.00000000.sdmp, GPhotos.scr, 00000011.00000000.1542961815.00000000006EF000.00000002.00000001.01000000.0000000F.sdmp, Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://picasa.google.com/intl/nl/#utm_source=gph-et-nl&utm_medium=et&utm_campaign=nl-screens
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.000000000369C000.00000004.00000020.00020000.00000000.sdmp, GPhotos.scr, 00000011.00000000.1542961815.00000000006EF000.00000002.00000001.01000000.0000000F.sdmp, Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://picasa.google.com/intl/pl/#utm_source=gph-et-en&utm_medium=et&utm_campaign=en-screens
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.000000000369C000.00000004.00000020.00020000.00000000.sdmp, GPhotos.scr, 00000011.00000000.1542961815.00000000006EF000.00000002.00000001.01000000.0000000F.sdmp, Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://picasa.google.com/intl/pt-BR/#utm_source=gph-et-en&utm_medium=et&utm_campaign=en-scre
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.000000000369C000.00000004.00000020.00020000.00000000.sdmp, GPhotos.scr, 00000011.00000000.1542961815.00000000006EF000.00000002.00000001.01000000.0000000F.sdmp, Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://picasa.google.com/intl/pt_PT/#utm_source=gph-et-pt_PT&utm_medium=et&utm_campaign=pt_P
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.000000000369C000.00000004.00000020.00020000.00000000.sdmp, GPhotos.scr, 00000011.00000000.1542961815.00000000006EF000.00000002.00000001.01000000.0000000F.sdmp, Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://picasa.google.com/intl/ro/#utm_source=gph-et-ro&utm_medium=et&utm_campaign=ro-screens
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.000000000369C000.00000004.00000020.00020000.00000000.sdmp, GPhotos.scr, 00000011.00000000.1542961815.00000000006EF000.00000002.00000001.01000000.0000000F.sdmp, Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://picasa.google.com/intl/ru/#utm_source=gph-et-ru&utm_medium=et&utm_campaign=ru-screens
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.000000000369C000.00000004.00000020.00020000.00000000.sdmp, GPhotos.scr, 00000011.00000000.1542961815.00000000006EF000.00000002.00000001.01000000.0000000F.sdmp, Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://picasa.google.com/intl/sk/#utm_source=gph-et-sk&utm_medium=et&utm_campaign=sk-screens
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.000000000369C000.00000004.00000020.00020000.00000000.sdmp, GPhotos.scr, 00000011.00000000.1542961815.00000000006EF000.00000002.00000001.01000000.0000000F.sdmp, Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://picasa.google.com/intl/sl/#utm_source=gph-et-sl&utm_medium=et&utm_campaign=sl-screens
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.000000000369C000.00000004.00000020.00020000.00000000.sdmp, GPhotos.scr, 00000011.00000000.1542961815.00000000006EF000.00000002.00000001.01000000.0000000F.sdmp, Picasa3.exe, 00000014.00000002.2599824731.000000001140C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://picasa.google.com/intl/th/#utm_source=gph-et-en&utm_medium=et&utm_campaign=en-screens
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.000000000369C000.00000004.00000020.00020000.00000000.sdmp, GPhotos.scr, 00000011.00000000.1542961815.00000000006EF000.00000002.00000001.01000000.0000000F.sdmp, Picasa3.exe, 00000014.00000002.2599824731.000000001140C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://picasa.google.com/intl/tr/#utm_source=gph-et-en&utm_medium=et&utm_campaign=en-screens
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.000000000369C000.00000004.00000020.00020000.00000000.sdmp, GPhotos.scr, 00000011.00000000.1542961815.00000000006EF000.00000002.00000001.01000000.0000000F.sdmp, Picasa3.exe, 00000014.00000002.2599824731.000000001140C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://picasa.google.com/intl/vi/#utm_source=gph-et-en&utm_medium=et&utm_campaign=en-screens
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.000000000369C000.00000004.00000020.00020000.00000000.sdmp, GPhotos.scr, 00000011.00000000.1542961815.00000000006EF000.00000002.00000001.01000000.0000000F.sdmp, Picasa3.exe, 00000014.00000002.2599824731.000000001140C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://picasa.google.com/intl/zh-CN/#utm_source=gph-et-zh_CN&utm_medium=et&utm_campaign=zh_C
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.000000000369C000.00000004.00000020.00020000.00000000.sdmp, GPhotos.scr, 00000011.00000000.1542961815.00000000006EF000.00000002.00000001.01000000.0000000F.sdmp, Picasa3.exe, 00000014.00000002.2599824731.000000001140C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://picasa.google.com/intl/zh-TW/#utm_source=gph-et-zh-TW&utm_medium=et&utm_campaign=zh-T
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp, Picasa3.exe, 00000014.00000003.1626531844.00000000040E2000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp, Picasa3.exe, 00000014.00000003.1626203204.0000000003FB3000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2599824731.000000001000C000.00000002.00000001.01000000.00000014.sdmp, Picasa3.exe, 00000014.00000002.2482072226.0000000002E7B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://picasa.google.com/support/bin/answer.py?answer=11139
Source: Picasa3.exe, 00000014.00000002.2599824731.000000001140C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://picasa.google.com/support/bin/answer.py?answer=11139&hl=th
Source: Picasa3.exe, 00000014.00000002.2599824731.000000001140C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://picasa.google.com/support/bin/answer.py?answer=11139&hl=uk
Source: Picasa3.exe, 00000014.00000002.2599824731.000000001140C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://picasa.google.com/support/bin/answer.py?answer=11139&hl=vi
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: http://picasa.google.com/support/bin/answer.py?answer=11511
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.0000000003831000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp, Picasa3.exe, 00000014.00000003.1626531844.00000000040E2000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2599824731.000000001140C000.00000002.00000001.01000000.00000014.sdmp, Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp, Picasa3.exe, 00000014.00000002.2482072226.0000000002EAA000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000003.1626203204.0000000003FB3000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2599824731.000000001000C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://picasa.google.com/support/bin/answer.py?answer=139492
Source: Picasa3.exe, 00000014.00000002.2599824731.000000001140C000.00000002.00000001.01000000.00000014.sdmp, Picasa3.exe, 00000014.00000002.2599824731.000000001000C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://picasa.google.com/support/bin/answer.py?answer=139492&hl=uk
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: http://picasa.google.com/support/bin/answer.py?answer=139492&hl=%sSplashThreadruntime
Source: Picasa3.exe, 00000014.00000002.2482072226.0000000002EAA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://picasa.google.com/support/bin/answer.py?answer=139492ar)
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp, Picasa3.exe, 00000014.00000003.1626531844.00000000040E2000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp, Picasa3.exe, 00000014.00000002.2482072226.0000000002EAA000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000003.1626203204.0000000003FB3000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2599824731.000000001000C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://picasa.google.com/support/bin/answer.py?answer=141059
Source: Picasa3.exe, 00000014.00000002.2599824731.000000001140C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://picasa.google.com/support/bin/answer.py?answer=141059&hl=th
Source: Picasa3.exe, 00000014.00000002.2599824731.000000001140C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://picasa.google.com/support/bin/answer.py?answer=141059&hl=uk
Source: Picasa3.exe, 00000014.00000002.2599824731.000000001140C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://picasa.google.com/support/bin/answer.py?answer=141059&hl=vi
Source: Picasa3.exe, 00000014.00000002.2482072226.0000000002EAA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://picasa.google.com/support/bin/answer.py?answer=141059)V
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: http://picasa.google.com/support/bin/answer.py?answer=141059iPhotoError::HelpURL
Source: Picasa3.exe, 00000014.00000002.2482072226.0000000002EAA000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2586100840.0000000006F6F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://picasa.google.com/support/bin/answer.py?answer=26374
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: http://picasa.google.com/support/bin/answer.py?answer=39551
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: http://picasa.google.com/support/bin/answer.py?answer=39551-----------------------------------------
Source: Picasa3.exe, 00000014.00000002.2593399186.0000000007244000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://picasa.google.com/support/bin/answer.py?answer=43901
Source: Picasa3.exe, 00000014.00000002.2593399186.0000000007223000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://picasa.google.com/support/bin/answer.py?answer=43901"><span
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp, Picasa3.exe, 00000014.00000003.1626531844.00000000040E2000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2599824731.000000001140C000.00000002.00000001.01000000.00000014.sdmp, Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp, Picasa3.exe, 00000014.00000003.1626203204.0000000003FB3000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2599824731.000000001000C000.00000002.00000001.01000000.00000014.sdmp, Picasa3.exe, 00000014.00000002.2482072226.0000000002E7B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://picasa.google.com/support/bin/answer.py?answer=53209
Source: Picasa3.exe, 00000014.00000002.2599824731.000000001140C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://picasa.google.com/support/bin/answer.py?answer=53209&hl=th
Source: Picasa3.exe, 00000014.00000002.2599824731.000000001140C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://picasa.google.com/support/bin/answer.py?answer=53209&hl=uk
Source: Picasa3.exe, 00000014.00000002.2506191744.0000000004241000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2586100840.0000000006F6F000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2593399186.000000000716B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://picasa.google.com/support/bin/answer.py?answer=93773
Source: Picasa3.exe, 00000014.00000002.2506191744.0000000004241000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2586100840.0000000006F6F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://picasa.google.com/support/bin/answer.py?answer=93773&ctx=readme
Source: Picasa3.exe, 00000014.00000002.2593399186.0000000007223000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://picasa.google.com/support/bin/answer.py?answer=93773"><span
Source: Picasa3.exe, 00000014.00000002.2593399186.0000000007223000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://picasa.google.com/support/bin/answer.py?answer=93773">Picasa
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: http://picasa.google.com/support/bin/answer.py?hl=%s&answer=156272
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: http://picasa.google.com/support/bin/answer.py?hl=%s&answer=156272InfoTextUnnamedShownclustering_con
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.0000000003831000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2599824731.000000001000C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://picasa.google.com/support/bin/answer.py?hl=en&answer=15625
Source: Picasa3.exe, 00000014.00000003.1626531844.00000000040E2000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2599824731.000000001140C000.00000002.00000001.01000000.00000014.sdmp, Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp, Picasa3.exe, 00000014.00000003.1626203204.0000000003FB3000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2599824731.000000001000C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://picasa.google.com/support/bin/answer.py?hl=en&answer=93773
Source: Picasa3.exe, 00000014.00000002.2593399186.0000000007223000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://picasa.google.com/support/bin/answer.py?hl=en&answer=93773">Picasa
Source: Picasa3.exe, 00000014.00000002.2482072226.0000000002EAA000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2419587665.0000000000180000.00000004.00000010.00020000.00000000.sdmp	String found in binary or memory: http://picasa.google.com/support/bin/answer.py?hl=en&answer=93773
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: http://picasa.google.com/support/bin/answer.py?hl=en&answer=93773CThumbUI::showfeatureslinkSaverUpgr
Source: Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://picasa.google.com/support/bin/answer.py?hl=fi&answer=93773
Source: Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://picasa.google.com/support/bin/answer.py?hl=fil&answer=93773
Source: Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://picasa.google.com/support/bin/answer.py?hl=fr&answer=93773
Source: Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://picasa.google.com/support/bin/answer.py?hl=hi&answer=93773
Source: Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://picasa.google.com/support/bin/answer.py?hl=hu&answer=93773
Source: Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://picasa.google.com/support/bin/answer.py?hl=id&answer=93773
Source: Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://picasa.google.com/support/bin/answer.py?hl=it&answer=93773
Source: Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://picasa.google.com/support/bin/answer.py?hl=iw&answer=93773
Source: Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://picasa.google.com/support/bin/answer.py?hl=ja&answer=93773
Source: Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://picasa.google.com/support/bin/answer.py?hl=ko&answer=93773
Source: Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://picasa.google.com/support/bin/answer.py?hl=lt&answer=93773
Source: Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://picasa.google.com/support/bin/answer.py?hl=lv&answer=93773
Source: Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://picasa.google.com/support/bin/answer.py?hl=nl&answer=93773
Source: Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://picasa.google.com/support/bin/answer.py?hl=no&answer=93773
Source: Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://picasa.google.com/support/bin/answer.py?hl=pl&answer=93773
Source: Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://picasa.google.com/support/bin/answer.py?hl=pt-BR&answer=93773
Source: Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://picasa.google.com/support/bin/answer.py?hl=pt_PT&answer=93773
Source: Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://picasa.google.com/support/bin/answer.py?hl=ro&answer=93773
Source: Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://picasa.google.com/support/bin/answer.py?hl=ru&answer=93773
Source: Picasa3.exe, 00000014.00000002.2599824731.000000001140C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://picasa.google.com/support/bin/answer.py?hl=se&answer=11139
Source: Picasa3.exe, 00000014.00000002.2599824731.000000001140C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://picasa.google.com/support/bin/answer.py?hl=se&answer=141059
Source: Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://picasa.google.com/support/bin/answer.py?hl=sk&answer=93773
Source: Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://picasa.google.com/support/bin/answer.py?hl=sl&answer=93773
Source: Picasa3.exe, 00000014.00000002.2599824731.000000001140C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://picasa.google.com/support/bin/answer.py?hl=sv&answer=53209
Source: Picasa3.exe, 00000014.00000002.2599824731.000000001140C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://picasa.google.com/support/bin/answer.py?hl=sv&answer=93773
Source: Picasa3.exe, 00000014.00000002.2599824731.000000001140C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://picasa.google.com/support/bin/answer.py?hl=th&answer=93773
Source: Picasa3.exe, 00000014.00000002.2599824731.000000001140C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://picasa.google.com/support/bin/answer.py?hl=tr&answer=93773
Source: Picasa3.exe, 00000014.00000002.2599824731.000000001140C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://picasa.google.com/support/bin/answer.py?hl=vi&answer=93773
Source: Picasa3.exe, 00000014.00000002.2599824731.000000001140C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://picasa.google.com/support/bin/answer.py?hl=zh-TW&answer=11139
Source: Picasa3.exe, 00000014.00000002.2599824731.000000001140C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://picasa.google.com/support/bin/answer.py?hl=zh-TW&answer=141059
Source: Picasa3.exe, 00000014.00000002.2599824731.000000001140C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://picasa.google.com/support/bin/answer.py?hl=zh-TW&answer=53209
Source: Picasa3.exe, 00000014.00000002.2599824731.000000001140C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://picasa.google.com/support/bin/answer.py?hl=zh-TW&answer=93773
Source: Picasa3.exe, 00000014.00000002.2599824731.000000001140C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://picasa.google.com/support/bin/answer.py?hl=zh_CN&answer=11139
Source: Picasa3.exe, 00000014.00000002.2599824731.000000001140C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://picasa.google.com/support/bin/answer.py?hl=zh_CN&answer=141059
Source: Picasa3.exe, 00000014.00000002.2599824731.000000001140C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://picasa.google.com/support/bin/answer.py?hl=zh_CN&answer=53209
Source: Picasa3.exe, 00000014.00000002.2599824731.000000001140C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://picasa.google.com/support/bin/answer.py?hl=zh_CN&answer=93773
Source: setuppicasa39-setup.exe	String found in binary or memory: http://picasa.google.com/support/bin/request.py?contact_type=uninstall
Source: setuppicasa39-setup.exe, 00000010.00000002.1704699696.0000000004CA3000.00000002.00000001.01000000.0000000C.sdmp	String found in binary or memory: http://picasa.google.com/support/bin/request.py?contact_type=uninstallptPTpt_PTpt_BRzhCNzh_CNzh_TW&h
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp, Picasa3.exe, 00000014.00000003.1626531844.00000000040E2000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2599824731.000000001140C000.00000002.00000001.01000000.00000014.sdmp, Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp, Picasa3.exe, 00000014.00000003.1626203204.0000000003FB3000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2599824731.000000001000C000.00000002.00000001.01000000.00000014.sdmp, Picasa3.exe, 00000014.00000002.2482072226.0000000002E7B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://picasa.google.com/support/bin/topic.py?topic=16056
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: http://picasa.google.com/support/bin/topic.py?topic=16056il_BurnPanel::imapierrorlinkError
Source: Picasa3.exe, 00000014.00000002.2482072226.0000000002E92000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2599824731.000000001140C000.00000002.00000001.01000000.00000014.sdmp, Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp, Picasa3.exe, 00000014.00000003.1626203204.0000000003FB3000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2599824731.000000001000C000.00000002.00000001.01000000.00000014.sdmp, PicasaPhotoViewer.exe, 00000015.00000000.1692209976.000000000070D000.00000002.00000001.01000000.00000019.sdmp	String found in binary or memory: http://picasa.google.com/support?ctx=picasa
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: http://picasa.google.com/support?ctx=picasaHELPID_DEFAULTi18n
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000031AA000.00000004.00000020.00020000.00000000.sdmp, PicasaPhotoViewer.exe, 00000015.00000000.1692209976.000000000070D000.00000002.00000001.01000000.00000019.sdmp	String found in binary or memory: http://picasa.google.com/support?ctx=picasatooltip3dfilmstripprintlocateemailblogslingshot_minimizep
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.000000000369C000.00000004.00000020.00020000.00000000.sdmp, GPhotos.scr, 00000011.00000000.1542961815.00000000006EF000.00000002.00000001.01000000.0000000F.sdmp, Picasa3.exe, 00000014.00000002.2599824731.000000001000C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://picasa.google.dk/intl/da/#utm_source=gph-et-en&utm_medium=et&utm_campaign=da-screensa
Source: Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://picasa.google.it/support/bin/answer.py?answer=11139
Source: Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp, Picasa3.exe, 00000014.00000002.2599824731.000000001000C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://picasa.google.it/support/bin/answer.py?answer=139492
Source: Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://picasa.google.it/support/bin/answer.py?answer=141059
Source: Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://picasa.google.it/support/bin/answer.py?answer=53209
Source: Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://picasa.google.nl/support/bin/answer.py?answer=11139
Source: Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp, Picasa3.exe, 00000014.00000002.2599824731.000000001000C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://picasa.google.nl/support/bin/answer.py?answer=139492
Source: Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://picasa.google.nl/support/bin/answer.py?answer=141059
Source: Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://picasa.google.nl/support/bin/answer.py?answer=53209
Source: Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://picasa.google.nl/support/bin/topic.py?topic=14609
Source: Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://picasa.google.ro/
Source: Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://picasa.google.rs/
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.000000000369C000.00000004.00000020.00020000.00000000.sdmp, GPhotos.scr, 00000011.00000000.1542961815.00000000006EF000.00000002.00000001.01000000.0000000F.sdmp, Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://picasa.google.rs/intl/sr/#utm_source=gph-et-sr&utm_medium=et&utm_campaign=sr-screensa
Source: Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://picasa.google.rs/support/bin/answer.py?answer=11139
Source: Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://picasa.google.rs/support/bin/answer.py?answer=141059
Source: Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://picasa.google.rs/support/bin/answer.py?answer=53209
Source: Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://picasa.google.rs/support/bin/answer.py?hl=sr&answer=93773
Source: Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://picasa.google.rs/support/bin/topic.py?topic=16056
Source: Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://picasa.google.rs/support?ctx=picasa
Source: Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://picasa.google.ru/support?ctx=picasa
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: http://picasa.smo/buttons
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: http://picasa.smo/buttonsP
Source: Picasa3.exe, 00000014.00000003.1626531844.00000000040E2000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2482072226.0000000002E92000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2599824731.000000001140C000.00000002.00000001.01000000.00000014.sdmp, Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp, Picasa3.exe, 00000014.00000003.1626203204.0000000003FB3000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2599824731.000000001000C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://picasa2.blogspot.com/
Source: Picasa3.exe, 00000012.00000000.1604678624.0000000000DF8000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: http://picasa2.blogspot.com/3Some
Source: Picasa3.exe, 00000014.00000002.2599824731.000000001140C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://picasa2.blogspot.com/?hl=vi
Source: Picasa3.exe, 00000014.00000002.2482072226.0000000002E92000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://picasa2.blogspot.com/e.
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000035FF000.00000004.00000020.00020000.00000000.sdmp, GPhotos.scr, 00000011.00000000.1542724484.000000000062E000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: http://picasaweb.google.com/data/feed/base/user/
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000035FF000.00000004.00000020.00020000.00000000.sdmp, GPhotos.scr, 00000011.00000000.1542724484.000000000062E000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: http://picasaweb.google.com/home
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000035FF000.00000004.00000020.00020000.00000000.sdmp, GPhotos.scr, 00000011.00000000.1542724484.000000000062E000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: http://picasaweb.google.com/lh/favorites
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000035FF000.00000004.00000020.00020000.00000000.sdmp, GPhotos.scr, 00000011.00000000.1542724484.000000000062E000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: http://picasaweb.google.com/lh/favoriteshttp://picasaweb.google.com/home?kind=album&alt=rss&hl=en_US
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: http://picasaweb.google.com/lh/nameTagOpt
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: http://picasaweb.google.com/lh/nameTagOptDoNotConfirmReducedUploadquotalearnmorehttps://support.goog
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: http://picasaweb.google.com/lh/picasaweb/
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: http://picasaweb.google.com/support/bin/request.py?contact_type=bug
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: http://picasaweb.google.com/support/bin/request.py?contact_type=bugPicasa2
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: http://schemas.google.com/contacts/2008/rel#photo
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000031AA000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp, PicasaPhotoViewer.exe, 00000015.00000000.1692209976.000000000070D000.00000002.00000001.01000000.00000019.sdmp	String found in binary or memory: http://schemas.google.com/g/2005
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: http://schemas.google.com/g/2005#home
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: http://schemas.google.com/g/2005#homerelgd:deletedgContact:systemGroupFriendsFocusGroup::FriendsFami
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp, PicasaPhotoViewer.exe, 00000015.00000000.1692209976.000000000070D000.00000002.00000001.01000000.00000019.sdmp	String found in binary or memory: http://schemas.google.com/g/2005#kind
Source: Picasa3.exe, 00000014.00000002.2593399186.0000000007223000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://schemas.google.com/g/2005#thumbnail
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: http://schemas.google.com/g/2008/ordering#comesAfter
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: http://schemas.google.com/g/2008/ordering#first
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000031AA000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp, PicasaPhotoViewer.exe, 00000015.00000000.1692209976.000000000070D000.00000002.00000001.01000000.00000019.sdmp	String found in binary or memory: http://schemas.google.com/photos/2007
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: http://schemas.google.com/photos/2007#album
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: http://schemas.google.com/photos/2007#albumDownload
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp, PicasaPhotoViewer.exe, 00000015.00000000.1692209976.000000000070D000.00000002.00000001.01000000.00000019.sdmp	String found in binary or memory: http://schemas.google.com/photos/2007#photo
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: http://schemas.google.com/photos/20073.9.6picasa_versioncreateSubjectgphoto:opgphoto:itemidgphoto:ga
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000031AA000.00000004.00000020.00020000.00000000.sdmp, PicasaPhotoViewer.exe, 00000015.00000000.1692209976.000000000070D000.00000002.00000001.01000000.00000019.sdmp	String found in binary or memory: http://schemas.google.com/photos/2007xmlns:gphotohttp://search.yahoo.com/mrss/xmlns:mediahttp://sche
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000031AA000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp, PicasaPhotoViewer.exe, 00000015.00000000.1692209976.000000000070D000.00000002.00000001.01000000.00000019.sdmp	String found in binary or memory: http://schemas.google.com/photos/exif/2007
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000031AA000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp, Picasa3.exe, 00000014.00000002.2593399186.0000000007223000.00000004.00000020.00020000.00000000.sdmp, PicasaPhotoViewer.exe, 00000015.00000000.1692209976.000000000070D000.00000002.00000001.01000000.00000019.sdmp	String found in binary or memory: http://search.yahoo.com/mrss/
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: http://search.yahoo.com/msrss/
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.0000000003DA5000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, Picasa3.exe, 00000014.00000002.2533437740.000000000488F000.00000002.00000001.01000000.00000016.sdmp	String found in binary or memory: http://stats.picasa.com/apps/get.stats.uploader.php
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.0000000003DA5000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2533437740.000000000488F000.00000002.00000001.01000000.00000016.sdmp	String found in binary or memory: http://stats.picasa.com/apps/get.stats.uploader.phpPluginNameOverrideXmlOverrideUrlOverrideytIAction
Source: Picasa3.exe, 00000014.00000002.2593399186.0000000007223000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://support.google.com/picasa/bin/answer.py?hl=en&amp;answer=1319659&amp;topic=1751920&qu
Source: Picasa3.exe, 00000014.00000002.2593399186.0000000007223000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://support.google.com/picasa/bin/answer.py?hl=en&amp;answer=39500&amp;topic=1751920&quot
Source: Picasa3.exe, 00000014.00000002.2506191744.000000000417F000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2593399186.000000000716B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://support.google.com/picasa/bin/answer.py?hl=en&answer=39500&topic=1751920
Source: Picasa3.exe, 00000014.00000002.2506191744.000000000417F000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2593399186.000000000716B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://support.google.com/plus/bin/answer.py?answer=2370124
Source: Picasa3.exe, 00000014.00000002.2593399186.0000000007223000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://support.google.com/plus/bin/answer.py?answer=2370124"><span
Source: 1a4e5ccd35a56d84281a143f831563be.exe, 0000000F.00000002.2435414779.0000000000414000.00000004.00000001.01000000.00000006.sdmp, setuppicasa39-setup.exe, 00000010.00000002.1664870898.000000000459F000.00000004.00000020.00020000.00000000.sdmp, setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000032A7000.00000004.00000020.00020000.00000000.sdmp, setuppicasa39-setup.exe, 00000010.00000002.1664870898.0000000002E88000.00000004.00000020.00020000.00000000.sdmp, setuppicasa39-setup.exe, 00000010.00000002.1664870898.000000000467E000.00000004.00000020.00020000.00000000.sdmp, setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000029F6000.00000004.00000020.00020000.00000000.sdmp, PicasaPhotoViewer.exe, 00000015.00000003.1750870600.0000000000AEB000.00000004.00000020.00020000.00000000.sdmp, PicasaPhotoViewer.exe, 00000015.00000002.1780753263.0000000003B00000.00000004.00000020.00020000.00000000.sdmp, PicasaPhotoViewer.exe, 00000015.00000003.1775638859.0000000000A66000.00000004.00000020.00020000.00000000.sdmp, UNZIP.EXE, 00000026.00000002.1812336800.0000000000430000.00000040.00000001.01000000.00000020.sdmp, UNZIP.EXE, 00000028.00000002.1816767609.000000000042B000.00000040.00000001.01000000.00000020.sdmp, UNZIP.EXE, 00000058.00000002.2099499225.0000000000428000.00000040.00000001.01000000.00000026.sdmp, CPY.EXE, 0000005C.00000002.2102179386.0000000000B00000.00000004.00000020.00020000.00000000.sdmp, UNZIP.EXE, 0000005D.00000002.2105385323.0000000000428000.00000040.00000001.01000000.00000026.sdmp, CPY.EXE, 00000061.00000002.2108099884.0000000000E09000.00000004.00000020.00020000.00000000.sdmp, CPY.EXE, 00000064.00000002.2115643669.0000000000ECA000.00000004.00000020.00020000.00000000.sdmp, UNZIP.EXE, 00000066.00000002.2120076164.0000000000428000.00000040.00000001.01000000.00000026.sdmp, CPY.EXE, 0000006A.00000002.2122729835.0000000000629000.00000004.00000020.00020000.00000000.sdmp, CPY.EXE, 00000070.00000002.2131296204.0000000000CD9000.00000004.00000020.00020000.00000000.sdmp, sznpp.exe, 0000007C.00000000.2152804918.0000000000BFB000.00000002.00000001.01000000.0000002C.sdmp, UNZIP.EXE, 0000007D.00000002.2173171240.000000000042B000.00000040.00000001.01000000.00000026.sdmp	String found in binary or memory: http://ts-aia.ws.symantec.com/tss-ca-g2.cer0
Source: 1a4e5ccd35a56d84281a143f831563be.exe, 0000000F.00000002.2435414779.0000000000414000.00000004.00000001.01000000.00000006.sdmp, setuppicasa39-setup.exe, 00000010.00000002.1664870898.000000000459F000.00000004.00000020.00020000.00000000.sdmp, setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000032A7000.00000004.00000020.00020000.00000000.sdmp, setuppicasa39-setup.exe, 00000010.00000002.1664870898.0000000002E88000.00000004.00000020.00020000.00000000.sdmp, setuppicasa39-setup.exe, 00000010.00000002.1664870898.000000000467E000.00000004.00000020.00020000.00000000.sdmp, setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000029F6000.00000004.00000020.00020000.00000000.sdmp, PicasaPhotoViewer.exe, 00000015.00000003.1750870600.0000000000AEB000.00000004.00000020.00020000.00000000.sdmp, PicasaPhotoViewer.exe, 00000015.00000002.1780753263.0000000003B00000.00000004.00000020.00020000.00000000.sdmp, PicasaPhotoViewer.exe, 00000015.00000003.1775638859.0000000000A66000.00000004.00000020.00020000.00000000.sdmp, UNZIP.EXE, 00000026.00000002.1812336800.0000000000430000.00000040.00000001.01000000.00000020.sdmp, UNZIP.EXE, 00000028.00000002.1816767609.000000000042B000.00000040.00000001.01000000.00000020.sdmp, UNZIP.EXE, 00000058.00000002.2099499225.0000000000428000.00000040.00000001.01000000.00000026.sdmp, CPY.EXE, 0000005C.00000002.2102179386.0000000000B00000.00000004.00000020.00020000.00000000.sdmp, UNZIP.EXE, 0000005D.00000002.2105385323.0000000000428000.00000040.00000001.01000000.00000026.sdmp, CPY.EXE, 00000061.00000002.2108099884.0000000000E09000.00000004.00000020.00020000.00000000.sdmp, CPY.EXE, 00000064.00000002.2115643669.0000000000ECA000.00000004.00000020.00020000.00000000.sdmp, UNZIP.EXE, 00000066.00000002.2120076164.0000000000428000.00000040.00000001.01000000.00000026.sdmp, CPY.EXE, 0000006A.00000002.2122729835.0000000000629000.00000004.00000020.00020000.00000000.sdmp, CPY.EXE, 00000070.00000002.2131296204.0000000000CD9000.00000004.00000020.00020000.00000000.sdmp, sznpp.exe, 0000007C.00000000.2152804918.0000000000BFB000.00000002.00000001.01000000.0000002C.sdmp, UNZIP.EXE, 0000007D.00000002.2173171240.000000000042B000.00000040.00000001.01000000.00000026.sdmp	String found in binary or memory: http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
Source: 1a4e5ccd35a56d84281a143f831563be.exe, 0000000F.00000002.2435414779.0000000000414000.00000004.00000001.01000000.00000006.sdmp, setuppicasa39-setup.exe, 00000010.00000002.1664870898.000000000459F000.00000004.00000020.00020000.00000000.sdmp, setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000032A7000.00000004.00000020.00020000.00000000.sdmp, setuppicasa39-setup.exe, 00000010.00000002.1664870898.0000000002E88000.00000004.00000020.00020000.00000000.sdmp, setuppicasa39-setup.exe, 00000010.00000002.1664870898.000000000467E000.00000004.00000020.00020000.00000000.sdmp, setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000029F6000.00000004.00000020.00020000.00000000.sdmp, PicasaPhotoViewer.exe, 00000015.00000003.1750870600.0000000000AEB000.00000004.00000020.00020000.00000000.sdmp, PicasaPhotoViewer.exe, 00000015.00000002.1780753263.0000000003B00000.00000004.00000020.00020000.00000000.sdmp, PicasaPhotoViewer.exe, 00000015.00000003.1775638859.0000000000A66000.00000004.00000020.00020000.00000000.sdmp, UNZIP.EXE, 00000026.00000002.1812336800.0000000000430000.00000040.00000001.01000000.00000020.sdmp, UNZIP.EXE, 00000028.00000002.1816767609.000000000042B000.00000040.00000001.01000000.00000020.sdmp, UNZIP.EXE, 00000058.00000002.2099499225.0000000000428000.00000040.00000001.01000000.00000026.sdmp, CPY.EXE, 0000005C.00000002.2102179386.0000000000B00000.00000004.00000020.00020000.00000000.sdmp, UNZIP.EXE, 0000005D.00000002.2105385323.0000000000428000.00000040.00000001.01000000.00000026.sdmp, CPY.EXE, 00000061.00000002.2108099884.0000000000E09000.00000004.00000020.00020000.00000000.sdmp, CPY.EXE, 00000064.00000002.2115643669.0000000000ECA000.00000004.00000020.00020000.00000000.sdmp, UNZIP.EXE, 00000066.00000002.2120076164.0000000000428000.00000040.00000001.01000000.00000026.sdmp, CPY.EXE, 0000006A.00000002.2122729835.0000000000629000.00000004.00000020.00020000.00000000.sdmp, CPY.EXE, 00000070.00000002.2131296204.0000000000CD9000.00000004.00000020.00020000.00000000.sdmp, sznpp.exe, 0000007C.00000000.2152804918.0000000000BFB000.00000002.00000001.01000000.0000002C.sdmp, UNZIP.EXE, 0000007D.00000002.2173171240.000000000042B000.00000040.00000001.01000000.00000026.sdmp	String found in binary or memory: http://ts-ocsp.ws.symantec.com07
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.0000000003831000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://updates.picasasoftware.com/picasa2/public/currentversion.ini
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: http://uploads.gdata.youtube.com
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: http://uploads.gdata.youtube.comhttp://gdata.youtube.comhttp://search.yahoo.com/mrss/http://gdata.yo
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: http://video.google.com
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: http://video.google.com/googleplayer.swf?videoUrl=%s
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: http://video.google.com/googleplayer.swf?videoUrl=%s&autoplay=yes
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: http://vp.video.google.com/videodownload?version=0&secureurl=jgAAADNI5rdEqehq2NF9eKwMNPUIAAq3YqAYcNm
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.0000000004788000.00000004.00000020.00020000.00000000.sdmp, setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000031AA000.00000004.00000020.00020000.00000000.sdmp, setuppicasa39-setup.exe, 00000010.00000002.1664870898.0000000004419000.00000004.00000020.00020000.00000000.sdmp, setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000035FF000.00000004.00000020.00020000.00000000.sdmp, GPhotos.scr, 00000011.00000002.1554998935.0000000002750000.00000004.00000020.00020000.00000000.sdmp, GPhotos.scr, 00000011.00000000.1542724484.000000000062E000.00000002.00000001.01000000.0000000F.sdmp, Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp, Picasa3.exe, 00000014.00000002.2482072226.0000000002EAA000.00000004.00000020.00020000.00000000.sdmp, PicasaPhotoViewer.exe, 00000015.00000000.1692209976.000000000070D000.00000002.00000001.01000000.00000019.sdmp, PicasaPhotoViewer.exe, 00000015.00000003.1775225286.0000000002848000.00000004.00000020.00020000.00000000.sdmp, PicasaPhotoViewer.exe, 00000015.00000003.1770457054.0000000002847000.00000004.00000020.00020000.00000000.sdmp, PicasaPhotoViewer.exe, 00000015.00000003.1774341456.0000000002847000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.aiim.org/pdfa/ns/extension/
Source: Picasa3.exe, 00000014.00000002.2482072226.0000000002EAA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.aiim.org/pdfa/ns/extension/#6
Source: GPhotos.scr, 00000011.00000002.1554998935.0000000002750000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.aiim.org/pdfa/ns/extension/rceRef#
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.0000000004788000.00000004.00000020.00020000.00000000.sdmp, setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000031AA000.00000004.00000020.00020000.00000000.sdmp, setuppicasa39-setup.exe, 00000010.00000002.1664870898.0000000004419000.00000004.00000020.00020000.00000000.sdmp, setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000035FF000.00000004.00000020.00020000.00000000.sdmp, GPhotos.scr, 00000011.00000002.1554998935.0000000002750000.00000004.00000020.00020000.00000000.sdmp, GPhotos.scr, 00000011.00000000.1542724484.000000000062E000.00000002.00000001.01000000.0000000F.sdmp, Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp, Picasa3.exe, 00000014.00000002.2482072226.0000000002EAA000.00000004.00000020.00020000.00000000.sdmp, PicasaPhotoViewer.exe, 00000015.00000003.1768334402.000000000284E000.00000004.00000020.00020000.00000000.sdmp, PicasaPhotoViewer.exe, 00000015.00000002.1779527117.0000000002854000.00000004.00000020.00020000.00000000.sdmp, PicasaPhotoViewer.exe, 00000015.00000000.1692209976.000000000070D000.00000002.00000001.01000000.00000019.sdmp	String found in binary or memory: http://www.aiim.org/pdfa/ns/field#
Source: GPhotos.scr, 00000011.00000002.1554998935.0000000002750000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.aiim.org/pdfa/ns/field#ersion#
Source: Picasa3.exe, 00000014.00000002.2482072226.0000000002EAA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.aiim.org/pdfa/ns/field#y#festItem#
Source: GPhotos.scr, 00000011.00000002.1554998935.0000000002750000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.aiim.org/pdfa/ns/field#y#mlns/o
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.0000000004788000.00000004.00000020.00020000.00000000.sdmp, setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000031AA000.00000004.00000020.00020000.00000000.sdmp, setuppicasa39-setup.exe, 00000010.00000002.1664870898.0000000004419000.00000004.00000020.00020000.00000000.sdmp, setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000035FF000.00000004.00000020.00020000.00000000.sdmp, GPhotos.scr, 00000011.00000002.1554998935.0000000002750000.00000004.00000020.00020000.00000000.sdmp, GPhotos.scr, 00000011.00000000.1542724484.000000000062E000.00000002.00000001.01000000.0000000F.sdmp, Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp, Picasa3.exe, 00000014.00000002.2482072226.0000000002EAA000.00000004.00000020.00020000.00000000.sdmp, PicasaPhotoViewer.exe, 00000015.00000000.1692209976.000000000070D000.00000002.00000001.01000000.00000019.sdmp, PicasaPhotoViewer.exe, 00000015.00000003.1775225286.0000000002848000.00000004.00000020.00020000.00000000.sdmp, PicasaPhotoViewer.exe, 00000015.00000003.1770457054.0000000002847000.00000004.00000020.00020000.00000000.sdmp, PicasaPhotoViewer.exe, 00000015.00000003.1774341456.0000000002847000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.aiim.org/pdfa/ns/id/
Source: GPhotos.scr, 00000011.00000002.1554998935.0000000002750000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.aiim.org/pdfa/ns/id/&#W
Source: Picasa3.exe, 00000014.00000002.2482072226.0000000002EAA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.aiim.org/pdfa/ns/id/9
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.0000000004788000.00000004.00000020.00020000.00000000.sdmp, setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000031AA000.00000004.00000020.00020000.00000000.sdmp, setuppicasa39-setup.exe, 00000010.00000002.1664870898.0000000004419000.00000004.00000020.00020000.00000000.sdmp, setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000035FF000.00000004.00000020.00020000.00000000.sdmp, GPhotos.scr, 00000011.00000002.1554998935.0000000002750000.00000004.00000020.00020000.00000000.sdmp, GPhotos.scr, 00000011.00000000.1542724484.000000000062E000.00000002.00000001.01000000.0000000F.sdmp, Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp, Picasa3.exe, 00000014.00000002.2482072226.0000000002EAA000.00000004.00000020.00020000.00000000.sdmp, PicasaPhotoViewer.exe, 00000015.00000003.1768334402.000000000284E000.00000004.00000020.00020000.00000000.sdmp, PicasaPhotoViewer.exe, 00000015.00000002.1779527117.0000000002854000.00000004.00000020.00020000.00000000.sdmp, PicasaPhotoViewer.exe, 00000015.00000000.1692209976.000000000070D000.00000002.00000001.01000000.00000019.sdmp	String found in binary or memory: http://www.aiim.org/pdfa/ns/property#
Source: GPhotos.scr, 00000011.00000002.1554998935.0000000002750000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.aiim.org/pdfa/ns/property#festItem#
Source: GPhotos.scr, 00000011.00000002.1554998935.0000000002750000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.aiim.org/pdfa/ns/property#mlns/
Source: Picasa3.exe, 00000014.00000002.2482072226.0000000002EAA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.aiim.org/pdfa/ns/property#mlns/m#_6
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.0000000004788000.00000004.00000020.00020000.00000000.sdmp, setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000031AA000.00000004.00000020.00020000.00000000.sdmp, setuppicasa39-setup.exe, 00000010.00000002.1664870898.0000000004419000.00000004.00000020.00020000.00000000.sdmp, setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000035FF000.00000004.00000020.00020000.00000000.sdmp, GPhotos.scr, 00000011.00000002.1554998935.0000000002750000.00000004.00000020.00020000.00000000.sdmp, GPhotos.scr, 00000011.00000000.1542724484.000000000062E000.00000002.00000001.01000000.0000000F.sdmp, Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp, Picasa3.exe, 00000014.00000002.2482072226.0000000002EAA000.00000004.00000020.00020000.00000000.sdmp, PicasaPhotoViewer.exe, 00000015.00000003.1768334402.000000000284E000.00000004.00000020.00020000.00000000.sdmp, PicasaPhotoViewer.exe, 00000015.00000002.1779527117.0000000002854000.00000004.00000020.00020000.00000000.sdmp, PicasaPhotoViewer.exe, 00000015.00000000.1692209976.000000000070D000.00000002.00000001.01000000.00000019.sdmp	String found in binary or memory: http://www.aiim.org/pdfa/ns/schema#
Source: GPhotos.scr, 00000011.00000002.1554998935.0000000002750000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.aiim.org/pdfa/ns/schema#nifestItem#
Source: Picasa3.exe, 00000014.00000002.2482072226.0000000002EAA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.aiim.org/pdfa/ns/schema#ual/1.0/
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.0000000004788000.00000004.00000020.00020000.00000000.sdmp, setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000031AA000.00000004.00000020.00020000.00000000.sdmp, setuppicasa39-setup.exe, 00000010.00000002.1664870898.0000000004419000.00000004.00000020.00020000.00000000.sdmp, setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000035FF000.00000004.00000020.00020000.00000000.sdmp, GPhotos.scr, 00000011.00000002.1554998935.0000000002750000.00000004.00000020.00020000.00000000.sdmp, GPhotos.scr, 00000011.00000000.1542724484.000000000062E000.00000002.00000001.01000000.0000000F.sdmp, Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp, Picasa3.exe, 00000014.00000002.2482072226.0000000002EAA000.00000004.00000020.00020000.00000000.sdmp, PicasaPhotoViewer.exe, 00000015.00000003.1768334402.000000000284E000.00000004.00000020.00020000.00000000.sdmp, PicasaPhotoViewer.exe, 00000015.00000002.1779527117.0000000002854000.00000004.00000020.00020000.00000000.sdmp, PicasaPhotoViewer.exe, 00000015.00000000.1692209976.000000000070D000.00000002.00000001.01000000.00000019.sdmp	String found in binary or memory: http://www.aiim.org/pdfa/ns/type#
Source: GPhotos.scr, 00000011.00000002.1554998935.0000000002750000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.aiim.org/pdfa/ns/type#ManifestItem#
Source: GPhotos.scr, 00000011.00000002.1554998935.0000000002750000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.aiim.org/pdfa/ns/type#ty#
Source: Picasa3.exe, 00000014.00000002.2482072226.0000000002EAA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.aiim.org/pdfa/ns/type#ty#mlns/
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.0000000004749000.00000004.00000020.00020000.00000000.sdmp, setuppicasa39-setup.exe, 00000010.00000002.1664870898.0000000004788000.00000004.00000020.00020000.00000000.sdmp, setuppicasa39-setup.exe, 00000010.00000002.1664870898.000000000467E000.00000004.00000020.00020000.00000000.sdmp, setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000029F6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.apple.com/DTDs/PropertyList-1.0.dtd
Source: Picasa3.exe, 00000014.00000002.2593399186.0000000007223000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.blogger.com/atom/ns#
Source: Picasa3.exe, 00000014.00000002.2506191744.0000000004241000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.blogger.com/feeds/1456569655786168306/posts/default
Source: Picasa3.exe, 00000014.00000002.2593399186.0000000007223000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2589400232.0000000007039000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.blogger.com/feeds/1456569655786168306/posts/default/1237605142260003533
Source: Picasa3.exe, 00000014.00000002.2593399186.0000000007223000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.blogger.com/feeds/1456569655786168306/posts/default/1272700194270571942
Source: Picasa3.exe, 00000014.00000002.2593399186.0000000007223000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2589400232.0000000007039000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.blogger.com/feeds/1456569655786168306/posts/default/2231948156028307071
Source: Picasa3.exe, 00000014.00000002.2593399186.0000000007223000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.blogger.com/feeds/1456569655786168306/posts/default/3576455443803502313
Source: Picasa3.exe, 00000014.00000002.2593399186.0000000007223000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2589400232.0000000007039000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.blogger.com/feeds/1456569655786168306/posts/default/6597548198970830433
Source: Picasa3.exe, 00000014.00000002.2593399186.0000000007223000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2482072226.0000000002E7B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.blogger.com/profile/00823187511285450623
Source: Picasa3.exe, 00000014.00000002.2593399186.0000000007223000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.blogger.com/styles/atom.css
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000031AA000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp, PicasaPhotoViewer.exe, 00000015.00000000.1692209976.000000000070D000.00000002.00000001.01000000.00000019.sdmp	String found in binary or memory: http://www.georss.org/georss
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: http://www.georss.org/georssxmlns:georsshttp://www.opengis.net/gmlxmlns:gmlhttp://schemas.google.com
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.0000000003831000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp, Picasa3.exe, 00000014.00000002.2599824731.000000001000C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://www.google.com
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp, Picasa3.exe, 00000014.00000002.2506191744.000000000417F000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2506191744.0000000004241000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2593399186.0000000007223000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2593399186.000000000716B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.google.com/
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: http://www.google.com/You
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: http://www.google.com/intl/%s/privacypolicy.html
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.000000000467E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.google.com/picasa
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.0000000004788000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: http://www.google.com/privacypolicy.html
Source: setuppicasa39-setup.exe, setuppicasa39-setup.exe, 00000010.00000002.1704699696.0000000004CA3000.00000002.00000001.01000000.0000000C.sdmp	String found in binary or memory: http://www.google.com/search?q=
Source: Picasa3.exe, 00000014.00000002.2593399186.0000000007223000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.google.com/support/forum/p/Picasa">our
Source: Picasa3.exe, 00000014.00000002.2593399186.0000000007244000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2506191744.0000000004241000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.google.com/support/forum/p/Picasa?hl=en
Source: Picasa3.exe, 00000014.00000002.2593399186.0000000007223000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.google.com/support/forum/p/Picasa?hl=en"><span
Source: Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://www.google.com/support/forum/p/picasa?hl=pt_PT
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: http://www.google.com/support/picasa/?p=picasa_get_started
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: http://www.google.com/support/picasa/?p=picasa_get_startedUploadOptionMenu::usesize800800
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000031AA000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp, Picasa3.exe, 00000014.00000002.2596878839.000000000862D000.00000004.00000010.00020000.00000000.sdmp, PicasaPhotoViewer.exe, 00000015.00000000.1692209976.000000000070D000.00000002.00000001.01000000.00000019.sdmp	String found in binary or memory: http://www.google.com/update2/request
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: http://www.google.com/video/uploader/form/videoonline
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: http://www.google.com/video/uploader/form/videoonlinesessionStatusadditionalInfouploader_service.Goo
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: http://www.google.comLastCommentsPubDateLastActivityPubDateCActivityBackground
Source: Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://www.google.ro/policies/privacy/
Source: Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://www.google.ro/policies/terms/
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: http://www.macromedia.com/shockwave/download/index.cgi?P1_Prod_Version=ShockwaveFlash
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000031AA000.00000004.00000020.00020000.00000000.sdmp, setuppicasa39-setup.exe, 00000010.00000002.1664870898.0000000004419000.00000004.00000020.00020000.00000000.sdmp, setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000035FF000.00000004.00000020.00020000.00000000.sdmp, GPhotos.scr, 00000011.00000002.1554998935.0000000002750000.00000004.00000020.00020000.00000000.sdmp, GPhotos.scr, 00000011.00000000.1542724484.000000000062E000.00000002.00000001.01000000.0000000F.sdmp, Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp, Picasa3.exe, 00000014.00000002.2482072226.0000000002EAA000.00000004.00000020.00020000.00000000.sdmp, PicasaPhotoViewer.exe, 00000015.00000003.1768334402.000000000284E000.00000004.00000020.00020000.00000000.sdmp, PicasaPhotoViewer.exe, 00000015.00000002.1779527117.0000000002854000.00000004.00000020.00020000.00000000.sdmp, PicasaPhotoViewer.exe, 00000015.00000000.1692209976.000000000070D000.00000002.00000001.01000000.00000019.sdmp	String found in binary or memory: http://www.metadataworkinggroup.com/schemas/regions/
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.0000000004788000.00000004.00000020.00020000.00000000.sdmp, setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000031AA000.00000004.00000020.00020000.00000000.sdmp, setuppicasa39-setup.exe, 00000010.00000002.1664870898.0000000004419000.00000004.00000020.00020000.00000000.sdmp, setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000035FF000.00000004.00000020.00020000.00000000.sdmp, GPhotos.scr, 00000011.00000002.1554998935.0000000002750000.00000004.00000020.00020000.00000000.sdmp, GPhotos.scr, 00000011.00000000.1542724484.000000000062E000.00000002.00000001.01000000.0000000F.sdmp, Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp, Picasa3.exe, 00000014.00000002.2482072226.0000000002EAA000.00000004.00000020.00020000.00000000.sdmp, PicasaPhotoViewer.exe, 00000015.00000000.1692209976.000000000070D000.00000002.00000001.01000000.00000019.sdmp, PicasaPhotoViewer.exe, 00000015.00000003.1775225286.0000000002848000.00000004.00000020.00020000.00000000.sdmp, PicasaPhotoViewer.exe, 00000015.00000003.1770457054.0000000002847000.00000004.00000020.00020000.00000000.sdmp, PicasaPhotoViewer.exe, 00000015.00000003.1774341456.0000000002847000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.npes.org/pdfx/ns/id/
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000031AA000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp, PicasaPhotoViewer.exe, 00000015.00000000.1692209976.000000000070D000.00000002.00000001.01000000.00000019.sdmp	String found in binary or memory: http://www.opengis.net/gml
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: http://www.pheed.com/pheed/
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: http://www.pheed.com/pheed/xmlns:photohttp://search.yahoo.com/msrss/xmlns:mediahttp://picasaweb.goog
Source: Picasa3.exe, 00000014.00000002.2482072226.0000000002E92000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2599824731.000000001140C000.00000002.00000001.01000000.00000014.sdmp, Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp, Picasa3.exe, 00000014.00000003.1626203204.0000000003FB3000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2599824731.000000001000C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://www.picasa.com/contact/feedback.php
Source: Picasa3.exe, 00000012.00000000.1604678624.0000000000DF8000.00000002.00000001.01000000.00000012.sdmp, Picasa3.exe, 00000014.00000003.1626531844.00000000040E2000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2482072226.0000000002E92000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2599824731.000000001140C000.00000002.00000001.01000000.00000014.sdmp, Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp, Picasa3.exe, 00000014.00000003.1626203204.0000000003FB3000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2599824731.000000001000C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://www.picasa.com/support/
Source: Picasa3.exe, 00000014.00000002.2482072226.0000000002E92000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.picasa.com/support/n
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: http://www.picnik.com/service/
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: http://www.picnik.com/service/_ckeditpanel/picnikbasePicnikWarnDon
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.0000000003831000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.stereopsis.com/bg.gif);
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C40000.00000002.00000001.01000000.00000012.sdmp, PicasaPhotoViewer.exe, 00000015.00000000.1692209976.00000000006EA000.00000002.00000001.01000000.00000019.sdmp	String found in binary or memory: http://www.winimage.com/zLibDll
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000032A7000.00000004.00000020.00020000.00000000.sdmp, GPhotos.scr, 00000011.00000000.1542724484.0000000000610000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: http://www.winimage.com/zLibDlll
Source: Picasa3.exe, 00000014.00000002.2506191744.0000000004241000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.youtube.com/v/NDKFjc3_wrk&hl=en&fs=1
Source: Picasa3.exe, 00000014.00000002.2506191744.0000000004241000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.youtube.com/v/gYO2uhrIZJ4&hl=en&fs=1
Source: Picasa3.exe, 00000014.00000002.2506191744.0000000004241000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.youtube.com/v/gYO2uhrIZJ4&hl=en&fs=1&rel=0&hd=1
Source: Picasa3.exe, 00000014.00000002.2593399186.0000000007223000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.youtube.com/v/rskC6c_5L1M&amp;hl=en&amp;fs=1"
Source: Picasa3.exe, 00000014.00000002.2593399186.0000000007223000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.youtube.com/v/rskC6c_5L1M&amp;hl=en&amp;fs=1"><param
Source: Picasa3.exe, 00000014.00000002.2506191744.000000000417F000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2593399186.000000000716B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.youtube.com/v/rskC6c_5L1M&hl=en&fs=1
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp, Picasa3.exe, 00000014.00000003.1626531844.00000000040E2000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2482072226.0000000002E92000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2599824731.000000001140C000.00000002.00000001.01000000.00000014.sdmp, Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp, Picasa3.exe, 00000014.00000003.1626203204.0000000003FB3000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2599824731.000000001000C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://youtube.com/my_videos
Source: Picasa3.exe, 00000014.00000002.2599824731.000000001140C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://youtube.com/my_videos?hl=vi
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: http://youtube.com/my_videosCYouTubeUploader::urlmyvideosThere
Source: Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://youtube.com/sajat_videoklipek
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000031AA000.00000004.00000020.00020000.00000000.sdmp, setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000035FF000.00000004.00000020.00020000.00000000.sdmp, GPhotos.scr, 00000011.00000000.1542724484.000000000062E000.00000002.00000001.01000000.0000000F.sdmp, Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp, PicasaPhotoViewer.exe, 00000015.00000000.1692209976.000000000070D000.00000002.00000001.01000000.00000019.sdmp	String found in binary or memory: https://accounts.google.com/o/oauth2/
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000035FF000.00000004.00000020.00020000.00000000.sdmp, GPhotos.scr, 00000011.00000000.1542724484.000000000062E000.00000002.00000001.01000000.0000000F.sdmp, Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: https://accounts.google.com/o/oauth2/962788293942.apps.googleusercontent.comUigxU4n_nVPLcipw7lmKSWRn
Source: Picasa3.exe, 00000014.00000002.2593399186.0000000007223000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2593399186.000000000716B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhdYMorlhvaoU2vdx-Au0-wABULVhkz6vqRku4godi
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.0000000003831000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2563942835.0000000006BBD000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2506191744.0000000004114000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://client4.google.com/providers/printers2.html
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.0000000003831000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2563942835.0000000006BBD000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2506191744.0000000004114000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://client4.google.com/providers/xml
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.0000000004749000.00000004.00000020.00020000.00000000.sdmp, setuppicasa39-setup.exe, 00000010.00000002.1664870898.000000000467E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://clients2.google.com/cr
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000031AA000.00000004.00000020.00020000.00000000.sdmp, setuppicasa39-setup.exe, 00000010.00000002.1664870898.0000000004419000.00000004.00000020.00020000.00000000.sdmp, setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000035FF000.00000004.00000020.00020000.00000000.sdmp, GPhotos.scr, 00000011.00000000.1542724484.000000000062E000.00000002.00000001.01000000.0000000F.sdmp, Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp, PicasaPhotoViewer.exe, 00000015.00000000.1692209976.000000000070D000.00000002.00000001.01000000.00000019.sdmp	String found in binary or memory: https://clients2.google.com/cr/report
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000031AA000.00000004.00000020.00020000.00000000.sdmp, setuppicasa39-setup.exe, 00000010.00000002.1664870898.0000000004419000.00000004.00000020.00020000.00000000.sdmp, setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000035FF000.00000004.00000020.00020000.00000000.sdmp, GPhotos.scr, 00000011.00000000.1542724484.000000000062E000.00000002.00000001.01000000.0000000F.sdmp, Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp, PicasaPhotoViewer.exe, 00000015.00000000.1692209976.000000000070D000.00000002.00000001.01000000.00000019.sdmp	String found in binary or memory: https://clients2.google.com/cr/reportPicasaLastCrashDump
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.0000000004749000.00000004.00000020.00020000.00000000.sdmp, setuppicasa39-setup.exe, 00000010.00000002.1664870898.000000000467E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://clients2.google.com/cr3600200000YESTRUE1NOFALSE0Could
Source: Picasa3.exe, 00000014.00000003.2144975853.000000000123E000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000003.2141243034.0000000001221000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2467205779.000000000123E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://csp.withgoogle.com/csp/clientupdate-aus/1
Source: Picasa3.exe, 00000014.00000002.2593399186.0000000007223000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://img1.blogblog.com/img/b16-rounded.gif
Source: Picasa3.exe, 00000014.00000002.2593399186.0000000007223000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2593399186.000000000716B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://lh5.googleusercontent.com/torawRKsQC9zYeAfBTnwj0vDXOgZc_h0dLzbT9cuJHTARJVy8hKIualz1K6Eyxrk5N
Source: Picasa3.exe, 00000014.00000002.2593399186.0000000007223000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2593399186.000000000716B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://lh6.googleusercontent.com/U1Wgkz0b0L79g0MrXkIR-u3WrLnN-6LfWpKMewRPk7cimpKgDjQOFOB8iYJlE0WMtl
Source: Picasa3.exe, 00000014.00000002.2593399186.0000000007244000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2593399186.0000000007223000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://lh6.googleusercontent.com/cj7rHSEh-D7AQlIfvrTNPlz54826dAcKs41-1aVifrCkILBD5-XDZMBfl7sfLOw6oC
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000031AA000.00000004.00000020.00020000.00000000.sdmp, setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000035FF000.00000004.00000020.00020000.00000000.sdmp, GPhotos.scr, 00000011.00000000.1542724484.000000000062E000.00000002.00000001.01000000.0000000F.sdmp, Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp, PicasaPhotoViewer.exe, 00000015.00000000.1692209976.000000000070D000.00000002.00000001.01000000.00000019.sdmp	String found in binary or memory: https://mail.google.com/
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: https://mail.google.com/a/%s/?ui=pb&v=sm
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: https://mail.google.com/a/%s/?ui=pb&v=smhttps://mail.google.com/mail?ui=pb&v=sm%x%x%x%x-GMAIL_ATGMAI
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: https://mail.google.com/mail?ui=pb&v=sm
Source: 1a4e5ccd35a56d84281a143f831563be.exe, 0000000F.00000002.2419971867.000000000012E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://napoveda.seznam.cz/cz/smluvni-podminky/podminky-seznam-doplnky/0x00F1
Source: 1a4e5ccd35a56d84281a143f831563be.exe, 0000000F.00000002.2419971867.000000000012E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://napoveda.seznam.cz/cz/smluvni-podminky/podminky-seznam-doplnky/open
Source: Picasa3.exe, 00000014.00000002.2482072226.0000000002E92000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2506191744.0000000004241000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://photos.blogger.com/picasa-post.g
Source: Picasa3.exe, 00000014.00000002.2482072226.0000000002E92000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://photos.blogger.com/picasa-post.g(s
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: https://photos.google.com
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: https://photos.google.com/apps
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: https://photos.google.com/appslistboxcaptionpopuplistOriginal
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: https://photos.google.comvideoPostTargetresumableVideoUploadUrlupgradeVideoemailRelayupdateRequiredG
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000031AA000.00000004.00000020.00020000.00000000.sdmp, setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000035FF000.00000004.00000020.00020000.00000000.sdmp, GPhotos.scr, 00000011.00000000.1542724484.000000000062E000.00000002.00000001.01000000.0000000F.sdmp, Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp, PicasaPhotoViewer.exe, 00000015.00000000.1692209976.000000000070D000.00000002.00000001.01000000.00000019.sdmp	String found in binary or memory: https://picasaweb.google.com
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000031AA000.00000004.00000020.00020000.00000000.sdmp, setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000035FF000.00000004.00000020.00020000.00000000.sdmp, GPhotos.scr, 00000011.00000000.1542724484.000000000062E000.00000002.00000001.01000000.0000000F.sdmp, Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp, PicasaPhotoViewer.exe, 00000015.00000000.1692209976.000000000070D000.00000002.00000001.01000000.00000019.sdmp	String found in binary or memory: https://picasaweb.google.com/c/
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000035FF000.00000004.00000020.00020000.00000000.sdmp, GPhotos.scr, 00000011.00000000.1542724484.000000000062E000.00000002.00000001.01000000.0000000F.sdmp, Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: https://picasaweb.google.com/data/urls?version=1&alt=rss
Source: Picasa3.exe, 00000014.00000002.2506191744.0000000004241000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://picasaweb.google.com/data/urls?version=1&alt=rss&gl=CH
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000031AA000.00000004.00000020.00020000.00000000.sdmp, PicasaPhotoViewer.exe, 00000015.00000000.1692209976.000000000070D000.00000002.00000001.01000000.00000019.sdmp	String found in binary or memory: https://picasaweb.google.com/data/urls?version=1&alt=rssSoftware
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000031AA000.00000004.00000020.00020000.00000000.sdmp, setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000035FF000.00000004.00000020.00020000.00000000.sdmp, GPhotos.scr, 00000011.00000000.1542724484.000000000062E000.00000002.00000001.01000000.0000000F.sdmp, Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp, PicasaPhotoViewer.exe, 00000015.00000000.1692209976.000000000070D000.00000002.00000001.01000000.00000019.sdmp	String found in binary or memory: https://picasaweb.google.com/lh/picasaSignupRedir
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000031AA000.00000004.00000020.00020000.00000000.sdmp, setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000035FF000.00000004.00000020.00020000.00000000.sdmp, GPhotos.scr, 00000011.00000000.1542724484.000000000062E000.00000002.00000001.01000000.0000000F.sdmp, Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp, PicasaPhotoViewer.exe, 00000015.00000000.1692209976.000000000070D000.00000002.00000001.01000000.00000019.sdmp	String found in binary or memory: https://picasaweb.google.com/lh/picasaSignupRedirhttps://plus.google.com/https://www.google.com/acco
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000031AA000.00000004.00000020.00020000.00000000.sdmp, setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000035FF000.00000004.00000020.00020000.00000000.sdmp, GPhotos.scr, 00000011.00000000.1542724484.000000000062E000.00000002.00000001.01000000.0000000F.sdmp, Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp, PicasaPhotoViewer.exe, 00000015.00000000.1692209976.000000000070D000.00000002.00000001.01000000.00000019.sdmp	String found in binary or memory: https://plus.google.com/
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: https://plus.google.com/photos/%s/albums/%s
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: https://plus.google.com/photos/%s/albums/%sNot
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.0000000003831000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2506191744.0000000004241000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2482072226.0000000002E7B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://secure.picasa.com/support/account.php
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.0000000003831000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2506191744.0000000004241000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2482072226.0000000002F0B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://secure.picasa.com/support/account.php?do=password
Source: Picasa3.exe, 00000014.00000002.2506191744.0000000004241000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2599824731.000000001140C000.00000002.00000001.01000000.00000014.sdmp, Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp, Picasa3.exe, 00000014.00000003.1626203204.0000000003FB3000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2599824731.000000001000C000.00000002.00000001.01000000.00000014.sdmp, Picasa3.exe, 00000014.00000002.2482072226.0000000002E7B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://secure.picasa.com/support/register.php
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: https://support.google.com/drive/?p=picasa
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.0000000003831000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2599824731.000000001000C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: https://support.google.com/photos/?p=storage
Source: Picasa3.exe, 00000014.00000002.2506191744.0000000004241000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://support.google.com/picasa/answer/52532?hl=en
Source: setuppicasa39-setup.exe, 00000010.00000003.1659418312.000000000067F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://support.google.com/plus/?p=gpautobackupPublisherGoogle
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.0000000003831000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://support.google.com/plus/answer/1647509#cost
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: https://uploader.picasa.com/froogle.php?q=%s
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: https://uploader.picasa.com/froogle.php?q=%sthumbui/mainuipanelthumbui/acquirepanelthumbui/infowellt
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: https://uploader.picasa.com/providers/php/generate.xml.php?prID=%s&country=%s
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: https://uploader.picasa.com/providers/php/generate.xml.php?prID=%s&country=%sclientlanguagehttp://lo
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000031AA000.00000004.00000020.00020000.00000000.sdmp, setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000035FF000.00000004.00000020.00020000.00000000.sdmp, GPhotos.scr, 00000011.00000000.1542724484.000000000062E000.00000002.00000001.01000000.0000000F.sdmp, Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp, PicasaPhotoViewer.exe, 00000015.00000000.1692209976.000000000070D000.00000002.00000001.01000000.00000019.sdmp	String found in binary or memory: https://www-googleapis-staging.sandbox.google.com
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000031AA000.00000004.00000020.00020000.00000000.sdmp, setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000035FF000.00000004.00000020.00020000.00000000.sdmp, GPhotos.scr, 00000011.00000000.1542724484.000000000062E000.00000002.00000001.01000000.0000000F.sdmp, Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp, PicasaPhotoViewer.exe, 00000015.00000000.1692209976.000000000070D000.00000002.00000001.01000000.00000019.sdmp	String found in binary or memory: https://www-googleapis-test.sandbox.google.com
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000031AA000.00000004.00000020.00020000.00000000.sdmp, setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000035FF000.00000004.00000020.00020000.00000000.sdmp, GPhotos.scr, 00000011.00000000.1542724484.000000000062E000.00000002.00000001.01000000.0000000F.sdmp, Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp, PicasaPhotoViewer.exe, 00000015.00000000.1692209976.000000000070D000.00000002.00000001.01000000.00000019.sdmp	String found in binary or memory: https://www-googleapis-test.sandbox.google.comhttps://www-googleapis-staging.sandbox.google.comhttps
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.0000000003831000.00000004.00000020.00020000.00000000.sdmp, setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000031AA000.00000004.00000020.00020000.00000000.sdmp, setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000035FF000.00000004.00000020.00020000.00000000.sdmp, GPhotos.scr, 00000011.00000000.1542724484.000000000062E000.00000002.00000001.01000000.0000000F.sdmp, Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp, Picasa3.exe, 00000014.00000002.2506191744.0000000004241000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2482072226.0000000002EAA000.00000004.00000020.00020000.00000000.sdmp, PicasaPhotoViewer.exe, 00000015.00000000.1692209976.000000000070D000.00000002.00000001.01000000.00000019.sdmp	String found in binary or memory: https://www.google.com
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000032A7000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2599824731.000000001140C000.00000002.00000001.01000000.00000014.sdmp, PicasaPhotoViewer.exe, 00000015.00000000.1697683801.0000000000864000.00000002.00000001.01000000.00000019.sdmp	String found in binary or memory: https://www.google.com.tr/accounts/ForgotPasswd
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000031AA000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp, PicasaPhotoViewer.exe, 00000015.00000000.1692209976.000000000070D000.00000002.00000001.01000000.00000019.sdmp	String found in binary or memory: https://www.google.com/
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000031AA000.00000004.00000020.00020000.00000000.sdmp, PicasaPhotoViewer.exe, 00000015.00000000.1692209976.000000000070D000.00000002.00000001.01000000.00000019.sdmp	String found in binary or memory: https://www.google.com/Working
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000032A7000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000003.1626531844.00000000040E2000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2599824731.000000001140C000.00000002.00000001.01000000.00000014.sdmp, Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp, Picasa3.exe, 00000014.00000003.1626203204.0000000003FB3000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2599824731.000000001000C000.00000002.00000001.01000000.00000014.sdmp, Picasa3.exe, 00000014.00000002.2482072226.0000000002E7B000.00000004.00000020.00020000.00000000.sdmp, PicasaPhotoViewer.exe, 00000015.00000003.1768334402.000000000284E000.00000004.00000020.00020000.00000000.sdmp, PicasaPhotoViewer.exe, 00000015.00000003.1770457054.0000000002831000.00000004.00000020.00020000.00000000.sdmp, PicasaPhotoViewer.exe, 00000015.00000003.1774735111.0000000002835000.00000004.00000020.00020000.00000000.sdmp, PicasaPhotoViewer.exe, 00000015.00000000.1697683801.0000000000864000.00000002.00000001.01000000.00000019.sdmp, PicasaPhotoViewer.exe, 00000015.00000003.1775225286.000000000283A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/accounts/ForgotPasswd
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000032A7000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp, PicasaPhotoViewer.exe, 00000015.00000000.1697683801.0000000000864000.00000002.00000001.01000000.00000019.sdmp	String found in binary or memory: https://www.google.com/accounts/ForgotPasswd?hl=pt_BR
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000031AA000.00000004.00000020.00020000.00000000.sdmp, setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000035FF000.00000004.00000020.00020000.00000000.sdmp, GPhotos.scr, 00000011.00000000.1542724484.000000000062E000.00000002.00000001.01000000.0000000F.sdmp, Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp, PicasaPhotoViewer.exe, 00000015.00000000.1692209976.000000000070D000.00000002.00000001.01000000.00000019.sdmp	String found in binary or memory: https://www.google.com/accounts/NewAccount?service=mail
Source: Picasa3.exe, 00000014.00000002.2506191744.0000000004241000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/accounts/NewAccount?service=videoonline
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000031AA000.00000004.00000020.00020000.00000000.sdmp, setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000035FF000.00000004.00000020.00020000.00000000.sdmp, GPhotos.scr, 00000011.00000000.1542724484.000000000062E000.00000002.00000001.01000000.0000000F.sdmp, Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp, PicasaPhotoViewer.exe, 00000015.00000000.1692209976.000000000070D000.00000002.00000001.01000000.00000019.sdmp	String found in binary or memory: https://www.google.com/accounts/OAuthLogin
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000031AA000.00000004.00000020.00020000.00000000.sdmp, setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000035FF000.00000004.00000020.00020000.00000000.sdmp, GPhotos.scr, 00000011.00000000.1542724484.000000000062E000.00000002.00000001.01000000.0000000F.sdmp, Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp, PicasaPhotoViewer.exe, 00000015.00000000.1692209976.000000000070D000.00000002.00000001.01000000.00000019.sdmp	String found in binary or memory: https://www.google.com/accounts/OAuthLoginhttps://picasaweb.google.com/c/https://www.google.com/m8/f
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000032A7000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2599824731.000000001000C000.00000002.00000001.01000000.00000014.sdmp, PicasaPhotoViewer.exe, 00000015.00000000.1697683801.0000000000864000.00000002.00000001.01000000.00000019.sdmp	String found in binary or memory: https://www.google.com/accounts/ServiceLogin?hl=ar_US&continue=http%3A%2F%2Fpicasaweb.google.com
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000032A7000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2599824731.000000001000C000.00000002.00000001.01000000.00000014.sdmp, PicasaPhotoViewer.exe, 00000015.00000000.1697683801.0000000000864000.00000002.00000001.01000000.00000019.sdmp	String found in binary or memory: https://www.google.com/accounts/ServiceLogin?hl=bg&continue=http%3A%2F%2Fpicasaweb.google.com%2F
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000032A7000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2599824731.000000001000C000.00000002.00000001.01000000.00000014.sdmp, PicasaPhotoViewer.exe, 00000015.00000000.1697683801.0000000000864000.00000002.00000001.01000000.00000019.sdmp	String found in binary or memory: https://www.google.com/accounts/ServiceLogin?hl=ca_ES&continue=http%3A%2F%2Fpicasaweb.google.com
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000032A7000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2599824731.000000001000C000.00000002.00000001.01000000.00000014.sdmp, PicasaPhotoViewer.exe, 00000015.00000000.1697683801.0000000000864000.00000002.00000001.01000000.00000019.sdmp	String found in binary or memory: https://www.google.com/accounts/ServiceLogin?hl=cs&continue=http%3A%2F%2Fpicasaweb.google.com%2F
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000032A7000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2599824731.000000001000C000.00000002.00000001.01000000.00000014.sdmp, PicasaPhotoViewer.exe, 00000015.00000000.1697683801.0000000000864000.00000002.00000001.01000000.00000019.sdmp	String found in binary or memory: https://www.google.com/accounts/ServiceLogin?hl=de_DE&continue=http%3A%2F%2Fpicasaweb.google.com
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000032A7000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2599824731.000000001000C000.00000002.00000001.01000000.00000014.sdmp, PicasaPhotoViewer.exe, 00000015.00000000.1697683801.0000000000864000.00000002.00000001.01000000.00000019.sdmp	String found in binary or memory: https://www.google.com/accounts/ServiceLogin?hl=el&continue=http%3A%2F%2Fpicasaweb.google.com%2F
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000032A7000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2599824731.000000001000C000.00000002.00000001.01000000.00000014.sdmp, PicasaPhotoViewer.exe, 00000015.00000000.1697683801.0000000000864000.00000002.00000001.01000000.00000019.sdmp	String found in binary or memory: https://www.google.com/accounts/ServiceLogin?hl=en_GB&continue=http%3A%2F%2Fpicasaweb.google.com
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000032A7000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000003.1626531844.00000000040E2000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2599824731.000000001140C000.00000002.00000001.01000000.00000014.sdmp, Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp, Picasa3.exe, 00000014.00000003.1626203204.0000000003FB3000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2599824731.000000001000C000.00000002.00000001.01000000.00000014.sdmp, PicasaPhotoViewer.exe, 00000015.00000003.1768334402.000000000284E000.00000004.00000020.00020000.00000000.sdmp, PicasaPhotoViewer.exe, 00000015.00000000.1697683801.0000000000864000.00000002.00000001.01000000.00000019.sdmp	String found in binary or memory: https://www.google.com/accounts/ServiceLogin?hl=en_US&continue=http%3A%2F%2Fpicasaweb.google.com
Source: Picasa3.exe, 00000014.00000002.2482072226.0000000002EAA000.00000004.00000020.00020000.00000000.sdmp, PicasaPhotoViewer.exe, 00000015.00000003.1768334402.000000000284E000.00000004.00000020.00020000.00000000.sdmp, PicasaPhotoViewer.exe, 00000015.00000002.1779594524.000000000285D000.00000004.00000020.00020000.00000000.sdmp, PicasaPhotoViewer.exe, 00000015.00000003.1775391488.000000000285D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/accounts/ServiceLogin?hl=en_US&continue=http%3A%2F%2Fpicasaweb.google.com%2Fh
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000032A7000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2599824731.000000001000C000.00000002.00000001.01000000.00000014.sdmp, PicasaPhotoViewer.exe, 00000015.00000000.1697683801.0000000000864000.00000002.00000001.01000000.00000019.sdmp	String found in binary or memory: https://www.google.com/accounts/ServiceLogin?hl=es_ES&continue=http%3A%2F%2Fpicasaweb.google.com
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000032A7000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp, PicasaPhotoViewer.exe, 00000015.00000000.1697683801.0000000000864000.00000002.00000001.01000000.00000019.sdmp	String found in binary or memory: https://www.google.com/accounts/ServiceLogin?hl=fi_fi&continue=http%3A%2F%2Fpicasaweb.google.com
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000032A7000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp, PicasaPhotoViewer.exe, 00000015.00000000.1697683801.0000000000864000.00000002.00000001.01000000.00000019.sdmp	String found in binary or memory: https://www.google.com/accounts/ServiceLogin?hl=fil_PH&continue=http%3A%2F%2Fpicasaweb.google.co
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000032A7000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp, PicasaPhotoViewer.exe, 00000015.00000000.1697683801.0000000000864000.00000002.00000001.01000000.00000019.sdmp	String found in binary or memory: https://www.google.com/accounts/ServiceLogin?hl=fr_FR&continue=http%3A%2F%2Fpicasaweb.google.com
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000032A7000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp, PicasaPhotoViewer.exe, 00000015.00000000.1697683801.0000000000864000.00000002.00000001.01000000.00000019.sdmp	String found in binary or memory: https://www.google.com/accounts/ServiceLogin?hl=hu_HU&continue=http%3A%2F%2Fpicasaweb.google.com
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000032A7000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp, PicasaPhotoViewer.exe, 00000015.00000000.1697683801.0000000000864000.00000002.00000001.01000000.00000019.sdmp	String found in binary or memory: https://www.google.com/accounts/ServiceLogin?hl=id_ID&continue=http%3A%2F%2Fpicasaweb.google.com
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000032A7000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp, PicasaPhotoViewer.exe, 00000015.00000000.1697683801.0000000000864000.00000002.00000001.01000000.00000019.sdmp	String found in binary or memory: https://www.google.com/accounts/ServiceLogin?hl=it&continue=http%3A%2F%2Fpicasaweb.google.com%2F
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000032A7000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp, PicasaPhotoViewer.exe, 00000015.00000000.1697683801.0000000000864000.00000002.00000001.01000000.00000019.sdmp	String found in binary or memory: https://www.google.com/accounts/ServiceLogin?hl=ja_JP&continue=http%3A%2F%2Fpicasaweb.google.com
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000032A7000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp, PicasaPhotoViewer.exe, 00000015.00000000.1697683801.0000000000864000.00000002.00000001.01000000.00000019.sdmp	String found in binary or memory: https://www.google.com/accounts/ServiceLogin?hl=ko_KR&continue=http%3A%2F%2Fpicasaweb.google.com
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000032A7000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp, PicasaPhotoViewer.exe, 00000015.00000000.1697683801.0000000000864000.00000002.00000001.01000000.00000019.sdmp	String found in binary or memory: https://www.google.com/accounts/ServiceLogin?hl=lv_LV&continue=http%3A%2F%2Fpicasaweb.google.com
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000032A7000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp, PicasaPhotoViewer.exe, 00000015.00000000.1697683801.0000000000864000.00000002.00000001.01000000.00000019.sdmp	String found in binary or memory: https://www.google.com/accounts/ServiceLogin?hl=nl_US&continue=http%3A%2F%2Fpicasaweb.google.com
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000032A7000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp, PicasaPhotoViewer.exe, 00000015.00000000.1697683801.0000000000864000.00000002.00000001.01000000.00000019.sdmp	String found in binary or memory: https://www.google.com/accounts/ServiceLogin?hl=no_US&continue=http%3A%2F%2Fpicasaweb.google.com
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000032A7000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp, PicasaPhotoViewer.exe, 00000015.00000000.1697683801.0000000000864000.00000002.00000001.01000000.00000019.sdmp	String found in binary or memory: https://www.google.com/accounts/ServiceLogin?hl=pl&continue=http%3A%2F%2Fpicasaweb.google.com%2F
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000032A7000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp, PicasaPhotoViewer.exe, 00000015.00000000.1697683801.0000000000864000.00000002.00000001.01000000.00000019.sdmp	String found in binary or memory: https://www.google.com/accounts/ServiceLogin?hl=pt_BR&continue=http%3A%2F%2Fpicasaweb.google.com
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000032A7000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp, PicasaPhotoViewer.exe, 00000015.00000000.1697683801.0000000000864000.00000002.00000001.01000000.00000019.sdmp	String found in binary or memory: https://www.google.com/accounts/ServiceLogin?hl=pt_PT&continue=http%3A%2F%2Fpicasaweb.google.com
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000032A7000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp, PicasaPhotoViewer.exe, 00000015.00000000.1697683801.0000000000864000.00000002.00000001.01000000.00000019.sdmp	String found in binary or memory: https://www.google.com/accounts/ServiceLogin?hl=ro&continue=http%3A%2F%2Fpicasaweb.google.com%2F
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000032A7000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp, PicasaPhotoViewer.exe, 00000015.00000000.1697683801.0000000000864000.00000002.00000001.01000000.00000019.sdmp	String found in binary or memory: https://www.google.com/accounts/ServiceLogin?hl=ru&continue=http%3A%2F%2Fpicasaweb.google.com%2F
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000032A7000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp, PicasaPhotoViewer.exe, 00000015.00000000.1697683801.0000000000864000.00000002.00000001.01000000.00000019.sdmp	String found in binary or memory: https://www.google.com/accounts/ServiceLogin?hl=sl_SI&continue=http%3A%2F%2Fpicasaweb.google.com
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000032A7000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp, PicasaPhotoViewer.exe, 00000015.00000000.1697683801.0000000000864000.00000002.00000001.01000000.00000019.sdmp	String found in binary or memory: https://www.google.com/accounts/ServiceLogin?hl=sv_SE&continue=http%3A%2F%2Fpicasaweb.google.com
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000032A7000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2599824731.000000001140C000.00000002.00000001.01000000.00000014.sdmp, PicasaPhotoViewer.exe, 00000015.00000000.1697683801.0000000000864000.00000002.00000001.01000000.00000019.sdmp	String found in binary or memory: https://www.google.com/accounts/ServiceLogin?hl=th&
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000032A7000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2599824731.000000001140C000.00000002.00000001.01000000.00000014.sdmp, PicasaPhotoViewer.exe, 00000015.00000000.1697683801.0000000000864000.00000002.00000001.01000000.00000019.sdmp	String found in binary or memory: https://www.google.com/accounts/ServiceLogin?hl=tr&continue=http%3A%2F%2Fpicasaweb.google.com%2F
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000032A7000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2599824731.000000001140C000.00000002.00000001.01000000.00000014.sdmp, PicasaPhotoViewer.exe, 00000015.00000000.1697683801.0000000000864000.00000002.00000001.01000000.00000019.sdmp	String found in binary or memory: https://www.google.com/accounts/ServiceLogin?hl=vi_VN&continue=http%3A%2F%2Fpicasaweb.google.com
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000032A7000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2599824731.000000001140C000.00000002.00000001.01000000.00000014.sdmp, PicasaPhotoViewer.exe, 00000015.00000000.1697683801.0000000000864000.00000002.00000001.01000000.00000019.sdmp	String found in binary or memory: https://www.google.com/accounts/ServiceLogin?hl=zh_CN&continue=http%3A%2F%2Fpicasaweb.google.com
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: https://www.google.com/contacts
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: https://www.google.com/contactsrefresh_contactsonline_contactcountsyncgplusrevertcreateemailsfullnam
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.0000000003831000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2599824731.000000001000C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: https://www.google.com/intl/en/policies/privacy/
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.0000000003831000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2599824731.000000001000C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: https://www.google.com/intl/en/policies/terms/
Source: Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: https://www.google.com/intl/iw/policies/privacy/
Source: Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: https://www.google.com/intl/iw/policies/terms/
Source: Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp, Picasa3.exe, 00000014.00000002.2599824731.000000001000C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: https://www.google.com/intl/pt-BR/policies/privacy/
Source: Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp, Picasa3.exe, 00000014.00000002.2599824731.000000001000C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: https://www.google.com/intl/pt-BR/policies/terms/
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000031AA000.00000004.00000020.00020000.00000000.sdmp, setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000035FF000.00000004.00000020.00020000.00000000.sdmp, GPhotos.scr, 00000011.00000000.1542724484.000000000062E000.00000002.00000001.01000000.0000000F.sdmp, Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp, PicasaPhotoViewer.exe, 00000015.00000000.1692209976.000000000070D000.00000002.00000001.01000000.00000019.sdmp	String found in binary or memory: https://www.google.com/m8/feeds/
Source: Picasa3.exe, 00000014.00000002.2482072226.0000000002E92000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2599824731.000000001140C000.00000002.00000001.01000000.00000014.sdmp, Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp, Picasa3.exe, 00000014.00000003.1626203204.0000000003FB3000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2599824731.000000001000C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: https://www.google.com/policies/privacy/
Source: setuppicasa39-setup.exe, 00000010.00000003.1659418312.000000000067F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/policies/privacy/http://www.google.ro/policies/privacy/https://www.google.com
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.0000000003831000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2599824731.000000001000C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: https://www.google.com/policies/terms
Source: Picasa3.exe, 00000014.00000002.2482072226.0000000002E92000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2599824731.000000001140C000.00000002.00000001.01000000.00000014.sdmp, Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp, Picasa3.exe, 00000014.00000003.1626203204.0000000003FB3000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2599824731.000000001000C000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: https://www.google.com/policies/terms/
Source: setuppicasa39-setup.exe, 00000010.00000003.1659418312.000000000067F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/policies/terms/http://www.google.ro/policies/terms/https://www.google.com/int
Source: Picasa3.exe, 00000014.00000002.2482072226.0000000002E92000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/tbproxy/usagestats
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: https://www.google.com/tbproxy/usagestatsLastStatsTransmissionpicasa
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000032A7000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2599824731.000000001000C000.00000002.00000001.01000000.00000014.sdmp, PicasaPhotoViewer.exe, 00000015.00000000.1697683801.0000000000864000.00000002.00000001.01000000.00000019.sdmp	String found in binary or memory: https://www.google.cz/accounts/ForgotPasswd
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000032A7000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2599824731.000000001000C000.00000002.00000001.01000000.00000014.sdmp, PicasaPhotoViewer.exe, 00000015.00000000.1697683801.0000000000864000.00000002.00000001.01000000.00000019.sdmp	String found in binary or memory: https://www.google.de/accounts/ForgotPasswd
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000032A7000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2599824731.000000001000C000.00000002.00000001.01000000.00000014.sdmp, PicasaPhotoViewer.exe, 00000015.00000000.1697683801.0000000000864000.00000002.00000001.01000000.00000019.sdmp	String found in binary or memory: https://www.google.es/accounts/ForgotPasswd
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000032A7000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp, PicasaPhotoViewer.exe, 00000015.00000000.1697683801.0000000000864000.00000002.00000001.01000000.00000019.sdmp	String found in binary or memory: https://www.google.nl/accounts/ForgotPasswd
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000032A7000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp, PicasaPhotoViewer.exe, 00000015.00000000.1697683801.0000000000864000.00000002.00000001.01000000.00000019.sdmp	String found in binary or memory: https://www.google.rs/accounts/ForgotPasswd
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000032A7000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp, PicasaPhotoViewer.exe, 00000015.00000000.1697683801.0000000000864000.00000002.00000001.01000000.00000019.sdmp	String found in binary or memory: https://www.google.rs/accounts/ServiceLogin?hl=sr&continue=http%3A%2F%2Fpicasaweb.google.rs%2Fho
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000031AA000.00000004.00000020.00020000.00000000.sdmp, setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000035FF000.00000004.00000020.00020000.00000000.sdmp, GPhotos.scr, 00000011.00000000.1542724484.000000000062E000.00000002.00000001.01000000.0000000F.sdmp, Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp, PicasaPhotoViewer.exe, 00000015.00000000.1692209976.000000000070D000.00000002.00000001.01000000.00000019.sdmp	String found in binary or memory: https://www.googleapis.com
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000031AA000.00000004.00000020.00020000.00000000.sdmp, setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000035FF000.00000004.00000020.00020000.00000000.sdmp, GPhotos.scr, 00000011.00000000.1542724484.000000000062E000.00000002.00000001.01000000.0000000F.sdmp, Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp, PicasaPhotoViewer.exe, 00000015.00000000.1692209976.000000000070D000.00000002.00000001.01000000.00000019.sdmp	String found in binary or memory: https://www.googleapis.com/auth/photos
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000031AA000.00000004.00000020.00020000.00000000.sdmp, setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000035FF000.00000004.00000020.00020000.00000000.sdmp, GPhotos.scr, 00000011.00000000.1542724484.000000000062E000.00000002.00000001.01000000.0000000F.sdmp, Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp, PicasaPhotoViewer.exe, 00000015.00000000.1692209976.000000000070D000.00000002.00000001.01000000.00000019.sdmp	String found in binary or memory: https://www.googleapis.com/auth/plus.circles.read
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000031AA000.00000004.00000020.00020000.00000000.sdmp, setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000035FF000.00000004.00000020.00020000.00000000.sdmp, GPhotos.scr, 00000011.00000000.1542724484.000000000062E000.00000002.00000001.01000000.0000000F.sdmp, Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp, PicasaPhotoViewer.exe, 00000015.00000000.1692209976.000000000070D000.00000002.00000001.01000000.00000019.sdmp	String found in binary or memory: https://www.googleapis.com/auth/plus.me
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000031AA000.00000004.00000020.00020000.00000000.sdmp, setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000035FF000.00000004.00000020.00020000.00000000.sdmp, GPhotos.scr, 00000011.00000000.1542724484.000000000062E000.00000002.00000001.01000000.0000000F.sdmp, Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp, PicasaPhotoViewer.exe, 00000015.00000000.1692209976.000000000070D000.00000002.00000001.01000000.00000019.sdmp	String found in binary or memory: https://www.googleapis.com/auth/plus.media.readonly
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000031AA000.00000004.00000020.00020000.00000000.sdmp, setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000035FF000.00000004.00000020.00020000.00000000.sdmp, GPhotos.scr, 00000011.00000000.1542724484.000000000062E000.00000002.00000001.01000000.0000000F.sdmp, Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp, PicasaPhotoViewer.exe, 00000015.00000000.1692209976.000000000070D000.00000002.00000001.01000000.00000019.sdmp	String found in binary or memory: https://www.googleapis.com/auth/plus.media.upload
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000031AA000.00000004.00000020.00020000.00000000.sdmp, setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000035FF000.00000004.00000020.00020000.00000000.sdmp, GPhotos.scr, 00000011.00000000.1542724484.000000000062E000.00000002.00000001.01000000.0000000F.sdmp, Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp, PicasaPhotoViewer.exe, 00000015.00000000.1692209976.000000000070D000.00000002.00000001.01000000.00000019.sdmp	String found in binary or memory: https://www.googleapis.com/auth/plus.profiles.read
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000031AA000.00000004.00000020.00020000.00000000.sdmp, setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000035FF000.00000004.00000020.00020000.00000000.sdmp, GPhotos.scr, 00000011.00000000.1542724484.000000000062E000.00000002.00000001.01000000.0000000F.sdmp, Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp, PicasaPhotoViewer.exe, 00000015.00000000.1692209976.000000000070D000.00000002.00000001.01000000.00000019.sdmp	String found in binary or memory: https://www.googleapis.com/auth/plus.settings
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000031AA000.00000004.00000020.00020000.00000000.sdmp, setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000035FF000.00000004.00000020.00020000.00000000.sdmp, GPhotos.scr, 00000011.00000000.1542724484.000000000062E000.00000002.00000001.01000000.0000000F.sdmp, Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp, PicasaPhotoViewer.exe, 00000015.00000000.1692209976.000000000070D000.00000002.00000001.01000000.00000019.sdmp	String found in binary or memory: https://www.googleapis.com/auth/plus.stream.write
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000031AA000.00000004.00000020.00020000.00000000.sdmp, setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000035FF000.00000004.00000020.00020000.00000000.sdmp, GPhotos.scr, 00000011.00000000.1542724484.000000000062E000.00000002.00000001.01000000.0000000F.sdmp, Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp, PicasaPhotoViewer.exe, 00000015.00000000.1692209976.000000000070D000.00000002.00000001.01000000.00000019.sdmp	String found in binary or memory: https://www.googleapis.com/auth/userinfo%23email
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000031AA000.00000004.00000020.00020000.00000000.sdmp, setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000035FF000.00000004.00000020.00020000.00000000.sdmp, GPhotos.scr, 00000011.00000000.1542724484.000000000062E000.00000002.00000001.01000000.0000000F.sdmp, Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp, PicasaPhotoViewer.exe, 00000015.00000000.1692209976.000000000070D000.00000002.00000001.01000000.00000019.sdmp	String found in binary or memory: https://www.youtube.com/create_channel?upsell=upload

