Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
file.exe

Overview

General Information

Sample name:file.exe
Analysis ID:1632159
MD5:ed3e56e82616299362c06be3db4b4501
SHA1:aba484f0fcca2f4049738be60a2261139ff5cb22
SHA256:a6aa68fe529c45fbc83557b73308846911369230c0ca911652c851d682f60c87
Tags:NETexeMSILVidaruser-jstrosch
Infos:

Detection

Vidar
Score:100
Range:0 - 100
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Attempt to bypass Chrome Application-Bound Encryption
Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected Vidar stealer
C2 URLs / IPs found in malware configuration
Contains functionality to inject code into remote processes
Found many strings related to Crypto-Wallets (likely being stolen)
Injects a PE file into a foreign processes
Joe Sandbox ML detected suspicious sample
Monitors registry run keys for changes
Searches for specific processes (likely to inject)
Tries to harvest and steal Bitcoin Wallet information
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to steal Crypto Currency Wallets
AV process strings found (often used to terminate AV products)
Allocates memory with a write watch (potentially for evading sandboxes)
Binary contains a suspicious time stamp
Checks if the current process is being debugged
Contains functionality to dynamically determine API calls
Contains functionality to query locales information (e.g. system language)
Contains functionality to read the PEB
Contains functionality to record screenshots
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Extensive use of GetProcAddress (often used to hide API calls)
Found decision node followed by non-executed suspicious APIs
Found evasive API chain (date check)
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
One or more processes crash
PE file contains sections with non-standard names
Queries information about the installed CPU (vendor, model number etc)
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Sigma detected: Browser Started with Remote Debugging
Uses Microsoft's Enhanced Cryptographic Provider
Yara detected Credential Stealer
Yara signature match

Classification

Process Tree

  • System is w10x64
  • file.exe (PID: 6936 cmdline: "C:\Users\user\Desktop\file.exe" MD5: ED3E56E82616299362C06BE3DB4B4501)
    • file.exe (PID: 6960 cmdline: "C:\Users\user\Desktop\file.exe" MD5: ED3E56E82616299362C06BE3DB4B4501)
      • chrome.exe (PID: 1304 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default" MD5: E81F54E6C1129887AEA47E7D092680BF)
        • chrome.exe (PID: 3576 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2420,i,1879571237387738867,10453943320962855917,262144 --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2548 /prefetch:3 MD5: E81F54E6C1129887AEA47E7D092680BF)
      • msedge.exe (PID: 7936 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory="Default" MD5: 69222B8101B0601CC6663F8381E7E00F)
        • msedge.exe (PID: 8156 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2512 --field-trial-handle=2312,i,271099577594506018,1403885451667962874,262144 /prefetch:3 MD5: 69222B8101B0601CC6663F8381E7E00F)
      • cmd.exe (PID: 8072 cmdline: "C:\Windows\system32\cmd.exe" /c timeout /t 11 & rd /s /q "C:\ProgramData\ymg4o" & exit MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
        • conhost.exe (PID: 5188 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • timeout.exe (PID: 892 cmdline: timeout /t 11 MD5: 976566BEEFCCA4A159ECBDB2D4B1A3E3)
    • WerFault.exe (PID: 7064 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 6936 -s 800 MD5: C31336C1EFC2CCB44B4326EA793040F2)
  • msedge.exe (PID: 8184 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory=Default --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate MD5: 69222B8101B0601CC6663F8381E7E00F)
    • msedge.exe (PID: 2300 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2788 --field-trial-handle=2244,i,2275257019305872411,4464955084961015424,262144 /prefetch:3 MD5: 69222B8101B0601CC6663F8381E7E00F)
    • msedge.exe (PID: 8024 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=6680 --field-trial-handle=2244,i,2275257019305872411,4464955084961015424,262144 /prefetch:8 MD5: 69222B8101B0601CC6663F8381E7E00F)
    • msedge.exe (PID: 8152 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=6852 --field-trial-handle=2244,i,2275257019305872411,4464955084961015424,262144 /prefetch:8 MD5: 69222B8101B0601CC6663F8381E7E00F)
    • msedge.exe (PID: 6108 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceuserer --lang=en-GB --service-sandbox-type=search_indexer --message-loop-type-ui --mojo-platform-channel-handle=6776 --field-trial-handle=2244,i,2275257019305872411,4464955084961015424,262144 /prefetch:8 MD5: 69222B8101B0601CC6663F8381E7E00F)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
VidarVidar is a forked malware based on Arkei. It seems this stealer is one of the first that is grabbing information on 2FA Software and Tor Browser.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.vidar

Malware Configuration

Threatname: Vidar

{"C2 url": "https://steamcommunity.com/profiles/76561199829660832", "Botnet": "ir7am"}

Yara Signatures

PCAP (Network Traffic)

SourceRuleDescriptionAuthorStrings
sslproxydump.pcapJoeSecurity_Vidar_1Yara detected Vidar stealerJoe Security

    Memory Dumps

    SourceRuleDescriptionAuthorStrings
    00000001.00000002.1980324743.0000000001256000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
      00000001.00000002.1979891635.0000000000400000.00000040.00000400.00020000.00000000.sdmpinfostealer_win_vidar_strings_nov23Finds Vidar samples based on the specific stringsSekoia.io
      • 0x1fcca:$str01: MachineID:
      • 0x1ef53:$str02: Work Dir: In memory
      • 0x1fd01:$str03: [Hardware]
      • 0x1fcb3:$str04: VideoCard:
      • 0x1f6b5:$str05: [Processes]
      • 0x1f6c1:$str06: [Software]
      • 0x1efd0:$str07: information.txt
      • 0x1fa36:$str08: %s\*
      • 0x1fa83:$str08: %s\*
      • 0x1f206:$str11: Software\Martin Prikryl\WinSCP 2\Configuration
      • 0x1f59f:$str12: UseMasterPassword
      • 0x1fd0d:$str13: Soft: WinSCP
      • 0x1f7eb:$str14: <Pass encoding="base64">
      • 0x1fcf0:$str15: Soft: FileZilla
      • 0x1efc2:$str16: passwords.txt
      • 0x1f5ca:$str17: build_id
      • 0x1f679:$str18: file_data
      Process Memory Space: file.exe PID: 6960JoeSecurity_Vidar_1Yara detected Vidar stealerJoe Security
        Process Memory Space: file.exe PID: 6960JoeSecurity_CredentialStealerYara detected Credential StealerJoe Security

          Unpacked PEs

          SourceRuleDescriptionAuthorStrings
          1.2.file.exe.400000.0.raw.unpackinfostealer_win_vidar_strings_nov23Finds Vidar samples based on the specific stringsSekoia.io
          • 0x1fcca:$str01: MachineID:
          • 0x1ef53:$str02: Work Dir: In memory
          • 0x1fd01:$str03: [Hardware]
          • 0x1fcb3:$str04: VideoCard:
          • 0x1f6b5:$str05: [Processes]
          • 0x1f6c1:$str06: [Software]
          • 0x1efd0:$str07: information.txt
          • 0x1fa36:$str08: %s\*
          • 0x1fa83:$str08: %s\*
          • 0x1f206:$str11: Software\Martin Prikryl\WinSCP 2\Configuration
          • 0x1f59f:$str12: UseMasterPassword
          • 0x1fd0d:$str13: Soft: WinSCP
          • 0x1f7eb:$str14: <Pass encoding="base64">
          • 0x1fcf0:$str15: Soft: FileZilla
          • 0x1efc2:$str16: passwords.txt
          • 0x1f5ca:$str17: build_id
          • 0x1f679:$str18: file_data
          0.2.file.exe.3649550.0.raw.unpackinfostealer_win_vidar_strings_nov23Finds Vidar samples based on the specific stringsSekoia.io
          • 0x430ea:$str01: MachineID:
          • 0x42373:$str02: Work Dir: In memory
          • 0x43121:$str03: [Hardware]
          • 0x430d3:$str04: VideoCard:
          • 0x42ad5:$str05: [Processes]
          • 0x42ae1:$str06: [Software]
          • 0x423f0:$str07: information.txt
          • 0x42e56:$str08: %s\*
          • 0x42ea3:$str08: %s\*
          • 0x42626:$str11: Software\Martin Prikryl\WinSCP 2\Configuration
          • 0x429bf:$str12: UseMasterPassword
          • 0x4312d:$str13: Soft: WinSCP
          • 0x42c0b:$str14: <Pass encoding="base64">
          • 0x43110:$str15: Soft: FileZilla
          • 0x423e2:$str16: passwords.txt
          • 0x429ea:$str17: build_id
          • 0x42a99:$str18: file_data
          1.2.file.exe.400000.0.unpackinfostealer_win_vidar_strings_nov23Finds Vidar samples based on the specific stringsSekoia.io
          • 0x1e2ca:$str01: MachineID:
          • 0x1d553:$str02: Work Dir: In memory
          • 0x1e301:$str03: [Hardware]
          • 0x1e2b3:$str04: VideoCard:
          • 0x1dcb5:$str05: [Processes]
          • 0x1dcc1:$str06: [Software]
          • 0x1d5d0:$str07: information.txt
          • 0x1e036:$str08: %s\*
          • 0x1e083:$str08: %s\*
          • 0x1d806:$str11: Software\Martin Prikryl\WinSCP 2\Configuration
          • 0x1db9f:$str12: UseMasterPassword
          • 0x1e30d:$str13: Soft: WinSCP
          • 0x1ddeb:$str14: <Pass encoding="base64">
          • 0x1e2f0:$str15: Soft: FileZilla
          • 0x1d5c2:$str16: passwords.txt
          • 0x1dbca:$str17: build_id
          • 0x1dc79:$str18: file_data

          Sigma Signatures

          System Summary

          barindex
          Sigma detected: Browser Started with Remote Debugging
          Source: Process startedAuthor: pH-T (Nextron Systems), Nasreddine Bencherchali (Nextron Systems): Data: Command: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default", CommandLine: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default", CommandLine|base64offset|contains: ^", Image: C:\Program Files\Google\Chrome\Application\chrome.exe, NewProcessName: C:\Program Files\Google\Chrome\Application\chrome.exe, OriginalFileName: C:\Program Files\Google\Chrome\Application\chrome.exe, ParentCommandLine: "C:\Users\user\Desktop\file.exe", ParentImage: C:\Users\user\Desktop\file.exe, ParentProcessId: 6960, ParentProcessName: file.exe, ProcessCommandLine: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default", ProcessId: 1304, ProcessName: chrome.exe

          Suricata Signatures

          TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
          2025-03-07T20:09:46.368130+010020442471Malware Command and Control Activity Detected95.217.27.252443192.168.2.1049689TCP
          TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
          2025-03-07T20:09:49.613253+010020518311Malware Command and Control Activity Detected95.217.27.252443192.168.2.1049693TCP
          TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
          2025-03-07T20:09:46.367880+010020490871A Network Trojan was detected192.168.2.104968995.217.27.252443TCP
          TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
          2025-03-07T20:09:52.772047+010020593311Malware Command and Control Activity Detected192.168.2.104969595.217.27.252443TCP
          2025-03-07T20:09:54.409890+010020593311Malware Command and Control Activity Detected192.168.2.104969795.217.27.252443TCP
          2025-03-07T20:09:55.367746+010020593311Malware Command and Control Activity Detected192.168.2.104969895.217.27.252443TCP
          2025-03-07T20:09:57.570002+010020593311Malware Command and Control Activity Detected192.168.2.104969995.217.27.252443TCP
          2025-03-07T20:10:00.479969+010020593311Malware Command and Control Activity Detected192.168.2.104970095.217.27.252443TCP
          2025-03-07T20:10:09.691001+010020593311Malware Command and Control Activity Detected192.168.2.104971995.217.27.252443TCP
          2025-03-07T20:10:10.789038+010020593311Malware Command and Control Activity Detected192.168.2.104972295.217.27.252443TCP
          2025-03-07T20:10:12.636637+010020593311Malware Command and Control Activity Detected192.168.2.104972395.217.27.252443TCP
          2025-03-07T20:10:13.676765+010020593311Malware Command and Control Activity Detected192.168.2.104972495.217.27.252443TCP
          2025-03-07T20:10:17.852285+010020593311Malware Command and Control Activity Detected192.168.2.104972595.217.27.252443TCP
          2025-03-07T20:10:25.090936+010020593311Malware Command and Control Activity Detected192.168.2.104973695.217.27.252443TCP
          2025-03-07T20:10:26.322989+010020593311Malware Command and Control Activity Detected192.168.2.104974695.217.27.252443TCP
          2025-03-07T20:10:28.059233+010020593311Malware Command and Control Activity Detected192.168.2.104976895.217.27.252443TCP
          2025-03-07T20:10:32.152780+010020593311Malware Command and Control Activity Detected192.168.2.104978995.217.27.252443TCP
          2025-03-07T20:10:51.297278+010020593311Malware Command and Control Activity Detected192.168.2.104983995.217.27.252443TCP
          2025-03-07T20:10:53.530578+010020593311Malware Command and Control Activity Detected192.168.2.104984095.217.27.252443TCP
          TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
          2025-03-07T20:09:55.367746+010028596361Malware Command and Control Activity Detected192.168.2.104969895.217.27.252443TCP
          2025-03-07T20:09:57.570002+010028596361Malware Command and Control Activity Detected192.168.2.104969995.217.27.252443TCP
          2025-03-07T20:10:00.479969+010028596361Malware Command and Control Activity Detected192.168.2.104970095.217.27.252443TCP
          2025-03-07T20:10:12.636637+010028596361Malware Command and Control Activity Detected192.168.2.104972395.217.27.252443TCP
          2025-03-07T20:10:13.676765+010028596361Malware Command and Control Activity Detected192.168.2.104972495.217.27.252443TCP
          2025-03-07T20:10:17.852285+010028596361Malware Command and Control Activity Detected192.168.2.104972595.217.27.252443TCP
          2025-03-07T20:10:26.322989+010028596361Malware Command and Control Activity Detected192.168.2.104974695.217.27.252443TCP
          2025-03-07T20:10:28.059233+010028596361Malware Command and Control Activity Detected192.168.2.104976895.217.27.252443TCP
          2025-03-07T20:10:32.152780+010028596361Malware Command and Control Activity Detected192.168.2.104978995.217.27.252443TCP
          TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
          2025-03-07T20:09:40.177516+010028593781Malware Command and Control Activity Detected192.168.2.104968795.217.27.252443TCP

          Joe Sandbox Signatures

          Click to jump to signature section

          Show All Signature Results

          AV Detection

          barindex
          Antivirus / Scanner detection for submitted sample
          Source: file.exeAvira: detected
          Antivirus detection for URL or domain
          Source: https://go.f.goldenloafuae.comAvira URL Cloud: Label: malware
          Source: https://go.f.goldenloafuae.com/Avira URL Cloud: Label: malware
          Found malware configuration
          Source: 0.2.file.exe.3649550.0.raw.unpackMalware Configuration Extractor: Vidar {"C2 url": "https://steamcommunity.com/profiles/76561199829660832", "Botnet": "ir7am"}
          Multi AV Scanner detection for submitted file
          Source: file.exeVirustotal: Detection: 74%Perma Link
          Source: file.exeReversingLabs: Detection: 86%
          Joe Sandbox ML detected suspicious sample
          Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
          Source: C:\Users\user\Desktop\file.exeCode function: 1_2_00406A10 StrStrA,lstrlenA,LocalAlloc,CryptUnprotectData,LocalAlloc,LocalFree,lstrlenA,1_2_00406A10
          Source: C:\Users\user\Desktop\file.exeCode function: 1_2_00410830 CryptBinaryToStringA,GetProcessHeap,RtlAllocateHeap,CryptBinaryToStringA,GetLastError,GetProcessHeap,HeapFree,1_2_00410830
          Source: C:\Users\user\Desktop\file.exeCode function: 1_2_0040A150 BCryptCloseAlgorithmProvider,BCryptDestroyKey,BCryptCloseAlgorithmProvider,1_2_0040A150
          Source: C:\Users\user\Desktop\file.exeCode function: 1_2_00406CF0 LocalAlloc,BCryptDecrypt,1_2_00406CF0
          Source: C:\Users\user\Desktop\file.exeCode function: 1_2_00406940 BCryptCloseAlgorithmProvider,BCryptDestroyKey,1_2_00406940
          Source: C:\Users\user\Desktop\file.exeCode function: 1_2_0040A560 StrCmpCA,BCryptCloseAlgorithmProvider,BCryptDestroyKey,BCryptCloseAlgorithmProvider,BCryptDestroyKey,1_2_0040A560
          Source: C:\Users\user\Desktop\file.exeCode function: 1_2_00406980 BCryptOpenAlgorithmProvider,BCryptSetProperty,BCryptGenerateSymmetricKey,BCryptCloseAlgorithmProvider,BCryptDestroyKey,1_2_00406980
          Source: unknownHTTPS traffic detected: 149.154.167.99:443 -> 192.168.2.10:49681 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 95.217.27.252:443 -> 192.168.2.10:49683 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 95.217.27.252:443 -> 192.168.2.10:49723 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 95.217.27.252:443 -> 192.168.2.10:49724 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 95.217.27.252:443 -> 192.168.2.10:49812 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 95.217.27.252:443 -> 192.168.2.10:49839 version: TLS 1.2
          Source: file.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
          Source: Binary string: System.Windows.Forms.pdb source: WERF266.tmp.dmp.4.dr
          Source: Binary string: mscorlib.pdb source: WERF266.tmp.dmp.4.dr
          Source: Binary string: System.ni.pdbRSDS source: WERF266.tmp.dmp.4.dr
          Source: Binary string: System.Windows.Forms.pdbMZ@ source: WERF266.tmp.dmp.4.dr
          Source: Binary string: mscorlib.ni.pdb source: WERF266.tmp.dmp.4.dr
          Source: Binary string: System.pdb) source: WERF266.tmp.dmp.4.dr
          Source: Binary string: mscorlib.ni.pdbRSDS source: WERF266.tmp.dmp.4.dr
          Source: Binary string: Initial.pdb source: WERF266.tmp.dmp.4.dr
          Source: Binary string: C:\Users\Admin\source\repos\Initial\Initial\obj\Release\Initial.pdb source: file.exe
          Source: Binary string: System.ni.pdb source: WERF266.tmp.dmp.4.dr
          Source: Binary string: System.pdb source: WERF266.tmp.dmp.4.dr
          Source: C:\Users\user\Desktop\file.exeCode function: 1_2_00414E70 wsprintfA,FindFirstFileA,DeleteFileA,FindNextFileA,strlen,wsprintfA,StrCmpCA,wsprintfA,wsprintfA,PathMatchSpecA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,CopyFileA,FindClose,1_2_00414E70
          Source: C:\Users\user\Desktop\file.exeCode function: 1_2_00407210 ExpandEnvironmentStringsA,FindFirstFileA,FindNextFileA,strlen,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,CopyFileA,StrCmpCA,CopyFileA,Sleep,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,CopyFileA,DeleteFileA,StrCmpCA,memset,lstrcatA,lstrcatA,lstrcatA,lstrcatA,CopyFileA,DeleteFileA,memset,lstrcatA,lstrcatA,lstrcatA,lstrcatA,FindClose,1_2_00407210
          Source: C:\Users\user\Desktop\file.exeCode function: 1_2_0040B6B0 FindFirstFileA,FindNextFileA,strlen,StrCmpCA,CopyFileA,Sleep,DeleteFileA,FindClose,1_2_0040B6B0
          Source: C:\Users\user\Desktop\file.exeCode function: 1_2_00415EB0 SHGetFolderPathA,wsprintfA,FindFirstFileA,FindNextFileA,FindNextFileA,FindNextFileA,strcpy,_splitpath,strcpy,strlen,isupper,wsprintfA,strcpy,strlen,SHFileOperationA,FindClose,1_2_00415EB0
          Source: C:\Users\user\Desktop\file.exeCode function: 1_2_00408360 FindFirstFileA,CopyFileA,FindNextFileA,FindNextFileA,FindNextFileA,strlen,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,FindClose,1_2_00408360
          Source: C:\Users\user\Desktop\file.exeCode function: 1_2_00413FD0 wsprintfA,FindFirstFileA,FindNextFileA,strlen,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,FindClose,1_2_00413FD0
          Source: C:\Users\user\Desktop\file.exeCode function: 1_2_004013F0 FindFirstFileA,FindClose,FindNextFileA,strlen,FindFirstFileA,DeleteFileA,FindNextFileA,CopyFileA,CopyFileA,DeleteFileA,FindClose,1_2_004013F0
          Source: C:\Users\user\Desktop\file.exeCode function: 1_2_00413580 wsprintfA,FindFirstFileA,memset,memset,FindNextFileA,strlen,wsprintfA,StrCmpCA,wsprintfA,wsprintfA,memset,lstrcatA,strtok_s,SymMatchString,strtok_s,memset,lstrcatA,strtok_s,PathMatchSpecA,DeleteFileA,DeleteFileA,CopyFileA,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,DeleteFileA,FindClose,1_2_00413580
          Source: C:\Users\user\Desktop\file.exeCode function: 1_2_004097B0 FindFirstFileA,FindNextFileA,strlen,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,1_2_004097B0
          Source: C:\Users\user\Desktop\file.exeCode function: 1_2_0040ACD0 wsprintfA,FindFirstFileA,FindNextFileA,FindNextFileA,FindNextFileA,strlen,lstrlenA,DeleteFileA,CopyFileA,FindClose,1_2_0040ACD0
          Source: C:\Users\user\Desktop\file.exeCode function: 1_2_00408C90 lstrcpyA,lstrcatA,FindFirstFileA,FindNextFileA,strlen,lstrcpyA,lstrcatA,lstrcatA,lstrcatA,memset,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcpyA,lstrcatA,lstrcatA,lstrcatA,CopyFileA,CopyFileA,CopyFileA,CopyFileA,CopyFileA,CopyFileA,CopyFileA,CopyFileA,CopyFileA,CopyFileA,FindFirstFileA,FindNextFileA,strlen,lstrcpyA,lstrcatA,lstrcatA,lstrcatA,lstrcpyA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,CopyFileA,FindClose,FindClose,DeleteFileA,_invalid_parameter_noinfo_noreturn,1_2_00408C90
          Source: C:\Users\user\Desktop\file.exeCode function: 1_2_00414950 GetProcessHeap,HeapAlloc,wsprintfA,FindFirstFileA,wsprintfA,CopyFileA,DeleteFileA,FindNextFileA,strlen,FindClose,lstrcatA,lstrcatA,lstrcatA,lstrlenA,lstrlenA,1_2_00414950
          Source: C:\Users\user\Desktop\file.exeCode function: 1_2_00409560 ??2@YAPAXI@Z,??2@YAPAXI@Z,_invalid_parameter_noinfo_noreturn,FindFirstFileA,FindNextFileA,strlen,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,1_2_00409560
          Source: C:\Users\user\Desktop\file.exeCode function: 1_2_00413AF0 SymMatchString,SymMatchString,SymMatchString,GetLogicalDriveStringsA,memset,GetDriveTypeA,lstrcpyA,lstrcpyA,lstrcpyA,lstrlenA,1_2_00413AF0
          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\Jump to behavior
          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\css\Jump to behavior
          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\html\Jump to behavior
          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\images\Jump to behavior
          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\Jump to behavior
          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\Jump to behavior
          Source: chrome.exeMemory has grown: Private usage: 14MB later: 39MB