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49865
Source: unknown	Network traffic detected: HTTP traffic on port 49817 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49863
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49862
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49861
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49982
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49860
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49981
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49980
Source: unknown	Network traffic detected: HTTP traffic on port 49932 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49898 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49875 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49852 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49795 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49990 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49859
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49979
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49857
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49978
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49856
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49977
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49855
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49976
Source: unknown	Network traffic detected: HTTP traffic on port 49841 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49854
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49975
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49853
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49974
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49852
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49973
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49851
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49972
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49850
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49971
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49970
Source: unknown	Network traffic detected: HTTP traffic on port 49967 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49784 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50004 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49909 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49806 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49943 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49849
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49848
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49969
Source: unknown	Network traffic detected: HTTP traffic on port 49978 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49847
Source: unknown	Network traffic detected: HTTP traffic on port 49886 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49968
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49846
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49967
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49845
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49966
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49844
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49965
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49843
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49964
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49842
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49963
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49841
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49962
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49840
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49961
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49960
Source: unknown	Network traffic detected: HTTP traffic on port 50015 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50040 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49966 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49989 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49828 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49933 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49805 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49839
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49838
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49959
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49837
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49958
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49836
Source: unknown	Network traffic detected: HTTP traffic on port 49921 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49957
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49835
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49956
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49834
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49955
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49833
Source: unknown	Network traffic detected: HTTP traffic on port 49887 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49954
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49832
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49953
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49831
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49952
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49830
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49951
Source: unknown	Network traffic detected: HTTP traffic on port 49839 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49950
Source: unknown	Network traffic detected: HTTP traffic on port 49944 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49910 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49853 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49796 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown	Network traffic detected: HTTP traffic on port 49955 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49708
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49829
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49828
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49949
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49827
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49948
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49826
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49947
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49704
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49825
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49946
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49824
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49945
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49702
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49823
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49944
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49822
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49943
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49788
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49787
Source: unknown	Network traffic detected: HTTP traffic on port 50061 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49786
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49785
Source: unknown	Network traffic detected: HTTP traffic on port 49922 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49784
Source: unknown	Network traffic detected: HTTP traffic on port 49945 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49783
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49782
Source: unknown	Network traffic detected: HTTP traffic on port 50017 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49781
Source: unknown	Network traffic detected: HTTP traffic on port 49968 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49785 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50049 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49807 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49980 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown	Network traffic detected: HTTP traffic on port 49885 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49778
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49899
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49898
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49897
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49896
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49895
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 49862 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49894
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49893
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49892
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49891
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49890
Source: unknown	Network traffic detected: HTTP traffic on port 49897 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49911 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49957 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49851 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49830 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49889
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49888
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49887
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49886
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49885
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 49863 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49884
Source: unknown	Network traffic detected: HTTP traffic on port 50038 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49883
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49882
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49881
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 49840 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49880
Source: unknown	Network traffic detected: HTTP traffic on port 49702 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49896 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49797 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49956 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50005 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49979 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49879
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49878
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49999
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49877
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49998
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49876
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49997
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49875
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49996
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49874
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49995
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49873
Source: unknown	Network traffic detected: HTTP traffic on port 49923 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49994
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49872
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49993
Source: unknown	Network traffic detected: HTTP traffic on port 50016 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49818 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49871
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49992
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49870
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49990
Source: unknown	Network traffic detected: HTTP traffic on port 49786 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49874 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49829 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49934 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50027 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49869
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49868
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49989
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49867
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49866
Source: unknown	Network traffic detected: HTTP traffic on port 50013 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50059 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49803 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49826 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49906 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49849 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49900 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49837 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49975 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49929 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49872 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49964 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49798 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49861 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49999 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49918 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49873 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49787 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49930 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50001 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49850 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49963 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49799
Source: unknown	Network traffic detected: HTTP traffic on port 50037 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49798
Source: unknown	Network traffic detected: HTTP traffic on port 50012 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49797
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50009
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49796
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49795
Source: unknown	Network traffic detected: HTTP traffic on port 49952 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49794
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49793
Source: unknown	Network traffic detected: HTTP traffic on port 49814 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49792
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49791
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49790
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50001
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50003
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50002
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50005
Source: unknown	Network traffic detected: HTTP traffic on port 49895 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50004
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50048 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49825 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49884 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49907 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49941 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49789
Source: unknown	Network traffic detected: HTTP traffic on port 49997 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49859 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49871 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49894 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50003 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49965 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49799 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49942 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49977 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49816 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50035 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49919 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49954 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50014 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49788 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49827 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49882 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49848 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49838 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49976 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49953 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49815 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49908 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50024 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49883 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49860 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49778 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49998 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49931 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50058 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49804 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50002 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49920 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49708 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49926 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49949 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49800 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49789 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50056
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50058
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50057
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50059
Source: unknown	Network traffic detected: HTTP traffic on port 49961 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50022 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50061
Source: unknown	Network traffic detected: HTTP traffic on port 50045 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49881 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49950 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49996 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50010 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49812 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50056 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49893 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49915 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49823 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49790 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49869 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50009 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49972 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49834 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50057 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49892 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49904 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49847 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49927 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49822 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49870 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49938 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49811 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50018
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50017
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50019
Source: unknown	Network traffic detected: HTTP traffic on port 49813 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49951 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49974 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50010
Source: unknown	Network traffic detected: HTTP traffic on port 49836 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49916 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50012
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50011
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50014
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50013
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50016
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50015
Source: unknown	Network traffic detected: HTTP traffic on port 49939 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49845 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49791 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49868 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50021
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50020
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50022
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50024
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50027
Source: unknown	Network traffic detected: HTTP traffic on port 49879 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49802 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50021 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50030
Source: unknown	Network traffic detected: HTTP traffic on port 49905 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49995 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50011 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49928 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50031
Source: unknown	Network traffic detected: HTTP traffic on port 49857 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50033
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50035
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50038
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50037
Source: unknown	Network traffic detected: HTTP traffic on port 49801 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49940 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49824 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50041
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50040
Source: unknown	Network traffic detected: HTTP traffic on port 49973 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49891 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50033 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50043
Source: unknown	Network traffic detected: HTTP traffic on port 49835 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49917 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50042
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50045
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50044
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50049
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50048
Source: unknown	Network traffic detected: HTTP traffic on port 49880 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49962 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49775 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50044 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49846 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49792 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49890 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49970 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50042 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49781 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49878 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49912 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49935 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49958 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49889 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49866 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49820 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49946 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50018 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49855 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49981 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49901 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49924 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49819 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49844 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49947 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49793 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49831 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50031 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49992 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50043 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49782 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49969 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49994 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50020 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49856 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49913 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49808 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49867 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49821
Source: unknown	Network traffic detected: HTTP traffic on port 49865 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49942
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49820
Source: unknown	Network traffic detected: HTTP traffic on port 49842 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49941
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49940
Source: unknown	Network traffic detected: HTTP traffic on port 49704 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49833 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49819
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49818
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49939
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49938
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49817
Source: unknown	Network traffic detected: HTTP traffic on port 49810 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49816
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49937
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49815
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49936
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49814
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49935
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49813
Source: unknown	Network traffic detected: HTTP traffic on port 49902 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49934
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49812
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49933
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49811
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49932
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49810
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49931
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49930
Source: unknown	Network traffic detected: HTTP traffic on port 49925 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49971 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49794 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49936 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49876 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49960 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49809
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49808

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49702 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49704 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.75.76.70:443 -> 192.168.2.16:49708 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.217.23.110:443 -> 192.168.2.16:49716 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.217.23.110:443 -> 192.168.2.16:49715 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 142.250.186.65:443 -> 192.168.2.16:49736 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 142.250.186.65:443 -> 192.168.2.16:49737 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 142.250.185.174:443 -> 192.168.2.16:49755 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 142.250.185.174:443 -> 192.168.2.16:49754 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.217.23.110:443 -> 192.168.2.16:49772 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.217.23.110:443 -> 192.168.2.16:49773 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.217.23.110:443 -> 192.168.2.16:49775 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.75.76.70:443 -> 192.168.2.16:49776 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.190.159.64:443 -> 192.168.2.16:49926 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.75.78.30:443 -> 192.168.2.16:49960 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.75.78.30:443 -> 192.168.2.16:49966 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.75.78.30:443 -> 192.168.2.16:49969 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.75.78.30:443 -> 192.168.2.16:49972 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.75.78.30:443 -> 192.168.2.16:49981 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.75.78.30:443 -> 192.168.2.16:49996 version: TLS 1.2

Spam, unwanted Advertisements and Ransom Demands

Writes many files with high entropy

Source: C:\Users\user\Desktop\1a4e5ccd35a56d84281a143f831563be.exe	File created: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\listicka.exe entropy: 7.99973343481	Jump to dropped file
Source: C:\Users\user\Desktop\1a4e5ccd35a56d84281a143f831563be.exe	File created: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe entropy: 7.99944334747	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\listicka.exe	File created: C:\Users\user\AppData\Roaming\Seznam.cz\install\com.microsoft.msdn.msvcr100-10.0.40219.325-win32.zip entropy: 7.99902013967	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\listicka.exe	File created: C:\Users\user\AppData\Roaming\Seznam.cz\install\com.microsoft.msdn.msvcr110-11.0.51106.1-win32.zip entropy: 7.99803893501	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\listicka.exe	File created: C:\Users\user\AppData\Roaming\Seznam.cz\install\cz.seznam.software.libfoxcub-3.3.4-win32.zip entropy: 7.99937504474	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\listicka.exe	File created: C:\Users\user\AppData\Roaming\Seznam.cz\install\cz.seznam.software.libfoxcub64-3.3.4-win32.zip entropy: 7.9934403699	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\listicka.exe	File created: C:\Users\user\AppData\Roaming\Seznam.cz\install\cz.seznam.software.libszndesktop-2.1.29-win32.zip entropy: 7.9975528811	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\listicka.exe	File created: C:\Users\user\AppData\Roaming\Seznam.cz\install\cz.seznam.software.lightspeed-1210-12.10.12-win32.zip entropy: 7.99527419193	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\listicka.exe	File created: C:\Users\user\AppData\Roaming\Seznam.cz\install\cz.seznam.software.lightspeed-1210-12.10.17-win32.zip entropy: 7.99527148225	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\listicka.exe	File created: C:\Users\user\AppData\Roaming\Seznam.cz\install\cz.seznam.software.pp-1.0.2-win32.zip entropy: 7.99611761346	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\listicka.exe	File created: C:\Users\user\AppData\Roaming\Seznam.cz\install\cz.seznam.software.szndesktop-2.0.31-win32.zip entropy: 7.99148015785	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\listicka.exe	File created: C:\Users\user\AppData\Roaming\Seznam.cz\install\cz.seznam.software.szninstall-1.1.14-win32.zip entropy: 7.99734638525	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\listicka.exe	File created: C:\Users\user\AppData\Roaming\Seznam.cz\install\cz.seznam.software.sznsetup-1.2.6-win32.zip entropy: 7.99808441613	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\listicka.exe	File created: C:\Users\user\AppData\Roaming\Seznam.cz\install\szn-software-fflisticka-4.0.4-win32.zip entropy: 7.99500794712	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup-lt.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\90SNK17T\cz.seznam.software.sznsetup-1.2.7-win32[1].zip entropy: 7.99751989556	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup-lt.exe	File created: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\download\cz.seznam.software.sznsetup-1.2.7-win32.zip entropy: 7.99751989556	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup-lt.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\AN5UOLP8\cz.seznam.software.szninstall-1.1.15-win32[1].zip entropy: 7.99622148951	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup-lt.exe	File created: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\download\cz.seznam.software.szninstall-1.1.15-win32.zip entropy: 7.99622148951	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\90SNK17T\cz.seznam.software.libfoxcub-3.3.8-win32[1].zip entropy: 7.99928054353	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	File created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\download\cz.seznam.software.libfoxcub-3.3.8-win32.zip entropy: 7.99928054353	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\AN5UOLP8\cz.seznam.software.libfoxcub64-3.3.8-win32[1].zip entropy: 7.99330512834	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	File created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\download\cz.seznam.software.libfoxcub64-3.3.8-win32.zip entropy: 7.99330512834	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\AN5UOLP8\szn-software-fflisticka-4.0.8-win32[1].zip entropy: 7.99598048244	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	File created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\download\szn-software-fflisticka-4.0.8-win32.zip entropy: 7.99598048244	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\C7S8M5VS\cz.seznam.software.lightspeed-1210-12.10.18-win32[1].zip entropy: 7.99452128979	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	File created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\download\cz.seznam.software.lightspeed-1210-12.10.18-win32.zip entropy: 7.99452128979	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\33CUD2J1\cz.seznam.software.libszndesktop-2.1.35-win32[1].zip entropy: 7.99829572997	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	File created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\download\cz.seznam.software.libszndesktop-2.1.35-win32.zip entropy: 7.99829572997	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\AN5UOLP8\cz.seznam.software.szndesktop-2.0.32-win32[1].zip entropy: 7.991462256	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	File created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\download\cz.seznam.software.szndesktop-2.0.32-win32.zip entropy: 7.991462256	Jump to dropped file

Source: conhost.exe

Process created: 41

System Summary

Submitted sample is a known malware sample

Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	Dropped file: MD5: 23b7d7d024abb0f558420e098800bf27 Family: OceanLotus Alias: OceanLotus, , Cobalt Kitty , APT-C-00, SeaLotus, APT32 Description: OceanLotus is an APT group that was first disclosed and named by QI-ANXIN. The APT group carried out targeted attacks against Chinese government, research institutes, maritime institutions, and shipping companies since 2012. The group, called as APT32 by FireEye, also targeted corporations with a vested interest in Vietnams manufacturing, consumer products, and hospitality sectors. Furthermore, it has also targeted foreign governments, as well as Vietnamese dissidents and journalists since at least 2013. References: https://www.fireeye.com/blog/threat-research/2017/05/cyber-espionage-apt32.html https://www.cybereason.com/labs-operation-cobalt-kitty-a-large-scale-apt-in-asia-carried-out-by-the-oceanlotus-group/https://www.scmagazineuk.com/ocean-lotus-groupapt-32-identified-as-vietnamese-apt-group/article/663565/Data Source: https://github.com/RedDrip7/APT_Digital_Weapon
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	Dropped file: MD5: 23b7d7d024abb0f558420e098800bf27 Family: OceanLotus Alias: OceanLotus, , Cobalt Kitty , APT-C-00, SeaLotus, APT32 Description: OceanLotus is an APT group that was first disclosed and named by QI-ANXIN. The APT group carried out targeted attacks against Chinese government, research institutes, maritime institutions, and shipping companies since 2012. The group, called as APT32 by FireEye, also targeted corporations with a vested interest in Vietnams manufacturing, consumer products, and hospitality sectors. Furthermore, it has also targeted foreign governments, as well as Vietnamese dissidents and journalists since at least 2013. References: https://www.fireeye.com/blog/threat-research/2017/05/cyber-espionage-apt32.html https://www.cybereason.com/labs-operation-cobalt-kitty-a-large-scale-apt-in-asia-carried-out-by-the-oceanlotus-group/https://www.scmagazineuk.com/ocean-lotus-groupapt-32-identified-as-vietnamese-apt-group/article/663565/Data Source: https://github.com/RedDrip7/APT_Digital_Weapon
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	Dropped file: MD5: 23b7d7d024abb0f558420e098800bf27 Family: OceanLotus Alias: OceanLotus, , Cobalt Kitty , APT-C-00, SeaLotus, APT32 Description: OceanLotus is an APT group that was first disclosed and named by QI-ANXIN. The APT group carried out targeted attacks against Chinese government, research institutes, maritime institutions, and shipping companies since 2012. The group, called as APT32 by FireEye, also targeted corporations with a vested interest in Vietnams manufacturing, consumer products, and hospitality sectors. Furthermore, it has also targeted foreign governments, as well as Vietnamese dissidents and journalists since at least 2013. References: https://www.fireeye.com/blog/threat-research/2017/05/cyber-espionage-apt32.html https://www.cybereason.com/labs-operation-cobalt-kitty-a-large-scale-apt-in-asia-carried-out-by-the-oceanlotus-group/https://www.scmagazineuk.com/ocean-lotus-groupapt-32-identified-as-vietnamese-apt-group/article/663565/Data Source: https://github.com/RedDrip7/APT_Digital_Weapon
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	Dropped file: MD5: 23b7d7d024abb0f558420e098800bf27 Family: OceanLotus Alias: OceanLotus, , Cobalt Kitty , APT-C-00, SeaLotus, APT32 Description: OceanLotus is an APT group that was first disclosed and named by QI-ANXIN. The APT group carried out targeted attacks against Chinese government, research institutes, maritime institutions, and shipping companies since 2012. The group, called as APT32 by FireEye, also targeted corporations with a vested interest in Vietnams manufacturing, consumer products, and hospitality sectors. Furthermore, it has also targeted foreign governments, as well as Vietnamese dissidents and journalists since at least 2013. References: https://www.fireeye.com/blog/threat-research/2017/05/cyber-espionage-apt32.html https://www.cybereason.com/labs-operation-cobalt-kitty-a-large-scale-apt-in-asia-carried-out-by-the-oceanlotus-group/https://www.scmagazineuk.com/ocean-lotus-groupapt-32-identified-as-vietnamese-apt-group/article/663565/Data Source: https://github.com/RedDrip7/APT_Digital_Weapon

Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe

Code function: 16_2_04C926E0 ntusercheck,GlobalAlloc,lstrcpynW,

16_2_04C926E0

Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe

File created: C:\Windows\SysWOW64\GPhotos.scr

Jump to behavior

Source: C:\Users\user\Desktop\1a4e5ccd35a56d84281a143f831563be.exe	Code function: 15_2_73A34F30	15_2_73A34F30
Source: C:\Users\user\Desktop\1a4e5ccd35a56d84281a143f831563be.exe	Code function: 15_2_73A32077	15_2_73A32077
Source: C:\Users\user\Desktop\1a4e5ccd35a56d84281a143f831563be.exe	Code function: 15_2_73A34C40	15_2_73A34C40
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	Code function: 16_2_04C97CF0	16_2_04C97CF0
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	Code function: 16_2_04C9F421	16_2_04C9F421
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	Code function: 16_2_04C96A7D	16_2_04C96A7D
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	Code function: 16_2_04C98F8D	16_2_04C98F8D
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_033E522B	20_2_033E522B
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_033E9229	20_2_033E9229
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_033E4112	20_2_033E4112
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_033C0100	20_2_033C0100
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_033D1190	20_2_033D1190
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_033EB1F1	20_2_033EB1F1
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_033BE0B0	20_2_033BE0B0
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_033EB733	20_2_033EB733
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_033EC6B9	20_2_033EC6B9
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_033E141B	20_2_033E141B
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_033DA8B0	20_2_033DA8B0
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_033EDE49	20_2_033EDE49
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_033DFD20	20_2_033DFD20
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_033EBDF3	20_2_033EBDF3
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_033EACAF	20_2_033EACAF
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_04043450	20_2_04043450
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_04065468	20_2_04065468
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_04042500	20_2_04042500
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_04056560	20_2_04056560
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_04042600	20_2_04042600
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_04071701	20_2_04071701
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_04032730	20_2_04032730
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_0406F73C	20_2_0406F73C
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_0403B070	20_2_0403B070
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_04065070	20_2_04065070
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_040340B0	20_2_040340B0
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_040711BF	20_2_040711BF
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_040691CB	20_2_040691CB
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_04037280	20_2_04037280
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_04072303	20_2_04072303
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_04074359	20_2_04074359
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_04071C43	20_2_04071C43
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_04060E40	20_2_04060E40
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_0403DEF0	20_2_0403DEF0
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_04036F10	20_2_04036F10
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_04044810	20_2_04044810
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_04059810	20_2_04059810
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_0406B890	20_2_0406B890
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_04067B7F	20_2_04067B7F
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_04072BC9	20_2_04072BC9
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_04838D40	20_2_04838D40
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_04831410	20_2_04831410
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_0481F430	20_2_0481F430
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_04879445	20_2_04879445
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_0488A469	20_2_0488A469
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_0483D470	20_2_0483D470
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_048275B0	20_2_048275B0
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_048835EB	20_2_048835EB
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_0480B510	20_2_0480B510
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_04828510	20_2_04828510
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_04823680	20_2_04823680
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_048126C0	20_2_048126C0
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_04865600	20_2_04865600
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_04884640	20_2_04884640
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_047E66B0	20_2_047E66B0
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_04836670	20_2_04836670
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_0487D78E	20_2_0487D78E
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_048687C0	20_2_048687C0
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_048107F0	20_2_048107F0
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_0483A710	20_2_0483A710
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_048830A9	20_2_048830A9
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_047F3050	20_2_047F3050
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_04802020	20_2_04802020
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_04836040	20_2_04836040
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_04813180	20_2_04813180
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_047E8150	20_2_047E8150
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_0483E1F0	20_2_0483E1F0
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_047EC190	20_2_047EC190
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_04880233	20_2_04880233
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_04811380	20_2_04811380
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_04874325	20_2_04874325
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_047E53B8	20_2_047E53B8
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_04847360	20_2_04847360
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_0480CDF0	20_2_0480CDF0
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_047F1D00	20_2_047F1D00
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_0486FD20	20_2_0486FD20
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_0481AD70	20_2_0481AD70
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_047EBE50	20_2_047EBE50
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_04887EA7	20_2_04887EA7
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_0487DEEC	20_2_0487DEEC
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_0481AEF0	20_2_0481AEF0
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_047FFEF0	20_2_047FFEF0
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_0487BE1D	20_2_0487BE1D
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_0480BE40	20_2_0480BE40
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_047E3EB0	20_2_047E3EB0
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_04815880	20_2_04815880
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_04842890	20_2_04842890
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_048778B0	20_2_048778B0
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_0488499F	20_2_0488499F
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_047FCAE0	20_2_047FCAE0
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_0481FA40	20_2_0481FA40
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_047E5A90	20_2_047E5A90
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_04871A70	20_2_04871A70
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_047F4B30	20_2_047F4B30
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_047EFB10	20_2_047EFB10
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_04808B70	20_2_04808B70
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_047F6B80	20_2_047F6B80
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_100028F0	20_2_100028F0
Source: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\UNZIP.EXE	Code function: 38_2_00408850	38_2_00408850
Source: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\UNZIP.EXE	Code function: 38_2_0040C820	38_2_0040C820
Source: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\UNZIP.EXE	Code function: 38_2_00403490	38_2_00403490
Source: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\UNZIP.EXE	Code function: 38_2_00411170	38_2_00411170
Source: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\UNZIP.EXE	Code function: 38_2_0040E900	38_2_0040E900
Source: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\UNZIP.EXE	Code function: 38_2_0040CE49	38_2_0040CE49
Source: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\UNZIP.EXE	Code function: 38_2_0040CE50	38_2_0040CE50
Source: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\UNZIP.EXE	Code function: 38_2_00402210	38_2_00402210
Source: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\UNZIP.EXE	Code function: 38_2_00408EC0	38_2_00408EC0
Source: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\UNZIP.EXE	Code function: 38_2_00417EE3	38_2_00417EE3
Source: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\UNZIP.EXE	Code function: 38_2_00402EF0	38_2_00402EF0
Source: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\UNZIP.EXE	Code function: 38_2_0040F280	38_2_0040F280
Source: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\UNZIP.EXE	Code function: 38_2_00409FD0	38_2_00409FD0
Source: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\UNZIP.EXE	Code function: 38_2_004093E0	38_2_004093E0
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: 135_2_6C28CD7F	135_2_6C28CD7F
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: 135_2_6C2C8DB8	135_2_6C2C8DB8
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: 135_2_6C23AEB5	135_2_6C23AEB5
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: 135_2_6C2D6F10	135_2_6C2D6F10
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: 135_2_6C2309FB	135_2_6C2309FB
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: 135_2_6C23AB7B	135_2_6C23AB7B
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: 135_2_6C2DEBA7	135_2_6C2DEBA7
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: 135_2_6C2D2B84	135_2_6C2D2B84
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: 135_2_6C230BC8	135_2_6C230BC8
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: 135_2_6C24EBDD	135_2_6C24EBDD
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: 135_2_6C230549	135_2_6C230549
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: 135_2_6C2605BE	135_2_6C2605BE
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: 135_2_6C23059C	135_2_6C23059C
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: 135_2_6C2405D2	135_2_6C2405D2
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: 135_2_6C2486A2	135_2_6C2486A2
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: 135_2_6C2AC698	135_2_6C2AC698
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: 135_2_6C2AA693	135_2_6C2AA693
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: 135_2_6C2B86F4	135_2_6C2B86F4
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: 135_2_6C2DE7B6	135_2_6C2DE7B6
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: 135_2_6C23A7EB	135_2_6C23A7EB
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: 135_2_6C24208B	135_2_6C24208B
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: 135_2_6C2C20CF	135_2_6C2C20CF
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: 135_2_6C2B2146	135_2_6C2B2146
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: 135_2_6C24DCBB	135_2_6C24DCBB
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: 135_2_6C23BDA0	135_2_6C23BDA0
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: 135_2_6C275837	135_2_6C275837
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: 135_2_6C259840	135_2_6C259840
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: 135_2_6C2DD8C3	135_2_6C2DD8C3
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: 135_2_6C2AD8DA	135_2_6C2AD8DA
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: 135_2_6C241906	135_2_6C241906
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: 135_2_6C23BA5E	135_2_6C23BA5E
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: 135_2_6C2DBB66	135_2_6C2DBB66
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: 135_2_6C267579	135_2_6C267579
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: 135_2_6C2AB63B	135_2_6C2AB63B
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: 135_2_6C2CD670	135_2_6C2CD670
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: 135_2_6C2B56B4	135_2_6C2B56B4
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: 135_2_6C299002	135_2_6C299002
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: 135_2_6C2E10E6	135_2_6C2E10E6
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: 135_2_6C2370ED	135_2_6C2370ED
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: 135_2_6C231137	135_2_6C231137
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: 135_2_6C2C714C	135_2_6C2C714C
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: 135_2_6C253155	135_2_6C253155
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: 135_2_6C247216	135_2_6C247216
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: 135_2_6C2492E9	135_2_6C2492E9
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: 135_2_6C23B35D	135_2_6C23B35D
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: 135_2_6C35EB00	135_2_6C35EB00
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: 135_2_6C36E4A0	135_2_6C36E4A0
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: 135_2_6C33E670	135_2_6C33E670
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: 135_2_6C3707E0	135_2_6C3707E0
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: 135_2_6C36E240	135_2_6C36E240

Source: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\UNZIP.EXE	Code function: String function: 00412920 appears 297 times
Source: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\UNZIP.EXE	Code function: String function: 00406640 appears 57 times
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	Code function: String function: 04C97C8C appears 38 times
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: String function: 0487784C appears 46 times
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: String function: 0482BBE0 appears 33 times
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: String function: 048734CE appears 109 times
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: String function: 0404A590 appears 51 times
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: String function: 047E7C90 appears 40 times
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: String function: 04859BE0 appears 40 times
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: String function: 033DFCBC appears 39 times
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: String function: 04832DE0 appears 88 times
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: String function: 047E3300 appears 67 times
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: String function: 033CDD30 appears 51 times
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: String function: 04065014 appears 39 times
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: String function: 6C234BAC appears 37 times
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: String function: 6C11A5B1 appears 82 times
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: String function: 6C36CA60 appears 56 times
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: String function: 6C23517A appears 64 times
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: String function: 6C11A5E7 appears 128 times
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: String function: 6C11A57E appears 282 times
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: String function: 6C22E590 appears 34 times
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: String function: 6C22FF6A appears 136 times
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: String function: 6C22FFE8 appears 71 times

Source: C:\Windows\SysWOW64\cmd.exe

Process created: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\REG.EXE REG DELETE "HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SeznamInstall" /f /va

Source: classification engine

Classification label: mal72.rans.evad.winZIP@317/1031@40/38

Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe

Code function: 20_2_04036450 GetLastError,FormatMessageA,LocalFree,

20_2_04036450

Source: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\UNZIP.EXE	Code function: 38_2_00412830 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,LookupPrivilegeValueA,GetLastError,AdjustTokenPrivileges,AdjustTokenPrivileges,GetLastError,CloseHandle,LookupPrivilegeValueA,AdjustTokenPrivileges,GetLastError,CloseHandle,		38_2_00412830
Source: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\REG.EXE	Code function: 42_2_01003280 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,		42_2_01003280

Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe

Code function: 135_2_6C10DAAA ?_Statvfs@sys@tr2@std@@YA?AUspace_info@123@PB_W@Z,__EH_prolog3_GS,wcslen,GetDiskFreeSpaceExW,

135_2_6C10DAAA

Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe

Code function: 16_2_04C91D20 CoCreateInstance,

16_2_04C91D20

Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe

Code function: 20_2_033B2780 lstrlenW,_malloc,WideCharToMultiByte,LoadLibraryExA,FindResourceA,LoadResource,SizeofResource,FreeLibrary,

20_2_033B2780

Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe

File created: C:\Program Files (x86)\Google\Picasa3

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe

File created: C:\Users\Public\Desktop\Picasa 3.lnk

Jump to behavior

Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2080:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5744:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4132:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7324:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3916:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6608:120:WilError_03
Source: C:\Program Files (x86)\Google\Picasa3\PicasaPhotoViewer.exe	Mutant created: \Sessions\1\BaseNamedObjects\Slingshot
Source: C:\Windows\SysWOW64\rundll32.exe	Mutant created: \Sessions\1\BaseNamedObjects\{42FD847D-5CAE-41A6-ACA4-9BDF58CE3344}
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7384:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:304:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3616:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4020:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2932:120:WilError_03
Source: C:\Program Files (x86)\Google\Picasa3\PicasaPhotoViewer.exe	Mutant created: \Sessions\1\BaseNamedObjects\Slingshot_setup
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Mutant created: \Sessions\1\BaseNamedObjects\Picasa
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Mutant created: \Sessions\1\BaseNamedObjects\szn-install-2012-d258fa602b6b6016a83aa6553428620f
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Mutant created: \Sessions\1\BaseNamedObjects\LightSpeed-ServiceApp-runmutexszndesktop.exe
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2084:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4184:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7452:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5232:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6464:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7460:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2188:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3640:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7872:120:WilError_03
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Mutant created: \Sessions\1\BaseNamedObjects\Picasa2
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7844:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5488:120:WilError_03