          Networking

          barindex
          Suricata IDS alerts for network traffic
          Source: Network trafficSuricata IDS: 2059331 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2 : 192.168.2.10:49697 -> 95.217.27.252:443
          Source: Network trafficSuricata IDS: 2059331 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2 : 192.168.2.10:49695 -> 95.217.27.252:443
          Source: Network trafficSuricata IDS: 2859378 - Severity 1 - ETPRO MALWARE Win32/Stealc/Vidar Stealer Host Details Exfil (POST) M2 : 192.168.2.10:49687 -> 95.217.27.252:443
          Source: Network trafficSuricata IDS: 2049087 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M1 : 192.168.2.10:49689 -> 95.217.27.252:443
          Source: Network trafficSuricata IDS: 2059331 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2 : 192.168.2.10:49719 -> 95.217.27.252:443
          Source: Network trafficSuricata IDS: 2059331 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2 : 192.168.2.10:49698 -> 95.217.27.252:443
          Source: Network trafficSuricata IDS: 2859636 - Severity 1 - ETPRO MALWARE Vidar/StealC CnC Exfil via SQL Database (POST) : 192.168.2.10:49698 -> 95.217.27.252:443
          Source: Network trafficSuricata IDS: 2059331 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2 : 192.168.2.10:49723 -> 95.217.27.252:443
          Source: Network trafficSuricata IDS: 2859636 - Severity 1 - ETPRO MALWARE Vidar/StealC CnC Exfil via SQL Database (POST) : 192.168.2.10:49723 -> 95.217.27.252:443
          Source: Network trafficSuricata IDS: 2059331 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2 : 192.168.2.10:49724 -> 95.217.27.252:443
          Source: Network trafficSuricata IDS: 2859636 - Severity 1 - ETPRO MALWARE Vidar/StealC CnC Exfil via SQL Database (POST) : 192.168.2.10:49724 -> 95.217.27.252:443
          Source: Network trafficSuricata IDS: 2059331 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2 : 192.168.2.10:49746 -> 95.217.27.252:443
          Source: Network trafficSuricata IDS: 2859636 - Severity 1 - ETPRO MALWARE Vidar/StealC CnC Exfil via SQL Database (POST) : 192.168.2.10:49746 -> 95.217.27.252:443
          Source: Network trafficSuricata IDS: 2059331 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2 : 192.168.2.10:49700 -> 95.217.27.252:443
          Source: Network trafficSuricata IDS: 2859636 - Severity 1 - ETPRO MALWARE Vidar/StealC CnC Exfil via SQL Database (POST) : 192.168.2.10:49700 -> 95.217.27.252:443
          Source: Network trafficSuricata IDS: 2059331 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2 : 192.168.2.10:49768 -> 95.217.27.252:443
          Source: Network trafficSuricata IDS: 2859636 - Severity 1 - ETPRO MALWARE Vidar/StealC CnC Exfil via SQL Database (POST) : 192.168.2.10:49768 -> 95.217.27.252:443
          Source: Network trafficSuricata IDS: 2051831 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config M1 : 95.217.27.252:443 -> 192.168.2.10:49693
          Source: Network trafficSuricata IDS: 2044247 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config : 95.217.27.252:443 -> 192.168.2.10:49689
          Source: Network trafficSuricata IDS: 2059331 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2 : 192.168.2.10:49699 -> 95.217.27.252:443
          Source: Network trafficSuricata IDS: 2859636 - Severity 1 - ETPRO MALWARE Vidar/StealC CnC Exfil via SQL Database (POST) : 192.168.2.10:49699 -> 95.217.27.252:443
          Source: Network trafficSuricata IDS: 2059331 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2 : 192.168.2.10:49725 -> 95.217.27.252:443
          Source: Network trafficSuricata IDS: 2859636 - Severity 1 - ETPRO MALWARE Vidar/StealC CnC Exfil via SQL Database (POST) : 192.168.2.10:49725 -> 95.217.27.252:443
          Source: Network trafficSuricata IDS: 2059331 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2 : 192.168.2.10:49722 -> 95.217.27.252:443
          Source: Network trafficSuricata IDS: 2059331 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2 : 192.168.2.10:49736 -> 95.217.27.252:443
          Source: Network trafficSuricata IDS: 2059331 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2 : 192.168.2.10:49789 -> 95.217.27.252:443
          Source: Network trafficSuricata IDS: 2859636 - Severity 1 - ETPRO MALWARE Vidar/StealC CnC Exfil via SQL Database (POST) : 192.168.2.10:49789 -> 95.217.27.252:443
          Source: Network trafficSuricata IDS: 2059331 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2 : 192.168.2.10:49839 -> 95.217.27.252:443
          Source: Network trafficSuricata IDS: 2059331 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2 : 192.168.2.10:49840 -> 95.217.27.252:443
          C2 URLs / IPs found in malware configuration
          Source: Malware configuration extractorURLs: https://steamcommunity.com/profiles/76561199829660832
          Source: global trafficHTTP traffic detected: GET /l793oy HTTP/1.1Host: t.meConnection: Keep-AliveCache-Control: no-cache
          Source: Joe Sandbox ViewIP Address: 23.44.201.19 23.44.201.19
          Source: Joe Sandbox ViewIP Address: 2.22.242.105 2.22.242.105
          Source: Joe Sandbox ViewIP Address: 149.154.167.99 149.154.167.99
          Source: Joe Sandbox ViewIP Address: 149.154.167.99 149.154.167.99
          Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
          Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.26
          Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.26
          Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.26
          Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.26
          Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.26
          Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.26
          Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.26
          Source: unknownTCP traffic detected without corresponding DNS query: 23.209.72.8
          Source: unknownTCP traffic detected without corresponding DNS query: 23.209.72.8
          Source: unknownTCP traffic detected without corresponding DNS query: 23.209.72.8
          Source: unknownTCP traffic detected without corresponding DNS query: 23.209.72.8
          Source: unknownTCP traffic detected without corresponding DNS query: 23.209.72.8
          Source: unknownTCP traffic detected without corresponding DNS query: 23.209.72.8
          Source: unknownTCP traffic detected without corresponding DNS query: 40.79.150.121
          Source: unknownTCP traffic detected without corresponding DNS query: 40.79.150.121
          Source: unknownTCP traffic detected without corresponding DNS query: 40.79.150.121
          Source: unknownTCP traffic detected without corresponding DNS query: 104.117.182.33
          Source: unknownTCP traffic detected without corresponding DNS query: 104.117.182.33
          Source: unknownTCP traffic detected without corresponding DNS query: 104.117.182.33
          Source: unknownTCP traffic detected without corresponding DNS query: 104.117.182.33
          Source: unknownTCP traffic detected without corresponding DNS query: 104.117.182.33
          Source: unknownTCP traffic detected without corresponding DNS query: 104.117.182.33
          Source: unknownTCP traffic detected without corresponding DNS query: 104.117.182.33
          Source: unknownTCP traffic detected without corresponding DNS query: 104.117.182.33
          Source: unknownTCP traffic detected without corresponding DNS query: 104.117.182.33
          Source: unknownTCP traffic detected without corresponding DNS query: 104.117.182.33
          Source: unknownTCP traffic detected without corresponding DNS query: 104.117.182.33
          Source: unknownTCP traffic detected without corresponding DNS query: 104.117.182.33
          Source: unknownTCP traffic detected without corresponding DNS query: 104.117.182.33
          Source: unknownTCP traffic detected without corresponding DNS query: 104.117.182.33
          Source: unknownTCP traffic detected without corresponding DNS query: 104.117.182.33
          Source: unknownTCP traffic detected without corresponding DNS query: 18.173.132.94
          Source: unknownTCP traffic detected without corresponding DNS query: 18.173.132.94
          Source: unknownTCP traffic detected without corresponding DNS query: 18.173.132.94
          Source: unknownTCP traffic detected without corresponding DNS query: 23.44.201.19
          Source: unknownTCP traffic detected without corresponding DNS query: 23.44.201.19
          Source: unknownTCP traffic detected without corresponding DNS query: 23.44.201.19
          Source: unknownTCP traffic detected without corresponding DNS query: 23.44.201.19
          Source: unknownTCP traffic detected without corresponding DNS query: 23.44.201.19
          Source: unknownTCP traffic detected without corresponding DNS query: 23.44.201.19
          Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.219
          Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.219
          Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.219
          Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.219
          Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.219
          Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.219
          Source: unknownTCP traffic detected without corresponding DNS query: 23.209.72.8
          Source: unknownTCP traffic detected without corresponding DNS query: 23.209.72.8
          Source: unknownTCP traffic detected without corresponding DNS query: 23.209.72.8
          Source: unknownTCP traffic detected without corresponding DNS query: 23.209.72.8
          Source: C:\Users\user\Desktop\file.exeCode function: 1_2_00403850 InternetOpenA,StrCmpCA,InternetConnectA,HttpOpenRequestA,InternetSetOptionA,HttpSendRequestA,HttpQueryInfoA,InternetReadFile,InternetCloseHandle,InternetCloseHandle,1_2_00403850
          Source: global trafficHTTP traffic detected: GET /l793oy HTTP/1.1Host: t.meConnection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) Chrome/131.0.0.0 Safari/537.36 OPR/116.0.0.0Host: go.f.goldenloafuae.comConnection: Keep-AliveCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyA2KlwBX3mkFo30om9LUFYQhpqLoa_BNhE HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CJe2yQEIo7bJAQipncoBCJr0ygEIlqHLAQiKo8sBCIWgzQEI/aXOAQiB1s4BCMnczgEI4ODOAQjl484BCK/kzgEIyOTOAQjf5M4BCIvlzgEIjuXOAQ==Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
          Source: global trafficHTTP traffic detected: GET /async/ddljson?async=ntp:2 HTTP/1.1Host: www.google.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
          Source: global trafficHTTP traffic detected: GET /async/newtab_ogb?hl=en-US&async=fixed:0 HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CJe2yQEIo7bJAQipncoBCJr0ygEIlqHLAQiKo8sBCIWgzQEI/aXOAQiB1s4BCMnczgEI4ODOAQjl484BCK/kzgEIyOTOAQjf5M4BCIvlzgEIjuXOAQ==Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
          Source: global trafficHTTP traffic detected: GET /async/newtab_promos HTTP/1.1Host: www.google.comConnection: keep-aliveSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
          Source: global trafficHTTP traffic detected: GET /edge/ntp?locale=en-GB&title=New%20tab&dsp=1&sp=Bing&isFREModalBackground=1&startpage=1&PC=U531 HTTP/1.1Host: ntp.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"sec-ch-ua-platform-version: "10.0.0"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7sec-edge-ntp: {"back_block":0,"bg_cur":{},"bg_img_typ":"bing","exp":["msQuickLinksDefaultOneRow","msShoppingWebAssistOnNtp","msShoppingHistogramsOnNtp","msEnableWinHPNewTabBackButtonFocusAndClose","msCustomMaxQuickLinks","msMaxQuickLinksAt20","msAllowThemeInstallationFromChromeStore","msEdgeSplitWindowPrivateTarget","msEdgeSplitWindowLinkMode"],"feed":0,"feed_dis":"onscroll","layout":1,"quick_links_opt":1,"sel_feed_piv":"","show_greet":true,"vt_opened":false}Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
          Source: global trafficHTTP traffic detected: GET /bundles/v1/edgeChromium/latest/SSR-extension.867cdfd625d830718faf.js HTTP/1.1Host: ntp.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://ntp.msn.comsec-ch-viewport-height: 876sec-ch-ua-arch: "x86"sec-ch-viewport-width: 1232sec-ch-ua-platform-version: "10.0.0"downlink: 1.45sec-ch-ua-full-version-list: "Microsoft Edge";v="117.0.2045.47", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-prefers-color-scheme: lightsec-ch-ua-platform: "Windows"device-memory: 8rtt: 100sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-full-version: "117.0.2045.47"sec-ch-dpr: 1ect: 4gAccept: */*sec-edge-ntp: {"back_block":0,"bg_cur":{},"bg_img_typ":"bing","exp":["msQuickLinksDefaultOneRow","msShoppingWebAssistOnNtp","msShoppingHistogramsOnNtp","msEnableWinHPNewTabBackButtonFocusAndClose","msCustomMaxQuickLinks","msMaxQuickLinksAt20","msAllowThemeInstallationFromChromeStore","msEdgeSplitWindowPrivateTarget","msEdgeSplitWindowLinkMode"],"feed":0,"feed_dis":"onscroll","layout":1,"quick_links_opt":1,"sel_feed_piv":"","show_greet":true,"vt_opened":false}Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://ntp.msn.com/edge/ntp?locale=en-GB&title=New%20tab&dsp=1&sp=Bing&isFREModalBackground=1&startpage=1&PC=U531Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: _C_ETH=1; sptmarket=en-GB||us|en-us|en-us|en||cf=8|RefA=F9E0D1F8CE8D467F9EFF30F7E8492571.RefC=2025-03-07T19:10:22Z; USRLOC=; MUID=2AE5DD6B582E6D0F30EDC8C359996CFE; MUIDB=2AE5DD6B582E6D0F30EDC8C359996CFE; _EDGE_S=F=1&SID=22D27E42445C674A35C26BEA458E66F7; _EDGE_V=1
          Source: global trafficHTTP traffic detected: GET /bundles/v1/edgeChromium/latest/web-worker.948ffa5ea2d441a35f55.js HTTP/1.1Host: ntp.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-viewport-height: 876sec-ch-ua-arch: "x86"sec-ch-viewport-width: 1232sec-ch-ua-platform-version: "10.0.0"downlink: 1.45sec-ch-ua-bitness: "64"sec-ch-ua-full-version-list: "Microsoft Edge";v="117.0.2045.47", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-model: ""sec-ch-prefers-color-scheme: lightsec-ch-ua-platform: "Windows"device-memory: 8rtt: 100sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-full-version: "117.0.2045.47"sec-ch-dpr: 1ect: 4gAccept: */*sec-edge-ntp: {"back_block":0,"bg_cur":{},"bg_img_typ":"bing","exp":["msQuickLinksDefaultOneRow","msShoppingWebAssistOnNtp","msShoppingHistogramsOnNtp","msEnableWinHPNewTabBackButtonFocusAndClose","msCustomMaxQuickLinks","msMaxQuickLinksAt20","msAllowThemeInstallationFromChromeStore","msEdgeSplitWindowPrivateTarget","msEdgeSplitWindowLinkMode"],"feed":0,"feed_dis":"onscroll","layout":1,"quick_links_opt":1,"sel_feed_piv":"","show_greet":true,"vt_opened":false}Sec-Fetch-Site: same-originSec-Fetch-Mode: same-originSec-Fetch-Dest: workerReferer: https://ntp.msn.com/edge/ntp?locale=en-GB&title=New%20tab&dsp=1&sp=Bing&isFREModalBackground=1&startpage=1&PC=U531Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: _C_ETH=1; sptmarket=en-GB||us|en-us|en-us|en||cf=8|RefA=F9E0D1F8CE8D467F9EFF30F7E8492571.RefC=2025-03-07T19:10:22Z; USRLOC=; MUID=2AE5DD6B582E6D0F30EDC8C359996CFE; MUIDB=2AE5DD6B582E6D0F30EDC8C359996CFE; _EDGE_S=F=1&SID=22D27E42445C674A35C26BEA458E66F7; _EDGE_V=1
          Source: global trafficHTTP traffic detected: GET /crx/blobs/Ad_brx23lef_cW590ESOTTAroOhZ9si0XFJIUC52j2ILHW1VLB5ou6c0RgLWwGr1aRJJZ0WPNyiPBYgIpWfykvhKW-6BLzMRsp9ykw5f6ReBQmPpO6WB9pcSJPfykLTHDjYAxlKa5bf72z8tHS5eXuTavTP1h4WZBjSs/GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_89_1_0.crx HTTP/1.1Host: clients2.googleusercontent.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
          Source: global trafficHTTP traffic detected: GET /bundles/v1/edgeChromium/latest/vendors.5d0f28115e15fcff20c5.js HTTP/1.1Host: assets.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://ntp.msn.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
          Source: global trafficHTTP traffic detected: GET /bundles/v1/edgeChromium/latest/microsoft.4fa8815283fe3d88a934.js HTTP/1.1Host: assets.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://ntp.msn.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
          Source: global trafficHTTP traffic detected: GET /bundles/v1/edgeChromium/latest/common.005fa5d1a45c7a2d7a6d.js HTTP/1.1Host: assets.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://ntp.msn.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
          Source: global trafficHTTP traffic detected: GET /bundles/v1/edgeChromium/latest/experience.712fce86a817d16b2c92.js HTTP/1.1Host: assets.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://ntp.msn.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
          Source: global trafficHTTP traffic detected: GET /statics/icons/favicon_newtabpage.png HTTP/1.1Host: assets.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: _C_ETH=1; USRLOC=; MUID=2AE5DD6B582E6D0F30EDC8C359996CFE; _EDGE_S=F=1&SID=22D27E42445C674A35C26BEA458E66F7; _EDGE_V=1
          Source: global trafficHTTP traffic detected: GET /c.gif?rnd=1741374632730&udc=true&pg.n=default&pg.t=dhp&pg.c=547&pg.p=anaheim&rf=&tp=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2520tab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp&cvs=Browser&di=340&st.dpt=&st.sdpt=antp&subcvs=homepage&lng=en-us&rid=f9e0d1f8ce8d467f9eff30f7e8492571&activityId=f9e0d1f8ce8d467f9eff30f7e8492571&d.imd=false&scr=1280x1024&anoncknm=app_anon&issso=&aadState=0 HTTP/1.1Host: c.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: _C_ETH=1; USRLOC=; MUID=2AE5DD6B582E6D0F30EDC8C359996CFE; _EDGE_S=F=1&SID=22D27E42445C674A35C26BEA458E66F7; _EDGE_V=1
          Source: global trafficHTTP traffic detected: GET /b?rn=1741374632731&c1=2&c2=3000001&cs_ucfr=1&c7=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2Btab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp%26mkt%3Den-us&c8=New+tab&c9=&cs_fpid=2AE5DD6B582E6D0F30EDC8C359996CFE&cs_fpit=o&cs_fpdm=*null&cs_fpdt=*null HTTP/1.1Host: sb.scorecardresearch.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
          Source: global trafficHTTP traffic detected: GET /edge/ntp?locale=en-GB&title=New+tab&enableForceCache=true HTTP/1.1Host: ntp.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-viewport-height: 876sec-ch-ua-arch: "x86"sec-ch-viewport-width: 1232sec-ch-ua-platform-version: "10.0.0"downlink: 1.4sec-ch-ua-bitness: "64"sec-ch-ua-full-version-list: "Microsoft Edge";v="117.0.2045.47", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-model: ""sec-ch-prefers-color-scheme: lightsec-ch-ua-platform: "Windows"device-memory: 8rtt: 500sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-full-version: "117.0.2045.47"sec-ch-dpr: 1ect: 3gAccept: */*sec-edge-ntp: {"back_block":0,"bg_cur":{},"bg_img_typ":"bing","exp":["msQuickLinksDefaultOneRow","msShoppingWebAssistOnNtp","msShoppingHistogramsOnNtp","msEnableWinHPNewTabBackButtonFocusAndClose","msCustomMaxQuickLinks","msMaxQuickLinksAt20","msAllowThemeInstallationFromChromeStore","msEdgeSplitWindowPrivateTarget","msEdgeSplitWindowLinkMode"],"feed":0,"feed_dis":"onscroll","layout":1,"quick_links_opt":1,"sel_feed_piv":"","show_greet":true,"vt_opened":false}Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://ntp.msn.com/edge/ntp?locale=en-GB&title=New%20tab&dsp=1&sp=Bing&isFREModalBackground=1&startpage=1&PC=U531Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: _C_Auth=; pglt-edgeChromium-dhp=547; sptmarket=en-GB||us|en-us|en-us|en||cf=8|RefA=F9E0D1F8CE8D467F9EFF30F7E8492571.RefC=2025-03-07T19:10:22Z; USRLOC=; MUID=2AE5DD6B582E6D0F30EDC8C359996CFE; MUIDB=2AE5DD6B582E6D0F30EDC8C359996CFE; _EDGE_S=F=1&SID=22D27E42445C674A35C26BEA458E66F7; _EDGE_V=1; MicrosoftApplicationsTelemetryDeviceId=e471404a-d276-4094-b764-d4b1c22f660a; ai_session=U9WGQ6DhZJ9+s92aVEj+l5|1741374632726|1741374632726; sptmarket_restored=en-GB||us|en-us|en-us|en||cf=8|RefA=F9E0D1F8CE8D467F9EFF30F7E8492571.RefC=2025-03-07T19:10:22Z
          Source: global trafficHTTP traffic detected: GET /edge/ntp/service-worker.js?bundles=latest&riverAgeMinutes=2880&navAgeMinutes=2880&networkTimeoutSeconds=5&bgTaskNetworkTimeoutSeconds=8&ssrBasePageNavAgeMinutes=360&enableEmptySectionRoute=true&enableNavPreload=true&enableFallbackVerticalsFeed=true&noCacheLayoutTemplates=true&cacheSSRBasePageResponse=true&enableStaticAdsRouting=true&enableWidgetsRegion=true HTTP/1.1Host: ntp.msn.comConnection: keep-aliveCache-Control: max-age=0Accept: */*Service-Worker: scriptUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-edge-ntp: {"back_block":0,"bg_cur":{"configIndex":20,"imageId":"BB1msyCF","provider":"CMSImage","userSelected":false},"bg_img_typ":"bing","exp":["msQuickLinksDefaultOneRow","msShoppingWebAssistOnNtp","msShoppingHistogramsOnNtp","msEnableWinHPNewTabBackButtonFocusAndClose","msCustomMaxQuickLinks","msMaxQuickLinksAt20","msAllowThemeInstallationFromChromeStore","msEdgeSplitWindowPrivateTarget","msEdgeSplitWindowLinkMode"],"feed":0,"feed_dis":"onscroll","layout":1,"quick_links_opt":1,"sel_feed_piv":"myFeed","show_greet":true,"vt_opened":false,"wpo_nx":{"v":"2","wgt":{"src":"default"}}}Sec-Fetch-Site: same-originSec-Fetch-Mode: same-originSec-Fetch-Dest: serviceworkerReferer: https://ntp.msn.com/edge/ntp?locale=en-GB&title=New%20tab&dsp=1&sp=Bing&isFREModalBackground=1&startpage=1&PC=U531Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: _C_Auth=; pglt-edgeChromium-dhp=547; sptmarket=en-GB||us|en-us|en-us|en||cf=8|RefA=F9E0D1F8CE8D467F9EFF30F7E8492571.RefC=2025-03-07T19:10:22Z; USRLOC=; MUID=2AE5DD6B582E6D0F30EDC8C359996CFE; MUIDB=2AE5DD6B582E6D0F30EDC8C359996CFE; _EDGE_S=F=1&SID=22D27E42445C674A35C26BEA458E66F7; _EDGE_V=1; MicrosoftApplicationsTelemetryDeviceId=e471404a-d276-4094-b764-d4b1c22f660a; ai_session=U9WGQ6DhZJ9+s92aVEj+l5|1741374632726|1741374632726; sptmarket_restored=en-GB||us|en-us|en-us|en||cf=8|RefA=F9E0D1F8CE8D467F9EFF30F7E8492571.RefC=2025-03-07T19:10:22Z
          Source: global trafficHTTP traffic detected: GET /b2?rn=1741374632731&c1=2&c2=3000001&cs_ucfr=1&c7=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2Btab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp%26mkt%3Den-us&c8=New+tab&c9=&cs_fpid=2AE5DD6B582E6D0F30EDC8C359996CFE&cs_fpit=o&cs_fpdm=*null&cs_fpdt=*null HTTP/1.1Host: sb.scorecardresearch.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: UID=1B78a5df139ff85e4ba78191741374635; XID=1B78a5df139ff85e4ba78191741374635
          Source: global trafficHTTP traffic detected: GET /c.gif?rnd=1741374632730&udc=true&pg.n=default&pg.t=dhp&pg.c=547&pg.p=anaheim&rf=&tp=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2520tab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp&cvs=Browser&di=340&st.dpt=&st.sdpt=antp&subcvs=homepage&lng=en-us&rid=f9e0d1f8ce8d467f9eff30f7e8492571&activityId=f9e0d1f8ce8d467f9eff30f7e8492571&d.imd=false&scr=1280x1024&anoncknm=app_anon&issso=&aadState=0&ctsa=mr&CtsSyncId=C21CDA202D0C4DF6AABBACB9D6B1AF10&MUID=2AE5DD6B582E6D0F30EDC8C359996CFE HTTP/1.1Host: c.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: USRLOC=; MUID=2AE5DD6B582E6D0F30EDC8C359996CFE; _EDGE_S=F=1&SID=22D27E42445C674A35C26BEA458E66F7; _EDGE_V=1; SM=T; _C_ETH=1; msnup=%7B%22cnex%22%3A%22no%22%7D
          Source: 33bbe23d-6b16-4242-9819-814f54b4872d.tmp.20.drString found in binary or memory: "url": "https://www.youtube.com" equals www.youtube.com (Youtube)
          Source: 000003.log10.20.drString found in binary or memory: "www.facebook.com": "{\"Tier1\": [1103, 6061], \"Tier2\": [5445, 1780, 8220]}", equals www.facebook.com (Facebook)
          Source: 000003.log10.20.drString found in binary or memory: "www.linkedin.com": "{\"Tier1\": [1103, 214, 6061], \"Tier2\": [2771, 9515, 1780, 1303, 1099, 6081, 5581, 9396]}", equals www.linkedin.com (Linkedin)
          Source: 000003.log10.20.drString found in binary or memory: "www.youtube.com": "{\"Tier1\": [983, 6061, 1103], \"Tier2\": [2413, 8118, 1720, 5007]}", equals www.youtube.com (Youtube)
          Source: chrome.exe, 0000000E.00000002.1458955069.0000028401120000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.1454536201.00000284004E0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: %https://www.youtube.com/?feature=ytca equals www.youtube.com (Youtube)
          Source: chrome.exe, 0000000E.00000003.1381796184.000002840189C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: <!--_html_template_end_-->`}const FACEBOOK_APP_ID=738026486351791;class DoodleShareDialogElement extends CrLitElement{constructor(){super(...arguments);this.url={url:""}}static get is(){return"ntp-doodle-share-dialog"}static get styles(){return getCss$2()}render(){return getHtml$2.bind(this)()}static get properties(){return{title:{type:String},url:{type:Object}}}onFacebookClick_(){const url="https://www.facebook.com/dialog/share"+`?app_id=${FACEBOOK_APP_ID}`+`&href=${encodeURIComponent(this.url.url)}`+`&hashtag=${encodeURIComponent("#GoogleDoodle")}`;WindowProxy.getInstance().open(url);this.notifyShare_(DoodleShareChannel.kFacebook)}onTwitterClick_(){const url="https://twitter.com/intent/tweet"+`?text=${encodeURIComponent(`${this.title}\n${this.url.url}`)}`;WindowProxy.getInstance().open(url);this.notifyShare_(DoodleShareChannel.kTwitter)}onEmailClick_(){const url=`mailto:?subject=${encodeURIComponent(this.title)}`+`&body=${encodeURIComponent(this.url.url)}`;WindowProxy.getInstance().navigate(url);this.notifyShare_(DoodleShareChannel.kEmail)}onCopyClick_(){this.$.url.select();navigator.clipboard.writeText(this.url.url);this.notifyShare_(DoodleShareChannel.kLinkCopy)}onCloseClick_(){this.$.dialog.close()}notifyShare_(channel){this.fire("share",channel)}}customElements.define(DoodleShareDialogElement.is,DoodleShareDialogElement);let instance$3=null;function getCss$1(){return instance$3||(instance$3=[...[getCss$4()],css`:host{--ntp-logo-height:168px;display:flex;flex-direction:column;flex-shrink:0;justify-content:flex-end;min-height:var(--ntp-logo-height)}:host([doodle-boxed_]){justify-content:flex-end}#logo{forced-color-adjust:none;height:92px;width:272px}:host([single-colored]) #logo{-webkit-mask-image:url(icons/google_logo.svg);-webkit-mask-repeat:no-repeat;-webkit-mask-size:100%;background-color:var(--ntp-logo-color)}:host(:not([single-colored])) #logo{background-image:url(icons/google_logo.svg)}#imageDoodle{cursor:pointer;outline:0}#imageDoodle[tabindex='-1']{cursor:auto}:host([doodle-boxed_]) #imageDoodle{background-color:var(--ntp-logo-box-color);border-radius:20px;padding:16px 24px}:host-context(.focus-outline-visible) #imageDoodle:focus{box-shadow:0 0 0 2px rgba(var(--google-blue-600-rgb),.4)}#imageContainer{display:flex;height:fit-content;position:relative;width:fit-content}#image{max-height:var(--ntp-logo-height);max-width:100%}:host([doodle-boxed_]) #image{max-height:128px}#animation{height:100%;pointer-events:none;position:absolute;width:100%}#doodle{position:relative}#shareButton{background-color:var(--color-new-tab-page-doodle-share-button-background,none);border:none;height:32px;min-width:32px;padding:0;position:absolute;width:32px;bottom:0}:host-context([dir=ltr]) #shareButton{right:-40px}:host-context([dir=rtl]) #shareButton{left:-40px}#shareButtonIcon{width:18px;height:18px;margin:7px;vertical-align:bottom;mask-image:url(chrome://new-tab-page/icons/share_unfilled.svg);background-color:var(--color-new-tab-page-doodle-share-button-i
          Source: chrome.exe, 0000000E.00000003.1381796184.000002840189C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: <!--_html_template_end_-->`}const FACEBOOK_APP_ID=738026486351791;class DoodleShareDialogElement extends CrLitElement{constructor(){super(...arguments);this.url={url:""}}static get is(){return"ntp-doodle-share-dialog"}static get styles(){return getCss$2()}render(){return getHtml$2.bind(this)()}static get properties(){return{title:{type:String},url:{type:Object}}}onFacebookClick_(){const url="https://www.facebook.com/dialog/share"+`?app_id=${FACEBOOK_APP_ID}`+`&href=${encodeURIComponent(this.url.url)}`+`&hashtag=${encodeURIComponent("#GoogleDoodle")}`;WindowProxy.getInstance().open(url);this.notifyShare_(DoodleShareChannel.kFacebook)}onTwitterClick_(){const url="https://twitter.com/intent/tweet"+`?text=${encodeURIComponent(`${this.title}\n${this.url.url}`)}`;WindowProxy.getInstance().open(url);this.notifyShare_(DoodleShareChannel.kTwitter)}onEmailClick_(){const url=`mailto:?subject=${encodeURIComponent(this.title)}`+`&body=${encodeURIComponent(this.url.url)}`;WindowProxy.getInstance().navigate(url);this.notifyShare_(DoodleShareChannel.kEmail)}onCopyClick_(){this.$.url.select();navigator.clipboard.writeText(this.url.url);this.notifyShare_(DoodleShareChannel.kLinkCopy)}onCloseClick_(){this.$.dialog.close()}notifyShare_(channel){this.fire("share",channel)}}customElements.define(DoodleShareDialogElement.is,DoodleShareDialogElement);let instance$3=null;function getCss$1(){return instance$3||(instance$3=[...[getCss$4()],css`:host{--ntp-logo-height:168px;display:flex;flex-direction:column;flex-shrink:0;justify-content:flex-end;min-height:var(--ntp-logo-height)}:host([doodle-boxed_]){justify-content:flex-end}#logo{forced-color-adjust:none;height:92px;width:272px}:host([single-colored]) #logo{-webkit-mask-image:url(icons/google_logo.svg);-webkit-mask-repeat:no-repeat;-webkit-mask-size:100%;background-color:var(--ntp-logo-color)}:host(:not([single-colored])) #logo{background-image:url(icons/google_logo.svg)}#imageDoodle{cursor:pointer;outline:0}#imageDoodle[tabindex='-1']{cursor:auto}:host([doodle-boxed_]) #imageDoodle{background-color:var(--ntp-logo-box-color);border-radius:20px;padding:16px 24px}:host-context(.focus-outline-visible) #imageDoodle:focus{box-shadow:0 0 0 2px rgba(var(--google-blue-600-rgb),.4)}#imageContainer{display:flex;height:fit-content;position:relative;width:fit-content}#image{max-height:var(--ntp-logo-height);max-width:100%}:host([doodle-boxed_]) #image{max-height:128px}#animation{height:100%;pointer-events:none;position:absolute;width:100%}#doodle{position:relative}#shareButton{background-color:var(--color-new-tab-page-doodle-share-button-background,none);border:none;height:32px;min-width:32px;padding:0;position:absolute;width:32px;bottom:0}:host-context([dir=ltr]) #shareButton{right:-40px}:host-context([dir=rtl]) #shareButton{left:-40px}#shareButtonIcon{width:18px;height:18px;margin:7px;vertical-align:bottom;mask-image:url(chrome://new-tab-page/icons/share_unfilled.svg);background-color:var(--color-new-tab-page-doodle-share-button-i
          Source: chrome.exe, 0000000E.00000002.1458955069.0000028401120000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.1454536201.00000284004E0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: @https://www.youtube.com/s/notifications/manifest/cr_install.html equals www.youtube.com (Youtube)
          Source: chrome.exe, 0000000E.00000002.1459668522.00000284013A0000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.1459437515.00000284012AC000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/ equals www.youtube.com (Youtube)
          Source: chrome.exe, 0000000E.00000002.1458955069.0000028401120000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.1454536201.00000284004E0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/: equals www.youtube.com (Youtube)
          Source: chrome.exe, 0000000E.00000002.1459982546.000002840148C000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.1459668522.00000284013A0000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.1459437515.00000284012AC000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/?feature=ytca equals www.youtube.com (Youtube)
          Source: chrome.exe, 0000000E.00000002.1458955069.0000028401120000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.1454536201.00000284004E0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/J equals www.youtube.com (Youtube)
          Source: chrome.exe, 0000000E.00000002.1463324303.0000028401B80000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.1459556132.0000028401344000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000E.00000003.1375375796.0000028401344000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/s/notifications/manifest/cr_install.html equals www.youtube.com (Youtube)
          Source: chrome.exe, 0000000E.00000002.1459556132.0000028401344000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000E.00000003.1375375796.0000028401344000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/s/notifications/manifest/cr_install.htmlr equals www.youtube.com (Youtube)
          Source: chrome.exe, 0000000E.00000002.1459982546.000002840148C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: www.youtube.com:443 equals www.youtube.com (Youtube)
          Source: global trafficDNS traffic detected: DNS query: t.me
          Source: global trafficDNS traffic detected: DNS query: go.f.goldenloafuae.com
          Source: global trafficDNS traffic detected: DNS query: www.google.com
          Source: global trafficDNS traffic detected: DNS query: ntp.msn.com
          Source: global trafficDNS traffic detected: DNS query: bzib.nelreports.net
          Source: global trafficDNS traffic detected: DNS query: clients2.googleusercontent.com
          Source: global trafficDNS traffic detected: DNS query: chrome.cloudflare-dns.com
          Source: global trafficDNS traffic detected: DNS query: sb.scorecardresearch.com
          Source: global trafficDNS traffic detected: DNS query: c.msn.com
          Source: global trafficDNS traffic detected: DNS query: assets.msn.com
          Source: global trafficDNS traffic detected: DNS query: api.msn.com
          Source: unknownHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----9zcba1nym7gv3e3oh47gUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) Chrome/131.0.0.0 Safari/537.36 OPR/116.0.0.0Host: go.f.goldenloafuae.comContent-Length: 255Connection: Keep-AliveCache-Control: no-cache
          Source: msedge.exe, 00000012.00000003.1546766775.0000461C00434000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/1423136
          Source: msedge.exe, 00000012.00000003.1546766775.0000461C00434000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/2162
          Source: msedge.exe, 00000012.00000003.1546766775.0000461C00434000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/2517
          Source: msedge.exe, 00000012.00000003.1546766775.0000461C00434000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/2970
          Source: msedge.exe, 00000012.00000003.1546766775.0000461C00434000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3078
          Source: msedge.exe, 00000012.00000003.1546766775.0000461C00434000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3205
          Source: msedge.exe, 00000012.00000003.1546845265.0000461C003E4000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000012.00000003.1546766775.0000461C00434000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3206
          Source: msedge.exe, 00000012.00000003.1546766775.0000461C00434000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3452
          Source: msedge.exe, 00000012.00000003.1546766775.0000461C00434000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3498
          Source: msedge.exe, 00000012.00000003.1546766775.0000461C00434000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3502
          Source: msedge.exe, 00000012.00000003.1546766775.0000461C00434000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3577
          Source: msedge.exe, 00000012.00000003.1546766775.0000461C00434000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3584
          Source: msedge.exe, 00000012.00000003.1546766775.0000461C00434000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3586
          Source: msedge.exe, 00000012.00000003.1546766775.0000461C00434000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3623
          Source: msedge.exe, 00000012.00000003.1546766775.0000461C00434000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3624
          Source: msedge.exe, 00000012.00000003.1546766775.0000461C00434000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3625
          Source: msedge.exe, 00000012.00000003.1546766775.0000461C00434000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3832
          Source: msedge.exe, 00000012.00000003.1546766775.0000461C00434000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3862
          Source: msedge.exe, 00000012.00000003.1546766775.0000461C00434000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3965
          Source: msedge.exe, 00000012.00000003.1546766775.0000461C00434000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3970
          Source: msedge.exe, 00000012.00000003.1546766775.0000461C00434000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4324
          Source: msedge.exe, 00000012.00000003.1546766775.0000461C00434000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4384
          Source: msedge.exe, 00000012.00000003.1546766775.0000461C00434000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4405
          Source: msedge.exe, 00000012.00000003.1546766775.0000461C00434000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4428
          Source: msedge.exe, 00000012.00000003.1546766775.0000461C00434000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4551
          Source: msedge.exe, 00000012.00000003.1546766775.0000461C00434000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4633
          Source: msedge.exe, 00000012.00000003.1546766775.0000461C00434000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4722
          Source: msedge.exe, 00000012.00000003.1546766775.0000461C00434000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4836
          Source: msedge.exe, 00000012.00000003.1546766775.0000461C00434000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4901
          Source: msedge.exe, 00000012.00000003.1546766775.0000461C00434000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4937
          Source: msedge.exe, 00000012.00000003.1546766775.0000461C00434000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5007
          Source: msedge.exe, 00000012.00000003.1546766775.0000461C00434000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5055
          Source: msedge.exe, 00000012.00000003.1546845265.0000461C003E4000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000012.00000003.1546766775.0000461C00434000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5061
          Source: msedge.exe, 00000012.00000003.1546766775.0000461C00434000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5281
          Source: msedge.exe, 00000012.00000003.1546766775.0000461C00434000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5371
          Source: msedge.exe, 00000012.00000003.1546766775.0000461C00434000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5375
          Source: msedge.exe, 00000012.00000003.1546766775.0000461C00434000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5421
          Source: msedge.exe, 00000012.00000003.1546766775.0000461C00434000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5430
          Source: msedge.exe, 00000012.00000003.1546766775.0000461C00434000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5535
          Source: msedge.exe, 00000012.00000003.1546766775.0000461C00434000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5658
          Source: msedge.exe, 00000012.00000003.1546766775.0000461C00434000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5750
          Source: msedge.exe, 00000012.00000003.1546845265.0000461C003E4000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000012.00000003.1546766775.0000461C00434000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5881
          Source: msedge.exe, 00000012.00000003.1546766775.0000461C00434000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5901
          Source: msedge.exe, 00000012.00000003.1546845265.0000461C003E4000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000012.00000003.1546766775.0000461C00434000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5906
          Source: msedge.exe, 00000012.00000003.1546766775.0000461C00434000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6041
          Source: msedge.exe, 00000012.00000003.1546766775.0000461C00434000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6048
          Source: msedge.exe, 00000012.00000003.1546845265.0000461C003E4000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000012.00000003.1546766775.0000461C00434000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6141
          Source: msedge.exe, 00000012.00000003.1546766775.0000461C00434000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6248
          Source: msedge.exe, 00000012.00000003.1546766775.0000461C00434000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6439
          Source: msedge.exe, 00000012.00000003.1546766775.0000461C00434000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6651
          Source: msedge.exe, 00000012.00000003.1546766775.0000461C00434000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6692
          Source: msedge.exe, 00000012.00000003.1546766775.0000461C00434000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6755
          Source: msedge.exe, 00000012.00000003.1546766775.0000461C00434000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6860
          Source: msedge.exe, 00000012.00000003.1546766775.0000461C00434000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6876
          Source: msedge.exe, 00000012.00000003.1546845265.0000461C003E4000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000012.00000003.1546766775.0000461C00434000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6878
          Source: msedge.exe, 00000012.00000003.1546766775.0000461C00434000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6929
          Source: msedge.exe, 00000012.00000003.1546766775.0000461C00434000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6953
          Source: msedge.exe, 00000012.00000003.1546766775.0000461C00434000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7036
          Source: msedge.exe, 00000012.00000003.1546766775.0000461C00434000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7047
          Source: msedge.exe, 00000012.00000003.1546766775.0000461C00434000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7172
          Source: msedge.exe, 00000012.00000003.1546766775.0000461C00434000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7279
          Source: msedge.exe, 00000012.00000003.1546766775.0000461C00434000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7370
          Source: msedge.exe, 00000012.00000003.1546766775.0000461C00434000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7406
          Source: msedge.exe, 00000012.00000003.1546845265.0000461C003E4000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000012.00000003.1546766775.0000461C00434000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7488
          Source: msedge.exe, 00000012.00000003.1546766775.0000461C00434000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7553
          Source: msedge.exe, 00000012.00000003.1546845265.0000461C003E4000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000012.00000003.1546766775.0000461C00434000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7556
          Source: msedge.exe, 00000012.00000003.1546766775.0000461C00434000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7724
          Source: msedge.exe, 00000012.00000003.1546766775.0000461C00434000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7760
          Source: msedge.exe, 00000012.00000003.1546766775.0000461C00434000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7761
          Source: msedge.exe, 00000012.00000003.1546766775.0000461C00434000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/8162
          Source: msedge.exe, 00000012.00000003.1546766775.0000461C00434000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/8215
          Source: msedge.exe, 00000012.00000003.1546766775.0000461C00434000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/8229
          Source: msedge.exe, 00000012.00000003.1546766775.0000461C00434000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/8280
          Source: chrome.exe, 0000000E.00000002.1454115921.000002840020C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://clients2.google.com/time/1/current
          Source: chrome.exe, 0000000E.00000002.1456436729.0000028400B88000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://clientservices.googleapis.com/chrome-variations/seed?osname=win&channel=stable&milestone=134
          Source: chrome.exe, 0000000E.00000002.1453646008.0000028400154000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.1453361285.00000284000DC000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://developer.chrome.com/docs/extensions/how-to/distribute/install-extensions)
          Source: chrome.exe, 0000000E.00000002.1459668522.00000284013A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://dns-tunnel-check.googlezip.net/connect
          Source: file.exe, 00000001.00000002.1986878340.00000000041F4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.1982267616.0000000003D7D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://e6.i.lencr.org/0
          Source: file.exe, 00000001.00000002.1986878340.00000000041F4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.1982267616.0000000003D7D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://e6.o.lencr.org0
          Source: chrome.exe, 0000000E.00000002.1453224654.0000028400096000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://google.com/
          Source: msedge.exe, 00000012.00000003.1546766775.0000461C00434000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://issuetracker.google.com/200067929
          Source: chrome.exe, 0000000E.00000002.1464304762.0000028401C04000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://redirector.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvNzI0QUFXNV9zT2RvdUw
          Source: chrome.exe, 0000000E.00000002.1458819147.00000284010D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://unisolated.invalid/
          Source: chrome.exe, 0000000E.00000002.1458980523.0000028401130000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.gstatic.com/generate_204
          Source: chrome.exe, 0000000E.00000002.1443336845.0000021288FD2000.00000002.00000001.00040000.00000013.sdmpString found in binary or memory: http://www.unicode.org/copyright.html
          Source: file.exe, 00000001.00000002.1986878340.00000000041B2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.1986878340.00000000041F4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://x1.c.lencr.org/0
          Source: file.exe, 00000001.00000002.1986878340.00000000041B2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.1986878340.00000000041F4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://x1.i.lencr.org/0
          Source: chrome.exe, 0000000E.00000002.1458714261.0000028401094000.00000004.00001000.00020000.00000000.sdmp, zm7gdb.1.drString found in binary or memory: https://ac.ecosia.org?q=
          Source: chrome.exe, 0000000E.00000002.1454156209.0000028400238000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://accountcapabilities-pa.googleapis.com/
          Source: chrome.exe, 0000000E.00000002.1453086140.000002840003C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://accountcapabilities-pa.googleapis.com/v1/accountcapabilities:batchGet
          Source: chrome.exe, 0000000E.00000002.1456059813.0000028400AB0000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.1464304762.0000028401C04000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.1455850379.0000028400A64000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.1459668522.00000284013A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com
          Source: chrome.exe, 0000000E.00000002.1464304762.0000028401C04000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.1454115921.000002840020C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/
          Source: chrome.exe, 0000000E.00000002.1454156209.0000028400238000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/AccountChooser
          Source: chrome.exe, 0000000E.00000002.1454115921.000002840020C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/AddSession
          Source: chrome.exe, 0000000E.00000002.1454156209.0000028400238000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/GetCheckConnectionInfo
          Source: chrome.exe, 0000000E.00000002.1454156209.0000028400238000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/ListAccounts?json=standard
          Source: chrome.exe, 0000000E.00000002.1454156209.0000028400238000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/Logout
          Source: chrome.exe, 0000000E.00000002.1454115921.000002840020C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/RotateBoundCookies
          Source: chrome.exe, 0000000E.00000002.1461973014.0000028401A24000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/_/IdentityListAccountsHttp/cspreport/fine-allowlist
          Source: chrome.exe, 0000000E.00000002.1454115921.000002840020C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/chrome/blank.html
          Source: chrome.exe, 0000000E.00000002.1454156209.0000028400238000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/embedded/reauth/chromeos
          Source: chrome.exe, 0000000E.00000002.1454156209.0000028400238000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/embedded/setup/chrome/usermenu
          Source: chrome.exe, 0000000E.00000002.1454156209.0000028400238000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/embedded/setup/kidsignin/chromeos
          Source: chrome.exe, 0000000E.00000002.1454156209.0000028400238000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/embedded/setup/kidsignup/chromeos
          Source: chrome.exe, 0000000E.00000002.1454156209.0000028400238000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/embedded/setup/v2/chromeos
          Source: chrome.exe, 0000000E.00000002.1454156209.0000028400238000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/embedded/setup/windows
          Source: chrome.exe, 0000000E.00000002.1454156209.0000028400238000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/embedded/xreauth/chrome
          Source: chrome.exe, 0000000E.00000002.1454156209.0000028400238000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/encryption/unlock/desktop
          Source: chrome.exe, 0000000E.00000002.1453254781.00000284000B1000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/encryption/unlock/desktop?kdi=CAIaDgoKY2hyb21lc3luYxAB
          Source: chrome.exe, 0000000E.00000002.1453254781.00000284000B1000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/encryption/unlock/desktop?kdi=CAIaDgoKY2hyb21lc3luYxABata
          Source: chrome.exe, 0000000E.00000002.1454115921.000002840020C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/o/oauth2/revoke
          Source: chrome.exe, 0000000E.00000002.1454115921.000002840020C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/oauth/multilogin
          Source: chrome.exe, 0000000E.00000002.1454156209.0000028400238000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/samlredirect
          Source: chrome.exe, 0000000E.00000002.1454156209.0000028400238000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/signin/chrome/sync?ssp=1
          Source: chrome.exe, 0000000E.00000002.1464304762.0000028401C04000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com05b1
          Source: chrome.exe, 0000000E.00000002.1455850379.0000028400A64000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com:443
          Source: msedge.exe, 00000012.00000003.1546766775.0000461C00434000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/4830
          Source: msedge.exe, 00000012.00000003.1546766775.0000461C00434000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/4966
          Source: msedge.exe, 00000012.00000003.1546766775.0000461C00434000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/5845
          Source: msedge.exe, 00000012.00000003.1546766775.0000461C00434000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/6574
          Source: msedge.exe, 00000012.00000003.1546766775.0000461C00434000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7161
          Source: msedge.exe, 00000012.00000003.1546845265.0000461C003E4000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000012.00000003.1546766775.0000461C00434000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7162
          Source: msedge.exe, 00000012.00000003.1546766775.0000461C00434000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7246
          Source: msedge.exe, 00000012.00000003.1546766775.0000461C00434000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7308
          Source: msedge.exe, 00000012.00000003.1546766775.0000461C00434000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7319
          Source: msedge.exe, 00000012.00000003.1546766775.0000461C00434000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7320
          Source: msedge.exe, 00000012.00000003.1546845265.0000461C003E4000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000012.00000003.1546766775.0000461C00434000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7369
          Source: msedge.exe, 00000012.00000003.1546766775.0000461C00434000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7382
          Source: msedge.exe, 00000012.00000003.1546845265.0000461C003E4000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000012.00000003.1546766775.0000461C00434000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7489
          Source: msedge.exe, 00000012.00000003.1546766775.0000461C00434000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7604
          Source: msedge.exe, 00000012.00000003.1546766775.0000461C00434000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7714
          Source: msedge.exe, 00000012.00000003.1546845265.0000461C003E4000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000012.00000003.1546766775.0000461C00434000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7847
          Source: msedge.exe, 00000012.00000003.1546766775.0000461C00434000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7899
          Source: chrome.exe, 0000000E.00000002.1467164560.0000028402204000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://apis.google.com
          Source: msedge.exe, 00000012.00000002.1613903330.0000020C7352F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://arc.msn.com963
          Source: chrome.exe, 0000000E.00000002.1457167517.0000028400CC4000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://blog.google/products/chrome/google-chrome-safe-browsing-real-time/
          Source: file.exe, 00000001.00000002.1980324743.0000000001256000.00000004.00000020.00020000.00000000.sdmp, xl6pp8.1.drString found in binary or memory: https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&ci=1696497267574.12791&key=1696497267400700
          Source: file.exe, 00000001.00000002.1980324743.0000000001256000.00000004.00000020.00020000.00000000.sdmp, xl6pp8.1.drString found in binary or memory: https://bridge.sfo1.ap01.net/ctp?version=16.0.0&ci=1696497267574.12791&key=1696497267400700002.1&cta
          Source: chrome.exe, 0000000E.00000003.1416715765.000002840189C000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000E.00000003.1416747181.0000028400878000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000E.00000003.1415805539.00000284018BC000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000E.00000003.1416674268.000002840176C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://calendar.google.com
          Source: chrome.exe, 0000000E.00000002.1457823888.0000028400E68000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.1459804360.0000028401404000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.1458418022.0000028400FB8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://calendar.google.com/calendar/u/0/r/eventedit?usp=chrome_actions
          Source: chrome.exe, 0000000E.00000002.1458714261.0000028401094000.00000004.00001000.00020000.00000000.sdmp, zm7gdb.1.drString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
          Source: file.exe, 00000001.00000002.1986377064.00000000040AB000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.1458714261.0000028401094000.00000004.00001000.00020000.00000000.sdmp, zm7gdb.1.dr, Web Data.20.drString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
          Source: file.exe, 00000001.00000002.1986377064.00000000040AB000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.1458714261.0000028401094000.00000004.00001000.00020000.00000000.sdmp, zm7gdb.1.dr, Web Data.20.drString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
          Source: chrome.exe, 0000000E.00000003.1415216847.0000028401904000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.1456436729.0000028400B88000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.1456985867.0000028400C54000.00000004.00001000.00020000.00000000.sdmp, msedge.exe, 00000012.00000002.1615884025.0000461C0017C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstore
          Source: chrome.exe, 0000000E.00000002.1454367409.0000028400328000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstore/category/collection/chrome_color_themes?hl=$
          Source: chrome.exe, 0000000E.00000002.1441948465.0000021288610000.00000002.00000001.00040000.00000012.sdmpString found in binary or memory: https://chrome.google.com/webstore/category/extensions
          Source: chrome.exe, 0000000E.00000002.1463324303.0000028401B80000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.1453047193.0000028400014000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.1458980523.0000028401130000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.1459859744.0000028401420000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.1449265230.000002128FDB7000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstore?hl=en
          Source: chrome.exe, 0000000E.00000002.1441948465.0000021288610000.00000002.00000001.00040000.00000012.sdmpString found in binary or memory: https://chrome.google.com/webstore?hl=en&category=theme81https://myactivity.google.com/myactivity/?u
          Source: chrome.exe, 0000000E.00000002.1441948465.0000021288610000.00000002.00000001.00040000.00000012.sdmpString found in binary or memory: https://chrome.google.com/webstore?hl=enCtrl$1
          Source: chrome.exe, 0000000E.00000003.1415968966.00000284014A8000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000E.00000003.1415875352.0000028401498000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000E.00000003.1415216847.0000028401904000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstoreLDDiscover
          Source: chrome.exe, 0000000E.00000002.1441948465.0000021288610000.00000002.00000001.00040000.00000012.sdmpString found in binary or memory: https://chromeenterprise.google/policies/#BrowserSwitcherEnabled
          Source: chrome.exe, 0000000E.00000002.1441948465.0000021288610000.00000002.00000001.00040000.00000012.sdmpString found in binary or memory: https://chromeenterprise.google/policies/#BrowserSwitcherExternalGreylistUrl
          Source: chrome.exe, 0000000E.00000002.1441948465.0000021288610000.00000002.00000001.00040000.00000012.sdmpString found in binary or memory: https://chromeenterprise.google/policies/#BrowserSwitcherExternalSitelistUrl
          Source: chrome.exe, 0000000E.00000002.1441948465.0000021288610000.00000002.00000001.00040000.00000012.sdmpString found in binary or memory: https://chromeenterprise.google/policies/#BrowserSwitcherUrlGreylist
          Source: chrome.exe, 0000000E.00000002.1441948465.0000021288610000.00000002.00000001.00040000.00000012.sdmpString found in binary or memory: https://chromeenterprise.google/policies/#BrowserSwitcherUrlList
          Source: chrome.exe, 0000000E.00000002.1441948465.0000021288610000.00000002.00000001.00040000.00000012.sdmpString found in binary or memory: https://chromeenterprise.google/policies/#BrowserSwitcherUseIeSitelist
          Source: chrome.exe, 0000000E.00000003.1416497649.000002800073C000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000E.00000003.1417214773.0000028401D44000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://chromekanonymity-pa.googleapis.com/2%
          Source: chrome.exe, 0000000E.00000003.1416497649.000002800073C000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000E.00000003.1417214773.0000028401D44000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://chromekanonymityauth-pa.googleapis.com/2$
          Source: chrome.exe, 0000000E.00000003.1364356180.00000280005E0000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000E.00000003.1364324538.00000280005DC000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://chromekanonymityquery-pa.googleapis.com/
          Source: chrome.exe, 0000000E.00000003.1416497649.000002800073C000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000E.00000003.1417214773.0000028401D44000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://chromekanonymityquery-pa.googleapis.com/2O
          Source: chrome.exe, 0000000E.00000002.1456195705.0000028400B00000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://chromemodelexecution-pa.googleapis.com/v1:Execute?key=AIzaSyA2KlwBX3mkFo30om9LUFYQhpqLoa_BNh
          Source: chrome.exe, 0000000E.00000002.1456195705.0000028400B00000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://chromemodelquality-pa.googleapis.com/v1:LogAiData?key=AIzaSyA2KlwBX3mkFo30om9LUFYQhpqLoa_BNh
          Source: chrome.exe, 0000000E.00000002.1454156209.0000028400238000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://chromereporting-pa.googleapis.com/v1/events
          Source: chrome.exe, 0000000E.00000002.1454156209.0000028400238000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://chromereporting-pa.googleapis.com/v1/record
          Source: chrome.exe, 0000000E.00000002.1441948465.0000021288610000.00000002.00000001.00040000.00000012.sdmpString found in binary or memory: https://chromestatus.com/features#browsers.chrome.status%3A%22Deprecated%22
          Source: chrome.exe, 0000000E.00000002.1453805564.0000028400190000.00000004.00001000.00020000.00000000.sdmp, msedge.exe, 00000012.00000002.1615884025.0000461C0017C000.00000004.00000800.00020000.00000000.sdmp, manifest.json.20.drString found in binary or memory: https://chromewebstore.google.com/
          Source: chrome.exe, 0000000E.00000002.1457167517.0000028400CC4000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://chromewebstore.google.com/category/extensions
          Source: chrome.exe, 0000000E.00000002.1457167517.0000028400CC4000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://chromewebstore.google.com/category/themes
          Source: chrome.exe, 0000000E.00000002.1454156209.0000028400238000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://classroom.googleapis.com/
          Source: chrome.exe, 0000000E.00000003.1358938265.000046E0000DC000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://clients2.google.com/cr/report
          Source: chrome.exe, 0000000E.00000002.1457056086.0000028400C7C000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.1453805564.0000028400190000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.1453772401.0000028400180000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.1458955069.0000028401120000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.1459859744.0000028401420000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.1454156209.0000028400238000.00000004.00001000.00020000.00000000.sdmp, msedge.exe, 00000012.00000002.1614537280.0000461C00040000.00000004.00000800.00020000.00000000.sdmp, manifest.json0.20.drString found in binary or memory: https://clients2.google.com/service/update2/crx
          Source: chrome.exe, 0000000E.00000002.1456396534.0000028400B70000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://clients3.google.com/cast/chromecast/home/wallpaper/collection-images?rt=b
          Source: chrome.exe, 0000000E.00000002.1456273058.0000028400B28000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://clients3.google.com/cast/chromecast/home/wallpaper/collections?rt=b
          Source: chrome.exe, 0000000E.00000002.1456273058.0000028400B28000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://clients3.google.com/cast/chromecast/home/wallpaper/image?rt=b
          Source: chrome.exe, 0000000E.00000002.1454156209.0000028400238000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://clients4.google.com/chrome-sync
          Source: chrome.exe, 0000000E.00000002.1454156209.0000028400238000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://clients4.google.com/chrome-sync/event
          Source: chrome.exe, 0000000E.00000002.1456436729.0000028400B88000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://clientservices.googleapis.com/chrome-variations/seed?osname=win&channel=stable&milestone=134
          Source: file.exe, 00000001.00000002.1980324743.0000000001256000.00000004.00000020.00020000.00000000.sdmp, xl6pp8.1.drString found in binary or memory: https://contile-images.services.mozilla.com/5b4DH7KHAf2n_mNaLjNi1-UAoKmM9rhqaA9w7FyznHo.10943.jpg
          Source: file.exe, 00000001.00000002.1980324743.0000000001256000.00000004.00000020.00020000.00000000.sdmp, xl6pp8.1.drString found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg
          Source: chrome.exe, 0000000E.00000002.1454847908.0000028400530000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://csp.withgoogle.com/csp/report-to/gws/none
          Source: chrome.exe, 0000000E.00000002.1459982546.000002840148C000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.1459668522.00000284013A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/document/
          Source: chrome.exe, 0000000E.00000002.1458955069.0000028401120000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.1458680060.000002840105C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/document/:
          Source: chrome.exe, 0000000E.00000002.1457056086.0000028400C7C000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.1458955069.0000028401120000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.1454536201.00000284004E0000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.1459668522.00000284013A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/document/?usp=installed_webapp
          Source: chrome.exe, 0000000E.00000002.1458955069.0000028401120000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.1454536201.00000284004E0000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.1458680060.000002840105C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/document/J
          Source: chrome.exe, 0000000E.00000003.1416497649.000002800073C000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000E.00000003.1417214773.0000028401D44000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/document/d/1z2sdBwnUF2tSlhl3R2iUlk7gvmSbuLVXOgriPIcJkXQ/preview2K
          Source: chrome.exe, 0000000E.00000002.1455671212.0000028400994000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.1463324303.0000028401B80000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.1458955069.0000028401120000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.1458680060.000002840105C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/document/installwebapp?usp=chrome_default
          Source: chrome.exe, 0000000E.00000002.1463324303.0000028401B80000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/document/installwebapp?usp=chrome_defaultult
          Source: chrome.exe, 0000000E.00000002.1457823888.0000028400E68000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.1459804360.0000028401404000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.1458418022.0000028400FB8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/document/u/0/create?usp=chrome_actions
          Source: chrome.exe, 0000000E.00000002.1457823888.0000028400E68000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.1459804360.0000028401404000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.1458418022.0000028400FB8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/forms/u/0/create?usp=chrome_actions
          Source: chrome.exe, 0000000E.00000002.1459982546.000002840148C000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.1459668522.00000284013A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/presentation/
          Source: chrome.exe, 0000000E.00000002.1458955069.0000028401120000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.1459754936.00000284013EC000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.1454536201.00000284004E0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/presentation/:
          Source: chrome.exe, 0000000E.00000002.1455671212.0000028400994000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.1458955069.0000028401120000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.1460237178.0000028401550000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.1454536201.00000284004E0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/presentation/?usp=installed_webapp
          Source: chrome.exe, 0000000E.00000002.1458955069.0000028401120000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.1459754936.00000284013EC000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.1454536201.00000284004E0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/presentation/J
          Source: chrome.exe, 0000000E.00000002.1463077512.0000028401B24000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.1463324303.0000028401B80000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.1457823888.0000028400E68000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.1458955069.0000028401120000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.1459754936.00000284013EC000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.1454536201.00000284004E0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/presentation/installwebapp?usp=chrome_default
          Source: chrome.exe, 0000000E.00000002.1459804360.0000028401404000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.1458418022.0000028400FB8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/presentation/u/0/create?usp=chrome_actions
          Source: chrome.exe, 0000000E.00000002.1459668522.00000284013A0000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.1459437515.00000284012AC000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/spreadsheets/
          Source: chrome.exe, 0000000E.00000002.1458955069.0000028401120000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.1454536201.00000284004E0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/spreadsheets/:
          Source: chrome.exe, 0000000E.00000002.1459556132.0000028401344000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.1458955069.0000028401120000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000E.00000003.1375375796.0000028401344000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.1460237178.0000028401550000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.1454536201.00000284004E0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/spreadsheets/?usp=installed_webapp