Source: C:\Users\user\Desktop\1a4e5ccd35a56d84281a143f831563be.exe

File created: C:\Users\user\AppData\Local\Temp\nsf8723.tmp

Jump to behavior

Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup-lt.exe

Process created: C:\Windows\SysWOW64\cmd.exe cmd /S /C "install.bat C:\Users\user\AppData\Roaming\Seznam.cz"

Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

System information queried: HandleInformation

Source: C:\Users\user\Desktop\1a4e5ccd35a56d84281a143f831563be.exe

File read: C:\Users\desktop.ini

Jump to behavior

Source: C:\Windows\System32\rundll32.exe

Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: unknown

Process created: C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

Source: UNZIP.EXE

String found in binary or memory: C:/Users/user/AppData/Roaming/Seznam.cz/install/com.microsoft.msdn.msvcr110-11.0.51106.1-win32.zip

Source: unknown	Process created: C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
Source: unknown	Process created: C:\Users\user\Desktop\1a4e5ccd35a56d84281a143f831563be.exe "C:\Users\user\Desktop\1a4e5ccd35a56d84281a143f831563be.exe"
Source: unknown	Process created: C:\Users\user\Desktop\1a4e5ccd35a56d84281a143f831563be.exe "C:\Users\user\Desktop\1a4e5ccd35a56d84281a143f831563be.exe"
Source: C:\Users\user\Desktop\1a4e5ccd35a56d84281a143f831563be.exe	Process created: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe setuppicasa39-setup.exe
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	Process created: C:\Windows\SysWOW64\GPhotos.scr "C:\Windows\system32\GPhotos.scr" /c /installcheck
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	Process created: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe "C:\Program Files (x86)\Google\Picasa3\Picasa3.exe" /register
Source: unknown	Process created: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe "C:\Program Files (x86)\Google\Picasa3\Picasa3.exe"
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Process created: C:\Program Files (x86)\Google\Picasa3\PicasaPhotoViewer.exe /config
Source: C:\Users\user\Desktop\1a4e5ccd35a56d84281a143f831563be.exe	Process created: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\listicka.exe listicka.exe /S
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\listicka.exe	Process created: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup-lt.exe "C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup-lt.exe" -T "C:\Users\user\AppData\Roaming\Seznam.cz" -R "$\install" http://download.seznam.cz/update
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup-lt.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\listicka.exe	Process created: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup-lt.exe "C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup-lt.exe" -T "C:\Users\user\AppData\Roaming\Seznam.cz" -i cz.seznam.software.szninstall
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup-lt.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Process created: C:\Program Files\Internet Explorer\iexplore.exe "C:\Program Files\Internet Explorer\iexplore.exe" -nohome "http://picasa.google.com/support/bin/answer.py?hl=en&answer=93773"
Source: C:\Program Files\Internet Explorer\iexplore.exe	Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3720 CREDAT:9474 /prefetch:2
Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe "C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe" --from-ie-to-edge=3 --ie-frame-hwnd=602e8
Source: C:\Program Files\Internet Explorer\iexplore.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe "C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe" --from-ie-to-edge=3 --ie-frame-hwnd=602e8
Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe	Process created: C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe "C:\PROGRA~2\Java\jre-1.8\bin\ssvagent.exe" -new
Source: C:\Program Files\Internet Explorer\iexplore.exe	Process created: C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe "C:\PROGRA~2\Java\jre-1.8\bin\ssvagent.exe" -new
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --from-ie-to-edge=3 --ie-frame-hwnd=602e8
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2244 --field-trial-handle=2004,i,1639013666010223883,15040558206664522354,262144 /prefetch:3
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup-lt.exe	Process created: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\UNZIP.EXE C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\unzip.exe -d C:\Users\user\AppData\Local\Temp\~006A18C4.00001B74.sznpkg -o C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\download\cz.seznam.software.sznsetup-1.2.7-win32.zip
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup-lt.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /S /C "install.bat C:\Users\user\AppData\Roaming\Seznam.cz"
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup-lt.exe	Process created: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\UNZIP.EXE C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\unzip.exe -d C:\Users\user\AppData\Local\Temp\~006A1AF6.00001B74.sznpkg -o C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\download\cz.seznam.software.szninstall-1.1.15-win32.zip
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup-lt.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /S /C "install.bat C:\Users\user\AppData\Roaming\Seznam.cz"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\REG.EXE REG DELETE "HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SeznamInstall" /f /va
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\REG.EXE REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SeznamInstall" /f
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\REG.EXE REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SeznamInstall" /f /v "InstallLocation" /d C:\Users\user\AppData\Roaming\Seznam.cz
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\REG.EXE REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SeznamInstall" /f /v "DisplayName" /d "Seznam Software"
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=1724 --field-trial-handle=2004,i,1639013666010223883,15040558206664522354,262144 /prefetch:8
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\REG.EXE REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SeznamInstall" /f /v "DisplayIcon" /d "C:\Users\user\AppData\Roaming\Seznam.cz\szninstall.exe,0"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\REG.EXE REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SeznamInstall" /f /v "UninstallString" /d "\"C:\Users\user\AppData\Roaming\Seznam.cz\szninstall.exe\" -X"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\REG.EXE REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SeznamInstall" /f /v "ModifyPath" /d "C:\Users\user\AppData\Roaming\Seznam.cz\szninstall.exe"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\REG.EXE REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SeznamInstall" /f /v "Publisher" /d "Seznam.cz"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\REG.EXE REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SeznamInstall" /f /v "URLInfoAbout" /d "http://software.seznam.cz"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\REG.EXE REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SeznamInstall" /f /v "Comments" /d "Vsechny aplikace spolecnosti Seznam.cz a.s."
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\REG.EXE REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SeznamInstall" /f /v "NoRepair" /t REG_DWORD /d 1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\REG.EXE REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SeznamInstall" /f /v "NoModify" /t REG_DWORD /d 0
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\listicka.exe	Process created: C:\Users\user\AppData\Roaming\Seznam.cz\szninstall.exe "C:\Users\user\AppData\Roaming\Seznam.cz\szninstall.exe" -s -u -i cz.seznam.software.autoupdate szn-software-listicka
Source: C:\Users\user\AppData\Roaming\Seznam.cz\szninstall.exe	Process created: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe -V
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.ProfileImport --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=6596 --field-trial-handle=2004,i,1639013666010223883,15040558206664522354,262144 /prefetch:8
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=3720 --field-trial-handle=2004,i,1639013666010223883,15040558206664522354,262144 /prefetch:8
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\cookie_exporter.exe cookie_exporter.exe --cookie-json=1188
Source: C:\Users\user\AppData\Roaming\Seznam.cz\szninstall.exe	Process created: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe -T C:\Users\user\AppData\Roaming\Seznam.cz -i -u cz.seznam.software.autoupdate szn-software-listicka -p
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Program Files\Internet Explorer\iexplore.exe	Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3720 CREDAT:202066 /prefetch:2
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-GB --service-sandbox-type=audio --mojo-platform-channel-handle=4984 --field-trial-handle=2004,i,1639013666010223883,15040558206664522354,262144 /prefetch:8
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\UNZIP.EXE C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\unzip.exe -d C:\Users\user\AppData\Local\Temp\~006A81A0.00000DD4.sznpkg -o C:\Users\user\AppData\Roaming\Seznam.cz\install\cz.seznam.software.autoupdate-1.0.8-win32.zip
Source: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\UNZIP.EXE	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /S /C "install.bat C:\Users\user\AppData\Roaming\Seznam.cz"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\REG.EXE REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /f /v "cz.seznam.software.autoupdate" /d "\"C:\Users\user\AppData\Roaming\Seznam.cz\szninstall.exe\" -c"
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\UNZIP.EXE C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\unzip.exe -d C:\Users\user\AppData\Local\Temp\~006A8374.00000DD4.sznpkg -o C:\Users\user\AppData\Roaming\Seznam.cz\install\szn-software-base-1.0.0-win32.zip
Source: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\UNZIP.EXE	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /S /C "install.bat C:\Users\user\AppData\Roaming\Seznam.cz"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\UNZIP.EXE C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\unzip.exe -d C:\Users\user\AppData\Local\Temp\~006A848E.00000DD4.sznpkg -o C:\Users\user\AppData\Roaming\Seznam.cz\install\com.microsoft.msdn.msvcr110-11.0.51106.1-win32.zip
Source: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\UNZIP.EXE	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /S /C "install.bat C:\Users\user\AppData\Roaming\Seznam.cz"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\CPY.EXE cpy msvcp110.dll "C:\Users\user\AppData\Roaming\Seznam.cz\bin"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\CPY.EXE cpy msvcr110.dll "C:\Users\user\AppData\Roaming\Seznam.cz\bin"
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\UNZIP.EXE C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\unzip.exe -d C:\Users\user\AppData\Local\Temp\~006A8960.00000DD4.sznpkg -o C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\download\cz.seznam.software.lightspeed-1210-12.10.18-win32.zip
Source: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\UNZIP.EXE	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /S /C "install.bat C:\Users\user\AppData\Roaming\Seznam.cz"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\CPY.EXE cpy lightspeed.dll "C:\Users\user\AppData\Roaming\Seznam.cz\bin"
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\UNZIP.EXE C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\unzip.exe -d C:\Users\user\AppData\Local\Temp\~006A8B64.00000DD4.sznpkg -o C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\download\cz.seznam.software.libszndesktop-2.1.35-win32.zip
Source: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\UNZIP.EXE	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /S /C "install.bat C:\Users\user\AppData\Roaming\Seznam.cz"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\CPY.EXE cpy "szndesktop.exe" "C:\Users\user\AppData\Roaming\Seznam.cz\bin"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\CPY.EXE cpy "szndesktop.conf" "C:\Users\user\AppData\Roaming\Seznam.cz\conf"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\CPY.EXE cpy "szndesktop.webpak" "C:\Users\user\AppData\Roaming\Seznam.cz\data"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\CPY.EXE cpy "sznpp.exe" "C:\Users\user\AppData\Roaming\Seznam.cz\bin"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\REG.EXE reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SeznamInstall" /v DisplayVersion /t REG_SZ /d "2.1.35" /f
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\UNZIP.EXE C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\unzip.exe -d C:\Users\user\AppData\Local\Temp\~006A9140.00000DD4.sznpkg -o C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\download\cz.seznam.software.szndesktop-2.0.32-win32.zip
Source: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\UNZIP.EXE	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /S /C "install.bat C:\Users\user\AppData\Roaming\Seznam.cz"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\CPY.EXE cpy "wszndesktop.exe" "C:\Users\user\AppData\Roaming\Seznam.cz\bin"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\REG.EXE REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /f /v "cz.seznam.software.szndesktop" /d "\"C:\Users\user\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe\" -q"
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\UNZIP.EXE C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\unzip.exe -d C:\Users\user\AppData\Local\Temp\~006A93FF.00000DD4.sznpkg -o C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\download\cz.seznam.software.libfoxcub-3.3.8-win32.zip
Source: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\UNZIP.EXE	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /S /C "install.bat C:\Users\user\AppData\Roaming\Seznam.cz"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\CPY.EXE cpy libfoxcub.dll "C:\Users\user\AppData\Roaming\Seznam.cz\bin"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\CPY.EXE cpy libfoxcub-x64.dll "C:\Users\user\AppData\Roaming\Seznam.cz\bin"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\CPY.EXE cpy libfoxcub.conf "C:\Users\user\AppData\Roaming\Seznam.cz\conf\szndesktop.d"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\CPY.EXE cpy foxcub.conf "C:\Users\user\AppData\Roaming\Seznam.cz\conf\libfoxcub"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\CPY.EXE cpy remote.conf "C:\Users\user\AppData\Roaming\Seznam.cz\conf\libfoxcub"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\CPY.EXE cpy listickaconfig.webpak "C:\Users\user\AppData\Roaming\Seznam.cz\data"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\CPY.EXE cpy listickanastaveni.webpak "C:\Users\user\AppData\Roaming\Seznam.cz\data"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\CPY.EXE cpy speeddial.webpak "C:\Users\user\AppData\Roaming\Seznam.cz\data"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe libfoxcub.dll,UpgradeListicka
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\REG.EXE REG QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\szn-software-listicka" /v "UninstallString"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\REG.EXE REG QUERY "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\szn-software-listicka" /v "UninstallString"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\REG.EXE REG DELETE "HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EA837F48-5AD1-443E-AE34-FFE03CBF3099}" /F
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Roaming\Seznam.cz\bin\sznpp.exe "C:\Users\user\AppData\Roaming\Seznam.cz\bin\sznpp.exe" -v report-ielisticka-install --status=0
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\UNZIP.EXE C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\unzip.exe -d C:\Users\user\AppData\Local\Temp\~006AA61F.00000DD4.sznpkg -o C:\Users\user\AppData\Roaming\Seznam.cz\install\cz.seznam.software.libfoxloader-3.2.7-win32.zip
Source: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\UNZIP.EXE	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /S /C "install.bat C:\Users\user\AppData\Roaming\Seznam.cz"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\UNZIP.EXE C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\unzip.exe -d C:\Users\user\AppData\Local\Temp\~006AA7B6.00000DD4.sznpkg -o C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\download\cz.seznam.software.libfoxcub64-3.3.8-win32.zip
Source: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\UNZIP.EXE	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /S /C "install.bat C:\Users\user\AppData\Roaming\Seznam.cz"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\CPY.EXE cpy libfoxcub-x64.dll "C:\Users\user\AppData\Roaming\Seznam.cz\bin"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\CPY.EXE cpy listicka-x64.exe "C:\Users\user\AppData\Roaming\Seznam.cz\bin"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe szndesktop.exe default restart
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Process created: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe szndesktop.exe default restart
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Process created: C:\Users\user\AppData\Roaming\Seznam.cz\bin\listicka-x64.exe "C:\Users\user\AppData\Roaming\Seznam.cz\bin\listicka-x64.exe"
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Process created: C:\Users\user\AppData\Roaming\Seznam.cz\bin\sznpp.exe "C:\Users\user\AppData\Roaming\Seznam.cz\bin\sznpp.exe" report-startup
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\listicka-x64.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\UNZIP.EXE C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\unzip.exe -d C:\Users\user\AppData\Local\Temp\~006AB17A.00000DD4.sznpkg -o C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\download\cz.seznam.software.ielisticka3-3.3.5-win32.zip
Source: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\UNZIP.EXE	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /S /C "install.bat C:\Users\user\AppData\Roaming\Seznam.cz"
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\UNZIP.EXE C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\unzip.exe -d C:\Users\user\AppData\Local\Temp\~006AB2D1.00000DD4.sznpkg -o C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\download\szn-software-fflisticka-4.0.8-win32.zip
Source: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\UNZIP.EXE	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /S /C "install.bat C:\Users\user\AppData\Roaming\Seznam.cz"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Roaming\Seznam.cz\bin\sznpp.exe "C:\Users\user\AppData\Roaming\Seznam.cz\bin\sznpp.exe" install_ff "C:\Users\user\AppData\Roaming\Seznam.cz\data\fflisticka\seznam_doplnek_email-4.4.1-fx.xpi"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Roaming\Seznam.cz\bin\sznpp.exe "C:\Users\user\AppData\Roaming\Seznam.cz\bin\sznpp.exe" install_ff "C:\Users\user\AppData\Roaming\Seznam.cz\data\fflisticka\sko-extension@firma.seznam.cz.xpi"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Roaming\Seznam.cz\bin\sznpp.exe "C:\Users\user\AppData\Roaming\Seznam.cz\bin\sznpp.exe" install-firefox-nm
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\UNZIP.EXE C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\unzip.exe -d C:\Users\user\AppData\Local\Temp\~006AC669.00000DD4.sznpkg -o C:\Users\user\AppData\Roaming\Seznam.cz\install\cz.seznam.software.chromelisticka-2.0.4-win32.zip
Source: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\UNZIP.EXE	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /S /C "install.bat C:\Users\user\AppData\Roaming\Seznam.cz"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Roaming\Seznam.cz\bin\sznpp.exe "C:\Users\user\AppData\Roaming\Seznam.cz\bin\sznpp.exe" install-chrome all
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\sznpp.exe	Process created: C:\Users\user\AppData\Roaming\Seznam.cz\bin\sznpp_64.exe "C:\Users\user\AppData\Roaming\Seznam.cz\bin\sznpp.exe" install-chrome all
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Roaming\Seznam.cz\bin\sznpp.exe "C:\Users\user\AppData\Roaming\Seznam.cz\bin\sznpp.exe" install-chrome-nm
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\UNZIP.EXE C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\unzip.exe -d C:\Users\user\AppData\Local\Temp\~006AD463.00000DD4.sznpkg -o C:\Users\user\AppData\Roaming\Seznam.cz\install\com.microsoft.msdn.msvcr100-10.0.40219.325-win32.zip
Source: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\UNZIP.EXE	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /S /C "install.bat C:\Users\user\AppData\Roaming\Seznam.cz"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\CPY.EXE cpy msvcp100.dll "C:\Users\user\AppData\Roaming\Seznam.cz\bin"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\CPY.EXE cpy msvcr100.dll "C:\Users\user\AppData\Roaming\Seznam.cz\bin"
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\UNZIP.EXE C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\unzip.exe -d C:\Users\user\AppData\Local\Temp\~006AD780.00000DD4.sznpkg -o C:\Users\user\AppData\Roaming\Seznam.cz\install\cz.seznam.software.pp-1.0.2-win32.zip
Source: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\UNZIP.EXE	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /S /C "install.bat C:\Users\user\AppData\Roaming\Seznam.cz"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\CPY.EXE cpy unlockInstance.dll "C:\Users\user\AppData\Roaming\Seznam.cz\bin"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\CPY.EXE cpy unlockInstance.conf "C:\Users\user\AppData\Roaming\Seznam.cz\conf\szndesktop.d"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe szndesktop.exe default restart
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Process created: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe szndesktop.exe default restart
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Process created: C:\Users\user\AppData\Roaming\Seznam.cz\bin\sznpp.exe "C:\Users\user\AppData\Roaming\Seznam.cz\bin\sznpp.exe" install-chrome retry
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\sznpp.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Process created: C:\Users\user\AppData\Roaming\Seznam.cz\bin\listicka-x64.exe "C:\Users\user\AppData\Roaming\Seznam.cz\bin\listicka-x64.exe"
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Process created: C:\Users\user\AppData\Roaming\Seznam.cz\bin\sznpp.exe "C:\Users\user\AppData\Roaming\Seznam.cz\bin\sznpp.exe" report-startup
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\listicka-x64.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\sznpp.exe	Process created: C:\Users\user\AppData\Roaming\Seznam.cz\bin\sznpp_64.exe "C:\Users\user\AppData\Roaming\Seznam.cz\bin\sznpp.exe" install-chrome retry
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\UNZIP.EXE C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\unzip.exe -d C:\Users\user\AppData\Local\Temp\~006AE03A.00000DD4.sznpkg -o C:\Users\user\AppData\Roaming\Seznam.cz\install\szn-software-listicka-3.0.0-win32.zip
Source: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\UNZIP.EXE	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\sznpp_64.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe chrome.exe --no-default-browser-check --new-window about:blank
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /S /C "install.bat C:\Users\user\AppData\Roaming\Seznam.cz"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe "C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe" -A 49764 cd "C:\Users\user\AppData\Roaming\Seznam.cz"
Source: C:\Users\user\AppData\Roaming\Seznam.cz\szninstall.exe	Process created: C:\Users\user\AppData\Roaming\Seznam.cz\szninstall.exe "C:\Users\user\AppData\Roaming\Seznam.cz\szninstall.exe" -S 49764
Source: C:\Windows\System32\conhost.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2216 --field-trial-handle=1932,i,14273124409084968856,4101485093560783332,262144 /prefetch:8
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe "C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe" -A 49764 "C:\Users\user\AppData\Local\Temp\~006AE03A.00000DD4.sznpkg\install.bat" ADMINPHASE . "C:\Program Files (x86)\Seznam.cz\distribution"
Source: C:\Users\user\AppData\Roaming\Seznam.cz\szninstall.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c C:\Users\user\AppData\Local\Temp\~006AE03A.00000DD4.sznpkg\install.bat ADMINPHASE . "C:\Program Files (x86)\Seznam.cz\distribution"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe ".\sznsetup.exe" -T "C:\Program Files (x86)\Seznam.cz\distribution" -R "C:\Program Files (x86)\Seznam.cz\distribution\install"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\xcopy.exe xcopy /S /Y /G /I ".\install\." "C:\Program Files (x86)\Seznam.cz\distribution\install"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\REG.EXE REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /f /v "seznam-listicka-distribuce" /d "\"C:\Program Files (x86)\Seznam.cz\distribution\szninstall.exe\" -s -d listicka 1 szn-software-listicka cz.seznam.software.autoupdate"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\REG.EXE REG ADD "HKEY_CURRENT_USER\SOFTWARE\Seznam.cz\distribution" /f /v "listicka" /t REG_DWORD /d 1
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /S /C "C:\Users\user\AppData\Roaming\Seznam.cz\uninstall\cz_seznam_software_libszndesktop_2_1_35.reconfigure.bat C:\Users\user\AppData\Roaming\Seznam.cz"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe "C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe" default restart
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Process created: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe "C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe" default restart
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Process created: C:\Users\user\AppData\Roaming\Seznam.cz\bin\sznpp.exe "C:\Users\user\AppData\Roaming\Seznam.cz\bin\sznpp.exe" install-chrome retry
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\sznpp.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Process created: C:\Users\user\AppData\Roaming\Seznam.cz\bin\listicka-x64.exe "C:\Users\user\AppData\Roaming\Seznam.cz\bin\listicka-x64.exe"
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Process created: C:\Users\user\AppData\Roaming\Seznam.cz\bin\sznpp.exe "C:\Users\user\AppData\Roaming\Seznam.cz\bin\sznpp.exe" report-startup
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\listicka-x64.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Roaming\Seznam.cz\szninstall.exe	Process created: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe -V
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-GB --service-sandbox-type=search_indexer --message-loop-type-ui --mojo-platform-channel-handle=6084 --field-trial-handle=2004,i,1639013666010223883,15040558206664522354,262144 /prefetch:8
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\sznpp_64.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe chrome.exe --no-default-browser-check --new-window about:blank
Source: C:\Users\user\Desktop\1a4e5ccd35a56d84281a143f831563be.exe	Process created: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe setuppicasa39-setup.exe	Jump to behavior
Source: C:\Users\user\Desktop\1a4e5ccd35a56d84281a143f831563be.exe	Process created: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\listicka.exe listicka.exe /S	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	Process created: C:\Windows\SysWOW64\GPhotos.scr "C:\Windows\system32\GPhotos.scr" /c /installcheck	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	Process created: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe "C:\Program Files (x86)\Google\Picasa3\Picasa3.exe" /register	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Process created: C:\Program Files (x86)\Google\Picasa3\PicasaPhotoViewer.exe /config	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Process created: C:\Program Files\Internet Explorer\iexplore.exe "C:\Program Files\Internet Explorer\iexplore.exe" -nohome "http://picasa.google.com/support/bin/answer.py?hl=en&answer=93773"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\listicka.exe	Process created: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup-lt.exe "C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup-lt.exe" -T "C:\Users\user\AppData\Roaming\Seznam.cz" -R "$\install" http://download.seznam.cz/update
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\listicka.exe	Process created: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup-lt.exe "C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup-lt.exe" -T "C:\Users\user\AppData\Roaming\Seznam.cz" -i cz.seznam.software.szninstall
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\listicka.exe	Process created: C:\Users\user\AppData\Roaming\Seznam.cz\szninstall.exe "C:\Users\user\AppData\Roaming\Seznam.cz\szninstall.exe" -s -u -i cz.seznam.software.autoupdate szn-software-listicka
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup-lt.exe	Process created: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\UNZIP.EXE C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\unzip.exe -d C:\Users\user\AppData\Local\Temp\~006A18C4.00001B74.sznpkg -o C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\download\cz.seznam.software.sznsetup-1.2.7-win32.zip
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup-lt.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /S /C "install.bat C:\Users\user\AppData\Roaming\Seznam.cz"
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup-lt.exe	Process created: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\UNZIP.EXE C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\unzip.exe -d C:\Users\user\AppData\Local\Temp\~006A1AF6.00001B74.sznpkg -o C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\download\cz.seznam.software.szninstall-1.1.15-win32.zip
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup-lt.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /S /C "install.bat C:\Users\user\AppData\Roaming\Seznam.cz"
Source: C:\Program Files\Internet Explorer\iexplore.exe	Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3720 CREDAT:9474 /prefetch:2
Source: C:\Program Files\Internet Explorer\iexplore.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe "C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe" --from-ie-to-edge=3 --ie-frame-hwnd=602e8
Source: C:\Program Files\Internet Explorer\iexplore.exe	Process created: C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe "C:\PROGRA~2\Java\jre-1.8\bin\ssvagent.exe" -new
Source: C:\Program Files\Internet Explorer\iexplore.exe	Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3720 CREDAT:202066 /prefetch:2
Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe "C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe" --from-ie-to-edge=3 --ie-frame-hwnd=602e8
Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe	Process created: C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe "C:\PROGRA~2\Java\jre-1.8\bin\ssvagent.exe" -new
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --from-ie-to-edge=3 --ie-frame-hwnd=602e8
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2244 --field-trial-handle=2004,i,1639013666010223883,15040558206664522354,262144 /prefetch:3
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=1724 --field-trial-handle=2004,i,1639013666010223883,15040558206664522354,262144 /prefetch:8
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=1724 --field-trial-handle=2004,i,1639013666010223883,15040558206664522354,262144 /prefetch:8
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\CPY.EXE cpy speeddial.webpak "C:\Users\user\AppData\Roaming\Seznam.cz\data"
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /S /C "install.bat C:\Users\user\AppData\Roaming\Seznam.cz"
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\REG.EXE REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /f /v "cz.seznam.software.szndesktop" /d "\"C:\Users\user\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe\" -q"
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\UNZIP.EXE C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\unzip.exe -d C:\Users\user\AppData\Local\Temp\~006A18C4.00001B74.sznpkg -o C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\download\cz.seznam.software.sznsetup-1.2.7-win32.zip
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.ProfileImport --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=6596 --field-trial-handle=2004,i,1639013666010223883,15040558206664522354,262144 /prefetch:8
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=3720 --field-trial-handle=2004,i,1639013666010223883,15040558206664522354,262144 /prefetch:8
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\CPY.EXE cpy "szndesktop.conf" "C:\Users\user\AppData\Roaming\Seznam.cz\conf"
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /S /C "install.bat C:\Users\user\AppData\Roaming\Seznam.cz"
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\REG.EXE REG ADD "HKEY_CURRENT_USER\SOFTWARE\Seznam.cz\distribution" /f /v "listicka" /t REG_DWORD /d 1
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-GB --service-sandbox-type=audio --mojo-platform-channel-handle=4984 --field-trial-handle=2004,i,1639013666010223883,15040558206664522354,262144 /prefetch:8
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-GB --service-sandbox-type=search_indexer --message-loop-type-ui --mojo-platform-channel-handle=6084 --field-trial-handle=2004,i,1639013666010223883,15040558206664522354,262144 /prefetch:8
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\REG.EXE REG DELETE "HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SeznamInstall" /f /va
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\REG.EXE REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SeznamInstall" /f
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\REG.EXE REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SeznamInstall" /f /v "InstallLocation" /d C:\Users\user\AppData\Roaming\Seznam.cz
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\REG.EXE REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SeznamInstall" /f /v "DisplayName" /d "Seznam Software"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\REG.EXE REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SeznamInstall" /f /v "DisplayIcon" /d "C:\Users\user\AppData\Roaming\Seznam.cz\szninstall.exe,0"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\REG.EXE REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SeznamInstall" /f /v "UninstallString" /d "\"C:\Users\user\AppData\Roaming\Seznam.cz\szninstall.exe\" -X"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\REG.EXE REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SeznamInstall" /f /v "ModifyPath" /d "C:\Users\user\AppData\Roaming\Seznam.cz\szninstall.exe"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\REG.EXE REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SeznamInstall" /f /v "Publisher" /d "Seznam.cz"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\REG.EXE REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SeznamInstall" /f /v "URLInfoAbout" /d "http://software.seznam.cz"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\REG.EXE REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SeznamInstall" /f /v "InstallLocation" /d C:\Users\user\AppData\Roaming\Seznam.cz
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\REG.EXE REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SeznamInstall" /f /v "Comments" /d "Vsechny aplikace spolecnosti Seznam.cz a.s."
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\REG.EXE REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SeznamInstall" /f /v "NoRepair" /t REG_DWORD /d 1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\REG.EXE REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SeznamInstall" /f /v "NoModify" /t REG_DWORD /d 0
Source: C:\Users\user\AppData\Roaming\Seznam.cz\szninstall.exe	Process created: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe -V
Source: C:\Users\user\AppData\Roaming\Seznam.cz\szninstall.exe	Process created: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe -T C:\Users\user\AppData\Roaming\Seznam.cz -i -u cz.seznam.software.autoupdate szn-software-listicka -p
Source: C:\Users\user\AppData\Roaming\Seznam.cz\szninstall.exe	Process created: C:\Users\user\AppData\Roaming\Seznam.cz\szninstall.exe "C:\Users\user\AppData\Roaming\Seznam.cz\szninstall.exe" -S 49764
Source: C:\Users\user\AppData\Roaming\Seznam.cz\szninstall.exe	Process created: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe -V
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\cookie_exporter.exe cookie_exporter.exe --cookie-json=1188
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\UNZIP.EXE C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\unzip.exe -d C:\Users\user\AppData\Local\Temp\~006A81A0.00000DD4.sznpkg -o C:\Users\user\AppData\Roaming\Seznam.cz\install\cz.seznam.software.autoupdate-1.0.8-win32.zip
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /S /C "install.bat C:\Users\user\AppData\Roaming\Seznam.cz"
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\UNZIP.EXE C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\unzip.exe -d C:\Users\user\AppData\Local\Temp\~006A8374.00000DD4.sznpkg -o C:\Users\user\AppData\Roaming\Seznam.cz\install\szn-software-base-1.0.0-win32.zip
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /S /C "install.bat C:\Users\user\AppData\Roaming\Seznam.cz"
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\UNZIP.EXE C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\unzip.exe -d C:\Users\user\AppData\Local\Temp\~006A848E.00000DD4.sznpkg -o C:\Users\user\AppData\Roaming\Seznam.cz\install\com.microsoft.msdn.msvcr110-11.0.51106.1-win32.zip
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /S /C "install.bat C:\Users\user\AppData\Roaming\Seznam.cz"
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\UNZIP.EXE C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\unzip.exe -d C:\Users\user\AppData\Local\Temp\~006A8960.00000DD4.sznpkg -o C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\download\cz.seznam.software.lightspeed-1210-12.10.18-win32.zip
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /S /C "install.bat C:\Users\user\AppData\Roaming\Seznam.cz"
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\UNZIP.EXE C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\unzip.exe -d C:\Users\user\AppData\Local\Temp\~006A8B64.00000DD4.sznpkg -o C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\download\cz.seznam.software.libszndesktop-2.1.35-win32.zip
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /S /C "install.bat C:\Users\user\AppData\Roaming\Seznam.cz"
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\UNZIP.EXE C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\unzip.exe -d C:\Users\user\AppData\Local\Temp\~006A9140.00000DD4.sznpkg -o C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\download\cz.seznam.software.szndesktop-2.0.32-win32.zip
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /S /C "install.bat C:\Users\user\AppData\Roaming\Seznam.cz"
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\UNZIP.EXE C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\unzip.exe -d C:\Users\user\AppData\Local\Temp\~006A93FF.00000DD4.sznpkg -o C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\download\cz.seznam.software.libfoxcub-3.3.8-win32.zip
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /S /C "install.bat C:\Users\user\AppData\Roaming\Seznam.cz"
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\UNZIP.EXE C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\unzip.exe -d C:\Users\user\AppData\Local\Temp\~006AA61F.00000DD4.sznpkg -o C:\Users\user\AppData\Roaming\Seznam.cz\install\cz.seznam.software.libfoxloader-3.2.7-win32.zip
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /S /C "install.bat C:\Users\user\AppData\Roaming\Seznam.cz"
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\UNZIP.EXE C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\unzip.exe -d C:\Users\user\AppData\Local\Temp\~006AA7B6.00000DD4.sznpkg -o C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\download\cz.seznam.software.libfoxcub64-3.3.8-win32.zip
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /S /C "install.bat C:\Users\user\AppData\Roaming\Seznam.cz"
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\UNZIP.EXE C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\unzip.exe -d C:\Users\user\AppData\Local\Temp\~006AB17A.00000DD4.sznpkg -o C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\download\cz.seznam.software.ielisticka3-3.3.5-win32.zip
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /S /C "install.bat C:\Users\user\AppData\Roaming\Seznam.cz"
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\UNZIP.EXE C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\unzip.exe -d C:\Users\user\AppData\Local\Temp\~006AB2D1.00000DD4.sznpkg -o C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\download\szn-software-fflisticka-4.0.8-win32.zip
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /S /C "install.bat C:\Users\user\AppData\Roaming\Seznam.cz"
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\UNZIP.EXE C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\unzip.exe -d C:\Users\user\AppData\Local\Temp\~006AC669.00000DD4.sznpkg -o C:\Users\user\AppData\Roaming\Seznam.cz\install\cz.seznam.software.chromelisticka-2.0.4-win32.zip
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /S /C "install.bat C:\Users\user\AppData\Roaming\Seznam.cz"
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\UNZIP.EXE C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\unzip.exe -d C:\Users\user\AppData\Local\Temp\~006AD463.00000DD4.sznpkg -o C:\Users\user\AppData\Roaming\Seznam.cz\install\com.microsoft.msdn.msvcr100-10.0.40219.325-win32.zip
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /S /C "install.bat C:\Users\user\AppData\Roaming\Seznam.cz"
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\UNZIP.EXE C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\unzip.exe -d C:\Users\user\AppData\Local\Temp\~006AD780.00000DD4.sznpkg -o C:\Users\user\AppData\Roaming\Seznam.cz\install\cz.seznam.software.pp-1.0.2-win32.zip
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\CPY.EXE cpy libfoxcub.conf "C:\Users\user\AppData\Roaming\Seznam.cz\conf\szndesktop.d"
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\UNZIP.EXE C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\unzip.exe -d C:\Users\user\AppData\Local\Temp\~006AE03A.00000DD4.sznpkg -o C:\Users\user\AppData\Roaming\Seznam.cz\install\szn-software-listicka-3.0.0-win32.zip
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /S /C "install.bat C:\Users\user\AppData\Roaming\Seznam.cz"
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /S /C "C:\Users\user\AppData\Roaming\Seznam.cz\uninstall\cz_seznam_software_libszndesktop_2_1_35.reconfigure.bat C:\Users\user\AppData\Roaming\Seznam.cz"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\REG.EXE REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /f /v "cz.seznam.software.autoupdate" /d "\"C:\Users\user\AppData\Roaming\Seznam.cz\szninstall.exe\" -c"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\CPY.EXE cpy msvcp110.dll "C:\Users\user\AppData\Roaming\Seznam.cz\bin"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\CPY.EXE cpy msvcr110.dll "C:\Users\user\AppData\Roaming\Seznam.cz\bin"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\CPY.EXE cpy lightspeed.dll "C:\Users\user\AppData\Roaming\Seznam.cz\bin"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\CPY.EXE cpy "szndesktop.exe" "C:\Users\user\AppData\Roaming\Seznam.cz\bin"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\CPY.EXE cpy "szndesktop.conf" "C:\Users\user\AppData\Roaming\Seznam.cz\conf"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\CPY.EXE cpy "szndesktop.webpak" "C:\Users\user\AppData\Roaming\Seznam.cz\data"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\CPY.EXE cpy "sznpp.exe" "C:\Users\user\AppData\Roaming\Seznam.cz\bin"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\REG.EXE reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SeznamInstall" /v DisplayVersion /t REG_SZ /d "2.1.35" /f
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\CPY.EXE cpy "wszndesktop.exe" "C:\Users\user\AppData\Roaming\Seznam.cz\bin"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\REG.EXE REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /f /v "cz.seznam.software.szndesktop" /d "\"C:\Users\user\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe\" -q"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\CPY.EXE cpy libfoxcub.dll "C:\Users\user\AppData\Roaming\Seznam.cz\bin"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\CPY.EXE cpy libfoxcub-x64.dll "C:\Users\user\AppData\Roaming\Seznam.cz\bin"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\CPY.EXE cpy libfoxcub.conf "C:\Users\user\AppData\Roaming\Seznam.cz\conf\szndesktop.d"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\CPY.EXE cpy foxcub.conf "C:\Users\user\AppData\Roaming\Seznam.cz\conf\libfoxcub"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\CPY.EXE cpy remote.conf "C:\Users\user\AppData\Roaming\Seznam.cz\conf\libfoxcub"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\CPY.EXE cpy listickaconfig.webpak "C:\Users\user\AppData\Roaming\Seznam.cz\data"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\CPY.EXE cpy listickanastaveni.webpak "C:\Users\user\AppData\Roaming\Seznam.cz\data"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\CPY.EXE cpy speeddial.webpak "C:\Users\user\AppData\Roaming\Seznam.cz\data"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe libfoxcub.dll,UpgradeListicka
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\REG.EXE REG QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\szn-software-listicka" /v "UninstallString"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\REG.EXE REG QUERY "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\szn-software-listicka" /v "UninstallString"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\REG.EXE REG DELETE "HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EA837F48-5AD1-443E-AE34-FFE03CBF3099}" /F
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Roaming\Seznam.cz\bin\sznpp.exe "C:\Users\user\AppData\Roaming\Seznam.cz\bin\sznpp.exe" -v report-ielisticka-install --status=0
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\CPY.EXE cpy libfoxcub-x64.dll "C:\Users\user\AppData\Roaming\Seznam.cz\bin"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\CPY.EXE cpy listicka-x64.exe "C:\Users\user\AppData\Roaming\Seznam.cz\bin"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe szndesktop.exe default restart
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Process created: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe szndesktop.exe default restart

Source: C:\Users\user\Desktop\1a4e5ccd35a56d84281a143f831563be.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\1a4e5ccd35a56d84281a143f831563be.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\1a4e5ccd35a56d84281a143f831563be.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\1a4e5ccd35a56d84281a143f831563be.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\Desktop\1a4e5ccd35a56d84281a143f831563be.exe	Section loaded: dwmapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\1a4e5ccd35a56d84281a143f831563be.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\1a4e5ccd35a56d84281a143f831563be.exe	Section loaded: oleacc.dll	Jump to behavior
Source: C:\Users\user\Desktop\1a4e5ccd35a56d84281a143f831563be.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\Desktop\1a4e5ccd35a56d84281a143f831563be.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\1a4e5ccd35a56d84281a143f831563be.exe	Section loaded: shfolder.dll	Jump to behavior
Source: C:\Users\user\Desktop\1a4e5ccd35a56d84281a143f831563be.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\1a4e5ccd35a56d84281a143f831563be.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\1a4e5ccd35a56d84281a143f831563be.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\1a4e5ccd35a56d84281a143f831563be.exe	Section loaded: riched20.dll	Jump to behavior
Source: C:\Users\user\Desktop\1a4e5ccd35a56d84281a143f831563be.exe	Section loaded: usp10.dll	Jump to behavior
Source: C:\Users\user\Desktop\1a4e5ccd35a56d84281a143f831563be.exe	Section loaded: msls31.dll	Jump to behavior
Source: C:\Users\user\Desktop\1a4e5ccd35a56d84281a143f831563be.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Users\user\Desktop\1a4e5ccd35a56d84281a143f831563be.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Users\user\Desktop\1a4e5ccd35a56d84281a143f831563be.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\Desktop\1a4e5ccd35a56d84281a143f831563be.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\1a4e5ccd35a56d84281a143f831563be.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\1a4e5ccd35a56d84281a143f831563be.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\1a4e5ccd35a56d84281a143f831563be.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	Section loaded: shfolder.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	Section loaded: riched20.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	Section loaded: usp10.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	Section loaded: msls31.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	Section loaded: sti.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	Section loaded: sti.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	Section loaded: linkinfo.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	Section loaded: ntshrui.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	Section loaded: cscapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	Section loaded: sti.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	Section loaded: sxs.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\GPhotos.scr	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\GPhotos.scr	Section loaded: rasapi32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\GPhotos.scr	Section loaded: wininet.dll	Jump to behavior
Source: C:\Windows\SysWOW64\GPhotos.scr	Section loaded: mscms.dll	Jump to behavior
Source: C:\Windows\SysWOW64\GPhotos.scr	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Windows\SysWOW64\GPhotos.scr	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\GPhotos.scr	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Windows\SysWOW64\GPhotos.scr	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\GPhotos.scr	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\GPhotos.scr	Section loaded: rasman.dll	Jump to behavior
Source: C:\Windows\SysWOW64\GPhotos.scr	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\GPhotos.scr	Section loaded: coloradapterclient.dll	Jump to behavior
Source: C:\Windows\SysWOW64\GPhotos.scr	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\SysWOW64\GPhotos.scr	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\SysWOW64\GPhotos.scr	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\GPhotos.scr	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\GPhotos.scr	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\GPhotos.scr	Section loaded: rtutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\GPhotos.scr	Section loaded: netprofm.dll	Jump to behavior
Source: C:\Windows\SysWOW64\GPhotos.scr	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\GPhotos.scr	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Windows\SysWOW64\GPhotos.scr	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\GPhotos.scr	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\GPhotos.scr	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Windows\SysWOW64\GPhotos.scr	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\GPhotos.scr	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\GPhotos.scr	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\GPhotos.scr	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Section loaded: ddraw.dll	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Section loaded: mscms.dll	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Section loaded: msvfw32.dll	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Section loaded: avifil32.dll	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Section loaded: coloradapterclient.dll	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Section loaded: dxgi.dll	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Section loaded: msacm32.dll	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Section loaded: winmmbase.dll	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Section loaded: winmmbase.dll	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Section loaded: ddraw.dll	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Section loaded: mscms.dll	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Section loaded: msvfw32.dll	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Section loaded: avifil32.dll	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Section loaded: dxgi.dll	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Section loaded: coloradapterclient.dll	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Section loaded: msacm32.dll	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Section loaded: winmmbase.dll	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Section loaded: winmmbase.dll	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Section loaded: rasapi32.dll	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Section loaded: rasman.dll	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Section loaded: rtutils.dll	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Section loaded: netprofm.dll	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Section loaded: dataexchange.dll	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Section loaded: d3d11.dll	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Section loaded: dcomp.dll	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Section loaded: twinapi.appcore.dll	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Section loaded: devenum.dll	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Section loaded: devobj.dll	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Section loaded: msdmo.dll	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Section loaded: avicap32.dll	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\PicasaPhotoViewer.exe	Section loaded: apphelp.dll
Source: C:\Program Files (x86)\Google\Picasa3\PicasaPhotoViewer.exe	Section loaded: wininet.dll
Source: C:\Program Files (x86)\Google\Picasa3\PicasaPhotoViewer.exe	Section loaded: mscms.dll
Source: C:\Program Files (x86)\Google\Picasa3\PicasaPhotoViewer.exe	Section loaded: urlmon.dll
Source: C:\Program Files (x86)\Google\Picasa3\PicasaPhotoViewer.exe	Section loaded: version.dll
Source: C:\Program Files (x86)\Google\Picasa3\PicasaPhotoViewer.exe	Section loaded: userenv.dll
Source: C:\Program Files (x86)\Google\Picasa3\PicasaPhotoViewer.exe	Section loaded: coloradapterclient.dll
Source: C:\Program Files (x86)\Google\Picasa3\PicasaPhotoViewer.exe	Section loaded: iertutil.dll
Source: C:\Program Files (x86)\Google\Picasa3\PicasaPhotoViewer.exe	Section loaded: srvcli.dll
Source: C:\Program Files (x86)\Google\Picasa3\PicasaPhotoViewer.exe	Section loaded: netutils.dll
Source: C:\Program Files (x86)\Google\Picasa3\PicasaPhotoViewer.exe	Section loaded: msasn1.dll
Source: C:\Program Files (x86)\Google\Picasa3\PicasaPhotoViewer.exe	Section loaded: uxtheme.dll
Source: C:\Program Files (x86)\Google\Picasa3\PicasaPhotoViewer.exe	Section loaded: windows.storage.dll
Source: C:\Program Files (x86)\Google\Picasa3\PicasaPhotoViewer.exe	Section loaded: wldp.dll
Source: C:\Program Files (x86)\Google\Picasa3\PicasaPhotoViewer.exe	Section loaded: profapi.dll
Source: C:\Program Files (x86)\Google\Picasa3\PicasaPhotoViewer.exe	Section loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\Google\Picasa3\PicasaPhotoViewer.exe	Section loaded: propsys.dll
Source: C:\Program Files (x86)\Google\Picasa3\PicasaPhotoViewer.exe	Section loaded: mrmcorer.dll
Source: C:\Program Files (x86)\Google\Picasa3\PicasaPhotoViewer.exe	Section loaded: windows.staterepositorycore.dll
Source: C:\Program Files (x86)\Google\Picasa3\PicasaPhotoViewer.exe	Section loaded: appxdeploymentclient.dll
Source: C:\Program Files (x86)\Google\Picasa3\PicasaPhotoViewer.exe	Section loaded: bcp47mrm.dll
Source: C:\Program Files (x86)\Google\Picasa3\PicasaPhotoViewer.exe	Section loaded: windows.ui.dll
Source: C:\Program Files (x86)\Google\Picasa3\PicasaPhotoViewer.exe	Section loaded: windowmanagementapi.dll
Source: C:\Program Files (x86)\Google\Picasa3\PicasaPhotoViewer.exe	Section loaded: textinputframework.dll
Source: C:\Program Files (x86)\Google\Picasa3\PicasaPhotoViewer.exe	Section loaded: inputhost.dll
Source: C:\Program Files (x86)\Google\Picasa3\PicasaPhotoViewer.exe	Section loaded: wintypes.dll
Source: C:\Program Files (x86)\Google\Picasa3\PicasaPhotoViewer.exe	Section loaded: twinapi.appcore.dll
Source: C:\Program Files (x86)\Google\Picasa3\PicasaPhotoViewer.exe	Section loaded: coremessaging.dll
Source: C:\Program Files (x86)\Google\Picasa3\PicasaPhotoViewer.exe	Section loaded: twinapi.appcore.dll
Source: C:\Program Files (x86)\Google\Picasa3\PicasaPhotoViewer.exe	Section loaded: coreuicomponents.dll
Source: C:\Program Files (x86)\Google\Picasa3\PicasaPhotoViewer.exe	Section loaded: coremessaging.dll
Source: C:\Program Files (x86)\Google\Picasa3\PicasaPhotoViewer.exe	Section loaded: coremessaging.dll
Source: C:\Program Files (x86)\Google\Picasa3\PicasaPhotoViewer.exe	Section loaded: coreuicomponents.dll
Source: C:\Program Files (x86)\Google\Picasa3\PicasaPhotoViewer.exe	Section loaded: ntmarta.dll
Source: C:\Program Files (x86)\Google\Picasa3\PicasaPhotoViewer.exe	Section loaded: appxdeploymentclient.dll
Source: C:\Program Files (x86)\Google\Picasa3\PicasaPhotoViewer.exe	Section loaded: appxdeploymentclient.dll
Source: C:\Program Files (x86)\Google\Picasa3\PicasaPhotoViewer.exe	Section loaded: appxdeploymentclient.dll
Source: C:\Program Files (x86)\Google\Picasa3\PicasaPhotoViewer.exe	Section loaded: appxdeploymentclient.dll
Source: C:\Program Files (x86)\Google\Picasa3\PicasaPhotoViewer.exe	Section loaded: appxdeploymentclient.dll
Source: C:\Program Files (x86)\Google\Picasa3\PicasaPhotoViewer.exe	Section loaded: appxdeploymentclient.dll
Source: C:\Program Files (x86)\Google\Picasa3\PicasaPhotoViewer.exe	Section loaded: appxdeploymentclient.dll
Source: C:\Program Files (x86)\Google\Picasa3\PicasaPhotoViewer.exe	Section loaded: windows.staterepositoryps.dll
Source: C:\Program Files (x86)\Google\Picasa3\PicasaPhotoViewer.exe	Section loaded: appxdeploymentclient.dll
Source: C:\Program Files (x86)\Google\Picasa3\PicasaPhotoViewer.exe	Section loaded: appxdeploymentclient.dll
Source: C:\Program Files (x86)\Google\Picasa3\PicasaPhotoViewer.exe	Section loaded: appxdeploymentclient.dll
Source: C:\Program Files (x86)\Google\Picasa3\PicasaPhotoViewer.exe	Section loaded: appxdeploymentclient.dll
Source: C:\Program Files (x86)\Google\Picasa3\PicasaPhotoViewer.exe	Section loaded: appxdeploymentclient.dll
Source: C:\Program Files (x86)\Google\Picasa3\PicasaPhotoViewer.exe	Section loaded: appxdeploymentclient.dll
Source: C:\Program Files (x86)\Google\Picasa3\PicasaPhotoViewer.exe	Section loaded: appxdeploymentclient.dll
Source: C:\Program Files (x86)\Google\Picasa3\PicasaPhotoViewer.exe	Section loaded: appxdeploymentclient.dll
Source: C:\Program Files (x86)\Google\Picasa3\PicasaPhotoViewer.exe	Section loaded: appxdeploymentclient.dll
Source: C:\Program Files (x86)\Google\Picasa3\PicasaPhotoViewer.exe	Section loaded: appxdeploymentclient.dll
Source: C:\Program Files (x86)\Google\Picasa3\PicasaPhotoViewer.exe	Section loaded: appxdeploymentclient.dll
Source: C:\Program Files (x86)\Google\Picasa3\PicasaPhotoViewer.exe	Section loaded: appxdeploymentclient.dll
Source: C:\Program Files (x86)\Google\Picasa3\PicasaPhotoViewer.exe	Section loaded: cryptsp.dll
Source: C:\Program Files (x86)\Google\Picasa3\PicasaPhotoViewer.exe	Section loaded: rsaenh.dll
Source: C:\Program Files (x86)\Google\Picasa3\PicasaPhotoViewer.exe	Section loaded: cryptbase.dll
Source: C:\Program Files (x86)\Google\Picasa3\PicasaPhotoViewer.exe	Section loaded: gpapi.dll
Source: C:\Program Files (x86)\Google\Picasa3\PicasaPhotoViewer.exe	Section loaded: cryptnet.dll
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\listicka.exe	Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\listicka.exe	Section loaded: version.dll
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\listicka.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\listicka.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\listicka.exe	Section loaded: shfolder.dll
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\listicka.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\listicka.exe	Section loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\listicka.exe	Section loaded: propsys.dll
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\listicka.exe	Section loaded: profapi.dll
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\listicka.exe	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup-lt.exe	Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup-lt.exe	Section loaded: wininet.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup-lt.exe	Section loaded: wininet.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup-lt.exe	Section loaded: iertutil.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup-lt.exe	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup-lt.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup-lt.exe	Section loaded: wldp.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup-lt.exe	Section loaded: profapi.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup-lt.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup-lt.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup-lt.exe	Section loaded: winhttp.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup-lt.exe	Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup-lt.exe	Section loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup-lt.exe	Section loaded: winnsi.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup-lt.exe	Section loaded: dnsapi.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup-lt.exe	Section loaded: rasadhlp.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup-lt.exe	Section loaded: fwpuclnt.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup-lt.exe	Section loaded: urlmon.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup-lt.exe	Section loaded: srvcli.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup-lt.exe	Section loaded: netutils.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup-lt.exe	Section loaded: schannel.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup-lt.exe	Section loaded: mskeyprotect.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup-lt.exe	Section loaded: ntasn1.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup-lt.exe	Section loaded: msasn1.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup-lt.exe	Section loaded: dpapi.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup-lt.exe	Section loaded: cryptsp.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup-lt.exe	Section loaded: rsaenh.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup-lt.exe	Section loaded: cryptbase.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup-lt.exe	Section loaded: gpapi.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup-lt.exe	Section loaded: ncrypt.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup-lt.exe	Section loaded: ncryptsslp.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup-lt.exe	Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup-lt.exe	Section loaded: ntmarta.dll
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe	Section loaded: wininet.dll
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe	Section loaded: urlmon.dll
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe	Section loaded: iertutil.dll
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe	Section loaded: srvcli.dll
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe	Section loaded: netutils.dll
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe	Section loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe	Section loaded: uxtheme.dll
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe	Section loaded: windows.storage.dll
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe	Section loaded: wldp.dll
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe	Section loaded: propsys.dll
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe	Section loaded: profapi.dll
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe	Section loaded: edputil.dll
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe	Section loaded: windows.staterepositoryps.dll
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe	Section loaded: sspicli.dll
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe	Section loaded: wintypes.dll
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe	Section loaded: appresolver.dll
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe	Section loaded: bcp47langs.dll
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe	Section loaded: slc.dll
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe	Section loaded: userenv.dll
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe	Section loaded: sppc.dll
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe	Section loaded: onecorecommonproxystub.dll
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe	Section loaded: onecoreuapcommonproxystub.dll
Source: C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe	Section loaded: vcruntime140.dll
Source: C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe	Section loaded: wininet.dll
Source: C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe	Section loaded: version.dll
Source: C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe	Section loaded: urlmon.dll
Source: C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe	Section loaded: msvcp140.dll
Source: C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe	Section loaded: iertutil.dll
Source: C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe	Section loaded: srvcli.dll
Source: C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe	Section loaded: netutils.dll
Source: C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe	Section loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\UNZIP.EXE	Section loaded: apphelp.dll
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: cmdext.dll
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: ntmarta.dll
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: cmdext.dll
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: ntmarta.dll
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\REG.EXE	Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\szninstall.exe	Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\szninstall.exe	Section loaded: wtsapi32.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\szninstall.exe	Section loaded: userenv.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\szninstall.exe	Section loaded: wininet.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\szninstall.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\szninstall.exe	Section loaded: wldp.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\szninstall.exe	Section loaded: profapi.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\szninstall.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\szninstall.exe	Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\szninstall.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\szninstall.exe	Section loaded: propsys.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\szninstall.exe	Section loaded: edputil.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\szninstall.exe	Section loaded: urlmon.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\szninstall.exe	Section loaded: iertutil.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\szninstall.exe	Section loaded: srvcli.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\szninstall.exe	Section loaded: netutils.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\szninstall.exe	Section loaded: windows.staterepositoryps.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\szninstall.exe	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\szninstall.exe	Section loaded: wintypes.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\szninstall.exe	Section loaded: appresolver.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\szninstall.exe	Section loaded: bcp47langs.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\szninstall.exe	Section loaded: slc.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\szninstall.exe	Section loaded: sppc.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\szninstall.exe	Section loaded: onecorecommonproxystub.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\szninstall.exe	Section loaded: onecoreuapcommonproxystub.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Section loaded: wininet.dll
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\cookie_exporter.exe	Section loaded: msedge.dll
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\cookie_exporter.exe	Section loaded: winmm.dll
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\cookie_exporter.exe	Section loaded: msedge_elf.dll
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\cookie_exporter.exe	Section loaded: wininet.dll
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\cookie_exporter.exe	Section loaded: iertutil.dll
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\cookie_exporter.exe	Section loaded: sspicli.dll
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\cookie_exporter.exe	Section loaded: windows.storage.dll
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\cookie_exporter.exe	Section loaded: wldp.dll
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\cookie_exporter.exe	Section loaded: profapi.dll
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\cookie_exporter.exe	Section loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\cookie_exporter.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\cookie_exporter.exe	Section loaded: winhttp.dll
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\cookie_exporter.exe	Section loaded: mswsock.dll
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\cookie_exporter.exe	Section loaded: iphlpapi.dll
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\cookie_exporter.exe	Section loaded: winnsi.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Section loaded: wininet.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Section loaded: iertutil.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Section loaded: wldp.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Section loaded: profapi.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Section loaded: winhttp.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Section loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Section loaded: winnsi.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Section loaded: dnsapi.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Section loaded: rasadhlp.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Section loaded: fwpuclnt.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Section loaded: urlmon.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Section loaded: srvcli.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Section loaded: netutils.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Section loaded: schannel.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Section loaded: mskeyprotect.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Section loaded: ntasn1.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Section loaded: msasn1.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Section loaded: dpapi.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Section loaded: cryptsp.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Section loaded: rsaenh.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Section loaded: cryptbase.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Section loaded: gpapi.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Section loaded: ncrypt.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Section loaded: ncryptsslp.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Section loaded: ntmarta.dll
Source: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\UNZIP.EXE	Section loaded: apphelp.dll
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: cmdext.dll
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\REG.EXE	Section loaded: apphelp.dll
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: cmdext.dll
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: cmdext.dll
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\CPY.EXE	Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\CPY.EXE	Section loaded: ntmarta.dll
Source: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\CPY.EXE	Section loaded: ntmarta.dll
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: cmdext.dll
Source: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\CPY.EXE	Section loaded: ntmarta.dll
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: cmdext.dll
Source: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\CPY.EXE	Section loaded: ntmarta.dll
Source: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\CPY.EXE	Section loaded: ntmarta.dll
Source: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\CPY.EXE	Section loaded: ntmarta.dll
Source: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\CPY.EXE	Section loaded: ntmarta.dll
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: cmdext.dll
Source: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\CPY.EXE	Section loaded: ntmarta.dll
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: cmdext.dll
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\CPY.EXE	Section loaded: ntmarta.dll
Source: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\CPY.EXE	Section loaded: ntmarta.dll
Source: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\CPY.EXE	Section loaded: ntmarta.dll
Source: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\CPY.EXE	Section loaded: ntmarta.dll
Source: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\CPY.EXE	Section loaded: ntmarta.dll
Source: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\CPY.EXE	Section loaded: ntmarta.dll
Source: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\CPY.EXE	Section loaded: ntmarta.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\sznpp.exe	Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\sznpp.exe	Section loaded: version.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\sznpp.exe	Section loaded: wininet.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\sznpp.exe	Section loaded: secur32.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\sznpp.exe	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\sznpp.exe	Section loaded: dbghelp.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\sznpp.exe	Section loaded: dbgcore.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\sznpp.exe	Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\sznpp.exe	Section loaded: napinsp.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\sznpp.exe	Section loaded: pnrpnsp.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\sznpp.exe	Section loaded: wshbth.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\sznpp.exe	Section loaded: nlaapi.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\sznpp.exe	Section loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\sznpp.exe	Section loaded: dnsapi.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\sznpp.exe	Section loaded: winrnr.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\sznpp.exe	Section loaded: fwpuclnt.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\sznpp.exe	Section loaded: rasadhlp.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\sznpp.exe	Section loaded: msasn1.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\sznpp.exe	Section loaded: cryptsp.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\sznpp.exe	Section loaded: rsaenh.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\sznpp.exe	Section loaded: profapi.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\sznpp.exe	Section loaded: cryptbase.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\sznpp.exe	Section loaded: dpapi.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\sznpp.exe	Section loaded: ncrypt.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\sznpp.exe	Section loaded: ntasn1.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\sznpp.exe	Section loaded: schannel.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\sznpp.exe	Section loaded: mskeyprotect.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\sznpp.exe	Section loaded: ncryptprov.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\sznpp.exe	Section loaded: ncryptsslp.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\sznpp.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: cmdext.dll
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: ntmarta.dll
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: cmdext.dll
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: ntmarta.dll
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\CPY.EXE	Section loaded: ntmarta.dll
Source: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\CPY.EXE	Section loaded: ntmarta.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Section loaded: wininet.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Section loaded: version.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Section loaded: lightspeed.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Section loaded: msvcp110.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Section loaded: msvcr110.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Section loaded: dbghelp.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Section loaded: dbgcore.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Section loaded: mswsock.dll

Source: C:\Users\user\Desktop\1a4e5ccd35a56d84281a143f831563be.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32

Jump to behavior

Source: Picasa 3.lnk.16.dr	LNK file: ..\..\..\..\..\..\Program Files (x86)\Google\Picasa3\Picasa3.exe
Source: Configure Picasa Photo Viewer.lnk.16.dr	LNK file: ..\..\..\..\..\..\Program Files (x86)\Google\Picasa3\PicasaPhotoViewer.exe
Source: Uninstall.lnk.16.dr	LNK file: ..\..\..\..\..\..\Program Files (x86)\Google\Picasa3\uninstall.exe
Source: Picasa 3.lnk0.16.dr	LNK file: ..\..\..\Program Files (x86)\Google\Picasa3\Picasa3.exe
Source: Picasa 3.lnk1.16.dr	LNK file: ..\..\..\..\..\..\..\Program Files (x86)\Google\Picasa3\Picasa3.exe

Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe

File written: C:\Program Files (x86)\Google\Picasa3\web\templates\blackfrm\xLifescape.ini

Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe

Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe

Key opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2246122658-3693405117-2476756634-1003\Software\Microsoft\Office\16.0\Lync

Source: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\REG.EXE

Registry value created: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SeznamInstall

Source: 563299efce875400a8d9b44b96597c8e-sample (1).zip

Static file information: File size 25085622 > 1048576

Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe

File opened: C:\Users\user\AppData\Local\Temp\~006AD463.00000DD4.sznpkg\msvcr100.dll

Source:	Binary string: C:\Users\ondrej.novak\Documents\Visual Studio 2008\Projects\software-trunk\SeznamInstall\bin\debug\sznsetup-lt.pdbPV source: sznsetup-lt.exe, 00000017.00000000.1729394687.000000000052B000.00000002.00000001.01000000.0000001F.sdmp
Source:	Binary string: C:\Repository\listicka\ielisticka_new\bin-Release\pdb\listicka-x64.pdb source: UNZIP.EXE, 00000081.00000002.2178378406.0000000000428000.00000040.00000001.01000000.00000026.sdmp, CPY.EXE, 00000086.00000002.2185910879.000000000075A000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \plugins\CDVDR\*.pdb source: setuppicasa39-setup.exe, 00000010.00000003.1659418312.000000000067F000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \plugins\expwebsites\*.pdb source: setuppicasa39-setup.exe, 00000010.00000003.1659418312.000000000067F000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: p:\d\a\wpyh4-vm-6.hot\recipes\840394494\base\googleclient\picasa39-stable\build\Picasa3.pdb source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp
Source:	Binary string: C:\playground\repos\listicka\sznpp\bin\symbols\Release_x86\sznpp_dll.pdb source: UNZIP.EXE, 0000005D.00000002.2105385323.0000000000428000.00000040.00000001.01000000.00000026.sdmp, CPY.EXE, 00000064.00000002.2115643669.0000000000ECA000.00000004.00000020.00020000.00000000.sdmp, sznpp.exe, 0000007C.00000000.2152804918.0000000000BFB000.00000002.00000001.01000000.0000002C.sdmp
Source:	Binary string: msvcp110.i386.pdb source: szndesktop.exe, szndesktop.exe, 00000087.00000002.2193190667.000000006C0E1000.00000020.00000001.01000000.0000002E.sdmp
Source:	Binary string: C:\Users\ondrej.novak\Documents\Visual Studio 2008\Projects\software-trunk\SeznamInstall\bin\debug\sznsetup.pdb source: sznsetup.exe, 00000039.00000000.1850844929.0000000000F0C000.00000002.00000001.01000000.00000023.sdmp
Source:	Binary string: msvcr110.i386.pdb source: UNZIP.EXE, 00000052.00000002.2089014833.0000000000428000.00000040.00000001.01000000.00000026.sdmp, CPY.EXE, 00000057.00000002.2096863979.0000000000B3A000.00000004.00000020.00020000.00000000.sdmp, szndesktop.exe, szndesktop.exe, 00000087.00000002.2195197650.000000006C221000.00000020.00000001.01000000.0000002B.sdmp
Source:	Binary string: C:\playground\repos\listicka\sznpp\bin\symbols\Release_x64\sznpp_64.pdb source: sznpp.exe, 0000007C.00000000.2152804918.0000000000B52000.00000002.00000001.01000000.0000002C.sdmp
Source:	Binary string: PhotoViewer.pdbGCTL source: PicasaPhotoViewer.exe, 00000015.00000003.1748748621.0000000003DBE000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\playground\repos\listicka\sznpp\bin\symbols\Release_x86\sznpp.pdb source: sznpp.exe, 0000007C.00000000.2152425887.0000000000B0C000.00000002.00000001.01000000.0000002C.sdmp
Source:	Binary string: C:\playground\repos\listicka\sznpp\bin\symbols\Release_x86\sznpp.pdb- source: sznpp.exe, 0000007C.00000000.2152425887.0000000000B0C000.00000002.00000001.01000000.0000002C.sdmp
Source:	Binary string: p:\d\a\wpyh4-vm-6.hot\recipes\840394494\base\googleclient\picasa39-stable\build\PicasaPhotoViewer.pdb source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000031AA000.00000004.00000020.00020000.00000000.sdmp, PicasaPhotoViewer.exe, 00000015.00000000.1692209976.000000000070D000.00000002.00000001.01000000.00000019.sdmp
Source:	Binary string: p:\d\a\wpyh4-vm-6.hot\recipes\840394494\base\googleclient\picasa39-stable\build\cdautorun\PicasaCD.pdb source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.0000000004419000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: mi_exe_stub.pdb@;AL source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000029F6000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: p:\d\a\wpyh4-vm-6.hot\recipes\840394494\base\googleclient\picasa39-stable\build\plugins\CDVDR\CDVDR.pdb source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.0000000003831000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2497615129.00000000033F3000.00000002.00000001.01000000.00000015.sdmp
Source:	Binary string: p:\d\a\wpyh4-vm-6.hot\recipes\840394494\base\googleclient\picasa39-stable\build\npPicasa3.pdb source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.0000000002E88000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: d:\Development\googleclient\picasa4\build\plugins\Red.pdb source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.0000000003FAE000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Repository\listicka\ielisticka_new\bin-Release\pdb\szndesktop.pdb source: CPY.EXE, 00000061.00000002.2108099884.0000000000E09000.00000004.00000020.00020000.00000000.sdmp, szndesktop.exe, 00000087.00000000.2188348792.0000000000875000.00000002.00000001.01000000.0000002D.sdmp
Source:	Binary string: p:\d\a\wpyh4-vm-6.hot\recipes\840394494\base\googleclient\picasa39-stable\build\plugins\expwebsites\expwebsites.pdb source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.0000000003DA5000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2533437740.000000000488F000.00000002.00000001.01000000.00000016.sdmp
Source:	Binary string: C:\Users\ondrej.novak\Documents\Visual Studio 2008\Projects\software-trunk\SeznamInstall\bin\debug\sznsetup-lt.pdb source: listicka.exe, 00000016.00000002.2443085483.00000000029E3000.00000004.00000020.00020000.00000000.sdmp, sznsetup-lt.exe, 00000017.00000000.1729394687.000000000052B000.00000002.00000001.01000000.0000001F.sdmp
Source:	Binary string: C:\playground\repos\listicka\sznpp\bin\symbols\Release_x64\sznpp_dll.pdb source: CPY.EXE, 00000064.00000002.2115643669.0000000000ECA000.00000004.00000020.00020000.00000000.sdmp, sznpp.exe, 0000007C.00000000.2152804918.0000000000BFB000.00000002.00000001.01000000.0000002C.sdmp
Source:	Binary string: C:\playground\repos\listicka\sznpp\bin\symbols\Release_x64\sznpp_64.pdb( source: sznpp.exe, 0000007C.00000000.2152804918.0000000000B52000.00000002.00000001.01000000.0000002C.sdmp
Source:	Binary string: p:\d\a\wpyh4-vm-6.hot\recipes\840394494\base\googleclient\picasa39-stable\build\GPhotos.pdb source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000035FF000.00000004.00000020.00020000.00000000.sdmp, GPhotos.scr, 00000011.00000000.1542724484.000000000062E000.00000002.00000001.01000000.0000000F.sdmp
Source:	Binary string: C:\Repository\listicka\ielisticka_new\bin-Release\pdb\szndesktop.pdb44 source: CPY.EXE, 00000061.00000002.2108099884.0000000000E09000.00000004.00000020.00020000.00000000.sdmp, szndesktop.exe, 00000087.00000000.2188348792.0000000000875000.00000002.00000001.01000000.0000002D.sdmp
Source:	Binary string: C:\Repository\listicka-new\ielisticka_new\bin-Release\pdb\lightspeed.pdb source: CPY.EXE, 0000005C.00000002.2102179386.0000000000B00000.00000004.00000020.00020000.00000000.sdmp, szndesktop.exe, 00000087.00000002.2198970614.000000006C384000.00000002.00000001.01000000.0000002A.sdmp
Source:	Binary string: p:\d\a\wpyh4-vm-6.hot\recipes\840394494\base\googleclient\picasa39-stable\build\plugins\ytITivo.pdb source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.0000000003F3F000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2504208079.0000000004079000.00000002.00000001.01000000.00000017.sdmp
Source:	Binary string: C:\Repository\listicka-new\ielisticka_new\bin-Release\pdb\lightspeed.pdbQQ source: CPY.EXE, 0000005C.00000002.2102179386.0000000000B00000.00000004.00000020.00020000.00000000.sdmp, szndesktop.exe, 00000087.00000002.2198970614.000000006C384000.00000002.00000001.01000000.0000002A.sdmp
Source:	Binary string: p:\d\a\wpyh4-vm-6.hot\recipes\840394494\base\googleclient\picasa39-stable\build\cdautorun\PicasaRestore.pdb source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.000000000459F000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Repository\listicka\ielisticka_new\bin-Release\pdb\libfoxloader.pdb source: UNZIP.EXE, 0000007D.00000002.2173171240.000000000042B000.00000040.00000001.01000000.00000026.sdmp, szndesktop.exe, 00000087.00000002.2200176289.000000006C489000.00000002.00000001.01000000.0000002F.sdmp
Source:	Binary string: Rg.pdbH source: listicka.exe, 00000016.00000002.2443085483.00000000029E3000.00000004.00000020.00020000.00000000.sdmp, sznsetup-lt.exe, 00000017.00000000.1730049584.0000000000571000.00000002.00000001.01000000.0000001F.sdmp, REG.EXE, 0000002A.00000000.1818569837.0000000001000000.00000002.00000001.01000000.00000021.sdmp, REG.EXE, 0000002A.00000000.1818621571.0000000001018000.00000080.00000001.01000000.00000021.sdmp, REG.EXE, 0000002A.00000002.1819878005.0000000001000000.00000002.00000001.01000000.00000021.sdmp, sznsetup.exe, 00000039.00000000.1851570101.0000000000F52000.00000002.00000001.01000000.00000023.sdmp
Source:	Binary string: C:\Users\petr.slivon\Documents\Visual Studio 2012\Projects\listicka-trunk\ielisticka_new\bin-Release\pdb\wszndesktop.pdb source: UNZIP.EXE, 00000066.00000002.2120076164.0000000000428000.00000040.00000001.01000000.00000026.sdmp, CPY.EXE, 0000006A.00000002.2122729835.0000000000629000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: msvcp110.i386.pdb0 source: szndesktop.exe, 00000087.00000002.2193190667.000000006C0E1000.00000020.00000001.01000000.0000002E.sdmp
Source:	Binary string: C:\Repository\listicka\ielisticka_new\bin-Release\pdb\listicka-x64.pdbhh source: UNZIP.EXE, 00000081.00000002.2178378406.0000000000428000.00000040.00000001.01000000.00000026.sdmp, CPY.EXE, 00000086.00000002.2185910879.000000000075A000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Repository\listicka\ielisticka_new\bin-Release\pdb\libfoxloader.pdb~{ source: UNZIP.EXE, 0000007D.00000002.2173171240.000000000042B000.00000040.00000001.01000000.00000026.sdmp, szndesktop.exe, 00000087.00000002.2200176289.000000006C489000.00000002.00000001.01000000.0000002F.sdmp
Source:	Binary string: C:\Users\ondrej.novak\Documents\Visual Studio 2008\Projects\software-trunk\SeznamInstall\bin\debug\szninstall.pdb source: szninstall.exe, 00000038.00000000.1847499306.0000000000571000.00000002.00000001.01000000.00000022.sdmp
Source:	Binary string: reg.pdb source: REG.EXE, REG.EXE, 0000002A.00000002.1819912483.0000000001001000.00000040.00000001.01000000.00000021.sdmp
Source:	Binary string: mi_exe_stub.pdb source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000029F6000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: PhotoViewer.pdb source: PicasaPhotoViewer.exe, 00000015.00000003.1748748621.0000000003DBE000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: d:\twbrown-picasa-1\googleclient\picasa4\NSIS_Unicode_v3\Plugins\x86-unicode\NSIS_Picasa_Unicode.pdb source: setuppicasa39-setup.exe, 00000010.00000002.1704699696.0000000004CA3000.00000002.00000001.01000000.0000000C.sdmp
Source:	Binary string: C:\Users\ondrej.novak\Documents\Visual Studio 2008\Projects\software-trunk\SeznamInstall\bin\debug\sznsetup-lt.pdbPP source: listicka.exe, 00000016.00000002.2443085483.00000000029E3000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: p:\d\a\wpyh4-vm-6.hot\recipes\840394494\base\googleclient\picasa39-stable\build\Picasa3i18n.pdb source: Picasa3.exe, 00000014.00000002.2599698862.0000000010008000.00000002.00000001.01000000.00000014.sdmp
Source:	Binary string: C:\Users\ondrej.novak\Documents\Visual Studio 2008\Projects\software-trunk\SeznamInstall\bin\debug\sznsetup.pdb` source: sznsetup.exe, 00000039.00000000.1850844929.0000000000F0C000.00000002.00000001.01000000.00000023.sdmp
Source:	Binary string: p:\d\a\wpyh4-vm-6.hot\recipes\840394494\base\googleclient\picasa39-stable\build\cdautorun\PicasaCD.pdblpW source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.0000000004419000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\ondrej.novak\Documents\Visual Studio 2008\Projects\software-trunk\SeznamInstall\bin\debug\szninstall.pdb0Z source: szninstall.exe, 00000038.00000000.1847499306.0000000000571000.00000002.00000001.01000000.00000022.sdmp

Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe

Code function: 16_2_04C92490 GetVersion,LoadLibraryW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,

16_2_04C92490

Source: C:\Users\user\Desktop\1a4e5ccd35a56d84281a143f831563be.exe	Code function: 15_2_73A33299 push ebx; mov dword ptr [esp], 00000001h	15_2_73A332D5
Source: C:\Users\user\Desktop\1a4e5ccd35a56d84281a143f831563be.exe	Code function: 15_2_73A314B4 push edx; mov dword ptr [esp], eax	15_2_73A31535
Source: C:\Users\user\Desktop\1a4e5ccd35a56d84281a143f831563be.exe	Code function: 15_2_73A34BE0 push dword ptr [eax+04h]; ret	15_2_73A34C0F
Source: C:\Users\user\Desktop\1a4e5ccd35a56d84281a143f831563be.exe	Code function: 15_2_73A32ACE push ecx; mov dword ptr [esp], 00000000h	15_2_73A32B06
Source: C:\Users\user\Desktop\1a4e5ccd35a56d84281a143f831563be.exe	Code function: 15_2_73A33A03 push edx; mov dword ptr [esp], eax	15_2_73A33A27
Source: C:\Users\user\Desktop\1a4e5ccd35a56d84281a143f831563be.exe	Code function: 15_2_73A31C11 push ecx; mov dword ptr [esp], ebx	15_2_73A31CC9
Source: C:\Users\user\Desktop\1a4e5ccd35a56d84281a143f831563be.exe	Code function: 15_2_73A3147E push edx; mov dword ptr [esp], eax	15_2_73A31471
Source: C:\Users\user\Desktop\1a4e5ccd35a56d84281a143f831563be.exe	Code function: 15_2_741C21CA push eax; mov dword ptr [esp], ebx	15_2_741C227B
Source: C:\Users\user\Desktop\1a4e5ccd35a56d84281a143f831563be.exe	Code function: 15_2_741C113F push eax; mov dword ptr [esp], ebx	15_2_741C11D9
Source: C:\Users\user\Desktop\1a4e5ccd35a56d84281a143f831563be.exe	Code function: 15_2_741C113F push edx; mov dword ptr [esp], 741C5000h	15_2_741C11EE
Source: C:\Users\user\Desktop\1a4e5ccd35a56d84281a143f831563be.exe	Code function: 15_2_741C113F push eax; mov dword ptr [esp], esi	15_2_741C1298
Source: C:\Users\user\Desktop\1a4e5ccd35a56d84281a143f831563be.exe	Code function: 15_2_741C113F push eax; mov dword ptr [esp], 741C4000h	15_2_741C12F6
Source: C:\Users\user\Desktop\1a4e5ccd35a56d84281a143f831563be.exe	Code function: 15_2_741C1038 push edx; mov dword ptr [esp], ebx	15_2_741C112D
Source: C:\Users\user\Desktop\1a4e5ccd35a56d84281a143f831563be.exe	Code function: 15_2_741C164A push edx; mov dword ptr [esp], eax	15_2_741C1685
Source: C:\Users\user\Desktop\1a4e5ccd35a56d84281a143f831563be.exe	Code function: 15_2_741C16C7 push edx; mov dword ptr [esp], eax	15_2_741C1743
Source: C:\Users\user\Desktop\1a4e5ccd35a56d84281a143f831563be.exe	Code function: 15_2_741C24EF push edx; mov dword ptr [esp], eax	15_2_741C2513
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	Code function: 16_2_04C97CD1 push ecx; ret	16_2_04C97CE4
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_033DFD01 push ecx; ret	20_2_033DFD14
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_04065059 push ecx; ret	20_2_0406506C
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_0482E67A push esi; ret	20_2_0482E685
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_04877891 push ecx; ret	20_2_048778A4
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_100028CD push ecx; ret	20_2_100028E0
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\listicka.exe	Code function: 22_2_10002A10 push eax; ret	22_2_10002A3E
Source: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\UNZIP.EXE	Code function: 38_2_0041B280 push eax; ret	38_2_0041B2AE
Source: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\REG.EXE	Code function: 42_2_01006F30 push eax; ret	42_2_01006F44
Source: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\REG.EXE	Code function: 42_2_01006F30 push eax; ret	42_2_01006F6C
Source: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\UNZIP.EXE	Code function: 82_2_006120DB pushad ; ret	82_2_006120EA
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: 135_2_6C11AC05 push ecx; ret	135_2_6C11AC18
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: 135_2_6C0E7FFA push edi; iretd	135_2_6C0E8001
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: 135_2_6C0E3834 push ss; iretd	135_2_6C0E3CA1
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: 135_2_6C0E3BF6 push ss; iretd	135_2_6C0E3CA1

Persistence and Installation Behavior

Drops PE files with a suspicious file extension

Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe

File created: C:\Windows\SysWOW64\GPhotos.scr

Jump to dropped file

Drops executables to the windows directory (C:\Windows) and starts them

Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe

Executable created and started: C:\Windows\SysWOW64\GPhotos.scr

Jump to behavior

Uses cmd line tools excessively to alter registry or file data

Source: C:\Windows\SysWOW64\cmd.exe	Process created: reg.exe
Source: C:\Windows\SysWOW64\cmd.exe	Process created: reg.exe
Source: C:\Windows\SysWOW64\cmd.exe	Process created: reg.exe
Source: C:\Windows\SysWOW64\cmd.exe	Process created: reg.exe
Source: C:\Windows\SysWOW64\cmd.exe	Process created: reg.exe
Source: C:\Windows\SysWOW64\cmd.exe	Process created: reg.exe
Source: C:\Windows\SysWOW64\cmd.exe	Process created: reg.exe
Source: C:\Windows\SysWOW64\cmd.exe	Process created: reg.exe
Source: C:\Windows\SysWOW64\cmd.exe	Process created: reg.exe
Source: C:\Windows\SysWOW64\cmd.exe	Process created: reg.exe
Source: C:\Windows\SysWOW64\cmd.exe	Process created: reg.exe
Source: C:\Windows\SysWOW64\cmd.exe	Process created: reg.exe
Source: C:\Windows\SysWOW64\cmd.exe	Process created: reg.exe
Source: C:\Windows\SysWOW64\cmd.exe	Process created: reg.exe
Source: C:\Windows\SysWOW64\cmd.exe	Process created: reg.exe
Source: C:\Windows\SysWOW64\cmd.exe	Process created: reg.exe
Source: C:\Windows\SysWOW64\cmd.exe	Process created: reg.exe
Source: C:\Windows\SysWOW64\cmd.exe	Process created: reg.exe
Source: C:\Windows\SysWOW64\cmd.exe	Process created: reg.exe
Source: C:\Windows\SysWOW64\cmd.exe	Process created: reg.exe
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: reg.exe
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: reg.exe
Source: C:\Windows\SysWOW64\cmd.exe	Process created: reg.exe
Source: C:\Windows\SysWOW64\cmd.exe	Process created: reg.exe
Source: C:\Windows\SysWOW64\cmd.exe	Process created: reg.exe
Source: C:\Windows\SysWOW64\cmd.exe	Process created: reg.exe
Source: C:\Windows\SysWOW64\cmd.exe	Process created: reg.exe
Source: C:\Windows\SysWOW64\cmd.exe	Process created: reg.exe
Source: C:\Windows\SysWOW64\cmd.exe	Process created: reg.exe
Source: C:\Windows\SysWOW64\cmd.exe	Process created: reg.exe
Source: C:\Windows\SysWOW64\cmd.exe	Process created: reg.exe
Source: C:\Windows\SysWOW64\cmd.exe	Process created: reg.exe
Source: C:\Windows\SysWOW64\cmd.exe	Process created: reg.exe
Source: C:\Windows\SysWOW64\cmd.exe	Process created: reg.exe
Source: C:\Windows\SysWOW64\cmd.exe	Process created: reg.exe
Source: C:\Windows\SysWOW64\cmd.exe	Process created: reg.exe
Source: C:\Windows\SysWOW64\cmd.exe	Process created: reg.exe
Source: C:\Windows\SysWOW64\cmd.exe	Process created: reg.exe
Source: C:\Windows\SysWOW64\cmd.exe	Process created: reg.exe
Source: C:\Windows\SysWOW64\cmd.exe	Process created: reg.exe
Source: C:\Windows\SysWOW64\cmd.exe	Process created: reg.exe

Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	File created: C:\Users\user\AppData\Local\Temp\nst9CEF.tmp\NSIS_Picasa_Unicode.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	File created: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\CPY.EXE	File created: C:\Users\user\AppData\Roaming\Seznam.cz\bin\listicka-x64.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	File created: C:\Program Files (x86)\Google\Picasa3\MovieThumb.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	File created: C:\Users\user\AppData\Local\Temp\nst9CEF.tmp\System.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\UNZIP.EXE	File created: C:\Users\user\AppData\Local\Temp\~006A8B64.00000DD4.sznpkg\sznpp.exe	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	File created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\CPY.EXE	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	File created: C:\Program Files (x86)\Google\Picasa3\qtsupport.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\UNZIP.EXE	File created: C:\Users\user\AppData\Local\Temp\~006A9140.00000DD4.sznpkg\wszndesktop.exe	Jump to dropped file
Source: C:\Users\user\Desktop\1a4e5ccd35a56d84281a143f831563be.exe	File created: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\listicka.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	File created: C:\Users\user\AppData\Local\Temp\nst9CEF.tmp\StdUtils.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\CPY.EXE	File created: C:\Users\user\AppData\Roaming\Seznam.cz\bin\lightspeed.dll	Jump to dropped file
Source: C:\Users\user\Desktop\1a4e5ccd35a56d84281a143f831563be.exe	File created: C:\Users\user\AppData\Local\Temp\nsu8781.tmp\ButtonEvent.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\UNZIP.EXE	File created: C:\Users\user\AppData\Local\Temp\~006AA7B6.00000DD4.sznpkg\libfoxloader-x64.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\listicka.exe	File created: C:\Users\user\AppData\Local\Temp\nsrF139.tmp\nsExec.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\CPY.EXE	File created: C:\Users\user\AppData\Roaming\Seznam.cz\bin\sznpp.exe	Jump to dropped file
Source: C:\Windows\SysWOW64\cmd.exe	File created: C:\Users\user\AppData\Roaming\Seznam.cz\bin\24557libfoxloader.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	File created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\UNZIP.EXE	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\UNZIP.EXE	File created: C:\Users\user\AppData\Local\Temp\~006A1AF6.00001B74.sznpkg\szninstall.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\UNZIP.EXE	File created: C:\Users\user\AppData\Local\Temp\~006A8960.00000DD4.sznpkg\lightspeed.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	File created: C:\Windows\SysWOW64\GPhotos.scr	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\listicka.exe	File created: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup-lt.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\UNZIP.EXE	File created: C:\Users\user\AppData\Local\Temp\~006A93FF.00000DD4.sznpkg\libfoxcub.dll	Jump to dropped file
Source: C:\Users\user\Desktop\1a4e5ccd35a56d84281a143f831563be.exe	File created: C:\Users\user\AppData\Local\Temp\nsu8781.tmp\nsDialogs.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup-lt.exe	File created: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\UNZIP.EXE	Jump to dropped file
Source: C:\Windows\SysWOW64\cmd.exe	File created: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\listicka.exe	File created: C:\Users\user\AppData\Local\Temp\nsrF139.tmp\System.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\UNZIP.EXE	File created: C:\Users\user\AppData\Local\Temp\~006AA7B6.00000DD4.sznpkg\libfoxcub-x64.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	File created: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\UNZIP.EXE	File created: C:\Users\user\AppData\Local\Temp\~006A848E.00000DD4.sznpkg\msvcr110.dll	Jump to dropped file
Source: C:\Windows\SysWOW64\cmd.exe	File created: C:\Users\user\AppData\Roaming\Seznam.cz\szninstall.exe	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	File created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\RM.EXE	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	File created: C:\Program Files (x86)\Google\Picasa3\cdautorun\PicasaRestore.exe	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	File created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\REG.EXE	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup-lt.exe	File created: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\REG.EXE	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	File created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\RUNBG.EXE	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\CPY.EXE	File created: C:\Users\user\AppData\Roaming\Seznam.cz\bin\msvcp110.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\UNZIP.EXE	File created: C:\Users\user\AppData\Local\Temp\~006A848E.00000DD4.sznpkg\msvcp110.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\listicka.exe	File created: C:\Users\user\AppData\Local\Temp\nsrF139.tmp\UserInfo.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\CPY.EXE	File created: C:\Users\user\AppData\Roaming\Seznam.cz\bin\msvcr110.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	File created: C:\Program Files (x86)\Google\Picasa3\plugins\Red.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	File created: C:\Program Files (x86)\Google\Picasa3\plugins\ytITivo.yti	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	File created: C:\Program Files (x86)\Google\Picasa3\cdautorun\PicasaCD.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\UNZIP.EXE	File created: C:\Users\user\AppData\Local\Temp\~006A8B64.00000DD4.sznpkg\szndesktop.exe	Jump to dropped file
Source: C:\Users\user\Desktop\1a4e5ccd35a56d84281a143f831563be.exe	File created: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	File created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\MKLNK.EXE	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	File created: C:\Program Files (x86)\Google\Picasa3\plugins\expwebsites\expwebsites.yti	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	File created: C:\Program Files (x86)\Google\Picasa3\uninstall.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\CPY.EXE	File created: C:\Users\user\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\UNZIP.EXE	File created: C:\Users\user\AppData\Local\Temp\~006AA61F.00000DD4.sznpkg\libfoxloader.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	File created: C:\Program Files (x86)\Google\Picasa3\Picasa3i18n.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	File created: C:\Program Files (x86)\Google\Picasa3\plugins\CDVDR\CDVDR.yti	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\CPY.EXE	File created: C:\Users\user\AppData\Roaming\Seznam.cz\bin\libfoxcub.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\UNZIP.EXE	File created: C:\Users\user\AppData\Local\Temp\~006AA7B6.00000DD4.sznpkg\listicka-x64.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	File created: C:\Program Files (x86)\Google\Picasa3\PicasaPhotoViewer.exe	Jump to dropped file
Source: C:\Users\user\Desktop\1a4e5ccd35a56d84281a143f831563be.exe	File created: C:\Users\user\AppData\Local\Temp\nsu8781.tmp\System.dll	Jump to dropped file
Source: C:\Windows\SysWOW64\cmd.exe	File created: C:\Users\user\AppData\Roaming\Seznam.cz\bin\24557libfoxloader-x64.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\UNZIP.EXE	File created: C:\Users\user\AppData\Local\Temp\~006A18C4.00001B74.sznpkg\sznsetup.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	File created: C:\Users\user\AppData\Local\Temp\nst9CEF.tmp\nsDialogs.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	File created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\SHELLFLD.EXE	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\CPY.EXE	File created: C:\Users\user\AppData\Roaming\Seznam.cz\bin\libfoxcub-x64.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\CPY.EXE	File created: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Jump to dropped file

Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe

File created: C:\Windows\SysWOW64\GPhotos.scr

Jump to dropped file

Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	File created: C:\Program Files (x86)\Google\Picasa3\plugins\CDVDR\CDVDR.yti	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	File created: C:\Program Files (x86)\Google\Picasa3\plugins\expwebsites\expwebsites.yti	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	File created: C:\Program Files (x86)\Google\Picasa3\plugins\ytITivo.yti	Jump to dropped file

Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe

Code function: 16_2_04C910B0 lstrcpyW,lstrcatW,GetPrivateProfileStringW,

16_2_04C910B0

Source: C:\Users\user\AppData\Roaming\Seznam.cz\szninstall.exe	File created: C:\Users\user\AppData\Roaming\Seznam.cz\install.log.5868.log
Source: C:\Users\user\AppData\Roaming\Seznam.cz\szninstall.exe	File created: C:\Users\user\AppData\Roaming\Seznam.cz\install.log
Source: C:\Windows\SysWOW64\cmd.exe	File created: C:\Users\user\AppData\Roaming\Seznam.cz\install_packages.log

Boot Survival

Creates an undocumented autostart registry key

Source: C:\Windows\SysWOW64\GPhotos.scr

Key value created or modified: HKEY_USERS.DEFAULT\Control Panel\Desktop SCRNSAVE.EXE

Jump to behavior

Creates multiple autostart registry keys

Source: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\REG.EXE	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run cz.seznam.software.szndesktop
Source: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\REG.EXE	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run cz.seznam.software.autoupdate

Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe

Registry key created: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Application\Picasa3

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3\Picasa 3.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3\Configure Picasa Photo Viewer.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3\Uninstall.lnk	Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\REG.EXE	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run cz.seznam.software.autoupdate
Source: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\REG.EXE	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run cz.seznam.software.autoupdate
Source: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\REG.EXE	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run cz.seznam.software.szndesktop
Source: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\REG.EXE	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run cz.seznam.software.szndesktop

Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_04035CD0 IsWindowVisible,IsWindow,IsWindow,IsWindowVisible,GetCurrentThreadId,GetCurrentThreadId,EnumThreadWindows,IsWindowVisible,IsIconic,IsIconic,IsWindow,IsWindowVisible,IsWindowVisible,IsIconic,GetCurrentThreadId,SetWindowsHookExA,	20_2_04035CD0
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_04035CD0 IsWindowVisible,IsWindow,IsWindow,IsWindowVisible,GetCurrentThreadId,GetCurrentThreadId,EnumThreadWindows,IsWindowVisible,IsIconic,IsIconic,IsWindow,IsWindowVisible,IsWindowVisible,IsIconic,GetCurrentThreadId,SetWindowsHookExA,	20_2_04035CD0
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_04035CD0 IsWindowVisible,IsWindow,IsWindow,IsWindowVisible,GetCurrentThreadId,GetCurrentThreadId,EnumThreadWindows,IsWindowVisible,IsIconic,IsIconic,IsWindow,IsWindowVisible,IsWindowVisible,IsIconic,GetCurrentThreadId,SetWindowsHookExA,	20_2_04035CD0
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_04041930 IsIconic,ShowWindow,DialogBoxIndirectParamW,GlobalFree,	20_2_04041930
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_0483F400 IsIconic,ShowWindow,DialogBoxIndirectParamW,GlobalFree,	20_2_0483F400
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_0480E0E0 IsIconic,ShowWindow,DialogBoxIndirectParamW,GlobalFree,	20_2_0480E0E0
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_0480E060 ShowWindow,IsIconic,ShowWindow,CreateDialogIndirectParamA,GlobalFree,ShowWindow,	20_2_0480E060
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_0482DEC0 IsWindowVisible,GetCurrentThreadId,IsWindow,IsWindow,IsWindowVisible,GetCurrentThreadId,EnumThreadWindows,IsWindowVisible,IsIconic,IsIconic,IsWindow,IsWindowVisible,IsWindowVisible,IsIconic,GetCurrentThreadId,SetWindowsHookExA,	20_2_0482DEC0
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_0482DEC0 IsWindowVisible,GetCurrentThreadId,IsWindow,IsWindow,IsWindowVisible,GetCurrentThreadId,EnumThreadWindows,IsWindowVisible,IsIconic,IsIconic,IsWindow,IsWindowVisible,IsWindowVisible,IsIconic,GetCurrentThreadId,SetWindowsHookExA,	20_2_0482DEC0
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_0482DEC0 IsWindowVisible,GetCurrentThreadId,IsWindow,IsWindow,IsWindowVisible,GetCurrentThreadId,EnumThreadWindows,IsWindowVisible,IsIconic,IsIconic,IsWindow,IsWindowVisible,IsWindowVisible,IsIconic,GetCurrentThreadId,SetWindowsHookExA,	20_2_0482DEC0

Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe

Code function: 135_2_6C247216 EncodePointer,__initp_misc_winsig,GetModuleHandleW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,

135_2_6C247216

Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Registry key monitored for changes: HKEY_CURRENT_USER_Classes	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\PicasaPhotoViewer.exe	Registry key monitored for changes: HKEY_CURRENT_USER_Classes
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe	Registry key monitored for changes: HKEY_CURRENT_USER_Classes

Source: C:\Windows\System32\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\1a4e5ccd35a56d84281a143f831563be.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\GPhotos.scr	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\GPhotos.scr	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\GPhotos.scr	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\GPhotos.scr	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\GPhotos.scr	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\GPhotos.scr	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\GPhotos.scr	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\GPhotos.scr	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\GPhotos.scr	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\GPhotos.scr	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\GPhotos.scr	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\PicasaPhotoViewer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Google\Picasa3\PicasaPhotoViewer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Google\Picasa3\PicasaPhotoViewer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Google\Picasa3\PicasaPhotoViewer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Google\Picasa3\PicasaPhotoViewer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Google\Picasa3\PicasaPhotoViewer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Google\Picasa3\PicasaPhotoViewer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Google\Picasa3\PicasaPhotoViewer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Google\Picasa3\PicasaPhotoViewer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Google\Picasa3\PicasaPhotoViewer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Google\Picasa3\PicasaPhotoViewer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Google\Picasa3\PicasaPhotoViewer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Google\Picasa3\PicasaPhotoViewer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Google\Picasa3\PicasaPhotoViewer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Google\Picasa3\PicasaPhotoViewer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Google\Picasa3\PicasaPhotoViewer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Google\Picasa3\PicasaPhotoViewer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Google\Picasa3\PicasaPhotoViewer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Google\Picasa3\PicasaPhotoViewer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Google\Picasa3\PicasaPhotoViewer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Google\Picasa3\PicasaPhotoViewer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Google\Picasa3\PicasaPhotoViewer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Google\Picasa3\PicasaPhotoViewer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Google\Picasa3\PicasaPhotoViewer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Google\Picasa3\PicasaPhotoViewer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Google\Picasa3\PicasaPhotoViewer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\listicka.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup-lt.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup-lt.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup-lt.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup-lt.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup-lt.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup-lt.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup-lt.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup-lt.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup-lt.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup-lt.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\UNZIP.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\UNZIP.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\UNZIP.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\UNZIP.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\UNZIP.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\UNZIP.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\REG.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\REG.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\REG.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\REG.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\REG.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\REG.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Seznam.cz\szninstall.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Seznam.cz\szninstall.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Seznam.cz\szninstall.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Seznam.cz\szninstall.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Seznam.cz\szninstall.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Seznam.cz\szninstall.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Seznam.cz\szninstall.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Seznam.cz\szninstall.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\cookie_exporter.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\cookie_exporter.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\cookie_exporter.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\UNZIP.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\UNZIP.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\UNZIP.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\UNZIP.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\UNZIP.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\UNZIP.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\REG.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\REG.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\REG.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\REG.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\REG.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\REG.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\CPY.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\CPY.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\CPY.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\CPY.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\CPY.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\CPY.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\sznpp.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\sznpp.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exe	Process information set: NOOPENFILEERRORBOX

Malware Analysis System Evasion

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000031AA000.00000004.00000020.00020000.00000000.sdmp, PicasaPhotoViewer.exe, 00000015.00000000.1692209976.000000000070D000.00000002.00000001.01000000.00000019.sdmp	Binary or memory string: LROOTEDITSOFTWARE\GOOGLE\%SGOOGLE\%SRASENUMENTRIESARASAPI32.DLLJPEG FILESYTAPP::JPEGFILTER.JPG;.JPEGGETFILESINFOYTAPP::INFOTITLEEXPLORER/SELECT,"%S"SOFTWARE\CLIENTS\STARTMENUINTERNET%S\%S\SHELL\OPEN\COMMAND.EXEIEXPLORE-NOHOME RUNTIME\DISTRO.INIDISTROWINELINUX_%SLINUX_UNKNOWNWINEWINDOWSWINDOWS_%D_%DWINE_GET_UNIX_FILE_NAMEKERNEL32
Source: Picasa3.exe, Picasa3.exe, 00000014.00000002.2533437740.000000000488F000.00000002.00000001.01000000.00000016.sdmp, Picasa3.exe, 00000014.00000002.2504208079.0000000004079000.00000002.00000001.01000000.00000017.sdmp, PicasaPhotoViewer.exe, 00000015.00000000.1692209976.000000000070D000.00000002.00000001.01000000.00000019.sdmp	Binary or memory string: WINE_GET_UNIX_FILE_NAME
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000035FF000.00000004.00000020.00020000.00000000.sdmp, GPhotos.scr, 00000011.00000000.1542724484.000000000062E000.00000002.00000001.01000000.0000000F.sdmp	Binary or memory string: W RK0RKSOFTWARE\GOOGLE\%SGOOGLE\%SRASENUMENTRIESARASAPI32.DLLTAHOMAWJPEG FILESYTAPP::JPEGFILTER.JPG;.JPEGGETFILESINFOYTAPP::INFOTITLEEXPLORER/E,/SELECT,"%S"SOFTWARE\CLIENTS\STARTMENUINTERNET%S\%S\SHELL\OPEN\COMMANDIEXPLORE.EXE.EXEIEXPLORE-NOHOME RUNTIME\DISTRO.INIDISTROWINELINUX_%SLINUX_UNKNOWNWINEWINDOWSWINDOWS_%D_%DWINE_GET_UNIX_FILE_NAMEKERNEL32
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.0000000003DA5000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2533437740.000000000488F000.00000002.00000001.01000000.00000016.sdmp	Binary or memory string: SOFTWARE\GOOGLE\%SGOOGLE\%SRASENUMENTRIESARASAPI32.DLLJPEG FILESYTAPP::JPEGFILTER.JPG;.JPEGGETFILESYTAPP::ERRORTITLEINFOYTAPP::INFOTITLE"%S"SOFTWARE\CLIENTS\STARTMENUINTERNET%S\%S\SHELL\OPEN\COMMANDIEXPLORE.EXE.EXE.EXEIEXPLORE-NOHOME WINE_GET_UNIX_FILE_NAMEKERNEL32LW
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.000000000459F000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: EHELPCLOSENOYESIGNORERETRYABORTCANCELOK%S/%S_BSOFTWARE\GOOGLE\%SGOOGLE\%SRASENUMENTRIESARASAPI32.DLLTAHOMAJPEG FILESYTAPP::JPEGFILTER.JPG;.JPEGGETFILESYTAPP::ERRORTITLEOPENEXPLORER/SELECT,"%S"WINE_GET_UNIX_FILE_NAMEKERNEL32
Source: Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	Binary or memory string: WINE_GET_UNIX_REAL_NAMEKERNEL32WINE_GET_UNIX_FILE_NAMERUNTIME\WINEDISABLE.TXTSUPPORTHTTP%S_PAUTOINFOCHECKSHOWTOOLTIPSPRINTERQUALITYPRINTRESAMPLERQUALITYPRINTPROXYPREVIEWLOOPSLIDESHOWPLAYMP3TRACKSARIAL UNICODE MSWEB_ALBUMS_TABCGENERALPREFSPAGE::WEBALBUMSTABESENABLEFRUPLOADSTAGS_GROUPUPLOADCONTACTPHOTOSUSAGESTATSPRIVACYAUTOUPDATEIMPORTDESTEMAILSINGLEPICTUREEMAILMOVIEUSEHTMLMAILEREMAILPREPTYPEDONOTPROMPTFOREMAILPREFEMAILEXPORTSIZEMAILPROGPICSIZEDEFAULTMAILIDS_EMAILCLIENTRADIOPRINT%DPROXYUSERPROXYPASSCONN:PROXYMETHODAUTOPROXYLOGLEVELLOGLEVELLOG ALL (INSECURE)NETWORKPREFS::LOGINSECURELOGPWASTARREDPWASYNCORDERPWASTRIPEDPWAUSEHIQUALITYJPEGPWADEFAULTSIZEORIGINAL SIZE (SLOWEST UPLOAD)CGENERALPREFSPAGE::ORIGINALBEST FOR WEB SHARING (2048PX)CGENERALPREFSPAGE::2048RECOMMENDED: 1600 PIXELS (FOR PRINTS, SCREENSAVERS, AND SHARING)CGENERALPREFSPAGE::1600MEDIUM: 1024 PIXELS (FOR SHARING)CGENERALPREFSPAGE::1024SMALL: 800 PIXELS (FOR BLOGS AND WEBPAGES)CGENERALPREFSPAGE::800HASWATERMARKPWAWATERMARKENABLEFACEDETECTIONENABLEFACESUGGESTIONSPERSISTFACETOFILEFACETHRESH0FACETHRESH1CHANGE THE LANGUAGE PICASA USES?
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.0000000003F3F000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2504208079.0000000004079000.00000002.00000001.01000000.00000017.sdmp	Binary or memory string: \PREFERENCESSOFTWARE\GOOGLE\%SGOOGLE\%SRASENUMENTRIESARASAPI32.DLLTAHOMAERRORYTAPP::ERRORTITLEOPENEXPLORER/SELECT,"%S"WINE_GET_UNIX_FILE_NAMEKERNEL32
Source: setuppicasa39-setup.exe, 00000010.00000002.1664870898.0000000004419000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: BSOFTWARE\GOOGLE\%SGOOGLE\%SRASENUMENTRIESARASAPI32.DLLTAHOMAJPEG FILESYTAPP::JPEGFILTER.JPG;.JPEGGETFILESERRORYTAPP::ERRORTITLEINFOYTAPP::INFOTITLEEXPLORER/SELECT,"%S""%S"SOFTWARE\CLIENTS\STARTMENUINTERNET%S\%S\SHELL\OPEN\COMMANDIEXPLORE.EXE.EXE.EXEIEXPLORE-NOHOME RUNTIME\DISTRO.INIDISTROWINELINUX_%SLINUX_UNKNOWNWINDOWS_%D_%DWINE_GET_UNIX_FILE_NAMEKERNEL32

Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Window / User API: threadDelayed 1344			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\listicka.exe	Window / User API: threadDelayed 1044

Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nst9CEF.tmp\NSIS_Picasa_Unicode.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\UNZIP.EXE	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\~006AA7B6.00000DD4.sznpkg\libfoxcub-x64.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\listicka.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsrF139.tmp\System.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\RM.EXE	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Google\Picasa3\MovieThumb.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Google\Picasa3\cdautorun\PicasaRestore.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nst9CEF.tmp\System.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\RUNBG.EXE	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Google\Picasa3\qtsupport.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\listicka.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsrF139.tmp\UserInfo.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Google\Picasa3\plugins\Red.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\UNZIP.EXE	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\~006A9140.00000DD4.sznpkg\wszndesktop.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Google\Picasa3\cdautorun\PicasaCD.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Google\Picasa3\plugins\ytITivo.yti	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nst9CEF.tmp\StdUtils.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\MKLNK.EXE	Jump to dropped file
Source: C:\Users\user\Desktop\1a4e5ccd35a56d84281a143f831563be.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsu8781.tmp\ButtonEvent.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Google\Picasa3\plugins\expwebsites\expwebsites.yti	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\UNZIP.EXE	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\~006AA7B6.00000DD4.sznpkg\libfoxloader-x64.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\CPY.EXE	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Google\Picasa3\uninstall.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\listicka.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsrF139.tmp\nsExec.dll	Jump to dropped file
Source: C:\Windows\SysWOW64\cmd.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Seznam.cz\bin\24557libfoxloader.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\UNZIP.EXE	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\~006AA61F.00000DD4.sznpkg\libfoxloader.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Google\Picasa3\Picasa3i18n.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Google\Picasa3\plugins\CDVDR\CDVDR.yti	Jump to dropped file
Source: C:\Windows\SysWOW64\cmd.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Seznam.cz\bin\24557libfoxloader-x64.dll	Jump to dropped file
Source: C:\Users\user\Desktop\1a4e5ccd35a56d84281a143f831563be.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsu8781.tmp\System.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\SHELLFLD.EXE	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nst9CEF.tmp\nsDialogs.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\CPY.EXE	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Seznam.cz\bin\libfoxcub-x64.dll	Jump to dropped file
Source: C:\Users\user\Desktop\1a4e5ccd35a56d84281a143f831563be.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsu8781.tmp\nsDialogs.dll	Jump to dropped file

Source: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\UNZIP.EXE

Evasive API call chain: GetSystemTime,DecisionNodes

Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe

Evasive API call chain: GetModuleFileName,DecisionNodes,ExitProcess

graph_16-9132

Source: C:\Users\user\Desktop\1a4e5ccd35a56d84281a143f831563be.exe	API coverage: 8.0 %
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	API coverage: 1.3 %
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	API coverage: 1.6 %
Source: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\REG.EXE	API coverage: 5.2 %
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	API coverage: 2.1 %

Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\listicka.exe TID: 5972	Thread sleep count: 1044 > 30
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\listicka.exe TID: 5972	Thread sleep time: -104400s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\listicka.exe TID: 5972	Thread sleep count: 51 > 30

Source: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\CPY.EXE	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BIOS
Source: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\CPY.EXE	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BIOS

Source: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\CPY.EXE	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_ComputerSystem
Source: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\CPY.EXE	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_ComputerSystem

Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Last function: Thread delayed
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\listicka.exe	Last function: Thread delayed
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\listicka.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed

Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe

Thread sleep count: Count: 1344 delay: -20

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	File Volume queried: C:\Program Files (x86)\Google FullSizeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	File Volume queried: C:\Program Files (x86)\Google FullSizeInformation	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	File Volume queried: C:\Windows\SysWOW64 FullSizeInformation	Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	Code function: 16_2_04C91B90 lstrcpyW,GlobalAlloc,FindFirstFileW,GetLastError,FindNextFileW,FindClose,	16_2_04C91B90
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	Code function: 16_2_04C91F30 lstrcpyW,FindFirstFileW,GetLastError,GetFileAttributesW,FindNextFileW,FindClose,	16_2_04C91F30
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_033BB710 MultiByteToWideChar,MultiByteToWideChar,MultiByteToWideChar,MultiByteToWideChar,_memset,FindFirstFileW,WideCharToMultiByte,WideCharToMultiByte,WideCharToMultiByte,	20_2_033BB710
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_033F0600 GetVersion,FindFirstFileExA,	20_2_033F0600
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_033F05C0 GetVersion,FindFirstFileA,	20_2_033F05C0
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_033BB850 MultiByteToWideChar,MultiByteToWideChar,MultiByteToWideChar,MultiByteToWideChar,_memset,FindFirstFileExW,WideCharToMultiByte,WideCharToMultiByte,WideCharToMultiByte,	20_2_033BB850
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_040386D0 MultiByteToWideChar,MultiByteToWideChar,MultiByteToWideChar,MultiByteToWideChar,_memset,FindFirstFileW,WideCharToMultiByte,WideCharToMultiByte,WideCharToMultiByte,	20_2_040386D0
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_04038810 MultiByteToWideChar,MultiByteToWideChar,MultiByteToWideChar,MultiByteToWideChar,_memset,FindFirstFileExW,WideCharToMultiByte,WideCharToMultiByte,WideCharToMultiByte,	20_2_04038810
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_04076930 GetVersion,FindFirstFileA,	20_2_04076930
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_04076970 GetVersion,FindFirstFileExA,	20_2_04076970
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_048336A0 MultiByteToWideChar,MultiByteToWideChar,MultiByteToWideChar,MultiByteToWideChar,_memset,FindFirstFileW,WideCharToMultiByte,WideCharToMultiByte,WideCharToMultiByte,	20_2_048336A0
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_048337E0 MultiByteToWideChar,MultiByteToWideChar,MultiByteToWideChar,MultiByteToWideChar,_memset,FindFirstFileExW,WideCharToMultiByte,WideCharToMultiByte,WideCharToMultiByte,	20_2_048337E0
Source: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\UNZIP.EXE	Code function: 38_2_0041C29C FindFirstFileA,GetDriveTypeA,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FindClose,GetLastError,FindClose,	38_2_0041C29C
Source: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\UNZIP.EXE	Code function: 38_2_004107A0 FindFirstFileA,	38_2_004107A0
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: 135_2_6C10D6BF ?_Open_dir@sys@tr2@std@@YAPAXPA_WPB_WAAHAAW4file_type@123@@Z,__EH_prolog3_GS,wcslen,FindFirstFileExW,std::tr2::sys::_Read_dir,FindClose,std::tr2::sys::_Strcpy,	135_2_6C10D6BF
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: 135_2_6C29AAA4 _wstat32i64,__doserrno,_errno,_invalid_parameter_noinfo,_wcspbrk,_errno,__doserrno,_errno,__doserrno,towlower,_getdrive,FindFirstFileExW,_wcspbrk,wcslen,GetDriveTypeW,free,___loctotime32_t,free,_wsopen_s,__fstat32i64,_close,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime32_t,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime32_t,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime32_t,FindClose,GetLastError,__dosmaperr,FindClose,GetLastError,__dosmaperr,FindClose,	135_2_6C29AAA4
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: 135_2_6C298B4F _findfirst64i32,_errno,_invalid_parameter_noinfo,FindFirstFileExA,GetLastError,_errno,_errno,_errno,___time64_t_from_ft,___time64_t_from_ft,___time64_t_from_ft,strcpy_s,_invoke_watson,_findnext64i32,_errno,_invalid_parameter_noinfo,FindNextFileA,GetLastError,_errno,_errno,_errno,___time64_t_from_ft,___time64_t_from_ft,___time64_t_from_ft,strcpy_s,_invoke_watson,_findfirst32i64,_errno,_invalid_parameter_noinfo,FindFirstFileExA,GetLastError,_errno,_errno,_errno,___time64_t_from_ft,___time64_t_from_ft,___time64_t_from_ft,strcpy_s,_invoke_watson,_findnext32i64,_errno,_invalid_parameter_noinfo,FindNextFileA,GetLastError,_errno,_errno,_errno,___time64_t_from_ft,___time64_t_from_ft,___time64_t_from_ft,strcpy_s,_invoke_watson,_seterrormode,SetErrorMode,	135_2_6C298B4F
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: 135_2_6C29A625 _wstat64,__doserrno,_errno,_invalid_parameter_noinfo,_wcspbrk,_errno,__doserrno,_errno,__doserrno,towlower,_getdrive,FindFirstFileExW,_wcspbrk,wcslen,GetDriveTypeW,free,free,_wsopen_s,__fstat64,_close,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FindClose,GetLastError,__dosmaperr,FindClose,GetLastError,__dosmaperr,FindClose,	135_2_6C29A625
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: 135_2_6C298653 _findfirst32,_errno,_invalid_parameter_noinfo,FindFirstFileExA,GetLastError,_errno,_errno,_errno,___time64_t_from_ft,___time64_t_from_ft,___time64_t_from_ft,strcpy_s,_invoke_watson,_findnext32,_errno,_invalid_parameter_noinfo,FindNextFileA,GetLastError,_errno,_errno,_errno,___time64_t_from_ft,___time64_t_from_ft,___time64_t_from_ft,strcpy_s,_invoke_watson,_findfirst64,_errno,_invalid_parameter_noinfo,FindFirstFileExA,GetLastError,_errno,_errno,_errno,___time64_t_from_ft,___time64_t_from_ft,___time64_t_from_ft,strcpy_s,_invoke_watson,_findnext64,_errno,_invalid_parameter_noinfo,FindNextFileA,GetLastError,_errno,_errno,_errno,___time64_t_from_ft,___time64_t_from_ft,___time64_t_from_ft,strcpy_s,_invoke_watson,	135_2_6C298653
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: 135_2_6C29A1C7 _wstat32,__doserrno,_errno,_invalid_parameter_noinfo,_wcspbrk,_errno,__doserrno,towlower,_getdrive,FindFirstFileExW,_wcspbrk,wcslen,GetDriveTypeW,free,___loctotime32_t,free,_wsopen_s,__fstat32,_close,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime32_t,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime32_t,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime32_t,FindClose,_errno,GetLastError,__dosmaperr,FindClose,GetLastError,__dosmaperr,FindClose,	135_2_6C29A1C7
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: 135_2_6C297921 _malloc_crt,FindClose,FindFirstFileExA,FindNextFileA,FindClose,	135_2_6C297921
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: 135_2_6C297B8B _malloc_crt,FindClose,FindFirstFileExW,FindNextFileW,FindClose,	135_2_6C297B8B
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: 135_2_6C2377AA _wstat64i32,_wcspbrk,towlower,FindFirstFileExW,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FindClose,_errno,__doserrno,_getdrive,GetLastError,GetLastError,_wcspbrk,wcslen,__doserrno,_errno,_invalid_parameter_noinfo,GetDriveTypeW,free,free,_wsopen_s,__fstat64i32,_close,_errno,__dosmaperr,FindClose,__dosmaperr,FindClose,	135_2_6C2377AA
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: 135_2_6C299002 _wfindfirst32,_errno,_invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_errno,_errno,_errno,___time64_t_from_ft,___time64_t_from_ft,___time64_t_from_ft,wcscpy_s,_invoke_watson,_wfindnext32,_errno,_invalid_parameter_noinfo,FindNextFileW,GetLastError,_errno,_errno,_errno,___time64_t_from_ft,___time64_t_from_ft,___time64_t_from_ft,wcscpy_s,_invoke_watson,_wfindfirst64,_errno,_invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_errno,_errno,_errno,___time64_t_from_ft,___time64_t_from_ft,___time64_t_from_ft,wcscpy_s,_invoke_watson,_wfindnext64,_errno,_invalid_parameter_noinfo,FindNextFileW,GetLastError,_errno,_errno,_errno,___time64_t_from_ft,___time64_t_from_ft,___time64_t_from_ft,wcscpy_s,_invoke_watson,_wfindfirst64i32,_errno,_invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_errno,_errno,_errno,___time64_t_from_ft,___time64_t_from_ft,___time64_t_from_ft,wcscpy_s,_invoke_watson,_wfindnext64i32,_errno,_invalid_parameter_noinfo,FindNextFileW,GetLastError,_errno,_errno,_errno,___time64_t_from_ft,___time64_t_from_ft,___time64_t_from_ft,wcscpy_s,_invoke_watson,_wfindfirst32i64,_errno,_invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_errno,_errno,_errno,___time64_t_from_ft,___time64_t_from_ft,___time64_t_from_ft,wcscpy_s,_invoke_watson,_wfindnext32i64,_errno,_invalid_parameter_noinfo,FindNextFileW,GetLastError,_errno,_errno,_errno,___time64_t_from_ft,___time64_t_from_ft,___time64_t_from_ft,wcscpy_s,_invoke_watson,_access,_access_s,	135_2_6C299002
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: 135_2_6C35DBA0 FindFirstFileW,#210,FindNextFileW,FindClose,	135_2_6C35DBA0
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: 135_2_6C35EB00 #210,DeleteFileW,GetLastError,_CxxThrowException,#210,MoveFileExW,GetLastError,_CxxThrowException,#210,MoveFileExW,GetLastError,_CxxThrowException,#210,FindFirstFileW,FindClose,CopyFileW,GetLastError,_CxxThrowException,	135_2_6C35EB00

Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe

Code function: 20_2_033F18F0 GetSystemInfo,

20_2_033F18F0

Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	File opened: C:\Users\user	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	File opened: C:\Users\user\Desktop\desktop.ini	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	File opened: C:\Users\user\Documents\desktop.ini	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	File opened: C:\Users\user\AppData\Local\Temp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	File opened: C:\Users\user\AppData	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	File opened: C:\Users\user\AppData\Local	Jump to behavior

Source: sznsetup.exe, 0000003E.00000002.2385836381.0000000000A48000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWP0
Source: sznsetup.exe, 0000003E.00000002.2385836381.0000000000A84000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWx
Source: 1a4e5ccd35a56d84281a143f831563be.exe, 0000000F.00000002.2419971867.0000000000107000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\\?\Volume{a33c736e-61ca-11ee-8c18-806e6f6e6963}\
Source: GPhotos.scr, 00000011.00000003.1552747031.0000000000B6A000.00000004.00000020.00020000.00000000.sdmp, GPhotos.scr, 00000011.00000002.1554743880.0000000000B6F000.00000004.00000020.00020000.00000000.sdmp, GPhotos.scr, 00000011.00000003.1552747031.0000000000B20000.00000004.00000020.00020000.00000000.sdmp, GPhotos.scr, 00000011.00000003.1552747031.0000000000B45000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2467205779.00000000011B6000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000003.2141243034.0000000001221000.00000004.00000020.00020000.00000000.sdmp, sznsetup-lt.exe, 00000019.00000002.1841305644.0000000000A88000.00000004.00000020.00020000.00000000.sdmp, sznsetup-lt.exe, 00000019.00000002.1841305644.0000000000AE4000.00000004.00000020.00020000.00000000.sdmp, sznsetup-lt.exe, 00000019.00000003.1808801224.0000000000ACB000.00000004.00000020.00020000.00000000.sdmp, sznsetup.exe, 0000003E.00000002.2385836381.0000000000A84000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: Picasa3.exe, 00000014.00000003.2144975853.000000000123E000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000003.2141243034.0000000001221000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2467205779.000000000123E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWen-GBn
Source: szndesktop.exe, 00000087.00000002.2191704797.0000000000F6E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll_
Source: szninstall.exe, 00000038.00000003.2400647328.0000000001295000.00000004.00000020.00020000.00000000.sdmp, cookie_exporter.exe, 0000003D.00000002.1866617987.000001CC03C45000.00000004.00000020.00020000.00000000.sdmp, sznpp.exe, 0000007C.00000003.2168700578.0000000000861000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll

Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	API call chain: ExitProcess graph end node	graph_16-9134
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	API call chain: ExitProcess graph end node	graph_20-120831
Source: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\UNZIP.EXE	API call chain: ExitProcess graph end node
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	API call chain: ExitProcess graph end node
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	API call chain: ExitProcess graph end node

Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe

Code function: 16_2_04C9680C _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,

16_2_04C9680C

Source: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\REG.EXE

Code function: 42_2_01006900 SearchPathW,CreateFileW,GetFileSize,ReadFile,SetFilePointer,CharNextW,wcstoul,IsCharAlphaNumericW,wcstoul,IsCharAlphaNumericW,wcstoul,CharNextW,GetLastError,wsprintfW,OutputDebugStringW,CloseHandle,

42_2_01006900

Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe

Code function: 135_2_6C2BBD84 VirtualProtect ?,-00000001,00000104,?,?,?,0000001C

135_2_6C2BBD84

Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe

Code function: 16_2_04C92490 GetVersion,LoadLibraryW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,

16_2_04C92490

Source: C:\Users\user\Desktop\1a4e5ccd35a56d84281a143f831563be.exe

Code function: 15_2_741C1A8C Create,GetDlgItem,GetWindowRect,MapWindowPoints,CreateDialogParamW,SetWindowPos,SetWindowLongW,GetProcessHeap,HeapAlloc,

15_2_741C1A8C

Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup-lt.exe

Process created: C:\Windows\SysWOW64\cmd.exe cmd /S /C "install.bat C:\Users\user\AppData\Roaming\Seznam.cz"

Source: C:\Users\user\Desktop\1a4e5ccd35a56d84281a143f831563be.exe	Code function: 15_2_73A3400C SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,abort,	15_2_73A3400C
Source: C:\Users\user\Desktop\1a4e5ccd35a56d84281a143f831563be.exe	Code function: 15_2_73A34010 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,abort,	15_2_73A34010
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	Code function: 16_2_04C9680C _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	16_2_04C9680C
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	Code function: 16_2_04C9519A IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	16_2_04C9519A
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	Code function: 16_2_04CA1FEE _raise,_memset,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	16_2_04CA1FEE
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_033E00B8 _raise,_memset,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	20_2_033E00B8
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_033DC711 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	20_2_033DC711
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_033E2C6A _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	20_2_033E2C6A
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_040610AC IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	20_2_040610AC
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_04065E06 _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	20_2_04065E06
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_04065F26 _raise,_memset,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	20_2_04065F26
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_04877CA4 _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	20_2_04877CA4
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_0487A82B _raise,_memset,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	20_2_0487A82B
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_04872924 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	20_2_04872924
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: 20_2_1000102A IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	20_2_1000102A
Source: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\REG.EXE	Code function: 42_2_01006C92 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	42_2_01006C92
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: 135_2_6C2C00DD __crtUnhandledException,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	135_2_6C2C00DD
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: 135_2_6C247B39 __crtSetUnhandledExceptionFilter,SetUnhandledExceptionFilter,	135_2_6C247B39

Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Process created: C:\Program Files\Internet Explorer\iexplore.exe "C:\Program Files\Internet Explorer\iexplore.exe" -nohome "http://picasa.google.com/support/bin/answer.py?hl=en&answer=93773"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\listicka.exe	Process created: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup-lt.exe "C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup-lt.exe" -T "C:\Users\user\AppData\Roaming\Seznam.cz" -R "$\install" http://download.seznam.cz/update
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\listicka.exe	Process created: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup-lt.exe "C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup-lt.exe" -T "C:\Users\user\AppData\Roaming\Seznam.cz" -i cz.seznam.software.szninstall
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\listicka.exe	Process created: C:\Users\user\AppData\Roaming\Seznam.cz\szninstall.exe "C:\Users\user\AppData\Roaming\Seznam.cz\szninstall.exe" -s -u -i cz.seznam.software.autoupdate szn-software-listicka
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup-lt.exe	Process created: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\UNZIP.EXE C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\unzip.exe -d C:\Users\user\AppData\Local\Temp\~006A18C4.00001B74.sznpkg -o C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\download\cz.seznam.software.sznsetup-1.2.7-win32.zip
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup-lt.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /S /C "install.bat C:\Users\user\AppData\Roaming\Seznam.cz"
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup-lt.exe	Process created: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\UNZIP.EXE C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\unzip.exe -d C:\Users\user\AppData\Local\Temp\~006A1AF6.00001B74.sznpkg -o C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\download\cz.seznam.software.szninstall-1.1.15-win32.zip
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup-lt.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /S /C "install.bat C:\Users\user\AppData\Roaming\Seznam.cz"
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --from-ie-to-edge=3 --ie-frame-hwnd=602e8
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\REG.EXE REG DELETE "HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SeznamInstall" /f /va
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\REG.EXE REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SeznamInstall" /f
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\REG.EXE REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SeznamInstall" /f /v "InstallLocation" /d C:\Users\user\AppData\Roaming\Seznam.cz
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\REG.EXE REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SeznamInstall" /f /v "DisplayName" /d "Seznam Software"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\REG.EXE REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SeznamInstall" /f /v "DisplayIcon" /d "C:\Users\user\AppData\Roaming\Seznam.cz\szninstall.exe,0"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\REG.EXE REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SeznamInstall" /f /v "UninstallString" /d "\"C:\Users\user\AppData\Roaming\Seznam.cz\szninstall.exe\" -X"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\REG.EXE REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SeznamInstall" /f /v "ModifyPath" /d "C:\Users\user\AppData\Roaming\Seznam.cz\szninstall.exe"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\REG.EXE REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SeznamInstall" /f /v "Publisher" /d "Seznam.cz"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\REG.EXE REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SeznamInstall" /f /v "URLInfoAbout" /d "http://software.seznam.cz"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\REG.EXE REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SeznamInstall" /f /v "InstallLocation" /d C:\Users\user\AppData\Roaming\Seznam.cz
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\REG.EXE REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SeznamInstall" /f /v "Comments" /d "Vsechny aplikace spolecnosti Seznam.cz a.s."
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\REG.EXE REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SeznamInstall" /f /v "NoRepair" /t REG_DWORD /d 1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\REG.EXE REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SeznamInstall" /f /v "NoModify" /t REG_DWORD /d 0
Source: C:\Users\user\AppData\Roaming\Seznam.cz\szninstall.exe	Process created: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe -V
Source: C:\Users\user\AppData\Roaming\Seznam.cz\szninstall.exe	Process created: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe -T C:\Users\user\AppData\Roaming\Seznam.cz -i -u cz.seznam.software.autoupdate szn-software-listicka -p
Source: C:\Users\user\AppData\Roaming\Seznam.cz\szninstall.exe	Process created: C:\Users\user\AppData\Roaming\Seznam.cz\szninstall.exe "C:\Users\user\AppData\Roaming\Seznam.cz\szninstall.exe" -S 49764
Source: C:\Users\user\AppData\Roaming\Seznam.cz\szninstall.exe	Process created: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe -V
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\UNZIP.EXE C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\unzip.exe -d C:\Users\user\AppData\Local\Temp\~006A81A0.00000DD4.sznpkg -o C:\Users\user\AppData\Roaming\Seznam.cz\install\cz.seznam.software.autoupdate-1.0.8-win32.zip
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /S /C "install.bat C:\Users\user\AppData\Roaming\Seznam.cz"
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\UNZIP.EXE C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\unzip.exe -d C:\Users\user\AppData\Local\Temp\~006A8374.00000DD4.sznpkg -o C:\Users\user\AppData\Roaming\Seznam.cz\install\szn-software-base-1.0.0-win32.zip
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /S /C "install.bat C:\Users\user\AppData\Roaming\Seznam.cz"
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\UNZIP.EXE C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\unzip.exe -d C:\Users\user\AppData\Local\Temp\~006A848E.00000DD4.sznpkg -o C:\Users\user\AppData\Roaming\Seznam.cz\install\com.microsoft.msdn.msvcr110-11.0.51106.1-win32.zip
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /S /C "install.bat C:\Users\user\AppData\Roaming\Seznam.cz"
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\UNZIP.EXE C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\unzip.exe -d C:\Users\user\AppData\Local\Temp\~006A8960.00000DD4.sznpkg -o C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\download\cz.seznam.software.lightspeed-1210-12.10.18-win32.zip
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /S /C "install.bat C:\Users\user\AppData\Roaming\Seznam.cz"
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\UNZIP.EXE C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\unzip.exe -d C:\Users\user\AppData\Local\Temp\~006A8B64.00000DD4.sznpkg -o C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\download\cz.seznam.software.libszndesktop-2.1.35-win32.zip
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /S /C "install.bat C:\Users\user\AppData\Roaming\Seznam.cz"
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\UNZIP.EXE C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\unzip.exe -d C:\Users\user\AppData\Local\Temp\~006A9140.00000DD4.sznpkg -o C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\download\cz.seznam.software.szndesktop-2.0.32-win32.zip
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /S /C "install.bat C:\Users\user\AppData\Roaming\Seznam.cz"
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\UNZIP.EXE C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\unzip.exe -d C:\Users\user\AppData\Local\Temp\~006A93FF.00000DD4.sznpkg -o C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\download\cz.seznam.software.libfoxcub-3.3.8-win32.zip
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /S /C "install.bat C:\Users\user\AppData\Roaming\Seznam.cz"
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\UNZIP.EXE C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\unzip.exe -d C:\Users\user\AppData\Local\Temp\~006AA61F.00000DD4.sznpkg -o C:\Users\user\AppData\Roaming\Seznam.cz\install\cz.seznam.software.libfoxloader-3.2.7-win32.zip
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /S /C "install.bat C:\Users\user\AppData\Roaming\Seznam.cz"
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\UNZIP.EXE C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\unzip.exe -d C:\Users\user\AppData\Local\Temp\~006AA7B6.00000DD4.sznpkg -o C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\download\cz.seznam.software.libfoxcub64-3.3.8-win32.zip
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /S /C "install.bat C:\Users\user\AppData\Roaming\Seznam.cz"
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\UNZIP.EXE C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\unzip.exe -d C:\Users\user\AppData\Local\Temp\~006AB17A.00000DD4.sznpkg -o C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\download\cz.seznam.software.ielisticka3-3.3.5-win32.zip
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /S /C "install.bat C:\Users\user\AppData\Roaming\Seznam.cz"
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\UNZIP.EXE C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\unzip.exe -d C:\Users\user\AppData\Local\Temp\~006AB2D1.00000DD4.sznpkg -o C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\download\szn-software-fflisticka-4.0.8-win32.zip
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /S /C "install.bat C:\Users\user\AppData\Roaming\Seznam.cz"
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\UNZIP.EXE C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\unzip.exe -d C:\Users\user\AppData\Local\Temp\~006AC669.00000DD4.sznpkg -o C:\Users\user\AppData\Roaming\Seznam.cz\install\cz.seznam.software.chromelisticka-2.0.4-win32.zip
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /S /C "install.bat C:\Users\user\AppData\Roaming\Seznam.cz"
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\UNZIP.EXE C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\unzip.exe -d C:\Users\user\AppData\Local\Temp\~006AD463.00000DD4.sznpkg -o C:\Users\user\AppData\Roaming\Seznam.cz\install\com.microsoft.msdn.msvcr100-10.0.40219.325-win32.zip
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /S /C "install.bat C:\Users\user\AppData\Roaming\Seznam.cz"
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\UNZIP.EXE C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\unzip.exe -d C:\Users\user\AppData\Local\Temp\~006AD780.00000DD4.sznpkg -o C:\Users\user\AppData\Roaming\Seznam.cz\install\cz.seznam.software.pp-1.0.2-win32.zip
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\CPY.EXE cpy libfoxcub.conf "C:\Users\user\AppData\Roaming\Seznam.cz\conf\szndesktop.d"
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\UNZIP.EXE C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\unzip.exe -d C:\Users\user\AppData\Local\Temp\~006AE03A.00000DD4.sznpkg -o C:\Users\user\AppData\Roaming\Seznam.cz\install\szn-software-listicka-3.0.0-win32.zip
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /S /C "install.bat C:\Users\user\AppData\Roaming\Seznam.cz"
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /S /C "C:\Users\user\AppData\Roaming\Seznam.cz\uninstall\cz_seznam_software_libszndesktop_2_1_35.reconfigure.bat C:\Users\user\AppData\Roaming\Seznam.cz"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\REG.EXE REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /f /v "cz.seznam.software.autoupdate" /d "\"C:\Users\user\AppData\Roaming\Seznam.cz\szninstall.exe\" -c"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\CPY.EXE cpy msvcp110.dll "C:\Users\user\AppData\Roaming\Seznam.cz\bin"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\CPY.EXE cpy msvcr110.dll "C:\Users\user\AppData\Roaming\Seznam.cz\bin"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\CPY.EXE cpy lightspeed.dll "C:\Users\user\AppData\Roaming\Seznam.cz\bin"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\CPY.EXE cpy "szndesktop.exe" "C:\Users\user\AppData\Roaming\Seznam.cz\bin"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\CPY.EXE cpy "szndesktop.conf" "C:\Users\user\AppData\Roaming\Seznam.cz\conf"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\CPY.EXE cpy "szndesktop.webpak" "C:\Users\user\AppData\Roaming\Seznam.cz\data"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\CPY.EXE cpy "sznpp.exe" "C:\Users\user\AppData\Roaming\Seznam.cz\bin"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\REG.EXE reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SeznamInstall" /v DisplayVersion /t REG_SZ /d "2.1.35" /f
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\CPY.EXE cpy "wszndesktop.exe" "C:\Users\user\AppData\Roaming\Seznam.cz\bin"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\REG.EXE REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /f /v "cz.seznam.software.szndesktop" /d "\"C:\Users\user\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe\" -q"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\CPY.EXE cpy libfoxcub.dll "C:\Users\user\AppData\Roaming\Seznam.cz\bin"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\CPY.EXE cpy libfoxcub-x64.dll "C:\Users\user\AppData\Roaming\Seznam.cz\bin"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\CPY.EXE cpy libfoxcub.conf "C:\Users\user\AppData\Roaming\Seznam.cz\conf\szndesktop.d"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\CPY.EXE cpy foxcub.conf "C:\Users\user\AppData\Roaming\Seznam.cz\conf\libfoxcub"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\CPY.EXE cpy remote.conf "C:\Users\user\AppData\Roaming\Seznam.cz\conf\libfoxcub"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\CPY.EXE cpy listickaconfig.webpak "C:\Users\user\AppData\Roaming\Seznam.cz\data"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\CPY.EXE cpy listickanastaveni.webpak "C:\Users\user\AppData\Roaming\Seznam.cz\data"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\CPY.EXE cpy speeddial.webpak "C:\Users\user\AppData\Roaming\Seznam.cz\data"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe libfoxcub.dll,UpgradeListicka
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\REG.EXE REG QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\szn-software-listicka" /v "UninstallString"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\REG.EXE REG QUERY "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\szn-software-listicka" /v "UninstallString"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\REG.EXE REG DELETE "HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EA837F48-5AD1-443E-AE34-FFE03CBF3099}" /F
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Roaming\Seznam.cz\bin\sznpp.exe "C:\Users\user\AppData\Roaming\Seznam.cz\bin\sznpp.exe" -v report-ielisticka-install --status=0
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\CPY.EXE cpy libfoxcub-x64.dll "C:\Users\user\AppData\Roaming\Seznam.cz\bin"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\CPY.EXE cpy listicka-x64.exe "C:\Users\user\AppData\Roaming\Seznam.cz\bin"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe szndesktop.exe default restart

Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\UNZIP.EXE c:\users\user\appdata\local\temp\~006a2de2.00000dd4.sznpkg\unzip.exe -d c:\users\user\appdata\local\temp\~006a8960.00000dd4.sznpkg -o c:\users\user\appdata\local\temp\~006a2de2.00000dd4.sznpkg\download\cz.seznam.software.lightspeed-1210-12.10.18-win32.zip
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\UNZIP.EXE c:\users\user\appdata\local\temp\~006a2de2.00000dd4.sznpkg\unzip.exe -d c:\users\user\appdata\local\temp\~006a8b64.00000dd4.sznpkg -o c:\users\user\appdata\local\temp\~006a2de2.00000dd4.sznpkg\download\cz.seznam.software.libszndesktop-2.1.35-win32.zip
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\UNZIP.EXE c:\users\user\appdata\local\temp\~006a2de2.00000dd4.sznpkg\unzip.exe -d c:\users\user\appdata\local\temp\~006a8960.00000dd4.sznpkg -o c:\users\user\appdata\local\temp\~006a2de2.00000dd4.sznpkg\download\cz.seznam.software.lightspeed-1210-12.10.18-win32.zip
Source: C:\Users\user\AppData\Roaming\Seznam.cz\sznsetup.exe	Process created: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\UNZIP.EXE c:\users\user\appdata\local\temp\~006a2de2.00000dd4.sznpkg\unzip.exe -d c:\users\user\appdata\local\temp\~006a8b64.00000dd4.sznpkg -o c:\users\user\appdata\local\temp\~006a2de2.00000dd4.sznpkg\download\cz.seznam.software.libszndesktop-2.1.35-win32.zip

Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe

Code function: 16_2_04C9EC23 cpuid

16_2_04C9EC23

Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	Code function: getlicenselangco,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,wsprintfW,wsprintfW,wsprintfW,GlobalAlloc,GlobalAlloc,lstrcpynW,lstrcpynW,GlobalAlloc,lstrcpynW,GlobalAlloc,lstrcpynW,	16_2_04C92CA0
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	Code function: GlobalAlloc,lstrcpyW,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,ShellExecuteW,	16_2_04C915F0
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	Code function: GetLocaleInfoA,	16_2_04CA0540
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: GetThreadLocale,GetLocaleInfoA,GetACP,	20_2_033DC431
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: GetLocaleInfoA,	20_2_033E79B0
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: InterlockedIncrement,InterlockedIncrement,GetLocaleInfoA,GetLocaleInfoA,GetLocaleInfoA,GetLocaleInfoA,InterlockedIncrement,InterlockedIncrement,GetLocaleInfoA,InterlockedIncrement,InterlockedIncrement,InterlockedIncrement,InterlockedIncrement,	20_2_04043450
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: GetLocaleInfoA,	20_2_0406F48A
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: GetCPInfo,GetLocaleInfoA,GetCPInfo,MultiByteToWideChar,GetCPInfo,_strlen,MultiByteToWideChar,_malloc,_memset,MultiByteToWideChar,WideCharToMultiByte,WideCharToMultiByte,WideCharToMultiByte,__calloc_crt,WideCharToMultiByte,__freea,	20_2_0406F4D1
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: GetLocaleInfoA,_LocaleUpdate::_LocaleUpdate,__isleadbyte_l,___crtGetStringTypeA,	20_2_0406907B
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: _LocaleUpdate::_LocaleUpdate,GetLocaleInfoA,__isctype_l,	20_2_0406A342
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: GetStringTypeW,GetLastError,MultiByteToWideChar,MultiByteToWideChar,_malloc,_memset,MultiByteToWideChar,GetStringTypeW,__freea,___ansicp,GetLocaleInfoA,___convertcp,GetStringTypeA,	20_2_0406EC96
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: GetLocaleInfoA,	20_2_04042FD0
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: InterlockedIncrement,InterlockedIncrement,GetLocaleInfoA,GetLocaleInfoA,GetLocaleInfoA,GetLocaleInfoA,InterlockedIncrement,InterlockedIncrement,GetLocaleInfoA,InterlockedIncrement,InterlockedIncrement,InterlockedIncrement,	20_2_04838D40
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: GetThreadLocale,GetLocaleInfoA,GetACP,	20_2_048724AB
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: GetLocaleInfoA,	20_2_04885422
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: GetLocaleInfoA,	20_2_04837CF0
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: GetLocaleInfoA,GetLocaleInfoA,GetLocaleInfoA,GetNumberFormatA,InterlockedIncrement,	20_2_04839830
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Code function: GetLocaleInfoA,	20_2_04839B90
Source: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\UNZIP.EXE	Code function: GetLocaleInfoA,	38_2_0041713F
Source: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\UNZIP.EXE	Code function: GetLocaleInfoA,IsValidCodePage,IsValidLocale,GetLocaleInfoA,GetLocaleInfoA,	38_2_00416AF5
Source: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\UNZIP.EXE	Code function: GetLocaleInfoW,GetLocaleInfoA,GetLocaleInfoA,GetLocaleInfoW,GetLocaleInfoW,WideCharToMultiByte,	38_2_0041BC50
Source: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\UNZIP.EXE	Code function: EnumSystemLocalesA,	38_2_00417068
Source: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\UNZIP.EXE	Code function: EnumSystemLocalesA,	38_2_00416CCA
Source: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\UNZIP.EXE	Code function: GetLocaleInfoA,	38_2_00411CF0
Source: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\UNZIP.EXE	Code function: GetLocaleInfoA,	38_2_0041709F
Source: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\UNZIP.EXE	Code function: GetLocaleInfoA,	38_2_00411CB0
Source: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\UNZIP.EXE	Code function: GetLocaleInfoA,GetLocaleInfoA,GetLocaleInfoA,	38_2_00416D51
Source: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\UNZIP.EXE	Code function: GetLocaleInfoW,WideCharToMultiByte,	38_2_0041BD13
Source: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\UNZIP.EXE	Code function: GetLocaleInfoA,	38_2_004171C4
Source: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\UNZIP.EXE	Code function: GetLocaleInfoA,	38_2_0041725C
Source: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\UNZIP.EXE	Code function: EnumSystemLocalesA,	38_2_00416F55
Source: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\UNZIP.EXE	Code function: GetLocaleInfoW,GetLocaleInfoA,GetLocaleInfoW,GetLocaleInfoA,GetLocaleInfoA,MultiByteToWideChar,	38_2_0041BB3D
Source: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\UNZIP.EXE	Code function: GetLocaleInfoA,MultiByteToWideChar,	38_2_0041BBFA
Source: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\UNZIP.EXE	Code function: GetLocaleInfoA,	38_2_00416FAB
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: _Getdateorder,___lc_locale_name_func,__crtGetLocaleInfoEx,	135_2_6C10F5AD
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: wcscmp,wcscmp,_wtol,__crtGetLocaleInfoEx,__crtGetLocaleInfoEx,GetACP,	135_2_6C23EC5A
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: _getptd,IsValidCodePage,wcslen,wcsncpy_s,__crtGetLocaleInfoEx,_GetLocaleNameFromLanguage,_GetLocaleNameFromLanguage,__crtGetLocaleInfoEx,_invoke_watson,	135_2_6C23ECA7
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: __crtGetLocaleInfoEx,wcsncmp,	135_2_6C2C4CA0
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: _getptd,_getptd,GetLocaleInfoW,_wcsicmp,	135_2_6C2C4CEA
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: wcschr,wcschr,_itow_s,__crtGetLocaleInfoEx,	135_2_6C23EDA0
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: _getptd,wcslen,EnumSystemLocalesW,	135_2_6C2C4D98
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: _getptd,wcslen,wcslen,_GetPrimaryLen,EnumSystemLocalesW,	135_2_6C2C4DD8
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: _getptd,wcslen,_GetPrimaryLen,EnumSystemLocalesW,	135_2_6C2C4E55
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: _getptd,_getptd,GetLocaleInfoW,_wcsicmp,GetLocaleInfoW,_wcsicmp,_wcsnicmp,wcslen,GetLocaleInfoW,_wcsicmp,wcslen,_wcsicmp,	135_2_6C2C4ED8
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: __crtGetUserDefaultLocaleName,wcslen,wcsncpy_s,_invoke_watson,__crtEnumSystemLocalesEx,	135_2_6C23EF84
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: wcslen,__crtEnumSystemLocalesEx,	135_2_6C2C4BA5
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: _getptd,__crtGetLocaleInfoEx,_wcsicmp,wcslen,wcsncpy_s,_invoke_watson,	135_2_6C2C4BEF
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: _getptd,wcsncpy_s,wcslen,wcscmp,wcscmp,memcpy,wcscpy_s,wcscpy_s,wcslen,wcsncpy_s,wcsncpy_s,__crtIsValidLocaleName,__crtGetLocaleInfoEx,GetACP,wcsncpy_s,wcsncpy_s,wcsncpy_s,wcslen,wcsncpy_s,_invoke_watson,_errno,	135_2_6C23418F
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: __crtEnumSystemLocalesEx,EnumSystemLocalesW,	135_2_6C2C1C7E
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: __crtGetLocaleInfoEx,GetLocaleInfoW,	135_2_6C2C1D04
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: __crtGetLocaleInfoEx,__crtGetLocaleInfoEx,WideCharToMultiByte,_freea_s,malloc,	135_2_6C23DD7B
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: __crtGetLocaleInfoEx,free,_calloc_crt,strncpy_s,__crtGetLocaleInfoEx,_calloc_crt,__crtGetLocaleInfoEx,GetLastError,_calloc_crt,free,free,_invoke_watson,_malloc_crt,memcpy,_siglookup,	135_2_6C23DEF1
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: _getptd,__crtGetLocaleInfoEx,	135_2_6C245941
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: __crtGetLocaleInfoEx,_wcsicmp,wcslen,wcsncpy_s,_getptd,__crtGetLocaleInfoEx,_wcsicmp,__crtGetLocaleInfoEx,_wcsicmp,_wcsnicmp,_TestDefaultCountry,wcslen,wcsncpy_s,wcslen,_TestDefaultCountry,wcslen,_invoke_watson,__crtGetLocaleInfoEx,	135_2_6C245942
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: wcslen,wcslen,__crtEnumSystemLocalesEx,	135_2_6C245B73
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: _getptd,_getptd,GetLocaleInfoW,_wcsicmp,_wcsicmp,	135_2_6C2C50CB
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: wcscmp,wcscmp,GetLocaleInfoW,_wtol,GetLocaleInfoW,GetACP,	135_2_6C2C51F3
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: _getptd,GetLocaleInfoW,_GetPrimaryLen,wcslen,	135_2_6C2C52B4
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: wcschr,wcslen,_calloc_crt,wcslen,wcscpy_s,SetEnvironmentVariableW,free,_errno,_errno,_invalid_parameter_noinfo,___crtGetEnvironmentStringsW,___mbtow_environ,_malloc_crt,_malloc_crt,free,__recalloc_crt,__recalloc_crt,_errno,free,free,_invoke_watson,_invoke_watson,__crtEnumSystemLocalesEx,	135_2_6C24B2F1
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: _getptd,memset,_getptd,_GetLcidFromCountry,GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,_itow_s,	135_2_6C2C531C

Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Google\Picasa3\PicasaPhotoViewer.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-PhotoBasic-PictureTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation
Source: C:\Program Files (x86)\Google\Picasa3\PicasaPhotoViewer.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-PhotoBasic-PictureTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\UNZIP.EXE	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\UNZIP.EXE	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\UNZIP.EXE	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\UNZIP.EXE	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\SysWOW64\cmd.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\UNZIP.EXE	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\UNZIP.EXE	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\UNZIP.EXE	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\SysWOW64\cmd.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\UNZIP.EXE	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\UNZIP.EXE	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\SysWOW64\cmd.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\SysWOW64\cmd.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\SysWOW64\cmd.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\SysWOW64\cmd.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\UNZIP.EXE	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\SysWOW64\cmd.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\SysWOW64\cmd.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\UNZIP.EXE	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\SysWOW64\cmd.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\SysWOW64\cmd.exe	Queries volume information: C:\ VolumeInformation

Source: C:\Users\user\Desktop\1a4e5ccd35a56d84281a143f831563be.exe

Code function: 15_2_73A33F50 GetSystemTimeAsFileTime,GetCurrentProcessId,GetCurrentThreadId,GetTickCount,QueryPerformanceCounter,

15_2_73A33F50

Source: C:\Program Files (x86)\Google\Picasa3\Picasa3.exe

Code function: 20_2_04820580 __time64,GetTimeZoneInformation,

20_2_04820580

Source: C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe

Code function: 16_2_04C920F0 GlobalAlloc,MessageBoxW,GetVersion,GetFileAttributesW,SHGetSpecialFolderPathW,SHGetSpecialFolderPathW,SHGetSpecialFolderPathW,_wcsrchr,

16_2_04C920F0

Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\sznpp.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: 135_2_6C28859A ??0exception@std@@QAE@XZ,??0exception@std@@QAE@XZ,_CxxThrowException,Concurrency::details::WorkItem::BindTo,Concurrency::details::SchedulerBase::ReleaseInternalContext,Concurrency::details::SchedulerBase::ReleaseInternalContext,	135_2_6C28859A
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: 135_2_6C28839B Concurrency::details::WorkItem::BindTo,Concurrency::details::SchedulerBase::ReleaseInternalContext,	135_2_6C28839B
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: 135_2_6C375110 InterlockedIncrement,__RTDynamicCast,InterlockedIncrement,_CxxThrowException,InterlockedIncrement,_CxxThrowException,socket,htons,WSAGetLastError,_CxxThrowException,SetHandleInformation,setsockopt,setsockopt,ioctlsocket,setsockopt,bind,WSAGetLastError,_CxxThrowException,listen,WSAGetLastError,_CxxThrowException,	135_2_6C375110
Source: C:\Users\user\AppData\Roaming\Seznam.cz\bin\szndesktop.exe	Code function: 135_2_6C376830 getaddrinfo,#74,WSAGetLastError,_CxxThrowException,freeaddrinfo,socket,WSAGetLastError,_CxxThrowException,bind,WSAGetLastError,_CxxThrowException,ioctlsocket,setsockopt,socket,WSAGetLastError,_CxxThrowException,	135_2_6C376830

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	1 Scripting	1 Replication Through Removable Media	2 Windows Management Instrumentation	1 Scripting	1 DLL Side-Loading	2 Disable or Modify Tools	OS Credential Dumping	2 System Time Discovery	Remote Services	1 Archive Collected Data	6 Ingress Tool Transfer	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	3 Native API	1 DLL Side-Loading	1 Access Token Manipulation	1 Deobfuscate/Decode Files or Information	LSASS Memory	1 Peripheral Device Discovery	Remote Desktop Protocol	Data from Removable Media	21 Encrypted Channel	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	1 Exploitation for Client Execution	11 Windows Service	11 Windows Service	2 Obfuscated Files or Information	Security Account Manager	4 File and Directory Discovery	SMB/Windows Admin Shares	Data from Network Shared Drive	5 Non-Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	112 Command and Scripting Interpreter	211 Registry Run Keys / Startup Folder	11 Process Injection	1 DLL Side-Loading	NTDS	59 System Information Discovery	Distributed Component Object Model	Input Capture	6 Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	211 Registry Run Keys / Startup Folder	232 Masquerading	LSA Secrets	1 Query Registry	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	1 Modify Registry	Cached Domain Credentials	141 Security Software Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	3 Virtualization/Sandbox Evasion	DCSync	3 Virtualization/Sandbox Evasion	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery
Network Trust Dependencies	Serverless	Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	Scheduled Task/Job	1 Access Token Manipulation	Proc Filesystem	1 Process Discovery	Cloud Services	Credential API Hooking	Application Layer Protocol	Exfiltration Over Alternative Protocol	Defacement
Network Topology	Malvertising	Exploit Public-Facing Application	Command and Scripting Interpreter	At	At	11 Process Injection	/etc/passwd and /etc/shadow	11 Application Window Discovery	Direct Cloud VM Connections	Data Staged	Web Protocols	Exfiltration Over Symmetric Encrypted Non-C2 Protocol	Internal Defacement
IP Addresses	Compromise Infrastructure	Supply Chain Compromise	PowerShell	Cron	Cron	1 Rundll32	Network Sniffing	Network Service Discovery	Shared Webroot	Local Data Staging	File Transfer Protocols	Exfiltration Over Asymmetric Encrypted Non-C2 Protocol	External Defacement

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Link
C:\Program Files (x86)\Google\Picasa3\MovieThumb.exe	0%	ReversingLabs
C:\Program Files (x86)\Google\Picasa3\MovieThumb.exe	0%	Virustotal	Browse
C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	0%	ReversingLabs
C:\Program Files (x86)\Google\Picasa3\Picasa3.exe	0%	Virustotal	Browse
C:\Program Files (x86)\Google\Picasa3\Picasa3i18n.dll	0%	ReversingLabs
C:\Program Files (x86)\Google\Picasa3\Picasa3i18n.dll	0%	Virustotal	Browse
C:\Program Files (x86)\Google\Picasa3\PicasaPhotoViewer.exe	0%	ReversingLabs
C:\Program Files (x86)\Google\Picasa3\PicasaPhotoViewer.exe	1%	Virustotal	Browse
C:\Program Files (x86)\Google\Picasa3\cdautorun\Picasa CD Slideshow.app\Contents\Frameworks\GoogleBreakpad.framework\Versions\A\Resources\Inspector	0%	ReversingLabs
C:\Program Files (x86)\Google\Picasa3\cdautorun\Picasa CD Slideshow.app\Contents\Frameworks\GoogleBreakpad.framework\Versions\A\Resources\Inspector	0%	Virustotal	Browse
C:\Program Files (x86)\Google\Picasa3\cdautorun\Picasa CD Slideshow.app\Contents\Frameworks\GoogleBreakpad.framework\Versions\A\Resources\Reporter.app\Contents\MacOS\Reporter	0%	ReversingLabs
C:\Program Files (x86)\Google\Picasa3\cdautorun\Picasa CD Slideshow.app\Contents\Frameworks\GoogleBreakpad.framework\Versions\A\Resources\Reporter.app\Contents\MacOS\Reporter	0%	Virustotal	Browse
C:\Program Files (x86)\Google\Picasa3\cdautorun\Picasa CD Slideshow.app\Contents\MacOS\Picasa CD Slideshow	0%	ReversingLabs
C:\Program Files (x86)\Google\Picasa3\cdautorun\Picasa CD Slideshow.app\Contents\MacOS\Picasa CD Slideshow	0%	Virustotal	Browse
C:\Program Files (x86)\Google\Picasa3\cdautorun\Picasa Restore.app\Contents\Frameworks\GoogleBreakpad.framework\Versions\A\Resources\Inspector	0%	ReversingLabs
C:\Program Files (x86)\Google\Picasa3\cdautorun\Picasa Restore.app\Contents\Frameworks\GoogleBreakpad.framework\Versions\A\Resources\Inspector	0%	Virustotal	Browse
C:\Program Files (x86)\Google\Picasa3\cdautorun\Picasa Restore.app\Contents\Frameworks\GoogleBreakpad.framework\Versions\A\Resources\Reporter.app\Contents\MacOS\Reporter	0%	ReversingLabs
C:\Program Files (x86)\Google\Picasa3\cdautorun\Picasa Restore.app\Contents\Frameworks\GoogleBreakpad.framework\Versions\A\Resources\Reporter.app\Contents\MacOS\Reporter	0%	Virustotal	Browse
C:\Program Files (x86)\Google\Picasa3\cdautorun\Picasa Restore.app\Contents\MacOS\Picasa Restore	0%	ReversingLabs
C:\Program Files (x86)\Google\Picasa3\cdautorun\Picasa Restore.app\Contents\MacOS\Picasa Restore	0%	Virustotal	Browse
C:\Program Files (x86)\Google\Picasa3\cdautorun\PicasaCD.exe	0%	ReversingLabs
C:\Program Files (x86)\Google\Picasa3\cdautorun\PicasaCD.exe	0%	Virustotal	Browse
C:\Program Files (x86)\Google\Picasa3\cdautorun\PicasaRestore.exe	0%	ReversingLabs
C:\Program Files (x86)\Google\Picasa3\cdautorun\PicasaRestore.exe	0%	Virustotal	Browse
C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll	0%	ReversingLabs
C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll	0%	Virustotal	Browse
C:\Program Files (x86)\Google\Picasa3\plugins\CDVDR\CDVDR.yti	2%	ReversingLabs
C:\Program Files (x86)\Google\Picasa3\plugins\CDVDR\CDVDR.yti	0%	Virustotal	Browse
C:\Program Files (x86)\Google\Picasa3\plugins\Red.dll	0%	ReversingLabs
C:\Program Files (x86)\Google\Picasa3\plugins\Red.dll	0%	Virustotal	Browse
C:\Program Files (x86)\Google\Picasa3\plugins\expwebsites\expwebsites.yti	0%	ReversingLabs
C:\Program Files (x86)\Google\Picasa3\plugins\expwebsites\expwebsites.yti	0%	Virustotal	Browse
C:\Program Files (x86)\Google\Picasa3\plugins\ytITivo.yti	2%	ReversingLabs
C:\Program Files (x86)\Google\Picasa3\plugins\ytITivo.yti	0%	Virustotal	Browse

Name	IP	Active	Malicious
chrome.cloudflare-dns.com	172.64.41.3	true	false
api.software.seznam.cz	77.75.77.161	true	false
plus.l.google.com	142.250.185.174	true	false
blogspot.l.googleusercontent.com	142.250.185.161	true	false
support.google.com	172.217.23.110	true	false
h.seznam.cz	77.75.78.30	true	false
sni1gl.wpc.nucdn.net	152.199.21.175	true	false
download.seznam.cz	77.75.76.70	true	false
www3.l.google.com	142.250.186.174	true	false
www2.l.google.com	142.250.185.228	true	false
www.google.com	216.58.206.36	true	false
googlehosted.l.googleusercontent.com	172.217.23.97	true	false
h.imedia.cz	77.75.78.30	true	false
software.seznam.cz	unknown	unknown	false
sentry.sklik.cz	unknown	unknown	false
lh3.googleusercontent.com	unknown	unknown	false
picasa-readme.blogspot.com	unknown	unknown	false
picasa.google.com	unknown	unknown	false
clients2.googleusercontent.com	unknown	unknown	false
pack.google.com	unknown	unknown	true
chrome.google.com	unknown	unknown	false
apis.google.com	unknown	unknown	false

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://download.seznam.cz/update/cz.seznam.software.libfoxcub-3.3.8-win32.zip	false
https://download.seznam.cz/update/cz.seznam.software.libszndesktop-2.1.35-win32.zip	false
https://download.seznam.cz/update/cz.seznam.software.szninstall-1.1.15-win32.zip	false
https://download.seznam.cz/update/cz.seznam.software.ielisticka3-3.3.5-win32.zip	false
https://bzib.nelreports.net/api/report?cat=bingbusiness	false
https://px.ads.linkedin.com/wa/	false
https://download.seznam.cz/update/cz.seznam.software.sznsetup-1.2.7-win32.zip	false
http://picasa.google.com/support/bin/answer.py?hl=en&answer=93773	false
https://h.imedia.cz/hit/?a=event&d=%7B%22action%22%3A%22startup%22%2C%22application%22%3A%22szndesktop%22%2C%22signedhash%22%3A%220%22%2C%22chrv%22%3A48%2C%22che%22%3A48%2C%22chs%22%3A16%2C%22ches%22%3A16%2C%22ie%22%3A1%2C%22osbuild%22%3A19045%2C%22osarch%22%3A9%2C%22chver%22%3A%22117.0.5938.132%22%2C%22ffver%22%3A%22118.0.1%22%2C%22iever%22%3A%2211.00.19041.1%20%28WinBuild.160101.0800%29%22%7D&s=partprog&v=2.1.35&r=-1794028113&u=http://www.seznam.cz&h=B0B7C794-8699-4634-B6F9-24DA47BBD8EF&lsid=1727871011238&lses=1727871002951	false

URLs from Memory and Binaries

Name	Source	Malicious
http://internet.e-mail	setuppicasa39-setup.exe, 00000010.00000002.1664870898.0000000003831000.00000004.00000020.00020000.00000000.sdmp	false
https://photos.google.com/apps	Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	false
http://%s/%s/rssalbum%d.rss	Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	false
http://picasa.smo/buttons	Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	false
http://picasa-readme.blogspot.com/2012/04/picasa-3.html	Picasa3.exe, 00000014.00000002.2593399186.0000000007223000.00000004.00000020.00020000.00000000.sdmp	false
http://iptc.org/std/Iptc4xmpCore/1.0/xmlns/em#	Picasa3.exe, 00000014.00000002.2482072226.0000000002EAA000.00000004.00000020.00020000.00000000.sdmp	false
http://picasa.google.com/support/bin/answer.py?hl=pt-BR&answer=93773	Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp	false
http://picasa.google.com/intl/pt-BR/#utm_source=gph-et-en&utm_medium=et&utm_campaign=en-scre	setuppicasa39-setup.exe, 00000010.00000002.1664870898.000000000369C000.00000004.00000020.00020000.00000000.sdmp, GPhotos.scr, 00000011.00000000.1542961815.00000000006EF000.00000002.00000001.01000000.0000000F.sdmp, Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp	false
http://dl.google.com/picasa/picasa3-setup.exe	Picasa3.exe, 00000014.00000002.2563942835.0000000006D99000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2586100840.0000000006F6F000.00000004.00000020.00020000.00000000.sdmp	false
http://www.blogger.com/feeds/1456569655786168306/posts/default	Picasa3.exe, 00000014.00000002.2506191744.0000000004241000.00000004.00000020.00020000.00000000.sdmp	false
http://www.google.ro/policies/terms/	Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp	false
https://support.google.com/photos/?p=storage	setuppicasa39-setup.exe, 00000010.00000002.1664870898.0000000003831000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2599824731.000000001000C000.00000002.00000001.01000000.00000014.sdmp	false
http://picasa.google.dk/intl/da/#utm_source=gph-et-en&utm_medium=et&utm_campaign=da-screensa	setuppicasa39-setup.exe, 00000010.00000002.1664870898.000000000369C000.00000004.00000020.00020000.00000000.sdmp, GPhotos.scr, 00000011.00000000.1542961815.00000000006EF000.00000002.00000001.01000000.0000000F.sdmp, Picasa3.exe, 00000014.00000002.2599824731.000000001000C000.00000002.00000001.01000000.00000014.sdmp	false
https://www.google.com/accounts/ServiceLogin?hl=zh_CN&continue=http%3A%2F%2Fpicasaweb.google.com	setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000032A7000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2599824731.000000001140C000.00000002.00000001.01000000.00000014.sdmp, PicasaPhotoViewer.exe, 00000015.00000000.1697683801.0000000000864000.00000002.00000001.01000000.00000019.sdmp	false
http://schemas.google.com/g/2005	setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000031AA000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp, PicasaPhotoViewer.exe, 00000015.00000000.1692209976.000000000070D000.00000002.00000001.01000000.00000019.sdmp	false
https://uploader.picasa.com/froogle.php?q=%sthumbui/mainuipanelthumbui/acquirepanelthumbui/infowellt	Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	false
http://www.google.com/support/forum/p/Picasa">our	Picasa3.exe, 00000014.00000002.2593399186.0000000007223000.00000004.00000020.00020000.00000000.sdmp	false
http://picasa-readme.blogspot.com/2008/10/picasa-30-out-of-beta-build-xxxx.html	Picasa3.exe, 00000014.00000002.2593399186.0000000007223000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2589400232.0000000007039000.00000004.00000020.00020000.00000000.sdmp	false
http://picasa.google.com/support/bin/answer.py?hl=hi&answer=93773	Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp	false
http://support.google.com/plus/bin/answer.py?answer=2370124"><span	Picasa3.exe, 00000014.00000002.2593399186.0000000007223000.00000004.00000020.00020000.00000000.sdmp	false
http://picasa.google.com/support/bin/answer.py?answer=141059iPhotoError::HelpURL	Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	false
http://www.blogger.com/feeds/1456569655786168306/posts/default/1237605142260003533	Picasa3.exe, 00000014.00000002.2593399186.0000000007223000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2589400232.0000000007039000.00000004.00000020.00020000.00000000.sdmp	false
http://picasa.google.com/support/bin/answer.py?hl=sk&answer=93773	Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp	false
http://ericorth.kir.corp.google.com:8888/gphotos?action=retrconfig&email=/gphotos?action=postconfigr	setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000035FF000.00000004.00000020.00020000.00000000.sdmp, GPhotos.scr, 00000011.00000000.1542724484.000000000062E000.00000002.00000001.01000000.0000000F.sdmp	false
http://forums.picasa.com/	Picasa3.exe, 00000012.00000000.1604678624.0000000000DF8000.00000002.00000001.01000000.00000012.sdmp, Picasa3.exe, 00000014.00000003.1626531844.00000000040E2000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2599824731.000000001140C000.00000002.00000001.01000000.00000014.sdmp, Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp, Picasa3.exe, 00000014.00000002.2482072226.0000000002EAA000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000003.1626203204.0000000003FB3000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2599824731.000000001000C000.00000002.00000001.01000000.00000014.sdmp	false
http://picasa.google.com/support/bin/answer.py?hl=en&answer=15625	setuppicasa39-setup.exe, 00000010.00000002.1664870898.0000000003831000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2599824731.000000001000C000.00000002.00000001.01000000.00000014.sdmp	false
http://picasa.google.com/intl/fr/#utm_source=gph-et-fr&utm_medium=et&utm_campaign=fr-screens	setuppicasa39-setup.exe, 00000010.00000002.1664870898.000000000369C000.00000004.00000020.00020000.00000000.sdmp, GPhotos.scr, 00000011.00000000.1542961815.00000000006EF000.00000002.00000001.01000000.0000000F.sdmp, Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp	false
http://picasa.google.com/support/bin/answer.py?answer=139492&hl=%sSplashThreadruntime	Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	false
http://picasa.google.com/support/bin/answer.py?hl=fi&answer=93773	Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp	false
https://photos.google.com/appslistboxcaptionpopuplistOriginal	Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	false
http://photos.hello.com/interface/boxes/S32.gif	Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	false
http://googlephotos.blogspot.com/">Google	Picasa3.exe, 00000014.00000002.2593399186.0000000007223000.00000004.00000020.00020000.00000000.sdmp	false
http://picasa.google.com/support/bin/answer.py?answer=11139	Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp, Picasa3.exe, 00000014.00000003.1626531844.00000000040E2000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp, Picasa3.exe, 00000014.00000003.1626203204.0000000003FB3000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2599824731.000000001000C000.00000002.00000001.01000000.00000014.sdmp, Picasa3.exe, 00000014.00000002.2482072226.0000000002E7B000.00000004.00000020.00020000.00000000.sdmp	false
http://video.google.com/googleplayer.swf?videoUrl=%s	Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	false
http://picasa.google.com/support/bin/answer.py?hl=ja&answer=93773	Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp	false
http://picasa.google.com/support/bin/answer.py?hl=zh-TW&answer=11139	Picasa3.exe, 00000014.00000002.2599824731.000000001140C000.00000002.00000001.01000000.00000014.sdmp	false
http://support.google.com/plus/bin/answer.py?answer=2370124	Picasa3.exe, 00000014.00000002.2506191744.000000000417F000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2593399186.000000000716B000.00000004.00000020.00020000.00000000.sdmp	false
https://uploader.picasa.com/providers/php/generate.xml.php?prID=%s&country=%sclientlanguagehttp://lo	Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	false
http://photos.hello.com/interface/boxes/B33.gif	Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	false
http://googlephotos.blogspot.com/	Picasa3.exe, 00000014.00000002.2506191744.0000000004241000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2599824731.000000001140C000.00000002.00000001.01000000.00000014.sdmp, Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp, Picasa3.exe, 00000014.00000003.1626203204.0000000003FB3000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2599824731.000000001000C000.00000002.00000001.01000000.00000014.sdmp, Picasa3.exe, 00000014.00000002.2586100840.0000000006F6F000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2593399186.000000000716B000.00000004.00000020.00020000.00000000.sdmp	false
http://schemas.google.com/g/2008/ordering#comesAfter	Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	false
https://www.google.com/accounts/ServiceLogin?hl=hu_HU&continue=http%3A%2F%2Fpicasaweb.google.com	setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000032A7000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp, PicasaPhotoViewer.exe, 00000015.00000000.1697683801.0000000000864000.00000002.00000001.01000000.00000019.sdmp	false
http://picasa.google.com/support/bin/answer.py?hl=zh_CN&answer=141059	Picasa3.exe, 00000014.00000002.2599824731.000000001140C000.00000002.00000001.01000000.00000014.sdmp	false
http://picasa.google.com/support/bin/topic.py?topic=16056il_BurnPanel::imapierrorlinkError	Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	false
http://picasa.google.nl/support/bin/answer.py?answer=139492	Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp, Picasa3.exe, 00000014.00000002.2599824731.000000001000C000.00000002.00000001.01000000.00000014.sdmp	false
https://www.google.com/accounts/ServiceLogin?hl=sl_SI&continue=http%3A%2F%2Fpicasaweb.google.com	setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000032A7000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp, PicasaPhotoViewer.exe, 00000015.00000000.1697683801.0000000000864000.00000002.00000001.01000000.00000019.sdmp	false
https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhdYMorlhvaoU2vdx-Au0-wABULVhkz6vqRku4godi	Picasa3.exe, 00000014.00000002.2593399186.0000000007223000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2593399186.000000000716B000.00000004.00000020.00020000.00000000.sdmp	false
http://schemas.google.com/g/2005#kind	Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp, PicasaPhotoViewer.exe, 00000015.00000000.1692209976.000000000070D000.00000002.00000001.01000000.00000019.sdmp	false
http://picasa.google.com/support/bin/answer.py?hl=zh_CN&answer=53209	Picasa3.exe, 00000014.00000002.2599824731.000000001140C000.00000002.00000001.01000000.00000014.sdmp	false
http://photos.hello.com/interface/AppsBtn-hello.gif	Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	false
http://pack.google.com/feeds.	Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp, Picasa3.exe, 00000014.00000003.1626203204.0000000003FB3000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2599824731.000000001000C000.00000002.00000001.01000000.00000014.sdmp, Picasa3.exe, 00000014.00000002.2482072226.0000000002E7B000.00000004.00000020.00020000.00000000.sdmp	false
http://picasa.google.co.kr/support?ctx=picasa	Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp	false
http://pack.google.com/feeds.MetadataNode::TipDiscoverMeasure	setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000035FF000.00000004.00000020.00020000.00000000.sdmp, GPhotos.scr, 00000011.00000000.1542724484.000000000062E000.00000002.00000001.01000000.0000000F.sdmp	false
http://picasa.google.com/support/bin/answer.py?hl=se&answer=141059	Picasa3.exe, 00000014.00000002.2599824731.000000001140C000.00000002.00000001.01000000.00000014.sdmp	false
http://maps.google.com/maps?file=api&v=2&client=google-picasa-client&sensor=false	setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000032A7000.00000004.00000020.00020000.00000000.sdmp	false
https://photos.blogger.com/picasa-post.g	Picasa3.exe, 00000014.00000002.2482072226.0000000002E92000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2506191744.0000000004241000.00000004.00000020.00020000.00000000.sdmp	false
https://www.google.com/m8/feeds/	setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000031AA000.00000004.00000020.00020000.00000000.sdmp, setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000035FF000.00000004.00000020.00020000.00000000.sdmp, GPhotos.scr, 00000011.00000000.1542724484.000000000062E000.00000002.00000001.01000000.0000000F.sdmp, Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp, PicasaPhotoViewer.exe, 00000015.00000000.1692209976.000000000070D000.00000002.00000001.01000000.00000019.sdmp	false
https://support.google.com/plus/answer/1647509#cost	setuppicasa39-setup.exe, 00000010.00000002.1664870898.0000000003831000.00000004.00000020.00020000.00000000.sdmp	false
http://picasa.google.rs/support?ctx=picasa	Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp	false
https://www.google.com/accounts/ServiceLogin?hl=el&continue=http%3A%2F%2Fpicasaweb.google.com%2F	setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000032A7000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2599824731.000000001000C000.00000002.00000001.01000000.00000014.sdmp, PicasaPhotoViewer.exe, 00000015.00000000.1697683801.0000000000864000.00000002.00000001.01000000.00000019.sdmp	false
http://picasa.google.com/intl/cs/#utm_source=gph-et-en&utm_medium=et&utm_campaign=cs-screens	setuppicasa39-setup.exe, 00000010.00000002.1664870898.000000000369C000.00000004.00000020.00020000.00000000.sdmp, GPhotos.scr, 00000011.00000000.1542961815.00000000006EF000.00000002.00000001.01000000.0000000F.sdmp, Picasa3.exe, 00000014.00000002.2599824731.000000001000C000.00000002.00000001.01000000.00000014.sdmp	false
https://www.google.com/accounts/ServiceLogin?hl=th&	setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000032A7000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2599824731.000000001140C000.00000002.00000001.01000000.00000014.sdmp, PicasaPhotoViewer.exe, 00000015.00000000.1697683801.0000000000864000.00000002.00000001.01000000.00000019.sdmp	false
http://picasa.google.com/intl/pt_PT/#utm_source=gph-et-pt_PT&utm_medium=et&utm_campaign=pt_P	setuppicasa39-setup.exe, 00000010.00000002.1664870898.000000000369C000.00000004.00000020.00020000.00000000.sdmp, GPhotos.scr, 00000011.00000000.1542961815.00000000006EF000.00000002.00000001.01000000.0000000F.sdmp, Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp	false
http://www.google.com/support/forum/p/picasa?hl=pt_PT	Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp	false
http://picasaweb.google.com/lh/nameTagOpt	Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	false
http://gdata.youtube.com/schemas/2007/categories.cat	Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	false
http://picasa.google.com/intl/fi/#utm_source=gph-et-fi&utm_medium=et&utm_campaign=fi-screens	setuppicasa39-setup.exe, 00000010.00000002.1664870898.000000000369C000.00000004.00000020.00020000.00000000.sdmp, GPhotos.scr, 00000011.00000000.1542961815.00000000006EF000.00000002.00000001.01000000.0000000F.sdmp, Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp	false
http://www.google.com/You	Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	false
http://picasa.google.nl/support/bin/answer.py?answer=53209	Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp	false
https://www.google.rs/accounts/ServiceLogin?hl=sr&continue=http%3A%2F%2Fpicasaweb.google.rs%2Fho	setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000032A7000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp, PicasaPhotoViewer.exe, 00000015.00000000.1697683801.0000000000864000.00000002.00000001.01000000.00000019.sdmp	false
http://picasa-readme.blogspot.com/update2	Picasa3.exe, 00000014.00000002.2482072226.0000000002E92000.00000004.00000020.00020000.00000000.sdmp	false
http://picasa.google.com.tr/support/bin/answer.py?answer=11139	Picasa3.exe, 00000014.00000002.2599824731.000000001140C000.00000002.00000001.01000000.00000014.sdmp	false
http://picasa.google.com/intl/ar/#utm_source=gph-et-ar&utm_medium=et&utm_campaign=ar-screens	setuppicasa39-setup.exe, 00000010.00000002.1664870898.000000000369C000.00000004.00000020.00020000.00000000.sdmp, GPhotos.scr, 00000011.00000000.1542961815.00000000006EF000.00000002.00000001.01000000.0000000F.sdmp, Picasa3.exe, 00000014.00000002.2599824731.000000001000C000.00000002.00000001.01000000.00000014.sdmp	false
http://picasa.google.com/support/bin/answer.py?hl=zh-TW&answer=93773	Picasa3.exe, 00000014.00000002.2599824731.000000001140C000.00000002.00000001.01000000.00000014.sdmp	false
http://picasa.google.com/intl/de/#utm_source=gph-et-de&utm_medium=et&utm_campaign=de-screens	setuppicasa39-setup.exe, 00000010.00000002.1664870898.000000000369C000.00000004.00000020.00020000.00000000.sdmp, GPhotos.scr, 00000011.00000000.1542961815.00000000006EF000.00000002.00000001.01000000.0000000F.sdmp, Picasa3.exe, 00000014.00000002.2599824731.000000001000C000.00000002.00000001.01000000.00000014.sdmp	false
http://cs-g2-crl.thawte.com/ThawteCSG2.crl0	setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000029F6000.00000004.00000020.00020000.00000000.sdmp	false
http://picasa.google.com/	Picasa3.exe, 00000014.00000002.2482072226.0000000002EAA000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2589400232.0000000007039000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000003.1626203204.0000000003FB3000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2599824731.000000001000C000.00000002.00000001.01000000.00000014.sdmp, Picasa3.exe, 00000014.00000002.2586100840.0000000006F6F000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2482072226.0000000002E7B000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2593399186.000000000716B000.00000004.00000020.00020000.00000000.sdmp	false
http://picasaweb.google.com/lh/favorites	setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000035FF000.00000004.00000020.00020000.00000000.sdmp, GPhotos.scr, 00000011.00000000.1542724484.000000000062E000.00000002.00000001.01000000.0000000F.sdmp	false
http://picasa.google.com/support/bin/answer.py?answer=93773&ctx=readme	Picasa3.exe, 00000014.00000002.2506191744.0000000004241000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2586100840.0000000006F6F000.00000004.00000020.00020000.00000000.sdmp	false
http://localhost:%d/%s/thumb/%s.jpg	Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	false
http://www.aiim.org/pdfa/ns/type#ty#	GPhotos.scr, 00000011.00000002.1554998935.0000000002750000.00000004.00000020.00020000.00000000.sdmp	false
http://schemas.google.com/g/2005#thumbnail	Picasa3.exe, 00000014.00000002.2593399186.0000000007223000.00000004.00000020.00020000.00000000.sdmp	false
http://support.google.com/picasa/bin/answer.py?hl=en&amp;answer=39500&amp;topic=1751920&quot	Picasa3.exe, 00000014.00000002.2593399186.0000000007223000.00000004.00000020.00020000.00000000.sdmp	false
https://plus.google.com/photos/%s/albums/%sNot	Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	false
https://www.google.com/accounts/ServiceLogin?hl=de_DE&continue=http%3A%2F%2Fpicasaweb.google.com	setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000032A7000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2599824731.000000001000C000.00000002.00000001.01000000.00000014.sdmp, PicasaPhotoViewer.exe, 00000015.00000000.1697683801.0000000000864000.00000002.00000001.01000000.00000019.sdmp	false
https://www.google.com/accounts/ServiceLogin?hl=fr_FR&continue=http%3A%2F%2Fpicasaweb.google.com	setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000032A7000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp, PicasaPhotoViewer.exe, 00000015.00000000.1697683801.0000000000864000.00000002.00000001.01000000.00000019.sdmp	false
http://picasa.google.nl/support/bin/topic.py?topic=14609	Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp	false
http://picasa.google.com/support?ctx=picasaHELPID_DEFAULTi18n	Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	false
https://www.google.com/accounts/ServiceLogin?hl=en_GB&continue=http%3A%2F%2Fpicasaweb.google.com	setuppicasa39-setup.exe, 00000010.00000002.1664870898.00000000032A7000.00000004.00000020.00020000.00000000.sdmp, Picasa3.exe, 00000014.00000002.2599824731.000000001000C000.00000002.00000001.01000000.00000014.sdmp, PicasaPhotoViewer.exe, 00000015.00000000.1697683801.0000000000864000.00000002.00000001.01000000.00000019.sdmp	false
http://picasa.google.com/support/bin/answer.py?hl=en&answer=93773CThumbUI::showfeatureslinkSaverUpgr	Picasa3.exe, 00000012.00000000.1603749985.0000000000C6A000.00000002.00000001.01000000.00000012.sdmp	false
http://picasa.google.com/support/bin/answer.py?hl=id&answer=93773	Picasa3.exe, 00000014.00000002.2599824731.0000000010A0C000.00000002.00000001.01000000.00000014.sdmp	false

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
142.250.185.228	www2.l.google.com	United States	15169	GOOGLEUS	false
13.107.246.40	unknown	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
104.118.10.106	unknown	United States	16625	AKAMAI-ASUS	false
104.18.187.31	unknown	United States	13335	CLOUDFLARENETUS	false
52.240.245.67	unknown	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
157.240.241.35	unknown	United States	32934	FACEBOOKUS	false
20.114.189.70	unknown	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
162.159.61.3	unknown	United States	13335	CLOUDFLARENETUS	false
23.200.0.9	unknown	United States	20940	AKAMAI-ASN1EU	false
157.240.241.1	unknown	United States	32934	FACEBOOKUS	false
20.110.205.119	unknown	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
13.107.21.237	unknown	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
77.75.78.30	h.seznam.cz	Czech Republic	43037	SEZNAM-CZ	false
13.107.42.14	unknown	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
172.217.23.100	unknown	United States	15169	GOOGLEUS	false
23.57.90.111	unknown	United States	35994	AKAMAI-ASUS	false
152.195.19.97	unknown	United States	15133	EDGECASTUS	false
72.21.81.200	unknown	United States	15133	EDGECASTUS	false
216.58.206.36	www.google.com	United States	15169	GOOGLEUS	false
172.217.23.110	support.google.com	United States	15169	GOOGLEUS	false
172.217.23.97	googlehosted.l.googleusercontent.com	United States	15169	GOOGLEUS	false
142.250.185.161	blogspot.l.googleusercontent.com	United States	15169	GOOGLEUS	false
150.171.28.10	unknown	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
77.75.76.70	download.seznam.cz	Czech Republic	43037	SEZNAM-CZ	false
172.64.41.3	chrome.cloudflare-dns.com	United States	13335	CLOUDFLARENETUS	false
104.118.10.2	unknown	United States	16625	AKAMAI-ASUS	false
68.67.160.114	unknown	United States	29990	ASN-APPNEXUS	false
151.101.1.108	unknown	United States	54113	FASTLYUS	false
20.42.73.30	unknown	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
104.118.9.224	unknown	United States	16625	AKAMAI-ASUS	false
104.70.121.218	unknown	United States	20940	AKAMAI-ASN1EU	false
104.118.8.10	unknown	United States	16625	AKAMAI-ASUS	false
142.250.185.174	plus.l.google.com	United States	15169	GOOGLEUS	false
20.190.152.20	unknown	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
20.190.152.22	unknown	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
142.250.186.65	unknown	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.16

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1524026
Start date and time:	2024-10-02 12:14:51 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 15m 55s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowsinteractivecookbook.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	206
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	1
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	563299efce875400a8d9b44b96597c8e-sample (1).zip
Detection:	MAL
Classification:	mal72.rans.evad.winZIP@317/1031@40/38
EGA Information:	Successful, ratio: 77.8%
HCA Information:	Successful, ratio: 95% Number of executed functions: 32 Number of non-executed functions: 399
Cookbook Comments:	Found application associated with file extension: .zip

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, audiodg.exe, consent.exe, RuntimeBroker.exe, ShellExperienceHost.exe, SIHClient.exe, SgrmBroker.exe, backgroundTaskHost.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 217.20.57.34, 13.85.23.86, 13.95.31.18, 20.12.23.50, 20.3.187.198, 142.250.184.238, 184.28.89.167, 13.107.42.16, 204.79.197.239, 13.107.21.239, 142.250.181.238, 172.217.16.206, 216.58.206.40, 142.250.186.131, 216.58.206.67, 142.250.185.227, 2.23.209.185, 2.23.209.182, 2.23.209.186, 2.23.209.176, 2.23.209.183, 2.23.209.181, 2.23.209.188, 2.23.209.178, 2.23.209.179, 172.217.23.106, 142.250.185.74, 142.250.185.202, 172.217.18.10, 216.58.206.42, 142.250.186.170, 142.250.184.202, 142.250.186.106, 142.250.185.234, 142.250.181.234, 142.250.74.202, 142.250.186.42, 142.250.185.138, 142.250.185.170, 142.250.185.106, 142.250.184.234, 204.79.197.200, 13.107.6.158, 2.18.97.227, 142.250.185.238, 74.125.133.84, 34.104.35.123, 142.250.186.67, 172.217.18.14, 108.177.15.84, 216.58.212.170, 216.58.212.138, 172.217.16.138, 142.250.186.74, 172.217.16.202, 216.58.206.74, 142.250.186.138, 172.217.18.106, 142.250.184.195, 199.232.210.172, 142.250.186.78, 142.251.40.227, 142.250.80.3, 142.250
Excluded domains from analysis (whitelisted): cdp-f-ssl-tlu-net.trafficmanager.net, ssl.gstatic.com, slscr.update.microsoft.com, clientservices.googleapis.com, star.sf.tlu.dl.delivery.mp.microsoft.com.delivery.microsoft.com, e11290.dspg.akamaiedge.net, clients2.google.com, e86303.dscx.akamaiedge.net, login.live.com, config-edge-skype.l-0007.l-msedge.net, update.googleapis.com, www.gstatic.com, l-0007.l-msedge.net, ieonline.microsoft.com, www.google-analytics.com, www.bing.com, fs.microsoft.com, ogads-pa.googleapis.com, www.googleapis.com, www-www.bing.com.trafficmanager.net, business-bing-com.b-0005.b-msedge.net, wildcardtlu-ssl.azureedge.net, edgedl.me.gvt1.com, clients.l.google.com, config.edge.skype.com.trafficmanager.net, go.microsoft.com, www.bing.com.edgekey.net, www.googletagmanager.com, msedge.b.tlu.dl.delivery.mp.microsoft.com, glb.cws.prod.dcat.dsp.trafficmanager.net, sls.update.microsoft.com, config.edge.skype.com, glb.sls.prod.dcat.dsp.trafficmanager.net, optimizationguide-pa.googleapis.com, edge-
Execution Graph export aborted for target GPhotos.scr, PID 5508 because there are no executed function
Execution Graph export aborted for target UNZIP.EXE, PID 7180 because there are no executed function
HTTPS sessions have been limited to 150. Please view the PCAPs for the complete data.
Not all processes where analyzed, report is missing behavior information
Report creation exceeded maximum time and may have missing behavior and disassembly information.
Report creation exceeded maximum time and may have missing disassembly code information.
Report size exceeded maximum capacity and may have missing behavior information.
Report size exceeded maximum capacity and may have missing disassembly code.
Report size exceeded maximum capacity and may have missing network information.
Report size getting too big, too many NtAllocateVirtualMemory calls found.
Report size getting too big, too many NtCreateFile calls found.
Report size getting too big, too many NtCreateKey calls found.
Report size getting too big, too many NtEnumerateKey calls found.
Report size getting too big, too many NtEnumerateValueKey calls found.
Report size getting too big, too many NtOpenFile calls found.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtProtectVirtualMemory calls found.
Report size getting too big, too many NtQueryAttributesFile calls found.
Report size getting too big, too many NtQueryValueKey calls found.
Report size getting too big, too many NtSetInformationFile calls found.
Report size getting too big, too many NtSetValueKey calls found.
Report size getting too big, too many NtWriteVirtualMemory calls found.
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

Simulations

Behavior and APIs

Time	Type	Description
06:16:33	API Interceptor	526x Sleep call for process: szninstall.exe modified
06:16:54	API Interceptor	744x Sleep call for process: listicka.exe modified
06:17:05	API Interceptor	389x Sleep call for process: szndesktop.exe modified
06:17:14	API Interceptor	547x Sleep call for process: Picasa3.exe modified
06:17:18	API Interceptor	1x Sleep call for process: sznpp_64.exe modified

Process:	C:\Users\user\AppData\Local\Temp\nsm983C.tmp\setuppicasa39-setup.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	715080
Entropy (8bit):	6.562836179683468
Encrypted:	false
SSDEEP:	6144:v7VRQ6qrhkVdsv1Qf4F5uIJ3ZtJr+lKWK7sAx9lyPiAf4Xw5tyFtV25qNMDp7sfG:1sOQdZtJ6lfBPiCnXyFt1NpElDL
MD5:	3436235E704354AA6374BF689E7078AA
SHA1:	D822EE85D9C9EBB7EA041F6C5C9D7280857C2610
SHA-256:	86EC3A8B305BFD4A63DC1CA9BD8319EC508A63966954E6FDCC4152E9D399B829
SHA-512:	7058511CF68F7D6964D1C6F26E9A7A6493ECC9D639A91C31993301E727E19AEE02EB8FB3272C23C481471FB56042739C3BF7B5ED18002AE2074217E20D2A21DF
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0% Antivirus: Virustotal, Detection: 0%, Browse
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........._.............o......o......o..[.........>.......'...............>..........>....o..y....o.......o......Rich....................PE..L......V.................@..........[........P....@.......................... ..........................................................................H............V..............................p...@............P...............................text...;.......@.................. ..`.rdata......P.......P..............@..@.data...............................@....rsrc...............................@..@........................................................................................................................................................................................................................................................................................................................................