          Source: chrome.exe, 0000000E.00000002.1458955069.0000028401120000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.1454536201.00000284004E0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/spreadsheets/J
          Source: chrome.exe, 0000000E.00000002.1455671212.0000028400994000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.1463324303.0000028401B80000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.1458955069.0000028401120000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.1454536201.00000284004E0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/spreadsheets/installwebapp?usp=chrome_default
          Source: chrome.exe, 0000000E.00000002.1457823888.0000028400E68000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.1459804360.0000028401404000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.1458418022.0000028400FB8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/spreadsheets/u/0/create?usp=chrome_actions
          Source: chrome.exe, 0000000E.00000002.1459804360.0000028401404000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/spreadsheets/u/0/create?usp=chrome_actionst
          Source: chrome.exe, 0000000E.00000002.1459668522.00000284013A0000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.1459437515.00000284012AC000.00000004.00001000.00020000.00000000.sdmp, manifest.json0.20.drString found in binary or memory: https://drive.google.com/
          Source: chrome.exe, 0000000E.00000002.1458955069.0000028401120000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/:
          Source: chrome.exe, 0000000E.00000002.1458980523.0000028401130000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.1458955069.0000028401120000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.1459982546.000002840148C000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.1459668522.00000284013A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/?lfhs=2
          Source: chrome.exe, 0000000E.00000002.1458980523.0000028401130000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/?lfhs=2e
          Source: chrome.exe, 0000000E.00000002.1458955069.0000028401120000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/J
          Source: chrome.exe, 0000000E.00000002.1463324303.0000028401B80000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.1459556132.0000028401344000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.1458955069.0000028401120000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.1458849344.00000284010F8000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000E.00000003.1375375796.0000028401344000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/drive/installwebapp?usp=chrome_default
          Source: chrome.exe, 0000000E.00000002.1459556132.0000028401344000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000E.00000003.1375375796.0000028401344000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/drive/installwebapp?usp=chrome_defaultrdler
          Source: file.exe, 00000001.00000002.1986377064.00000000040AB000.00000004.00000020.00020000.00000000.sdmp, zm7gdb.1.dr, Web Data.20.drString found in binary or memory: https://duckduckgo.com/ac/?q=
          Source: file.exe, 00000001.00000002.1986377064.00000000040AB000.00000004.00000020.00020000.00000000.sdmp, zm7gdb.1.drString found in binary or memory: https://duckduckgo.com/chrome_newtabv20
          Source: file.exe, 00000001.00000002.1986377064.00000000040AB000.00000004.00000020.00020000.00000000.sdmp, zm7gdb.1.dr, Web Data.20.drString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
          Source: 33bbe23d-6b16-4242-9819-814f54b4872d.tmp.20.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_163_music.png/1.0.3/asset
          Source: 33bbe23d-6b16-4242-9819-814f54b4872d.tmp.20.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_M365_dark.png/1.7.32/asset
          Source: 33bbe23d-6b16-4242-9819-814f54b4872d.tmp.20.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_M365_hc.png/1.7.32/asset
          Source: 33bbe23d-6b16-4242-9819-814f54b4872d.tmp.20.dr, HubApps Icons.20.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_M365_light.png/1.7.32/asset
          Source: 33bbe23d-6b16-4242-9819-814f54b4872d.tmp.20.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_action_center_hc.png/1.2.1/asset
          Source: 33bbe23d-6b16-4242-9819-814f54b4872d.tmp.20.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_action_center_maximal_dark.png/1.2.1/ass
          Source: 33bbe23d-6b16-4242-9819-814f54b4872d.tmp.20.dr, HubApps Icons.20.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_action_center_maximal_light.png/1.2.1/as
          Source: 33bbe23d-6b16-4242-9819-814f54b4872d.tmp.20.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_amazon_music_light.png/1.4.13/asset
          Source: 33bbe23d-6b16-4242-9819-814f54b4872d.tmp.20.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_apple_music.png/1.4.12/asset
          Source: 33bbe23d-6b16-4242-9819-814f54b4872d.tmp.20.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_active_dark.png/1.1.17/asset
          Source: 33bbe23d-6b16-4242-9819-814f54b4872d.tmp.20.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_active_dark.png/1.6.8/asset
          Source: 33bbe23d-6b16-4242-9819-814f54b4872d.tmp.20.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_active_light.png/1.1.17/asset
          Source: 33bbe23d-6b16-4242-9819-814f54b4872d.tmp.20.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_active_light.png/1.6.8/asset
          Source: 33bbe23d-6b16-4242-9819-814f54b4872d.tmp.20.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_hc.png/1.1.17/asset
          Source: 33bbe23d-6b16-4242-9819-814f54b4872d.tmp.20.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_hc.png/1.6.8/asset
          Source: 33bbe23d-6b16-4242-9819-814f54b4872d.tmp.20.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_deezer.png/1.4.12/asset
          Source: 33bbe23d-6b16-4242-9819-814f54b4872d.tmp.20.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_designer_color.png/1.0.14/asset
          Source: 33bbe23d-6b16-4242-9819-814f54b4872d.tmp.20.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_designer_hc.png/1.0.14/asset
          Source: 33bbe23d-6b16-4242-9819-814f54b4872d.tmp.20.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_edrop_hc.png/1.1.12/asset
          Source: 33bbe23d-6b16-4242-9819-814f54b4872d.tmp.20.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_edrop_maximal_dark.png/1.1.12/asset
          Source: 33bbe23d-6b16-4242-9819-814f54b4872d.tmp.20.dr, HubApps Icons.20.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_edrop_maximal_light.png/1.1.12/asset
          Source: 33bbe23d-6b16-4242-9819-814f54b4872d.tmp.20.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_etree_hc.png/1.2.0/asset
          Source: 33bbe23d-6b16-4242-9819-814f54b4872d.tmp.20.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_etree_maximal_dark.png/1.2.0/asset
          Source: 33bbe23d-6b16-4242-9819-814f54b4872d.tmp.20.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_etree_maximal_light.png/1.2.0/asset
          Source: 33bbe23d-6b16-4242-9819-814f54b4872d.tmp.20.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_excel.png/1.7.32/asset
          Source: 33bbe23d-6b16-4242-9819-814f54b4872d.tmp.20.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_facebook_messenger.png/1.5.14/asset
          Source: 33bbe23d-6b16-4242-9819-814f54b4872d.tmp.20.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_gaana.png/1.0.3/asset
          Source: 33bbe23d-6b16-4242-9819-814f54b4872d.tmp.20.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_hc.png/1.7.1/asset
          Source: 33bbe23d-6b16-4242-9819-814f54b4872d.tmp.20.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_hc_controller.png/1.7.1/asset
          Source: 33bbe23d-6b16-4242-9819-814f54b4872d.tmp.20.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_hc_joystick.png/1.7.1/asset
          Source: 33bbe23d-6b16-4242-9819-814f54b4872d.tmp.20.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_maximal_dark.png/1.7.1/asset
          Source: 33bbe23d-6b16-4242-9819-814f54b4872d.tmp.20.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_maximal_dark_controller.png/1.7.1/
          Source: 33bbe23d-6b16-4242-9819-814f54b4872d.tmp.20.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_maximal_dark_joystick.png/1.7.1/as
          Source: 33bbe23d-6b16-4242-9819-814f54b4872d.tmp.20.dr, HubApps Icons.20.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_maximal_light.png/1.7.1/asset
          Source: 33bbe23d-6b16-4242-9819-814f54b4872d.tmp.20.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_maximal_light_controller.png/1.7.1
          Source: 33bbe23d-6b16-4242-9819-814f54b4872d.tmp.20.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_maximal_light_joystick.png/1.7.1/a
          Source: 33bbe23d-6b16-4242-9819-814f54b4872d.tmp.20.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_history_hc.png/0.1.3/asset
          Source: 33bbe23d-6b16-4242-9819-814f54b4872d.tmp.20.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_history_maximal_dark.png/0.1.3/asset
          Source: 33bbe23d-6b16-4242-9819-814f54b4872d.tmp.20.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_history_maximal_light.png/0.1.3/asset
          Source: 33bbe23d-6b16-4242-9819-814f54b4872d.tmp.20.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_iHeart.png/1.0.3/asset
          Source: 33bbe23d-6b16-4242-9819-814f54b4872d.tmp.20.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_image_creator_hc.png/1.0.14/asset
          Source: 33bbe23d-6b16-4242-9819-814f54b4872d.tmp.20.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_image_creator_maximal_dark.png/1.0.14/as
          Source: 33bbe23d-6b16-4242-9819-814f54b4872d.tmp.20.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_image_creator_maximal_light.png/1.0.14/a
          Source: 33bbe23d-6b16-4242-9819-814f54b4872d.tmp.20.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_instagram.png/1.4.13/asset
          Source: 33bbe23d-6b16-4242-9819-814f54b4872d.tmp.20.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_ku_gou.png/1.0.3/asset
          Source: 33bbe23d-6b16-4242-9819-814f54b4872d.tmp.20.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_last.png/1.0.3/asset
          Source: 33bbe23d-6b16-4242-9819-814f54b4872d.tmp.20.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_naver_vibe.png/1.0.3/asset
          Source: 33bbe23d-6b16-4242-9819-814f54b4872d.tmp.20.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_onenote_dark.png/1.4.9/asset
          Source: 33bbe23d-6b16-4242-9819-814f54b4872d.tmp.20.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_onenote_hc.png/1.4.9/asset
          Source: 33bbe23d-6b16-4242-9819-814f54b4872d.tmp.20.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_onenote_light.png/1.4.9/asset
          Source: 33bbe23d-6b16-4242-9819-814f54b4872d.tmp.20.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_outlook_dark.png/1.9.10/asset
          Source: 33bbe23d-6b16-4242-9819-814f54b4872d.tmp.20.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_outlook_hc.png/1.9.10/asset
          Source: 33bbe23d-6b16-4242-9819-814f54b4872d.tmp.20.dr, HubApps Icons.20.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_outlook_light.png/1.9.10/asset
          Source: 33bbe23d-6b16-4242-9819-814f54b4872d.tmp.20.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_power_point.png/1.7.32/asset
          Source: 33bbe23d-6b16-4242-9819-814f54b4872d.tmp.20.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_qq.png/1.0.3/asset
          Source: 33bbe23d-6b16-4242-9819-814f54b4872d.tmp.20.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_refresh_dark.png/1.1.12/asset
          Source: 33bbe23d-6b16-4242-9819-814f54b4872d.tmp.20.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_refresh_hc.png/1.1.12/asset
          Source: 33bbe23d-6b16-4242-9819-814f54b4872d.tmp.20.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_refresh_light.png/1.1.12/asset
          Source: 33bbe23d-6b16-4242-9819-814f54b4872d.tmp.20.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_search_hc.png/1.3.6/asset
          Source: 33bbe23d-6b16-4242-9819-814f54b4872d.tmp.20.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_search_maximal_dark.png/1.3.6/asset
          Source: 33bbe23d-6b16-4242-9819-814f54b4872d.tmp.20.dr, HubApps Icons.20.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_search_maximal_light.png/1.3.6/asset
          Source: 33bbe23d-6b16-4242-9819-814f54b4872d.tmp.20.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_dark.png/1.1.12/asset
          Source: 33bbe23d-6b16-4242-9819-814f54b4872d.tmp.20.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_dark.png/1.4.0/asset
          Source: 33bbe23d-6b16-4242-9819-814f54b4872d.tmp.20.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_dark.png/1.5.13/asset
          Source: 33bbe23d-6b16-4242-9819-814f54b4872d.tmp.20.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_hc.png/1.1.12/asset
          Source: 33bbe23d-6b16-4242-9819-814f54b4872d.tmp.20.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_hc.png/1.4.0/asset
          Source: 33bbe23d-6b16-4242-9819-814f54b4872d.tmp.20.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_hc.png/1.5.13/asset
          Source: 33bbe23d-6b16-4242-9819-814f54b4872d.tmp.20.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_light.png/1.1.12/asset
          Source: 33bbe23d-6b16-4242-9819-814f54b4872d.tmp.20.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_light.png/1.4.0/asset
          Source: 33bbe23d-6b16-4242-9819-814f54b4872d.tmp.20.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_light.png/1.5.13/asset
          Source: 33bbe23d-6b16-4242-9819-814f54b4872d.tmp.20.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_shopping_hc.png/1.4.0/asset
          Source: 33bbe23d-6b16-4242-9819-814f54b4872d.tmp.20.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_shopping_maximal_dark.png/1.4.0/asset
          Source: 33bbe23d-6b16-4242-9819-814f54b4872d.tmp.20.dr, HubApps Icons.20.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_shopping_maximal_light.png/1.4.0/asset
          Source: 33bbe23d-6b16-4242-9819-814f54b4872d.tmp.20.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_sound_cloud.png/1.0.3/asset
          Source: 33bbe23d-6b16-4242-9819-814f54b4872d.tmp.20.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_spotify.png/1.4.12/asset
          Source: 33bbe23d-6b16-4242-9819-814f54b4872d.tmp.20.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_teams_dark.png/1.2.19/asset
          Source: 33bbe23d-6b16-4242-9819-814f54b4872d.tmp.20.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_teams_hc.png/1.2.19/asset
          Source: 33bbe23d-6b16-4242-9819-814f54b4872d.tmp.20.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_teams_light.png/1.2.19/asset
          Source: 33bbe23d-6b16-4242-9819-814f54b4872d.tmp.20.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_telegram.png/1.0.4/asset
          Source: 33bbe23d-6b16-4242-9819-814f54b4872d.tmp.20.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_tidal.png/1.0.3/asset
          Source: 33bbe23d-6b16-4242-9819-814f54b4872d.tmp.20.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_toolbox_hc.png/1.5.13/asset
          Source: 33bbe23d-6b16-4242-9819-814f54b4872d.tmp.20.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_toolbox_maximal_dark.png/1.5.13/asset
          Source: 33bbe23d-6b16-4242-9819-814f54b4872d.tmp.20.dr, HubApps Icons.20.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_toolbox_maximal_light.png/1.5.13/asset
          Source: 33bbe23d-6b16-4242-9819-814f54b4872d.tmp.20.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_twitter_light.png/1.0.9/asset
          Source: 33bbe23d-6b16-4242-9819-814f54b4872d.tmp.20.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_vk.png/1.0.3/asset
          Source: 33bbe23d-6b16-4242-9819-814f54b4872d.tmp.20.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_whatsapp_light.png/1.4.11/asset
          Source: 33bbe23d-6b16-4242-9819-814f54b4872d.tmp.20.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_word.png/1.7.32/asset
          Source: 33bbe23d-6b16-4242-9819-814f54b4872d.tmp.20.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_yandex_music.png/1.0.10/asset
          Source: 33bbe23d-6b16-4242-9819-814f54b4872d.tmp.20.drString found in binary or memory: https://excel.new?from=EdgeM365Shoreline
          Source: chrome.exe, 0000000E.00000003.1415502574.00000284019AC000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000E.00000003.1415335154.0000028401984000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://fonts.google.com/icons?selected=Material
          Source: 33bbe23d-6b16-4242-9819-814f54b4872d.tmp.20.drString found in binary or memory: https://gaana.com/
          Source: chrome.exe, 0000000E.00000002.1458714261.0000028401094000.00000004.00001000.00020000.00000000.sdmp, zm7gdb.1.drString found in binary or memory: https://gemini.google.com/app?q=
          Source: chrome.exe, 0000000E.00000003.1416497649.000002800073C000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000E.00000003.1415600805.0000028401930000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000E.00000003.1417214773.0000028401D44000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://gemini.google.com/glic/intro?20
          Source: chrome.exe, 0000000E.00000003.1416497649.000002800073C000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000E.00000003.1415600805.0000028401930000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000E.00000003.1417214773.0000028401D44000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://gemini.google.com/glic2
          Source: file.exe, 00000001.00000002.1980324743.0000000001256000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://go.f.goldenloafuae.com
          Source: file.exe, 00000001.00000002.1980324743.0000000001256000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://go.f.goldenloafuae.com/
          Source: chrome.exe, 0000000E.00000003.1364324538.00000280005DC000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/
          Source: chrome.exe, 0000000E.00000003.1416497649.000002800073C000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000E.00000003.1417214773.0000028401D44000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/2J
          Source: chrome.exe, 0000000E.00000003.1364356180.00000280005E0000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000E.00000003.1364324538.00000280005DC000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-query.fastly-edge.com/
          Source: chrome.exe, 0000000E.00000003.1416497649.000002800073C000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000E.00000003.1417214773.0000028401D44000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-query.fastly-edge.com/2P
          Source: chrome.exe, 0000000E.00000003.1364356180.00000280005E0000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000E.00000003.1364324538.00000280005DC000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-query.fastly-edge.com/https://chromekanonymityquery-pa.googleapis.com/Ena
          Source: chrome.exe, 0000000E.00000003.1364356180.00000280005E0000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000E.00000003.1364324538.00000280005DC000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-query.fastly-edge.com/https://chromekanonymityquery-pa.googleapis.com/Pre
          Source: chrome.exe, 0000000E.00000003.1364324538.00000280005DC000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-query.fastly-edge.com/https://chromekanonymityquery-pa.googleapis.com/htt
          Source: msedge.exe, 00000012.00000002.1616265210.0000461C002D4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google.com/
          Source: chrome.exe, 0000000E.00000002.1456952134.0000028400C3C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://googleusercontent.com/
          Source: chrome.exe, 0000000E.00000003.1416497649.000002800073C000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000E.00000003.1416976077.0000028401D2C000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000E.00000003.1417214773.0000028401D44000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://goto.google.com/sme-bugs2e
          Source: 33bbe23d-6b16-4242-9819-814f54b4872d.tmp.20.drString found in binary or memory: https://i.y.qq.com/n2/m/index.html
          Source: file.exe, 00000001.00000002.1980324743.0000000001256000.00000004.00000020.00020000.00000000.sdmp, xl6pp8.1.drString found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4pqrfQHr4pbW4ZbWfpbY7ReNxR3UIG8zInwYIFIVs9eYi
          Source: msedge.exe, 00000012.00000003.1546766775.0000461C00434000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/161903006
          Source: msedge.exe, 00000012.00000003.1546766775.0000461C00434000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/166809097
          Source: msedge.exe, 00000012.00000003.1546766775.0000461C00434000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/184850002
          Source: msedge.exe, 00000012.00000003.1546766775.0000461C00434000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/187425444
          Source: msedge.exe, 00000012.00000003.1546766775.0000461C00434000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/220069903
          Source: msedge.exe, 00000012.00000003.1546766775.0000461C00434000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/229267970
          Source: msedge.exe, 00000012.00000003.1546766775.0000461C00434000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/250706693
          Source: msedge.exe, 00000012.00000003.1546766775.0000461C00434000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/253522366
          Source: msedge.exe, 00000012.00000003.1546766775.0000461C00434000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/255411748
          Source: msedge.exe, 00000012.00000003.1546766775.0000461C00434000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/258207403
          Source: msedge.exe, 00000012.00000003.1546766775.0000461C00434000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/274859104
          Source: msedge.exe, 00000012.00000003.1546766775.0000461C00434000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/284462263
          Source: msedge.exe, 00000012.00000003.1546766775.0000461C00434000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/issues/166475273
          Source: chrome.exe, 0000000E.00000002.1462054700.0000028401A68000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.1458759648.000002840109C000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.1457960928.0000028400EC8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://keep.google.com/u/0/?usp=chrome_actions#NEWNOTE
          Source: chrome.exe, 0000000E.00000002.1454876630.0000028400544000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.1467363881.0000028402274000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://labs.google.com/search?source=ntp
          Source: chrome.exe, 0000000E.00000003.1416747181.0000028400878000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000E.00000003.1415805539.00000284018BC000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lens.google.com/gen204
          Source: chrome.exe, 0000000E.00000002.1454156209.0000028400238000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://m.google.com/devicemanagement/data/api
          Source: 33bbe23d-6b16-4242-9819-814f54b4872d.tmp.20.drString found in binary or memory: https://m.kugou.com/
          Source: 33bbe23d-6b16-4242-9819-814f54b4872d.tmp.20.drString found in binary or memory: https://m.soundcloud.com/
          Source: 33bbe23d-6b16-4242-9819-814f54b4872d.tmp.20.drString found in binary or memory: https://m.vk.com/
          Source: chrome.exe, 0000000E.00000002.1458955069.0000028401120000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.1459982546.000002840148C000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.1459668522.00000284013A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://mail.google.com/chat/
          Source: chrome.exe, 0000000E.00000002.1458955069.0000028401120000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://mail.google.com/chat/:
          Source: chrome.exe, 0000000E.00000002.1458955069.0000028401120000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://mail.google.com/chat/J
          Source: chrome.exe, 0000000E.00000002.1463324303.0000028401B80000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.1457823888.0000028400E68000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.1458955069.0000028401120000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.1454536201.00000284004E0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://mail.google.com/chat/download?usp=chrome_default
          Source: chrome.exe, 0000000E.00000002.1459668522.00000284013A0000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.1459437515.00000284012AC000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://mail.google.com/mail/
          Source: chrome.exe, 0000000E.00000002.1458955069.0000028401120000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.1454536201.00000284004E0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://mail.google.com/mail/:
          Source: chrome.exe, 0000000E.00000002.1454876630.0000028400544000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.1467363881.0000028402274000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://mail.google.com/mail/?tab=rm&amp;ogbl
          Source: chrome.exe, 0000000E.00000002.1457056086.0000028400C7C000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.1459530835.0000028401300000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.1458955069.0000028401120000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.1454536201.00000284004E0000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.1459668522.00000284013A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://mail.google.com/mail/?usp=installed_webapp
          Source: chrome.exe, 0000000E.00000002.1458955069.0000028401120000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.1454536201.00000284004E0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://mail.google.com/mail/J
          Source: chrome.exe, 0000000E.00000002.1455671212.0000028400994000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.1463324303.0000028401B80000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.1458955069.0000028401120000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.1454536201.00000284004E0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://mail.google.com/mail/installwebapp?usp=chrome_default
          Source: chrome.exe, 0000000E.00000002.1455671212.0000028400994000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://mail.google.com/mail/installwebapp?usp=chrome_defaulttml
          Source: msedge.exe, 00000012.00000002.1616265210.0000461C002D4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://msn.cn/
          Source: msedge.exe, 00000012.00000002.1616265210.0000461C002D4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://msn.com/
          Source: 33bbe23d-6b16-4242-9819-814f54b4872d.tmp.20.drString found in binary or memory: https://music.amazon.com
          Source: 33bbe23d-6b16-4242-9819-814f54b4872d.tmp.20.drString found in binary or memory: https://music.apple.com
          Source: 33bbe23d-6b16-4242-9819-814f54b4872d.tmp.20.drString found in binary or memory: https://music.yandex.com
          Source: chrome.exe, 0000000E.00000002.1457735703.0000028400E04000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.1459896550.0000028401454000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://myaccount.google.com/?utm_source=ga-chrome-actions&utm_medium=manageGA
          Source: chrome.exe, 0000000E.00000002.1457634803.0000028400DC0000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.1459263279.0000028401204000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.1458578774.0000028401004000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://myaccount.google.com/data-and-privacy?utm_source=ga-chrome-actions&utm_medium=managePrivacy
          Source: chrome.exe, 0000000E.00000002.1457634803.0000028400DC0000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.1458578774.0000028401004000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://myaccount.google.com/find-your-phone?utm_source=ga-chrome-actions&utm_medium=findYourPhone
          Source: chrome.exe, 0000000E.00000003.1416497649.000002800073C000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000E.00000003.1417214773.0000028401D44000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://myaccount.google.com/shielded-email?utm_source=chrome2B
          Source: chrome.exe, 0000000E.00000002.1457634803.0000028400DC0000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.1458578774.0000028401004000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://myaccount.google.com/signinoptions/password?utm_source=ga-chrome-actions&utm_medium=changePW
          Source: chrome.exe, 0000000E.00000003.1380634874.00000284014C4000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.1458299036.0000028400F74000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.1441948465.0000021288610000.00000002.00000001.00040000.00000012.sdmpString found in binary or memory: https://myactivity.google.com/
          Source: chrome.exe, 0000000E.00000002.1454156209.0000028400238000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://oauthaccountmanager.googleapis.com/
          Source: chrome.exe, 0000000E.00000002.1454156209.0000028400238000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://oauthaccountmanager.googleapis.com/v1/issuetoken
          Source: msedge.exe, 00000012.00000002.1616265210.0000461C002D4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://office.net/
          Source: chrome.exe, 0000000E.00000002.1467164560.0000028402204000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://ogads-pa.googleapis.com
          Source: chrome.exe, 0000000E.00000002.1462677178.0000028401AE4000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://ogs.google.com
          Source: chrome.exe, 0000000E.00000002.1467164560.0000028402204000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://ogs.google.com/widget/app/so?eom=1
          Source: chrome.exe, 0000000E.00000002.1467164560.0000028402204000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://ogs.google.com/widget/callout?eom=1
          Source: 33bbe23d-6b16-4242-9819-814f54b4872d.tmp.20.drString found in binary or memory: https://open.spotify.com
          Source: chrome.exe, 0000000E.00000002.1460722811.0000028401680000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.1460879104.00000284016D0000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.1459859744.0000028401420000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.1460856024.00000284016C4000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000E.00000003.1380489874.0000028401668000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1&target=OPTIMIZATION_TARGET_PAGE_TOPICS_
          Source: chrome.exe, 0000000E.00000002.1463769615.0000028401BD8000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.1459470472.00000284012D4000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.1460856024.00000284016C4000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000E.00000003.1380489874.0000028401668000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1673999601&target=OPTIMIZATION_TARGET_PAG
          Source: chrome.exe, 0000000E.00000002.1460722811.0000028401680000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.1460856024.00000284016C4000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.1453615161.0000028400144000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1679317318&target=OPTIMIZATION_TARGET_LAN
          Source: chrome.exe, 0000000E.00000002.1453879753.00000284001C4000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.1460722811.0000028401680000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.1460879104.00000284016D0000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.1448141576.000002128E277000.00000004.10000000.00040000.00000000.sdmp, chrome.exe, 0000000E.00000002.1461999379.0000028401A34000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.1460856024.00000284016C4000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000E.00000003.1380489874.0000028401668000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.1455093673.00000284005E6000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1695049402&target=OPTIMIZATION_TARGET_GEO
          Source: chrome.exe, 0000000E.00000002.1460722811.0000028401680000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.1460879104.00000284016D0000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.1461999379.0000028401A34000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.1460856024.00000284016C4000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000E.00000003.1380489874.0000028401668000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.1458260239.0000028400F58000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1695049414&target=OPTIMIZATION_TARGET_NOT
          Source: chrome.exe, 0000000E.00000002.1460722811.0000028401680000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.1459470472.00000284012D4000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.1460856024.00000284016C4000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1695051229&target=OPTIMIZATION_TARGET_PAG
          Source: chrome.exe, 0000000E.00000002.1463769615.0000028401BD8000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.1461999379.0000028401A34000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.1460856024.00000284016C4000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000E.00000003.1380489874.0000028401668000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.1455093673.00000284005E6000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.1459896550.0000028401454000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=210230727&target=OPTIMIZATION_TARGET_CLIE
          Source: chrome.exe, 0000000E.00000002.1454156209.0000028400238000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://optimizationguide-pa.googleapis.com/v1:GetHints
          Source: 33bbe23d-6b16-4242-9819-814f54b4872d.tmp.20.drString found in binary or memory: https://outlook.live.com/calendar/view/agenda/quickcapture/moreDetails?isExtension=true
          Source: 33bbe23d-6b16-4242-9819-814f54b4872d.tmp.20.drString found in binary or memory: https://outlook.live.com/mail/0/
          Source: 33bbe23d-6b16-4242-9819-814f54b4872d.tmp.20.drString found in binary or memory: https://outlook.live.com/mail/compose?isExtension=true
          Source: 33bbe23d-6b16-4242-9819-814f54b4872d.tmp.20.drString found in binary or memory: https://outlook.live.com/mail/inbox?isExtension=true&sharedHeader=1&nlp=1&client_flight=outlookedge
          Source: chrome.exe, 0000000E.00000003.1416715765.000002840189C000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000E.00000003.1416747181.0000028400878000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000E.00000003.1415805539.00000284018BC000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://outlook.office.com/calendar/
          Source: 33bbe23d-6b16-4242-9819-814f54b4872d.tmp.20.drString found in binary or memory: https://outlook.office.com/calendar/view/agenda/quickcapture/moreDetails?isExtension=true
          Source: 33bbe23d-6b16-4242-9819-814f54b4872d.tmp.20.drString found in binary or memory: https://outlook.office.com/mail/0/
          Source: 33bbe23d-6b16-4242-9819-814f54b4872d.tmp.20.drString found in binary or memory: https://outlook.office.com/mail/compose?isExtension=true
          Source: 33bbe23d-6b16-4242-9819-814f54b4872d.tmp.20.drString found in binary or memory: https://outlook.office.com/mail/inbox?isExtension=true&sharedHeader=1&client_flight=outlookedge
          Source: chrome.exe, 0000000E.00000002.1441948465.0000021288610000.00000002.00000001.00040000.00000012.sdmpString found in binary or memory: https://passwords.google.comSaved
          Source: chrome.exe, 0000000E.00000002.1457088515.0000028400C8C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://passwords.google/
          Source: chrome.exe, 0000000E.00000002.1454156209.0000028400238000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://people.googleapis.com/
          Source: msedge.exe, 00000012.00000003.1545538082.0000461C00274000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/AddSession
          Source: msedge.exe, 00000012.00000003.1545538082.0000461C00274000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/Logout
          Source: msedge.exe, 00000012.00000003.1545538082.0000461C00274000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/LogoutYxAB
          Source: msedge.exe, 00000012.00000003.1545538082.0000461C00274000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/MergeSession
          Source: msedge.exe, 00000012.00000003.1545538082.0000461C00274000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/OAuthLogin
          Source: msedge.exe, 00000012.00000003.1545538082.0000461C00274000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/RotateBoundCookies
          Source: msedge.exe, 00000012.00000003.1545538082.0000461C00274000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/chrome/blank.html
          Source: msedge.exe, 00000012.00000003.1545538082.0000461C00274000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/o/oauth2/revoke
          Source: msedge.exe, 00000012.00000003.1545538082.0000461C00274000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/oauth/multilogin
          Source: msedge.exe, 00000012.00000003.1545538082.0000461C00274000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/oauth2/v1/userinfo
          Source: msedge.exe, 00000012.00000003.1545538082.0000461C00274000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/oauth2/v2/tokeninfo
          Source: msedge.exe, 00000012.00000003.1545538082.0000461C00274000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/oauth2/v4/token
          Source: msedge.exe, 00000012.00000003.1545538082.0000461C00274000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/reauth/v1beta/users/
          Source: msedge.exe, 00000012.00000003.1545538082.0000461C00274000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/v1/issuetoken
          Source: chrome.exe, 0000000E.00000003.1380634874.00000284014C4000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.1458299036.0000028400F74000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.1441948465.0000021288610000.00000002.00000001.00040000.00000012.sdmpString found in binary or memory: https://policies.google.com/
          Source: 33bbe23d-6b16-4242-9819-814f54b4872d.tmp.20.drString found in binary or memory: https://powerpoint.new?from=EdgeM365Shoreline
          Source: chrome.exe, 0000000E.00000002.1456103453.0000028400AF2000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://publickeyservice.pa.aws.privacysandboxservices.com/.well-known/protected-auction/v1/public-k
          Source: chrome.exe, 0000000E.00000002.1456103453.0000028400AF2000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://publickeyservice.pa.gcp.privacysandboxservices.com/.well-known/protected-auction/v1/public-k
          Source: chrome.exe, 0000000E.00000002.1454710036.00000284004F8000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000E.00000003.1415928003.00000284004F8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://safebrowsing.google.com/safebrowsing/clientreport/chrome-sct-auditing
          Source: chrome.exe, 0000000E.00000002.1453254781.00000284000A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://sctauditing-pa.googleapis.com/v1/knownscts/length/$1/prefix/$2?key=AIzaSyA2KlwBX3mkFo30om9LU
          Source: chrome.exe, 0000000E.00000002.1458980523.0000028401130000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.1454156209.0000028400238000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://securitydomain-pa.googleapis.com/v1/
          Source: chrome.exe, 0000000E.00000003.1416497649.000002800073C000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000E.00000003.1417214773.0000028401D44000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://shieldedids-pa.googleapis.comb
          Source: chrome.exe, 0000000E.00000002.1462054700.0000028401A68000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.1458680060.000002840105C000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.1457960928.0000028400EC8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://sites.google.com/u/0/create?usp=chrome_actions
          Source: chrome.exe, 0000000E.00000002.1454876630.0000028400544000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.1467363881.0000028402274000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://ssl.gstatic.com/gb/images/bar/al-icon.png
          Source: file.exe, file.exe, 00000001.00000002.1979891635.0000000000400000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199829660832
          Source: file.exe, 00000001.00000002.1979891635.0000000000400000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199829660832ir7amMozilla/5.0
          Source: chrome.exe, 0000000E.00000002.1441948465.0000021288610000.00000002.00000001.00040000.00000012.sdmpString found in binary or memory: https://support.google.com/chrome/a/?p=browser_profile_details
          Source: chrome.exe, 0000000E.00000002.1441948465.0000021288610000.00000002.00000001.00040000.00000012.sdmpString found in binary or memory: https://support.google.com/chrome/answer/6098869
          Source: chrome.exe, 0000000E.00000002.1441948465.0000021288610000.00000002.00000001.00040000.00000012.sdmpString found in binary or memory: https://support.google.com/chrome/answer/96817
          Source: chrome.exe, 0000000E.00000002.1455671212.0000028400994000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://support.google.com/chrome?p=desktop_tab_groups
          Source: chrome.exe, 0000000E.00000002.1441948465.0000021288610000.00000002.00000001.00040000.00000012.sdmpString found in binary or memory: https://support.google.com/chromebook?p=app_intent
          Source: file.exe, 00000001.00000002.1989742690.0000000004836000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
          Source: file.exe, 00000001.00000002.1989742690.0000000004836000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/products/firefoxgro.all
          Source: file.exe, 00000001.00000002.1980324743.000000000122F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t.me/
          Source: file.exe, file.exe, 00000001.00000002.1980324743.0000000001256000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.1980324743.00000000011D7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.1979891635.0000000000400000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://t.me/l793oy
          Source: file.exe, 00000001.00000002.1979891635.0000000000400000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://t.me/l793oyir7amMozilla/5.0
          Source: chrome.exe, 0000000E.00000002.1458980523.0000028401130000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://t0.gstatic.com/faviconV2
          Source: chrome.exe, 0000000E.00000002.1454156209.0000028400238000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://tasks.googleapis.com/
          Source: 33bbe23d-6b16-4242-9819-814f54b4872d.tmp.20.drString found in binary or memory: https://tidal.com/
          Source: 33bbe23d-6b16-4242-9819-814f54b4872d.tmp.20.drString found in binary or memory: https://twitter.com/
          Source: edgeSettings_2.0-48b11410dc937a1723bf4c5ad33ecdb286d8ec69544241bc373f753e64b396c1.20.drString found in binary or memory: https://unitedstates1.ss.wd.microsoft.us/
          Source: edgeSettings_2.0-48b11410dc937a1723bf4c5ad33ecdb286d8ec69544241bc373f753e64b396c1.20.drString found in binary or memory: https://unitedstates2.ss.wd.microsoft.us/
          Source: edgeSettings_2.0-48b11410dc937a1723bf4c5ad33ecdb286d8ec69544241bc373f753e64b396c1.20.drString found in binary or memory: https://unitedstates4.ss.wd.microsoft.us/
          Source: 33bbe23d-6b16-4242-9819-814f54b4872d.tmp.20.drString found in binary or memory: https://vibe.naver.com/today
          Source: file.exe, 00000001.00000002.1980324743.0000000001256000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://web.telegram.org
          Source: 33bbe23d-6b16-4242-9819-814f54b4872d.tmp.20.drString found in binary or memory: https://web.telegram.org/
          Source: 33bbe23d-6b16-4242-9819-814f54b4872d.tmp.20.drString found in binary or memory: https://web.whatsapp.com
          Source: 33bbe23d-6b16-4242-9819-814f54b4872d.tmp.20.drString found in binary or memory: https://word.new?from=EdgeM365Shoreline
          Source: file.exe, 00000001.00000002.1980324743.0000000001256000.00000004.00000020.00020000.00000000.sdmp, xl6pp8.1.drString found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_15e498ec2b39921665a1fbc954bff40a8106629178eadc64
          Source: 33bbe23d-6b16-4242-9819-814f54b4872d.tmp.20.drString found in binary or memory: https://www.deezer.com/
          Source: file.exe, 00000001.00000002.1986377064.00000000040AB000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.1458714261.0000028401094000.00000004.00001000.00020000.00000000.sdmp, zm7gdb.1.drString found in binary or memory: https://www.ecosia.org/newtab/v20
          Source: chrome.exe, 0000000E.00000002.1463640863.0000028401BB8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.google-analytics.com;report-uri
          Source: chrome.exe, 0000000E.00000002.1456985867.0000028400C54000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/
          Source: chrome.exe, 0000000E.00000002.1461003343.0000028401704000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/async/ddljson?async=ntp:2
          Source: chrome.exe, 0000000E.00000002.1463324303.0000028401B80000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/async/newtab_promos
          Source: chrome.exe, 0000000E.00000002.1457088515.0000028400C8C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/chrome/#safe
          Source: chrome.exe, 0000000E.00000002.1457167517.0000028400CC4000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/chrome/browser-features/
          Source: chrome.exe, 0000000E.00000002.1457167517.0000028400CC4000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/chrome/browser-tools/
          Source: chrome.exe, 0000000E.00000003.1416497649.000002800073C000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000E.00000003.1415600805.0000028401930000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/chrome/go-mobile/?ios-campaign=desktop-chr-ntp&android-campaign=desktop-chr-n
          Source: chrome.exe, 0000000E.00000002.1441948465.0000021288610000.00000002.00000001.00040000.00000012.sdmpString found in binary or memory: https://www.google.com/chrome/privacy/eula_text.htmlH&elpManaged
          Source: chrome.exe, 0000000E.00000002.1458479394.0000028400FD4000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.1459437515.00000284012AC000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.1457960928.0000028400EC8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/chrome/tips/
          Source: file.exe, 00000001.00000002.1986377064.00000000040AB000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.1453912137.00000284001D0000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.1455671212.0000028400994000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000E.00000003.1375375796.0000028401344000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.1456273058.0000028400B28000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.1454536201.00000284004E0000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.1454905551.0000028400558000.00000004.00001000.00020000.00000000.sdmp, zm7gdb.1.drString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_alldp.ico
          Source: chrome.exe, 0000000E.00000003.1375375796.0000028401344000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_alldp.icoe
          Source: chrome.exe, 0000000E.00000002.1454876630.0000028400544000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.1467363881.0000028402274000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/imghp?hl=en&amp;tab=ri&amp;ogbl
          Source: chrome.exe, 0000000E.00000002.1467164560.0000028402204000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/intl/en/about/products?tab=rh
          Source: chrome.exe, 0000000E.00000003.1416497649.000002800073C000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000E.00000003.1416976077.0000028401D2C000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000E.00000003.1416932810.0000028401D20000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000E.00000003.1415600805.0000028401930000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/search
          Source: chrome.exe, 0000000E.00000002.1455705468.00000284009A4000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/tools/feedback/chrome/__submit
          Source: chrome.exe, 0000000E.00000002.1454115921.000002840020C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/
          Source: chrome.exe, 0000000E.00000003.1416497649.000002800073C000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000E.00000003.1417214773.0000028401D44000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/auth/shieldedids.manager2
          Source: chrome.exe, 0000000E.00000002.1454115921.000002840020C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/oauth2/v1/userinfo
          Source: chrome.exe, 0000000E.00000002.1454115921.000002840020C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/oauth2/v2/tokeninfo
          Source: chrome.exe, 0000000E.00000002.1454115921.000002840020C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/oauth2/v4/token
          Source: chrome.exe, 0000000E.00000002.1454115921.000002840020C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/reauth/v1beta/users/
          Source: chrome.exe, 0000000E.00000002.1463640863.0000028401BB8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com
          Source: chrome.exe, 0000000E.00000002.1461999379.0000028401A34000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.1456436729.0000028400B88000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com/chrome/intelligence/assist/ranker/models/translate/2017/03/translate_ranker_
          Source: chrome.exe, 0000000E.00000002.1462238413.0000028401AB0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com/images/icons/material/system/1x/useren_image_grey600_18dp.png
          Source: chrome.exe, 0000000E.00000002.1465566478.0000028401CA4000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.1467209810.0000028402210000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000E.00000003.1423105011.0000028401FD0000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.1467363881.0000028402274000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.1467008632.00000284021B8000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.1467288142.000002840223C000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.1467327799.0000028402254000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.1462238413.0000028401AB0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com/images/icons/material/system/2x/useren_image_grey600_18dp.png
          Source: chrome.exe, 0000000E.00000002.1467164560.0000028402204000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com/og/_/js/k=og.qtm.en_US.WcyoQrvsWY0.2019.O/rt=j/m=q_dnp
          Source: chrome.exe, 0000000E.00000002.1467164560.0000028402204000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com/og/_/ss/k=og.qtm.L8bgMGq1rcI.L.W.O/m=qmd
          Source: 33bbe23d-6b16-4242-9819-814f54b4872d.tmp.20.drString found in binary or memory: https://www.iheart.com/podcast/
          Source: 33bbe23d-6b16-4242-9819-814f54b4872d.tmp.20.drString found in binary or memory: https://www.instagram.com
          Source: 33bbe23d-6b16-4242-9819-814f54b4872d.tmp.20.drString found in binary or memory: https://www.last.fm/
          Source: file.exe, 00000001.00000002.1980324743.0000000001256000.00000004.00000020.00020000.00000000.sdmp, xl6pp8.1.drString found in binary or memory: https://www.marriott.com/default.mi?utm_source=admarketplace&utm_medium=cpc&utm_campaign=Marriott_Pr
          Source: 33bbe23d-6b16-4242-9819-814f54b4872d.tmp.20.drString found in binary or memory: https://www.messenger.com
          Source: file.exe, 00000001.00000002.1989742690.0000000004836000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.d-GHL1OW1fkT
          Source: file.exe, 00000001.00000002.1989742690.0000000004836000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.sYEKgG4Or0s6
          Source: file.exe, 00000001.00000002.1989742690.0000000004836000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/Firefox
          Source: file.exe, 00000001.00000002.1989742690.0000000004836000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
          Source: file.exe, 00000001.00000002.1989742690.0000000004836000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www.
          Source: 33bbe23d-6b16-4242-9819-814f54b4872d.tmp.20.drString found in binary or memory: https://www.msn.com/widgets/fullpage/cgSideBar/widget?experiences=CasualGamesHub&sharedHeader=1
          Source: 33bbe23d-6b16-4242-9819-814f54b4872d.tmp.20.drString found in binary or memory: https://www.msn.com/widgets/fullpage/cgSideBar/widget?experiences=CasualGamesHub&sharedHeader=1&game
          Source: 33bbe23d-6b16-4242-9819-814f54b4872d.tmp.20.drString found in binary or memory: https://www.msn.com/widgets/fullpage/cgSideBar/widget?experiences=CasualGamesHub&sharedHeader=1&item
          Source: 33bbe23d-6b16-4242-9819-814f54b4872d.tmp.20.drString found in binary or memory: https://www.msn.com/widgets/fullpage/gaming/widget?experiences=CasualGamesHub&sharedHeader=1
          Source: 33bbe23d-6b16-4242-9819-814f54b4872d.tmp.20.drString found in binary or memory: https://www.msn.com/widgets/fullpage/gaming/widget?experiences=CasualGamesHub&sharedHeader=1&item=fl
          Source: 33bbe23d-6b16-4242-9819-814f54b4872d.tmp.20.drString found in binary or memory: https://www.msn.com/widgets/fullpage/gaming/widget?experiences=CasualGamesHub&sharedHeader=1&playInS
          Source: 33bbe23d-6b16-4242-9819-814f54b4872d.tmp.20.drString found in binary or memory: https://www.office.com
          Source: 33bbe23d-6b16-4242-9819-814f54b4872d.tmp.20.drString found in binary or memory: https://www.officeplus.cn/?sid=shoreline&endpoint=OPPC&source=OPCNshoreline
          Source: 33bbe23d-6b16-4242-9819-814f54b4872d.tmp.20.drString found in binary or memory: https://www.onenote.com/stickynotes?isEdgeHub=true
          Source: 33bbe23d-6b16-4242-9819-814f54b4872d.tmp.20.drString found in binary or memory: https://www.onenote.com/stickynotes?isEdgeHub=true&auth=1
          Source: 33bbe23d-6b16-4242-9819-814f54b4872d.tmp.20.drString found in binary or memory: https://www.onenote.com/stickynotes?isEdgeHub=true&auth=2
          Source: 33bbe23d-6b16-4242-9819-814f54b4872d.tmp.20.drString found in binary or memory: https://www.onenote.com/stickynotesstaging?isEdgeHub=true
          Source: 33bbe23d-6b16-4242-9819-814f54b4872d.tmp.20.drString found in binary or memory: https://www.onenote.com/stickynotesstaging?isEdgeHub=true&auth=1
          Source: 33bbe23d-6b16-4242-9819-814f54b4872d.tmp.20.drString found in binary or memory: https://www.onenote.com/stickynotesstaging?isEdgeHub=true&auth=2
          Source: chrome.exe, 0000000E.00000002.1459668522.00000284013A0000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.1459437515.00000284012AC000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/
          Source: chrome.exe, 0000000E.00000002.1458955069.0000028401120000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.1454536201.00000284004E0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/:
          Source: chrome.exe, 0000000E.00000002.1458955069.0000028401120000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.1459982546.000002840148C000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.1454536201.00000284004E0000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.1459668522.00000284013A0000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.1459437515.00000284012AC000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/?feature=ytca
          Source: chrome.exe, 0000000E.00000002.1458955069.0000028401120000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.1454536201.00000284004E0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/J
          Source: chrome.exe, 0000000E.00000002.1463324303.0000028401B80000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.1459556132.0000028401344000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.1458955069.0000028401120000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000E.00000003.1375375796.0000028401344000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.1454536201.00000284004E0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/s/notifications/manifest/cr_install.html
          Source: chrome.exe, 0000000E.00000002.1459556132.0000028401344000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000E.00000003.1375375796.0000028401344000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/s/notifications/manifest/cr_install.htmlr
          Source: 33bbe23d-6b16-4242-9819-814f54b4872d.tmp.20.drString found in binary or memory: https://y.music.163.com/m/
          Source: unknownNetwork traffic detected: HTTP traffic on port 49708 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49743
          Source: unknownNetwork traffic detected: HTTP traffic on port 49817 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49742
          Source: unknownNetwork traffic detected: HTTP traffic on port 49789 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49800 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49766 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49795 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49737
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49736
          Source: unknownNetwork traffic detected: HTTP traffic on port 49772 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49841 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
          Source: unknownNetwork traffic detected: HTTP traffic on port 49812 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49784 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49749 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49823 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49681 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49848
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49847
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49725
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49846
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49724
          Source: unknownNetwork traffic detected: HTTP traffic on port 49790 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49845
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49723
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49844
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49722
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49843
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49842
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49841
          Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49840
          Source: unknownNetwork traffic detected: HTTP traffic on port 49697 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49748 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49760 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49828 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49719
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49839
          Source: unknownNetwork traffic detected: HTTP traffic on port 49847 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49836
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49835
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49712
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49711
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49710
          Source: unknownNetwork traffic detected: HTTP traffic on port 49839 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49822 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49796 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49708
          Source: unknownNetwork traffic detected: HTTP traffic on port 49811 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49828
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49827
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49705
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49826
          Source: unknownNetwork traffic detected: HTTP traffic on port 49754 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49824
          Source: unknownNetwork traffic detected: HTTP traffic on port 49737 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49823
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49822
          Source: unknownNetwork traffic detected: HTTP traffic on port 49699 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49785
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49784
          Source: unknownNetwork traffic detected: HTTP traffic on port 49813 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49783
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49782
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49781
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49780
          Source: unknownNetwork traffic detected: HTTP traffic on port 49836 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49785 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49776 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49845 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49791 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49736 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49759 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49778
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49776
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49775
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49774
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49773
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49772
          Source: unknownNetwork traffic detected: HTTP traffic on port 49724 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49780 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49802 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49769
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49768
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49767
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49766
          Source: unknownNetwork traffic detected: HTTP traffic on port 49758 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49764
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49760
          Source: unknownNetwork traffic detected: HTTP traffic on port 49840 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49693 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49725 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49764 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49719 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49801 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49824 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49759
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49758
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49757
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49756
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49755
          Source: unknownNetwork traffic detected: HTTP traffic on port 49698 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49754
          Source: unknownNetwork traffic detected: HTTP traffic on port 49818 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49750
          Source: unknownNetwork traffic detected: HTTP traffic on port 49835 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49687 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49775 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49749
          Source: unknownNetwork traffic detected: HTTP traffic on port 49846 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49748
          Source: unknownNetwork traffic detected: HTTP traffic on port 49792 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49746
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49745
          Source: unknownNetwork traffic detected: HTTP traffic on port 49672 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49695 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49746 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49781 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49769 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49803 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49826 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49699
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49698
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49697
          Source: unknownNetwork traffic detected: HTTP traffic on port 49820 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49711 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49695
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49693
          Source: unknownNetwork traffic detected: HTTP traffic on port 49689 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49700 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49798 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49689
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49688
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49687
          Source: unknownNetwork traffic detected: HTTP traffic on port 49712 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49819 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49844 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49683
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49681
          Source: unknownNetwork traffic detected: HTTP traffic on port 49745 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49793 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49688 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49774 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49757 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49782 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49798
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49796
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49795
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49794
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49793
          Source: unknownNetwork traffic detected: HTTP traffic on port 49814 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49792
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49791
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49790
          Source: unknownNetwork traffic detected: HTTP traffic on port 49768 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49723 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49683 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49789
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49700
          Source: unknownNetwork traffic detected: HTTP traffic on port 49710 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49820
          Source: unknownNetwork traffic detected: HTTP traffic on port 49842 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49819
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49818
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49817
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49816
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49815
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49814
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49813
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49812
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49811
          Source: unknownNetwork traffic detected: HTTP traffic on port 49816 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49767 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49794 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49827 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49848 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49804
          Source: unknownNetwork traffic detected: HTTP traffic on port 49773 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49803
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49802
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49801
          Source: unknownNetwork traffic detected: HTTP traffic on port 49756 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49800
          Source: unknownNetwork traffic detected: HTTP traffic on port 49783 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49678 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49815 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49722 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49778 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49755 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49705 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49843 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49804 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49750 -> 443
          Source: unknownHTTPS traffic detected: 149.154.167.99:443 -> 192.168.2.10:49681 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 95.217.27.252:443 -> 192.168.2.10:49683 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 95.217.27.252:443 -> 192.168.2.10:49723 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 95.217.27.252:443 -> 192.168.2.10:49724 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 95.217.27.252:443 -> 192.168.2.10:49812 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 95.217.27.252:443 -> 192.168.2.10:49839 version: TLS 1.2
          Source: C:\Users\user\Desktop\file.exeCode function: 1_2_00410A90 CreateStreamOnHGlobal,GetDesktopWindow,GetWindowRect,GetDC,CreateCompatibleDC,CreateCompatibleBitmap,SelectObject,BitBlt,malloc,StrCmpCW,GetHGlobalFromStream,GlobalLock,GlobalSize,SelectObject,DeleteObject,DeleteObject,DeleteObject,ReleaseDC,CloseWindow,1_2_00410A90
          Source: C:\Users\user\Desktop\file.exeCode function: 1_2_00406480 memcpy,OpenDesktopA,CreateDesktopA,lstrcpyA,CreateProcessA,Sleep,CloseDesktop,1_2_00406480

          System Summary

          barindex
          Malicious sample detected (through community Yara rule)
          Source: 1.2.file.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Finds Vidar samples based on the specific strings Author: Sekoia.io
          Source: 0.2.file.exe.3649550.0.raw.unpack, type: UNPACKEDPEMatched rule: Finds Vidar samples based on the specific strings Author: Sekoia.io
          Source: 1.2.file.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Finds Vidar samples based on the specific strings Author: Sekoia.io
          Source: 00000001.00000002.1979891635.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Finds Vidar samples based on the specific strings Author: Sekoia.io
          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_009625E00_2_009625E0
          Source: C:\Users\user\Desktop\file.exeCode function: 1_2_00404A201_2_00404A20
          Source: C:\Users\user\Desktop\file.exeCode function: 1_2_004186301_2_00418630
          Source: C:\Users\user\Desktop\file.exeCode function: 1_2_0041B7701_2_0041B770
          Source: C:\Users\user\Desktop\file.exeCode function: 1_2_0041B3001_2_0041B300
          Source: C:\Users\user\Desktop\file.exeCode function: 1_2_0041C1001_2_0041C100
          Source: C:\Users\user\Desktop\file.exeCode function: 1_2_004193D01_2_004193D0
          Source: C:\Users\user\Desktop\file.exeCode function: 1_2_0041A7D01_2_0041A7D0
          Source: C:\Users\user\Desktop\file.exeCode function: String function: 00410D00 appears 42 times
          Source: C:\Users\user\Desktop\file.exeCode function: String function: 0040F5B0 appears 135 times
          Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 6936 -s 800
          Source: file.exe, 00000000.00000002.1138340258.000000000099E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs file.exe
          Source: 1.2.file.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: infostealer_win_vidar_strings_nov23 author = Sekoia.io, description = Finds Vidar samples based on the specific strings, creation_date = 2023-11-10, classification = TLP:CLEAR, version = 1.0, reference = https://twitter.com/crep1x/status/1722652451319202242, id = b2c17627-f9b8-4401-b657-1cce560edc76
          Source: 0.2.file.exe.3649550.0.raw.unpack, type: UNPACKEDPEMatched rule: infostealer_win_vidar_strings_nov23 author = Sekoia.io, description = Finds Vidar samples based on the specific strings, creation_date = 2023-11-10, classification = TLP:CLEAR, version = 1.0, reference = https://twitter.com/crep1x/status/1722652451319202242, id = b2c17627-f9b8-4401-b657-1cce560edc76
          Source: 1.2.file.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: infostealer_win_vidar_strings_nov23 author = Sekoia.io, description = Finds Vidar samples based on the specific strings, creation_date = 2023-11-10, classification = TLP:CLEAR, version = 1.0, reference = https://twitter.com/crep1x/status/1722652451319202242, id = b2c17627-f9b8-4401-b657-1cce560edc76
          Source: 00000001.00000002.1979891635.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: infostealer_win_vidar_strings_nov23 author = Sekoia.io, description = Finds Vidar samples based on the specific strings, creation_date = 2023-11-10, classification = TLP:CLEAR, version = 1.0, reference = https://twitter.com/crep1x/status/1722652451319202242, id = b2c17627-f9b8-4401-b657-1cce560edc76
          Source: file.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
          Source: file.exeStatic PE information: Section: .CSS ZLIB complexity 1.0003622159090908
          Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@71/275@24/23
          Source: C:\Users\user\Desktop\file.exeCode function: 1_2_00411250 CreateToolhelp32Snapshot,Process32First,StrCmpCA,Process32Next,StrCmpCA,CloseHandle,1_2_00411250
          Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\Q8X2NUFH\4R30EGPD.htmJump to behavior
          Source: C:\Users\user\Desktop\file.exeMutant created: NULL
          Source: C:\Windows\SysWOW64\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess6936
          Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5188:120:WilError_03
          Source: C:\Windows\SysWOW64\WerFault.exeFile created: C:\ProgramData\Microsoft\Windows\WER\Temp\b6b0a6e6-d85c-44da-ab3e-b2b43c56baf3Jump to behavior
          Source: file.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
          Source: file.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.83%
          Source: C:\Users\user\Desktop\file.exeFile read: C:\$Recycle.Bin\S-1-5-21-2246122658-3693405117-2476756634-1003\desktop.iniJump to behavior
          Source: C:\Users\user\Desktop\file.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
          Source: chrome.exe, 0000000E.00000002.1457167517.0000028400CD5000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: CREATE TABLE psl_extensions (domain VARCHAR NOT NULL, UNIQUE (domain));
          Source: gv3w4e37y.1.dr, 47gdjwt00.1.drBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
          Source: file.exeVirustotal: Detection: 74%
          Source: file.exeReversingLabs: Detection: 86%
          Source: C:\Users\user\Desktop\file.exeFile read: C:\Users\user\Desktop\file.exeJump to behavior
          Source: unknownProcess created: C:\Users\user\Desktop\file.exe "C:\Users\user\Desktop\file.exe"
          Source: C:\Users\user\Desktop\file.exeProcess created: C:\Users\user\Desktop\file.exe "C:\Users\user\Desktop\file.exe"
          Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 6936 -s 800
          Source: C:\Users\user\Desktop\file.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default"
          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2420,i,1879571237387738867,10453943320962855917,262144 --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2548 /prefetch:3
          Source: C:\Users\user\Desktop\file.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory="Default"
          Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2512 --field-trial-handle=2312,i,271099577594506018,1403885451667962874,262144 /prefetch:3
          Source: unknownProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory=Default --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate
          Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2788 --field-trial-handle=2244,i,2275257019305872411,4464955084961015424,262144 /prefetch:3
          Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=6680 --field-trial-handle=2244,i,2275257019305872411,4464955084961015424,262144 /prefetch:8
          Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=6852 --field-trial-handle=2244,i,2275257019305872411,4464955084961015424,262144 /prefetch:8
          Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /c timeout /t 11 & rd /s /q "C:\ProgramData\ymg4o" & exit
          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\timeout.exe timeout /t 11
          Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceuserer --lang=en-GB --service-sandbox-type=search_indexer --message-loop-type-ui --mojo-platform-channel-handle=6776 --field-trial-handle=2244,i,2275257019305872411,4464955084961015424,262144 /prefetch:8
          Source: C:\Users\user\Desktop\file.exeProcess created: C:\Users\user\Desktop\file.exe "C:\Users\user\Desktop\file.exe"Jump to behavior
          Source: C:\Users\user\Desktop\file.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default"Jump to behavior
          Source: C:\Users\user\Desktop\file.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory="Default"Jump to behavior
          Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /c timeout /t 11 & rd /s /q "C:\ProgramData\ymg4o" & exitJump to behavior
          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2420,i,1879571237387738867,10453943320962855917,262144 --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2548 /prefetch:3Jump to behavior
          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
          Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
          Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
          Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2512 --field-trial-handle=2312,i,271099577594506018,1403885451667962874,262144 /prefetch:3Jump to behavior
          Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
          Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
          Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2788 --field-trial-handle=2244,i,2275257019305872411,4464955084961015424,262144 /prefetch:3
          Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
          Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
          Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
          Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
          Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
          Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
          Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
          Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
          Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
          Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
          Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
          Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
          Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
          Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=6680 --field-trial-handle=2244,i,2275257019305872411,4464955084961015424,262144 /prefetch:8
          Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=6852 --field-trial-handle=2244,i,2275257019305872411,4464955084961015424,262144 /prefetch:8
          Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
          Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
          Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
          Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
          Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
          Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
          Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
          Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
          Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
          Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
          Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
          Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
          Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
          Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
          Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
          Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
          Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceuserer --lang=en-GB --service-sandbox-type=search_indexer --message-loop-type-ui --mojo-platform-channel-handle=6776 --field-trial-handle=2244,i,2275257019305872411,4464955084961015424,262144 /prefetch:8
          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\timeout.exe timeout /t 11
          Source: C:\Users\user\Desktop\file.exeSection loaded: mscoree.dllJump to behavior
          Source: C:\Users\user\Desktop\file.exeSection loaded: apphelp.dllJump to behavior
          Source: C:\Users\user\Desktop\file.exeSection loaded: kernel.appcore.dllJump to behavior
          Source: C:\Users\user\Desktop\file.exeSection loaded: version.dllJump to behavior
          Source: C:\Users\user\Desktop\file.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
          Source: C:\Users\user\Desktop\file.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
          Source: C:\Users\user\Desktop\file.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
          Source: C:\Users\user\Desktop\file.exeSection loaded: wininet.dllJump to behavior
          Source: C:\Users\user\Desktop\file.exeSection loaded: dbghelp.dllJump to behavior
          Source: C:\Users\user\Desktop\file.exeSection loaded: sspicli.dllJump to behavior
          Source: C:\Users\user\Desktop\file.exeSection loaded: iertutil.dllJump to behavior
          Source: C:\Users\user\Desktop\file.exeSection loaded: windows.storage.dllJump to behavior
          Source: C:\Users\user\Desktop\file.exeSection loaded: wldp.dllJump to behavior
          Source: C:\Users\user\Desktop\file.exeSection loaded: profapi.dllJump to behavior
          Source: C:\Users\user\Desktop\file.exeSection loaded: kernel.appcore.dllJump to behavior
          Source: C:\Users\user\Desktop\file.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
          Source: C:\Users\user\Desktop\file.exeSection loaded: winhttp.dllJump to behavior
          Source: C:\Users\user\Desktop\file.exeSection loaded: mswsock.dllJump to behavior
          Source: C:\Users\user\Desktop\file.exeSection loaded: iphlpapi.dllJump to behavior
          Source: C:\Users\user\Desktop\file.exeSection loaded: winnsi.dllJump to behavior
          Source: C:\Users\user\Desktop\file.exeSection loaded: urlmon.dllJump to behavior
          Source: C:\Users\user\Desktop\file.exeSection loaded: srvcli.dllJump to behavior
          Source: C:\Users\user\Desktop\file.exeSection loaded: netutils.dllJump to behavior
          Source: C:\Users\user\Desktop\file.exeSection loaded: dnsapi.dllJump to behavior
          Source: C:\Users\user\Desktop\file.exeSection loaded: rasadhlp.dllJump to behavior
          Source: C:\Users\user\Desktop\file.exeSection loaded: fwpuclnt.dllJump to behavior
          Source: C:\Users\user\Desktop\file.exeSection loaded: schannel.dllJump to behavior
          Source: C:\Users\user\Desktop\file.exeSection loaded: mskeyprotect.dllJump to behavior
          Source: C:\Users\user\Desktop\file.exeSection loaded: ntasn1.dllJump to behavior
          Source: C:\Users\user\Desktop\file.exeSection loaded: msasn1.dllJump to behavior
          Source: C:\Users\user\Desktop\file.exeSection loaded: dpapi.dllJump to behavior
          Source: C:\Users\user\Desktop\file.exeSection loaded: cryptsp.dllJump to behavior
          Source: C:\Users\user\Desktop\file.exeSection loaded: rsaenh.dllJump to behavior
          Source: C:\Users\user\Desktop\file.exeSection loaded: cryptbase.dllJump to behavior
          Source: C:\Users\user\Desktop\file.exeSection loaded: gpapi.dllJump to behavior
          Source: C:\Users\user\Desktop\file.exeSection loaded: ncrypt.dllJump to behavior
          Source: C:\Users\user\Desktop\file.exeSection loaded: ncryptsslp.dllJump to behavior
          Source: C:\Users\user\Desktop\file.exeSection loaded: ntmarta.dllJump to behavior
          Source: C:\Users\user\Desktop\file.exeSection loaded: uxtheme.dllJump to behavior
          Source: C:\Users\user\Desktop\file.exeSection loaded: windowscodecs.dllJump to behavior
          Source: C:\Users\user\Desktop\file.exeSection loaded: propsys.dllJump to behavior
          Source: C:\Users\user\Desktop\file.exeSection loaded: windows.fileexplorer.common.dllJump to behavior
          Source: C:\Users\user\Desktop\file.exeSection loaded: apphelp.dllJump to behavior
          Source: C:\Users\user\Desktop\file.exeSection loaded: ntshrui.dllJump to behavior
          Source: C:\Users\user\Desktop\file.exeSection loaded: cscapi.dllJump to behavior
          Source: C:\Users\user\Desktop\file.exeSection loaded: windows.staterepositoryps.dllJump to behavior
          Source: C:\Users\user\Desktop\file.exeSection loaded: linkinfo.dllJump to behavior
          Source: C:\Users\user\Desktop\file.exeSection loaded: edputil.dllJump to behavior
          Source: C:\Users\user\Desktop\file.exeSection loaded: wintypes.dllJump to behavior
          Source: C:\Users\user\Desktop\file.exeSection loaded: appresolver.dllJump to behavior
          Source: C:\Users\user\Desktop\file.exeSection loaded: bcp47langs.dllJump to behavior
          Source: C:\Users\user\Desktop\file.exeSection loaded: slc.dllJump to behavior
          Source: C:\Users\user\Desktop\file.exeSection loaded: userenv.dllJump to behavior
          Source: C:\Users\user\Desktop\file.exeSection loaded: sppc.dllJump to behavior
          Source: C:\Users\user\Desktop\file.exeSection loaded: onecorecommonproxystub.dllJump to behavior
          Source: C:\Users\user\Desktop\file.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
          Source: C:\Users\user\Desktop\file.exeSection loaded: pcacli.dllJump to behavior
          Source: C:\Users\user\Desktop\file.exeSection loaded: mpr.dllJump to behavior
          Source: C:\Users\user\Desktop\file.exeSection loaded: sfc_os.dllJump to behavior
          Source: C:\Windows\SysWOW64\timeout.exeSection loaded: version.dll
          Source: C:\Users\user\Desktop\file.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\InProcServer32Jump to behavior
          Source: Window RecorderWindow detected: More than 3 window changes detected
          Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
          Source: file.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
          Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
          Source: Binary string: System.Windows.Forms.pdb source: WERF266.tmp.dmp.4.dr
          Source: Binary string: mscorlib.pdb source: WERF266.tmp.dmp.4.dr
          Source: Binary string: System.ni.pdbRSDS source: WERF266.tmp.dmp.4.dr
          Source: Binary string: System.Windows.Forms.pdbMZ@ source: WERF266.tmp.dmp.4.dr
          Source: Binary string: mscorlib.ni.pdb source: WERF266.tmp.dmp.4.dr
          Source: Binary string: System.pdb) source: WERF266.tmp.dmp.4.dr
          Source: Binary string: mscorlib.ni.pdbRSDS source: WERF266.tmp.dmp.4.dr
          Source: Binary string: Initial.pdb source: WERF266.tmp.dmp.4.dr
          Source: Binary string: C:\Users\Admin\source\repos\Initial\Initial\obj\Release\Initial.pdb source: file.exe
          Source: Binary string: System.ni.pdb source: WERF266.tmp.dmp.4.dr
          Source: Binary string: System.pdb source: WERF266.tmp.dmp.4.dr
          Source: file.exeStatic PE information: 0xE13E9B06 [Sat Oct 1 03:41:58 2089 UTC]
          Source: C:\Users\user\Desktop\file.exeCode function: 1_2_004108E0 LoadLibraryW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,1_2_004108E0
          Source: file.exeStatic PE information: section name: .CSS