Process:	C:\Users\user\AppData\Roaming\Seznam.cz\bin\sznpp.exe
File Type:	Matlab v4 mat-file (little endian) , sparse, rows 0, columns 10
Category:	dropped
Size (bytes):	1070
Entropy (8bit):	7.0136939323455065
Encrypted:	false
SSDEEP:	24:dZNFwUKr+lgT6kKzsCwXMOfNKD75Lui4aLW+oUMO1RKr+lvsucZQYEG:dKU6tcQFXPFKd/IYMO36OsTQ9G
MD5:	521355651FE83F6BD5159C4AB94B0DAE
SHA1:	5AB52623516876F8F80417834BEAFF6E9F982023
SHA-256:	698D69D6204DCCCCA100041A02CEF5EF22933ABB0CF4B8791355142558158833
SHA-512:	DF5E147901DE7470B70741960788C569849ABDF62905CE3A318F1DD595C02CE72C0E0113850C2FA4986FEC634A22A75AE8C1C861385FEE968343537B818ECB70
Malicious:	false
Reputation:	unknown
Preview:	....................\...................Container.....................RSA1H.......?............Lw...8FHL....&..U......)..L..\|}.#r~....k.<.9./.? .sB.o.....................z..O......}w.C.mwF..O..?.....,...C.r.y.p.t.o.A.P.I. .P.r.i.v.a.t.e. .K.e.y....f...... ...b..e....<n(3.(H..".I1......7Vk.............. ....r7.zB...I.......=i.!..kh.u...>......M.K.I.3............!e.+b...g.....p..[J]...7.C.)}...1Js..?..\|fb...LR(k...:.&..j.,.O...<e.w....k...N..k.D>N..#xy..4....VIn.=W......{...7.7...R..y..{...cH..n......^ROg.P....h..T...z...$W..~.x.....O..KV.x..$.........-._.k......O.f....,1.b......XJq].5C.rn..p..\n.v..0.\`...L./N.p.dL:4...:CC"J..?...~..V..V...>......5....I.M..3...tm..X.v."J.m.WJY..9cz.Cu..&..zdL.9+k.LI. 0.u..IWe.m...N.3.@....,j..........!.\| .I.Z5..{ u..G..}....Yd.DlB<..B.......N~.............z..O......}w.C.mwF..O..?.........E.x.p.o.r.t. .F.l.a.g....f...... .....J.....@.}..g)....8..q.y...*............ ......[hA..?N........hQ......0....q.....#b.].....3.

Process:	C:\Program Files\Internet Explorer\iexplore.exe
File Type:	MS Windows icon resource - 1 icon, 32x32, 32 bits/pixel
Category:	dropped
Size (bytes):	4286
Entropy (8bit):	3.8046022951415335
Encrypted:	false
SSDEEP:	24:suZOWcCXPRS4QAUs/KBy3TYI42Apvl6wheXpktCH2Yn4KgISQggggFpz1k9PAYHu:HBRh+sCBykteatiBn4KWi1+Ne
MD5:	DA597791BE3B6E732F0BC8B20E38EE62
SHA1:	1125C45D285C360542027D7554A5C442288974DE
SHA-256:	5B2C34B3C4E8DD898B664DBA6C3786E2FF9869EFF55D673AA48361F11325ED07
SHA-512:	D8DC8358727590A1ED74DC70356AEDC0499552C2DC0CD4F7A01853DD85CEB3AEAD5FBDC7C75D7DA36DB6AF2448CE5ABDFF64CEBDCA3533ECAD953C061A9B338E
Malicious:	false
Reputation:	unknown
Preview:	...... .... .........(... ...@..... ...................................................................................................................................................................................................N...Sz..R...R...P...N..L..H..DG..........................................................................................R6..U...U...S...R...P...N..L..I..F..B...7...............................................................................S6..V...V...U...S...R...P...N..L..I..F..C...?..:z......................................................................O...W...V...V...U...S...R...P...N..L..I..E..C...?...;..{7..q2$..............................................................T..D..]...S)..p6..J...R...P...N..L..I..E..B..>..;..z7..p2..f,X.........................................................A..O#..N!..N!..N!..P$..q:...P...N..K..I..E..A..=..9..x5..n0..e,...5...................................................Ea.Z,..T$..T$..T

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	58117
Entropy (8bit):	6.1058245319628615
Encrypted:	false
SSDEEP:	1536:k/Ps+wsI7yO/3i+EeTTvqrvbtoYKBuSZ+aoo:k/0+zI7yOq+EGTivXKBuWNP
MD5:	A15AFAFE37B48F6BF28CB6305E339894
SHA1:	12CB1308B5A115D65E76225209AFAC83025A6E7D
SHA-256:	9DF0276F2720BCC9BBB7C9107DF139A46F8A45EF67146E3E0FB8984CA6266547
SHA-512:	99071C2B70BD0C9258DCE83FD35EFEC63C0F6F11830D436F6BC1580B69964D93C31EEA2094A296775F6C84AF2142838C8D34E7408D968DD19E0829A9087DD611
Malicious:	false
Reputation:	unknown
Preview:	{"abusive_adblocker_etag":"\"8ABCE35666CBACA121128B98C75E78308AAC1CE803625FAFB4A7AFA722C77CA4\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	HTML document, ASCII text, with CRLF, LF line terminators
Category:	dropped
Size (bytes):	302
Entropy (8bit):	5.537533793843685
Encrypted:	false
SSDEEP:	6:wRkrQWR0iYBtqWt2aSyu5BLCRgycQ30BgkToP:ekrY1tdkys9CRj3Yfi
MD5:	063EEDF9A4C2A3F47CF6CD5118E709AE
SHA1:	874FCF73515CE05BE49FBEF76F1F7FB89548DCFC
SHA-256:	9B302E8650CBBFA21662FC15285605E4801ED41EA6A21018C5066C6488F6DF25
SHA-512:	FE8A99273E601364CA2CD8096DBE767DDB58DE4BC68C88B0BF85714CB4B7A01B57481F86FF1F9CE5F65C56D7924DCADB9D2156FC13651B3DCC4C21C00EC60D2B
Malicious:	false
Reputation:	unknown
Preview:	<HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8">.<TITLE>301 Moved</TITLE></HEAD><BODY>.<H1>301 Moved</H1>.The document has moved.<A HREF="https://support.google.com/picasa/answer/157000?hl=en&visit_id=638634609885905976-1351747924&rd=1">here</A>...</BODY></HTML>..

Process:	C:\Users\user\Desktop\1a4e5ccd35a56d84281a143f831563be.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
Category:	dropped
Size (bytes):	11265280
Entropy (8bit):	7.999733434812855
Encrypted:	true
SSDEEP:	196608:kdj55vVVlA1+bzOkUHQGuhlL3indHXPhiSpIUi5cOong7YflZP9uKy8Mpg:o5FHW1+zOkT7Kd3P43Uz5gglZPAg
MD5:	B29BFD8EE3A426894B4CA3753E5B62A8
SHA1:	47DCA130179D877ABC85CD7046A469C3AC74F502
SHA-256:	D3D7E6B3F65BA7375D356DA4818F8CAF09B185E200DD97310ABEADA793D82077
SHA-512:	2DDBF6C4D38029089DB20BBF8D942BC852E6E48DDA834E492BE423AB5556C33BD180B2B4EA2DE791D48EDC581ED819F36583D3142293AD6FC53EC794EC5A4EB3
Malicious:	true
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......1..:u..iu..iu..i..iw..iu..i...i..id..i!..i...i...it..iRichu..i........................PE..L......K.................\..........<2.......p....@..........................`......n........................................s..........hI.............8............................................................p...............................text...ZZ.......\.................. ..`.rdata.......p.......`..............@..@.data................r..............@....ndata.......@...........................rsrc...hI.......J...v..............@..@................................................................................................................................................................................................................................................................................................................................................

Process:	C:\Users\user\AppData\Local\Temp\~0069FB97.00001B74.sznpkg\UNZIP.EXE
File Type:	Unicode text, UTF-8 text, with CRLF line terminators
Category:	dropped
Size (bytes):	199
Entropy (8bit):	4.774815712414516
Encrypted:	false
SSDEEP:	3:hr39Ax8SERLW0QVAFQUjLnE4MZFVTyZQG3Vjl1/LWiMuM4xQ9ot2VBEpINqU0Kpj:x39xRiGnE4kzyZ9KiMuMnyYICNq1y
MD5:	723B8C5F1FA2D9C5C1D9830C34BA08AD
SHA1:	34C12369A988E5D30F2BEAB2F1C7ACC018761959
SHA-256:	57ACE0B4E76F0045A7DAE3E39B59C50193D9E45AB8BFA17A1F1D21DFB99DD3C8
SHA-512:	951ACB2FA97AB2647DE41549AC4E4D46FA0D8B7994A39AE293C1EB5A543FC562A76B3B87C3DAC68B66F876FDB6EEF694C5F62B885D5288993D14E2F272085904
Malicious:	false
Reputation:	unknown
Preview:	[package]..name=cz.seznam.software.sznsetup..version=1.2.7..install=install.bat..uninstall=uninstall.bat..platform=win32..isLib=true..appName=Seznam Setup\|Zaji..uje instalaci komponent od Seznamu..

Process:	C:\Users\user\AppData\Local\Temp\~006A2DE2.00000DD4.sznpkg\UNZIP.EXE
File Type:	Unicode text, UTF-8 text, with CRLF line terminators
Category:	dropped
Size (bytes):	298
Entropy (8bit):	4.856414756802041
Encrypted:	false
SSDEEP:	6:x39xJvVdqi4kzyZEJR4Ld1KiMuMnyM5uNyI4YlZIFM+UyEgX+s:XvVdQkkhqDnyM52ZMMZyBXb
MD5:	179CF2126D63ACB096BCF31D9E755A28
SHA1:	148F948EA0DF3D1EB9A5EDF9D4EC98895D64BEA9
SHA-256:	B0398A91EAA0ADD38C0A75FA398952E8DF4EFF4010D0957819E8DD55CFB33C94
SHA-512:	767B7E7C1A9C75E90631F020C72FDBCEAC054F789A899D972F6231EE236738D489A7269F80F2E5F64182E494BBB60F9CE89FB6819C4B4112E4A352EAE9FC8508
Malicious:	false
Reputation:	unknown
Preview:	[package]..name=cz.seznam.software.autoupdate..version=1.0.8..install=install.bat..uninstall=uninstall.bat..depends=cz.seznam.software.szninstall (1.1.8)..platform=win32..isLib=true..appName=Automatick. aktualizace\|Zaji..uje automatick. aktualizace nainstalovan.ho software..installer=1.1.15..

Process:	C:\Windows\SysWOW64\cmd.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	92368
Entropy (8bit):	5.825209255940427
Encrypted:	false
SSDEEP:	1536:VVM9oDGj2dQ8T4LPgNELt/dXheskGKwshql8ksWXd8kNg8BgLA9+kghm:49oa6T+YKt/dXsLmHTVNBBS2+k
MD5:	838737C4B75CCEC631951DAC86CE2F78
SHA1:	D7976EE1E596D81607484CBB11B79E8AAD3130BE
SHA-256:	734D8ADDF79703CAE9844BD8A92E29C7872851134CCDB17B04A2DB793463C04F
SHA-512:	8B2D325FC4D8CBB32A25622A139AA4273701677C37FAA9DAD2E7DC56BD5EA145E009F687F4C7F7A1E28F27E170D3AB6CE42E4BC1210E0FA6BF45F42097227935
Malicious:	false
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........za.............{.......{.......{.......c..........................................Rich............................PE..d..._..Z.........." ................<.....................................................`.............................................x.......<....p.......`.......8...0.............8...........................p...p...............h............................text.............................. ..`.rdata..Hs.......t..................@..@.data...h8... ......................@....pdata.......`......................@..@.rsrc........p.......&..............@..@.reloc...............(..............@..B........................................................................................................................................................................................................................................................

File type:	Zip archive data, at least v2.0 to extract, compression method=deflate
Entropy (8bit):	7.9999932207284585
TrID:	ZIP compressed archive (8000/1) 99.91% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.09%
File name:	563299efce875400a8d9b44b96597c8e-sample (1).zip
File size:	25'085'622 bytes
MD5:	8625e1f9e8548342a4f9f1641a1ae4eb
SHA1:	3b602c272347d14cc91e07bf0dae686d768d7965
SHA256:	11fe7a13ad470ff3c39423f1ebb5b7abff8cf8a656d2ac97c0183d680d07687c
SHA512:	6c9c07b70e8c53ef10df4cf839ee47a28acdda815dc1a5f337967a4cbe2f9b26b8075ecbc4e5295f755cfddcc2459aef1b21f9f46a7b11a89e554347261fc520
SSDEEP:	393216:xUYMp10LmoSzKCcMhttMWlPXxLBzQdDMOf8GInTd7EoOUwY6zcqtXWZ6:mYMsmoexcMhTlBz0f8GOTd7EY6zccWk
TLSH:	1247337B987F859DB007FEB6D2002024BE59B50F671C43A3A163177D3CAEA7862D291D
File Content Preview:	PK.........PBY............ ...1a4e5ccd35a56d84281a143f831563bee.............2.n...yRx...<.7J....._>...."..X\|tE..%<.Bz4f....$.....7.."..P.Th:..<F.....SM7....D....iP...e4........e^./....D....xo.G.........N...y(.Lg.."OG...V.H.?..c.p.Y....ohEd/.G...;`.j......

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Oct 2, 2024 12:16:02.314733982 CEST	192.168.2.16	1.1.1.1	0xf773	Standard query (0)	pack.google.com	A (IP address)	IN (0x0001)	false
Oct 2, 2024 12:16:21.385323048 CEST	192.168.2.16	1.1.1.1	0x4d3b	Standard query (0)	download.seznam.cz	A (IP address)	IN (0x0001)	false
Oct 2, 2024 12:16:26.181840897 CEST	192.168.2.16	1.1.1.1	0xfa59	Standard query (0)	picasa.google.com	A (IP address)	IN (0x0001)	false
Oct 2, 2024 12:16:26.448601961 CEST	192.168.2.16	1.1.1.1	0xf58b	Standard query (0)	picasa-readme.blogspot.com	A (IP address)	IN (0x0001)	false
Oct 2, 2024 12:16:27.180741072 CEST	192.168.2.16	1.1.1.1	0x2ba9	Standard query (0)	support.google.com	A (IP address)	IN (0x0001)	false
Oct 2, 2024 12:16:29.598407984 CEST	192.168.2.16	1.1.1.1	0xae61	Standard query (0)	clients2.googleusercontent.com	A (IP address)	IN (0x0001)	false
Oct 2, 2024 12:16:29.598625898 CEST	192.168.2.16	1.1.1.1	0xf269	Standard query (0)	clients2.googleusercontent.com	65	IN (0x0001)	false
Oct 2, 2024 12:16:30.993328094 CEST	192.168.2.16	1.1.1.1	0x12fb	Standard query (0)	lh3.googleusercontent.com	A (IP address)	IN (0x0001)	false
Oct 2, 2024 12:16:32.557159901 CEST	192.168.2.16	1.1.1.1	0xd8f6	Standard query (0)	chrome.cloudflare-dns.com	A (IP address)	IN (0x0001)	false
Oct 2, 2024 12:16:32.557391882 CEST	192.168.2.16	1.1.1.1	0x502a	Standard query (0)	chrome.cloudflare-dns.com	65	IN (0x0001)	false
Oct 2, 2024 12:16:32.557588100 CEST	192.168.2.16	1.1.1.1	0x63	Standard query (0)	chrome.cloudflare-dns.com	A (IP address)	IN (0x0001)	false
Oct 2, 2024 12:16:32.557749033 CEST	192.168.2.16	1.1.1.1	0x3525	Standard query (0)	chrome.cloudflare-dns.com	65	IN (0x0001)	false
Oct 2, 2024 12:16:32.649852037 CEST	192.168.2.16	1.1.1.1	0x553e	Standard query (0)	chrome.cloudflare-dns.com	A (IP address)	IN (0x0001)	false
Oct 2, 2024 12:16:32.650036097 CEST	192.168.2.16	1.1.1.1	0xf384	Standard query (0)	chrome.cloudflare-dns.com	65	IN (0x0001)	false
Oct 2, 2024 12:16:32.659455061 CEST	192.168.2.16	1.1.1.1	0x8ce2	Standard query (0)	apis.google.com	A (IP address)	IN (0x0001)	false
Oct 2, 2024 12:16:45.821433067 CEST	192.168.2.16	1.1.1.1	0xed46	Standard query (0)	apis.google.com	A (IP address)	IN (0x0001)	false
Oct 2, 2024 12:17:03.465837002 CEST	192.168.2.16	1.1.1.1	0x4963	Standard query (0)	h.imedia.cz	A (IP address)	IN (0x0001)	false
Oct 2, 2024 12:17:16.197205067 CEST	192.168.2.16	1.1.1.1	0x62ae	Standard query (0)	sentry.sklik.cz	A (IP address)	IN (0x0001)	false
Oct 2, 2024 12:17:25.577631950 CEST	192.168.2.16	1.1.1.1	0x5c9e	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Oct 2, 2024 12:17:25.577771902 CEST	192.168.2.16	1.1.1.1	0xa4e9	Standard query (0)	www.google.com	65	IN (0x0001)	false
Oct 2, 2024 12:17:37.062351942 CEST	192.168.2.16	1.1.1.1	0x981	Standard query (0)	sentry.sklik.cz	A (IP address)	IN (0x0001)	false
Oct 2, 2024 12:17:38.204901934 CEST	192.168.2.16	1.1.1.1	0x8c74	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Oct 2, 2024 12:17:38.204996109 CEST	192.168.2.16	1.1.1.1	0x1972	Standard query (0)	www.google.com	65	IN (0x0001)	false
Oct 2, 2024 12:17:49.614650011 CEST	192.168.2.16	1.1.1.1	0x73bd	Standard query (0)	clients2.googleusercontent.com	A (IP address)	IN (0x0001)	false
Oct 2, 2024 12:17:49.614774942 CEST	192.168.2.16	1.1.1.1	0xbaa4	Standard query (0)	clients2.googleusercontent.com	65	IN (0x0001)	false
Oct 2, 2024 12:17:49.615194082 CEST	192.168.2.16	1.1.1.1	0x5c	Standard query (0)	sentry.sklik.cz	A (IP address)	IN (0x0001)	false
Oct 2, 2024 12:17:51.349709988 CEST	192.168.2.16	1.1.1.1	0x4997	Standard query (0)	chrome.google.com	A (IP address)	IN (0x0001)	false
Oct 2, 2024 12:17:51.349802017 CEST	192.168.2.16	1.1.1.1	0xc55d	Standard query (0)	chrome.google.com	65	IN (0x0001)	false
Oct 2, 2024 12:17:52.469170094 CEST	192.168.2.16	1.1.1.1	0x794e	Standard query (0)	software.seznam.cz	A (IP address)	IN (0x0001)	false
Oct 2, 2024 12:17:52.469271898 CEST	192.168.2.16	1.1.1.1	0x502d	Standard query (0)	software.seznam.cz	65	IN (0x0001)	false
Oct 2, 2024 12:17:52.470803022 CEST	192.168.2.16	1.1.1.1	0xb753	Standard query (0)	h.seznam.cz	A (IP address)	IN (0x0001)	false
Oct 2, 2024 12:17:52.470901966 CEST	192.168.2.16	1.1.1.1	0xa62e	Standard query (0)	h.seznam.cz	65	IN (0x0001)	false
Oct 2, 2024 12:17:59.836375952 CEST	192.168.2.16	1.1.1.1	0xe1a8	Standard query (0)	software.seznam.cz	A (IP address)	IN (0x0001)	false
Oct 2, 2024 12:17:59.836616993 CEST	192.168.2.16	1.1.1.1	0xc62c	Standard query (0)	software.seznam.cz	65	IN (0x0001)	false
Oct 2, 2024 12:17:59.837037086 CEST	192.168.2.16	1.1.1.1	0x1044	Standard query (0)	h.seznam.cz	A (IP address)	IN (0x0001)	false
Oct 2, 2024 12:17:59.837186098 CEST	192.168.2.16	1.1.1.1	0x8768	Standard query (0)	h.seznam.cz	65	IN (0x0001)	false
Oct 2, 2024 12:18:00.674310923 CEST	192.168.2.16	1.1.1.1	0x4315	Standard query (0)	clients2.googleusercontent.com	A (IP address)	IN (0x0001)	false
Oct 2, 2024 12:18:00.674391031 CEST	192.168.2.16	1.1.1.1	0x9a89	Standard query (0)	clients2.googleusercontent.com	65	IN (0x0001)	false
Oct 2, 2024 12:18:02.479906082 CEST	192.168.2.16	1.1.1.1	0x5aad	Standard query (0)	chrome.google.com	A (IP address)	IN (0x0001)	false
Oct 2, 2024 12:18:02.479919910 CEST	192.168.2.16	1.1.1.1	0x3a06	Standard query (0)	chrome.google.com	65	IN (0x0001)	false

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Oct 2, 2024 12:16:02.322657108 CEST	1.1.1.1	192.168.2.16	0xf773	No error (0)	pack.google.com	www2.l.google.com		CNAME (Canonical name)	IN (0x0001)	false
Oct 2, 2024 12:16:02.322657108 CEST	1.1.1.1	192.168.2.16	0xf773	No error (0)	www2.l.google.com		142.250.185.228	A (IP address)	IN (0x0001)	false
Oct 2, 2024 12:16:21.448381901 CEST	1.1.1.1	192.168.2.16	0x4d3b	No error (0)	download.seznam.cz		77.75.76.70	A (IP address)	IN (0x0001)	false
Oct 2, 2024 12:16:21.448381901 CEST	1.1.1.1	192.168.2.16	0x4d3b	No error (0)	download.seznam.cz		77.75.78.70	A (IP address)	IN (0x0001)	false
Oct 2, 2024 12:16:26.192095995 CEST	1.1.1.1	192.168.2.16	0xfa59	No error (0)	picasa.google.com	www2.l.google.com		CNAME (Canonical name)	IN (0x0001)	false
Oct 2, 2024 12:16:26.192095995 CEST	1.1.1.1	192.168.2.16	0xfa59	No error (0)	www2.l.google.com		172.217.23.100	A (IP address)	IN (0x0001)	false
Oct 2, 2024 12:16:26.482245922 CEST	1.1.1.1	192.168.2.16	0xf58b	No error (0)	picasa-readme.blogspot.com	blogspot.l.googleusercontent.com		CNAME (Canonical name)	IN (0x0001)	false
Oct 2, 2024 12:16:26.482245922 CEST	1.1.1.1	192.168.2.16	0xf58b	No error (0)	blogspot.l.googleusercontent.com		142.250.185.161	A (IP address)	IN (0x0001)	false
Oct 2, 2024 12:16:27.187695980 CEST	1.1.1.1	192.168.2.16	0x2ba9	No error (0)	support.google.com		172.217.23.110	A (IP address)	IN (0x0001)	false
Oct 2, 2024 12:16:29.606112003 CEST	1.1.1.1	192.168.2.16	0xae61	No error (0)	clients2.googleusercontent.com	googlehosted.l.googleusercontent.com		CNAME (Canonical name)	IN (0x0001)	false
Oct 2, 2024 12:16:29.606112003 CEST	1.1.1.1	192.168.2.16	0xae61	No error (0)	googlehosted.l.googleusercontent.com		172.217.23.97	A (IP address)	IN (0x0001)	false
Oct 2, 2024 12:16:29.607366085 CEST	1.1.1.1	192.168.2.16	0xf269	No error (0)	clients2.googleusercontent.com	googlehosted.l.googleusercontent.com		CNAME (Canonical name)	IN (0x0001)	false
Oct 2, 2024 12:16:30.984013081 CEST	1.1.1.1	192.168.2.16	0xbc	No error (0)	scdn1f005.wpc.ad629.nucdn.net	sni1gl.wpc.nucdn.net		CNAME (Canonical name)	IN (0x0001)	false
Oct 2, 2024 12:16:30.984965086 CEST	1.1.1.1	192.168.2.16	0x3e01	No error (0)	scdn1f005.wpc.ad629.nucdn.net	sni1gl.wpc.nucdn.net		CNAME (Canonical name)	IN (0x0001)	false
Oct 2, 2024 12:16:30.984965086 CEST	1.1.1.1	192.168.2.16	0x3e01	No error (0)	sni1gl.wpc.nucdn.net		152.199.21.175	A (IP address)	IN (0x0001)	false
Oct 2, 2024 12:16:31.047714949 CEST	1.1.1.1	192.168.2.16	0x12fb	No error (0)	lh3.googleusercontent.com	googlehosted.l.googleusercontent.com		CNAME (Canonical name)	IN (0x0001)	false
Oct 2, 2024 12:16:31.047714949 CEST	1.1.1.1	192.168.2.16	0x12fb	No error (0)	googlehosted.l.googleusercontent.com		142.250.186.65	A (IP address)	IN (0x0001)	false
Oct 2, 2024 12:16:32.028748035 CEST	1.1.1.1	192.168.2.16	0xe35b	No error (0)	scdn1f005.wpc.ad629.nucdn.net	sni1gl.wpc.nucdn.net		CNAME (Canonical name)	IN (0x0001)	false
Oct 2, 2024 12:16:32.028748035 CEST	1.1.1.1	192.168.2.16	0xe35b	No error (0)	sni1gl.wpc.nucdn.net		152.199.21.175	A (IP address)	IN (0x0001)	false
Oct 2, 2024 12:16:32.030133963 CEST	1.1.1.1	192.168.2.16	0xcdee	No error (0)	scdn1f005.wpc.ad629.nucdn.net	sni1gl.wpc.nucdn.net		CNAME (Canonical name)	IN (0x0001)	false
Oct 2, 2024 12:16:32.564697027 CEST	1.1.1.1	192.168.2.16	0xd8f6	No error (0)	chrome.cloudflare-dns.com		172.64.41.3	A (IP address)	IN (0x0001)	false
Oct 2, 2024 12:16:32.564697027 CEST	1.1.1.1	192.168.2.16	0xd8f6	No error (0)	chrome.cloudflare-dns.com		162.159.61.3	A (IP address)	IN (0x0001)	false
Oct 2, 2024 12:16:32.564711094 CEST	1.1.1.1	192.168.2.16	0x502a	No error (0)	chrome.cloudflare-dns.com			65	IN (0x0001)	false
Oct 2, 2024 12:16:32.565217018 CEST	1.1.1.1	192.168.2.16	0x3525	No error (0)	chrome.cloudflare-dns.com			65	IN (0x0001)	false
Oct 2, 2024 12:16:32.565746069 CEST	1.1.1.1	192.168.2.16	0x63	No error (0)	chrome.cloudflare-dns.com		172.64.41.3	A (IP address)	IN (0x0001)	false
Oct 2, 2024 12:16:32.565746069 CEST	1.1.1.1	192.168.2.16	0x63	No error (0)	chrome.cloudflare-dns.com		162.159.61.3	A (IP address)	IN (0x0001)	false
Oct 2, 2024 12:16:32.677613020 CEST	1.1.1.1	192.168.2.16	0xf384	No error (0)	chrome.cloudflare-dns.com			65	IN (0x0001)	false
Oct 2, 2024 12:16:32.677627087 CEST	1.1.1.1	192.168.2.16	0x553e	No error (0)	chrome.cloudflare-dns.com		162.159.61.3	A (IP address)	IN (0x0001)	false
Oct 2, 2024 12:16:32.677627087 CEST	1.1.1.1	192.168.2.16	0x553e	No error (0)	chrome.cloudflare-dns.com		172.64.41.3	A (IP address)	IN (0x0001)	false
Oct 2, 2024 12:16:32.686394930 CEST	1.1.1.1	192.168.2.16	0x8ce2	No error (0)	apis.google.com	plus.l.google.com		CNAME (Canonical name)	IN (0x0001)	false
Oct 2, 2024 12:16:32.686394930 CEST	1.1.1.1	192.168.2.16	0x8ce2	No error (0)	plus.l.google.com		142.250.185.174	A (IP address)	IN (0x0001)	false
Oct 2, 2024 12:16:34.838638067 CEST	1.1.1.1	192.168.2.16	0xb763	No error (0)	scdn1f005.wpc.ad629.nucdn.net	sni1gl.wpc.nucdn.net		CNAME (Canonical name)	IN (0x0001)	false
Oct 2, 2024 12:16:34.838638067 CEST	1.1.1.1	192.168.2.16	0xb763	No error (0)	sni1gl.wpc.nucdn.net		152.199.21.175	A (IP address)	IN (0x0001)	false
Oct 2, 2024 12:16:35.059930086 CEST	1.1.1.1	192.168.2.16	0xb763	No error (0)	scdn1f005.wpc.ad629.nucdn.net	sni1gl.wpc.nucdn.net		CNAME (Canonical name)	IN (0x0001)	false
Oct 2, 2024 12:16:35.059930086 CEST	1.1.1.1	192.168.2.16	0xb763	No error (0)	sni1gl.wpc.nucdn.net		152.199.21.175	A (IP address)	IN (0x0001)	false
Oct 2, 2024 12:16:36.070111036 CEST	1.1.1.1	192.168.2.16	0xb763	No error (0)	scdn1f005.wpc.ad629.nucdn.net	sni1gl.wpc.nucdn.net		CNAME (Canonical name)	IN (0x0001)	false
Oct 2, 2024 12:16:36.070111036 CEST	1.1.1.1	192.168.2.16	0xb763	No error (0)	sni1gl.wpc.nucdn.net		152.199.21.175	A (IP address)	IN (0x0001)	false
Oct 2, 2024 12:16:38.084070921 CEST	1.1.1.1	192.168.2.16	0xb763	No error (0)	scdn1f005.wpc.ad629.nucdn.net	sni1gl.wpc.nucdn.net		CNAME (Canonical name)	IN (0x0001)	false
Oct 2, 2024 12:16:38.084070921 CEST	1.1.1.1	192.168.2.16	0xb763	No error (0)	sni1gl.wpc.nucdn.net		152.199.21.175	A (IP address)	IN (0x0001)	false
Oct 2, 2024 12:16:42.089453936 CEST	1.1.1.1	192.168.2.16	0xb763	No error (0)	scdn1f005.wpc.ad629.nucdn.net	sni1gl.wpc.nucdn.net		CNAME (Canonical name)	IN (0x0001)	false
Oct 2, 2024 12:16:42.089453936 CEST	1.1.1.1	192.168.2.16	0xb763	No error (0)	sni1gl.wpc.nucdn.net		152.199.21.175	A (IP address)	IN (0x0001)	false
Oct 2, 2024 12:16:45.829086065 CEST	1.1.1.1	192.168.2.16	0xed46	No error (0)	apis.google.com	plus.l.google.com		CNAME (Canonical name)	IN (0x0001)	false
Oct 2, 2024 12:16:45.829086065 CEST	1.1.1.1	192.168.2.16	0xed46	No error (0)	plus.l.google.com		142.250.186.46	A (IP address)	IN (0x0001)	false
Oct 2, 2024 12:17:03.474505901 CEST	1.1.1.1	192.168.2.16	0x4963	No error (0)	h.imedia.cz		77.75.78.30	A (IP address)	IN (0x0001)	false
Oct 2, 2024 12:17:03.474505901 CEST	1.1.1.1	192.168.2.16	0x4963	No error (0)	h.imedia.cz		77.75.76.30	A (IP address)	IN (0x0001)	false
Oct 2, 2024 12:17:25.584803104 CEST	1.1.1.1	192.168.2.16	0x5c9e	No error (0)	www.google.com		216.58.206.36	A (IP address)	IN (0x0001)	false
Oct 2, 2024 12:17:25.585078001 CEST	1.1.1.1	192.168.2.16	0xa4e9	No error (0)	www.google.com			65	IN (0x0001)	false
Oct 2, 2024 12:17:38.219139099 CEST	1.1.1.1	192.168.2.16	0x8c74	No error (0)	www.google.com		216.58.206.68	A (IP address)	IN (0x0001)	false
Oct 2, 2024 12:17:38.219166994 CEST	1.1.1.1	192.168.2.16	0x1972	No error (0)	www.google.com			65	IN (0x0001)	false
Oct 2, 2024 12:17:49.629709005 CEST	1.1.1.1	192.168.2.16	0x73bd	No error (0)	clients2.googleusercontent.com	googlehosted.l.googleusercontent.com		CNAME (Canonical name)	IN (0x0001)	false
Oct 2, 2024 12:17:49.629709005 CEST	1.1.1.1	192.168.2.16	0x73bd	No error (0)	googlehosted.l.googleusercontent.com		142.250.184.225	A (IP address)	IN (0x0001)	false
Oct 2, 2024 12:17:49.630462885 CEST	1.1.1.1	192.168.2.16	0xbaa4	No error (0)	clients2.googleusercontent.com	googlehosted.l.googleusercontent.com		CNAME (Canonical name)	IN (0x0001)	false
Oct 2, 2024 12:17:51.357132912 CEST	1.1.1.1	192.168.2.16	0x4997	No error (0)	chrome.google.com	www3.l.google.com		CNAME (Canonical name)	IN (0x0001)	false
Oct 2, 2024 12:17:51.357132912 CEST	1.1.1.1	192.168.2.16	0x4997	No error (0)	www3.l.google.com		142.250.186.174	A (IP address)	IN (0x0001)	false
Oct 2, 2024 12:17:51.359018087 CEST	1.1.1.1	192.168.2.16	0xc55d	No error (0)	chrome.google.com	www3.l.google.com		CNAME (Canonical name)	IN (0x0001)	false
Oct 2, 2024 12:17:52.479468107 CEST	1.1.1.1	192.168.2.16	0xb753	No error (0)	h.seznam.cz		77.75.78.30	A (IP address)	IN (0x0001)	false
Oct 2, 2024 12:17:52.479468107 CEST	1.1.1.1	192.168.2.16	0xb753	No error (0)	h.seznam.cz		77.75.76.30	A (IP address)	IN (0x0001)	false
Oct 2, 2024 12:17:52.493208885 CEST	1.1.1.1	192.168.2.16	0x794e	No error (0)	software.seznam.cz	api.software.seznam.cz		CNAME (Canonical name)	IN (0x0001)	false
Oct 2, 2024 12:17:52.493208885 CEST	1.1.1.1	192.168.2.16	0x794e	No error (0)	api.software.seznam.cz		77.75.77.161	A (IP address)	IN (0x0001)	false
Oct 2, 2024 12:17:52.493208885 CEST	1.1.1.1	192.168.2.16	0x794e	No error (0)	api.software.seznam.cz		77.75.79.161	A (IP address)	IN (0x0001)	false
Oct 2, 2024 12:17:52.493863106 CEST	1.1.1.1	192.168.2.16	0x502d	No error (0)	software.seznam.cz	api.software.seznam.cz		CNAME (Canonical name)	IN (0x0001)	false
Oct 2, 2024 12:17:59.845935106 CEST	1.1.1.1	192.168.2.16	0x1044	No error (0)	h.seznam.cz		77.75.76.30	A (IP address)	IN (0x0001)	false
Oct 2, 2024 12:17:59.845935106 CEST	1.1.1.1	192.168.2.16	0x1044	No error (0)	h.seznam.cz		77.75.78.30	A (IP address)	IN (0x0001)	false
Oct 2, 2024 12:17:59.863442898 CEST	1.1.1.1	192.168.2.16	0xe1a8	No error (0)	software.seznam.cz	api.software.seznam.cz		CNAME (Canonical name)	IN (0x0001)	false
Oct 2, 2024 12:17:59.863442898 CEST	1.1.1.1	192.168.2.16	0xe1a8	No error (0)	api.software.seznam.cz		77.75.77.161	A (IP address)	IN (0x0001)	false
Oct 2, 2024 12:17:59.863442898 CEST	1.1.1.1	192.168.2.16	0xe1a8	No error (0)	api.software.seznam.cz		77.75.79.161	A (IP address)	IN (0x0001)	false
Oct 2, 2024 12:17:59.881932974 CEST	1.1.1.1	192.168.2.16	0xc62c	No error (0)	software.seznam.cz	api.software.seznam.cz		CNAME (Canonical name)	IN (0x0001)	false
Oct 2, 2024 12:18:00.681726933 CEST	1.1.1.1	192.168.2.16	0x9a89	No error (0)	clients2.googleusercontent.com	googlehosted.l.googleusercontent.com		CNAME (Canonical name)	IN (0x0001)	false
Oct 2, 2024 12:18:00.699428082 CEST	1.1.1.1	192.168.2.16	0x4315	No error (0)	clients2.googleusercontent.com	googlehosted.l.googleusercontent.com		CNAME (Canonical name)	IN (0x0001)	false
Oct 2, 2024 12:18:00.699428082 CEST	1.1.1.1	192.168.2.16	0x4315	No error (0)	googlehosted.l.googleusercontent.com		142.250.184.225	A (IP address)	IN (0x0001)	false
Oct 2, 2024 12:18:02.486397982 CEST	1.1.1.1	192.168.2.16	0x5aad	No error (0)	chrome.google.com	www3.l.google.com		CNAME (Canonical name)	IN (0x0001)	false
Oct 2, 2024 12:18:02.486397982 CEST	1.1.1.1	192.168.2.16	0x5aad	No error (0)	www3.l.google.com		216.58.212.142	A (IP address)	IN (0x0001)	false
Oct 2, 2024 12:18:02.487445116 CEST	1.1.1.1	192.168.2.16	0x3a06	No error (0)	chrome.google.com	www3.l.google.com		CNAME (Canonical name)	IN (0x0001)	false

Timestamp	Bytes transferred	Direction	Data
Oct 2, 2024 12:16:02.334244967 CEST	248	OUT	GET /gphotos?action=install&hl=en&gl=ch&brand=GGLA&scrid=AD0E3D47-9B39-483F-83C6-9B8C783457F6&v=(null) HTTP/1.1 Accept: / Accept-Encoding: gzip User-Agent: Google Photos Screensaver 2.0 (gzip) Host: pack.google.com Connection: Keep-Alive
Oct 2, 2024 12:16:03.048310041 CEST	1236	IN	HTTP/1.1 404 Not Found Content-Type: text/html; charset=UTF-8 Referrer-Policy: no-referrer Content-Length: 1568 Date: Wed, 02 Oct 2024 10:16:02 GMT Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 [TRUNCATED] Data Ascii: <!DOCTYPE html><html lang=en> <meta charset=utf-8> <meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"> <title>Error 404 (Not Found)!!1</title> <style> {margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px} > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat 0% 0%/100% 100%;-moz-border-image:url(//www.google.com/i [TRUNCATED]
Oct 2, 2024 12:16:03.048327923 CEST	487	IN	Data Raw: 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 2d 77 65 62 6b 69 74 2d 6d 69 6e 2d 64 65 76 69 63 65 2d 70 69 78 65 6c 2d 72 61 74 69 6f 3a 32 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f Data Ascii: only screen and (-webkit-min-device-pixel-ratio:2){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat;-webkit-background-size:100% 100%}}#logo{display:inline-block;height:54px;width:15

Timestamp	Bytes transferred	Direction	Data
Oct 2, 2024 12:16:21.458539009 CEST	63	OUT	GET /update/packages.inf HTTP/1.1 Host: download.seznam.cz
Oct 2, 2024 12:16:22.113296986 CEST	163	IN	HTTP/1.1 301 Moved Permanently location: https://download.seznam.cz/update/packages.inf date: Wed, 02 Oct 2024 10:16:21 GMT server: envoy content-length: 0
Oct 2, 2024 12:16:23.519866943 CEST	94	OUT	GET /update/cz.seznam.software.sznsetup-1.2.7-win32.zip HTTP/1.1 Host: download.seznam.cz
Oct 2, 2024 12:16:23.979949951 CEST	194	IN	HTTP/1.1 301 Moved Permanently location: https://download.seznam.cz/update/cz.seznam.software.sznsetup-1.2.7-win32.zip date: Wed, 02 Oct 2024 10:16:23 GMT server: envoy content-length: 0
Oct 2, 2024 12:16:26.475071907 CEST	97	OUT	GET /update/cz.seznam.software.szninstall-1.1.15-win32.zip HTTP/1.1 Host: download.seznam.cz
Oct 2, 2024 12:16:26.672422886 CEST	197	IN	HTTP/1.1 301 Moved Permanently location: https://download.seznam.cz/update/cz.seznam.software.szninstall-1.1.15-win32.zip date: Wed, 02 Oct 2024 10:16:26 GMT server: envoy content-length: 0

Timestamp	Bytes transferred	Direction	Data
Oct 2, 2024 12:16:26.490330935 CEST	170	OUT	GET /feeds/posts/default HTTP/1.1 Accept: / Accept-Encoding: gzip User-Agent: Picasa/3.9.141.255 (gzip) Host: picasa-readme.blogspot.com Connection: Keep-Alive
Oct 2, 2024 12:16:27.294347048 CEST	1236	IN	HTTP/1.1 200 OK Cross-Origin-Resource-Policy: cross-origin Content-Encoding: gzip ETag: W/"c0cf1b4023295e310be6a0c4867471a65178b3c614f7cf80069684d27704e64f" Date: Wed, 02 Oct 2024 10:16:27 GMT Content-Type: application/atom+xml; charset=UTF-8 Server: blogger-renderd Cache-Control: public, must-revalidate, proxy-revalidate, max-age=1 Vary: Accept-Encoding Expires: Wed, 02 Oct 2024 10:16:28 GMT X-Content-Type-Options: nosniff X-XSS-Protection: 0 Last-Modified: Wed, 28 Aug 2024 14:47:25 GMT Content-Length: 9776 X-Frame-Options: SAMEORIGIN Data Raw: 1f 8b 08 00 00 00 00 00 00 03 ed 7d d9 72 db c8 d2 e6 7d 3f 05 da 27 e2 d8 1d 16 48 2c 04 37 cb 3e 23 c9 4b ab 6d d9 b2 2d b7 ed be e9 00 81 22 09 13 04 60 2c a2 e8 ab 7e 88 b9 99 88 7f 22 fe 98 47 f9 1f a5 9f 64 32 b3 0a 1b 09 6e 12 25 ca 6e 75 d8 6d 89 04 0a 59 59 55 99 5f ae d8 ff cf c5 d8 95 ce 59 18 39 be f7 f8 be 5a 53 ee 4b cc b3 7c db f1 06 8f ef 7f 38 7b 2e b7 ef ff e7 c9 3e 5e 25 47 f1 d4 65 d1 90 b1 58 1a 86 ac ff f8 de 30 8e 83 6e bd 3e 99 4c 6a 3d d7 1f 0c 58 58 b3 fc 71 9d 5f 57 37 63 7f 5c b3 a2 e8 9e 14 4f 03 f6 f8 5e cc 2e e2 3a fe 0e e3 f5 19 b3 25 18 d3 8b 1e df 2f 8c 32 d1 6b 7e 38 a8 6b 8a 62 d4 0f e0 f6 fb fc 9a ae 1f 30 ef 3d 33 43 6b 98 5d 6e 76 e8 59 72 3d 0a 98 55 c7 0b 22 ba 20 8c a2 3a cc a2 9e de 2a 08 cb ee 8b ac 21 1b 9b 51 6d e0 fb 03 97 d1 18 e2 12 7c 6c 3b bd 6d c0 7c 18 a9 44 1c ff 88 08 e4 3f 66 d7 da 19 2b 2a 46 e7 d3 b9 27 ae 8d 87 39 29 41 12 ba 34 5c 34 f5 6c c7 32 63 58 82 3a 5c c0 4c 1b a7 70 ff c9 be 63 3f 89 cd 41 b7 c0 dc 3d b5 d3 e9 d0 07 b2 da 30 9a 46 [TRUNCATED] Data Ascii: }r}?'H,7>#Km-"`,~"Gd2n%numYYU_Y9ZSK\|8{.>^%GeX0n>Lj=XXq_W7c\O^.:%/2k~8kb0=3Ck]nvYr=U" :!Qm\|l;m\|D?f+F'9)A4\4l2cX:\Lpc?A=0F4V6I`1hVjFilS)f=3}]W>'gC&); 'Q+0.L~du2wzp}1n!W.I$1~LHQ=8o&n\|^%bnGnx>~z,{=w'VqfoMzzj0C?\|cD,3ud?'&~qYZhJSacCUy]gl!&w&$P0]19->N
Oct 2, 2024 12:16:27.294408083 CEST	1236	IN	Data Raw: 39 e3 81 4a 34 e3 5f 1a 07 3e a9 f7 d4 a6 1c fa 89 67 33 bb 36 70 fa c8 86 7a ca 87 01 f3 58 08 2b 1e e6 e2 b0 55 53 40 1e c2 7c 16 2d fd fd 27 87 fc 97 fd 7a 76 fb 93 fd 5c 5c 75 63 3f 36 dd 77 2c 82 e5 8f 9e a8 c0 9c 45 df 15 6f 8a 62 33 8c 8f Data Ascii: 9J4_>g36pzX+US@\|-'zv\\uc?6w,Eob3'jS7hFwrXMtp[\6sP(rT]V9SAh hj*rBjF(sBj^;P}_(S&,a%qo7~&~Hv<:<H[n~nj
Oct 2, 2024 12:16:27.294440985 CEST	1236	IN	Data Raw: a2 bf f4 f9 63 bd 63 28 4a f6 61 ec c3 9d 8f 55 c0 e7 1d 4d d9 50 9c 5d 7e 79 51 bd d7 36 11 51 57 f0 61 cc 3f c6 75 b2 e3 5b 2f 1c e5 db 25 63 40 6f cf bb 48 c4 33 2c 86 40 ba 30 d4 4f 33 ee cf 85 40 bb d9 52 1b 0d 1d ac 50 b5 69 b4 3a 7a e7 52 Data Ascii: cc(JaUMP]~yQ6QWa?u[/%c@oH3,@0O3@RPi:zRO0Rh"+*;!jPkc?4'^Fo:>7?fP_}u_=\|y7e"XA4w~~B\k>}m8TrQQseTPsd
Oct 2, 2024 12:16:27.294661045 CEST	1236	IN	Data Raw: 3f b0 4f aa 91 f4 de 7e 0e 3e 7d f8 b5 77 72 fc d5 ef 1c 47 1f 47 07 f2 e9 ab f3 af 6f e5 61 78 fe 9b f1 b6 f7 5c 7d d7 ac 47 6a 53 51 ea ef 2d 8c cb 3d 8c 60 4d 1e 6a 8a aa ca 98 2d d5 7e 68 c6 0f d5 9a d1 aa 19 fa c3 d3 93 5a e0 a5 ae 7e 4a 21 Data Ascii: ?O~>}wrGGoax\}GjSQ-=`Mj-~hZ~J!3=k>63'g?{~ht4}dkz\|%eZ}^gNo`=M1DUx7*[O;9i[--UV<VgCi{?^
Oct 2, 2024 12:16:27.294692993 CEST	1236	IN	Data Raw: a7 48 4a fe 91 00 12 80 38 8f 78 5d 80 b9 c0 ce 8e fc 7e 3c 41 e7 a8 53 d8 5f dc ee 8e 99 eb 8a 92 59 2c 40 e0 e4 f2 e6 17 a5 7c 31 ba db 83 59 59 98 8d 48 cd c9 38 f0 22 b2 76 89 a0 2a c4 f6 4e 10 d4 4a 3a b6 84 a0 94 3a fc 49 11 54 5b 06 21 2c Data Ascii: HJ8x]~<AS_Y,@\|1YYH8"vNJ::IT[!,gk9kFVi7ZF[ha(mYmPDjZ#U]Cw%56K!R}@,XQ,y`QTK-IOY<IE"G*d&+&Ct@Q
Oct 2, 2024 12:16:27.294724941 CEST	1236	IN	Data Raw: 12 87 85 8b 49 aa f0 f4 21 e0 13 1d ad 44 54 95 96 43 b8 68 48 6b a4 ee 9f 3c fc 05 d8 cb f1 ce 9d 12 80 f2 c3 28 73 e6 60 17 2e b1 aa 69 37 ab 14 66 e6 51 61 01 aa 80 d8 34 f3 83 f6 86 e8 ae 55 2b 78 29 66 27 ca 9d 4c 79 f3 57 ba 0f 73 91 82 48 Data Ascii: I!DTChHk<(s`.i7fQa4U+x)f'LyWsHiv &#l$NJx)\|HyKAEScnS]nni7[;-&#R@h:@]d30TcL!.\[J"_s)7axo/x{-
Oct 2, 2024 12:16:27.294758081 CEST	1236	IN	Data Raw: 53 f8 20 b4 39 3a 4c 13 14 85 f3 28 4b 39 ab f0 a4 a5 59 64 51 cc 82 cb b3 e3 12 22 ae 80 36 71 23 9a 20 8d 29 03 11 b0 10 ad 5a 90 79 51 97 ee 7a 3a d0 6f 13 94 1d 67 e6 80 7e c3 b2 1e 8b 07 d0 d1 9d 58 e6 a6 c8 0a 24 0e a2 b4 9c ed 48 43 e7 5a Data Ascii: S 9:L(K9YdQ"6q# )ZyQz:og~X$HCZTJjx>qt2tq]HUm)Ust>t'>tl%5=}VZSYhs\Wj)lk:R;\|\|6@J\dYI{V]><(Rj/
Oct 2, 2024 12:16:27.295093060 CEST	1236	IN	Data Raw: a7 2f 9f 7f b1 f4 3f 27 e1 68 59 18 f2 47 88 b8 6e 32 d5 dd 87 55 d7 dd 02 4b c3 aa 9b 82 98 45 97 64 e3 ec 34 d9 70 1e 7d ef 26 d9 70 15 1d db 33 10 d5 f4 12 10 8e f2 d8 b4 64 94 e1 b2 2a cc 43 5d 51 00 db 57 1a 88 6b d8 04 77 56 e2 35 59 89 86 Data Ascii: /?'hYGn2UKEd4p}&p3d*C]QWkwV5Y_KW;ZG1Vb+toc%fw4D<tJ.1CUjZ\|:yYf#z~8pJD_}1atNcN{g/BX5y}hQ;y^,T
Oct 2, 2024 12:16:27.295209885 CEST	447	IN	Data Raw: c5 9e 88 60 ad c7 d2 41 4b 03 cd f7 da 19 c1 35 4f 5b 8a c2 a5 ff 1b 77 3a 0e 00 07 3c 93 0d 4d 59 dd a1 2e 6f e7 23 8c 59 de 3a a7 b2 a3 4f da bc 67 c1 80 a2 bb cc ef 2b 4b 6b 17 25 47 04 33 c9 11 22 9d e4 05 7e 49 0f e0 c5 b4 48 ca 00 9b 5f 26 Data Ascii: `AK5O[w:<MY.o#Y:Og+Kk%G3"~IH_&QVn;DY"RThtlM(:1FKkuLAbMkjD&jD45:NS#Q(t/DQu_zR{R>MY5+\#H0O5\{u9

Timestamp	Bytes transferred	Direction	Data
Oct 2, 2024 12:16:26.529124975 CEST	304	OUT	GET /support/bin/answer.py?hl=en&answer=93773 HTTP/1.1 Accept: text/html, application/xhtml+xml, image/jxr, / Accept-Language: en-CH User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko Accept-Encoding: gzip, deflate Host: picasa.google.com Connection: Keep-Alive
Oct 2, 2024 12:16:27.165036917 CEST	631	IN	HTTP/1.1 301 Moved Permanently Location: https://support.google.com/picasa/answer/93773?hl=en Date: Wed, 02 Oct 2024 10:16:27 GMT Expires: Wed, 02 Oct 2024 10:16:27 GMT Cache-Control: private, max-age=0 Content-Type: text/html; charset=UTF-8 X-Content-Type-Options: nosniff Server: support-content-ui Content-Length: 249 X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 54 49 54 4c 45 3e 33 30 31 20 4d 6f 76 65 64 3c 2f 54 49 54 4c 45 3e 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 33 30 31 20 4d 6f 76 65 64 3c 2f 48 31 3e 0a 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 0a 3c 41 20 48 52 45 46 3d 22 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 70 69 63 61 73 61 2f 61 6e 73 77 65 72 2f 39 33 37 37 33 3f 68 6c 3d 65 6e 22 3e 68 65 72 65 3c 2f 41 3e 2e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a Data Ascii: <HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8"><TITLE>301 Moved</TITLE></HEAD><BODY><H1>301 Moved</H1>The document has moved<A HREF="https://support.google.com/picasa/answer/93773?hl=en">here</A>.</BODY></HTML>

Timestamp	Bytes transferred	Direction	Data
Oct 2, 2024 12:16:34.835464001 CEST	63	OUT	GET /update/packages.inf HTTP/1.1 Host: download.seznam.cz
Oct 2, 2024 12:16:35.593621969 CEST	163	IN	HTTP/1.1 301 Moved Permanently location: https://download.seznam.cz/update/packages.inf date: Wed, 02 Oct 2024 10:16:35 GMT server: envoy content-length: 0
Oct 2, 2024 12:16:36.891760111 CEST	104	OUT	GET /update/cz.seznam.software.lightspeed-1210-12.10.18-win32.zip HTTP/1.1 Host: download.seznam.cz
Oct 2, 2024 12:16:37.099065065 CEST	204	IN	HTTP/1.1 301 Moved Permanently location: https://download.seznam.cz/update/cz.seznam.software.lightspeed-1210-12.10.18-win32.zip date: Wed, 02 Oct 2024 10:16:36 GMT server: envoy content-length: 0
Oct 2, 2024 12:16:38.771804094 CEST	100	OUT	GET /update/cz.seznam.software.libszndesktop-2.1.35-win32.zip HTTP/1.1 Host: download.seznam.cz
Oct 2, 2024 12:16:38.974817991 CEST	200	IN	HTTP/1.1 301 Moved Permanently location: https://download.seznam.cz/update/cz.seznam.software.libszndesktop-2.1.35-win32.zip date: Wed, 02 Oct 2024 10:16:38 GMT server: envoy content-length: 0
Oct 2, 2024 12:16:41.150942087 CEST	97	OUT	GET /update/cz.seznam.software.szndesktop-2.0.32-win32.zip HTTP/1.1 Host: download.seznam.cz
Oct 2, 2024 12:16:41.372847080 CEST	197	IN	HTTP/1.1 301 Moved Permanently location: https://download.seznam.cz/update/cz.seznam.software.szndesktop-2.0.32-win32.zip date: Wed, 02 Oct 2024 10:16:41 GMT server: envoy content-length: 0
Oct 2, 2024 12:16:42.852914095 CEST	95	OUT	GET /update/cz.seznam.software.libfoxcub-3.3.8-win32.zip HTTP/1.1 Host: download.seznam.cz
Oct 2, 2024 12:16:43.050888062 CEST	195	IN	HTTP/1.1 301 Moved Permanently location: https://download.seznam.cz/update/cz.seznam.software.libfoxcub-3.3.8-win32.zip date: Wed, 02 Oct 2024 10:16:42 GMT server: envoy content-length: 0
Oct 2, 2024 12:16:46.094790936 CEST	97	OUT	GET /update/cz.seznam.software.libfoxcub64-3.3.8-win32.zip HTTP/1.1 Host: download.seznam.cz
Oct 2, 2024 12:16:46.292402983 CEST	197	IN	HTTP/1.1 301 Moved Permanently location: https://download.seznam.cz/update/cz.seznam.software.libfoxcub64-3.3.8-win32.zip date: Wed, 02 Oct 2024 10:16:45 GMT server: envoy content-length: 0
Oct 2, 2024 12:16:48.401732922 CEST	97	OUT	GET /update/cz.seznam.software.ielisticka3-3.3.5-win32.zip HTTP/1.1 Host: download.seznam.cz
Oct 2, 2024 12:16:48.599261045 CEST	197	IN	HTTP/1.1 301 Moved Permanently location: https://download.seznam.cz/update/cz.seznam.software.ielisticka3-3.3.5-win32.zip date: Wed, 02 Oct 2024 10:16:48 GMT server: envoy content-length: 0
Oct 2, 2024 12:16:49.720643044 CEST	90	OUT	GET /update/szn-software-fflisticka-4.0.8-win32.zip HTTP/1.1 Host: download.seznam.cz
Oct 2, 2024 12:16:49.917794943 CEST	190	IN	HTTP/1.1 301 Moved Permanently location: https://download.seznam.cz/update/szn-software-fflisticka-4.0.8-win32.zip date: Wed, 02 Oct 2024 10:16:49 GMT server: envoy content-length: 0