          Boot Survival

          barindex
          Monitors registry run keys for changes
          Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeRegistry key monitored: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunJump to behavior
          Source: C:\Users\user\Desktop\file.exeCode function: 1_2_004108E0 LoadLibraryW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,1_2_004108E0
          Source: C:\Users\user\Desktop\file.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior
          Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\file.exeMemory allocated: 960000 memory reserve | memory write watchJump to behavior
          Source: C:\Users\user\Desktop\file.exeMemory allocated: 2640000 memory reserve | memory write watchJump to behavior
          Source: C:\Users\user\Desktop\file.exeMemory allocated: 4640000 memory reserve | memory write watchJump to behavior
          Source: C:\Users\user\Desktop\file.exeDecision node followed by non-executed suspicious API: DecisionNode, Non Executed (send or recv or WinExec)
          Source: C:\Users\user\Desktop\file.exeEvasive API call chain: GetSystemTime,DecisionNodes
          Source: C:\Windows\SysWOW64\timeout.exe TID: 4356Thread sleep count: 95 > 30
          Source: C:\Users\user\Desktop\file.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
          Source: C:\Users\user\Desktop\file.exeCode function: 1_2_00414E70 wsprintfA,FindFirstFileA,DeleteFileA,FindNextFileA,strlen,wsprintfA,StrCmpCA,wsprintfA,wsprintfA,PathMatchSpecA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,CopyFileA,FindClose,1_2_00414E70
          Source: C:\Users\user\Desktop\file.exeCode function: 1_2_00407210 ExpandEnvironmentStringsA,FindFirstFileA,FindNextFileA,strlen,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,CopyFileA,StrCmpCA,CopyFileA,Sleep,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,CopyFileA,DeleteFileA,StrCmpCA,memset,lstrcatA,lstrcatA,lstrcatA,lstrcatA,CopyFileA,DeleteFileA,memset,lstrcatA,lstrcatA,lstrcatA,lstrcatA,FindClose,1_2_00407210
          Source: C:\Users\user\Desktop\file.exeCode function: 1_2_0040B6B0 FindFirstFileA,FindNextFileA,strlen,StrCmpCA,CopyFileA,Sleep,DeleteFileA,FindClose,1_2_0040B6B0
          Source: C:\Users\user\Desktop\file.exeCode function: 1_2_00415EB0 SHGetFolderPathA,wsprintfA,FindFirstFileA,FindNextFileA,FindNextFileA,FindNextFileA,strcpy,_splitpath,strcpy,strlen,isupper,wsprintfA,strcpy,strlen,SHFileOperationA,FindClose,1_2_00415EB0
          Source: C:\Users\user\Desktop\file.exeCode function: 1_2_00408360 FindFirstFileA,CopyFileA,FindNextFileA,FindNextFileA,FindNextFileA,strlen,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,FindClose,1_2_00408360
          Source: C:\Users\user\Desktop\file.exeCode function: 1_2_00413FD0 wsprintfA,FindFirstFileA,FindNextFileA,strlen,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,FindClose,1_2_00413FD0
          Source: C:\Users\user\Desktop\file.exeCode function: 1_2_004013F0 FindFirstFileA,FindClose,FindNextFileA,strlen,FindFirstFileA,DeleteFileA,FindNextFileA,CopyFileA,CopyFileA,DeleteFileA,FindClose,1_2_004013F0
          Source: C:\Users\user\Desktop\file.exeCode function: 1_2_00413580 wsprintfA,FindFirstFileA,memset,memset,FindNextFileA,strlen,wsprintfA,StrCmpCA,wsprintfA,wsprintfA,memset,lstrcatA,strtok_s,SymMatchString,strtok_s,memset,lstrcatA,strtok_s,PathMatchSpecA,DeleteFileA,DeleteFileA,CopyFileA,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,DeleteFileA,FindClose,1_2_00413580
          Source: C:\Users\user\Desktop\file.exeCode function: 1_2_004097B0 FindFirstFileA,FindNextFileA,strlen,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,1_2_004097B0
          Source: C:\Users\user\Desktop\file.exeCode function: 1_2_0040ACD0 wsprintfA,FindFirstFileA,FindNextFileA,FindNextFileA,FindNextFileA,strlen,lstrlenA,DeleteFileA,CopyFileA,FindClose,1_2_0040ACD0
          Source: C:\Users\user\Desktop\file.exeCode function: 1_2_00408C90 lstrcpyA,lstrcatA,FindFirstFileA,FindNextFileA,strlen,lstrcpyA,lstrcatA,lstrcatA,lstrcatA,memset,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcpyA,lstrcatA,lstrcatA,lstrcatA,CopyFileA,CopyFileA,CopyFileA,CopyFileA,CopyFileA,CopyFileA,CopyFileA,CopyFileA,CopyFileA,CopyFileA,FindFirstFileA,FindNextFileA,strlen,lstrcpyA,lstrcatA,lstrcatA,lstrcatA,lstrcpyA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,CopyFileA,FindClose,FindClose,DeleteFileA,_invalid_parameter_noinfo_noreturn,1_2_00408C90
          Source: C:\Users\user\Desktop\file.exeCode function: 1_2_00414950 GetProcessHeap,HeapAlloc,wsprintfA,FindFirstFileA,wsprintfA,CopyFileA,DeleteFileA,FindNextFileA,strlen,FindClose,lstrcatA,lstrcatA,lstrcatA,lstrlenA,lstrlenA,1_2_00414950
          Source: C:\Users\user\Desktop\file.exeCode function: 1_2_00409560 ??2@YAPAXI@Z,??2@YAPAXI@Z,_invalid_parameter_noinfo_noreturn,FindFirstFileA,FindNextFileA,strlen,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,1_2_00409560
          Source: C:\Users\user\Desktop\file.exeCode function: 1_2_00413AF0 SymMatchString,SymMatchString,SymMatchString,GetLogicalDriveStringsA,memset,GetDriveTypeA,lstrcpyA,lstrcpyA,lstrcpyA,lstrlenA,1_2_00413AF0
          Source: C:\Users\user\Desktop\file.exeCode function: 1_2_0040FDD0 GetSystemInfo,wsprintfA,1_2_0040FDD0
          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\Jump to behavior
          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\css\Jump to behavior
          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\html\Jump to behavior
          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\images\Jump to behavior
          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\Jump to behavior
          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\Jump to behavior
          Source: Web Data.20.drBinary or memory string: Interactive userers - NDCDYNVMware20,11696501413z
          Source: chrome.exe, 0000000E.00000002.1448456994.000002128F940000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V Hypervisor Root PartitionJG
          Source: chrome.exe, 0000000E.00000002.1460902962.00000284016DC000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: USB device added: path=\\?\usb#vid_0e0f&pid_0003#5&2dda038&0&5#{a5dcbf10-6530-11d2-901f-00c04fb951ed} vendor=3599 "VMware", product=3 "VMware Virtual USB Mouse", serial="", driver="usbccgp", guid=4c5a614a-04da-4a06-a70a-e5f1dd0d2306
          Source: chrome.exe, 0000000E.00000002.1447381441.000002128C21B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V Hypervisor Root Virtual ProcessorS
          Source: chrome.exe, 0000000E.00000002.1448456994.000002128F940000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.1447381441.000002128C1FB000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V Dynamic Memory Integration Service
          Source: Web Data.20.drBinary or memory string: Interactive userers - COM.HKVMware20,11696501413
          Source: chrome.exe, 0000000E.00000003.1407646781.000002128FA07000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \Registry\Machine\Software\Classes\CLSID\{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}\InProcServer326328Inactive Sessions6330Total Sessions4806Hyper-V Hypervisor Logical Processor4808Global Time4810Total Run Time4812Hypervisor Run Time4814Hardware Interrupts/sec4816Context Switches/sec4818Inter-ProcessR0
          Source: Web Data.20.drBinary or memory string: Test URL for global passwords blocklistVMware20,11696501413
          Source: Web Data.20.drBinary or memory string: Interactive userers - non-EU EuropeVMware20,11696501413
          Source: Web Data.20.drBinary or memory string: turbotax.intuit.comVMware20,11696501413t
          Source: Web Data.20.drBinary or memory string: Interactive userers - HKVMware20,11696501413]
          Source: Amcache.hve.4.drBinary or memory string: vmci.sys
          Source: chrome.exe, 0000000E.00000003.1404344553.000002128F9A9000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.1448456994.000002128F940000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 0000000E.00000003.1405324361.000002128F9A9000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 0000000E.00000003.1403684880.000002128F9A9000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VHyper-V Dynamic Memory Integration Serviceram
          Source: chrome.exe, 0000000E.00000003.1409797579.000002128FA76000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 0000000E.00000003.1403929217.000002128FA5F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: kflowServiceHost 4.0.0.06244Workflows Created6246Workflows Created Per Second6248Workflows Executing6250Workflows Completed6252Workflows Completed Per Second6254Workflows Aborted6256Workflows Aborted Per Second6258Workflows In Memory6260Workflows Persisted6262Workflows Persisted Per Second6264Workflows Terminated6266Workflows Terminated Per Second6268Workflows Loaded6270Workflows Loaded Per Second6272Workflows Unloaded6274Workflows Unloaded Per Second6276Workflows Suspended6278Workflows Suspended Per Second6280Workflows Idle Per Second6282Average Workflow Load Time6284Average Workflow Load Time Base6286Average Workflow Persist Time6288Average Workflow Persist Time Base6324Terminal Services6326Active Sessions6328Inactive Sessions6330Total Sessions4806Hyper-V Hypervisor Logical Processor4808Global Time4810Total Run Time4812Hypervisor Run Time4814Hardware Interrupts/sec4816Context Switches/sec4818Inter-Processor Interrupts/sec4820Scheduler Interrupts/sec4822Timer Interrupts/sec4824Inter-Processor Interrupts Sent/sec4826Processor Halts/sec4828Monitor Transition Cost4830Context Switch Time4832C1 Transitions/sec4834% C1 Time4836C2 Transitions/sec4838% C2 Time4840C3 Transitions/sec4842% C3 Time4844Frequency4846% of Max Frequency4848Parking Status4850Processor State Flags4852Root Vp Index4854Idle Sequence N
          Source: chrome.exe, 0000000E.00000002.1447381441.000002128C185000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V ulsqnrsvaqeqbjp Bus
          Source: Amcache.hve.4.drBinary or memory string: scsi\diskvmware__virtual_disk____2.0_,scsi\diskvmware__virtual_disk____,scsi\diskvmware__,scsi\vmware__virtual_disk____2,vmware__virtual_disk____2,gendisk
          Source: Amcache.hve.4.drBinary or memory string: VMware PCI VMCI Bus Device
          Source: Amcache.hve.4.drBinary or memory string: VMware Virtual RAM
          Source: Amcache.hve.4.drBinary or memory string: BiosVendor:VMware, Inc.,BiosVersion:VMW201.00V.20829224.B64.2211211842,BiosReleaseDate:11/21/2022,BiosMajorRelease:0xff,BiosMinorRelease:0xff,SystemManufacturer:VMware, Inc.,SystemProduct:VMware20,1,SystemFamily:,SystemSKUNumber:,BaseboardManufacturer:,BaseboardProduct:,BaseboardVersion:,EnclosureType:0x1
          Source: chrome.exe, 0000000E.00000003.1408090697.000002128F9D3000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.1448456994.000002128F9FA000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 0000000E.00000003.1407883332.000002128F9F9000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 0000000E.00000003.1408180037.000002128F9F9000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \Registry\Machine\Software\Classes\CLSID\{C2CB2CF0-AF47-413E-9780-8BC3A3C16068}\InProcServer326328Inactive Sessions6330Total Sessions4806Hyper-V Hypervisor Logical Processor4808Global Time4810Total Run Time4812Hypervisor Run Time4814Hardware Interrupts/sec4816Context Switches/sec4818Inter-ProcessR0
          Source: chrome.exe, 0000000E.00000003.1404280745.000002128FA0D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: c Count Snapshot4890HWP Request MSR Context Switches/sec4892Guest Run Time4894Idle Time4896% Total Run Time4898% Hypervisor Run Time4900% Guest Run Time4902% Idle Time4904Total Interrupts/sec4788Hyper-V Hypervisor4790Logical Processors4792Partitions4794Total Pages4796Virtual Processors4798Monitored Notifications4800Modern Standby Entries4802Platform Idle Transitions4804HypervisorStartupCost4906Hyper-V Hypervisor Root Partition4908Virtual Processors4910Virtual TLB Pages4912Address Spaces4914Deposited Pages4916GPA Pages4918GPA Space Modifications/sec4920Virtual TLB Flush Entires/sec4922Recommended Virtual TLB Size49244K GPA pages49262M GPA pages49281G GPA pages4930512G GPA pages49324K device pages49342M device pages49361G device pages4938512G device pages4940Attached Devices4942Device Interrupt Mappings4944I/O TLB Flushes/sec4946I/O TLB Flush Cost4948Device Interrupt Errors4950Device DMA Errors4952Device Interrupt Throttle Events4954Skipped Timer Ticks4956Partition Id4958Nested TLB Size4960Recommended Nested TLB Size4962Nested TLB Free List Size4964Nested TLB Trimmed Pages/sec4966Pages Shattered/sec4968Pages Recombined/sec4970I/O TLB Flushes Base4972Hyper-V Hypervisor Root Virtual Processor4974Total Run Time4976Hypervisor Run Time4978Remote Node Run Time4980Normalized Run Time4982Ideal Cpu4984Hypercalls/sec4986Hypercalls Cost4988Page Invalidations/sec4990Page Invalidations Cost4992Control Register Accesses/sec4994Control Register Accesses Cost4996IO Instructions/sec4998IO Instructions Cost5000HLT Instructions/sec5002HLT Instructions Cost5004MWAIT Instructions/sec5006MWAIT Instructions Cost5008CPUID Instructions/sec5010CPUID Instructions Cost5012MSR Accesses/sec5014MSR Accesses Cost5016Other Intercepts/sec5018Other Intercepts Cost5020External Interrupts/sec5022External Interrupts Cost5024Pending Interrupts/sec5026Pending Interrupts Cost5028Emulated Instructions
          Source: chrome.exe, 0000000E.00000002.1448456994.000002128F940000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V Virtual Machine Bus PipesqG
          Source: chrome.exe, 0000000E.00000003.1404344553.000002128F9A9000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 0000000E.00000003.1405324361.000002128F9A9000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Data Cache Flushes/sec4878Hypervisor Immediate L1 Data Cache Flushes/sec4880Hypervisor Microarchitectural Buffer Flushes/sec4882Counter Refresh Sequence Number4884Counter Refresh Reference Time4886Idle Accumulation Snapshot4888Active Tsc Count Snapshot4890HWP Request MSR Context Switches/sec4892Guest Run Time4894Idle Time4896% Total Run Time4898% Hypervisor Run Time4900% Guest Run Time4902% Idle Time4904Total Interrupts/sec4788Hyper-V Hypervisor4790Logical Processors4792Partitions4794Total Pages4796Virtual Processors4798Monitored Notifications4800Modern Standby Entries4802Platform Idle Transitions4804HypervisorStartupCost4906Hyper-V Hypervisor Root Partition4908Virtual Processors4910Virtual TLB Pages4912Address Spaces4914Deposited Pages4916GPA Pages4918GPA Space Modifications/sec4920Virtual TLB Flush Entires/sec4922Recommended Virtual TLB Size49244K GPA pages49262M GPA pages49281G GPA pages4930512G GPA pages49324K device pages49342M device pages49361G device pages4938512G device pages4940Attached Devices4942Device Interrupt Mappings4944I/O TLB Flushes/sec4946I/O TLB Flush Cost4948Device Interrupt Errors4950Device DMA Errors4952Device Interrupt Throttle Events4954Skipped Timer Ticks4956Partition Id4958Nested TLB Size4960Recommended Nested TLB Size4962Nested TLB Free List Size4964Nested TLB Trimmed Pages/sec4966Pages Shattered/sec4968Pages Recombined/sec4970I/O TLB Flushes Base4972Hyper-V Hypervisor Root Virtual Processor4974Total Run Time4976Hypervisor Run Time4978Remote Node Run Time4980Normalized Run Time4982Ideal Cpu4984Hypercalls/sec4986Hypercalls Cost4988Page Invalidations/sec4990Page Invalidations Cost4992Control Register Accesses/sec4994Control Register Accesses Cost4996IO Instructions/sec4998IO Instructions Cost5000HLT Instructions/sec5002HLT Instructions Cost5004MWAIT Instructions/sec5006MWAIT Instructions Cost5008CPUID Instructions/sec5010CPUID Instructions Cost5012MSR Accesses/sec5014MSR Accesses Cost5016Other Intercepts/sec5018Other Intercepts Cost5020External Interrupts/sec5022External Interrupts Cost5024Pending Interrupts/sec5026Pending Interrupts Cost5028Emulated Instructions/sec5030Emulated Instructions Cost5032Debug Register Accesses/sec5034Debug Register Accesses Cost5036Page Fault Intercepts/sec5038Page Fault Intercepts Cost5040NMI Interrupts/sec5042NMI Interrupts Cost5044Guest Page Table Maps/sec5046Large Page TLB Fills/sec5048Small Page TLB Fills/sec5050Reflected Guest Page Faults/sec5052APIC MMIO Accesses/sec5054IO Intercept Messages/sec5056Memory Intercept Messages/sec5058APIC EOI Accesses/sec5060Other Messages/sec5062Page Table Allocations/sec5064Logical Processor Migrations/sec5066Address Space Evictions/sec5068Address Space Switches/sec5070Address Domain Flushes/sec5072Address Space Flushes/sec5074Global GVA Range Flushes/sec5076Local Flushed GVA Ranges/sec5078Page Table Evictions/sec5080Page Table Reclamations/sec5082Page Table Resets/sec5084Page Table Validations/sec5086APIC TPR Accesses/sec5088Page Table Write Intercep
          Source: chrome.exe, 0000000E.00000002.1447381441.000002128C1C7000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: AlDHyper-V Virtual Machine Bus Pipesndoo
          Source: chrome.exe, 0000000E.00000002.1448456994.000002128F940000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V VM Vid Partitionll
          Source: chrome.exe, 0000000E.00000002.1447381441.000002128C1FB000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V Hypervisor Root Virtual Processor
          Source: Amcache.hve.4.drBinary or memory string: VMware Virtual USB Mouse
          Source: chrome.exe, 0000000E.00000003.1404223592.000002128F9ED000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 0000000E.00000003.1405256356.000002128F9ED000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 0000000E.00000003.1403639030.000002128F9E6000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 0000000E.00000003.1403598194.000002128F9CE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: kflowServiceHost 4.0.0.06244Workflows Created6246Workflows Created Per Second6248Workflows Executing6250Workflows Completed6252Workflows Completed Per Second6254Workflows Aborted6256Workflows Aborted Per Second6258Workflows In Memory6260Workflows Persisted6262Workflows Persisted Per Second6264Workflows Terminated6266Workflows Terminated Per Second6268Workflows Loaded6270Workflows Loaded Per Second6272Workflows Unloaded6274Workflows Unloaded Per Second6276Workflows Suspended6278Workflows Suspended Per Second6280Workflows Idle Per Second6282Average Workflow Load Time6284Average Workflow Load Time Base6286Average Workflow Persist Time6288Average Workflow Persist Time Base6324Terminal Services6326Active Sessions6328Inactive Sessions6330Total Sessions4806Hyper-V Hypervisor Logical Processor4808Global Time4810Total Run Time4812Hypervisor Run Time4814Hardware Interrupts/sec4816Context Switches/sec4818Inter-Processor Interrupt
          Source: chrome.exe, 0000000E.00000002.1447381441.000002128C1C7000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: JHyper-V Hypervisor Logical Processor
          Source: chrome.exe, 0000000E.00000002.1448456994.000002128F940000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VHyper-V Dynamic Memory Integration Servicei
          Source: Amcache.hve.4.drBinary or memory string: .Z$c:/windows/system32/drivers/vmci.sys
          Source: Web Data.20.drBinary or memory string: secure.bankofamerica.comVMware20,11696501413|UE
          Source: Web Data.20.drBinary or memory string: bankofamerica.comVMware20,11696501413x
          Source: chrome.exe, 0000000E.00000002.1447381441.000002128C185000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: &Hyper-V Hypervisor
          Source: chrome.exe, 0000000E.00000003.1409442180.000002128F9D3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Interrupts/sec4816Context Switches/sec4818Inter-Processor Interrupts/sec4820Scheduler Interrupts/sec4822Timer Interrupts/sec4824Inter-Processor Interrupts Sent/sec4826Processor Halts/sec4828Monitor Transition Cost4830Context Switch Time4832C1 Transitions/sec4834% C1 Time4836C2 Transitions/sec4838% C2 Time4840C3 Transitions/sec4842% C3 Time4844Frequency4846% of Max Frequency4848Parking Status4850Processor State Flags4852Root Vp Index4854Idle Sequence Number4856Global TSC Count4858Active TSC Count4860Idle Accumulation4862Reference Cycle Count 04864Actual Cycle Count 04866Reference Cycle Count 14868Actual Cycle Count 14870Proximity Domain Id4872Posted Interrupt Notifications/sec4874Hypervisor Branch Predictor Flushes/sec4876Hypervisor L1 Data Cache Flushes/sec4878Hypervisor Immediate L1 Data Cache Flushes/sec4880Hypervisor Microarchitectural Buffer Flushes/sec4882Counter Refresh Sequence Number4884Counter Refresh Reference Time4886Idle Accumulation Snapshot4888Active Tsc Count Snapshot4890HWP Request MSR Context Switches/sec4892Guest Run Time4894Idle Time4896% Total Run Time4898% Hypervisor Run Time4900% Guest Run Time4902% Idle Time4904Total Interrupts/sec4788Hyper-V Hypervisor4790Logical Processors4792Partitions4794Total Pages4796Virtual Processors4798Monitored Notifications4800Modern Standby Entries4802Platform Idle Transitions4804HypervisorStartupCost4906Hyper-V Hypervisor Root Partition4908Virtual Processors4910Virtual TLB Pages4912Address Spaces4914Deposited Pages4916GPA Pages4918GPA Space Modifications/sec4920Virtual TLB Flush Entires/sec4922Recommended Virtual TLB Size49244K GPA pages49262M GPA pages49281G GPA pages4930512G GPA pages49324K device pages49342M device pages49361G device pages4938512G device pages4940Attached Devices4942Device Interrupt Mappings4944I/O TLB Flushes/sec4946I/O TLB Flush Cost4948Device Interrupt Errors4950Device DMA Errors4952Device Interrupt Throttle Events4954Skipped Timer Ticks4956Partition Id4958Nested TLB Size4960Recommended Nested TLB Size4962Nested TLB Free List Size4964Nested TLB Trimmed Pages/sec4966Pages Shattered/sec4968Pages Recombined/sec4970I/O TLB Flushes Base4972Hyper-V Hypervisor Root Virtual Processor4974Total Run Time4976Hypervisor Run Time4978Remote Node Run Time4980Normalized Run Time4982Ideal Cpu4984Hypercalls/sec4986Hypercalls Cost4988Page Invalidations/sec4990Page Invalidations Cost4992Control Register Accesses/sec4994Control Register Accesses Cost4996IO Instructions/sec4998IO Instructions Cost5000HLT Instructions/sec5002HLT Instructions Cost5004MWAIT Instructions/sec5006MWAIT Instructions Cost5008CPUID Instructions/sec5010CPUID Instructions Cost5012MSR Accesses/sec5014MSR Accesses Cost5016Other Intercepts/sec5018Other Intercepts Cost5020External Interrupts/sec5022External Interrupts Cost5024Pending Interrupts/sec5026Pending Interrupts Cost5028Emulated Instructions/sec5030Emulated Instructions Cost
          Source: chrome.exe, 0000000E.00000003.1409923656.000002128F9D4000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: evice Interrupt Throttle Events4954Skipped Timer Ticks4956Partition Id4958Nested TLB Size4960Recommended Nested TLB Size4962Nested TLB Free List Size4964Nested TLB Trimmed Pages/sec4966Pages Shattered/sec4968Pages Recombined/sec4970I/O TLB Flushes Base4972Hyper-V Hypervisor Root Virtual Processor4974Total Run Time4976Hypervisor Run Time4978Remote Node Run Time4980Normalized Run Time4982Ideal Cpu4984Hypercalls/sec4986Hypercalls Cost4988Page Invalidations/sec4990Page Invalidations Cost4992Control Register Accesses/sec4994Control Register Accesses Cost4996IO Instructions/sec4998IO Instructions Cost5000HLT Instructions/sec5002HLT Instructions Cost5004MWAIT Instructions/sec5006MWAIT Instructions Cost5008CPUID Instructions/sec5010CPUID Instructions Cost5012MSR Accesses/sec5014MSR Accesses Cost5016Other Intercepts/sec5018Other Intercepts Cost5020External Interrupts/sec5022External Interrupts Cost5024Pending Interrupts/sec5026Pending Interrupts Cost5028Emulated Instructions/sec5030Emulated Instructions Cost
          Source: Web Data.20.drBinary or memory string: Canara Transaction PasswordVMware20,11696501413}
          Source: Web Data.20.drBinary or memory string: Canara Transaction PasswordVMware20,11696501413x
          Source: Amcache.hve.4.drBinary or memory string: scsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
          Source: Web Data.20.drBinary or memory string: Interactive userers - EU East & CentralVMware20,11696501413
          Source: chrome.exe, 0000000E.00000003.1406113646.000002128F9F5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \Registry\Machine\Software\Classes\CLSID\{5383EF74-273B-4278-AB0C-CDAA9FD5369E}\InProcServer326328Inactive Sessions6330Total Sessions4806Hyper-V Hypervisor Logical Processor4808Global Time4810Total Run Time4812Hypervisor Run Time4814Hardware Interrupts/sec4816Context Switches/sec4818Inter-ProcessR0
          Source: Amcache.hve.4.drBinary or memory string: vmci.syshbin`
          Source: Amcache.hve.4.drBinary or memory string: \driver\vmci,\driver\pci
          Source: chrome.exe, 0000000E.00000003.1405010996.000002128F9F1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: kflowServiceHost 4.0.0.06244Workflows Created6246Workflows Created Per Second6248Workflows Executing6250Workflows Completed6252Workflows Completed Per Second6254Workflows Aborted6256Workflows Aborted Per Second6258Workflows In Memory6260Workflows Persisted6262Workflows Persisted Per Second6264Workflows Terminated6266Workflows Terminated Per Second6268Workflows Loaded6270Workflows Loaded Per Second6272Workflows Unloaded6274Workflows Unloaded Per Second6276Workflows Suspended6278Workflows Suspended Per Second6280Workflows Idle Per Second6282Average Workflow Load Time6284Average Workflow Load Time Base6286Average Workflow Persist Time6288Average Workflow Persist Time Base6324Terminal Services6326Active Sessions6328Inactive Sessions6330Total Sessions4806Hyper-V Hypervisor Logical Processor4808Global Time4810Total Run Time4812Hypervisor Run Time4814Hardware Interrupts/sec4816Context Switches/sec4818Inter-Processor Interrupts/sec4820Scheduler Interrupts/sec4822Timer Interrupts/sec4824Inter-Processor Interrupts Sent/sec4826Processor Halts/sec4828Monitor Transition Cost4830Context Switch Time4832C1 Transitions/sec4834% C1 Time4836C2 Transitions/sec4838% C2 Time4840C3 Transitions/sec4842% C3 Time4844Frequency4846% of Max Frequency4848Parking Status4850Processor State Flags4852Root Vp Index4854Idle Sequence Number4856Global TSC Count4858Active TSC Count4860Idle Accumulation4862Reference Cycle Count 04864Actual Cycle Count 04866Reference Cycle Count 14868Actual Cycle Count 14870Proximity Domain Id4872Posted Interrupt Notifications/sec4874Hypervisor Branch Predictor Flushes/sec4876Hypervisor L1 Data Cache Flushes/sec4878Hypervisor Immediate L1 Data Cache Flushes/sec4880Hypervisor Microarchitectural Buffer Flushes/sec4882Counter Refresh Sequence Number4884Counter Refresh Reference Time4886Idle Accumulation Snapshot4888Active Tsc Count Snapshot4890HWP Request MSR Context Switches/sec4892Guest Run Time4894Idle Time4896% Total Run Time4898% Hypervisor Run Time4900% Guest Run Time4902% Idle Time4904Total Interrupts/sec4788Hyper-V Hypervisor4790Logical Processors4792Partitions4794Total Pages4796Virtual Processors4798Monitored Notifications4800Modern Standby Entries4802Platform Idle Transitions4804HypervisorStartupCost4906Hyper-V Hypervisor Root Partition4908Virtual Processors4910Virtual TLB Pages4912Address Spaces4914Deposited Pages4916GPA Pages4918GPA Space Modifications/sec4920Virtual TLB Flush Entires/sec4922Recommended Virtual TLB Size49244K GPA pages49262M GPA pages49281G GPA pages4930512G GPA pages49324K device pages49342M device pages49361G device pages4938512G device pages4940Attached Devices4942Device Interrupt Mappings4944I/O TLB Flushes/sec4946I/O TLB Flush Cost4948Device Interrupt Errors4950Device DMA Errors4952Device Interrupt Throttle Events4954Skipped Timer Ticks4956Partition Id4958Nested TLB Size4960Recommended Nested TLB Size4962Nested TLB Free List Size4964Nested TLB Trimmed Pages/sec4966Pages Shattered/sec4968Pages Recombined/sec4970I/O TLB Flus
          Source: Web Data.20.drBinary or memory string: Interactive userers - GDCDYNVMware20,11696501413p
          Source: chrome.exe, 0000000E.00000003.1404344553.000002128F9A9000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 0000000E.00000003.1405324361.000002128F9A9000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: kflowServiceHost 4.0.0.06244Workflows Created6246Workflows Created Per Second6248Workflows Executing6250Workflows Completed6252Workflows Completed Per Second6254Workflows Aborted6256Workflows Aborted Per Second6258Workflows In Memory6260Workflows Persisted6262Workflows Persisted Per Second6264Workflows Terminated6266Workflows Terminated Per Second6268Workflows Loaded6270Workflows Loaded Per Second6272Workflows Unloaded6274Workflows Unloaded Per Second6276Workflows Suspended6278Workflows Suspended Per Second6280Workflows Idle Per Second6282Average Workflow Load Time6284Average Workflow Load Time Base6286Average Workflow Persist Time6288Average Workflow Persist Time Base6324Terminal Services6326Active Sessions6328Inactive Sessions6330Total Sessions4806Hyper-V Hypervisor Logical Processor4808Global Time4810Total Run Time4812Hypervisor Run Time4814Hardware Interrupts/sec4816Context Switches/sec4818Inter-Processor Interrupts/sec4820Scheduler Interrupts/
          Source: Amcache.hve.4.drBinary or memory string: VMware-42 27 ae 88 8c 2b 21 02-a5 86 22 5b 84 51 ac f0
          Source: chrome.exe, 0000000E.00000003.1409636472.000002128FA62000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.1448710119.000002128FA62000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 0000000E.00000003.1410584279.000002128FA62000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: 6242WorkflowServiceHost 4.0.0.06244Workflows Created6246Workflows Created Per Second6248Workflows Executing6250Workflows Completed6252Workflows Completed Per Second6254Workflows Aborted6256Workflows Aborted Per Second6258Workflows In Memory6260Workflows Persisted6262Workflows Persisted Per Second6264Workflows Terminated6266Workflows Terminated Per Second6268Workflows Loaded6270Workflows Loaded Per Second6272Workflows Unloaded6274Workflows Unloaded Per Second6276Workflows Suspended6278Workflows Suspended Per Second6280Workflows Idle Per Second6282Average Workflow Load Time6284Average Workflow Load Time Base6286Average Workflow Persist Time6288Average Workflow Persist Time Base6324Terminal Services6326Active Sessions6328Inactive Sessions6330Total Sessions4806Hyper-V Hypervisor Logical Processor4808Global Time4810Total Run Time4812Hypervisor Run Time4814Hardware Interrupts/sec4816Context Switches/sec4818Inter-Processor Interrupts/sec4820Scheduler Interrupts/sec4822Timer Interrupts/sec4824Inter-Processor Interrupts Sent/sec4826Processor Halts/sec4828Monitor Transition Cost4830Context Switch Time4832C1 Transitions/sec4834% C1 Time4836C2 Transitions/sec4838% C2 Time4840C3 Transitions/sec4842% C3 Time4844Frequency4846% of Max Frequency4848Parking Status4850Processor State Flags4852Root Vp Index4854Idle Sequence Number4856Global TSC Count4858Active TSC Count4860Idle Accumulation4862Reference Cycle Count 04864Actual Cycle Count 04866Reference Cycle Count 14868Actual Cycle Count 14870Proximity Domain Id4872Posted Interrupt Notifications/sec4874Hypervisor Branch Predictor Flushes/sec4876Hypervisor L1 Data Cache Flushes/sec4878Hypervisor Immediate L1 Data Cache Flushes/sec4880Hypervisor Microarchitectural Buffer Flushes/sec4882Counter Refresh Sequence Number4884Counter Refresh Reference Time4886Idle Accumulation Snapshot4888Active Tsc Count Snapshot
          Source: Web Data.20.drBinary or memory string: interactiveuserers.co.inVMware20,11696501413d
          Source: Web Data.20.drBinary or memory string: global block list test formVMware20,11696501413
          Source: chrome.exe, 0000000E.00000002.1447381441.000002128C240000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V Hypervisor
          Source: Web Data.20.drBinary or memory string: Canara Change Transaction PasswordVMware20,11696501413^
          Source: chrome.exe, 0000000E.00000002.1447381441.000002128C21B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V Hypervisor Logical ProcessormuiE
          Source: chrome.exe, 0000000E.00000002.1447381441.000002128C1C7000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: JHyper-V Hypervisor Logical ProcessorS3
          Source: chrome.exe, 0000000E.00000002.1448456994.000002128F940000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V VM Vid PartitionntqOm
          Source: Web Data.20.drBinary or memory string: tasks.office.comVMware20,11696501413o
          Source: Amcache.hve.4.drBinary or memory string: VMware
          Source: Web Data.20.drBinary or memory string: trackpan.utiitsl.comVMware20,11696501413h
          Source: Web Data.20.drBinary or memory string: www.interactiveuserers.co.inVMware20,11696501413~
          Source: Web Data.20.drBinary or memory string: dev.azure.comVMware20,11696501413j
          Source: chrome.exe, 0000000E.00000002.1448456994.000002128F940000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V ulsqnrsvaqeqbjp Bus Pipes
          Source: chrome.exe, 0000000E.00000002.1448456994.000002128F940000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: &Hyper-V Hypervisoriu
          Source: Amcache.hve.4.drBinary or memory string: Ascsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
          Source: chrome.exe, 0000000E.00000002.1448456994.000002128F940000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V Hypervisor Root PartitionFF
          Source: file.exe, 00000001.00000002.1980324743.0000000001256000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
          Source: chrome.exe, 0000000E.00000002.1447381441.000002128C1C7000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: DHyper-V Virtual Machine Bus Pipes
          Source: Amcache.hve.4.drBinary or memory string: pci\ven_15ad&dev_0740&subsys_074015ad,pci\ven_15ad&dev_0740,root\vmwvmcihostdev
          Source: chrome.exe, 0000000E.00000002.1447381441.000002128C1C7000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: DHyper-V Hypervisor Root Partitionh
          Source: chrome.exe, 0000000E.00000002.1441578419.0000021288513000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllRR:
          Source: chrome.exe, 0000000E.00000002.1448456994.000002128F940000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V Virtual Machine Bus PipesldF
          Source: chrome.exe, 0000000E.00000003.1409442180.000002128F9D3000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 0000000E.00000003.1409923656.000002128F9D8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: kflowServiceHost 4.0.0.06244Workflows Created6246Workflows Created Per Second6248Workflows Executing6250Workflows Completed6252Workflows Completed Per Second6254Workflows Aborted6256Workflows Aborted Per Second6258Workflows In Memory6260Workflows Persisted6262Workflows Persisted Per Second6264Workflows Terminated6266Workflows Terminated Per Second6268Workflows Loaded6270Workflows Loaded Per Second6272Workflows Unloaded6274Workflows Unloaded Per Second6276Workflows Suspended6278Workflows Suspended Per Second6280Workflows Idle Per Second6282Average Workflow Load Time6284Average Workflow Load Time Base6286Average Workflow Persist Time6288Average Workflow Persist Time Base6324Terminal Services6326Active Sessions6328Inactive Sessions6330Total Sessions4806Hyper-V Hypervisor Logical Processor4808Global Time4810Total Run Time4812Hypervisor Run Time4814Hardware Interrupts/sec4816Context Switches/sec4818Inter-Processor Interrupts/sec4820Scheduler Interrupts/sec4822Timer Interrupts/sec4824Inter-Processor Interrupts Sent/sec4826Processor Halts/sec4828Monitor Transition Cost4830Context Switch Time4832C1 Transitions/sec4834% C1 Time4836C2 Transitions/sec4838% C2 Time4840C3 Transitions/sec4842% C3 Time4844Frequency4846% of Max Frequency4848Parking Status4850Processor State Flags4852Root Vp Index4854Idle Sequence Number4856Global TSC Count4858Active TSC Count4860Idle Accumulation4862Reference Cycle Count 04864Actual Cycle Count 04866Reference Cycle Count 14868Actual Cycle Count 14870Proximity Domain Id4872Posted Interrupt Notifications/sec4874Hypervisor Branch Predictor Flushes/sec4876Hypervisor L1 Data Cache Flushes/sec4878Hypervisor Immediate L1 Data Cache Flushes/sec4880Hypervisor Microarchitectural Buffer Flushes/sec4882Counter Refresh Sequence N
          Source: Amcache.hve.4.drBinary or memory string: VMware20,1
          Source: Amcache.hve.4.drBinary or memory string: Microsoft Hyper-V Generation Counter
          Source: Amcache.hve.4.drBinary or memory string: NECVMWar VMware SATA CD00
          Source: Amcache.hve.4.drBinary or memory string: VMware Virtual disk SCSI Disk Device
          Source: Web Data.20.drBinary or memory string: ms.portal.azure.comVMware20,11696501413
          Source: Amcache.hve.4.drBinary or memory string: Microsoft Hyper-V Virtualization Infrastructure Driver
          Source: Web Data.20.drBinary or memory string: www.interactiveuserers.comVMware20,11696501413}
          Source: Amcache.hve.4.drBinary or memory string: VMware VMCI Bus Device
          Source: Web Data.20.drBinary or memory string: microsoft.visualstudio.comVMware20,11696501413x
          Source: Web Data.20.drBinary or memory string: outlook.office365.comVMware20,11696501413t
          Source: chrome.exe, 0000000E.00000003.1409412814.000002128F9D9000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: umber4884Counter Refresh Reference Time4886Idle Accumulation Snapshot4888Active Tsc Count Snapshot4890HWP Request MSR Context Switches/sec4892Guest Run Time4894Idle Time4896% Total Run Time4898% Hypervisor Run Time4900% Guest Run Time4902% Idle Time4904Total Interrupts/sec4788Hyper-V Hypervisor4790Logical Processors4792Partitions4794Total Pages4796Virtual Processors4798Monitored Notifications4800Modern Standby Entries4802Platform Idle Transitions4804HypervisorStartupCost4906Hyper-V Hypervisor Root Partition4908Virtual Processors4910Virtual TLB Pages4912Address Spaces4914Deposited Pages4916GPA Pages4918GPA Space Modifications/sec4920Virtual TLB Flush Entires/sec4922Recommended Virtual TLB Size49244K GPA pages49262M GPA pages49281G GPA pages4930512G GPA pages49324K device pages49342M device pages49361G device pages4938512G device pages4940Attached Devices4942Device Interrupt Mappings4944I/O TLB Flushes/sec4946I/O TLB Flush Cost4948Device Interrupt Errors4950Device DMA Errors4952Device Interrupt Throttle Events4954Skipped Timer Ticks4956Partition Id4958Nested TLB Size4960Recommended Nested TLB Size4962Nested TLB Free List Size4964Nested TLB Trimmed Pages/sec4966Pages Shattered/sec4968Pages Recombined/sec4970I/O TLB Flushes Base4972Hyper-V Hypervisor Root Virtual Processor4974Total Run Time4976Hypervisor Run Time4978Remote Node Run Time4980Normalized Run Time4982Ideal Cpu4984Hypercalls/sec4986Hypercalls Cost4988Page Invalidations/sec4990Page Invalidations Cost4992Control Register Accesses/sec4994Control Register Accesses Cost4996IO Instructions/sec4998IO Instructions Cost5000HLT Instructions/sec5002HLT Instructions Cost5004MWAIT Instructions/sec5006MWAIT Instructions Cost5008CPUID Instructions/sec5010CPUID Instructions Cost5012MSR Accesses/sec5014MSR Accesses Cost5016Other Intercepts/sec5018Other Intercepts Cost5020External Interrupts/sec5022External Interrupts Cost5024Pending Interrupts/sec5026Pending Interrupts Cost5028Emulated Instructions/sec5030Emulated Instructions Cost5032Debug Register Accesses/sec5034Debug Register Accesses Cost5036Page Fault Intercepts/sec5038Page Fault Intercepts Cost5040NMI Interrupts/sec5042NMI Interrupts Cost5044Guest Page Table Maps/sec5046Large Page TLB Fills/sec5048Small Page TLB Fills/sec5050Reflected Guest Page Faults/sec5052APIC MMIO Accesses/sec5054IO Intercept Messages/sec5056Memory Intercept Messages/sec5058APIC EOI Accesses/sec5060Other Messages/sec5062Page Table Allocations/sec5064Logical Processor Migrations/sec5066Address Space Evictions/sec5068Address Space Switches/sec5070Address Domain Flushes/sec5072Address Space Flushes/sec5074Global GVA Range Flushes/sec5076Local Flushed GVA Ranges/sec5078Page Table Evictions/sec5080Page Table Reclamations/sec5082Page Table Resets/sec5084Page Table Validations/sec5086APIC TPR Accesses/sec5088Page Table Write Intercepts/sec5090Synthetic Interrupts/sec5092Virtual Interrupts/sec5094APIC IPIs Sent/sec5096APIC Self IPIs Sent/sec5098GPA Space Hypercalls/sec5100Logical Proce
          Source: Web Data.20.drBinary or memory string: interactiveuserers.comVMware20,11696501413
          Source: chrome.exe, 0000000E.00000003.1403993057.000002128FA2B000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 0000000E.00000003.1403477321.000002128FA13000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 0000000E.00000003.1405106516.000002128FA2C000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 0000000E.00000003.1403543846.000002128FA2C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: kflowServiceHost 4.0.0.06244Workflows Created6246Workflows Created Per Second6248Workflows Executing6250Workflows Completed6252Workflows Completed Per Second6254Workflows Aborted6256Workflows Aborted Per Second6258Workflows In Memory6260Workflows Persisted6262Workflows Persisted Per Second6264Workflows Terminated6266Workflows Terminated Per Second6268Workflows Loaded6270Workflows Loaded Per Second6272Workflows Unloaded6274Workflows Unloaded Per Second6276Workflows Suspended6278Workflows Suspended Per Second6280Workflows Idle Per Second6282Average Workflow Load Time6284Average Workflow Load Time Base6286Average Workflow Persist Time6288Average Workflow Persist Time Base6324Terminal Services6326Active Sessions6328Inactive Sessions6330Total Sessions4806Hyper-V Hypervisor Logical Processor4808Global Time4810Total Run Time4812Hypervisor Run Time4814Hardware Interrupts/sec4816Context Switches/sec4818Inter-Processor Interrupts/sec4820Scheduler Interrupts/sec4822Timer Interrupts/sec4824Inter-Processor Interrupts Sent/sec4826Processor Halts/sec4828Monitor Transition Cost4830Context Switch Time4832C1 Transitions/sec4834% C1 Time4836C2 Transitions/sec4838% C2 Time4840C3 Transitions/sec4842
          Source: Web Data.20.drBinary or memory string: AMC password management pageVMware20,11696501413
          Source: Amcache.hve.4.drBinary or memory string: vmci.inf_amd64_68ed49469341f563
          Source: Web Data.20.drBinary or memory string: netportal.hdfcbank.comVMware20,11696501413
          Source: chrome.exe, 0000000E.00000003.1404344553.000002128F9A9000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.1448456994.000002128F940000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 0000000E.00000003.1405324361.000002128F9A9000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 0000000E.00000003.1403684880.000002128F9A9000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: X2Hyper-V VM Vid Partition
          Source: Amcache.hve.4.drBinary or memory string: vmci.syshbin
          Source: chrome.exe, 0000000E.00000002.1448456994.000002128F940000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: THyper-V Hypervisor Root Virtual Processor
          Source: Amcache.hve.4.drBinary or memory string: VMware, Inc.
          Source: chrome.exe, 0000000E.00000003.1404344553.000002128F9A9000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.1448456994.000002128F940000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 0000000E.00000003.1405324361.000002128F9A9000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 0000000E.00000003.1403684880.000002128F9A9000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: THyper-V Hypervisor Root Virtual Processor
          Source: Amcache.hve.4.drBinary or memory string: VMware20,1hbin@
          Source: Amcache.hve.4.drBinary or memory string: c:\windows\system32\driverstore\filerepository\vmci.inf_amd64_68ed49469341f563
          Source: chrome.exe, 0000000E.00000002.1447381441.000002128C1C7000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: sWDHyper-V Hypervisor Root Partition
          Source: Amcache.hve.4.drBinary or memory string: :scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
          Source: chrome.exe, 0000000E.00000003.1366827876.00000284004D8000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: VMware20,1(
          Source: chrome.exe, 0000000E.00000002.1447381441.000002128C1FB000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V Hypervisor Logical Processor.mui..
          Source: Amcache.hve.4.drBinary or memory string: c:/windows/system32/drivers/vmci.sys
          Source: msedge.exe, 00000012.00000002.1610738674.0000020C71644000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
          Source: Web Data.20.drBinary or memory string: outlook.office.comVMware20,11696501413s
          Source: chrome.exe, 0000000E.00000003.1407156247.000002128FA07000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \Registry\Machine\Software\Classes\CLSID\{e2bf9676-5f8f-435c-97eb-11607a5bedf7}\InProcServer326328Inactive Sessions6330Total Sessions4806Hyper-V Hypervisor Logical Processor4808Global Time4810Total Run Time4812Hypervisor Run Time4814Hardware Interrupts/sec4816Context Switches/sec4818Inter-ProcessR0
          Source: Web Data.20.drBinary or memory string: account.microsoft.com/profileVMware20,11696501413u
          Source: file.exe, 00000001.00000002.1980324743.00000000011D7000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWP
          Source: Web Data.20.drBinary or memory string: Interactive userers - EU WestVMware20,11696501413n
          Source: Amcache.hve.4.drBinary or memory string: scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
          Source: chrome.exe, 0000000E.00000003.1403684880.000002128F9A9000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: NXTVMWare
          Source: Amcache.hve.4.drBinary or memory string: scsi\cdromnecvmwarvmware_sata_cd001.00,scsi\cdromnecvmwarvmware_sata_cd00,scsi\cdromnecvmwar,scsi\necvmwarvmware_sata_cd001,necvmwarvmware_sata_cd001,gencdrom
          Source: Web Data.20.drBinary or memory string: Canara Change Transaction PasswordVMware20,11696501413
          Source: chrome.exe, 0000000E.00000002.1441578419.0000021288581000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: 2Hyper-V VM Vid Partitionll
          Source: Web Data.20.drBinary or memory string: discord.comVMware20,11696501413f
          Source: C:\Users\user\Desktop\file.exeAPI call chain: ExitProcess graph end node
          Source: C:\Users\user\Desktop\file.exeAPI call chain: ExitProcess graph end node
          Source: C:\Users\user\Desktop\file.exeAPI call chain: ExitProcess graph end node
          Source: C:\Users\user\Desktop\file.exeProcess information queried: ProcessInformationJump to behavior
          Source: C:\Users\user\Desktop\file.exeProcess queried: DebugPortJump to behavior
          Source: C:\Users\user\Desktop\file.exeProcess queried: DebugPortJump to behavior
          Source: C:\Users\user\Desktop\file.exeCode function: 1_2_004108E0 LoadLibraryW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,1_2_004108E0
          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_02642111 mov edi, dword ptr fs:[00000030h]0_2_02642111
          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0264228E mov edi, dword ptr fs:[00000030h]0_2_0264228E
          Source: C:\Users\user\Desktop\file.exeCode function: 1_2_0040F450 GetProcessHeap,RtlFreeHeap,1_2_0040F450
          Source: C:\Users\user\Desktop\file.exeMemory allocated: page read and write | page guardJump to behavior

          HIPS / PFW / Operating System Protection Evasion

          barindex
          Contains functionality to inject code into remote processes
          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_02642111 GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,CreateProcessW,CreateProcessW,VirtualAlloc,VirtualAlloc,GetThreadContext,Wow64GetThreadContext,ReadProcessMemory,ReadProcessMemory,VirtualAllocEx,VirtualAllocEx,GetProcAddress,WriteProcessMemory,WriteProcessMemory,WriteProcessMemory,WriteProcessMemory,WriteProcessMemory,WriteProcessMemory,SetThreadContext,Wow64SetThreadContext,ResumeThread,ResumeThread,0_2_02642111
          Injects a PE file into a foreign processes
          Source: C:\Users\user\Desktop\file.exeMemory written: C:\Users\user\Desktop\file.exe base: 400000 value starts with: 4D5AJump to behavior
          Searches for specific processes (likely to inject)
          Source: C:\Users\user\Desktop\file.exeCode function: 1_2_00411250 CreateToolhelp32Snapshot,Process32First,StrCmpCA,Process32Next,StrCmpCA,CloseHandle,1_2_00411250
          Source: C:\Users\user\Desktop\file.exeCode function: 1_2_00411310 CreateToolhelp32Snapshot,Process32First,Process32Next,CloseHandle,Process32Next,StrCmpCA,OpenProcess,TerminateProcess,CloseHandle,1_2_00411310
          Source: C:\Users\user\Desktop\file.exeProcess created: C:\Users\user\Desktop\file.exe "C:\Users\user\Desktop\file.exe"Jump to behavior
          Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /c timeout /t 11 & rd /s /q "C:\ProgramData\ymg4o" & exitJump to behavior
          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\timeout.exe timeout /t 11
          Source: C:\Users\user\Desktop\file.exeCode function: GetKeyboardLayoutList,GetKeyboardLayoutList,LocalAlloc,GetKeyboardLayoutList,GetLocaleInfoA,GetLocaleInfoA,LocalFree,1_2_0040FC20
          Source: C:\Users\user\Desktop\file.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
          Source: C:\Users\user\Desktop\file.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
          Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\ VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\ VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\file.exeCode function: 1_2_0041BAA0 GetLocalTime,SystemTimeToFileTime,FileTimeToSystemTime,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,1_2_0041BAA0
          Source: C:\Users\user\Desktop\file.exeCode function: 1_2_00417210 EntryPoint,lstrlenW,GetWindowsDirectoryW,GetComputerNameW,GetFullPathNameA,GetUserNameW,GetFileType,GetModuleFileNameA,GetTempPathW,1_2_00417210
          Source: C:\Users\user\Desktop\file.exeCode function: 1_2_0040FBC0 GetProcessHeap,HeapAlloc,GetTimeZoneInformation,wsprintfA,1_2_0040FBC0
          Source: C:\Users\user\Desktop\file.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
          Source: Amcache.hve.4.drBinary or memory string: c:\programdata\microsoft\windows defender\platform\4.18.23080.2006-0\msmpeng.exe
          Source: Amcache.hve.4.drBinary or memory string: msmpeng.exe
          Source: Amcache.hve.4.drBinary or memory string: c:\program files\windows defender\msmpeng.exe
          Source: Amcache.hve.4.drBinary or memory string: MsMpEng.exe

          Stealing of Sensitive Information

          barindex
          Yara detected Vidar stealer
          Source: Yara matchFile source: sslproxydump.pcap, type: PCAP
          Source: Yara matchFile source: Process Memory Space: file.exe PID: 6960, type: MEMORYSTR
          Found many strings related to Crypto-Wallets (likely being stolen)
          Source: file.exe, 00000001.00000002.1980324743.0000000001256000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: *wallet*.*,*seed*.*,*btc*.*,*key*.*,*2fa*.*,*crypto*.*,*coin*.*,*private*.*,*2fa*.*,*auth*.*,*ledger*.*,*trezor*.*,*pass*.*,*wal*.*,*upbit*.*,*bcex*.*,*bithimb*.*,*hitbtc*.*,*bitflyer*.*,*kucoin*.*,*huobi*.*,*poloniex*.*,*kraken*.*,*okex*.*,*binance*.*,*bitfinex*.*,*gdax*.*,*ethereum*.*,*exodus*.*,*metamask*.*,*myetherwallet*.*,*electrum*.*,*bitcoin*.*,*blockchain*.*,*coinomi*.*,*words*.*,*meta*.*,*mask*.*,*eth*.*,*recovery*.*
          Source: file.exe, 00000001.00000002.1980324743.0000000001256000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: \ElectronCash\wallets\
          Source: file.exe, 00000001.00000002.1980324743.0000000001256000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: \Electrum\wallets\
          Source: file.exe, 00000001.00000002.1980324743.0000000001256000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: window-state.json
          Source: file.exe, 00000001.00000002.1980324743.0000000001256000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: exodus.conf.json
          Source: file.exe, 00000001.00000002.1980324743.0000000001256000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: \Exodus\exodus.wallet\
          Source: file.exe, 00000001.00000002.1980324743.0000000001216000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: info.seco
          Source: file.exe, 00000001.00000002.1980324743.0000000001216000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: ElectrumLTC
          Source: file.exe, 00000001.00000002.1980324743.0000000001216000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: passphrase.json
          Source: file.exe, 00000001.00000002.1980324743.0000000001216000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: \Ethereum\
          Source: file.exe, 00000001.00000002.1980324743.0000000001256000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: *wallet*.*,*seed*.*,*btc*.*,*key*.*,*2fa*.*,*crypto*.*,*coin*.*,*private*.*,*2fa*.*,*auth*.*,*ledger*.*,*trezor*.*,*pass*.*,*wal*.*,*upbit*.*,*bcex*.*,*bithimb*.*,*hitbtc*.*,*bitflyer*.*,*kucoin*.*,*huobi*.*,*poloniex*.*,*kraken*.*,*okex*.*,*binance*.*,*bitfinex*.*,*gdax*.*,*ethereum*.*,*exodus*.*,*metamask*.*,*myetherwallet*.*,*electrum*.*,*bitcoin*.*,*blockchain*.*,*coinomi*.*,*words*.*,*meta*.*,*mask*.*,*eth*.*,*recovery*.*
          Source: file.exe, 00000001.00000002.1980324743.0000000001256000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: *wallet*.*,*seed*.*,*btc*.*,*key*.*,*2fa*.*,*crypto*.*,*coin*.*,*private*.*,*2fa*.*,*auth*.*,*ledger*.*,*trezor*.*,*pass*.*,*wal*.*,*upbit*.*,*bcex*.*,*bithimb*.*,*hitbtc*.*,*bitflyer*.*,*kucoin*.*,*huobi*.*,*poloniex*.*,*kraken*.*,*okex*.*,*binance*.*,*bitfinex*.*,*gdax*.*,*ethereum*.*,*exodus*.*,*metamask*.*,*myetherwallet*.*,*electrum*.*,*bitcoin*.*,*blockchain*.*,*coinomi*.*,*words*.*,*meta*.*,*mask*.*,*eth*.*,*recovery*.*
          Source: file.exe, 00000001.00000002.1980324743.0000000001256000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: \Coinomi\Coinomi\wallets\
          Source: file.exe, 00000001.00000002.1980324743.0000000001256000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: \Exodus\exodus.wallet\
          Source: file.exe, 00000001.00000002.1980324743.0000000001256000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: multidoge.wallet
          Source: file.exe, 00000001.00000002.1980324743.0000000001216000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: seed.seco
          Source: file.exe, 00000001.00000002.1980324743.0000000001216000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: keystore
          Source: file.exe, 00000001.00000002.1980324743.0000000001256000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: \Electrum-LTC\wallets\
          Tries to harvest and steal Bitcoin Wallet information
          Source: C:\Users\user\Desktop\file.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\monero-project\monero-coreJump to behavior
          Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
          Source: C:\Users\user\Desktop\file.exeKey opened: HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\ConfigurationJump to behavior
          Tries to harvest and steal browser information (history, passwords, etc)
          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\091tobv5.default-release\security_state\key4.dbJump to behavior
          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\091tobv5.default-release\storage\permanent\chrome\idb\2918063365piupsah.files\key4.dbJump to behavior
          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HistoryJump to behavior
          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\091tobv5.default-release\key4.dbJump to behavior
          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\091tobv5.default-release\saved-telemetry-pings\key4.dbJump to behavior
          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\091tobv5.default-release\storage\permanent\chrome\idb\1451318868ntouromlalnodry--epcr.files\key4.dbJump to behavior
          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\091tobv5.default-release\crashes\events\key4.dbJump to behavior
          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\091tobv5.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.files\key4.dbJump to behavior
          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\091tobv5.default-release\cookies.sqliteJump to behavior
          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\091tobv5.default-release\storage\permanent\chrome\idb\2823318777ntouromlalnodry--naod.files\key4.dbJump to behavior
          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\091tobv5.default-release\places.sqliteJump to behavior
          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\091tobv5.default-release\storage\temporary\key4.dbJump to behavior
          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\091tobv5.default-release\minidumps\key4.dbJump to behavior
          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\091tobv5.default-release\datareporting\glean\pending_pings\key4.dbJump to behavior
          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\key4.dbJump to behavior
          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\091tobv5.default-release\datareporting\archived\key4.dbJump to behavior
          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\091tobv5.default-release\storage\key4.dbJump to behavior
          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\091tobv5.default-release\storage\default\key4.dbJump to behavior
          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\091tobv5.default-release\storage\permanent\key4.dbJump to behavior
          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\091tobv5.default-release\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.files\key4.dbJump to behavior
          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\091tobv5.default-release\datareporting\glean\tmp\key4.dbJump to behavior
          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\091tobv5.default-release\storage\permanent\chrome\idb\key4.dbJump to behavior
          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\091tobv5.default-release\storage\to-be-removed\key4.dbJump to behavior
          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\HistoryJump to behavior
          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\091tobv5.default-release\sessionstore-backups\key4.dbJump to behavior
          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\dtbqpus9.default\key4.dbJump to behavior
          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\091tobv5.default-release\storage\permanent\chrome\idb\3561288849sdhlie.files\key4.dbJump to behavior
          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\091tobv5.default-release\datareporting\glean\events\key4.dbJump to behavior
          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\091tobv5.default-release\storage\permanent\chrome\key4.dbJump to behavior
          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\091tobv5.default-release\datareporting\archived\2023-10\key4.dbJump to behavior
          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\091tobv5.default-release\crashes\key4.dbJump to behavior
          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\091tobv5.default-release\prefs.jsJump to behavior
          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\091tobv5.default-release\datareporting\glean\db\key4.dbJump to behavior
          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\091tobv5.default-release\datareporting\key4.dbJump to behavior
          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\091tobv5.default-release\datareporting\glean\key4.dbJump to behavior
          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\091tobv5.default-release\bookmarkbackups\key4.dbJump to behavior
          Tries to harvest and steal ftp login credentials
          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Roaming\FileZilla\recentservers.xmlJump to behavior
          Tries to steal Crypto Currency Wallets
          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Roaming\Bitcoin\wallets\Jump to behavior
          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Roaming\Electrum\wallets\Jump to behavior
          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Roaming\Electrum\wallets\Jump to behavior
          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\Jump to behavior
          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\Jump to behavior
          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\Jump to behavior
          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\Jump to behavior
          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\Jump to behavior
          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\backups\Jump to behavior
          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Roaming\ElectronCash\wallets\Jump to behavior
          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Roaming\MultiDoge\Jump to behavior
          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldb\Jump to behavior
          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Roaming\Binance\Jump to behavior
          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets\Jump to behavior
          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets\Jump to behavior
          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Roaming\Ledger Live\Local Storage\leveldb\Jump to behavior
          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Roaming\Ledger Live\Session Storage\Jump to behavior
          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Roaming\Ledger Live\Jump to behavior
          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Roaming\atomic_qt\config\Jump to behavior
          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Roaming\atomic_qt\exports\Jump to behavior
          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\Jump to behavior
          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Roaming\Guarda\Local Storage\leveldb\Jump to behavior
          Source: Yara matchFile source: 00000001.00000002.1980324743.0000000001256000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: Process Memory Space: file.exe PID: 6960, type: MEMORYSTR

          Remote Access Functionality

          barindex
          Attempt to bypass Chrome Application-Bound Encryption
          Source: C:\Users\user\Desktop\file.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default"
          Yara detected Vidar stealer
          Source: Yara matchFile source: sslproxydump.pcap, type: PCAP
          Source: Yara matchFile source: Process Memory Space: file.exe PID: 6960, type: MEMORYSTR

          Mitre Att&ck Matrix

          ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
          Gather Victim Identity InformationAcquire InfrastructureValid Accounts2
          Native API          		1
          DLL Side-Loading          		1
          DLL Side-Loading          		1
          Disable or Modify Tools          		2
          OS Credential Dumping          		2
          System Time Discovery          		Remote Services1
          Archive Collected Data          		2
          Ingress Tool Transfer          		Exfiltration Over Other Network MediumAbuse Accessibility Features
          CredentialsDomainsDefault AccountsScheduled Task/Job1
          Create Account          		1
          Extra Window Memory Injection          		1
          Deobfuscate/Decode Files or Information          		1
          Credentials in Registry          		1
          Account Discovery          		Remote Desktop Protocol4
          Data from Local System          		21
          Encrypted Channel          		Exfiltration Over BluetoothNetwork Denial of Service
          Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)311
          Process Injection          		1
          Obfuscated Files or Information          		Security Account Manager4
          File and Directory Discovery          		SMB/Windows Admin Shares1
          Screen Capture          		1
          Remote Access Software          		Automated ExfiltrationData Encrypted for Impact
          Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook2
          Software Packing          		NTDS35
          System Information Discovery          		Distributed Component Object ModelInput Capture3
          Non-Application Layer Protocol          		Traffic DuplicationData Destruction
          Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
          Timestomp          		LSA Secrets11
          Query Registry          		SSHKeylogging14
          Application Layer Protocol          		Scheduled TransferData Encrypted for Impact
          Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
          DLL Side-Loading          		Cached Domain Credentials31
          Security Software Discovery          		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
          DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
          Extra Window Memory Injection          		DCSync3
          Virtualization/Sandbox Evasion          		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
          Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
          Masquerading          		Proc Filesystem12
          Process Discovery          		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
          Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt3
          Virtualization/Sandbox Evasion          		/etc/passwd and /etc/shadow1
          System Owner/User Discovery          		Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
          IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCron311
          Process Injection          		Network SniffingNetwork Service DiscoveryShared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement

          Behavior Graph

          Hide Legend

          Legend:

          • Process
          • Signature
          • Created File
          • DNS/IP Info
          • Is Dropped
          • Is Windows Process
          • Number of created Registry Values
          • Number of created Files
          • Visual Basic
          • Delphi
          • Java
          • .Net C# or VB.NET
          • C, C++ or other language
          • Is malicious
          • Internet
          behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1632159 Sample: file.exe Startdate: 07/03/2025 Architecture: WINDOWS Score: 100 51 go.f.goldenloafuae.com 2->51 53 t.me 2->53 79 Suricata IDS alerts for network traffic 2->79 81 Found malware configuration 2->81 83 Malicious sample detected (through community Yara rule) 2->83 85 6 other signatures 2->85 9 file.exe 2->9         started        12 msedge.exe 2->12         started        signatures3 process4 dnsIp5 87 Attempt to bypass Chrome Application-Bound Encryption 9->87 89 Contains functionality to inject code into remote processes 9->89 91 Searches for specific processes (likely to inject) 9->91 93 Injects a PE file into a foreign processes 9->93 15 file.exe 29 9->15         started        19 WerFault.exe 19 16 9->19         started        57 239.255.255.250 unknown Reserved 12->57 22 msedge.exe 12->22         started        24 msedge.exe 12->24         started        26 msedge.exe 12->26         started        28 msedge.exe 12->28         started        signatures6 process7 dnsIp8 59 go.f.goldenloafuae.com 95.217.27.252, 443, 49683, 49687 HETZNER-ASDE Germany 15->59 61 t.me 149.154.167.99, 443, 49681 TELEGRAMRU United Kingdom 15->61 63 127.0.0.1 unknown unknown 15->63 71 Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc) 15->71 73 Found many strings related to Crypto-Wallets (likely being stolen) 15->73 75 Tries to harvest and steal ftp login credentials 15->75 77 3 other signatures 15->77 30 msedge.exe 2 9 15->30         started        33 chrome.exe 15->33         started        36 cmd.exe 15->36         started        47 C:\ProgramData\Microsoft\...\Report.wer, Unicode 19->47 dropped 65 18.173.132.94, 443, 49811, 49836 MIT-GATEWAYSUS United States 22->65 67 c-msn-pme.trafficmanager.net 13.74.129.1, 443, 49769 MICROSOFT-CORP-MSN-AS-BLOCKUS United States 22->67 69 32 other IPs or domains 22->69 file9 signatures10 process11 dnsIp12 95 Monitors registry run keys for changes 30->95 38 msedge.exe 30->38         started        49 192.168.2.10, 138, 443, 49164 unknown unknown 33->49 40 chrome.exe 33->40         started        43 conhost.exe 36->43         started        45 timeout.exe 36->45         started        signatures13 process14 dnsIp15 55 www.google.com 172.217.16.196, 443, 49705, 49708 GOOGLEUS United States 40->55

          Screenshots

          Thumbnails

          This section contains all screenshots as thumbnails, including those not shown in the slideshow.


          windows-stand

          Antivirus, Machine Learning and Genetic Malware Detection

          Initial Sample

          SourceDetectionScannerLabelLink
          file.exe75%VirustotalBrowse
          file.exe87%ReversingLabsByteCode-MSIL.Trojan.LummaC
          file.exe100%AviraTR/AD.Nekark.dwafr

          Dropped Files

          No Antivirus matches

          Unpacked PE Files

          No Antivirus matches

          Domains

          No Antivirus matches

          URLs

          SourceDetectionScannerLabelLink
          http://anglebug.com/62480%Avira URL Cloudsafe
          http://anglebug.com/69290%Avira URL Cloudsafe
          https://issuetracker.google.com/2554117480%Avira URL Cloudsafe
          http://anglebug.com/52810%Avira URL Cloudsafe
          https://issuetracker.google.com/2844622630%Avira URL Cloudsafe
          https://anglebug.com/72460%Avira URL Cloudsafe
          http://anglebug.com/46330%Avira URL Cloudsafe
          https://anglebug.com/73820%Avira URL Cloudsafe
          https://anglebug.com/77140%Avira URL Cloudsafe
          https://go.f.goldenloafuae.com100%Avira URL Cloudmalware
          https://anglebug.com/73690%Avira URL Cloudsafe
          http://anglebug.com/30780%Avira URL Cloudsafe
          http://anglebug.com/53710%Avira URL Cloudsafe
          https://go.f.goldenloafuae.com/100%Avira URL Cloudmalware
          https://issuetracker.google.com/1619030060%Avira URL Cloudsafe
          http://anglebug.com/47220%Avira URL Cloudsafe
          http://anglebug.com/75530%Avira URL Cloudsafe
          http://anglebug.com/53750%Avira URL Cloudsafe
          https://anglebug.com/74890%Avira URL Cloudsafe
          http://anglebug.com/75560%Avira URL Cloudsafe
          http://anglebug.com/35020%Avira URL Cloudsafe
          https://issuetracker.google.com/2582074030%Avira URL Cloudsafe
          http://anglebug.com/36230%Avira URL Cloudsafe
          http://anglebug.com/38620%Avira URL Cloudsafe
          http://anglebug.com/36250%Avira URL Cloudsafe
          http://anglebug.com/50070%Avira URL Cloudsafe
          http://anglebug.com/66920%Avira URL Cloudsafe
          http://anglebug.com/36240%Avira URL Cloudsafe
          http://anglebug.com/48360%Avira URL Cloudsafe
          https://issuetracker.google.com/issues/1664752730%Avira URL Cloudsafe

          Domains and IPs

          Contacted Domains

          NameIPActiveMaliciousAntivirus DetectionReputation
          s-part-0012.t-0009.t-msedge.net
          		13.107.246.40
          		truefalse
            		high
            chrome.cloudflare-dns.com
            		172.64.41.3
            		truefalse
              		high
              a416.dscd.akamai.net
              		2.22.242.105
              		truefalse
                		high
                t.me
                		149.154.167.99
                		truefalse
                  		high
                  a-0003.a-msedge.net
                  		204.79.197.203
                  		truefalse
                    		high
                    c-msn-pme.trafficmanager.net
                    		13.74.129.1
                    		truefalse
                      		high
                      ssl.bingadsedgeextension-prod-europe.azurewebsites.net
                      		94.245.104.56
                      		truefalse
                        		high
                        ax-0001.ax-msedge.net
                        		150.171.28.10
                        		truefalse
                          		high
                          go.f.goldenloafuae.com
                          		95.217.27.252
                          		truetrue
                            		unknown
                            sb.scorecardresearch.com
                            		18.244.18.38
                            		truefalse
                              		high
                              www.google.com
                              		172.217.16.196
                              		truefalse
                                		high
                                googlehosted.l.googleusercontent.com
                                		172.217.18.97
                                		truefalse
                                  		high
                                  e28578.d.akamaiedge.net
                                  		92.123.12.148
                                  		truefalse
                                    		high
                                    clients2.googleusercontent.com
                                    		unknown
                                    		unknownfalse
                                      		high
                                      bzib.nelreports.net
                                      		unknown
                                      		unknownfalse
                                        		high
                                        assets.msn.com
                                        		unknown
                                        		unknownfalse
                                          		high
                                          c.msn.com
                                          		unknown
                                          		unknownfalse
                                            		high
                                            ntp.msn.com
                                            		unknown
                                            		unknownfalse
                                              		high
                                              api.msn.com
                                              		unknown
                                              		unknownfalse
                                                		high

                                                Contacted URLs

                                                NameMaliciousAntivirus DetectionReputation
                                                https://ntp.msn.com/edge/ntp?locale=en-GB&title=New%20tab&dsp=1&sp=Bing&isFREModalBackground=1&startpage=1&PC=U531false
                                                  		high
                                                  https://go.f.goldenloafuae.com/true
                                                  • Avira URL Cloud: malware
                                                  		unknown
                                                  https://ntp.msn.com/edge/ntp?locale=en-GB&title=New+tab&enableForceCache=truefalse
                                                    		high
                                                    https://ntp.msn.com/edge/ntp/service-worker.js?bundles=latest&riverAgeMinutes=2880&navAgeMinutes=2880&networkTimeoutSeconds=5&bgTaskNetworkTimeoutSeconds=8&ssrBasePageNavAgeMinutes=360&enableEmptySectionRoute=true&enableNavPreload=true&enableFallbackVerticalsFeed=true&noCacheLayoutTemplates=true&cacheSSRBasePageResponse=true&enableStaticAdsRouting=true&enableWidgetsRegion=truefalse
                                                      		high
                                                      https://bzib.nelreports.net/api/report?cat=bingbusinessfalse
                                                        		high
                                                        https://ntp.msn.com/bundles/v1/edgeChromium/latest/SSR-extension.867cdfd625d830718faf.jsfalse
                                                          		high
                                                          https://assets.msn.com/statics/icons/favicon_newtabpage.pngfalse
                                                            		high
                                                            https://t.me/l793oyfalse
                                                              		high
                                                              https://steamcommunity.com/profiles/76561199829660832false
                                                                		high

                                                                URLs from Memory and Binaries

                                                                NameSourceMaliciousAntivirus DetectionReputation
                                                                https://mail.google.com/mail/?usp=installed_webappchrome.exe, 0000000E.00000002.1457056086.0000028400C7C000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.1459530835.0000028401300000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.1458955069.0000028401120000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.1454536201.00000284004E0000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.1459668522.00000284013A0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  https://duckduckgo.com/ac/?q=file.exe, 00000001.00000002.1986377064.00000000040AB000.00000004.00000020.00020000.00000000.sdmp, zm7gdb.1.dr, Web Data.20.drfalse
                                                                    		high
                                                                    https://safebrowsing.google.com/safebrowsing/clientreport/chrome-sct-auditingchrome.exe, 0000000E.00000002.1454710036.00000284004F8000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000E.00000003.1415928003.00000284004F8000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      https://permanently-removed.invalid/oauth2/v2/tokeninfomsedge.exe, 00000012.00000003.1545538082.0000461C00274000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        https://support.google.com/chrome/answer/6098869chrome.exe, 0000000E.00000002.1441948465.0000021288610000.00000002.00000001.00040000.00000012.sdmpfalse
                                                                          		high
                                                                          https://clients3.google.com/cast/chromecast/home/wallpaper/image?rt=bchrome.exe, 0000000E.00000002.1456273058.0000028400B28000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            https://docs.google.com/document/Jchrome.exe, 0000000E.00000002.1458955069.0000028401120000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.1454536201.00000284004E0000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.1458680060.000002840105C000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              https://myaccount.google.com/find-your-phone?utm_source=ga-chrome-actions&utm_medium=findYourPhonechrome.exe, 0000000E.00000002.1457634803.0000028400DC0000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.1458578774.0000028401004000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                http://anglebug.com/4633msedge.exe, 00000012.00000003.1546766775.0000461C00434000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                • Avira URL Cloud: safe
                                                                                		unknown
                                                                                https://anglebug.com/7382msedge.exe, 00000012.00000003.1546766775.0000461C00434000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                • Avira URL Cloud: safe
                                                                                		unknown
                                                                                https://issuetracker.google.com/284462263msedge.exe, 00000012.00000003.1546766775.0000461C00434000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                • Avira URL Cloud: safe
                                                                                		unknown
                                                                                https://blog.google/products/chrome/google-chrome-safe-browsing-real-time/chrome.exe, 0000000E.00000002.1457167517.0000028400CC4000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  https://support.google.com/chrome?p=desktop_tab_groupschrome.exe, 0000000E.00000002.1455671212.0000028400994000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    http://dns-tunnel-check.googlezip.net/connectchrome.exe, 0000000E.00000002.1459668522.00000284013A0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      https://contile-images.services.mozilla.com/5b4DH7KHAf2n_mNaLjNi1-UAoKmM9rhqaA9w7FyznHo.10943.jpgfile.exe, 00000001.00000002.1980324743.0000000001256000.00000004.00000020.00020000.00000000.sdmp, xl6pp8.1.drfalse
                                                                                        		high
                                                                                        https://docs.google.com/document/:chrome.exe, 0000000E.00000002.1458955069.0000028401120000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.1458680060.000002840105C000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          https://docs.google.com/spreadsheets/u/0/create?usp=chrome_actionstchrome.exe, 0000000E.00000002.1459804360.0000028401404000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                            		high
                                                                                            https://mail.google.com/chat/chrome.exe, 0000000E.00000002.1458955069.0000028401120000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.1459982546.000002840148C000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.1459668522.00000284013A0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              https://go.f.goldenloafuae.comfile.exe, 00000001.00000002.1980324743.0000000001256000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                              • Avira URL Cloud: malware
                                                                                              		unknown
                                                                                              https://anglebug.com/7714msedge.exe, 00000012.00000003.1546766775.0000461C00434000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                              • Avira URL Cloud: safe
                                                                                              		unknown
                                                                                              https://www.instagram.com33bbe23d-6b16-4242-9819-814f54b4872d.tmp.20.drfalse
                                                                                                		high
                                                                                                https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&ci=1696497267574.12791&key=1696497267400700file.exe, 00000001.00000002.1980324743.0000000001256000.00000004.00000020.00020000.00000000.sdmp, xl6pp8.1.drfalse
                                                                                                  		high
                                                                                                  http://unisolated.invalid/chrome.exe, 0000000E.00000002.1458819147.00000284010D0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                    		high
                                                                                                    https://chromeenterprise.google/policies/#BrowserSwitcherExternalGreylistUrlchrome.exe, 0000000E.00000002.1441948465.0000021288610000.00000002.00000001.00040000.00000012.sdmpfalse
                                                                                                      		high
                                                                                                      https://www.google.com/chrome/tips/chrome.exe, 0000000E.00000002.1458479394.0000028400FD4000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.1459437515.00000284012AC000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.1457960928.0000028400EC8000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        https://drive.google.com/?lfhs=2chrome.exe, 0000000E.00000002.1458980523.0000028401130000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.1458955069.0000028401120000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.1459982546.000002840148C000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.1459668522.00000284013A0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                          		high
                                                                                                          http://anglebug.com/6248msedge.exe, 00000012.00000003.1546766775.0000461C00434000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                          • Avira URL Cloud: safe
                                                                                                          		unknown
                                                                                                          https://ogs.google.com/widget/callout?eom=1chrome.exe, 0000000E.00000002.1467164560.0000028402204000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                            		high
                                                                                                            https://outlook.live.com/mail/inbox?isExtension=true&sharedHeader=1&nlp=1&client_flight=outlookedge33bbe23d-6b16-4242-9819-814f54b4872d.tmp.20.drfalse
                                                                                                              		high
                                                                                                              http://developer.chrome.com/docs/extensions/how-to/distribute/install-extensions)chrome.exe, 0000000E.00000002.1453646008.0000028400154000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.1453361285.00000284000DC000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                		high
                                                                                                                https://outlook.office.com/mail/compose?isExtension=true33bbe23d-6b16-4242-9819-814f54b4872d.tmp.20.drfalse
                                                                                                                  		high
                                                                                                                  http://anglebug.com/6929msedge.exe, 00000012.00000003.1546766775.0000461C00434000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                  • Avira URL Cloud: safe
                                                                                                                  		unknown
                                                                                                                  https://bridge.sfo1.ap01.net/ctp?version=16.0.0&ci=1696497267574.12791&key=1696497267400700002.1&ctafile.exe, 00000001.00000002.1980324743.0000000001256000.00000004.00000020.00020000.00000000.sdmp, xl6pp8.1.drfalse
                                                                                                                    		high
                                                                                                                    http://anglebug.com/5281msedge.exe, 00000012.00000003.1546766775.0000461C00434000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                    • Avira URL Cloud: safe
                                                                                                                    		unknown
                                                                                                                    https://i.y.qq.com/n2/m/index.html33bbe23d-6b16-4242-9819-814f54b4872d.tmp.20.drfalse
                                                                                                                      		high
                                                                                                                      https://www.deezer.com/33bbe23d-6b16-4242-9819-814f54b4872d.tmp.20.drfalse
                                                                                                                        		high
                                                                                                                        https://www.youtube.com/?feature=ytcachrome.exe, 0000000E.00000002.1458955069.0000028401120000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.1459982546.000002840148C000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.1454536201.00000284004E0000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.1459668522.00000284013A0000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.1459437515.00000284012AC000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                          		high
                                                                                                                          https://www.google.com/chrome/browser-tools/chrome.exe, 0000000E.00000002.1457167517.0000028400CC4000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                            		high
                                                                                                                            https://issuetracker.google.com/255411748msedge.exe, 00000012.00000003.1546766775.0000461C00434000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                            • Avira URL Cloud: safe
                                                                                                                            		unknown
                                                                                                                            https://docs.google.com/document/u/0/create?usp=chrome_actionschrome.exe, 0000000E.00000002.1457823888.0000028400E68000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.1459804360.0000028401404000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.1458418022.0000028400FB8000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                              		high
                                                                                                                              https://web.telegram.org/33bbe23d-6b16-4242-9819-814f54b4872d.tmp.20.drfalse
                                                                                                                                		high
                                                                                                                                https://permanently-removed.invalid/oauth2/v4/tokenmsedge.exe, 00000012.00000003.1545538082.0000461C00274000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                  		high
                                                                                                                                  https://anglebug.com/7246msedge.exe, 00000012.00000003.1546766775.0000461C00434000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                  • Avira URL Cloud: safe
                                                                                                                                  		unknown
                                                                                                                                  https://anglebug.com/7369msedge.exe, 00000012.00000003.1546845265.0000461C003E4000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000012.00000003.1546766775.0000461C00434000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                  • Avira URL Cloud: safe
                                                                                                                                  		unknown
                                                                                                                                  https://anglebug.com/7489msedge.exe, 00000012.00000003.1546845265.0000461C003E4000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000012.00000003.1546766775.0000461C00434000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                  • Avira URL Cloud: safe
                                                                                                                                  		unknown
                                                                                                                                  https://docs.google.com/presentation/chrome.exe, 0000000E.00000002.1459982546.000002840148C000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.1459668522.00000284013A0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                    		high
                                                                                                                                    https://chrome.google.com/webstorechrome.exe, 0000000E.00000003.1415216847.0000028401904000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.1456436729.0000028400B88000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.1456985867.0000028400C54000.00000004.00001000.00020000.00000000.sdmp, msedge.exe, 00000012.00000002.1615884025.0000461C0017C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                      		high
                                                                                                                                      https://drive.google.com/drive/installwebapp?usp=chrome_defaultrdlerchrome.exe, 0000000E.00000002.1459556132.0000028401344000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000E.00000003.1375375796.0000028401344000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                        		high
                                                                                                                                        https://unitedstates1.ss.wd.microsoft.us/edgeSettings_2.0-48b11410dc937a1723bf4c5ad33ecdb286d8ec69544241bc373f753e64b396c1.20.drfalse
                                                                                                                                          		high
                                                                                                                                          https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=file.exe, 00000001.00000002.1986377064.00000000040AB000.00000004.00000020.00020000.00000000.sdmp, zm7gdb.1.dr, Web Data.20.drfalse
                                                                                                                                            		high
                                                                                                                                            https://issuetracker.google.com/161903006msedge.exe, 00000012.00000003.1546766775.0000461C00434000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                            • Avira URL Cloud: safe
                                                                                                                                            		unknown
                                                                                                                                            https://excel.new?from=EdgeM365Shoreline33bbe23d-6b16-4242-9819-814f54b4872d.tmp.20.drfalse
                                                                                                                                              		high
                                                                                                                                              https://www.youtube.com/chrome.exe, 0000000E.00000002.1459668522.00000284013A0000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.1459437515.00000284012AC000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                		high
                                                                                                                                                https://docs.google.com/spreadsheets/u/0/create?usp=chrome_actionschrome.exe, 0000000E.00000002.1457823888.0000028400E68000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.1459804360.0000028401404000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.1458418022.0000028400FB8000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                  		high
                                                                                                                                                  https://myaccount.google.com/data-and-privacy?utm_source=ga-chrome-actions&utm_medium=managePrivacychrome.exe, 0000000E.00000002.1457634803.0000028400DC0000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.1459263279.0000028401204000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.1458578774.0000028401004000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                    		high
                                                                                                                                                    https://docs.google.com/spreadsheets/chrome.exe, 0000000E.00000002.1459668522.00000284013A0000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.1459437515.00000284012AC000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                      		high
                                                                                                                                                      https://permanently-removed.invalid/chrome/blank.htmlmsedge.exe, 00000012.00000003.1545538082.0000461C00274000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                        		high
                                                                                                                                                        http://anglebug.com/3078msedge.exe, 00000012.00000003.1546766775.0000461C00434000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                        • Avira URL Cloud: safe
                                                                                                                                                        		unknown
                                                                                                                                                        http://anglebug.com/7553msedge.exe, 00000012.00000003.1546766775.0000461C00434000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                        • Avira URL Cloud: safe
                                                                                                                                                        		unknown
                                                                                                                                                        https://chromeenterprise.google/policies/#BrowserSwitcherExternalSitelistUrlchrome.exe, 0000000E.00000002.1441948465.0000021288610000.00000002.00000001.00040000.00000012.sdmpfalse
                                                                                                                                                          		high
                                                                                                                                                          http://anglebug.com/5375msedge.exe, 00000012.00000003.1546766775.0000461C00434000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                          • Avira URL Cloud: safe
                                                                                                                                                          		unknown
                                                                                                                                                          https://permanently-removed.invalid/v1/issuetokenmsedge.exe, 00000012.00000003.1545538082.0000461C00274000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                            		high
                                                                                                                                                            http://anglebug.com/5371msedge.exe, 00000012.00000003.1546766775.0000461C00434000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                            • Avira URL Cloud: safe
                                                                                                                                                            		unknown
                                                                                                                                                            http://anglebug.com/4722msedge.exe, 00000012.00000003.1546766775.0000461C00434000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                            • Avira URL Cloud: safe
                                                                                                                                                            		unknown
                                                                                                                                                            https://m.google.com/devicemanagement/data/apichrome.exe, 0000000E.00000002.1454156209.0000028400238000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                              		high
                                                                                                                                                              https://permanently-removed.invalid/reauth/v1beta/users/msedge.exe, 00000012.00000003.1545538082.0000461C00274000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                		high
                                                                                                                                                                https://docs.google.com/presentation/u/0/create?usp=chrome_actionschrome.exe, 0000000E.00000002.1459804360.0000028401404000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.1458418022.0000028400FB8000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                  		high
                                                                                                                                                                  https://permanently-removed.invalid/LogoutYxABmsedge.exe, 00000012.00000003.1545538082.0000461C00274000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                    		high
                                                                                                                                                                    http://anglebug.com/7556msedge.exe, 00000012.00000003.1546845265.0000461C003E4000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000012.00000003.1546766775.0000461C00434000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                    • Avira URL Cloud: safe
                                                                                                                                                                    		unknown
                                                                                                                                                                    https://chromewebstore.google.com/chrome.exe, 0000000E.00000002.1453805564.0000028400190000.00000004.00001000.00020000.00000000.sdmp, msedge.exe, 00000012.00000002.1615884025.0000461C0017C000.00000004.00000800.00020000.00000000.sdmp, manifest.json.20.drfalse
                                                                                                                                                                      		high
                                                                                                                                                                      https://clients4.google.com/chrome-syncchrome.exe, 0000000E.00000002.1454156209.0000028400238000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                        		high
                                                                                                                                                                        https://gemini.google.com/app?q=chrome.exe, 0000000E.00000002.1458714261.0000028401094000.00000004.00001000.00020000.00000000.sdmp, zm7gdb.1.drfalse
                                                                                                                                                                          		high
                                                                                                                                                                          https://permanently-removed.invalid/RotateBoundCookiesmsedge.exe, 00000012.00000003.1545538082.0000461C00274000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                            		high
                                                                                                                                                                            http://anglebug.com/6692msedge.exe, 00000012.00000003.1546766775.0000461C00434000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                            • Avira URL Cloud: safe
                                                                                                                                                                            		unknown
                                                                                                                                                                            https://issuetracker.google.com/258207403msedge.exe, 00000012.00000003.1546766775.0000461C00434000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                            • Avira URL Cloud: safe
                                                                                                                                                                            		unknown
                                                                                                                                                                            http://anglebug.com/3502msedge.exe, 00000012.00000003.1546766775.0000461C00434000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                            • Avira URL Cloud: safe
                                                                                                                                                                            		unknown
                                                                                                                                                                            http://anglebug.com/3623msedge.exe, 00000012.00000003.1546766775.0000461C00434000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                            • Avira URL Cloud: safe
                                                                                                                                                                            		unknown
                                                                                                                                                                            https://www.office.com33bbe23d-6b16-4242-9819-814f54b4872d.tmp.20.drfalse
                                                                                                                                                                              		high
                                                                                                                                                                              http://anglebug.com/3625msedge.exe, 00000012.00000003.1546766775.0000461C00434000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                              • Avira URL Cloud: safe
                                                                                                                                                                              		unknown
                                                                                                                                                                              https://outlook.live.com/mail/0/33bbe23d-6b16-4242-9819-814f54b4872d.tmp.20.drfalse
                                                                                                                                                                                		high
                                                                                                                                                                                http://anglebug.com/3624msedge.exe, 00000012.00000003.1546766775.0000461C00434000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                • Avira URL Cloud: safe
                                                                                                                                                                                		unknown
                                                                                                                                                                                https://docs.google.com/presentation/Jchrome.exe, 0000000E.00000002.1458955069.0000028401120000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.1459754936.00000284013EC000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.1454536201.00000284004E0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                                  		high
                                                                                                                                                                                  https://www.youtube.com/s/notifications/manifest/cr_install.htmlrchrome.exe, 0000000E.00000002.1459556132.0000028401344000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000E.00000003.1375375796.0000028401344000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                                    		high
                                                                                                                                                                                    http://www.unicode.org/copyright.htmlchrome.exe, 0000000E.00000002.1443336845.0000021288FD2000.00000002.00000001.00040000.00000013.sdmpfalse
                                                                                                                                                                                      		high
                                                                                                                                                                                      http://anglebug.com/5007msedge.exe, 00000012.00000003.1546766775.0000461C00434000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                      • Avira URL Cloud: safe
                                                                                                                                                                                      		unknown
                                                                                                                                                                                      https://drive.google.com/drive/installwebapp?usp=chrome_defaultchrome.exe, 0000000E.00000002.1463324303.0000028401B80000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.1459556132.0000028401344000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.1458955069.0000028401120000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000E.00000002.1458849344.00000284010F8000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000E.00000003.1375375796.0000028401344000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                                        		high
                                                                                                                                                                                        http://anglebug.com/3862msedge.exe, 00000012.00000003.1546766775.0000461C00434000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                        • Avira URL Cloud: safe
                                                                                                                                                                                        		unknown
                                                                                                                                                                                        https://chrome.google.com/webstoreLDDiscoverchrome.exe, 0000000E.00000003.1415968966.00000284014A8000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000E.00000003.1415875352.0000028401498000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000E.00000003.1415216847.0000028401904000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                                          		high
                                                                                                                                                                                          http://anglebug.com/4836msedge.exe, 00000012.00000003.1546766775.0000461C00434000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                          • Avira URL Cloud: safe
                                                                                                                                                                                          		unknown
                                                                                                                                                                                          https://issuetracker.google.com/issues/166475273msedge.exe, 00000012.00000003.1546766775.0000461C00434000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                          • Avira URL Cloud: safe
                                                                                                                                                                                          		unknown
                                                                                                                                                                                          https://tidal.com/33bbe23d-6b16-4242-9819-814f54b4872d.tmp.20.drfalse
                                                                                                                                                                                            		high

                                                                                                                                                                                            World Map of Contacted IPs

                                                                                                                                                                                            • No. of IPs < 25%
                                                                                                                                                                                            • 25% < No. of IPs < 50%
                                                                                                                                                                                            • 50% < No. of IPs < 75%
                                                                                                                                                                                            • 75% < No. of IPs

                                                                                                                                                                                            Public IPs

                                                                                                                                                                                            IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                                            23.44.201.19
                                                                                                                                                                                            		unknownUnited States
                                                                                                                                                                                            		20940AKAMAI-ASN1EUfalse
                                                                                                                                                                                            2.22.242.105
                                                                                                                                                                                            		a416.dscd.akamai.netEuropean Union
                                                                                                                                                                                            		20940AKAMAI-ASN1EUfalse
                                                                                                                                                                                            92.123.12.148
                                                                                                                                                                                            		e28578.d.akamaiedge.netEuropean Union
                                                                                                                                                                                            		16625AKAMAI-ASUSfalse
                                                                                                                                                                                            149.154.167.99
                                                                                                                                                                                            		t.meUnited Kingdom
                                                                                                                                                                                            		62041TELEGRAMRUfalse
                                                                                                                                                                                            40.79.150.121
                                                                                                                                                                                            		unknownUnited States
                                                                                                                                                                                            		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                                                                                                                                                                            162.159.61.3
                                                                                                                                                                                            		unknownUnited States
                                                                                                                                                                                            		13335CLOUDFLARENETUSfalse
                                                                                                                                                                                            13.74.129.1
                                                                                                                                                                                            		c-msn-pme.trafficmanager.netUnited States
                                                                                                                                                                                            		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                                                                                                                                                                            172.217.18.97
                                                                                                                                                                                            		googlehosted.l.googleusercontent.comUnited States
                                                                                                                                                                                            		15169GOOGLEUSfalse
                                                                                                                                                                                            20.110.205.119
                                                                                                                                                                                            		unknownUnited States
                                                                                                                                                                                            		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                                                                                                                                                                            204.79.197.219
                                                                                                                                                                                            		unknownUnited States
                                                                                                                                                                                            		8068MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                                                                                                                                                                            172.64.41.3
                                                                                                                                                                                            		chrome.cloudflare-dns.comUnited States
                                                                                                                                                                                            		13335CLOUDFLARENETUSfalse
                                                                                                                                                                                            23.209.72.8
                                                                                                                                                                                            		unknownUnited States
                                                                                                                                                                                            		20940AKAMAI-ASN1EUfalse
                                                                                                                                                                                            95.217.27.252
                                                                                                                                                                                            		go.f.goldenloafuae.comGermany
                                                                                                                                                                                            		24940HETZNER-ASDEtrue
                                                                                                                                                                                            23.57.90.166
                                                                                                                                                                                            		unknownUnited States
                                                                                                                                                                                            		35994AKAMAI-ASUSfalse
                                                                                                                                                                                            18.173.132.94
                                                                                                                                                                                            		unknownUnited States
                                                                                                                                                                                            		3MIT-GATEWAYSUSfalse
                                                                                                                                                                                            18.244.18.38
                                                                                                                                                                                            		sb.scorecardresearch.comUnited States
                                                                                                                                                                                            		16509AMAZON-02USfalse
                                                                                                                                                                                            104.117.182.33
                                                                                                                                                                                            		unknownUnited States
                                                                                                                                                                                            		20940AKAMAI-ASN1EUfalse
                                                                                                                                                                                            239.255.255.250
                                                                                                                                                                                            		unknownReserved
                                                                                                                                                                                            		unknownunknownfalse
                                                                                                                                                                                            172.217.16.196
                                                                                                                                                                                            		www.google.comUnited States
                                                                                                                                                                                            		15169GOOGLEUSfalse
                                                                                                                                                                                            204.79.197.203
                                                                                                                                                                                            		a-0003.a-msedge.netUnited States
                                                                                                                                                                                            		8068MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                                                                                                                                                                            23.57.90.78
                                                                                                                                                                                            		unknownUnited States
                                                                                                                                                                                            		35994AKAMAI-ASUSfalse

                                                                                                                                                                                            Private

                                                                                                                                                                                            IP
                                                                                                                                                                                            192.168.2.10
                                                                                                                                                                                            127.0.0.1

                                                                                                                                                                                            General Information

                                                                                                                                                                                            Joe Sandbox version:42.0.0 Malachite
                                                                                                                                                                                            Analysis ID:1632159
                                                                                                                                                                                            Start date and time:2025-03-07 20:08:33 +01:00
                                                                                                                                                                                            Joe Sandbox product:CloudBasic
                                                                                                                                                                                            Overall analysis duration:0h 7m 53s
                                                                                                                                                                                            Hypervisor based Inspection enabled:false
                                                                                                                                                                                            Report type:full
                                                                                                                                                                                            Cookbook file name:default.jbs
                                                                                                                                                                                            Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                                            Number of analysed new started processes analysed:35
                                                                                                                                                                                            Number of new started drivers analysed:0
                                                                                                                                                                                            Number of existing processes analysed:0
                                                                                                                                                                                            Number of existing drivers analysed:0
                                                                                                                                                                                            Number of injected processes analysed:0
                                                                                                                                                                                            Technologies:
                                                                                                                                                                                            • HCA enabled
                                                                                                                                                                                            • EGA enabled
                                                                                                                                                                                            • AMSI enabled
                                                                                                                                                                                            Analysis Mode:default
                                                                                                                                                                                            Analysis stop reason:Timeout
                                                                                                                                                                                            Sample name:file.exe
                                                                                                                                                                                            Detection:MAL
                                                                                                                                                                                            Classification:mal100.troj.spyw.evad.winEXE@71/275@24/23
                                                                                                                                                                                            EGA Information:
                                                                                                                                                                                            • Successful, ratio: 100%
                                                                                                                                                                                            HCA Information:
                                                                                                                                                                                            • Successful, ratio: 100%
                                                                                                                                                                                            • Number of executed functions: 74
                                                                                                                                                                                            • Number of non-executed functions: 42
                                                                                                                                                                                            Cookbook Comments:
                                                                                                                                                                                            • Found application associated with file extension: .exe

                                                                                                                                                                                            Warnings

                                                                                                                                                                                            • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, sppsvc.exe, WerFault.exe, Runtimeuserer.exe, Sgrmuserer.exe, backgroundTaskHost.exe, conhost.exe, svchost.exe, TextInputHost.exe
                                                                                                                                                                                            • Excluded IPs from analysis (whitelisted): 199.232.214.172, 40.71.93.126, 142.250.186.78, 216.58.206.67, 216.58.206.78, 74.125.206.84, 142.250.186.142, 142.250.186.163, 142.250.185.234, 216.58.206.42, 216.58.206.74, 172.217.16.138, 142.250.181.234, 142.250.185.74, 216.58.212.138, 142.250.185.138, 142.250.185.170, 142.250.185.202, 142.250.185.106, 142.250.184.234, 172.217.18.10, 172.217.16.202, 172.217.18.106, 142.250.184.202, 13.107.42.16, 4.209.164.61, 142.250.185.174, 13.107.21.239, 204.79.197.239, 13.107.6.158, 172.211.159.152, 2.23.227.215, 2.23.227.208, 88.221.110.179, 88.221.110.195, 142.250.65.195, 142.251.41.3, 40.126.32.138, 23.199.214.10, 94.245.104.56, 23.57.90.81, 13.107.246.40, 150.171.28.10
                                                                                                                                                                                            • Excluded domains from analysis (whitelisted): nav-edge.smartscreen.microsoft.com, config.edge.skype.com.trafficmanager.net, data-edge.smartscreen.microsoft.com, img-s-msn-com.akamaized.net, clientservices.googleapis.com, edgeassetservice.afd.azureedge.net, onedsblobvmssprdeus02.eastus.cloudapp.azure.com, clients2.google.com, e86303.dscx.akamaiedge.net, redirector.gvt1.com, www.bing.com.edgekey.net, login.live.com, config-edge-skype.l-0007.l-msedge.net, th.bing.com, msedge.b.tlu.dl.delivery.mp.microsoft.com, prod-agic-we-7.westeurope.cloudapp.azure.com, www.gstatic.com, l-0007.l-msedge.net, c.pki.goog, config.edge.skype.com, optimizationguide-pa.googleapis.com, www.bing.com, edge-microsoft-com.dual-a-0036.a-msedge.net, fs.microsoft.com, accounts.google.com, bingadsedgeextension-prod.trafficmanager.net, th.bing.com.edgekey.net, api.edgeoffer.microsoft.com, ctldl.windowsupdate.com, p-th.bing.com.trafficmanager.net, prod-atm-wds-edge.trafficmanager.net, b-0005.b-msedge.net, www-www.bing.com.trafficmanager.net, ed
                                                                                                                                                                                            • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                                            • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                                                                                            • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                                                                                                                                                            • Report size getting too big, too many NtCreateFile calls found.
                                                                                                                                                                                            • Report size getting too big, too many NtOpenFile calls found.
                                                                                                                                                                                            • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                                                            • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                                                                                            • Report size getting too big, too many NtQueryAttributesFile calls found.
                                                                                                                                                                                            • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                                                            • Report size getting too big, too many NtSetInformationFile calls found.
                                                                                                                                                                                            • Report size getting too big, too many NtWriteFile calls found.
                                                                                                                                                                                            • Report size getting too big, too many NtWriteVirtualMemory calls found.
                                                                                                                                                                                            • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

                                                                                                                                                                                            Simulations

                                                                                                                                                                                            Behavior and APIs

                                                                                                                                                                                            TimeTypeDescription
                                                                                                                                                                                            14:09:36API Interceptor1x Sleep call for process: WerFault.exe modified

                                                                                                                                                                                            Joe Sandbox View / Context

                                                                                                                                                                                            IPs

                                                                                                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                            23.44.201.19random.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                              lem.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                pjthjsdjgjrtavv.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                  file.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
                                                                                                                                                                                                    invoice 700898 for wallcentre.com.shtmlGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                      9d565bee-e6ce-1842-e729-b0df8f08ed34.emlGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                        BraveBrowserSetup-BRV010.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                          BraveBrowserSetup-BRV002.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                            2.22.242.105ADFoyxP.exeGet hashmaliciousKeyLogger, StormKitty, VenomRATBrowse
                                                                                                                                                                                                              b9173c7c-fe8a-41d4-3f0c-543a04cca5d6.emlGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                q3na5Mc.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                  ESVoO7ywn5.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                    SecuriteInfo.com.Trojan.Inject5.17530.4675.11921.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                      ynBVHwu6gx.exeGet hashmaliciousPureLog Stealer, Vidar, zgRATBrowse
                                                                                                                                                                                                                        dwpk5JGAxF.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                          CheatEngine75.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                            New Sharefile - peRd9Y.svgGet hashmaliciousPhisherBrowse
                                                                                                                                                                                                                              149.154.167.99http://45.142.208.144.sslip.io/blog/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                              • telegram.org/img/emoji/40/F09F9889.png
                                                                                                                                                                                                                              http://xn--r1a.website/s/ogorodruGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                              • telegram.org/img/favicon.ico
                                                                                                                                                                                                                              http://cryptorabotakzz.com/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                              • telegram.org/
                                                                                                                                                                                                                              http://cache.netflix.com.id1.wuush.us.kg/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                              • telegram.org/dl?tme=fe3233c08ff79d4814_5062105595184761217
                                                                                                                                                                                                                              http://investors.spotify.com.sg2.wuush.us.kg/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                              • telegram.org/
                                                                                                                                                                                                                              http://bekaaviator.kz/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                              • telegram.org/
                                                                                                                                                                                                                              http://telegramtw1.org/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                              • telegram.org/?setln=pl
                                                                                                                                                                                                                              http://makkko.kz/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                              • telegram.org/
                                                                                                                                                                                                                              http://telegram.dogGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                              • telegram.dog/
                                                                                                                                                                                                                              LnSNtO8JIa.exeGet hashmaliciousCinoshi StealerBrowse
                                                                                                                                                                                                                              • t.me/cinoshibot

                                                                                                                                                                                                                              Domains

                                                                                                                                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                              a416.dscd.akamai.netLtCPevm69G.exeGet hashmaliciousAmadey, Credential Flusher, LummaC Stealer, Poverty Stealer, PureLog Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                              • 2.22.242.105
                                                                                                                                                                                                                              ADFoyxP.exeGet hashmaliciousKeyLogger, StormKitty, VenomRATBrowse
                                                                                                                                                                                                                              • 2.22.242.105
                                                                                                                                                                                                                              https://www.flipsnack.com/859EECFF8D6/distribution-agreement/full-view.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                              • 2.22.242.11
                                                                                                                                                                                                                              https://zsharepointonlinems.mysteriousroutes.it.com/kOPeS/#fuck@you.comGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                              • 2.22.242.11
                                                                                                                                                                                                                              q3na5Mc.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                              • 95.101.54.115
                                                                                                                                                                                                                              09.msiGet hashmaliciousRedLineBrowse
                                                                                                                                                                                                                              • 2.22.242.11
                                                                                                                                                                                                                              95.msiGet hashmaliciousRedLineBrowse
                                                                                                                                                                                                                              • 2.22.242.11
                                                                                                                                                                                                                              ESVoO7ywn5.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                              • 2.22.242.105
                                                                                                                                                                                                                              SecuriteInfo.com.Trojan.Inject5.17530.4675.11921.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                              • 2.22.242.105
                                                                                                                                                                                                                              SecuriteInfo.com.Trojan.Inject5.17530.4675.11921.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                              • 2.22.242.11
                                                                                                                                                                                                                              t.meLtCPevm69G.exeGet hashmaliciousAmadey, Credential Flusher, LummaC Stealer, Poverty Stealer, PureLog Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                              • 149.154.167.99
                                                                                                                                                                                                                              https://graph.org/WBACK-03-06?qb3nGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                              • 149.154.167.99
                                                                                                                                                                                                                              EasyWay.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                              • 149.154.167.99
                                                                                                                                                                                                                              Collapse.exeGet hashmaliciousLummaC Stealer, PureLog StealerBrowse
                                                                                                                                                                                                                              • 149.154.167.99
                                                                                                                                                                                                                              q3na5Mc.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                              • 149.154.167.99
                                                                                                                                                                                                                              Yanto v1.2.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                              • 149.154.167.99
                                                                                                                                                                                                                              ESVoO7ywn5.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                              • 149.154.167.99
                                                                                                                                                                                                                              S2W2ftXM2b.exeGet hashmaliciousAmadey, LummaC Stealer, PureLog Stealer, XWormBrowse
                                                                                                                                                                                                                              • 149.154.167.99
                                                                                                                                                                                                                              dealmaker.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                              • 149.154.167.99
                                                                                                                                                                                                                              windows.ps1Get hashmaliciousPureLog Stealer, VidarBrowse
                                                                                                                                                                                                                              • 149.154.167.99
                                                                                                                                                                                                                              chrome.cloudflare-dns.comADFoyxP.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                              • 172.64.41.3
                                                                                                                                                                                                                              ADFoyxP.exeGet hashmaliciousKeyLogger, StormKitty, VenomRATBrowse
                                                                                                                                                                                                                              • 172.64.41.3
                                                                                                                                                                                                                              desaremix.exeGet hashmaliciousKillMBRBrowse
                                                                                                                                                                                                                              • 162.159.61.3
                                                                                                                                                                                                                              https://www.flipsnack.com/859EECFF8D6/distribution-agreement/full-view.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                              • 162.159.61.3
                                                                                                                                                                                                                              ATTACH - kotak.com.htmGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                              • 172.64.41.3
                                                                                                                                                                                                                              https://zsharepointonlinems.mysteriousroutes.it.com/kOPeS/#fuck@you.comGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                              • 162.159.61.3
                                                                                                                                                                                                                              ATTACH - kotak.com.htmGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                              • 162.159.61.3
                                                                                                                                                                                                                              q3na5Mc.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                              • 162.159.61.3
                                                                                                                                                                                                                              http://pqpqpyj.sbs/av/avr08/index.php?lpkey=174043cdcee2702426549f3edfdcca41a099970167&trkd=omokeh.org&lpkey1=cuuncqujn1oc7393mcc0&language=de&scanid=cuuncqujn1oc7393mcc0&ip=147.161.235.77&t1=133&t2=%7Bt1%7D&t3=%7Bt2%7D&t4=49&t5=174123395189&dm=1&pbid=4598&uid=Tev3Ewws7LqtzrNjCqkamFhqO8Mhj2&t10=4833Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                              • 162.159.61.3
                                                                                                                                                                                                                              f38186770bffa4a12a7170942b9c0d71ac736142924da24a.xlt.ps1Get hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                                                                                                              • 172.64.41.3
                                                                                                                                                                                                                              s-part-0012.t-0009.t-msedge.netSecuriteInfo.com.Trojan.DownLoader19.10887.56.7494.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                              • 13.107.246.40
                                                                                                                                                                                                                              FOZkdjzquG.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                              • 13.107.246.40
                                                                                                                                                                                                                              ffY6vVoRx0.exeGet hashmaliciousBerbewBrowse
                                                                                                                                                                                                                              • 13.107.246.40
                                                                                                                                                                                                                              hmm_dec.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                              • 13.107.246.40
                                                                                                                                                                                                                              Message.emlGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                              • 13.107.246.40
                                                                                                                                                                                                                              uwmC39FNho.exeGet hashmaliciousRemcosBrowse
                                                                                                                                                                                                                              • 13.107.246.40
                                                                                                                                                                                                                              Handler.exeGet hashmaliciousDanaBot, PureLog Stealer, VidarBrowse
                                                                                                                                                                                                                              • 13.107.246.40
                                                                                                                                                                                                                              https://securityalert-corporate.com/click/f288bff9-842d-4e34-8d2d-41ad20e48e9dGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                              • 13.107.246.40
                                                                                                                                                                                                                              Debh Payment Detail.htmlGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                              • 13.107.246.40
                                                                                                                                                                                                                              qI6cHJbHJg.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                              • 13.107.246.40