Timestamp	Bytes transferred	Direction	Data
2024-10-02 10:15:33 UTC	161	OUT	HEAD /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-10-02 10:15:33 UTC	467	IN	HTTP/1.1 200 OK Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (lpl/EF06) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-neu-z1 Cache-Control: public, max-age=109817 Date: Wed, 02 Oct 2024 10:15:33 GMT Connection: close X-CID: 2

Timestamp	Bytes transferred	Direction	Data
2024-10-02 10:15:34 UTC	239	OUT	GET /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT Range: bytes=0-2147483646 User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-10-02 10:15:34 UTC	515	IN	HTTP/1.1 200 OK ApiVersion: Distribute 1.1 Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (lpl/EF06) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-weu-z1 Cache-Control: public, max-age=109760 Date: Wed, 02 Oct 2024 10:15:34 GMT Content-Length: 55 Connection: close X-CID: 2
2024-10-02 10:15:34 UTC	55	IN	Data Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

Timestamp	Bytes transferred	Direction	Data
2024-10-02 10:16:22 UTC	87	OUT	GET /update/packages.inf HTTP/1.1 Host: download.seznam.cz Connection: Keep-Alive
2024-10-02 10:16:23 UTC	278	IN	HTTP/1.1 200 OK server: envoy date: Wed, 02 Oct 2024 10:16:23 GMT content-type: application/octet-stream content-length: 16698 last-modified: Fri, 27 Sep 2024 10:06:22 GMT etag: "66f6839e-413a" accept-ranges: bytes x-envoy-upstream-service-time: 0 connection: close
2024-10-02 10:16:23 UTC	13624	IN	Data Raw: 20 22 70 61 63 6b 61 67 65 73 22 3d 7b 5b 20 22 63 6f 6d 2e 6d 69 63 72 6f 73 6f 66 74 2e 6d 73 64 6e 2e 6d 73 76 63 72 31 30 30 22 20 22 31 30 2e 30 2e 34 30 32 31 39 2e 33 32 35 22 20 22 69 6e 73 74 76 65 72 22 3d 7b 20 22 22 7d 20 22 64 65 70 65 6e 64 73 22 3d 7b 5b 20 22 73 7a 6e 2d 73 6f 66 74 77 61 72 65 2d 62 61 73 65 22 5d 7d 20 22 63 6f 6e 66 6c 69 63 74 73 22 3d 7b 5b 5d 7d 20 22 72 65 70 6c 61 63 65 73 22 3d 7b 5b 5d 7d 20 22 69 6d 70 6c 65 6d 65 6e 74 73 22 3d 7b 5b 5d 7d 20 22 74 72 69 67 67 65 72 73 22 3d 7b 5b 5d 7d 20 22 69 6e 73 74 61 6c 6c 22 3d 7b 20 22 69 6e 73 74 61 6c 6c 2e 62 61 74 22 7d 20 22 75 6e 69 6e 73 74 61 6c 6c 22 3d 7b 20 22 75 6e 69 6e 73 74 61 6c 6c 2e 62 61 74 22 7d 20 22 70 6f 73 74 49 6e 73 74 61 6c 6c 22 3d 7b 20 22 Data Ascii: "packages"={[ "com.microsoft.msdn.msvcr100" "10.0.40219.325" "instver"={ ""} "depends"={[ "szn-software-base"]} "conflicts"={[]} "replaces"={[]} "implements"={[]} "triggers"={[]} "install"={ "install.bat"} "uninstall"={ "uninstall.bat"} "postInstall"={ "
2024-10-02 10:16:23 UTC	2776	IN	Data Raw: 6c 69 62 73 7a 6e 64 65 73 6b 74 6f 70 20 28 3e 3d 20 32 2e 31 2e 33 35 29 22 5d 7d 20 22 63 6f 6e 66 6c 69 63 74 73 22 3d 7b 5b 5d 7d 20 22 72 65 70 6c 61 63 65 73 22 3d 7b 5b 5d 7d 20 22 69 6d 70 6c 65 6d 65 6e 74 73 22 3d 7b 5b 5d 7d 20 22 74 72 69 67 67 65 72 73 22 3d 7b 5b 5d 7d 20 22 69 6e 73 74 61 6c 6c 22 3d 7b 20 22 69 6e 73 74 61 6c 6c 2e 62 61 74 22 7d 20 22 75 6e 69 6e 73 74 61 6c 6c 22 3d 7b 20 22 75 6e 69 6e 73 74 61 6c 6c 2e 62 61 74 22 7d 20 22 70 6f 73 74 49 6e 73 74 61 6c 6c 22 3d 7b 20 22 22 7d 20 22 70 72 65 55 6e 69 6e 73 74 61 6c 6c 22 3d 7b 20 22 22 7d 20 22 72 65 63 6f 6e 66 69 67 75 72 65 22 3d 7b 20 22 22 7d 20 22 61 70 70 6e 61 6d 65 22 3d 7b 20 22 53 65 7a 6e 61 6d 20 4c 69 c5 a1 74 69 c4 8d 6b 61 20 70 72 6f 20 46 69 72 65 66 Data Ascii: libszndesktop (>= 2.1.35)"]} "conflicts"={[]} "replaces"={[]} "implements"={[]} "triggers"={[]} "install"={ "install.bat"} "uninstall"={ "uninstall.bat"} "postInstall"={ ""} "preUninstall"={ ""} "reconfigure"={ ""} "appname"={ "Seznam Litika pro Firef
2024-10-02 10:16:23 UTC	298	IN	Data Raw: 22 3d 7b 20 22 22 7d 20 22 72 65 63 6f 6e 66 69 67 75 72 65 22 3d 7b 20 22 22 7d 20 22 61 70 70 6e 61 6d 65 22 3d 7b 20 22 55 6b 61 7a 61 74 65 6c 20 53 2d 52 61 6e 6b 7c 5a 6f 62 72 61 7a 75 6a 65 20 75 6b 61 7a 61 74 65 6c 20 53 2d 52 61 6e 6b 20 76 20 49 6e 74 65 72 6e 65 74 20 45 78 70 6c 6f 72 65 72 75 22 7d 20 22 6d 64 35 22 3d 7b 20 22 62 35 38 39 39 37 36 62 34 64 65 31 66 34 64 66 65 61 32 35 32 39 38 62 38 66 37 66 33 34 30 33 22 7d 20 22 73 6f 75 72 63 65 22 3d 7b 20 22 22 7d 20 22 73 69 7a 65 22 3d 7b 31 30 30 32 7d 20 22 69 73 6c 69 62 22 3d 7b 74 72 75 65 7d 20 22 6c 6f 63 61 74 69 6f 6e 22 3d 7b 20 22 73 7a 6e 2d 73 6f 66 74 77 61 72 65 2d 73 72 61 6e 6b 2d 34 2e 31 2e 33 2d 77 69 6e 33 32 2e 7a 69 70 22 7d 20 22 64 6f 77 6e 6c 6f 61 64 73 Data Ascii: "={ ""} "reconfigure"={ ""} "appname"={ "Ukazatel S-Rank\|Zobrazuje ukazatel S-Rank v Internet Exploreru"} "md5"={ "b589976b4de1f4dfea25298b8f7f3403"} "source"={ ""} "size"={1002} "islib"={true} "location"={ "szn-software-srank-4.1.3-win32.zip"} "downloads

Timestamp	Bytes transferred	Direction	Data
2024-10-02 10:16:24 UTC	118	OUT	GET /update/cz.seznam.software.sznsetup-1.2.7-win32.zip HTTP/1.1 Host: download.seznam.cz Connection: Keep-Alive
2024-10-02 10:16:25 UTC	273	IN	HTTP/1.1 200 OK server: envoy date: Wed, 02 Oct 2024 10:16:25 GMT content-type: application/zip content-length: 1163119 last-modified: Tue, 01 Oct 2024 14:17:28 GMT etag: "66fc0478-11bf6f" accept-ranges: bytes x-envoy-upstream-service-time: 0 connection: close
2024-10-02 10:16:25 UTC	13629	IN	Data Raw: 50 4b 03 04 14 00 02 00 08 00 2f 76 7b 4c 2d 05 cf f8 9a 00 00 00 c7 00 00 00 0b 00 00 00 63 6f 6e 74 72 6f 6c 2e 69 6e 69 3d 8d 3d 0e c2 30 0c 46 f7 48 b9 43 4e 10 89 32 30 e5 06 88 a5 1b 88 c1 2d 2e 0a 6d 9d 28 76 a8 54 71 19 06 8e d2 7b d1 52 60 fa 9e 3e ff bc 53 84 ba 85 2b 9e b5 22 e8 d1 d5 a3 65 1c 67 b4 1c 1a 19 20 a1 e5 91 18 25 47 ad ee 98 d8 07 72 1b 5b d8 9d 56 9e 58 a0 eb dc 37 6d 05 a2 55 a6 5f fd a7 75 10 3b 90 26 a4 de 0d 9e b6 c5 7c cd 7b 5f 39 49 19 b5 82 18 0f 8b bd fc a8 4d b9 e8 1e 47 b8 f9 e9 39 bd f2 0d cd fa 09 6a 6f da d0 c7 40 48 62 c2 c5 ac fb 59 ab 37 50 4b 03 04 14 00 00 00 08 00 e6 54 2d 41 62 45 6d b6 35 00 00 00 5a 00 00 00 0b 00 00 00 69 6e 73 74 61 6c 6c 2e 62 61 74 cb 4c 53 48 ad c8 2c 2e 51 50 52 ad 33 8c 29 ae ca 2b 4e Data Ascii: PK/v{L-control.ini==0FHCN20-.m(vTq{R`>S+"eg %Gr[VX7mU_u;&\|{_9IMG9jo@HbY7PKT-AbEm5Zinstall.batLSH,.QPR3)+N
2024-10-02 10:16:25 UTC	16384	IN	Data Raw: 68 30 8a 29 57 ac f0 37 af 50 03 72 be e2 86 66 e0 c4 28 9b 4b c9 81 13 d6 ea 5f 21 10 f3 2d 05 d6 ea ad 06 49 1c 5b 35 20 64 8c cc c4 1d bb 5c 62 da 83 49 0a a3 45 96 3b 77 91 03 eb c5 22 f5 3e 34 41 4e a1 41 8c 4c 63 be c2 c6 fc 14 b9 aa c0 a6 cf 2a e6 ed 73 b9 2b 14 8f a8 e2 09 4a 69 09 af da 25 26 3d 03 45 fd 11 69 33 30 2b d7 de 9f 84 3f f3 57 42 25 83 2c 7f da c3 35 95 f2 2c 2f 8c 7c f4 af 2a 78 9b 3f 8d e5 99 2b 42 30 26 95 d8 a4 79 b6 e0 f4 54 da 8e 3b fc ef 31 20 4f 8b dd 50 82 4a 0b 3f 22 d4 8b b4 a5 9a 7c 96 ac 55 70 a4 45 17 48 29 8c d4 4e 68 df a3 39 a8 92 b2 92 07 6c a4 a6 4a 56 eb 8a 89 94 92 e6 4b 3a ad 53 32 76 5a 6a 61 7a 4e a3 95 85 8d 88 24 29 5d 09 23 c4 5f 41 8a 20 d4 e4 14 61 80 37 24 93 85 c1 72 c2 3d 34 33 46 61 4c 5a 03 8b bb 19 Data Ascii: h0)W7Prf(K_!-I[5 d\bIE;w">4ANALcs+Ji%&=Ei30+?WB%,5,/\|x?+B0&yT;1 OPJ?"\|UpEH)Nh9lJVK:S2vZjazN$)]#_A a7$r=43FaLZ
2024-10-02 10:16:25 UTC	11376	IN	Data Raw: 7c f9 87 ad a1 ac c3 ca 7a ba f2 22 c5 37 2a aa ca 73 13 3d e5 dc c9 4c c7 45 6b b2 85 33 42 7a 2a 0b d2 b4 17 05 4c e5 c7 04 e5 fc 32 d5 2a 7f 1e 56 f3 0e c4 01 83 0d e5 15 04 d6 94 94 96 49 7b ba ae a1 07 0d 67 b3 4d 0c 6e 56 ee 05 b3 72 4f 53 f1 5f 1b cf 58 a7 40 7c 8c 8f 69 b9 07 4d cb 3d dc b4 8c f1 87 9c 59 cc fc 99 4a bd e8 c3 3c 77 81 d7 ce 54 46 68 ca 76 05 b7 9e f7 71 eb 79 3f 5a cf 9f 7c 6e ac 5c 47 a9 1b 0b 26 c1 74 50 70 b0 b5 2c 8e 31 b5 de 06 a7 c9 bf 36 48 9b b7 9e 39 13 c3 e5 16 b0 a0 e3 15 cc 12 95 09 5d bc de 17 4a d2 22 9b b1 d1 7e 2e da fa 18 ac 37 86 36 a1 13 5b 1f 5a d1 ab 23 5b d1 df 79 76 2c 46 47 32 28 4e 91 dd 98 24 9f 0d 1f a2 fa 74 a1 89 ba 1f d2 e2 0d f7 09 a2 c5 b4 ce 7c 76 c6 91 a6 d7 d1 b2 be 16 89 f1 be ce 63 5f 3f 10 e3 Data Ascii: \|z"7s=LEk3BzL2*VI{gMnVrOS_X@\|iM=YJ<wTFhvqy?Z\|n\G&tPp,16H9]J"~.76[Z#[yv,FG2(N$t\|vc_?
2024-10-02 10:16:25 UTC	16384	IN	Data Raw: fa 85 00 fd 72 80 e8 b2 86 63 a1 17 50 0d 3b 03 35 0c f5 93 64 dc d3 dc 51 00 81 ae 63 90 ab 69 30 75 b7 a0 36 d8 ec 6e 32 4c fe 28 a6 cd 83 90 d1 d5 72 43 57 c7 25 18 7a 2c 5f f1 96 8b d2 c0 b3 ea 2b 97 65 d8 84 0e d4 fa a7 78 c6 5d cc 6e dd a2 41 4a 25 5b 0e 49 22 8f 63 75 a6 83 2d 06 d7 43 85 94 de 13 8f 6c 83 69 04 76 23 5d 09 ec c9 3e c8 d3 27 fe 7f c5 f6 c0 2c 4f 6c c7 27 43 e0 12 93 41 18 31 0e 3e 35 62 9b f3 9d 8d 01 27 de 30 ac 3f 4b 86 c5 97 0f c5 48 5f b0 92 38 f9 0c 79 2c a9 64 f9 0a 96 34 68 f8 7a 0d 74 04 89 57 34 60 7e 48 1e d4 ff 1f 6d d7 1f 17 57 75 e5 67 e0 31 0c f8 ca 10 1d 63 b4 d4 c4 3a d1 68 d2 2d 86 68 89 83 66 30 0c 90 1f 43 06 08 8c 1a 03 ae db f2 a9 d1 b6 d1 cc 90 a8 4b 4a 9c f0 91 eb cd 6b 74 bb 31 fa f9 a8 eb ba ae b6 bb 6e 6b Data Ascii: rcP;5dQci0u6n2L(rCW%z,_+ex]nAJ%[I"cu-Cliv#]>',Ol'CA1>5b'0?KH_8y,d4hztW4`~HmWug1c:h-hf0CKJkt1nk
2024-10-02 10:16:25 UTC	3048	IN	Data Raw: 75 d2 f3 30 11 d9 71 f8 7a 66 ce b5 87 e8 7d 0f 5b 11 20 51 43 b3 d7 b3 d9 f6 5b 52 33 82 2c 4e e9 62 82 df b4 9a 8b 49 94 af f6 47 12 d1 2a 90 93 b0 2e a1 b4 e7 6a 5c c4 95 04 e9 a5 88 ce 77 90 67 95 f5 f3 d9 a8 c1 f7 93 91 3c 7c cf ee 4f e6 9f c9 e6 b7 dd c2 6f 52 93 02 96 0f 27 1d 19 f2 96 73 f2 d8 fa 30 8a f4 45 d6 68 4a 79 58 b7 9b d2 c1 79 d8 f3 cb 82 74 8b 4e 1f 5a 59 5d 8c 3e 7f d4 90 83 5a 2e 07 95 91 3c 72 10 c8 96 03 33 7d 3b 4c f4 63 89 96 c4 43 6a d2 97 32 a8 1b e1 d4 8d e8 9d 17 59 06 6c 84 99 39 b7 f8 7b 19 71 ae 20 3d dc 92 65 f1 ff 65 84 e7 d3 72 fb c9 2b 37 9b 96 b4 f5 26 fb 49 90 83 8a b0 93 e0 f6 8e 08 25 f9 fd 01 4b 68 a9 8d f9 03 54 ee 07 50 19 6c d4 97 a8 e8 46 c8 88 9d 4b 65 14 a3 65 05 e4 33 e2 dc f1 a7 28 4f b5 78 97 c2 60 30 a8 Data Ascii: u0qzf}[ QC[R3,NbIG*.j\wg<\|OoR's0EhJyXytNZY]>Z.<r3};LcCj2Yl9{q =eer+7&I%KhTPlFKee3(Ox`0
2024-10-02 10:16:25 UTC	1388	IN	Data Raw: e5 bd 2a b6 79 59 5a 12 bf 30 3d 65 fc fd 47 2d 77 79 f5 1d 68 8f 72 26 1a ee b0 05 b4 5d 88 ed b1 0b c2 d8 52 8c 9f c7 df 6e 12 6b 80 ca 7c f8 37 20 69 44 f7 81 e0 a1 4e 70 7e 21 d0 7e 8a 28 8b 98 66 27 da af 05 e5 d6 10 0e 8d 08 96 1b 2a f4 b2 85 76 21 51 7f a6 a4 81 8c 41 36 e4 9a 2b 2a 10 3b d1 dd 4a ba ec 39 ad 56 38 81 bb d1 ef b4 cb d2 71 55 1a 51 3d c3 ec 8b 97 ac b8 65 47 e8 74 bf dc 15 1e 49 75 6c be 04 7e 47 73 23 3d 0d 65 82 1a 10 c9 73 4e 79 96 ba 24 8b b5 62 2c 44 9a 17 7c 7a 46 7b 52 89 d8 e9 79 72 13 f2 4c d1 f3 54 8a c8 ab 42 1e e4 62 21 85 f3 b4 27 f1 09 12 26 85 f7 9e f4 b1 81 5f 5a 85 93 bd d3 db 4a a8 fc 1b 3e d6 6b 7c 91 08 ca a7 19 c6 66 3e cc 30 03 65 41 02 28 ee 73 03 65 32 81 52 a7 b5 7c b2 57 87 65 71 c2 9b d9 6d f8 59 0a 23 74 Data Ascii: yYZ0=eG-wyhr&]Rnk\|7 iDNp~!~(f'v!QA6+*;J9V8qUQ=eGtIul~Gs#=esNy$b,D\|zF{RyrLTBb!'&_ZJ>k\|f>0eA(se2R\|WeqmY#t
2024-10-02 10:16:25 UTC	15268	IN	Data Raw: f9 39 3a 80 27 7b a9 f8 4c c3 33 c7 af 07 ce 41 df 4b 5b 5c 41 b4 46 6e 3a cd 3a ac 14 7e 5c 2e 17 e5 8d 80 34 4e 0d 27 12 f6 c1 df ce 47 f3 cf 69 64 e3 99 2d 6f cc 91 37 e6 72 fa 55 2c 05 7f 49 ab a7 7c d6 2b f8 4b ae 9c 29 6f cc 97 37 16 ca 1b e7 9c d5 e2 93 c3 bb e5 8b 04 fb 95 f1 8e 84 2a ed ca db ca de bc bd ee 7d 8d 17 ed e9 ca c6 c8 be 0c f6 3f b4 67 c1 c8 be 43 14 d9 f7 27 f7 60 64 5f d1 fd 76 63 4a 5e 17 8c 5b a6 f2 36 5a 51 fd 1a 79 f1 72 9b 97 09 57 24 1f cd 1b f4 cd 26 f6 43 d3 02 ff 5d 03 a2 79 d1 77 60 6f c2 2c e5 25 98 a3 04 29 78 30 d7 59 a3 1c 8a 05 d5 ac e8 89 89 65 4b f2 d1 09 8e 2e 96 99 30 34 9d 69 0f 63 be 0e a3 62 c9 e8 16 e4 9c fc 99 14 b3 57 ae 34 33 1c ad c2 5b 2d 7b de 1d 43 48 bc 94 a0 39 9f 84 c4 64 cd ae 19 bb 75 4e fe 4b 68 Data Ascii: 9:'{L3AK[\AFn::~\.4N'Gid-o7rU,I\|+K)o7*}?gC'`d_vcJ^[6ZQyrW$&C]yw`o,%)x0YeK.04icbW43[-{CH9duNKh
2024-10-02 10:16:25 UTC	16384	IN	Data Raw: 46 0d b3 61 8b b4 02 2e b6 68 f2 f0 5e 8b 3c cd 51 0d 45 15 78 b2 24 4e b1 b9 78 5a 3b a8 9c 12 ca 40 3a 8d d2 69 c1 72 f9 07 b2 74 1d 4e 14 a0 78 03 25 b3 bc 4a 99 bf 50 f4 3f 80 bf 3f 64 0b ce 5f a4 83 3e 9d 28 5f 2b 55 f0 7e 3a b6 12 4c 3e 3e 01 7f 4d 5a 05 37 3b 96 2c b2 8b fe 27 b1 6a 51 48 8c c6 a3 18 8d c7 4c 98 5a f2 f2 0b 61 a9 d9 ff 37 94 95 5e bc 45 f4 af 81 9f c5 92 b9 bf 0e fe cd 83 7f ef c0 7c f6 c3 56 d1 ff 34 12 4b c9 ea 05 f6 dc 30 27 eb 5a ec 6b 9d 45 3b cf ca 73 aa c5 20 41 79 36 39 b1 d8 d1 2d fa ce 60 f3 53 95 82 c5 76 ca b2 9a e1 b9 dc 37 9c e0 49 f5 0d 4f f0 4c f6 0d 4f f4 24 41 e3 9e 04 df 70 bc e8 a7 24 ae 07 b0 89 2f cd d4 04 35 f0 39 19 48 e1 eb 79 22 27 c4 c4 2e 23 42 bc 4d fd ad 94 6a 0c 56 b2 17 75 64 fe 70 8e 93 89 ee 3f 20 Data Ascii: Fa.h^<QEx$NxZ;@:irtNx%JP??d_>(_+U~:L>>MZ7;,'jQHLZa7^E\|V4K0'ZkE;s Ay69-`Sv7IOLO$Ap$/59Hy"'.#BMjVudp?
2024-10-02 10:16:25 UTC	3048	IN	Data Raw: 55 81 41 f9 0f d6 ee 66 3d 78 34 1c d6 4e 60 94 ad 6d 79 d3 44 ca 4a f3 b3 e2 25 df 6b f8 fb 3d 55 fa 16 7a 76 16 7c c8 8e f8 c2 ec c8 53 c4 8e f0 33 f3 a6 59 01 3c 6c 6e 83 9c 05 fe d3 9e 8d 5a 75 9e 6a 5e 55 f5 77 a1 9a 83 f7 91 83 6e f5 79 89 7a 7f 17 bc aa af 0a 84 8e dd 8e 2c 28 eb 99 a5 f9 c3 6a 53 d7 df 47 6a 4e 53 21 db e3 5a c9 2a 5e 72 14 bc 5a 6e 28 f9 2a 96 f4 1e 19 98 3b 89 e2 4f 92 74 fe a4 4f 3b c8 cf 07 a2 f9 93 be 74 ca 86 fc c9 87 c6 d1 79 c7 30 3a 2d 7c 74 3e ff 26 f9 bd 46 47 b1 dd b7 78 ef 57 0a 61 9a 78 bf 52 b2 68 50 26 de 87 1f f6 73 f8 a4 5f 7c 93 3e 69 17 d7 33 47 a5 07 6c 1e 26 56 7d 40 63 25 36 50 54 b5 50 eb 9e 6f 43 a9 87 78 a9 65 d0 96 3f d4 56 95 af fb db 9e 78 f8 d7 e9 cd 55 9c 7d fa 50 bc 38 93 9a 7c 05 f2 01 ef 72 13 d6 Data Ascii: UAf=x4N`myDJ%k=Uzv\|S3Y<lnZuj^Uwnyz,(jSGjNS!Z^rZn(;OtO;ty0:-\|t>&FGxWaxRhP&s_\|>i3Gl&V}@c%6PTPoCxe?VxU}P8\|r
2024-10-02 10:16:25 UTC	4164	IN	Data Raw: 93 40 e9 d9 1b f2 cd 1e b7 6c 1d c7 5d b9 4a 4a a4 0a 3b db d3 1d c0 cb 74 4b 5c 35 ca 4a 4f 6e 4d fc b0 9a b3 2b 46 39 c1 f8 eb 3f a2 54 82 ae 95 b0 4a f0 99 47 29 e2 2b 3d 6e a8 eb f6 be 1c 76 32 f4 52 b7 b0 c0 aa f8 11 2a c6 0c 94 87 bd 2f 83 86 20 60 95 62 57 f8 4b 10 2f d2 b2 04 9a fb ab 68 f0 fa 93 db bf 4b 78 dd 38 32 11 bc 7e b8 e5 3b 82 d7 fb a1 a3 d6 fc cb 34 78 ad 3a d7 1c 5e 47 a7 54 4e 08 af 8d 92 96 8d 5e b9 43 54 96 bb a3 76 02 d7 ac 2f 00 5c cb 54 70 2d 23 70 2d 38 22 d7 e6 c9 b5 1a c0 96 e5 cb b5 85 72 59 91 5c 5b 42 72 54 54 74 12 b0 da 11 e4 2a 8b 72 6d 51 d8 0f b1 68 2a 9e 7c 02 4b 95 d7 e5 b2 db 44 79 dd 2c b4 ca 55 78 98 3d 6a 23 60 85 86 4b 67 a8 c0 8a 2d 09 52 a7 53 36 51 b9 4c f2 ee 33 85 23 67 d4 f6 a0 0e e8 33 c5 5d 69 6d f7 67 Data Ascii: @l]JJ;tK\5JOnM+F9?TJG)+=nv2R/ `bWK/hKx82~;4x:^GTN^CTv/\Tp-#p-8"rY\[BrTTtrmQh*\|KDy,Ux=j#`Kg-RS6QL3#g3]img

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report 563299efce875400a8d9b44b96597c8e-sample (1).zip

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

System Summary

Suricata Signatures

Joe Sandbox Signatures

Cryptography

Phishing

Compliance

Spreading

Software Vulnerabilities

Networking

Spam, unwanted Advertisements and Ransom Demands

DDoS

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Program Files (x86)\Google\Picasa3\MovieThumb.exe

C:\Program Files (x86)\Google\Picasa3\Picasa3.exe

C:\Program Files (x86)\Google\Picasa3\Picasa3i18n.dll

C:\Program Files (x86)\Google\Picasa3\PicasaPhotoViewer.exe

C:\Program Files (x86)\Google\Picasa3\buttons\core-lh2.pbz

C:\Program Files (x86)\Google\Picasa3\buttons\geotag.pbz

C:\Program Files (x86)\Google\Picasa3\cdautorun\Download Picasa.url

C:\Program Files (x86)\Google\Picasa3\cdautorun\Picasa CD Slideshow.app\Contents\Frameworks\GoogleBreakpad.framework\GoogleBreakpad

C:\Program Files (x86)\Google\Picasa3\cdautorun\Picasa CD Slideshow.app\Contents\Frameworks\GoogleBreakpad.framework\Resources

C:\Program Files (x86)\Google\Picasa3\cdautorun\Picasa CD Slideshow.app\Contents\Frameworks\GoogleBreakpad.framework\Versions\A\GoogleBreakpad

C:\Program Files (x86)\Google\Picasa3\cdautorun\Picasa CD Slideshow.app\Contents\Frameworks\GoogleBreakpad.framework\Versions\A\Resources\Info.plist

C:\Program Files (x86)\Google\Picasa3\cdautorun\Picasa CD Slideshow.app\Contents\Frameworks\GoogleBreakpad.framework\Versions\A\Resources\Inspector

C:\Program Files (x86)\Google\Picasa3\cdautorun\Picasa CD Slideshow.app\Contents\Frameworks\GoogleBreakpad.framework\Versions\A\Resources\Reporter.app\Contents\Info.plist

C:\Program Files (x86)\Google\Picasa3\cdautorun\Picasa CD Slideshow.app\Contents\Frameworks\GoogleBreakpad.framework\Versions\A\Resources\Reporter.app\Contents\MacOS\Reporter

Windows Analysis Report
563299efce875400a8d9b44b96597c8e-sample (1).zip

Timestamp	Bytes transferred	Direction	Data
2024-10-02 10:16:27 UTC	121	OUT	GET /update/cz.seznam.software.szninstall-1.1.15-win32.zip HTTP/1.1 Host: download.seznam.cz Connection: Keep-Alive
2024-10-02 10:16:27 UTC	271	IN	HTTP/1.1 200 OK server: envoy date: Wed, 02 Oct 2024 10:16:27 GMT content-type: application/zip content-length: 433495 last-modified: Fri, 23 Aug 2024 12:19:22 GMT etag: "66c87e4a-69d57" accept-ranges: bytes x-envoy-upstream-service-time: 0 connection: close
2024-10-02 10:16:27 UTC	13631	IN	Data Raw: 50 4b 03 04 14 00 02 00 08 00 13 7c 7b 4c d5 65 37 97 b7 00 00 00 12 01 00 00 0b 00 00 00 63 6f 6e 74 72 6f 6c 2e 69 6e 69 75 4e 41 0a c2 30 10 bc 07 f2 87 1c f5 b2 60 45 3c e5 01 82 78 f1 28 1e b6 ed b6 04 db 24 64 53 0b c5 2f f8 08 5f e0 23 d4 7f 59 6d ed 4d f6 30 03 33 b3 33 07 8f d9 09 4b 3a 4a 61 b1 26 9d 75 c0 d4 f5 14 d8 15 b1 c5 40 c0 9d 35 96 23 56 95 14 67 0a 6c 9c d5 0b e8 6f 25 c5 28 e8 11 21 c5 28 45 f3 f3 eb 89 0d 42 4e 9e 6c ce 7f 4a 98 62 e3 d5 6c 01 09 ac e7 52 f8 0a 63 e1 42 ad 5b 63 97 49 5f c5 5b 93 ea 18 1a 9a 6a 29 4c 43 d0 fb dd 67 ff fe fb 57 6d 06 c3 65 c0 c7 2d ba a0 7c 70 65 c0 fa 75 57 ec 5d 45 cf ab 75 1c 8d 1a 12 90 75 0a 81 41 8a 37 50 4b 03 04 14 00 00 00 08 00 fc 65 2d 41 74 ae c0 97 89 01 00 00 8c 03 00 00 0b 00 00 00 69 Data Ascii: PK\|{Le7control.iniuNA0`E<x($dS/_#YmM033K:Ja&u@5#Vglo%(!(EBNlJblRcB[cI_[j)LCgWme-\|peuW]EuuA7PKe-Ati
2024-10-02 10:16:27 UTC	1388	IN	Data Raw: 06 18 8e 57 bd 42 d8 98 c8 8f 10 c6 a5 80 d8 d1 cf 21 ae 0b 0e 39 0e af 02 06 a0 b0 1a 0a 6b 0f f7 2b 52 c6 32 0e a1 1b 47 e6 e6 c6 0e 81 70 35 da 23 7c 10 c3 fd 2f 0f 3c a6 d7 9f 24 fd 79 69 fd 76 b1 0a 78 54 17 48 b4 ec f2 b8 db 92 dc 8f 51 f6 ea 1f d9 1e 86 7a f0 53 20 fb 1f a3 7f 4d 9d 63 70 ec 5d 39 11 2c 11 c7 2a 31 b8 e0 3a 94 78 ab 4a 1d 7b 57 14 2b 60 20 ff 8c b9 e0 60 d4 e2 c6 30 6e dc b1 8a 8a 14 bb 8f a5 a7 ee cd f2 b3 bc b5 9d 99 da 41 6f 75 e6 bc c3 1f 38 3a 81 56 fa c9 45 3e 55 3d fe 39 06 42 e2 27 dd 36 39 e1 b1 25 59 8d 82 aa 1e c2 66 c3 f8 49 5b 27 63 00 5c df e7 2c 46 cd e0 50 7b 3e c7 53 f6 9f 63 d1 f0 eb 50 40 dd 7c 0c 3e 1d 87 50 d7 8c fd 89 ef 80 b2 56 89 4a f1 33 dc c3 fa c1 b6 38 f8 8a da fd 29 5e 72 6b 3c 62 3c a2 b0 e6 14 56 52 Data Ascii: WB!9k+R2Gp5#\|/<$yivxTHQzS Mcp]9,*1:xJ{W+` `0nAou8:VE>U=9B'69%YfI['c\,FP{>ScP@\|>PVJ38)^rk<b<VR
2024-10-02 10:16:27 UTC	16384	IN	Data Raw: 8c 79 dd df 10 fd f3 f8 e4 bd 85 57 22 31 0e 03 93 0b 82 15 98 6e 6c b4 cb f1 e9 8a bf 9e d8 8d d7 f1 ec dc cd a8 cf bc ee 77 f1 e9 fe b5 e9 3f 3c dd a5 39 6c ba 33 d2 4d f7 b4 1c dd 74 1b e3 d3 fd 1b 53 ba e9 ae de f3 9f 9c ee ba 27 f4 d3 bd 6d 5c 86 76 27 cd 05 4d 77 64 f7 bf 31 dd a1 dd e9 a7 3b 9f 4f 37 61 ec 99 4f 7a 6c 74 b1 c2 1e 1d 61 9c 7d f3 bd 55 67 92 ab 3a fc 3a e0 bf 65 cf 5e 4e 0e ff 64 0f 8c dd 04 ae 84 09 25 61 26 98 8a 65 f3 ba 97 91 49 31 ee a4 5a cb 81 1c aa e8 0d b9 b0 d0 ef 8f cf fc 6f c5 7f 77 e6 b3 b4 39 57 c2 6c e6 e7 5b d8 cc a3 d3 05 89 02 51 19 9f 7f 7a 15 5a 65 9b b5 99 cf 74 6c e6 33 7f 5c 4c 37 f3 37 fc f1 3f 39 f3 cb 7e a3 9f f9 c7 cd 6c e6 c5 0b 9c f9 ce e7 fe 8d 99 57 9e 3b 8f 85 8e 4b 9c cd 69 60 52 7c 3e c7 31 9b c6 10 Data Ascii: yW"1nlw?<9l3MtS'm\v'Mwd1;O7aOzlta}Ug::e^Nd%a&eI1Zow9Wl[QzZetl3\L77?9~lW;Ki`R\|>1
2024-10-02 10:16:27 UTC	9988	IN	Data Raw: 4b 5f e0 c3 0e 60 7c 40 f7 2a 37 e7 c9 a4 55 a5 f2 ad 30 5a a0 47 b9 f6 1d 82 9d 65 45 52 d8 a2 4f ca 2b f8 a9 34 c5 56 65 94 bd 40 96 a8 77 63 63 85 ee e4 1b 86 c4 da 5c fc 47 d1 e2 47 17 df 19 27 f4 70 fb 04 e4 d6 62 ea e1 91 7c f4 55 31 41 a2 de 6c b4 4c 90 81 a9 7c c8 55 9a 9e 24 33 0d 41 40 ec 03 a7 27 32 9f fe b7 99 fb 21 a2 6e 7b 0a d9 ee 0b 88 ec 83 ce 0a fe ce 54 da 87 cf 4a d4 15 fd e6 26 31 a3 6c bf be e1 2c ff 63 ef 10 8c 0b fc 67 31 b1 b6 b6 ad a4 f4 1f f3 28 7d 76 9a b7 dd 6b 1a a2 4a 94 ba 03 0e f6 0e e7 95 a6 a5 33 2d cf fd 98 1c 07 3e 1f 63 8d 03 eb 3d e3 c0 a9 fb 2d 8b 0e 65 e7 c5 b7 f1 d3 8b 6f d3 47 0a 03 be 8d bf 62 86 35 1c fd 2e 43 4c fb da 76 12 41 27 93 3d a3 d0 9d f7 62 cb 23 19 99 8c c3 56 07 10 15 5f a6 b8 ea 0e 39 f8 b1 4a b4 Data Ascii: K_`\|@*7U0ZGeERO+4Ve@wcc\GG'pb\|U1AlL\|U$3A@'2!n{TJ&1l,cg1(}vkJ3->c=-eoGb5.CLvA'=b#V_9J
2024-10-02 10:16:27 UTC	16384	IN	Data Raw: 91 ca 2e d4 b4 c2 bf c9 b8 65 3f 51 52 34 c6 a8 1e 35 42 fd ca d4 6f ab 33 4d 22 72 e1 1d 8f 02 51 8d dd 44 32 c9 f2 a3 e1 92 1e fb 64 8f 84 4c b2 87 f6 52 62 df 24 75 f6 13 d5 61 8c e2 25 46 99 c2 5a e9 5e 1d 83 51 f6 37 d2 80 e1 ff 16 ef f1 6b 9a a0 6e 45 b2 dd 5b 13 0c a7 74 f1 0a 52 2e e7 be 68 af ac ce ba 5a 63 6b 76 65 4a 5b 90 1d 58 cc 42 b2 43 2a 15 1c 15 e5 3e e0 55 65 61 16 05 db 29 6f a5 e0 ab 0d 45 f5 9f 85 bb 29 be 45 8c 2d 09 56 6b 5e f5 71 0f 0f fc 9d 22 c1 55 d0 1f 6c d7 44 f7 74 b3 2a 4c 15 93 34 52 16 66 10 04 5f d6 63 2c c0 da 7e a3 3d d1 95 4e b8 1a ee e8 d2 7a 8e c3 8d 5d 0e c2 55 49 ad 51 b2 31 ab f3 11 e8 c3 fe 43 d1 fb ef e8 ab 83 96 f7 c0 a7 3f 79 c6 ac 0e d1 b3 05 be 36 7c 9b 28 7a 36 b2 c0 81 14 65 5b 61 20 d0 40 71 03 49 06 d7 Data Ascii: .e?QR45Bo3M"rQD2dLRb$ua%FZ^Q7knE[tR.hZckveJ[XBC>Uea)oE)E-Vk^q"UlDtL4Rf_c,~=Nz]UIQ1C?y6\|(z6e[a @qI
2024-10-02 10:16:27 UTC	16384	IN	Data Raw: 66 09 15 ba e6 4f 21 f4 2d c1 c0 5c d4 bd 3f c6 01 24 6e a6 d1 9a fa f2 13 3c e6 d6 88 6e d1 1a 96 ff 06 3b 06 60 51 2a 76 55 3f fc 82 ab 05 a8 8f 29 59 a2 3c 58 11 97 51 18 1c e0 2f c7 19 d5 b9 11 85 9f 7d 84 11 de 30 43 31 ff 26 b5 84 15 e2 e9 85 1d 68 02 30 55 9b 11 63 d5 e9 a4 95 7b 48 ae fe be a8 f9 97 76 34 10 6c e7 df cf 37 49 ae f2 40 f2 73 a4 61 c3 a2 74 30 bb 05 6b d5 52 82 34 01 17 72 4b b6 69 3e aa 35 c4 7c db f8 e4 d8 fa 1e 2d ef 4e 97 b1 09 bd d1 0f c8 cc 9b ee 32 cc 1b ae 43 38 f3 52 04 a6 7f 03 1f 7d ed 4a 99 71 a1 67 5b 7f c4 c9 c4 68 f6 0c 79 e7 6d 7f 7a d0 88 0f a3 ab e8 ed 49 fc d6 61 ed 5d 7f 61 ed fd f2 a1 70 79 ff eb e9 5b 5a a4 ab 51 72 e6 7c c2 04 54 6d 84 a9 5c d2 df 47 95 8b c2 33 bf 8b 2a 17 61 24 78 67 92 a1 72 e1 82 6a f3 d1 Data Ascii: fO!-\?$n<n;`QvU?)Y<XQ/}0C1&h0Uc{Hv4l7I@sat0kR4rKi>5\|-N2C8R}Jqg[hymzIa]apy[ZQr\|Tm\G3a$xgrj
2024-10-02 10:16:27 UTC	3320	IN	Data Raw: dc bb 7c da 36 31 79 52 b2 80 e5 63 72 30 80 48 ab f1 61 91 56 e3 c3 a0 b7 08 a1 db e3 f6 ca 99 82 2d d3 ec 8a 1a 5b 5d 83 cc 31 5d e0 e4 48 e7 18 63 d1 a7 02 33 cb 44 a1 c7 fa a0 0c c0 e3 96 e0 a7 a5 ca c8 4d 18 b6 92 62 53 11 4a ba 4f 7b dd 6c 18 b9 1d 21 b4 aa ee 6c 25 59 5a 1a 3c 87 ce 05 e8 8c 1c 25 89 a0 79 80 4e 08 b2 df df 7f 27 a8 7e 55 98 1d 43 0f 59 eb a2 b8 27 87 78 91 b6 73 7b aa b5 ed dc ff b3 46 dd ce cd bb 97 b3 8f a3 e3 25 69 2a bc 52 74 21 4f ce 3e 25 3b 8e e7 e6 b0 1f ea 1c a7 68 de 8e 8d 03 e6 75 1c cf 51 ee c7 e3 9a 1c d6 e0 24 f6 2e f1 ea 53 7f ea 6e 3f 1e c6 ab 2f e8 b6 b9 e5 9b 59 39 ba c1 52 76 c8 83 ef 4a a9 93 07 bf 3e 83 17 83 b4 cb c2 e2 5c e5 ec 28 92 d0 23 b7 d3 6e b8 30 81 67 3a 77 e1 e4 fe a8 ae fc 51 5a 32 d0 08 c6 45 49 Data Ascii: \|61yRcr0HaV-[]1]Hc3DMbSJO{l!l%YZ<%yN'~UCY'xs{F%i*Rt!O>%;huQ$.Sn?/Y9RvJ>\(#n0g:wQZ2EI
2024-10-02 10:16:28 UTC	16384	IN	Data Raw: 13 31 a6 b4 70 ce 8b 37 dd 68 f0 a6 56 d7 ce 37 9e 4c 76 98 67 43 8f d9 71 28 60 14 db 68 f0 a7 66 01 c1 a5 3d 68 7e 7d 98 97 11 ac 44 fb 3d 69 99 92 41 18 69 9c ee bb 0b 20 6c 2d f6 20 9e fb dc 40 f9 36 50 e2 17 a2 dc 27 ae 2f fd c5 3b 21 0b 5f af 75 16 40 a2 55 8b 3e 98 75 39 61 f8 79 90 af b0 12 ef 3c 7d eb 37 89 dd 05 b6 6a a6 dd 3d 26 9f 59 e9 e9 1d 8e 81 fd 05 04 16 56 1b a8 73 8d fb fa 30 ca 36 ce af 24 c5 e2 5c 31 b0 26 35 86 c5 d7 9a 58 3c a1 1f 16 97 a7 5a b0 d8 83 a0 41 d5 72 78 64 04 32 c8 25 d5 6d c0 5a d3 d8 1b 44 aa 34 1a 91 02 07 2b 11 38 c4 82 34 46 60 00 72 83 47 d5 68 bb ce 15 d4 86 17 62 7b 50 a3 51 e4 5b 18 bd e3 ff ad 93 6f c9 17 b1 39 a4 26 81 bd 76 7d 56 0b 6b 35 7e 9d 14 57 97 a2 1f f6 f4 6b a5 ae 1a 07 be 00 d1 45 64 2d 2c cc 4f Data Ascii: 1p7hV7LvgCq(`hf=h~}D=iAi l- @6P'/;!_u@U>u9ay<}7j=&YVs06$\1&5X<ZArxd2%mZD4+84F`rGhb{PQ[o9&v}Vk5~WkEd-,O
2024-10-02 10:16:28 UTC	3048	IN	Data Raw: 38 9f f5 48 58 68 d9 ce 43 27 71 5e cd ee f3 55 f1 ab 9e 04 f4 7a fe 4e 82 63 c7 a0 50 77 a1 f3 d5 b5 13 11 a8 a6 8b c2 6e 87 b4 98 6e cc 26 bb 9d 8f 85 dd 8e c4 17 a2 ee 4a a2 af 16 ba 8e 9e 62 13 d7 d1 d1 f5 17 ea 8a 6e b1 ad a7 71 8e 0e 5f 2b c7 18 41 9f 72 24 1a 41 f7 3b a2 2e 1a d1 6d 68 6f 16 ac a6 5c 76 12 e6 08 56 5c 31 4b a3 e5 55 f8 79 e7 e7 22 ce cd ef 77 c1 dc 6c 12 ee f4 de cd d6 51 25 65 a7 4b 1a 4f 1a 7a c2 7e 7a e5 8c 02 9a 9e d0 3f d0 44 5a 13 96 b3 f7 e0 b2 a7 59 39 70 3d 74 b9 c9 b5 c1 4e ca 47 6b 6e ad b3 18 13 b3 c0 95 89 f4 01 b6 4e b4 b7 46 97 5b 68 0b 4d f3 a1 3c 64 ce 07 fa 5d e3 b5 5f b5 e1 bd 37 da eb de e3 23 3b 6c 58 50 fc ae 89 92 74 1c 96 f9 71 68 e9 e4 d8 cd 0f cd 97 4e a6 b4 c0 bf 7c 34 1c 68 d8 22 57 16 2b cf 0a 78 6b ad Data Ascii: 8HXhC'q^UzNcPwnn&Jbnq_+Ar$A;.mho\vV\1KUy"wlQ%eKOz~z?DZY9p=tNGknNF[hM<d]_7#;lXPtqhN\|4h"W+xk
2024-10-02 10:16:28 UTC	5552	IN	Data Raw: d4 1f 97 5a 2a 86 42 76 fc 90 36 bd ad c5 a3 f7 8c df 61 81 1f 40 43 a5 69 5f 48 ae 84 52 0d f5 7f 95 82 d9 4d e8 41 e5 62 13 fa 07 a8 ee f5 f7 8c 21 9f c9 3c 07 d7 37 ff 26 cc 43 43 7d 97 14 9c d3 58 7f 54 0a 4e 6d ac ef 97 d6 de c2 42 fd 44 5f 58 c5 51 1f bb c8 6f 86 4c 95 a1 4f 7a c4 d7 4c f8 0a e5 71 ab a2 38 7d 17 c9 fe 0c be 63 6b 21 57 43 bd 2e 05 6f c6 1e b2 8b d0 a2 a7 d7 0b 2d 56 98 2d fa 38 b7 62 8b 90 67 3c e6 09 8e 21 7d 61 8b e7 ec 57 3c 7d 88 e5 15 7d ac fa 6c 63 18 86 77 2f af b7 d2 a1 03 35 55 08 9b c8 5b 2f 3f a6 08 90 d3 9b 9f 45 4e 1f c1 ce 46 c0 d2 1f fa 15 9d 86 fa 99 e7 a8 17 a0 42 1c 01 a8 ba 37 51 2e fc fe a0 f8 6e 02 8f f1 2a 38 f6 af 5a e4 ec b9 3b 1e 80 56 8e c2 b3 e1 00 04 70 26 67 20 36 6c 98 31 a8 03 3a b3 fe b5 77 c6 20 f3 Data Ascii: ZBv6a@Ci_HRMAb!<7&CC}XTNmBD_XQoLOzLq8}ck!WC.o-V-8bg<!}aW<}}lcw/5U[/?ENFB7Q.n8Z;Vp&g 6l1:w

Timestamp	Bytes transferred	Direction	Data
2024-10-02 10:16:28 UTC	290	OUT	GET /picasa/answer/93773?hl=en HTTP/1.1 Accept: text/html, application/xhtml+xml, image/jxr, / Accept-Language: en-CH User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko Accept-Encoding: gzip, deflate Connection: Keep-Alive Host: support.google.com
2024-10-02 10:16:28 UTC	531	IN	HTTP/1.1 301 Moved Permanently Location: https://support.google.com/picasa/answer/157000?hl=en&visit_id=638634609885905976-1351747924&rd=1 X-Robots-Tag: follow,index Date: Wed, 02 Oct 2024 10:16:28 GMT Expires: Wed, 02 Oct 2024 10:16:28 GMT Cache-Control: private, max-age=0 Content-Type: text/html; charset=UTF-8 X-Content-Type-Options: nosniff Server: support-content-ui Content-Length: 302 X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2024-10-02 10:16:28 UTC	302	IN	Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 54 49 54 4c 45 3e 33 30 31 20 4d 6f 76 65 64 3c 2f 54 49 54 4c 45 3e 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 33 30 31 20 4d 6f 76 65 64 3c 2f 48 31 3e 0a 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 0a 3c 41 20 48 52 45 46 3d 22 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 70 69 63 61 73 61 2f 61 6e 73 77 65 72 2f 31 35 37 30 30 30 3f 68 6c 3d 65 6e 26 61 6d 70 3b 76 69 73 69 74 5f 69 64 3d 36 33 38 36 33 34 36 30 39 38 38 35 39 30 35 39 37 36 2d 31 Data Ascii: <HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8"><TITLE>301 Moved</TITLE></HEAD><BODY><H1>301 Moved</H1>The document has moved<A HREF="https://support.google.com/picasa/answer/157000?hl=en&visit_id=638634609885905976-1

Timestamp	Bytes transferred	Direction	Data
2024-10-02 10:16:28 UTC	335	OUT	GET /picasa/answer/157000?hl=en&visit_id=638634609885905976-1351747924&rd=1 HTTP/1.1 Accept: text/html, application/xhtml+xml, image/jxr, / Accept-Language: en-CH User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko Accept-Encoding: gzip, deflate Connection: Keep-Alive Host: support.google.com
2024-10-02 10:16:28 UTC	531	IN	HTTP/1.1 301 Moved Permanently Location: https://support.google.com/picasa/answer/156347?hl=en&visit_id=638634609885905976-1351747924&rd=2 X-Robots-Tag: follow,index Date: Wed, 02 Oct 2024 10:16:28 GMT Expires: Wed, 02 Oct 2024 10:16:28 GMT Cache-Control: private, max-age=0 Content-Type: text/html; charset=UTF-8 X-Content-Type-Options: nosniff Server: support-content-ui Content-Length: 302 X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2024-10-02 10:16:28 UTC	302	IN	Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 54 49 54 4c 45 3e 33 30 31 20 4d 6f 76 65 64 3c 2f 54 49 54 4c 45 3e 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 33 30 31 20 4d 6f 76 65 64 3c 2f 48 31 3e 0a 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 0a 3c 41 20 48 52 45 46 3d 22 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 70 69 63 61 73 61 2f 61 6e 73 77 65 72 2f 31 35 36 33 34 37 3f 68 6c 3d 65 6e 26 61 6d 70 3b 76 69 73 69 74 5f 69 64 3d 36 33 38 36 33 34 36 30 39 38 38 35 39 30 35 39 37 36 2d 31 Data Ascii: <HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8"><TITLE>301 Moved</TITLE></HEAD><BODY><H1>301 Moved</H1>The document has moved<A HREF="https://support.google.com/picasa/answer/156347?hl=en&visit_id=638634609885905976-1

Timestamp	Bytes transferred	Direction	Data
2024-10-02 10:16:29 UTC	335	OUT	GET /picasa/answer/156347?hl=en&visit_id=638634609885905976-1351747924&rd=2 HTTP/1.1 Accept: text/html, application/xhtml+xml, image/jxr, / Accept-Language: en-CH User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko Accept-Encoding: gzip, deflate Connection: Keep-Alive Host: support.google.com
2024-10-02 10:16:30 UTC	532	IN	HTTP/1.1 301 Moved Permanently Location: https://support.google.com/picasa/answer/6383491?hl=en&visit_id=638634609885905976-1351747924&rd=3 X-Robots-Tag: follow,index Date: Wed, 02 Oct 2024 10:16:29 GMT Expires: Wed, 02 Oct 2024 10:16:29 GMT Cache-Control: private, max-age=0 Content-Type: text/html; charset=UTF-8 X-Content-Type-Options: nosniff Server: support-content-ui Content-Length: 303 X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2024-10-02 10:16:30 UTC	303	IN	Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 54 49 54 4c 45 3e 33 30 31 20 4d 6f 76 65 64 3c 2f 54 49 54 4c 45 3e 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 33 30 31 20 4d 6f 76 65 64 3c 2f 48 31 3e 0a 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 0a 3c 41 20 48 52 45 46 3d 22 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 70 69 63 61 73 61 2f 61 6e 73 77 65 72 2f 36 33 38 33 34 39 31 3f 68 6c 3d 65 6e 26 61 6d 70 3b 76 69 73 69 74 5f 69 64 3d 36 33 38 36 33 34 36 30 39 38 38 35 39 30 35 39 37 36 2d Data Ascii: <HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8"><TITLE>301 Moved</TITLE></HEAD><BODY><H1>301 Moved</H1>The document has moved<A HREF="https://support.google.com/picasa/answer/6383491?hl=en&visit_id=638634609885905976-