                                                                                                                                                                                                                              ASNs

                                                                                                                                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                              TELEGRAMRULtCPevm69G.exeGet hashmaliciousAmadey, Credential Flusher, LummaC Stealer, Poverty Stealer, PureLog Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                              • 149.154.167.99
                                                                                                                                                                                                                              Shipment advice H-BL Draft.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                                                                                              • 149.154.167.220
                                                                                                                                                                                                                              DHL Shipping Details Ref ID 446331798008765975594-pdf.exeGet hashmaliciousMSIL Logger, MassLogger RATBrowse
                                                                                                                                                                                                                              • 149.154.167.220
                                                                                                                                                                                                                              valorant_ESP_aimbot.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                              • 149.154.167.220
                                                                                                                                                                                                                              georgefloyd.batGet hashmaliciousXWormBrowse
                                                                                                                                                                                                                              • 149.154.167.220
                                                                                                                                                                                                                              ZTEIhNCtP3.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                                                                                              • 149.154.167.220
                                                                                                                                                                                                                              uPDwUy9ewY.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                                                                                                                                              • 149.154.167.220
                                                                                                                                                                                                                              OeM750ajqm.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                                                                                                                                              • 149.154.167.220
                                                                                                                                                                                                                              UFOiZapHGS.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                                                                                              • 149.154.167.220
                                                                                                                                                                                                                              x8ggp1u7V8.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                                                                                              • 149.154.167.220
                                                                                                                                                                                                                              AKAMAI-ASUSphish_alert_sp2_2.0.0.0 (3).emlGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                              • 2.16.185.191
                                                                                                                                                                                                                              phish_alert_sp2_2.0.0.0.emlGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                              • 92.123.12.139
                                                                                                                                                                                                                              https://akronhousingorg.sharepoint.com/sites/akronhousing.org/_layouts/15/guestaccess.aspx?e=4%3ayoKuOs&at=9&share=ETxns0_uyAZOqbfnq1g451UBdlSB973uhVLb6tJxyt3tUQGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                              • 2.19.198.72
                                                                                                                                                                                                                              gold.rim.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                              • 104.73.234.102
                                                                                                                                                                                                                              alex111111.exeGet hashmaliciousLummaC Stealer, PureLog StealerBrowse
                                                                                                                                                                                                                              • 104.73.234.102
                                                                                                                                                                                                                              alex1231231123.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                              • 104.73.234.102
                                                                                                                                                                                                                              con12312211221.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                              • 104.73.234.102
                                                                                                                                                                                                                              http://www.fedex.com/officebillingonlineGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                              • 2.19.105.89
                                                                                                                                                                                                                              ADFoyxP.exeGet hashmaliciousKeyLogger, StormKitty, VenomRATBrowse
                                                                                                                                                                                                                              • 23.200.88.39
                                                                                                                                                                                                                              efjepc.elfGet hashmaliciousGafgyt, MiraiBrowse
                                                                                                                                                                                                                              • 23.5.44.139
                                                                                                                                                                                                                              AKAMAI-ASN1EUhttps://aa1selfstorage.com/ioeloro/?wptouch_switch=mobile&redirect=//gamma.app/docs/Untitled-fw6wys6ubo63z1u?mode=present#card-wdvd2twm5f65uwlGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                              • 2.16.100.91
                                                                                                                                                                                                                              random.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                              • 23.197.127.21
                                                                                                                                                                                                                              https://shared.outlook.inky.com/link?domain=softlinepk.com&t=h.eJx1zEsOgyAUQNGtGMaNICgfR24F5YFE6zOASZume2_pvON7cl_kSjsZG7KWcuaR0oy-7PGAc2sXvFNya8hW-wEFU-iZVkwJ6hJOZYVljYsN6OPjh9kgZsPtPFvOuLVGa-kEU9qA9Z4ZTzvVd0JKIfp2UJLLeod6D_Cdw3QmdDE8fUyQcb9KxCPXc3Wuur_g_QHH7kBM.MEQCIDdyhBdC30Xhm3ePQG2tnTwypWIRFLJPHxaLdIxX14wmAiBphl0LxJNvkKOBoPckbENzIZIrbLOGeJ4IyT9t346tnwGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                              • 172.235.181.176
                                                                                                                                                                                                                              phish_alert_sp2_2.0.0.0 (3).emlGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                              • 172.235.181.176
                                                                                                                                                                                                                              phish_alert_sp2_2.0.0.0.emlGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                              • 72.247.153.195
                                                                                                                                                                                                                              https://www.gruzoved.com/blog/post/eshe-dve-dorogi-zakryli-na-sahaline-iz-za-nepogody/?next=https%3A%2F%2Fgamma.app%2Fdocs%2Fmeyertrucks-Trust-Meyer-Trucks-diesel-truck-bus-parts-q218q3p16jcbi7h%3Fmode%3Dpresent%23card-5kvf1fu5246tolrGet hashmaliciousGabagoolBrowse
                                                                                                                                                                                                                              • 2.16.100.106
                                                                                                                                                                                                                              https://www.gruzoved.com/blog/post/eshe-dve-dorogi-zakryli-na-sahaline-iz-za-nepogody/?next=https%3A%2F%2Fgamma.app%2Fdocs%2Fmeyertrucks-Trust-Meyer-Trucks-diesel-truck-bus-parts-q218q3p16jcbi7h%3Fmode%3Dpresent%23card-5kvf1fu5246tolrGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                              • 2.16.100.91
                                                                                                                                                                                                                              alex122121.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                              • 23.197.127.21
                                                                                                                                                                                                                              alex1213321.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                              • 23.197.127.21
                                                                                                                                                                                                                              fher.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                              • 23.197.127.21
                                                                                                                                                                                                                              MICROSOFT-CORP-MSN-AS-BLOCKUSletsVPN.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                              • 52.250.216.138
                                                                                                                                                                                                                              NEW ORDER (PO. 2100002 (BT-INC).xlsGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                              • 13.107.246.60
                                                                                                                                                                                                                              New Order.xlsGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                              • 13.107.246.60
                                                                                                                                                                                                                              Purchase Order.xla.xlsxGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                              • 13.107.246.60
                                                                                                                                                                                                                              Purchase Order.xla.xlsxGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                              • 13.107.246.60
                                                                                                                                                                                                                              Doc9078786968795776764567.xla.xlsxGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                              • 13.107.246.60
                                                                                                                                                                                                                              NEW ORDER (PO. 2100002 (BT-INC).xlsGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                              • 13.107.246.60
                                                                                                                                                                                                                              New Order.xlsGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                              • 13.107.246.60
                                                                                                                                                                                                                              Purchase Order.xla.xlsxGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                              • 13.107.246.60
                                                                                                                                                                                                                              Purchase Order.xla.xlsxGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                              • 13.107.246.60
                                                                                                                                                                                                                              AKAMAI-ASN1EUhttps://aa1selfstorage.com/ioeloro/?wptouch_switch=mobile&redirect=//gamma.app/docs/Untitled-fw6wys6ubo63z1u?mode=present#card-wdvd2twm5f65uwlGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                              • 2.16.100.91
                                                                                                                                                                                                                              random.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                              • 23.197.127.21
                                                                                                                                                                                                                              https://shared.outlook.inky.com/link?domain=softlinepk.com&t=h.eJx1zEsOgyAUQNGtGMaNICgfR24F5YFE6zOASZume2_pvON7cl_kSjsZG7KWcuaR0oy-7PGAc2sXvFNya8hW-wEFU-iZVkwJ6hJOZYVljYsN6OPjh9kgZsPtPFvOuLVGa-kEU9qA9Z4ZTzvVd0JKIfp2UJLLeod6D_Cdw3QmdDE8fUyQcb9KxCPXc3Wuur_g_QHH7kBM.MEQCIDdyhBdC30Xhm3ePQG2tnTwypWIRFLJPHxaLdIxX14wmAiBphl0LxJNvkKOBoPckbENzIZIrbLOGeJ4IyT9t346tnwGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                              • 172.235.181.176
                                                                                                                                                                                                                              phish_alert_sp2_2.0.0.0 (3).emlGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                              • 172.235.181.176
                                                                                                                                                                                                                              phish_alert_sp2_2.0.0.0.emlGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                              • 72.247.153.195
                                                                                                                                                                                                                              https://www.gruzoved.com/blog/post/eshe-dve-dorogi-zakryli-na-sahaline-iz-za-nepogody/?next=https%3A%2F%2Fgamma.app%2Fdocs%2Fmeyertrucks-Trust-Meyer-Trucks-diesel-truck-bus-parts-q218q3p16jcbi7h%3Fmode%3Dpresent%23card-5kvf1fu5246tolrGet hashmaliciousGabagoolBrowse
                                                                                                                                                                                                                              • 2.16.100.106
                                                                                                                                                                                                                              https://www.gruzoved.com/blog/post/eshe-dve-dorogi-zakryli-na-sahaline-iz-za-nepogody/?next=https%3A%2F%2Fgamma.app%2Fdocs%2Fmeyertrucks-Trust-Meyer-Trucks-diesel-truck-bus-parts-q218q3p16jcbi7h%3Fmode%3Dpresent%23card-5kvf1fu5246tolrGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                              • 2.16.100.91
                                                                                                                                                                                                                              alex122121.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                              • 23.197.127.21
                                                                                                                                                                                                                              alex1213321.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                              • 23.197.127.21
                                                                                                                                                                                                                              fher.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                              • 23.197.127.21

                                                                                                                                                                                                                              JA3 Fingerprints

                                                                                                                                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                              37f463bf4616ecd445d4a1937da06e19[System Process]12.exeGet hashmaliciousGhostRat, Mimikatz, NitolBrowse
                                                                                                                                                                                                                              • 95.217.27.252
                                                                                                                                                                                                                              • 149.154.167.99
                                                                                                                                                                                                                              LtCPevm69G.exeGet hashmaliciousAmadey, Credential Flusher, LummaC Stealer, Poverty Stealer, PureLog Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                              • 95.217.27.252
                                                                                                                                                                                                                              • 149.154.167.99
                                                                                                                                                                                                                              awb_post_dhl_delivery_documents_06_03_2025_00000000000250506.batGet hashmaliciousGuLoader, RemcosBrowse
                                                                                                                                                                                                                              • 95.217.27.252
                                                                                                                                                                                                                              • 149.154.167.99
                                                                                                                                                                                                                              awb_post_dhl_delivery_documents_07_03_2025_000000000000000.batGet hashmaliciousGuLoader, RemcosBrowse
                                                                                                                                                                                                                              • 95.217.27.252
                                                                                                                                                                                                                              • 149.154.167.99
                                                                                                                                                                                                                              mQRr8Rkorf.exeGet hashmaliciousAmadey, LummaC Stealer, StealcBrowse
                                                                                                                                                                                                                              • 95.217.27.252
                                                                                                                                                                                                                              • 149.154.167.99
                                                                                                                                                                                                                              V1CCX70AZ8P70ADNI.exeGet hashmaliciousClipboard HijackerBrowse
                                                                                                                                                                                                                              • 95.217.27.252
                                                                                                                                                                                                                              • 149.154.167.99
                                                                                                                                                                                                                              oAuym78xev.exeGet hashmaliciousGuLoaderBrowse
                                                                                                                                                                                                                              • 95.217.27.252
                                                                                                                                                                                                                              • 149.154.167.99
                                                                                                                                                                                                                              mF8WNclxnv.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                                                                                                                              • 95.217.27.252
                                                                                                                                                                                                                              • 149.154.167.99
                                                                                                                                                                                                                              15Er6ACahF.exeGet hashmaliciousGuLoaderBrowse
                                                                                                                                                                                                                              • 95.217.27.252
                                                                                                                                                                                                                              • 149.154.167.99

                                                                                                                                                                                                                              Dropped Files

                                                                                                                                                                                                                              No context

                                                                                                                                                                                                                              Created / dropped Files

                                                                                                                                                                                                                              C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_file.exe_cf523d28dc351ffd98f29ee515c1ecafe2b03749_96b02dad_d18ad6dd-32f4-4572-809b-9d980adcf318\Report.wer

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                              File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):65536
                                                                                                                                                                                                                              Entropy (8bit):0.8527527388983926
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:192:aGHUfQvCPAgA0LR3ijxaOSzuiFjZ24IO8kiB:fC4gbLR3karzuiFjY4IO8b
                                                                                                                                                                                                                              MD5:70BA05A916D1D945789EDAC8B825C0ED
                                                                                                                                                                                                                              SHA1:CDE18CACB01D41C06700DE8F6DD7F8E80E4D75F7
                                                                                                                                                                                                                              SHA-256:9D20E243AC94FA58F8A808E498D470CD71F2F48548A2E38914CE0CEBCD5BE5EF
                                                                                                                                                                                                                              SHA-512:BF8CDE8FCB838FA18F2438B6673F2F8524E0150B144AAD45080B8067CFAB9C49C74187BF30CF69754CE1631FF5444E871BFE361AF33C7217AC2F7C3EA886EF9A
                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                              Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.B.E.X.....E.v.e.n.t.T.i.m.e.=.1.3.3.8.5.8.4.8.1.7.0.3.4.1.2.1.1.0.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.8.5.8.4.8.1.7.0.8.7.2.4.6.4.8.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.d.1.8.a.d.6.d.d.-.3.2.f.4.-.4.5.7.2.-.8.0.9.b.-.9.d.9.8.0.a.d.c.f.3.1.8.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.5.d.c.b.9.7.6.2.-.f.8.1.0.-.4.9.7.6.-.8.3.9.9.-.c.e.e.0.3.2.7.e.1.9.0.0.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.f.i.l.e...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.b.1.8.-.0.0.0.1.-.0.0.1.7.-.d.9.b.a.-.b.5.7.3.9.4.8.f.d.b.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.7.e.4.9.2.d.7.6.8.e.7.9.7.3.1.6.2.4.b.c.d.f.2.e.7.6.1.5.f.9.1.8.0.0.0.0.f.f.f.f.!.0.0.0.0.a.b.a.4.8.4.f.0.f.c.c.a.2.f.4.0.4.9.7.3.8.b.e.6.0.a.2.2.6.1.1.3.9.f.f.5.c.b.2.2.!.f.i.l.e...e.x.e.....T.a.r.g.e.t.A.p.p.V.e.r.=.2.0.8.9././.1.0././.0.1.:.

                                                                                                                                                                                                                              C:\ProgramData\Microsoft\Windows\WER\Temp\WERF266.tmp.dmp

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                              File Type:Mini DuMP crash report, 15 streams, Fri Mar 7 19:09:30 2025, 0x1205a4 type
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):149980
                                                                                                                                                                                                                              Entropy (8bit):3.7918643469195046
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:1536:gl2/dADOqFRCDatT/GuBojRypN4uE2aOKLTg1Wk9LLGF:gl2/0Ow0E7+U4uEqKLTg8k9LqF
                                                                                                                                                                                                                              MD5:206657A017D3690DB587A349371EE4BA
                                                                                                                                                                                                                              SHA1:AB7EB8D9201150BA2A35EB04EC8646311A8714CD
                                                                                                                                                                                                                              SHA-256:8638A487FFDF3B9754DBD15B9338E8F1ECF66E16209514D4EE349E6C7E39CF8F
                                                                                                                                                                                                                              SHA-512:8A5B92C55F6C758DF786AA43E743813B97039A8C14FEE876F465700208B783016A6DB70E8DADA71E2FDC0D5810FAB5E919CF0822AC2D227ED97638C45142FE61
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview:MDMP..a..... .......jD.g....................................$................-..........`.......8...........T...........P....*......................................................................................................eJ..............GenuineIntel............T...........iD.g.............................0..............,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.......................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                              C:\ProgramData\Microsoft\Windows\WER\Temp\WERF332.tmp.WERInternalMetadata.xml

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                              File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):8358
                                                                                                                                                                                                                              Entropy (8bit):3.6884371618994347
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:192:R6l7wVeJuC+6qG6Y/dSU2AGgmf6hVJLpr789bRZsf3bm:R6lXJE6b6YFSUTGgmfIVJaRyfi
                                                                                                                                                                                                                              MD5:B7F3E3454BD5BFD5EE2679889C2F594C
                                                                                                                                                                                                                              SHA1:0177E5AB80E9098B4FCC60DE21B9212A30E182C5
                                                                                                                                                                                                                              SHA-256:F0D573462BB6252C3D9C96A32B10A39EB31786B91CF8244E35C970F622FBF991
                                                                                                                                                                                                                              SHA-512:0E703DDBDEF9068DAEC0B610EA6DD7035E41D8031AC7102F9A4006D81827965E91D2E719666235BD5B8D8A6C464903E14665041D587FE5EA547A4ACB3E2C366D
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.6.9.3.6.<./.P.i.

                                                                                                                                                                                                                              C:\ProgramData\Microsoft\Windows\WER\Temp\WERF391.tmp.xml

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                              File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):4662
                                                                                                                                                                                                                              Entropy (8bit):4.430819483451712
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:48:cvIwWl8zstJg77aI9XeDZrWpW8VYsYm8M4JOfdxPcf6FYBm+q8vtfdxPcftyAYXd:uIjfHI7JeD07VQJOYfZBmKtYfcAYXd
                                                                                                                                                                                                                              MD5:78334AF5934C4743A12E67B37FB9F3A1
                                                                                                                                                                                                                              SHA1:7702F811430F1A1B91BC4787391B7C27D67C1FE8
                                                                                                                                                                                                                              SHA-256:4DB2B87ABC8CD6E0987652B4295CDE1F51C920CB878FC2E3BF7F0E9F7BC51AAD
                                                                                                                                                                                                                              SHA-512:AF1B85D06CB5B1DC416FBBBB1D194766644407F03108022AC24D05A8325AEFBD92B7E8FD44FF0945B7578B84ED666793FBE27B147D2AAA449A660BB9CB538393
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="750852" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

                                                                                                                                                                                                                              C:\ProgramData\ymg4o\2n79hd

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 8
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):196608
                                                                                                                                                                                                                              Entropy (8bit):1.121157754129249
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:192:72qAdB9TbTbuDDsnxCkvSAE+WslKOMq+8wH0hL3kWieF:72qOB1nxCkvSAELyKOMq+8wH0hLUZs
                                                                                                                                                                                                                              MD5:A6C8475F9B097C8AFD4022E65E556CA7
                                                                                                                                                                                                                              SHA1:27FBA823D3E7CED3F516D3BD04791F175E87E356
                                                                                                                                                                                                                              SHA-256:121931600B11DCA8D5DC639B42B03CE9571055B31A0FE82DBB963392700294CF
                                                                                                                                                                                                                              SHA-512:849D2BCAC1EE42FC757C16ADB29E1D6460211A1D2F0E6858491835775E40107495CF65121B98F8517F8C0665590495DB8A96F174CFDE77F01FCC49013EB74533
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                              C:\ProgramData\ymg4o\37gd2d

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                                                              File Type:SQLite 3.x database, last written using SQLite version 3046000, file counter 2, database pages 41, 1st free page 29, free pages 1, cookie 0x25, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):196608
                                                                                                                                                                                                                              Entropy (8bit):0.45909911068154247
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:96:OpdTxQ+ALqL/uejzH+bF+UIYysX0lj/twfLyl0e9S8E:OpdT7IqL/tH+bF+UI3i67Kylj9
                                                                                                                                                                                                                              MD5:89783266A93C429FCFB9CE049053FCCD
                                                                                                                                                                                                                              SHA1:AC70D1404CB8588DBB685165154CA6FD01942CCE
                                                                                                                                                                                                                              SHA-256:AF2420C3F982037DA346ACB0722E54A466547DCCFC54C44EA84FBC1401DC15BC
                                                                                                                                                                                                                              SHA-512:BD3C480D62EDF9CA8F23BB17E39405E9EE2EE705EEE832F738D4C3AE5C16E3317A1822C07373CB49A8E704B3DA3D7BDC95544208C1C369322E7F8CE2E2DE93CF
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview:SQLite format 3......@ .......)...........%......................................................zp....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                              C:\ProgramData\ymg4o\47gdjwt00

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                                                              File Type:SQLite 3.x database, last written using SQLite version 3046000, page size 2048, file counter 2, database pages 20, cookie 0xc, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):40960
                                                                                                                                                                                                                              Entropy (8bit):0.8616778647394084
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:48:pMtA+IIkCVEq8Ma0D0HOlf/6ykwpLf/UUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:pOCCn8MouB6w9f/MiZqmvJKLPeymwil
                                                                                                                                                                                                                              MD5:BDDE4AD11E732420E7ABCCA946B11611
                                                                                                                                                                                                                              SHA1:278C3386A37BAFCA507CF4C128600B01B312DDA0
                                                                                                                                                                                                                              SHA-256:099AB6B902097361832FC2485E96C71C827E722FA74C09C7D08DCE9091094C1D
                                                                                                                                                                                                                              SHA-512:B29061A507FCAE2CB56155C5C911706E60C798D288968B210A1670C0F0D1D3F7B3B2B2919B946FED47C4975B157A56B557F71AE80A427C85C660F6B37153C9E8
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview:SQLite format 3......@ ..........................................................................zp....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                              C:\ProgramData\ymg4o\gv3w4e37y

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):51200
                                                                                                                                                                                                                              Entropy (8bit):0.8746135976761988
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:96:O8mmwLCn8MouB6wzFlOqUvJKLReZff44EK:O8yLG7IwRWf4
                                                                                                                                                                                                                              MD5:9E68EA772705B5EC0C83C2A97BB26324
                                                                                                                                                                                                                              SHA1:243128040256A9112CEAC269D56AD6B21061FF80
                                                                                                                                                                                                                              SHA-256:17006E475332B22DB7B337F1CBBA285B3D9D0222FD06809AA8658A8F0E9D96EF
                                                                                                                                                                                                                              SHA-512:312484208DC1C35F87629520FD6749B9DDB7D224E802D0420211A7535D911EC1FA0115DC32D8D1C2151CF05D5E15BBECC4BCE58955CFFDE2D6D5216E5F8F3BDF
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                              C:\ProgramData\ymg4o\jm7qq1

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 38, cookie 0x1f, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):155648
                                                                                                                                                                                                                              Entropy (8bit):0.5407252242845243
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:96:OgWyejzH+bDoYysX0IxQzZkHtpVJNlYDLjGQLBE3CeE0kE:OJhH+bDo3iN0Z2TVJkXBBE3yb
                                                                                                                                                                                                                              MD5:7B955D976803304F2C0505431A0CF1CF
                                                                                                                                                                                                                              SHA1:E29070081B18DA0EF9D98D4389091962E3D37216
                                                                                                                                                                                                                              SHA-256:987FB9BFC2A84C4C605DCB339D4935B52A969B24E70D6DEAC8946BA9A2B432DC
                                                                                                                                                                                                                              SHA-512:CE2F1709F39683BE4131125BED409103F5EDF1DED545649B186845817C0D69E3D0B832B236F7C4FC09AB7F7BB88E7C9F1E4F7047D1AF56D429752D4D8CBED47A
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview:SQLite format 3......@ .......&..................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                              C:\ProgramData\ymg4o\my58gd

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                                                              File Type:SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):98304
                                                                                                                                                                                                                              Entropy (8bit):0.08235737944063153
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:12:DQAsfWk73Fmdmc/OPVJXfPNn43etRRfYR5O8atLqxeYaNcDakMG/lO:DQAsff32mNVpP965Ra8KN0MG/lO
                                                                                                                                                                                                                              MD5:369B6DD66F1CAD49D0952C40FEB9AD41
                                                                                                                                                                                                                              SHA1:D05B2DE29433FB113EC4C558FF33087ED7481DD4
                                                                                                                                                                                                                              SHA-256:14150D582B5321D91BDE0841066312AB3E6673CA51C982922BC293B82527220D
                                                                                                                                                                                                                              SHA-512:771054845B27274054B6C73776204C235C46E0C742ECF3E2D9B650772BA5D259C8867B2FA92C3A9413D3E1AD35589D8431AC683DF84A53E13CDE361789045928
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview:SQLite format 3......@ ..........................................................................j......}..}...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                              C:\ProgramData\ymg4o\x4wbi5

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 32768, file counter 2, database pages 9, cookie 0x6, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):294912
                                                                                                                                                                                                                              Entropy (8bit):0.08435865420875459
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:192:5va0zkVmvQhyn+Zoz679fqlQbGhMHPaVAL23vtt0:51zkVmvQhyn+Zoz67it0
                                                                                                                                                                                                                              MD5:67E2FBC84F1F11A8A02800D7DDB2ADDC
                                                                                                                                                                                                                              SHA1:C999C971AA7CC5B54D4B1150A477659670289701
                                                                                                                                                                                                                              SHA-256:DD49D0343A89773FE53D58231552BD8991A34BFC540232E7308E596352A4D91D
                                                                                                                                                                                                                              SHA-512:963E6FF7A90FBA494DC215EB39BE25CFC1E1C9D912761BC840E73AE092B1718A952E047D3DA716C18C5954C90402918D3E9C64582AA173A2FC09576358B91222
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview:SQLite format 3......@ ..........................................................................j......z<.{...{.{a{.z.z<z.............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                              C:\ProgramData\ymg4o\xl6pp8

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                                                              File Type:ASCII text, with very long lines (1808), with CRLF line terminators
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):10489
                                                                                                                                                                                                                              Entropy (8bit):5.49400008804932
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:192:HnBRNC3YbBp6lR1+PaX56/x8lSz9/3/OHNBw8DXSl:Oee1M/xbUPwO0
                                                                                                                                                                                                                              MD5:C285AF56A69C639A033B77359FEDE8A7
                                                                                                                                                                                                                              SHA1:676A4F90E2ED82CB9ABEE7DAFC3A25D984B380EE
                                                                                                                                                                                                                              SHA-256:ECF63A7733385EB825D49B5B351C0687E383F309D6849BE1C7AC06A1CD4E94B2
                                                                                                                                                                                                                              SHA-512:53ABAF224CE47D77A6883AFCE25089C12D8362B4BCC01D94F94DF846C9F24AAFB2004502B7E3D5DC512E764B1EFB0B0E1FFC39FA5A423F82EA4E61B83E4E292E
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview:// Mozilla User Preferences....// DO NOT EDIT THIS FILE...//..// If you make changes to this file while the application is running,..// the changes will be overwritten when the application exits...//..// To change a preference value, you can either:..// - modify it via the UI (e.g. via about:config in the browser); or..// - set it within a user.js file in your profile.....user_pref("app.normandy.first_run", false);..user_pref("app.normandy.migrationsApplied", 12);..user_pref("app.normandy.user_id", "ecedec8f-7097-47fc-a9e3-d74f0c8e2503");..user_pref("app.update.auto.migrated", true);..user_pref("app.update.background.rolledout", true);..user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 0);..user_pref("app.update.lastUpdateTime.recipe-client-addon-run", 1696499493);..user_pref("app.update.lastUpdateTime.region-update-timer", 0);..user_pref("app.update.lastUpdateTime.rs-experiment-loader-timer", 1696499494);..user_pref("app.update.lastUpdateTime.xpi-signature-verification

                                                                                                                                                                                                                              C:\ProgramData\ymg4o\zm7gdb

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                                                              File Type:SQLite 3.x database, last written using SQLite version 3046000, page size 2048, file counter 5, database pages 68, cookie 0x4a, schema 4, UTF-8, version-valid-for 5
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):139264
                                                                                                                                                                                                                              Entropy (8bit):1.1364808899718155
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:192:ulsfoVZkNi61n1ulH5sdpX6V5OK0Vul6PqfPk:ulsfoQx1n1ulH5YE5O9Vul6PqfM
                                                                                                                                                                                                                              MD5:AAADBD394519C5F837D723B41BC945E9
                                                                                                                                                                                                                              SHA1:BC46C195EA08B1E90C1B65413B601C1E83585BF6
                                                                                                                                                                                                                              SHA-256:9787BE53761783168860DFC68F131DEDE1085900DB6C715A059FDCB07FB57F75
                                                                                                                                                                                                                              SHA-512:1C5BA05C79B4788034116B9D86D43CE64647E89C0021F42475F7DBD2EC1C9381E57CFDC91A7678C5984F3C11AFD735D8EA49BFA17DCA1E981AD0FF456FBB1E0E
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview:SQLite format 3......@ .......D...........J......................................................zp...........<........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\0e1cba60-a89e-4947-9585-09a7926a93ea.tmp

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                              Category:modified
                                                                                                                                                                                                                              Size (bytes):56160
                                                                                                                                                                                                                              Entropy (8bit):6.104562769657611
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4kQGUXqgfbjQVE8bHNhEKMORWY9Qmm09QYqGwLWZkHU4:z/Ps+wsI7ynW8rkKMORrqfyW0e6kaoX
                                                                                                                                                                                                                              MD5:07B51847F43DBC0303C5947B66E1AA7E
                                                                                                                                                                                                                              SHA1:C9AA4A761ABE6161D2607DF3946F96A0311CA1AA
                                                                                                                                                                                                                              SHA-256:2FCEF9D78D7F8167C7D597AFD82D6CC77311720F9305A04CD8B1415BB80ADAC2
                                                                                                                                                                                                                              SHA-512:6573E28F1B77381A874E6CE9BE1D9860874E35183D50A94CE432513FD2A9685BB32C8A5D407FC42B5D61C65E2250B6B5D53AD8CBA7ABC3BD870BD57C7F0BC2CD
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\238f4f07-e188-4506-8f98-b065a2b084b2.tmp

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):56160
                                                                                                                                                                                                                              Entropy (8bit):6.104562769657611
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4kQGUXqgfbjQVE8bHNhEKMORWY9Qmm09QYqGwLWZkHU4:z/Ps+wsI7ynW8rkKMORrqfyW0e6kaoX
                                                                                                                                                                                                                              MD5:07B51847F43DBC0303C5947B66E1AA7E
                                                                                                                                                                                                                              SHA1:C9AA4A761ABE6161D2607DF3946F96A0311CA1AA
                                                                                                                                                                                                                              SHA-256:2FCEF9D78D7F8167C7D597AFD82D6CC77311720F9305A04CD8B1415BB80ADAC2
                                                                                                                                                                                                                              SHA-512:6573E28F1B77381A874E6CE9BE1D9860874E35183D50A94CE432513FD2A9685BB32C8A5D407FC42B5D61C65E2250B6B5D53AD8CBA7ABC3BD870BD57C7F0BC2CD
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\3119a51e-a2ee-43dc-b065-70f9f04cb620.tmp

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):57126
                                                                                                                                                                                                                              Entropy (8bit):6.101542775087831
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:1536:WMk16zRRSfKb5rkKMOR5tn6aopqfyW0e6x:WMYOehKMOVnXOmyF/
                                                                                                                                                                                                                              MD5:C3B3E1D36B21ACC1C237BB582BC3537C
                                                                                                                                                                                                                              SHA1:B9C96C347365006F555C78D94341ED37EE0EC1AD
                                                                                                                                                                                                                              SHA-256:F604BD5CEB5283EEFC5454369C27D8A302213390D4D2968A6E71709E60F43357
                                                                                                                                                                                                                              SHA-512:4941ADD9D70253AD7ACB17875B4318C212EC98EDDEE5EC7528D0774216B9E822B3F0A73AE71F339F1C9312C97405CA67460FB9D57D8889069C6FCE629EC0A8C4
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview:{"abusive_adblocker_etag":"\"5E25271B8190D943537AD3FDB50874FC133E8B4A00380E2A6A888D63386F728B\"","browser":{"browser_build_version":"117.0.2045.47","browser_version_of_last_seen_whats_new":"117.0.2045.47","last_seen_whats_new_page_version":"117.0.2045.47"},"continuous_migration":{"local_guid":"34c7dd5e-f336-4151-8b1c-518d3c43e01f"},"desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL1dWZPktpH+KxP9ZDtU6GMujfykHY9txVpHyHIoYh2ODhBEkWiCAAdHVbEc/u+bCVb1dE8RqEqOdh806mbzw8VEXshM/PuKb27vha2luF9LHqKT96KVoru3G+mcquXVN/++4sOgleBBWeOvvvnn4YGs7wcLz8erb65+HMKPMVx9dVXbnisDT4wMa612TNj+6j9fUSA+xFpZPyH/9dVVQig59Wx4L5+Cwzjg799ubt/jJP48zeE9TuHwDjYBc/Ew+Ktvbv/z1ZWoe+rsjB4/7Abr5U+ajz9LXo9Px+21Mk1hoo/oX6HHjTLyKTjYyMJmCbLnO/hZMpjFAjSvxOIhbxgi5FK85m+ZCkuQu7UyKoxLO97yIFoYvbAluiw2oRoYgIQ2nG2AqJY2U+koRXQbbMm3fMsEX9JMK3GLbeAvNjhrlo5GOJiTA/oXLTdG6qXtmMBDiyS59PvY7eCklyb4QcfFi7tpdwu3VBt1XNorvM

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\74fca146-fdf9-4197-92e0-072d80cc9b07.tmp

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):56226
                                                                                                                                                                                                                              Entropy (8bit):6.104539816812621
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4xDGUXqgfbaQVE8bHNhEKMORp//PhIB0gAmoPnQYqGwn:z/Ps+wsI7yO13rkKMOR57qfyW0e6kaoX
                                                                                                                                                                                                                              MD5:616F21DAB8A2E620F5AF61E3D2929AF6
                                                                                                                                                                                                                              SHA1:9A4BD98DFC21624047C2DB005E7B78EB05D177CB
                                                                                                                                                                                                                              SHA-256:E0D3A0FF700C3F0B5AA3DBBEC40AD3A6CE4FA31752E7C6EF302F44147635998D
                                                                                                                                                                                                                              SHA-512:9D98A9AC01E74D3254A2C4D344B0492F925883673DFE57311EDCAFB889405E77F630B330935D1A44223296D85512844C2A7167E873F62236B8AE4893D9143E27
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Ad Blocking\0659e346-9a4b-4d5c-bbb9-de16f3a08c23.tmp

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):107893
                                                                                                                                                                                                                              Entropy (8bit):4.640152186923991
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:1536:B/lv4EsQMNeQ9s5VwB34PsiaR+tjvYArQdW+Iuh57P7S:fwUQC5VwBIiElEd2K57P7S
                                                                                                                                                                                                                              MD5:B1F9E6BC13D304E2CD6F2CB034DAAA14
                                                                                                                                                                                                                              SHA1:B77B9A253300DFDAD344E75A7CFC3F4152E78BDB
                                                                                                                                                                                                                              SHA-256:EF40EB68E01E88EA3D54D7C3BDF4FAF88620BED39270FBAFFA966F9EA3A6FA2E
                                                                                                                                                                                                                              SHA-512:249599DF660E416859BF1387A32DE70B03ACFDC4CD9223269CC9E5B96FA5F10C3A6B6F2432C2857D76163E7CE3EA3FE14211D526D97D6D9316F191F1DC304DFE
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview:{"sites":[{"url":"24video.be"},{"url":"7dnifutbol.bg"},{"url":"6tv.dk"},{"url":"9kefa.com"},{"url":"aculpaedoslb.blogspot.pt"},{"url":"aek-live.gr"},{"url":"arcadepunk.co.uk"},{"url":"acidimg.cc"},{"url":"aazah.com"},{"url":"allehensbeverwijk.nl"},{"url":"amateurgonewild.org"},{"url":"aindasoudotempo.blogspot.com"},{"url":"anorthosis365.com"},{"url":"autoreview.bg"},{"url":"alivefoot.us"},{"url":"arbitro10.com"},{"url":"allhard.org"},{"url":"babesnude.info"},{"url":"aysel.today"},{"url":"animepornx.com"},{"url":"bahisideal20.com"},{"url":"analyseindustrie.nl"},{"url":"bahis10line.org"},{"url":"apoel365.net"},{"url":"bahissitelerisikayetleri.com"},{"url":"bambusratte.com"},{"url":"banzaj.pl"},{"url":"barlevegas.com"},{"url":"baston.info"},{"url":"atomcurve.com"},{"url":"atascadocherba.com"},{"url":"astrologer.gr"},{"url":"adultpicz.com"},{"url":"alleporno.com"},{"url":"beaver-tube.com"},{"url":"beachbabes.info"},{"url":"bearworldmagazine.com"},{"url":"bebegimdensonra.com"},{"url":"autoy

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Ad Blocking\blocklist (copy)

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):107893
                                                                                                                                                                                                                              Entropy (8bit):4.640152186923991
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:1536:B/lv4EsQMNeQ9s5VwB34PsiaR+tjvYArQdW+Iuh57P7S:fwUQC5VwBIiElEd2K57P7S
                                                                                                                                                                                                                              MD5:B1F9E6BC13D304E2CD6F2CB034DAAA14
                                                                                                                                                                                                                              SHA1:B77B9A253300DFDAD344E75A7CFC3F4152E78BDB
                                                                                                                                                                                                                              SHA-256:EF40EB68E01E88EA3D54D7C3BDF4FAF88620BED39270FBAFFA966F9EA3A6FA2E
                                                                                                                                                                                                                              SHA-512:249599DF660E416859BF1387A32DE70B03ACFDC4CD9223269CC9E5B96FA5F10C3A6B6F2432C2857D76163E7CE3EA3FE14211D526D97D6D9316F191F1DC304DFE
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview:{"sites":[{"url":"24video.be"},{"url":"7dnifutbol.bg"},{"url":"6tv.dk"},{"url":"9kefa.com"},{"url":"aculpaedoslb.blogspot.pt"},{"url":"aek-live.gr"},{"url":"arcadepunk.co.uk"},{"url":"acidimg.cc"},{"url":"aazah.com"},{"url":"allehensbeverwijk.nl"},{"url":"amateurgonewild.org"},{"url":"aindasoudotempo.blogspot.com"},{"url":"anorthosis365.com"},{"url":"autoreview.bg"},{"url":"alivefoot.us"},{"url":"arbitro10.com"},{"url":"allhard.org"},{"url":"babesnude.info"},{"url":"aysel.today"},{"url":"animepornx.com"},{"url":"bahisideal20.com"},{"url":"analyseindustrie.nl"},{"url":"bahis10line.org"},{"url":"apoel365.net"},{"url":"bahissitelerisikayetleri.com"},{"url":"bambusratte.com"},{"url":"banzaj.pl"},{"url":"barlevegas.com"},{"url":"baston.info"},{"url":"atomcurve.com"},{"url":"atascadocherba.com"},{"url":"astrologer.gr"},{"url":"adultpicz.com"},{"url":"alleporno.com"},{"url":"beaver-tube.com"},{"url":"beachbabes.info"},{"url":"bearworldmagazine.com"},{"url":"bebegimdensonra.com"},{"url":"autoy

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-67CB4499-1F00.pma

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):4194304
                                                                                                                                                                                                                              Entropy (8bit):0.04521931278521066
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:192:Is908YiNtmrnOAHqYhJJpjrZXpAgiTwh8w7NEGIydGRQ8RetR1Qn8y08Tcm2RGOD:V90MtktBNHhnju0z608T2RGOD
                                                                                                                                                                                                                              MD5:0DAD0CFB8A867B92CD0F5C3023F1AAD4
                                                                                                                                                                                                                              SHA1:12EDF6FEF0D4B7CA423C7F976E9B8725C8155166
                                                                                                                                                                                                                              SHA-256:EFE581E8313968F8E23BE722A9C81ADFE3C7A85F3234DDDFE3042718B166D98A
                                                                                                                                                                                                                              SHA-512:69725767F7511DD85AB6B4B5B04068E1B36E1D7364CE08D9A6069BC8AC2F4FE209957D81C63B97126112DD8E51352A14684247B7AEB1C1C3A11904A0346AD155
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview:...@..@...@.....C.].....@................f...U..............`... ...i.y.........BrowserMetrics......i.y..Yd. .......A...................v.0.....UV&K.k<................UV&K.k<................UMA.PersistentHistograms.InitResult.....8...i.y.[".................................................i.y.Pq.30..............117.0.2045.47-64..".en-GB*...Windows NT..10.0.190452l..x86_64..?........".tgbccv20,1(.0..8..B.......2.:.M....U....e...?j...GenuineIntel... .. ..........x86_64...J....k..^o..J..l.zL.^o..J...I.r.^o..J....\.^o..J.....f.^o..J....?.^o..P.Z...b.INBXj....... .8.@..............2..................8...w..U..G...W6.>.........."....."...24.."."GTJZX6ysgheZqBTPXcKXA+Ak8runmRph4F61XypBFRM="*.:............B)..1.3.177.11.. .*.RegKeyNotFound2.windowsR...Z........W@..$...SF@.......Y@.......4@.......Y@........?........?.........................Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......4@.......Y@................Y@.......Y@.......Y@........?........?2................. ..

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-67CB4499-1FF8.pma

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):4194304
                                                                                                                                                                                                                              Entropy (8bit):0.4466352175743735
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:3072:deXoTnmY7330W9oFSsWqnLQ845tyfPiwpCBqfmSII+g1HFnnA8Z:2oTX3nsRnLQ8m6iwpCBqrII+aHFnAq
                                                                                                                                                                                                                              MD5:78A373085BA3C797C972ED5C6492B64C
                                                                                                                                                                                                                              SHA1:0CFA9C93C0E6911FD27E5431C8EA494DA4474211
                                                                                                                                                                                                                              SHA-256:8508191723B64497A096287AEA190051969469E55EA7175B06F952C3E69393F3
                                                                                                                                                                                                                              SHA-512:3D35C5F322EB2FCB682270982F17FBE91F1773BA347F87FB0E6F6FFC51ED6EB2559BB7E910A0C9FE2BA2360FE032D98383F0B76D8743B9344E8BF78E3DC032F1
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview:...@..@...@.....C.].....@..................................`... ...i.y.........BrowserMetrics......i.y..Yd. .......A...................v.0.....UV&K.k<................UV&K.k<................UMA.PersistentHistograms.InitResult.....8...i.y.[".................................................i.y.Pq.30..............117.0.2045.47-64..".en-GB*...Windows NT..10.0.190452l..x86_64..?........".tgbccv20,1(.0..8..B.......2.:.M..BU..Be...?j...GenuineIntel... .. ..........x86_64...J....k..^o..J..l.zL.^o..J....\.^o..J.....f.^o..J....?.^o..P.Z...b.INBXj....... .8.@..............2..................8...w..U?:K...G...W6.>.........."....."...24.."."GTJZX6ysgheZqBTPXcKXA+Ak8runmRph4F61XypBFRM="*.:............B)..1.3.177.11.. .*.RegKeyNotFound2.windowsR...Z........W@..$...SF@.......Y@.......4@.......Y@........?........?.........................Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......4@.......Y@................Y@.......Y@.......Y@........?........?2............... .2.........