Timestamp	Bytes transferred	Direction	Data
2024-10-02 10:16:30 UTC	336	OUT	GET /picasa/answer/6383491?hl=en&visit_id=638634609885905976-1351747924&rd=3 HTTP/1.1 Accept: text/html, application/xhtml+xml, image/jxr, / Accept-Language: en-CH User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko Accept-Encoding: gzip, deflate Connection: Keep-Alive Host: support.google.com
2024-10-02 10:16:30 UTC	1972	IN	HTTP/1.1 200 OK P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info." P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info." Strict-Transport-Security: max-age=31536000; includeSubdomains Content-Type: text/html; charset=UTF-8 Date: Wed, 02 Oct 2024 10:16:30 GMT Expires: Wed, 02 Oct 2024 10:16:30 GMT Cache-Control: private, max-age=0 Content-Security-Policy-Report-Only: object-src 'none';base-uri 'self';script-src 'nonce-b9Qq+iio0bqdtrDckkkW' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' https: http: 'report-sample';report-uri https://csp.withgoogle.com/csp/scfe P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info." X-Content-Type-Options: nosniff Server: support-content-ui X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Set-Cookie: NID=517=qr4w1GgJjt0d2ifTarx3-KuOJKWw5bh2F4evOzqBRAM3F_gIqIUHz_Q5snFZezYyKAhQrVj-ZmVukx-98EgEqAkzYfpJpNN5O0v-W7Xdfyhr9KNDrb_8dt1Ee7v65eFtnra0mP-3bJi2cJHJSXIVGnn8eYJQaPiqTBIeWUywDRSHukk-HQ; expires=Thu, 03-Apr-2025 10:16:30 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=none Set-Cookie: NID=517=m-X95JoeCPCfoIHtcSxsmDi2wuwakqGlxl54bZGUpbMC8a-isGAbpG2Na1kJthkxyJutWyJR96BInrx1gm8GqFOkcoEY6cxDpArB931-8AEywgrSdlj_NkfkwtkvrNVCdHigO3n64T5OJjG2D0NbQ4RfOIRTD2zql-Sl_sWD3ScVAutPLTLnrvnwfcdARGW7_nOeLc_Xx6R7hL6-4RWij2UVns3pTxlpxWQcdbV_SDnZauyMgzVrmQ; expires=Thu, 03-Apr-2025 10:16:30 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=none Set-Cookie: NID=517=m-X95JoeCPCfoIHtcSxsmDi2wuwakqGlxl54bZGUpbMC8a-isGAbpG2Na1kJthkxyJutWyJR96BInrx1gm8GqFOkcoEY6cxDpArB931-8AEywgrSdlj_NkfkwtkvrNVCdHigO3n64T5OJjG2D0NbQ4RfOIRTD2zql-Sl_sWD3ScVAutPLTLnrvnwfcdARGW7_nOeLc_Xx6R7hL6-4RWij2UVns3pTxlpxWQcdbV_SDnZauyMgzVrmQ; expires=Thu, 03-Apr-2025 10:16:30 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=none Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2024-10-02 10:16:30 UTC	1972	IN	Data Raw: 38 30 30 30 0d 0a 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 68 63 66 65 22 20 64 61 74 61 2d 70 61 67 65 2d 74 79 70 65 3d 22 41 4e 53 57 45 52 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 57 68 61 74 27 73 20 68 61 70 70 65 6e 69 6e 67 20 74 6f 20 50 69 63 61 73 61 2c 20 50 69 63 61 73 61 20 57 65 62 20 41 6c 62 75 6d 73 2c 20 61 6e 64 20 74 68 65 20 50 69 63 61 73 61 20 57 65 62 20 41 6c 62 75 6d 73 20 41 50 49 3f 20 2d 20 50 69 63 61 73 61 20 61 6e 64 20 50 69 63 61 73 61 20 57 65 62 20 41 6c 62 75 6d 73 20 48 65 6c 70 3c 2f 74 69 74 6c 65 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 65 6d 61 69 6c 3d 6e 6f 22 20 6e 61 6d 65 3d 22 66 6f 72 6d 61 74 2d 64 65 74 65 63 74 69 6f 6e Data Ascii: 8000<!doctype html><html class="hcfe" data-page-type="ANSWER" lang="en"><head><title>What's happening to Picasa, Picasa Web Albums, and the Picasa Web Albums API? - Picasa and Picasa Web Albums Help</title><meta content="email=no" name="format-detection
2024-10-02 10:16:30 UTC	1972	IN	Data Raw: 65 22 20 69 64 3d 22 66 6f 6e 74 2d 6e 63 65 22 20 72 65 6c 3d 22 70 72 65 6c 6f 61 64 22 20 6e 6f 6e 63 65 3d 22 62 39 51 71 2b 69 69 6f 30 62 71 64 74 72 44 63 6b 6b 6b 57 22 3e 3c 73 63 72 69 70 74 20 6e 6f 6e 63 65 3d 22 62 39 51 71 2b 69 69 6f 30 62 71 64 74 72 44 63 6b 6b 6b 57 22 3e 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 27 66 6f 6e 74 2d 67 73 74 27 29 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 27 6c 6f 61 64 27 2c 66 75 6e 63 74 69 6f 6e 28 29 7b 74 68 69 73 2e 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3b 7d 29 3b 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 27 66 6f 6e 74 2d 6e 63 65 27 29 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 27 6c 6f 61 64 27 2c 66 75 Data Ascii: e" id="font-nce" rel="preload" nonce="b9Qq+iio0bqdtrDckkkW"><script nonce="b9Qq+iio0bqdtrDckkkW">document.getElementById('font-gst').addEventListener('load',function(){this.rel="stylesheet";});document.getElementById('font-nce').addEventListener('load',fu
2024-10-02 10:16:30 UTC	1972	IN	Data Raw: 35 72 65 6d 20 30 7d 2e 68 63 66 65 20 61 7b 63 6f 6c 6f 72 3a 23 30 62 35 37 64 30 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 7d 2e 68 63 66 65 20 61 20 69 6d 67 7b 62 6f 72 64 65 72 3a 30 7d 2e 68 63 66 65 20 61 72 74 69 63 6c 65 20 73 65 63 74 69 6f 6e 20 73 65 63 74 69 6f 6e 7b 70 61 64 64 69 6e 67 3a 30 7d 2e 73 6b 69 70 2d 6c 69 6e 6b 7b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 6c 65 66 74 3a 2d 36 30 30 72 65 6d 3b 74 6f 70 3a 61 75 74 6f 3b 77 69 64 74 68 3a 30 2e 30 36 32 35 72 65 6d 3b 68 65 69 67 68 74 3a 30 2e 30 36 32 35 72 65 6d 3b 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 3b 7a 2d 69 6e 64 65 78 3a 31 7d 2e 73 6b 69 70 2d 6c 69 6e 6b 3a 66 6f 63 75 73 7b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 3b 70 6f 73 Data Ascii: 5rem 0}.hcfe a{color:#0b57d0;text-decoration:none}.hcfe a img{border:0}.hcfe article section section{padding:0}.skip-link{position:absolute;left:-600rem;top:auto;width:0.0625rem;height:0.0625rem;overflow:hidden;z-index:1}.skip-link:focus{display:block;pos
2024-10-02 10:16:30 UTC	1972	IN	Data Raw: 7d 7d 2e 70 72 69 6d 61 72 79 2d 63 6f 6e 74 61 69 6e 65 72 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 74 72 61 6e 73 70 61 72 65 6e 74 3b 70 61 64 64 69 6e 67 3a 30 7d 40 6d 65 64 69 61 20 28 6d 69 6e 2d 77 69 64 74 68 3a 36 31 72 65 6d 29 7b 2e 70 61 67 65 2d 77 69 64 74 68 2d 63 6f 6e 74 61 69 6e 65 72 7b 64 69 73 70 6c 61 79 3a 66 6c 65 78 7d 7d 2e 73 63 2d 61 73 73 65 72 74 69 76 65 2d 6c 69 76 65 2d 72 65 67 69 6f 6e 2c 2e 73 63 2d 70 6f 6c 69 74 65 2d 6c 69 76 65 2d 72 65 67 69 6f 6e 7b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 6c 65 66 74 3a 2d 31 30 30 30 30 70 78 3b 77 69 64 74 68 3a 31 70 78 3b 68 65 69 67 68 74 3a 31 70 78 3b 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 7d 2e 68 63 66 65 20 61 72 74 69 63 6c 65 20 73 65 63 74 69 6f 6e 7b Data Ascii: }}.primary-container{background:transparent;padding:0}@media (min-width:61rem){.page-width-container{display:flex}}.sc-assertive-live-region,.sc-polite-live-region{position:absolute;left:-10000px;width:1px;height:1px;overflow:hidden}.hcfe article section{
2024-10-02 10:16:30 UTC	1972	IN	Data Raw: 2d 6e 61 6d 65 7b 62 6f 74 74 6f 6d 3a 30 3b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 27 47 6f 6f 67 6c 65 20 53 61 6e 73 27 2c 27 50 72 6f 64 75 63 74 20 53 61 6e 73 27 2c 52 6f 62 6f 74 6f 2c 73 61 6e 73 2d 73 65 72 69 66 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 31 32 35 72 65 6d 3b 6c 65 66 74 3a 35 32 70 78 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 35 30 70 78 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 30 2e 35 72 65 6d 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 72 69 67 68 74 3a 31 35 32 70 78 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 6c 65 66 74 3b 74 65 78 74 2d 6f 76 65 72 66 6c 6f 77 3a 65 6c 6c 69 70 73 69 73 3b 74 6f 70 3a 30 7d 2e 70 72 6f 6d 6f 74 65 64 2d 73 65 61 72 63 Data Ascii: -name{bottom:0;display:block;font-family:'Google Sans','Product Sans',Roboto,sans-serif;font-size:1.125rem;left:52px;line-height:50px;margin:auto;margin-left:0.5rem;position:absolute;right:152px;text-align:left;text-overflow:ellipsis;top:0}.promoted-searc
2024-10-02 10:16:30 UTC	1972	IN	Data Raw: 69 6f 6e 2d 6d 65 6e 75 2d 2d 62 6f 74 74 6f 6d 7b 70 61 64 64 69 6e 67 2d 62 6f 74 74 6f 6d 3a 31 34 70 78 7d 40 6d 65 64 69 61 20 28 6d 69 6e 2d 77 69 64 74 68 3a 33 30 72 65 6d 29 7b 2e 6e 61 76 69 67 61 74 69 6f 6e 2d 6d 65 6e 75 20 6c 69 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 72 65 6d 3b 70 61 64 64 69 6e 67 3a 31 39 70 78 20 30 20 31 39 70 78 20 36 36 70 78 7d 2e 6e 61 76 69 67 61 74 69 6f 6e 2d 6d 65 6e 75 20 6c 69 3a 68 6f 76 65 72 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 32 66 32 66 32 7d 2e 6e 61 76 69 67 61 74 69 6f 6e 2d 6d 65 6e 75 2d 2d 6e 65 73 74 65 64 20 6c 69 7b 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 39 30 70 78 7d 2e 6e 61 76 69 67 61 74 69 6f 6e 2d 6d 65 6e 75 2d 2d 62 6f 74 74 6f 6d 7b 70 61 64 64 69 6e 67 2d 62 6f 74 74 6f 6d 3a 31 39 Data Ascii: ion-menu--bottom{padding-bottom:14px}@media (min-width:30rem){.navigation-menu li{font-size:1rem;padding:19px 0 19px 66px}.navigation-menu li:hover{background:#f2f2f2}.navigation-menu--nested li{padding-left:90px}.navigation-menu--bottom{padding-bottom:19
2024-10-02 10:16:30 UTC	1972	IN	Data Raw: 54 67 75 4e 6a 63 67 4d 54 63 75 4e 6a 4d 67 4d 54 67 75 4d 54 5a 4d 4d 6a 49 67 4d 54 4a 4d 4d 54 63 75 4e 6a 4d 67 4e 53 34 34 4e 46 70 4e 4d 54 59 67 4d 54 64 49 4e 56 59 33 53 44 45 32 54 44 45 35 4c 6a 55 31 49 44 45 79 54 44 45 32 49 44 45 33 57 69 49 67 5a 6d 6c 73 62 44 30 69 49 7a 56 47 4e 6a 4d 32 4f 43 49 76 50 67 6f 38 4c 33 4e 32 5a 7a 34 4b 29 7d 2e 73 65 61 72 63 68 2d 71 75 65 72 79 2d 69 63 6f 6e 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 69 6d 61 67 65 3a 75 72 6c 28 64 61 74 61 3a 69 6d 61 67 65 2f 73 76 67 2b 78 6d 6c 3b 62 61 73 65 36 34 2c 50 48 4e 32 5a 79 42 34 62 57 78 75 63 7a 30 69 61 48 52 30 63 44 6f 76 4c 33 64 33 64 79 35 33 4d 79 35 76 63 6d 63 76 4d 6a 41 77 4d 43 39 7a 64 6d 63 69 49 48 64 70 5a 48 52 6f 50 53 49 79 4e 43 49 67 Data Ascii: TguNjcgMTcuNjMgMTguMTZMMjIgMTJMMTcuNjMgNS44NFpNMTYgMTdINVY3SDE2TDE5LjU1IDEyTDE2IDE3WiIgZmlsbD0iIzVGNjM2OCIvPgo8L3N2Zz4K)}.search-query-icon{background-image:url(data:image/svg+xml;base64,PHN2ZyB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHdpZHRoPSIyNCIg
2024-10-02 10:16:30 UTC	1972	IN	Data Raw: 6d 35 76 62 6e 70 6c 63 6d 38 69 49 47 31 68 63 32 73 39 49 6e 56 79 62 43 67 6a 59 69 6b 69 49 47 51 39 49 6b 30 74 4d 69 34 33 4e 6a 6b 74 4d 69 34 33 4e 6a 6c 6f 4d 54 63 75 4e 54 4d 34 56 6a 67 75 4d 7a 41 34 53 43 30 79 4c 6a 63 32 4f 58 6f 69 4c 7a 34 38 63 47 46 30 61 43 42 6d 61 57 78 73 50 53 49 6a 4d 55 45 33 4d 30 55 34 49 69 42 6d 61 57 78 73 4c 58 4a 31 62 47 55 39 49 6d 35 76 62 6e 70 6c 63 6d 38 69 49 47 31 68 63 32 73 39 49 6e 56 79 62 43 67 6a 59 69 6b 69 49 47 51 39 49 6b 30 34 4c 6a 4d 77 4f 43 30 79 4c 6a 63 32 4f 57 67 78 4d 53 34 77 4e 7a 64 57 4f 43 34 7a 4d 44 68 49 4f 43 34 7a 4d 44 68 36 49 69 38 2b 50 48 42 68 64 47 67 67 5a 6d 6c 73 62 44 30 69 49 30 51 35 4d 7a 41 79 4e 53 49 67 5a 6d 6c 73 62 43 31 79 64 57 78 6c 50 53 4a 75 Data Ascii: m5vbnplcm8iIG1hc2s9InVybCgjYikiIGQ9Ik0tMi43NjktMi43NjloMTcuNTM4VjguMzA4SC0yLjc2OXoiLz48cGF0aCBmaWxsPSIjMUE3M0U4IiBmaWxsLXJ1bGU9Im5vbnplcm8iIG1hc2s9InVybCgjYikiIGQ9Ik04LjMwOC0yLjc2OWgxMS4wNzdWOC4zMDhIOC4zMDh6Ii8+PHBhdGggZmlsbD0iI0Q5MzAyNSIgZmlsbC1ydWxlPSJu
2024-10-02 10:16:30 UTC	1972	IN	Data Raw: 4c 6a 59 31 4c 6a 49 35 4c 53 34 77 4d 53 41 77 4c 53 34 77 4d 53 34 77 4d 53 30 75 4d 44 49 75 4d 44 45 74 4c 6a 49 75 4d 54 45 74 4c 6a 4d 35 4c 6a 49 79 4c 53 34 31 4e 69 34 7a 4e 53 30 75 4e 44 55 75 4d 7a 55 74 4c 6a 63 31 4c 6a 63 33 4c 53 34 33 4e 53 41 78 4c 6a 49 32 64 6a 45 75 4f 44 46 68 4e 79 34 35 4e 7a 45 67 4e 79 34 35 4e 7a 45 67 4d 43 41 77 49 44 45 74 4e 53 34 77 4e 53 30 79 4c 6a 63 78 59 7a 45 75 4d 44 45 74 4c 6a 51 79 49 44 49 75 4d 7a 4d 74 4c 6a 63 78 49 44 4d 75 4e 44 45 74 4c 6a 63 78 61 43 34 77 4e 6d 4d 75 4e 44 49 74 4c 6a 63 32 49 44 45 75 4d 54 51 74 4d 53 34 7a 4d 79 41 78 4c 6a 6b 32 4c 54 45 75 4e 7a 63 74 4c 6a 67 74 4c 6a 45 32 4c 54 45 75 4e 54 4d 74 4c 6a 49 7a 4c 54 49 75 4d 44 49 74 4c 6a 49 7a 4c 54 45 67 4d 43 30 Data Ascii: LjY1LjI5LS4wMSAwLS4wMS4wMS0uMDIuMDEtLjIuMTEtLjM5LjIyLS41Ni4zNS0uNDUuMzUtLjc1Ljc3LS43NSAxLjI2djEuODFhNy45NzEgNy45NzEgMCAwIDEtNS4wNS0yLjcxYzEuMDEtLjQyIDIuMzMtLjcxIDMuNDEtLjcxaC4wNmMuNDItLjc2IDEuMTQtMS4zMyAxLjk2LTEuNzctLjgtLjE2LTEuNTMtLjIzLTIuMDItLjIzLTEgMC0
2024-10-02 10:16:30 UTC	1972	IN	Data Raw: 2d 64 69 61 6c 6f 67 2d 6d 69 6e 69 6d 69 7a 65 64 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 31 66 31 66 31 66 3b 62 6f 72 64 65 72 3a 30 3b 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 2e 32 35 72 65 6d 20 2e 32 35 72 65 6d 20 30 20 30 3b 62 6f 74 74 6f 6d 3a 30 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 30 20 2e 35 72 65 6d 20 2e 36 32 35 72 65 6d 20 2e 30 36 32 35 72 65 6d 20 72 67 62 61 28 30 2c 30 2c 30 2c 30 2e 31 34 29 2c 30 20 2e 31 38 37 35 72 65 6d 20 2e 38 37 35 72 65 6d 20 2e 31 32 35 72 65 6d 20 72 67 62 61 28 30 2c 30 2c 30 2c 30 2e 31 32 29 2c 30 20 2e 33 31 32 35 72 65 6d 20 2e 33 31 32 35 72 65 6d 20 2d 2e 31 38 37 35 72 65 6d 20 72 67 62 61 28 30 2c 30 2c 30 2c 30 2e 32 29 3b 63 6f 6c 6f 72 3a 23 66 66 66 66 66 66 3b 63 75 72 73 6f 72 3a 70 6f 69 6e Data Ascii: -dialog-minimized{background:#1f1f1f;border:0;border-radius:.25rem .25rem 0 0;bottom:0;box-shadow:0 .5rem .625rem .0625rem rgba(0,0,0,0.14),0 .1875rem .875rem .125rem rgba(0,0,0,0.12),0 .3125rem .3125rem -.1875rem rgba(0,0,0,0.2);color:#ffffff;cursor:poin

Timestamp	Bytes transferred	Direction	Data
2024-10-02 10:16:30 UTC	594	OUT	GET /crx/blobs/AY4GWKDHKllS27BO_e8bCnbax_jg8ytdTG4Uzua5Kte91Msonmjt9Ssh1u4j53F3UYy-997sHknkzKEy9994XId3zBBDiju_YSunzv5QYwyL8XEx9VuF26n3JIgkmCYaLzIAxlKa5UdUDZoPCHdwU63c7rFT0JUxfsWG/GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_82_1_0.crx HTTP/1.1 Host: clients2.googleusercontent.com Connection: keep-alive Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-10-02 10:16:30 UTC	566	IN	HTTP/1.1 200 OK Accept-Ranges: bytes Content-Length: 135800 X-GUploader-UploadID: AD-8lju06NrZMi7JQB1k-8VJ57KtAu8qqh7Wo8tJPUL9HeLUEvIO-AlYMCOAlzQiyt4rRYRLQjg X-Goog-Hash: crc32c=2rkoIg== Server: UploadServer Date: Tue, 01 Oct 2024 18:29:00 GMT Expires: Wed, 01 Oct 2025 18:29:00 GMT Cache-Control: public, max-age=31536000 Age: 56850 Last-Modified: Wed, 25 Sep 2024 18:28:43 GMT ETag: c770f43b_2e4e8419_a87d1040_314358aa_d4b28262 Content-Type: application/x-chrome-extension Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2024-10-02 10:16:30 UTC	824	IN	Data Raw: 43 72 32 34 03 00 00 00 e0 15 00 00 12 ac 04 0a a6 02 30 82 01 22 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 82 01 0f 00 30 82 01 0a 02 82 01 01 00 9c 5e d1 18 b0 31 22 89 f4 fd 77 8d 67 83 0b 74 fd c3 32 4a 0e 47 31 00 29 58 34 b1 bf 3d 26 90 3f 5b 6a 2c 4c 7a fd d5 6a b0 75 cf 65 5b 49 85 71 2a 42 61 2f 58 dd ee dc 50 c1 68 fc cd 84 4c 04 88 b9 99 dc 32 25 33 5f 6f f4 ae b5 ad 19 0d d4 b8 48 f7 29 27 b9 3d d6 95 65 f8 ac c8 9c 3f 15 e6 ef 1f 08 ab 11 6a e1 a9 c8 33 55 48 fd 7c bf 58 8c 4d 06 e3 97 75 cc c2 9c 73 5b a6 2a f2 ea 3f 24 f3 9c db 8a 05 9f 46 25 11 1d 18 b4 49 08 19 94 80 29 08 f2 2c 2d c0 2f 90 65 35 29 a6 66 83 e7 4f e4 b2 71 14 5e ff 90 92 01 8d d3 bf ca a0 d0 39 a0 08 28 e3 d2 5f d5 70 68 32 fe 10 5e d5 59 42 50 58 66 5f 38 cc 0b 08 Data Ascii: Cr240"0H0^1"wgt2JG1)X4=&?[j,Lzjue[IqBa/XPhL2%3_oH)'=e?j3UH\|XMus[*?$F%I),-/e5)fOq^9(_ph2^YBPXf_8
2024-10-02 10:16:30 UTC	1390	IN	Data Raw: 8c 97 6b ff e3 2f 3f c6 cf aa aa f3 5b fd a7 a1 fa fc d3 e9 a2 aa 1f 7f fe 71 bb 9c fb 4a fe bd bc f6 63 d5 8f 3f fe f2 8f 1f 43 fe 54 d7 5c ea cf 57 cf a0 29 4c db 10 dc 36 52 b3 ae 4b b3 56 e5 f3 f0 c2 ad db 25 eb a6 af cc 1c 4f a5 a9 5e 44 72 78 41 fb 9f 36 ba 3c 2e c2 53 bd 48 91 71 68 ae 17 fd f9 3a 6c a8 79 f8 fe 7b a7 6e 22 0d 2f 91 1a 7f 3d f4 4e 2d bd f3 25 ba 1c a6 b0 39 df 4b cf ee bf 3f 53 76 db 2f 09 b7 d7 2c 45 d7 ef ef 0b 13 71 f1 34 26 ce cf cf a4 1d 31 62 70 a4 dd d8 08 0f 75 79 47 81 9c d9 a1 04 01 42 40 ec 48 17 3c 73 3f d8 54 9e b0 c5 33 d8 1e fd db a5 f4 a0 91 ef 0e 2f 07 b5 bd 15 26 aa 0b 8f cd 47 13 76 47 13 a8 d2 42 b5 30 f5 75 37 cc 85 b9 b9 1c 77 c1 b3 30 b7 ff 9e e7 f7 b3 05 53 ee aa 9e 59 f5 3e 81 0c 1d b9 f8 4a 3a 06 39 87 17 Data Ascii: k/?[qJc?CT\W)L6RKV%O^DrxA6<.SHqh:ly{n"/=N-%9K?Sv/,Eq4&1bpuyGB@H<s?T3/&GvGB0u7w0SY>J:9
2024-10-02 10:16:30 UTC	1390	IN	Data Raw: 82 a5 ad 63 16 2d b2 d7 de 7f e5 f8 38 9b d9 24 52 5d ef 15 36 91 61 58 94 c1 5c ba c8 2b f6 30 ce 7d 84 43 e5 5a b2 ab 77 d8 85 5a 03 02 5c 3e 81 8f 0d f9 b5 38 7e 7f 58 eb b9 37 64 0e c6 b0 57 4a 18 93 73 a4 e8 11 d2 b1 a3 4a ee 8a bd 74 93 bd 0c 4a 2a 62 0c b0 53 f6 5a a3 a9 d6 23 46 a7 d0 5f 5e fb f2 ff a1 c1 65 83 87 cc a8 95 f4 c5 67 6e aa 34 71 c3 91 f8 8e 1b 37 a2 17 66 90 e1 4e 87 82 e5 5c 84 2b 32 da 89 f7 52 41 07 9b 72 b3 9c 7b 72 2d ff 51 fb dc 0d f6 84 8b e6 ba 95 6e 60 12 00 3b e4 0b 91 1b c3 91 cc 5a 03 3c cc 43 ff a7 19 9b 8f 07 f3 71 9c 51 bc af ba f3 63 91 bf b5 36 f7 06 17 29 d8 a6 d6 f0 26 95 3b 47 b0 6e 09 40 14 5b 75 a0 7b 8c 44 b4 60 d6 bd 0e d5 f5 c0 8b 0d f0 86 88 f2 4a 0b 9a c5 b2 f7 bb e6 2b d9 e3 56 dd b2 46 b9 55 ef 18 61 2f Data Ascii: c-8$R]6aX\+0}CZwZ\>8~X7dWJsJtJ*bSZ#F_^egn4q7fN\+2RAr{r-Qn`;Z<CqQc6)&;Gn@[u{D`J+VFUa/
2024-10-02 10:16:30 UTC	1390	IN	Data Raw: b0 ab ba e9 3d 4a 8c 67 e9 cb cf dc c0 29 23 70 9f c0 01 e6 b3 68 45 a7 fb 8e 25 f6 96 53 af f5 39 11 dd d8 94 07 9d e0 07 40 00 fb 40 ed e0 0a 6e d7 bc 81 88 d0 31 c6 9e 7d 27 5d ad b8 0b cd 84 21 bb ea e0 07 d6 b1 b9 c4 be f4 56 b2 57 03 cd 1b 28 ca c6 b9 94 7c 7b 24 14 9b b1 85 37 a2 13 6f 19 71 be 88 76 fd b8 dd d6 88 6f 9f cc c8 00 69 5f 41 62 95 20 df ff 5c 62 ff d0 7c 77 74 a5 ee 94 be 3b 09 78 b6 44 3b 68 e6 41 cf f6 78 4c 3a 14 11 57 eb 10 6d 1f df fb 8d c4 1b 6e 99 25 be f3 af cd fa e0 19 7a 87 e7 ff c1 df 48 81 43 d7 c6 3f 03 db 83 4c 1d 83 bb e3 5b 6c 6c fd 42 21 1e cf ac 4d 60 3c 53 d8 da 9c 8f 2f e1 de c9 12 22 41 49 d1 15 ab a1 11 33 5c d4 fd b2 5b 59 73 15 d6 fd 6b 70 8f 9b b3 1d ba b6 9b eb f9 e5 5e 9d 14 50 5d 28 3c 03 ce 86 b4 22 ca 94 Data Ascii: =Jg)#phE%S9@@n1}']!VW(\|{$7oqvoi_Ab \b\|wt;xD;hAxL:Wmn%zHC?L[llB!M`<S/"AI3\[Yskp^P](<"
2024-10-02 10:16:30 UTC	1390	IN	Data Raw: 55 70 3d 77 b8 fd 66 30 94 7e fc 5f c6 0d 40 08 61 5d 00 dd 2f ef 95 cd 58 3d 12 b7 8e 73 0e 93 b2 41 2e 6e c7 bd f6 36 43 6c 9d 37 12 28 8a 40 fb 2c dc 31 0b 55 f0 bb f5 2d 4d f6 94 9d 6a f4 d8 56 61 05 9f 3a ce 4e 59 a7 ee a9 e5 e8 31 ff eb f8 28 57 41 82 1b d8 54 7d 30 73 1e 3e 63 f6 ad 71 07 80 5c 31 c4 c4 dd e0 14 be 23 4b 36 d8 d0 3a e7 d6 3d 31 ae a3 6c d4 7c e8 81 d4 f7 eb f4 58 63 96 c6 df f7 32 be 99 ff 3b 96 6e 87 ee 9f e7 2d 4f 7f 78 ce f2 5f df 1d a4 c7 c6 d4 54 ed bf ce 4a d6 3a 46 ed 7b ae e3 42 f0 f1 51 f0 ad ca 4c fb 5e 74 ea 56 74 b6 f6 9f d3 57 e1 d5 9f b9 d7 5e fe f7 bb 96 8e e7 1e 0d df b9 f3 7d 16 f3 d8 9c 9f c7 c6 fd fe ff 43 c7 97 a1 e3 ee ab 80 5b 53 b3 98 73 ae f5 ad b9 4e a7 f8 df 87 46 f3 f1 fe 59 dd 7e fc e5 af ff f8 51 57 b9 Data Ascii: Up=wf0~_@a]/X=sA.n6Cl7(@,1U-MjVa:NY1(WAT}0s>cq\1#K6:=1l\|Xc2;n-Ox_TJ:F{BQL^tVtW^}C[SsNFY~QW
2024-10-02 10:16:30 UTC	1390	IN	Data Raw: a5 13 86 33 b7 40 6b 0f 86 85 bc f0 6a 25 cf 40 74 87 b6 74 ed 60 34 fb 8b 3f 7d ee d9 8f 7b 03 36 3c 4d 13 55 ac f5 48 7f 94 cf f0 fa fe b6 7e 2d 9f 9f 0f c6 cc fe f1 e8 01 fd 70 24 26 d7 1c cf 8f 61 96 f1 93 48 6e b6 58 e2 6f 12 fe 3a 8e 8e e3 6e 37 10 bb 35 09 4d ba b5 b9 29 5f 6b a0 03 f2 6e 58 45 60 6d 8d cf b7 c3 de 55 02 9c 01 e6 8b 6d 0a 88 ed 2d 15 29 33 76 6d 26 48 d9 d5 28 bd 98 b5 81 ca b1 e3 12 d8 bb 61 35 13 59 6a d2 a8 29 63 61 f2 92 13 f8 e1 33 03 85 e9 05 d0 08 06 88 73 1e 46 81 20 c1 d9 24 4d 7f a7 9b 9b ae f5 1b 1a f2 ed 17 91 e7 e9 3e 55 a3 33 cd 8c 04 64 f9 04 00 a2 f3 11 e7 0e 09 80 b4 34 ab cd cd d5 89 06 44 bb 24 e6 36 62 36 40 56 8a 6f 45 c3 92 e6 c0 7a 8e e6 c3 28 05 94 e4 a5 39 f4 88 2f 2e 03 93 94 f2 bd 04 af eb 8e 22 01 a3 1a Data Ascii: 3@kj%@tt`4?}{6<MUH~-p$&aHnXo:n75M)_knXE`mUm-)3vm&H(a5Yj)ca3sF $M>U3d4D$6b6@VoEz(9/."
2024-10-02 10:16:30 UTC	1390	IN	Data Raw: d8 43 75 8e 66 09 40 82 c5 f4 87 9e df e7 0c 49 2e f1 85 3d 0b ea cb 82 b7 a1 d5 d1 1c 5d 4e 68 57 68 59 c6 d6 cf de bb 12 5c 63 d8 90 0c a3 05 fc 6d 08 3b 9e 73 81 e0 0e bd dc 6e 17 e6 4b c9 18 2c 4a f8 19 54 98 53 58 01 a0 6f 44 dc da 40 06 b1 d9 80 b3 d8 a1 21 fe 9c 70 09 a9 83 68 d7 17 24 fd 84 0b 3e 7d 4f 09 84 4d 9c 87 58 f2 30 a1 67 5c e1 2a 20 94 65 37 1f 58 4b 9f 4b 6f 58 8f c5 e9 6d 6b c9 9d 02 c3 85 92 fe 69 38 14 aa 59 b0 71 ca 95 33 fd ca 4b dc 53 a1 a1 11 b2 43 7d de 21 e0 6b d5 d6 c0 06 fb 61 21 1b 94 7b 99 9a ed 24 ee 71 d7 2b 0b a1 80 48 c6 7a 5d 10 0a 96 25 1b c4 bf c3 e3 37 20 a6 bf 8d 83 1e db da 82 7f c2 b0 b9 b9 09 78 2a c4 9b 43 10 e6 00 fb d0 7a 37 ae 1d 72 40 73 6c f1 e0 75 bd ee 27 6e df 98 c8 85 7b 28 ed 74 77 5a 00 03 6b d4 e7 Data Ascii: Cuf@I.=]NhWhY\cm;snK,JTSXoD@!ph$>}OMX0g\* e7XKKoXmki8Yq3KSC}!ka!{$q+Hz]%7 x*Cz7r@slu'n{(twZk
2024-10-02 10:16:30 UTC	1390	IN	Data Raw: 3d 62 43 e6 84 e3 41 ca 26 a6 61 a3 82 c6 ac c0 b4 44 74 ec 16 2d ae 5b 28 6c dd 50 50 e4 63 b4 2b 59 fc 5e 55 72 0d d8 8b e5 47 98 13 7e d8 f5 c5 ae ad 70 c9 c6 bc 81 d5 c6 01 fa 80 6e be 68 ae 8b 6a 96 d9 22 7c fb 47 cd d5 a8 b9 72 2b d4 f6 35 ed dc a9 6c 88 4f b0 d4 14 10 f3 7d 66 1a 28 ca ca 34 2e 88 41 bd 80 e6 1b 7a b4 a0 f9 a7 a1 a0 35 30 6f 52 92 fa fe 29 ed 4f 24 fc 64 47 b7 3a 5d f5 79 57 00 3d 90 66 2f 31 fe 54 c6 36 a4 b3 b5 e2 4d ac dd 47 40 b0 90 58 a1 0f ce bb 8a 81 71 c5 46 34 0c 4c 22 09 e3 d2 24 b8 b7 20 49 dc 44 68 d4 4b 8d 8c c2 ed 82 cf ff ff 73 b0 b8 8a 83 25 9a 83 c5 82 77 6d 24 24 bd c4 c0 9e 12 cd b7 12 9a 53 0c 1c 2a a9 78 cf 5b b3 be 95 b8 17 2a c7 7a fd 33 58 2a cd bd 32 c1 7b 32 83 7b c5 fa 27 32 9e 58 b7 66 d4 95 f2 e3 4a fd Data Ascii: =bCA&aDt-[(lPPc+Y^UrG~pnhj"\|Gr+5lO}f(4.Az50oR)O$dG:]yW=f/1T6MG@XqF4L"$ IDhKs%wm$$Sx[z3X*2{2{'2XfJ
2024-10-02 10:16:30 UTC	1390	IN	Data Raw: 1b ca 95 d0 89 da ac c3 b7 7b 6f 4a 7f a1 46 c7 61 74 92 a1 1d b5 1d 6c d9 51 4d 03 c7 e4 9f 16 8b c8 74 ad ae 8d 7d d7 63 39 af 1a 8b d1 ae 6a 4b 00 8c f7 a0 9d b4 e4 7a 60 a1 13 f3 75 fe 39 87 ed b7 f6 88 89 7f 89 d1 07 3a 66 fa 37 93 67 bd e4 aa 90 44 d3 60 a7 a7 03 98 71 23 02 39 d1 57 d4 c1 70 c7 ec 30 e3 90 d8 06 b3 fc 7a 44 41 ca 54 e7 e9 b6 54 2c ca 44 74 8a f6 50 11 7b 20 2b f9 db da aa 60 c7 d4 a5 b7 aa ef 05 e5 52 f3 d1 b4 e8 65 33 31 b3 14 84 29 85 88 e2 5d 84 9a e1 72 b5 d7 95 62 06 3c 34 40 2e 25 3c 2e c3 e7 e2 9d d1 3b c2 71 73 73 cd 07 23 2a 40 c9 e5 ce 88 cd 7a 67 69 0d 09 29 fa 23 b6 5a 9d df ac bd a3 30 e3 52 8c 86 ec b7 c6 80 f4 d2 ee 5a 5b f2 56 40 6f ad 03 3a 9a d7 a8 06 ac 6d 42 12 a8 e8 de 44 8e 32 3c 89 d1 25 26 8c f6 08 d5 dd a6 Data Ascii: {oJFatlQMt}c9jKz`u9:f7gD`q#9Wp0zDATT,DtP{ +`Re31)]rb<4@.%<.;qss#*@zgi)#Z0RZ[V@o:mBD2<%&
2024-10-02 10:16:30 UTC	1390	IN	Data Raw: e6 46 61 22 0c 5a 6b ed 56 94 f4 46 d9 1a 00 1a b9 a5 5b c8 ac 28 ba f9 91 39 b0 72 75 1c 90 c8 f0 82 8e 6f 2c ba d9 ea 6c 90 34 46 73 1d 2b 7b c0 79 63 b7 97 1f 8c 66 d5 bb 57 7e 75 9b b4 81 a3 5e 8e c6 42 1e c8 28 8d b5 2b e6 75 43 e7 f4 7f 45 e1 38 ea 88 46 d6 94 f7 84 49 db 9f e8 26 4b 36 7e b3 c9 69 55 93 a5 f2 b2 49 c3 8a 14 29 85 47 c2 e6 a9 74 bf e8 c0 03 e3 ab ca 20 41 49 69 c2 48 9f 50 d3 62 ce 8a bd 48 8a 37 20 d6 f8 29 3f 53 0d 4d 26 4f 53 ab 8b e4 49 aa 5d 8f 06 b2 cd 2d 94 a1 f3 0e 03 76 f9 16 94 1c 5c d0 11 fd 05 f6 d5 1f 8d cf 39 ed ad e1 3b c3 de 73 16 c9 ec 04 25 57 0d 6a 5a 42 e5 11 ca 9a 83 db c9 f1 7c e2 6e ce 34 3d 4b 61 ab 5d 3a be 73 ce 26 23 00 34 7c 52 06 01 d8 50 86 4d 49 f6 c1 6c 73 98 99 44 80 b0 7b 4a 0b e6 48 2b 0e 2f 16 b0 Data Ascii: Fa"ZkVF[(9ruo,l4Fs+{ycfW~u^B(+uCE8FI&K6~iUI)Gt AIiHPbH7 )?SM&OSI]-v\9;s%WjZB\|n4=Ka]:s&#4\|RPMIlsD{JH+/

Timestamp	Bytes transferred	Direction	Data
2024-10-02 10:16:31 UTC	470	OUT	GET /euPTmjj_6KOIZQJEA6eBnNPDVsQh79w_GUOZOjxdi8mCA2a5YlFg95RYLD3X8aJkxB0u=w36-h36 HTTP/1.1 Accept: image/png, image/svg+xml, image/jxr, image/;q=0.8, /*;q=0.5 Referer: https://support.google.com/picasa/answer/6383491?hl=en&visit_id=638634609885905976-1351747924&rd=3 Accept-Language: en-CH User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko Accept-Encoding: gzip, deflate Host: lh3.googleusercontent.com Connection: Keep-Alive
2024-10-02 10:16:32 UTC	531	IN	HTTP/1.1 200 OK Access-Control-Allow-Origin: * Timing-Allow-Origin: * Access-Control-Expose-Headers: Content-Length Content-Disposition: inline;filename="unnamed.png" X-Content-Type-Options: nosniff Server: fife Content-Length: 213 X-XSS-Protection: 0 Date: Wed, 02 Oct 2024 06:28:35 GMT Expires: Thu, 03 Oct 2024 06:28:35 GMT Cache-Control: public, max-age=86400, no-transform Age: 13677 ETag: "v1" Content-Type: image/png Vary: Origin Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2024-10-02 10:16:32 UTC	213	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 18 00 00 00 18 08 04 00 00 00 4a 7e f5 73 00 00 00 9c 49 44 41 54 78 01 bd 93 55 01 04 21 14 00 cf fb 9d d1 64 32 9c f4 80 4c eb 25 08 b0 ee ee cc d7 ca 00 cf 0e 7b 2f 6e 08 14 16 3a c4 42 21 b8 f5 fd fe c4 c5 af e1 f2 6c ff f9 c8 1f bf 83 1f c7 a6 f0 c3 ef e1 db bc 8c 3f c0 a3 1a aa 57 fd 1c bf ad c7 72 2d 04 81 df 2f c4 88 42 50 f8 23 90 85 60 8d 12 cc 42 d0 a3 ae a4 17 08 d6 28 c1 6c 06 dd 2f c8 05 69 bd e1 8e 2e dc f8 d6 58 d2 7c b1 70 ec 51 be 1c db 67 e2 d1 3a 40 8f be 99 bb 22 90 98 e8 10 13 89 28 42 dd 6b 05 95 2b bd 27 b9 11 c4 90 00 00 00 00 49 45 4e 44 ae 42 60 82 Data Ascii: PNGIHDRJ~sIDATxU!d2L%{/n:B!l?Wr-/BP#`B(l/i.X\|pQg:@"(Bk+'IENDB`

Timestamp	Bytes transferred	Direction	Data
2024-10-02 10:16:33 UTC	245	OUT	POST /dns-query HTTP/1.1 Host: chrome.cloudflare-dns.com Connection: keep-alive Content-Length: 128 Accept: application/dns-message Accept-Language: * User-Agent: Chrome Accept-Encoding: identity Content-Type: application/dns-message
2024-10-02 10:16:33 UTC	128	OUT	Data Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: wwwgstaticcom)TP
2024-10-02 10:16:33 UTC	247	IN	HTTP/1.1 200 OK Server: cloudflare Date: Wed, 02 Oct 2024 10:16:33 GMT Content-Type: application/dns-message Connection: close Access-Control-Allow-Origin: * Content-Length: 468 CF-RAY: 8cc3f0079e4b4201-EWR alt-svc: h3=":443"; ma=86400
2024-10-02 10:16:33 UTC	468	IN	Data Raw: 00 00 81 80 00 01 00 01 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 c0 0c 00 01 00 01 00 00 00 e1 00 04 8e fa 50 03 00 00 29 04 d0 00 00 00 00 01 98 00 0c 01 94 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: wwwgstaticcomP)

Timestamp	Bytes transferred	Direction	Data
2024-10-02 10:16:33 UTC	785	OUT	GET /_/scs/abc-static/_/js/k=gapi.gapi.en.SpvAvsXfWWo.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/am=AACA/rs=AHpOoo-MoqWi0fF1M09Ccs-6QfulXvxfdg/cb=gapi.loaded_0 HTTP/1.1 Accept: application/javascript, /;q=0.8 Referer: https://support.google.com/picasa/answer/6383491?hl=en&visit_id=638634609885905976-1351747924&rd=3 Accept-Language: en-CH User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko Accept-Encoding: gzip, deflate Host: apis.google.com Connection: Keep-Alive Cookie: NID=517=m-X95JoeCPCfoIHtcSxsmDi2wuwakqGlxl54bZGUpbMC8a-isGAbpG2Na1kJthkxyJutWyJR96BInrx1gm8GqFOkcoEY6cxDpArB931-8AEywgrSdlj_NkfkwtkvrNVCdHigO3n64T5OJjG2D0NbQ4RfOIRTD2zql-Sl_sWD3ScVAutPLTLnrvnwfcdARGW7_nOeLc_Xx6R7hL6-4RWij2UVns3pTxlpxWQcdbV_SDnZauyMgzVrmQ
2024-10-02 10:16:33 UTC	915	IN	HTTP/1.1 200 OK Accept-Ranges: bytes Access-Control-Allow-Origin: * Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/social-frontend-mpm-access Cross-Origin-Resource-Policy: cross-origin Cross-Origin-Opener-Policy: same-origin; report-to="social-frontend-mpm-access" Report-To: {"group":"social-frontend-mpm-access","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/social-frontend-mpm-access"}]} Content-Length: 126135 X-Content-Type-Options: nosniff Server: sffe X-XSS-Protection: 0 Date: Tue, 01 Oct 2024 08:20:52 GMT Expires: Wed, 01 Oct 2025 08:20:52 GMT Cache-Control: public, max-age=31536000 Last-Modified: Fri, 06 Sep 2024 22:07:50 GMT Content-Type: text/javascript; charset=UTF-8 Vary: Accept-Encoding Age: 93341 Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2024-10-02 10:16:33 UTC	475	IN	Data Raw: 67 61 70 69 2e 6c 6f 61 64 65 64 5f 30 28 66 75 6e 63 74 69 6f 6e 28 5f 29 7b 76 61 72 20 77 69 6e 64 6f 77 3d 74 68 69 73 3b 0a 5f 2e 5f 46 5f 74 6f 67 67 6c 65 73 5f 69 6e 69 74 69 61 6c 69 7a 65 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 28 74 79 70 65 6f 66 20 67 6c 6f 62 61 6c 54 68 69 73 21 3d 3d 22 75 6e 64 65 66 69 6e 65 64 22 3f 67 6c 6f 62 61 6c 54 68 69 73 3a 74 79 70 65 6f 66 20 73 65 6c 66 21 3d 3d 22 75 6e 64 65 66 69 6e 65 64 22 3f 73 65 6c 66 3a 74 68 69 73 29 2e 5f 46 5f 74 6f 67 67 6c 65 73 3d 61 7c 7c 5b 5d 7d 3b 28 30 2c 5f 2e 5f 46 5f 74 6f 67 67 6c 65 73 5f 69 6e 69 74 69 61 6c 69 7a 65 29 28 5b 30 78 38 30 30 30 30 30 2c 20 5d 29 3b 0a 76 61 72 20 62 61 2c 66 61 2c 68 61 2c 6e 61 2c 6f 61 2c 73 61 2c 75 61 2c 77 61 3b 62 61 3d 66 75 6e Data Ascii: gapi.loaded_0(function(_){var window=this;_._F_toggles_initialize=function(a){(typeof globalThis!=="undefined"?globalThis:typeof self!=="undefined"?self:this)._F_toggles=a\|\|[]};(0,_._F_toggles_initialize)([0x800000, ]);var ba,fa,ha,na,oa,sa,ua,wa;ba=fun
2024-10-02 10:16:33 UTC	1390	IN	Data Raw: 6e 20 61 3b 61 5b 62 5d 3d 63 2e 76 61 6c 75 65 3b 72 65 74 75 72 6e 20 61 7d 3b 0a 68 61 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 61 3d 5b 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 67 6c 6f 62 61 6c 54 68 69 73 26 26 67 6c 6f 62 61 6c 54 68 69 73 2c 61 2c 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 77 69 6e 64 6f 77 26 26 77 69 6e 64 6f 77 2c 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 73 65 6c 66 26 26 73 65 6c 66 2c 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 67 6c 6f 62 61 6c 26 26 67 6c 6f 62 61 6c 5d 3b 66 6f 72 28 76 61 72 20 62 3d 30 3b 62 3c 61 2e 6c 65 6e 67 74 68 3b 2b 2b 62 29 7b 76 61 72 20 63 3d 61 5b 62 5d 3b 69 66 28 63 26 26 63 2e 4d 61 74 68 3d 3d 4d 61 74 68 29 72 65 74 75 72 6e 20 63 7d 74 68 72 6f 77 20 45 Data Ascii: n a;a[b]=c.value;return a};ha=function(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw E
2024-10-02 10:16:33 UTC	1390	IN	Data Raw: 65 66 69 6e 65 64 22 26 26 53 79 6d 62 6f 6c 2e 69 74 65 72 61 74 6f 72 26 26 61 5b 53 79 6d 62 6f 6c 2e 69 74 65 72 61 74 6f 72 5d 3b 69 66 28 62 29 72 65 74 75 72 6e 20 62 2e 63 61 6c 6c 28 61 29 3b 69 66 28 74 79 70 65 6f 66 20 61 2e 6c 65 6e 67 74 68 3d 3d 22 6e 75 6d 62 65 72 22 29 72 65 74 75 72 6e 7b 6e 65 78 74 3a 62 61 28 61 29 7d 3b 74 68 72 6f 77 20 45 72 72 6f 72 28 22 62 60 22 2b 53 74 72 69 6e 67 28 61 29 29 3b 7d 3b 73 61 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 72 65 74 75 72 6e 20 4f 62 6a 65 63 74 2e 70 72 6f 74 6f 74 79 70 65 2e 68 61 73 4f 77 6e 50 72 6f 70 65 72 74 79 2e 63 61 6c 6c 28 61 2c 62 29 7d 3b 75 61 3d 74 79 70 65 6f 66 20 4f 62 6a 65 63 74 2e 61 73 73 69 67 6e 3d 3d 22 66 75 6e 63 74 69 6f 6e 22 3f 4f 62 6a 65 63 74 2e Data Ascii: efined"&&Symbol.iterator&&a[Symbol.iterator];if(b)return b.call(a);if(typeof a.length=="number")return{next:ba(a)};throw Error("b`"+String(a));};sa=function(a,b){return Object.prototype.hasOwnProperty.call(a,b)};ua=typeof Object.assign=="function"?Object.
2024-10-02 10:16:33 UTC	1390	IN	Data Raw: 3b 74 68 69 73 2e 51 72 3d 5b 5d 3b 74 68 69 73 2e 6a 56 3d 21 31 3b 76 61 72 20 6b 3d 74 68 69 73 2e 6a 46 28 29 3b 74 72 79 7b 68 28 6b 2e 72 65 73 6f 6c 76 65 2c 6b 2e 72 65 6a 65 63 74 29 7d 63 61 74 63 68 28 6c 29 7b 6b 2e 72 65 6a 65 63 74 28 6c 29 7d 7d 3b 65 2e 70 72 6f 74 6f 74 79 70 65 2e 6a 46 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 66 75 6e 63 74 69 6f 6e 20 68 28 6d 29 7b 72 65 74 75 72 6e 20 66 75 6e 63 74 69 6f 6e 28 6e 29 7b 6c 7c 7c 28 6c 3d 21 30 2c 6d 2e 63 61 6c 6c 28 6b 2c 6e 29 29 7d 7d 76 61 72 20 6b 3d 74 68 69 73 2c 6c 3d 21 31 3b 72 65 74 75 72 6e 7b 72 65 73 6f 6c 76 65 3a 68 28 74 68 69 73 2e 58 64 61 29 2c 72 65 6a 65 63 74 3a 68 28 74 68 69 73 2e 56 4a 29 7d 7d 3b 65 2e 70 72 6f 74 6f 74 79 70 65 2e 58 64 61 3d 66 75 6e 63 74 69 Data Ascii: ;this.Qr=[];this.jV=!1;var k=this.jF();try{h(k.resolve,k.reject)}catch(l){k.reject(l)}};e.prototype.jF=function(){function h(m){return function(n){l\|\|(l=!0,m.call(k,n))}}var k=this,l=!1;return{resolve:h(this.Xda),reject:h(this.VJ)}};e.prototype.Xda=functi
2024-10-02 10:16:33 UTC	1390	IN	Data Raw: 74 6f 74 79 70 65 2e 47 37 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 69 66 28 74 68 69 73 2e 51 72 21 3d 6e 75 6c 6c 29 7b 66 6f 72 28 76 61 72 20 68 3d 30 3b 68 3c 74 68 69 73 2e 51 72 2e 6c 65 6e 67 74 68 3b 2b 2b 68 29 66 2e 5a 4f 28 74 68 69 73 2e 51 72 5b 68 5d 29 3b 0a 74 68 69 73 2e 51 72 3d 6e 75 6c 6c 7d 7d 3b 76 61 72 20 66 3d 6e 65 77 20 62 3b 65 2e 70 72 6f 74 6f 74 79 70 65 2e 44 66 61 3d 66 75 6e 63 74 69 6f 6e 28 68 29 7b 76 61 72 20 6b 3d 74 68 69 73 2e 6a 46 28 29 3b 68 2e 6c 79 28 6b 2e 72 65 73 6f 6c 76 65 2c 6b 2e 72 65 6a 65 63 74 29 7d 3b 65 2e 70 72 6f 74 6f 74 79 70 65 2e 45 66 61 3d 66 75 6e 63 74 69 6f 6e 28 68 2c 6b 29 7b 76 61 72 20 6c 3d 74 68 69 73 2e 6a 46 28 29 3b 74 72 79 7b 68 2e 63 61 6c 6c 28 6b 2c 6c 2e 72 65 73 6f 6c 76 65 Data Ascii: totype.G7=function(){if(this.Qr!=null){for(var h=0;h<this.Qr.length;++h)f.ZO(this.Qr[h]);this.Qr=null}};var f=new b;e.prototype.Dfa=function(h){var k=this.jF();h.ly(k.resolve,k.reject)};e.prototype.Efa=function(h,k){var l=this.jF();try{h.call(k,l.resolve
2024-10-02 10:16:33 UTC	1390	IN	Data Raw: 65 67 75 6c 61 72 20 65 78 70 72 65 73 73 69 6f 6e 22 29 3b 72 65 74 75 72 6e 20 61 2b 22 22 7d 3b 0a 6e 61 28 22 53 74 72 69 6e 67 2e 70 72 6f 74 6f 74 79 70 65 2e 73 74 61 72 74 73 57 69 74 68 22 2c 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 61 3f 61 3a 66 75 6e 63 74 69 6f 6e 28 62 2c 63 29 7b 76 61 72 20 64 3d 45 61 28 74 68 69 73 2c 62 2c 22 73 74 61 72 74 73 57 69 74 68 22 29 2c 65 3d 64 2e 6c 65 6e 67 74 68 2c 66 3d 62 2e 6c 65 6e 67 74 68 3b 63 3d 4d 61 74 68 2e 6d 61 78 28 30 2c 4d 61 74 68 2e 6d 69 6e 28 63 7c 30 2c 64 2e 6c 65 6e 67 74 68 29 29 3b 66 6f 72 28 76 61 72 20 68 3d 30 3b 68 3c 66 26 26 63 3c 65 3b 29 69 66 28 64 5b 63 2b 2b 5d 21 3d 62 5b 68 2b 2b 5d 29 72 65 74 75 72 6e 21 31 3b 72 65 74 75 72 6e 20 68 3e 3d 66 7d 7d Data Ascii: egular expression");return a+""};na("String.prototype.startsWith",function(a){return a?a:function(b,c){var d=Ea(this,b,"startsWith"),e=d.length,f=b.length;c=Math.max(0,Math.min(c\|0,d.length));for(var h=0;h<f&&c<e;)if(d[c++]!=b[h++])return!1;return h>=f}}
2024-10-02 10:16:33 UTC	1390	IN	Data Raw: 68 69 73 2e 73 65 74 28 6d 5b 30 5d 2c 6d 5b 31 5d 29 7d 7d 3b 6b 2e 70 72 6f 74 6f 74 79 70 65 2e 73 65 74 3d 66 75 6e 63 74 69 6f 6e 28 6c 2c 6d 29 7b 69 66 28 21 63 28 6c 29 29 74 68 72 6f 77 20 45 72 72 6f 72 28 22 65 22 29 3b 64 28 6c 29 3b 69 66 28 21 73 61 28 6c 2c 66 29 29 74 68 72 6f 77 20 45 72 72 6f 72 28 22 66 60 22 2b 6c 29 3b 6c 5b 66 5d 5b 74 68 69 73 2e 47 61 5d 3d 6d 3b 72 65 74 75 72 6e 20 74 68 69 73 7d 3b 6b 2e 70 72 6f 74 6f 74 79 70 65 2e 67 65 74 3d 66 75 6e 63 74 69 6f 6e 28 6c 29 7b 72 65 74 75 72 6e 20 63 28 6c 29 26 26 73 61 28 6c 2c 66 29 3f 6c 5b 66 5d 5b 74 68 69 73 2e 47 61 5d 3a 76 6f 69 64 20 30 7d 3b 6b 2e 70 72 6f 74 6f 74 79 70 65 2e 68 61 73 3d 66 75 6e 63 74 69 6f 6e 28 6c 29 7b 72 65 74 75 72 6e 20 63 28 6c 29 26 26 Data Ascii: his.set(m[0],m[1])}};k.prototype.set=function(l,m){if(!c(l))throw Error("e");d(l);if(!sa(l,f))throw Error("f`"+l);l[f][this.Ga]=m;return this};k.prototype.get=function(l){return c(l)&&sa(l,f)?l[f][this.Ga]:void 0};k.prototype.has=function(l){return c(l)&&
2024-10-02 10:16:33 UTC	1390	IN	Data Raw: 74 2c 6b 2e 65 66 2e 6e 65 78 74 2e 55 6b 3d 0a 6b 2e 65 66 2e 55 6b 2c 6b 2e 65 66 2e 68 65 61 64 3d 6e 75 6c 6c 2c 74 68 69 73 2e 73 69 7a 65 2d 2d 2c 21 30 29 3a 21 31 7d 3b 63 2e 70 72 6f 74 6f 74 79 70 65 2e 63 6c 65 61 72 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 74 68 69 73 5b 30 5d 3d 7b 7d 3b 74 68 69 73 5b 31 5d 3d 74 68 69 73 5b 31 5d 2e 55 6b 3d 66 28 29 3b 74 68 69 73 2e 73 69 7a 65 3d 30 7d 3b 63 2e 70 72 6f 74 6f 74 79 70 65 2e 68 61 73 3d 66 75 6e 63 74 69 6f 6e 28 6b 29 7b 72 65 74 75 72 6e 21 21 64 28 74 68 69 73 2c 6b 29 2e 65 66 7d 3b 63 2e 70 72 6f 74 6f 74 79 70 65 2e 67 65 74 3d 66 75 6e 63 74 69 6f 6e 28 6b 29 7b 72 65 74 75 72 6e 28 6b 3d 64 28 74 68 69 73 2c 6b 29 2e 65 66 29 26 26 6b 2e 76 61 6c 75 65 7d 3b 63 2e 70 72 6f 74 6f 74 79 Data Ascii: t,k.ef.next.Uk=k.ef.Uk,k.ef.head=null,this.size--,!0):!1};c.prototype.clear=function(){this[0]={};this[1]=this[1].Uk=f();this.size=0};c.prototype.has=function(k){return!!d(this,k).ef};c.prototype.get=function(k){return(k=d(this,k).ef)&&k.value};c.prototy
2024-10-02 10:16:33 UTC	1390	IN	Data Raw: 69 7a 65 21 3d 31 7c 7c 64 2e 61 64 64 28 7b 78 3a 34 7d 29 21 3d 64 7c 7c 64 2e 73 69 7a 65 21 3d 32 29 72 65 74 75 72 6e 21 31 3b 76 61 72 20 65 3d 64 2e 65 6e 74 72 69 65 73 28 29 2c 66 3d 65 2e 6e 65 78 74 28 29 3b 69 66 28 66 2e 64 6f 6e 65 7c 7c 66 2e 76 61 6c 75 65 5b 30 5d 21 3d 63 7c 7c 66 2e 76 61 6c 75 65 5b 31 5d 21 3d 63 29 72 65 74 75 72 6e 21 31 3b 66 3d 65 2e 6e 65 78 74 28 29 3b 72 65 74 75 72 6e 20 66 2e 64 6f 6e 65 7c 7c 66 2e 76 61 6c 75 65 5b 30 5d 3d 3d 63 7c 7c 66 2e 76 61 6c 75 65 5b 30 5d 2e 78 21 3d 34 7c 7c 66 2e 76 61 6c 75 65 5b 31 5d 21 3d 66 2e 76 61 6c 75 65 5b 30 5d 3f 21 31 3a 65 2e 6e 65 78 74 28 29 2e 64 6f 6e 65 7d 63 61 74 63 68 28 68 29 7b 72 65 74 75 72 6e 21 31 7d 7d 28 29 29 72 65 74 75 72 6e 20 61 3b 76 61 72 20 Data Ascii: ize!=1\|\|d.add({x:4})!=d\|\|d.size!=2)return!1;var e=d.entries(),f=e.next();if(f.done\|\|f.value[0]!=c\|\|f.value[1]!=c)return!1;f=e.next();return f.done\|\|f.value[0]==c\|\|f.value[0].x!=4\|\|f.value[1]!=f.value[0]?!1:e.next().done}catch(h){return!1}}())return a;var
2024-10-02 10:16:33 UTC	1390	IN	Data Raw: 34 31 31 31 7c 7c 65 21 3d 3d 4d 61 74 68 2e 66 6c 6f 6f 72 28 65 29 29 74 68 72 6f 77 20 6e 65 77 20 52 61 6e 67 65 45 72 72 6f 72 28 22 69 6e 76 61 6c 69 64 5f 63 6f 64 65 5f 70 6f 69 6e 74 20 22 2b 65 29 3b 65 3c 3d 36 35 35 33 35 3f 63 2b 3d 53 74 72 69 6e 67 2e 66 72 6f 6d 43 68 61 72 43 6f 64 65 28 65 29 3a 28 65 2d 3d 36 35 35 33 36 2c 63 2b 3d 53 74 72 69 6e 67 2e 66 72 6f 6d 43 68 61 72 43 6f 64 65 28 65 3e 3e 3e 31 30 26 31 30 32 33 7c 35 35 32 39 36 29 2c 63 2b 3d 53 74 72 69 6e 67 2e 66 72 6f 6d 43 68 61 72 43 6f 64 65 28 65 26 31 30 32 33 7c 35 36 33 32 30 29 29 7d 72 65 74 75 72 6e 20 63 7d 7d 29 3b 6e 61 28 22 41 72 72 61 79 2e 70 72 6f 74 6f 74 79 70 65 2e 65 6e 74 72 69 65 73 22 2c 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 Data Ascii: 4111\|\|e!==Math.floor(e))throw new RangeError("invalid_code_point "+e);e<=65535?c+=String.fromCharCode(e):(e-=65536,c+=String.fromCharCode(e>>>10&1023\|55296),c+=String.fromCharCode(e&1023\|56320))}return c}});na("Array.prototype.entries",function(a){return

Timestamp	Bytes transferred	Direction	Data
2024-10-02 10:16:35 UTC	227	OUT	GET /favicon.ico HTTP/1.1 Accept: / UA-CPU: AMD64 Accept-Encoding: gzip, deflate User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Host: support.google.com Connection: Keep-Alive
2024-10-02 10:16:36 UTC	464	IN	HTTP/1.1 200 OK Content-Type: image/x-icon Cross-Origin-Resource-Policy: cross-origin Date: Wed, 02 Oct 2024 10:16:35 GMT Expires: Wed, 02 Oct 2024 10:16:35 GMT Cache-Control: private, max-age=300 X-Content-Type-Options: nosniff Server: support-content-ui X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2024-10-02 10:16:36 UTC	926	IN	Data Raw: 31 35 33 36 0d 0a 00 00 01 00 02 00 10 10 00 00 01 00 20 00 68 04 00 00 26 00 00 00 20 20 00 00 01 00 20 00 a8 10 00 00 8e 04 00 00 28 00 00 00 10 00 00 00 20 00 00 00 01 00 20 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff 30 fd fd fd 96 fd fd fd d8 fd fd fd f9 fd fd fd f9 fd fd fd d7 fd fd fd 94 fe fe fe 2e 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fe fe fe 09 fd fd fd 99 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd 95 ff ff ff 08 00 00 00 00 00 00 00 00 00 00 00 00 fe fe fe 09 fd fd fd c1 ff ff ff ff fa fd f9 ff b4 d9 a7 ff 76 ba 5d ff 58 ab 3a ff 58 aa 3a ff 72 b8 59 ff ac d5 9d Data Ascii: 1536 h& ( 0.v]X:X:rY
2024-10-02 10:16:36 UTC	1390	IN	Data Raw: fd c3 ff ff ff ff f9 f9 fe ff a5 ac f6 ff 5d 69 ee ff 3c 4a eb ff 3a 47 ea ff 5a 66 ee ff a2 a9 f5 ff f9 f9 fe ff ff ff ff ff fd fd fd c1 fe fe fe 09 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff 0a fd fd fd 9d ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd 99 fe fe fe 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fe fe fe 32 fd fd fd 99 fd fd fd db fd fd fd fa fd fd fd fa fd fd fd da fd fd fd 98 ff ff ff 30 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f0 0f 00 00 c0 03 00 00 80 01 00 00 80 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 01 00 00 80 01 00 00 c0 03 00 00 f0 0f 00 00 28 00 00 00 20 00 00 00 40 Data Ascii: ]i<J:GZf20( @
2024-10-02 10:16:36 UTC	1390	IN	Data Raw: 53 a8 34 ff 77 a0 37 ff e3 89 41 ff f4 85 42 ff f4 85 42 ff fc d8 c3 ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd fa fe fe fe 23 00 00 00 00 00 00 00 00 fd fd fd 9d ff ff ff ff ff ff ff ff ff ff ff ff ea f4 e6 ff 5b ac 3e ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 67 b2 4c ff cc e5 c2 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff e0 ef da ff a8 b1 63 ff f1 85 42 ff f4 85 42 ff f4 85 42 ff f4 85 42 ff f5 90 54 ff fe f9 f6 ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd 9a 00 00 00 00 fe fe fe 0e fd fd fd f6 ff ff ff ff ff ff ff ff ff ff ff ff 82 c7 8f ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 75 b9 5c ff f2 f9 f0 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff Data Ascii: S4w7ABB#[>S4S4S4S4gLcBBBBTS4S4S4S4u\
2024-10-02 10:16:36 UTC	1390	IN	Data Raw: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd 99 fe fe fe 5a ff ff ff ff ff ff ff ff ff ff ff ff dd f6 fe ff 07 b9 fb ff 20 77 f1 ff 35 43 ea ff 35 43 ea ff 48 55 ec ff ee f0 fd ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fe fe fe 57 ff ff ff 0f fd fd fd f7 ff ff ff ff ff ff ff ff ff ff ff ff 6d 90 f4 ff 35 43 ea ff 35 43 ea ff 35 43 ea ff 35 43 ea ff 61 6c ef ff f2 f2 fe ff ff ff ff ff ff ff ff ff ff ff ff ff ff Data Ascii: Z w5C5CHUWm5C5C5C5Cal
2024-10-02 10:16:36 UTC	342	IN	Data Raw: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd f6 fd fd fd 9d fe fe fe 25 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fe fe fe 0e fe fe fe 5a fd fd fd 9c fd fd fd cb fd fd fd ed fd fd fd fa fd fd fd fa fd fd fd ec fd fd fd cb fd fd fd 9c fe fe fe 59 fe fe fe 0e 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff c0 03 ff ff 00 00 ff fc 00 00 3f f8 00 00 1f f0 00 00 0f e0 00 00 07 c0 00 00 03 c0 00 00 03 80 00 00 01 80 00 00 01 00 00 00 Data Ascii: %ZY?
2024-10-02 10:16:36 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0