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):280
                                                                                                                                                                                                                              Entropy (8bit):4.186405996455797
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:3:FiWWltlUkzpbazHSAS219jlV/TUqjNlWBVP/Sh/Jzv6cRBAVIGGgphVE7GC/71:o1U6BaYIlWBVsJD6dpPhVeGC/
                                                                                                                                                                                                                              MD5:564C08AE5FA87FEF745DA3F4FD14F166
                                                                                                                                                                                                                              SHA1:915106FB519163DAFED2D6B1E569F79776B133B4
                                                                                                                                                                                                                              SHA-256:E4C32E9021253F931E02223244A7DDD2E80735648346A56BD83999FAE8A27830
                                                                                                                                                                                                                              SHA-512:5C61534B49E8DAD74D3A697477DD87D5CD48CAA19F84437FCE139BDE8FDB535513377E74C9B67F2A767ACBD6F6EE0A67ABA5C83F754EBBD38629020308757287
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview:sdPC....................i...|.@..s..."GTJZX6ysgheZqBTPXcKXA+Ak8runmRph4F61XypBFRM="..................................................................................47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=....................8963f191-f8e0-42ec-8449-d20a8242b3e6............

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\095ef807-14c9-4ee3-8b68-969f0836e1cd.tmp

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                              File Type:very short file (no magic)
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):1
                                                                                                                                                                                                                              Entropy (8bit):0.0
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:3:L:L
                                                                                                                                                                                                                              MD5:5058F1AF8388633F609CADB75A75DC9D
                                                                                                                                                                                                                              SHA1:3A52CE780950D4D969792A2559CD519D7EE8C727
                                                                                                                                                                                                                              SHA-256:CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
                                                                                                                                                                                                                              SHA-512:0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview:.

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\235e0c32-d0e5-4e48-a1f0-9e1241ac9c7a.tmp

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                              Category:modified
                                                                                                                                                                                                                              Size (bytes):14392
                                                                                                                                                                                                                              Entropy (8bit):5.293649724498005
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:192:stZJ99QTryDigabatSuypmsGipIlN6xPEfFk/Nop8xbV+FP9QwIKvj933+PAcdJ:stZPGKSu4msGui4PS0bG1QwHvj9nw
                                                                                                                                                                                                                              MD5:168E3A6A7B3A95ED6C80E3485F21A9DE
                                                                                                                                                                                                                              SHA1:28C8B34B37072A67FABED8DC65A34F2CDB94D699
                                                                                                                                                                                                                              SHA-256:69D06A4FE7D5FFC7C4D9859FE7CDE599948266BAFE3A60668A4F2E3E08470B2B
                                                                                                                                                                                                                              SHA-512:7AF2E4A0E7C78542974A9B045A751A3608EBD71DD11FDF505813E72E47CCC97859CC20FD6B18967B7D6EFDC48302177EA0BEEFC4DDADDFEF48ED09066DCCFE88
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13385828569213643","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340975013362099","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"2caf0cf4-ea42-4083-b928-29b39da1182b":{"last_path":""},"2cb2db96-3bd0-403e-abe2-9269b3761041":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\32d2aa38-8c0f-4353-a368-f1b96898f312.tmp

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                              File Type:very short file (no magic)
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):1
                                                                                                                                                                                                                              Entropy (8bit):0.0
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:3:L:L
                                                                                                                                                                                                                              MD5:5058F1AF8388633F609CADB75A75DC9D
                                                                                                                                                                                                                              SHA1:3A52CE780950D4D969792A2559CD519D7EE8C727
                                                                                                                                                                                                                              SHA-256:CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
                                                                                                                                                                                                                              SHA-512:0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview:.

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\33bbe23d-6b16-4242-9819-814f54b4872d.tmp

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                              File Type:ASCII text, with very long lines (1597), with CRLF line terminators
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):115717
                                                                                                                                                                                                                              Entropy (8bit):5.183660917461099
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:1536:utDURN77GZqW3v6PD/469IxVBmB22q7LRks3swn0:utAaE2Jt0
                                                                                                                                                                                                                              MD5:3D8183370B5E2A9D11D43EBEF474B305
                                                                                                                                                                                                                              SHA1:155AB0A46E019E834FA556F3D818399BFF02162B
                                                                                                                                                                                                                              SHA-256:6A30BADAD93601FC8987B8239D8907BCBE65E8F1993E4D045D91A77338A2A5B4
                                                                                                                                                                                                                              SHA-512:B7AD04F10CD5DE147BDBBE2D642B18E9ECB2D39851BE1286FDC65FF83985EA30278C95263C98999B6D94683AE1DB86436877C30A40992ACA1743097A2526FE81
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview:{.. "current_locale": "en-GB",.. "hub_apps": [ {.. "auto_show": {.. "enabled": true,.. "fre_notification": {.. "enabled": true,.. "header": "Was opening this pane helpful to you?",.. "show_count": 2,.. "text": "Was opening this pane helpful to you?".. },.. "settings_description": "We'll automatically open Bing Chat in the sidebar to show you relevant web experiences alongside your web content",.. "settings_title": "Automatically open Bing Chat in the sidebar",.. "triggering_configs|flight:msHubAppsMsnArticleAutoShowTriggering": [ {.. "show_count_basis": "signal",.. "signal_name": "IsMsnArticleAutoOpenFromP1P2",.. "signal_threshold": 0.5.. } ],.. "triggering_configs|flight:msUndersidePersistentChat": [ {.. "signal_name": "IsUndersidePersistentChatLink",.. "signal_threshold": 0.5.. } ],.. "triggering_co

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\5110b274-16fd-48d6-882b-9dd8144874ec.tmp

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):24853
                                                                                                                                                                                                                              Entropy (8bit):5.564399425773106
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:768:e+rIFmWPHbfLa8F1+UoAYDCx9Tuqh0VfUC9xbog/OVBEkctrw+1pStua:e+rIFmWPHbfLau1jagPcW+ut9
                                                                                                                                                                                                                              MD5:D28737F6C9566763306313C4C6C45886
                                                                                                                                                                                                                              SHA1:3A1D1189429DC8D2D610E7FD89438764E37A2675
                                                                                                                                                                                                                              SHA-256:D86A3C4D3C37339B23CEAAEC6469A3A2A61E6E089C95120A388C1CF4F391D7AE
                                                                                                                                                                                                                              SHA-512:44F57FDA0C8983AE2CB330150FAADF70AF4F6788FBAD63491F19CD2C9888E73CD5DC19E6FC6D2776ED01FF87B1A76B65D1BE9FD146C1BC9FBC10EC02DBABE3FB
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview:{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13385848218041096","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13385848218041096","location":5,"ma

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\5b389317-cdce-41b3-b49b-09e0e23fa6ef.tmp

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):9906
                                                                                                                                                                                                                              Entropy (8bit):5.113394056238277
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:192:stZkdpmsGipIlN6xyk2Np8xbV+FP9QAXy933+PAcdJ:stZQmsGui4bbG1QF9nw
                                                                                                                                                                                                                              MD5:577E7C5CD4272BE96CCEC4A533C25CD7
                                                                                                                                                                                                                              SHA1:88DB7E5E99C00949C92F8F4355C932572A06CD27
                                                                                                                                                                                                                              SHA-256:05F4AABF94037DE302A822132A7BB468133FEF5F4482B85453C2D528B9861FF2
                                                                                                                                                                                                                              SHA-512:08F201A4D21B8B2F3DEDBC0FEC21DA81D70272A8FFAB5C4154FC1E8D8C4DCD8DC049703A4F7C139D2D21DA2AEB3C263BD718F1E770360CDCD31F61639C2C42AB
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13385828569213643","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340975013362099","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"should_reset_check_default_browser":false,"toolbar_extensions_hub_button_visibility":0,"underside_chat_bing_signed_in_status":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"browser_content_container_height":882,"browser_content_container_width":1236,"browser_content_container_x":0,"browser_content_container_y":102,"continuous_migration":{"ci_correction_for_holdout_treatment_state":1,"datatype_details_migration_performed":true},"co

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\98d935c0-7eed-443b-a20a-dae5e4ce3283.tmp

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):14392
                                                                                                                                                                                                                              Entropy (8bit):5.293644682255873
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:192:stZJ99QTryDigabatSuypmsGipIlN6xPEfFk/Nop8xbV+FP9QwIwvj933+PAcdJ:stZPGKSu4msGui4PS0bG1QwBvj9nw
                                                                                                                                                                                                                              MD5:167E73594619F38CC34028852BA5266C
                                                                                                                                                                                                                              SHA1:131F4A3EB0F04C767AD96614CBD337CB123D2A25
                                                                                                                                                                                                                              SHA-256:B38BDE5E42E30ED65266A86061211F1110EF5CAA1D13FBA3CB4BFA48C962F20D
                                                                                                                                                                                                                              SHA-512:80BA8388B67D0672D0CEE61B09E3DAAA90383EEB0228A2195B6D257E8A38035EAEE9EAAE6860F17671D8A96F0CEF79637ACD157A90C35CA0E0A4444001B389B7
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13385828569213643","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340975013362099","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"2caf0cf4-ea42-4083-b928-29b39da1182b":{"last_path":""},"2cb2db96-3bd0-403e-abe2-9269b3761041":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\000001.dbtmp

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                              File Type:ASCII text
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):16
                                                                                                                                                                                                                              Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                                              MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                                              SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                                              SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                                              SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview:MANIFEST-000001.

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\000003.log

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):33
                                                                                                                                                                                                                              Entropy (8bit):3.5394429593752084
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:3:iWstvhYNrkUn:iptAd
                                                                                                                                                                                                                              MD5:F27314DD366903BBC6141EAE524B0FDE
                                                                                                                                                                                                                              SHA1:4714D4A11C53CF4258C3A0246B98E5F5A01FBC12
                                                                                                                                                                                                                              SHA-256:68C7AD234755B9EDB06832A084D092660970C89A7305E0C47D327B6AC50DD898
                                                                                                                                                                                                                              SHA-512:07A0D529D9458DE5E46385F2A9D77E0987567BA908B53DDB1F83D40D99A72E6B2E3586B9F79C2264A83422C4E7FC6559CAC029A6F969F793F7407212BB3ECD51
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview:...m.................DB_VERSION.1

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\CURRENT (copy)

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                              File Type:ASCII text
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):16
                                                                                                                                                                                                                              Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                                              MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                                              SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                                              SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                                              SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview:MANIFEST-000001.

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\LOG

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                              File Type:ASCII text
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):305
                                                                                                                                                                                                                              Entropy (8bit):5.284755484058455
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:6:iOypwXW+Sm81Fi23oH+Tcwtp3hBtB2KLlMpwXtQN3+q2PFi23oH+Tcwtp3hBWsIg:7ypwXW+VaZYebp3dFLOpwXtQ9+vdZYeV
                                                                                                                                                                                                                              MD5:68B5E6144EE1E62D85FDF4080832FD05
                                                                                                                                                                                                                              SHA1:F430A3447E10D26BB1346A3AEDB7FADE784961DD
                                                                                                                                                                                                                              SHA-256:1AA9BC2439659ADDEF9CBEAF8C2933764E7D5B7CDD2EC5542905A7FE726657E3
                                                                                                                                                                                                                              SHA-512:48E58262ABBFDABD73E71849B60BAA941D64B18A28950956FA9A614FCE39331905E49C56616ECCB6B05674AFB2B6E8A64DA26BCCA200F3DCB158DED51BAA1262
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview:2025/03/07-14:10:23.968 1fcc Creating DB C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform/auto_show_data.db since it was missing..2025/03/07-14:10:24.004 1fcc Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform/auto_show_data.db/MANIFEST-000001.

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\MANIFEST-000001

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                              File Type:OpenPGP Secret Key
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):41
                                                                                                                                                                                                                              Entropy (8bit):4.704993772857998
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                                                                                                                                                                                                              MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                                                                                                                                                                                              SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                                                                                                                                                                                              SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                                                                                                                                                                                              SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview:.|.."....leveldb.BytewiseComparator......

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\000003.log

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                              Category:modified
                                                                                                                                                                                                                              Size (bytes):2163821
                                                                                                                                                                                                                              Entropy (8bit):5.222893602492974
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:24576:tZPeZpVyfI/MXhZSihQgCmnVAEpENU2iOYcafbE2n:tZWZpVyfx2mjF
                                                                                                                                                                                                                              MD5:B5A79B6A210AC3CE1009D0FD040B61A1
                                                                                                                                                                                                                              SHA1:054A9C8A246F08AEA43570D97C679C1CDDC0B079
                                                                                                                                                                                                                              SHA-256:4881BAB92C41F0F89128DF2DECD09D0C6CDA8345162B75FAC65B4BA9CC41025E
                                                                                                                                                                                                                              SHA-512:BCF8D60762451B06C4C87535A093B56C1451398358D51A041053855D4F30AE5F49408F44AA71BC7577E558EAF23B90EEE8451C80F86135CF94D152E6D88FC157
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview:...m.................DB_VERSION.1.....................QUERY_TIMESTAMP:arbitration_priority_list4.*.*.13340972966846363.$QUERY:arbitration_priority_list4.*.*..[{"name":"arbitration_priority_list","url":"https://edgeassetservice.azureedge.net/assets/arbitration_priority_list/4.0.5/asset?sv=2017-07-29&sr=c&sig=NtPyTqjbjPElpw2mWa%2FwOk1no4JFJEK8%2BwO4xQdDJO4%3D&st=2021-01-01T00%3A00%3A00Z&se=2023-12-30T00%3A00%3A00Z&sp=r&assetgroup=ArbitrationService","version":{"major":4,"minor":0,"patch":5},"hash":"N0MkrPHaUyfTgQSPaiVpHemLMcVgqoPh/xUYLZyXayg=","size":11749}]...................'ASSET_VERSION:arbitration_priority_list.4.0.5..ASSET:arbitration_priority_list.[{. "configVersion": 32,. "PrivilegedExperiences": [. "ShorelinePrivilegedExperienceID",. "SHOPPING_AUTO_SHOW_COUPONS_CHECKOUT",. "SHOPPING_AUTO_SHOW_LOWER_PRICE_FOUND",. "SHOPPING_AUTO_SHOW_BING_SEARCH",. "SHOPPING_AUTO_SHOW_REBATES",. "SHOPPING_AUTO_SHOW_REBATES_CONFIRMATION",. "SHOPPING_AUTO_SHOW_REBATES_DEACTI

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                              File Type:ASCII text
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):332
                                                                                                                                                                                                                              Entropy (8bit):5.147462366944478
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:6:iOypwXW6+q2PFi23oH+Tcwt9Eh1tIFUt8pwXWJ3WZmwOpwXtsm3VkwOFi23oH+TI:7ypwXW6+vdZYeb9Eh16FUt8pwXWJ3W/J
                                                                                                                                                                                                                              MD5:DF8714CBF2490D448B9978016A2D3B8A
                                                                                                                                                                                                                              SHA1:3EA7BF0E62A6DC34CFD235F70C11F089F3778B14
                                                                                                                                                                                                                              SHA-256:3A19E13F75CD7F86A7E95F5D6E1CE3E893E18C1268111C3D9C0E6657428E6B7B
                                                                                                                                                                                                                              SHA-512:BB1DFB5360AFA3819A3F472202F1B99A146AF5A0125788DFF12598C917DAB09E4400CD80B9956011C947BBA6B22F588333FECF92555357319EE67D08C4F78772
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview:2025/03/07-14:10:23.843 1c5c Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db/MANIFEST-000001.2025/03/07-14:10:23.845 1c5c Recovering log #3.2025/03/07-14:10:24.022 1c5c Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db/000003.log .

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG.old (copy)

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                              File Type:ASCII text
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):332
                                                                                                                                                                                                                              Entropy (8bit):5.147462366944478
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:6:iOypwXW6+q2PFi23oH+Tcwt9Eh1tIFUt8pwXWJ3WZmwOpwXtsm3VkwOFi23oH+TI:7ypwXW6+vdZYeb9Eh16FUt8pwXWJ3W/J
                                                                                                                                                                                                                              MD5:DF8714CBF2490D448B9978016A2D3B8A
                                                                                                                                                                                                                              SHA1:3EA7BF0E62A6DC34CFD235F70C11F089F3778B14
                                                                                                                                                                                                                              SHA-256:3A19E13F75CD7F86A7E95F5D6E1CE3E893E18C1268111C3D9C0E6657428E6B7B
                                                                                                                                                                                                                              SHA-512:BB1DFB5360AFA3819A3F472202F1B99A146AF5A0125788DFF12598C917DAB09E4400CD80B9956011C947BBA6B22F588333FECF92555357319EE67D08C4F78772
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview:2025/03/07-14:10:23.843 1c5c Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db/MANIFEST-000001.2025/03/07-14:10:23.845 1c5c Recovering log #3.2025/03/07-14:10:24.022 1c5c Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db/000003.log .

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DIPS

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):28672
                                                                                                                                                                                                                              Entropy (8bit):0.46266150530467787
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:24:TLi5YFQq3qh7z3WMYziciNW9WkZ96UwOfBu8:TouQq3qh7z3bY2LNW9WMcUvBu8
                                                                                                                                                                                                                              MD5:9DDA974195264B8B84288EB5B8FC4DCA
                                                                                                                                                                                                                              SHA1:59FD05C6F985D5B99DEC9C7E9D2194668B028171
                                                                                                                                                                                                                              SHA-256:6B7CDA8D66E1B6A1172D6FEBA26E552642BF3C69E624E8261DA93DAF4732C2BB
                                                                                                                                                                                                                              SHA-512:3DCDD951FE161DC7C680A819D32BB44B4E70C6942E0F77F70DDE848DFCBFA0BD99FF26C42B3A395D608C49449EAF29454B2379AFD52F19DA6A2C8A22F0D1CAB0
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview:SQLite format 3......@ ..........................................................................j..........g.....8...n................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\LOG

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                              File Type:ASCII text
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):344
                                                                                                                                                                                                                              Entropy (8bit):5.210050188163752
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:6:iOypwiVec4q2PFi23oH+TcwtnG2tMsIFUt8pwiVecJZmwOpwiV0zDkwOFi23oH+V:7ypw3c4vdZYebn9GFUt8pw3cJ/OpwfDC
                                                                                                                                                                                                                              MD5:60C818246F4A871B348381C07C9310D2
                                                                                                                                                                                                                              SHA1:FE3A7DE4D0F3C36F66972206DE4082FFC44D4154
                                                                                                                                                                                                                              SHA-256:BAB7BABD2A28DC06BAAB182D5D041261C96D617FE61186701BD6E53330650A00
                                                                                                                                                                                                                              SHA-512:1373B04A65EB0465EFF947500EDFB5BE8AA6AD2D0D91C91A6047725FD53BA82D96E17DC64AE78836769ABA806D62D428DC97FCB553511E9548C7B058D69C73E1
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview:2025/03/07-14:10:18.044 1a60 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons/coupons_data.db/MANIFEST-000001.2025/03/07-14:10:18.044 1a60 Recovering log #3.2025/03/07-14:10:18.045 1a60 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons/coupons_data.db/000003.log .

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\LOG.old (copy)

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                              File Type:ASCII text
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):344
                                                                                                                                                                                                                              Entropy (8bit):5.210050188163752
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:6:iOypwiVec4q2PFi23oH+TcwtnG2tMsIFUt8pwiVecJZmwOpwiV0zDkwOFi23oH+V:7ypw3c4vdZYebn9GFUt8pw3cJ/OpwfDC
                                                                                                                                                                                                                              MD5:60C818246F4A871B348381C07C9310D2
                                                                                                                                                                                                                              SHA1:FE3A7DE4D0F3C36F66972206DE4082FFC44D4154
                                                                                                                                                                                                                              SHA-256:BAB7BABD2A28DC06BAAB182D5D041261C96D617FE61186701BD6E53330650A00
                                                                                                                                                                                                                              SHA-512:1373B04A65EB0465EFF947500EDFB5BE8AA6AD2D0D91C91A6047725FD53BA82D96E17DC64AE78836769ABA806D62D428DC97FCB553511E9548C7B058D69C73E1
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview:2025/03/07-14:10:18.044 1a60 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons/coupons_data.db/MANIFEST-000001.2025/03/07-14:10:18.044 1a60 Recovering log #3.2025/03/07-14:10:18.045 1a60 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons/coupons_data.db/000003.log .

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeHubAppUsage\EdgeHubAppUsageSQLite.db

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 6, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 6
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):20480
                                                                                                                                                                                                                              Entropy (8bit):0.6135072305316079
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:24:TLapR+DDNzWjJ0npnyXKUO8+j2ADkpEugUq4mL:TO8D4jJ/6Up+aAdj
                                                                                                                                                                                                                              MD5:5B9763B24A99A59434E99277B6B6C9CF
                                                                                                                                                                                                                              SHA1:B2F77AAAAC4D0D3B357EADA62ED3F847678BDC8F
                                                                                                                                                                                                                              SHA-256:91424A2CFE7A7036AB1B9B453E2E53F98B7DADDC801B4AF0963E0AD8128390D9
                                                                                                                                                                                                                              SHA-512:373CE2E0677C62A1BFC6FD2F187E69A96F3A78E3A0070EF80DBCE87AD18C2B6359E846E64B26F63561B844BB6566816F36019AD2942EEC3D2077922E0E814EB6
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview:SQLite format 3......@ ..........................................................................j...%.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\000001.dbtmp

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                              File Type:ASCII text
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):16
                                                                                                                                                                                                                              Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                                              MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                                              SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                                              SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                                              SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview:MANIFEST-000001.

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\000003.log

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):375520
                                                                                                                                                                                                                              Entropy (8bit):5.354154387715713
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:6144:nA/imBpx6WdPSxKWcHu5MURacq49QxxPnyEndBuHltBfdK5WNbsVEziP/CfXtLPz:nFdMyq49tEndBuHltBfdK5WNbsVEziPU
                                                                                                                                                                                                                              MD5:711EDDB2B9C3CD39FE0CA7BB04E89F37
                                                                                                                                                                                                                              SHA1:CD2A4FAB7931BEAD9178281852E2CB0502BDEBEA
                                                                                                                                                                                                                              SHA-256:A6EA14AB8F3076FD3BED5E71BE7F6496B0FC8F10A161D561846D0CFD7D8B4A6A
                                                                                                                                                                                                                              SHA-512:986CCE924A854329CB3E678AE9A2EECA10F53FEB905FB91C2F45C37A69CD49E0C9B2039E16AA0264BE3D27F3654ABC470D109D4F0BBF635F9AC57A38048CDF19
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview:...m.................DB_VERSION.1..>q...............&QUERY_TIMESTAMP:domains_config_gz2.*.*.13385848227901344..QUERY:domains_config_gz2.*.*..[{"name":"domains_config_gz","url":"https://edgeassetservice.azureedge.net/assets/domains_config_gz/2.8.76/asset?assetgroup=EntityExtractionDomainsConfig","version":{"major":2,"minor":8,"patch":76},"hash":"78Xsq/1H+MXv88uuTT1Rx79Nu2ryKVXh2J6ZzLZd38w=","size":374872}]..*.`~...............ASSET_VERSION:domains_config_gz.2.8.76..ASSET:domains_config_gz...{"config": {"token_limit": 1600, "page_cutoff": 4320, "default_locale_map": {"bg": "bg-bg", "bs": "bs-ba", "el": "el-gr", "en": "en-us", "es": "es-mx", "et": "et-ee", "cs": "cs-cz", "da": "da-dk", "de": "de-de", "fa": "fa-ir", "fi": "fi-fi", "fr": "fr-fr", "he": "he-il", "hr": "hr-hr", "hu": "hu-hu", "id": "id-id", "is": "is-is", "it": "it-it", "ja": "ja-jp", "ko": "ko-kr", "lv": "lv-lv", "lt": "lt-lt", "mk": "mk-mk", "nl": "nl-nl", "nb": "nb-no", "no": "no-no", "pl": "pl-pl", "pt": "pt-pt", "ro": "

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\CURRENT (copy)

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                              File Type:ASCII text
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):16
                                                                                                                                                                                                                              Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                                              MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                                              SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                                              SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                                              SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview:MANIFEST-000001.

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\LOG

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                              File Type:ASCII text
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):305
                                                                                                                                                                                                                              Entropy (8bit):5.216246750811045
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:6:iOypwXWrRhQERM1Fi23oH+Tcwtk2WwnvB2KLlMpwXW8Oq2PFi23oH+Tcwtk2Wwnp:7ypwXWrHQERqZYebkxwnvFLOpwXWNvdh
                                                                                                                                                                                                                              MD5:94FD8CC43381AB3FD9AD518E5C6764C4
                                                                                                                                                                                                                              SHA1:CB00F3E35EC0F902E64CC59B778141D91F613C16
                                                                                                                                                                                                                              SHA-256:9C78C395A3CD4EECC6635E35D101B3E0E9F082F7BE50F61BC080500E4E84A417
                                                                                                                                                                                                                              SHA-512:EDDF828E5F38BF96293EF5AABEB30D8B02E71F42F7FEB29B89DDF580700FF525B1171C0BE291306EF1DA6C01E0CC63821590B8D086761E382E391336CEACB943
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview:2025/03/07-14:10:23.794 904 Creating DB C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtractionAssetStore.db since it was missing..2025/03/07-14:10:23.817 904 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtractionAssetStore.db/MANIFEST-000001.

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\MANIFEST-000001

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                              File Type:OpenPGP Secret Key
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):41
                                                                                                                                                                                                                              Entropy (8bit):4.704993772857998
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                                                                                                                                                                                                              MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                                                                                                                                                                                              SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                                                                                                                                                                                              SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                                                                                                                                                                                              SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview:.|.."....leveldb.BytewiseComparator......

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\domains_config.json

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):358860
                                                                                                                                                                                                                              Entropy (8bit):5.32461237403413
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:6144:CgimBVvUrsc6rRA81b/18jyJNjfvrfM6RS:C1gAg1zfvq
                                                                                                                                                                                                                              MD5:4343110DE3AE7D4A4C3B830515A021D6
                                                                                                                                                                                                                              SHA1:29AD4470398DB9B0F8A97B656FBA8FBFB4BE1652
                                                                                                                                                                                                                              SHA-256:A5C052CE84A05C6071A524F9ECFF2CDF067AC7F14E6C4D776A45CA5E6BB0DE1D
                                                                                                                                                                                                                              SHA-512:34C680F91E63E44D2C2A59F2DF5678515B8B3EEB65278F18CD06BC85CEF7FF82652AAD19B89C941CC910AC2BB408770842D9C620F2EA68B7FBE6A6FBD761C8D6
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview:{"aee_config":{"ar":{"price_regex":{"ae":"(((ae|aed|\\x{062F}\\x{0660}\\x{0625}\\x{0660}|\\x{062F}\\.\\x{0625}|dhs|dh)\\s*\\d{1,3})|(\\d{1,3}\\s*(ae|aed|\\x{062F}\\x{0660}\\x{0625}\\x{0660}|\\x{062F}\\.\\x{0625}|dhs|dh)))","dz":"(((dzd|da|\\x{062F}\\x{062C})\\s*\\d{1,3})|(\\d{1,3}\\s*(dzd|da|\\x{062F}\\x{062C})))","eg":"(((e\\x{00a3}|egp)\\s*\\d{1,3})|(\\d{1,3}\\s*(e\\x{00a3}|egp)))","ma":"(((mad|dhs|dh)\\s*\\d{1,3})|(\\d{1,3}\\s*(mad|dhs|dh)))","sa":"((\\d{1,3}\\s*(sar\\s*\\x{fdfc}|sar|sr|\\x{fdfc}|\\.\\x{0631}\\.\\x{0633}))|((sar\\s*\\x{fdfc}|sar|sr|\\x{fdfc}|\\.\\x{0631}\\.\\x{0633})\\s*\\d{1,3}))"},"product_terms":"((\\x{0623}\\x{0636}\\x{0641}\\s*\\x{0625}\\x{0644}\\x{0649}\\s*\\x{0627}\\x{0644}\\x{0639}\\x{0631}\\x{0628}\\x{0629})|(\\x{0623}\\x{0636}\\x{0641}\\s*\\x{0625}\\x{0644}\\x{0649}\\s*\\x{0627}\\x{0644}\\x{062D}\\x{0642}\\x{064A}\\x{0628}\\x{0629})|(\\x{0627}\\x{0634}\\x{062A}\\x{0631}\\x{064A}\\s*\\x{0627}\\x{0644}\\x{0622}\\x{0646})|(\\x{062E}\\x{064A}\\x{0627}\\x{0631}

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\000003.log

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):418
                                                                                                                                                                                                                              Entropy (8bit):1.8784775129881184
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:6:qTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCT:qWWWWWWWWWWWWWWWWWWWWW
                                                                                                                                                                                                                              MD5:BF097D724FDF1FCA9CF3532E86B54696
                                                                                                                                                                                                                              SHA1:4039A5DD607F9FB14018185F707944FE7BA25EF7
                                                                                                                                                                                                                              SHA-256:1B8B50A996172C16E93AC48BCB94A3592BEED51D3EF03F87585A1A5E6EC37F6B
                                                                                                                                                                                                                              SHA-512:31857C157E5B02BCA225B189843CE912A792A7098CEA580B387977B29E90A33C476DF99AD9F45AD5EB8DA1EFFD8AC3A78870988F60A32D05FA2DA8F47794FACE
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview:.f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5...............

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\LOG

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                              File Type:ASCII text
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):320
                                                                                                                                                                                                                              Entropy (8bit):5.195001583231104
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:6:iOypwiVJVN4q2PFi23oH+Tcwt8aPrqIFUt8pwiVsvJZmwOpwiVsvDkwOFi23oH+o:7ypwsVN4vdZYebL3FUt8pwJvJ/OpwJvX
                                                                                                                                                                                                                              MD5:1F3F8277004EEEA849AD4E0467B480F5
                                                                                                                                                                                                                              SHA1:F24D2CD247B655289B97195D533E62C59CE1A271
                                                                                                                                                                                                                              SHA-256:0694D18CBC88A194460BC6EC961D1E063C62F7F222427778BBAF5896F829D532
                                                                                                                                                                                                                              SHA-512:A0F11A014E834111C241D4977C9776739FC683210191B91AA325EB6CBC2657351FF9461B91F695CD6D0734D1D665AEC53D9ADF3373035B6D9D29CEB145EE4A72
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview:2025/03/07-14:10:18.046 1a60 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules/MANIFEST-000001.2025/03/07-14:10:18.047 1a60 Recovering log #3.2025/03/07-14:10:18.047 1a60 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules/000003.log .

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\LOG.old (copy)

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                              File Type:ASCII text
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):320
                                                                                                                                                                                                                              Entropy (8bit):5.195001583231104
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:6:iOypwiVJVN4q2PFi23oH+Tcwt8aPrqIFUt8pwiVsvJZmwOpwiVsvDkwOFi23oH+o:7ypwsVN4vdZYebL3FUt8pwJvJ/OpwJvX
                                                                                                                                                                                                                              MD5:1F3F8277004EEEA849AD4E0467B480F5
                                                                                                                                                                                                                              SHA1:F24D2CD247B655289B97195D533E62C59CE1A271
                                                                                                                                                                                                                              SHA-256:0694D18CBC88A194460BC6EC961D1E063C62F7F222427778BBAF5896F829D532
                                                                                                                                                                                                                              SHA-512:A0F11A014E834111C241D4977C9776739FC683210191B91AA325EB6CBC2657351FF9461B91F695CD6D0734D1D665AEC53D9ADF3373035B6D9D29CEB145EE4A72
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview:2025/03/07-14:10:18.046 1a60 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules/MANIFEST-000001.2025/03/07-14:10:18.047 1a60 Recovering log #3.2025/03/07-14:10:18.047 1a60 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules/000003.log .

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\000003.log

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):418
                                                                                                                                                                                                                              Entropy (8bit):1.8784775129881184
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:6:qTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCT:qWWWWWWWWWWWWWWWWWWWWW
                                                                                                                                                                                                                              MD5:BF097D724FDF1FCA9CF3532E86B54696
                                                                                                                                                                                                                              SHA1:4039A5DD607F9FB14018185F707944FE7BA25EF7
                                                                                                                                                                                                                              SHA-256:1B8B50A996172C16E93AC48BCB94A3592BEED51D3EF03F87585A1A5E6EC37F6B
                                                                                                                                                                                                                              SHA-512:31857C157E5B02BCA225B189843CE912A792A7098CEA580B387977B29E90A33C476DF99AD9F45AD5EB8DA1EFFD8AC3A78870988F60A32D05FA2DA8F47794FACE
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview:.f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5...............

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\LOG

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                              File Type:ASCII text
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):324
                                                                                                                                                                                                                              Entropy (8bit):5.218754193823689
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:6:iOypwiV734q2PFi23oH+Tcwt865IFUt8pwiVbcJZmwOpwiVbcDkwOFi23oH+Tcwx:7ypwQ4vdZYeb/WFUt8pwzJ/OpwzD5wZr
                                                                                                                                                                                                                              MD5:464D0C894C041205767A2BF012B5C66A
                                                                                                                                                                                                                              SHA1:3FDD8C7ECC0E8A57245A9076242F78075CB6E688
                                                                                                                                                                                                                              SHA-256:982E48A8DA4D0FAD0399712BA39181DDB0E2C198F98C785410D39F238085251E
                                                                                                                                                                                                                              SHA-512:0BB79BD32B92DD81DF93CB3D9AAFF5248F2727A435963EE0B52C224BBB931508D02E2490AB751BEFBDDAE438186FFCE41572E9F9D7C390C5577A54A7C5F1B3F3
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview:2025/03/07-14:10:18.048 1a60 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts/MANIFEST-000001.2025/03/07-14:10:18.049 1a60 Recovering log #3.2025/03/07-14:10:18.049 1a60 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts/000003.log .

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\LOG.old (copy)

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                              File Type:ASCII text
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):324
                                                                                                                                                                                                                              Entropy (8bit):5.218754193823689
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:6:iOypwiV734q2PFi23oH+Tcwt865IFUt8pwiVbcJZmwOpwiVbcDkwOFi23oH+Tcwx:7ypwQ4vdZYeb/WFUt8pwzJ/OpwzD5wZr
                                                                                                                                                                                                                              MD5:464D0C894C041205767A2BF012B5C66A
                                                                                                                                                                                                                              SHA1:3FDD8C7ECC0E8A57245A9076242F78075CB6E688
                                                                                                                                                                                                                              SHA-256:982E48A8DA4D0FAD0399712BA39181DDB0E2C198F98C785410D39F238085251E
                                                                                                                                                                                                                              SHA-512:0BB79BD32B92DD81DF93CB3D9AAFF5248F2727A435963EE0B52C224BBB931508D02E2490AB751BEFBDDAE438186FFCE41572E9F9D7C390C5577A54A7C5F1B3F3
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview:2025/03/07-14:10:18.048 1a60 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts/MANIFEST-000001.2025/03/07-14:10:18.049 1a60 Recovering log #3.2025/03/07-14:10:18.049 1a60 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts/000003.log .

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\000003.log

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):1254
                                                                                                                                                                                                                              Entropy (8bit):1.8784775129881184
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:12:qWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWA:
                                                                                                                                                                                                                              MD5:826B4C0003ABB7604485322423C5212A
                                                                                                                                                                                                                              SHA1:6B8EF07391CD0301C58BB06E8DEDCA502D59BCB4
                                                                                                                                                                                                                              SHA-256:C56783C3A6F28D9F7043D2FB31B8A956369F25E6CE6441EB7C03480334341A63
                                                                                                                                                                                                                              SHA-512:0474165157921EA84062102743EE5A6AFE500F1F87DE2E87DBFE36C32CFE2636A0AE43D8946342740A843D5C2502EA4932623C609B930FE8511FE7356D4BAA9C
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview:.f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5........

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                              File Type:ASCII text
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):320
                                                                                                                                                                                                                              Entropy (8bit):5.237350392557021
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:6:iOypwiUROq2PFi23oH+Tcwt8NIFUt8pwiMGZZmwOpwiMGzkwOFi23oH+Tcwt8+ed:7ypwvMvdZYebpFUt8pwuZ/Opwuz5wZYN
                                                                                                                                                                                                                              MD5:0E91F85A3D2F71C20681015875190164
                                                                                                                                                                                                                              SHA1:BFA0B19835DC593C665DCD3B1F1A78EF99FA4FAB
                                                                                                                                                                                                                              SHA-256:725707B8429D3BCEE115000125BEAFF68AB23AB69F88CF071914DDB4308BA387
                                                                                                                                                                                                                              SHA-512:D98BD4D2069665A10EC1958D20E51A027F81B0E79A84FD68D0003553B41BA0CFCAA6EA68EA8E050C30CA54486740AF218DBCF4393B49E8341EC2ABD48DBBB901
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview:2025/03/07-14:10:18.944 1560 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State/MANIFEST-000001.2025/03/07-14:10:18.945 1560 Recovering log #3.2025/03/07-14:10:18.945 1560 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State/000003.log .

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG.old (copy)

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                              File Type:ASCII text
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):320
                                                                                                                                                                                                                              Entropy (8bit):5.237350392557021
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:6:iOypwiUROq2PFi23oH+Tcwt8NIFUt8pwiMGZZmwOpwiMGzkwOFi23oH+Tcwt8+ed:7ypwvMvdZYebpFUt8pwuZ/Opwuz5wZYN
                                                                                                                                                                                                                              MD5:0E91F85A3D2F71C20681015875190164
                                                                                                                                                                                                                              SHA1:BFA0B19835DC593C665DCD3B1F1A78EF99FA4FAB
                                                                                                                                                                                                                              SHA-256:725707B8429D3BCEE115000125BEAFF68AB23AB69F88CF071914DDB4308BA387
                                                                                                                                                                                                                              SHA-512:D98BD4D2069665A10EC1958D20E51A027F81B0E79A84FD68D0003553B41BA0CFCAA6EA68EA8E050C30CA54486740AF218DBCF4393B49E8341EC2ABD48DBBB901
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview:2025/03/07-14:10:18.944 1560 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State/MANIFEST-000001.2025/03/07-14:10:18.945 1560 Recovering log #3.2025/03/07-14:10:18.945 1560 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State/000003.log .

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha\1.2.1_0\_metadata\computed_hashes.json

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):429
                                                                                                                                                                                                                              Entropy (8bit):5.809210454117189
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:6:Y8U0vEjrAWT0VAUD9lpMXO4SrqiweVHUSENjrAWT0HQQ9/LZyVMQ3xqiweVHlrSQ:Y8U5j0pqCjJA7tNj0pHx/LZ4hcdQ
                                                                                                                                                                                                                              MD5:5D1D9020CCEFD76CA661902E0C229087
                                                                                                                                                                                                                              SHA1:DCF2AA4A1C626EC7FFD9ABD284D29B269D78FCB6
                                                                                                                                                                                                                              SHA-256:B829B0DF7E3F2391BFBA70090EB4CE2BA6A978CCD665EEBF1073849BDD4B8FB9
                                                                                                                                                                                                                              SHA-512:5F6E72720E64A7AC19F191F0179992745D5136D41DCDC13C5C3C2E35A71EB227570BD47C7B376658EF670B75929ABEEBD8EF470D1E24B595A11D320EC1479E3C
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview:{"file_hashes":[{"block_hashes":["OdZL4YFLwCTKbdslekC6/+U9KTtDUk+T+nnpVOeRzUc=","6RbL+qKART8FehO4s7U0u67iEI8/jaN+8Kg3kII+uy4=","CuN6+RcZAysZCfrzCZ8KdWDkQqyaIstSrcmsZ/c2MVs="],"block_size":4096,"path":"content.js"},{"block_hashes":["OdZL4YFLwCTKbdslekC6/+U9KTtDUk+T+nnpVOeRzUc=","UL53sQ5hOhAmII/Yx6muXikzahxM+k5gEmVOh7xJ3Rw=","u6MdmVNzBUfDzMwv2LEJ6pXR8k0nnvpYRwOL8aApwP8="],"block_size":4096,"path":"content_new.js"}],"version":2}

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History-journal

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):8720
                                                                                                                                                                                                                              Entropy (8bit):0.21861961848037048
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:3:xZl7tFlljq7A/mhWJFuQ3yy7IOWUnudweytllrE9SFcTp4AGbNCV9RUINK:xs75fOwd0Xi99pEYzK
                                                                                                                                                                                                                              MD5:E6BDA28B0CCF3292CB0937581CDBD6E8
                                                                                                                                                                                                                              SHA1:B21E3078DC12D43D14645ABC51A152E3FC0509F0
                                                                                                                                                                                                                              SHA-256:EB8464E6859D6556DEFB97DE87962075C2DD78A1680A53B64F73A105D879F7E3
                                                                                                                                                                                                                              SHA-512:2453ADC281B10E6661D600960E706FFB147D3E2CA1EDA5A7D0ED27F748516BA324BF4F9E5CE3DB966CE2F9BC3511115BAF905F0CC805F559E36A995F48A23FDF
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview:............c@.|...&....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HubApps (copy)

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                              File Type:ASCII text, with very long lines (1597), with CRLF line terminators
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):115717
                                                                                                                                                                                                                              Entropy (8bit):5.183660917461099
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:1536:utDURN77GZqW3v6PD/469IxVBmB22q7LRks3swn0:utAaE2Jt0
                                                                                                                                                                                                                              MD5:3D8183370B5E2A9D11D43EBEF474B305
                                                                                                                                                                                                                              SHA1:155AB0A46E019E834FA556F3D818399BFF02162B
                                                                                                                                                                                                                              SHA-256:6A30BADAD93601FC8987B8239D8907BCBE65E8F1993E4D045D91A77338A2A5B4
                                                                                                                                                                                                                              SHA-512:B7AD04F10CD5DE147BDBBE2D642B18E9ECB2D39851BE1286FDC65FF83985EA30278C95263C98999B6D94683AE1DB86436877C30A40992ACA1743097A2526FE81
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview:{.. "current_locale": "en-GB",.. "hub_apps": [ {.. "auto_show": {.. "enabled": true,.. "fre_notification": {.. "enabled": true,.. "header": "Was opening this pane helpful to you?",.. "show_count": 2,.. "text": "Was opening this pane helpful to you?".. },.. "settings_description": "We'll automatically open Bing Chat in the sidebar to show you relevant web experiences alongside your web content",.. "settings_title": "Automatically open Bing Chat in the sidebar",.. "triggering_configs|flight:msHubAppsMsnArticleAutoShowTriggering": [ {.. "show_count_basis": "signal",.. "signal_name": "IsMsnArticleAutoOpenFromP1P2",.. "signal_threshold": 0.5.. } ],.. "triggering_configs|flight:msUndersidePersistentChat": [ {.. "signal_name": "IsUndersidePersistentChatLink",.. "signal_threshold": 0.5.. } ],.. "triggering_co

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HubApps Icons

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 12, cookie 0x3, schema 4, UTF-8, version-valid-for 7
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):49152
                                                                                                                                                                                                                              Entropy (8bit):3.6481260415575596
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:384:aj9P012QkQerkjlxP/KbtLcg773pL9hCgam6ItRKToaAu:adPe2mlxP/Ng7Pv9RKcC
                                                                                                                                                                                                                              MD5:8D3B8E3A72C40BAD6B53D27E09419923
                                                                                                                                                                                                                              SHA1:561B9DDED7215DE5C2D7E4FDB64D5EB8A010A62C
                                                                                                                                                                                                                              SHA-256:4C7F428D712485570F5840B0FA241809A64B9AF4D3BB4055663DAED3F371F09C
                                                                                                                                                                                                                              SHA-512:B77E85B650C227FBAE00CBCBF0C87D6C883ABEAA0255D740CDFA2EE41E2E6E5DEB971CF51649C3399815AC058F1B175C7BBF2FC3CEC983B6ACEF67C2323EB624
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview:SQLite format 3......@ ..........................................................................j..........g...:.8....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold\LOG

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                              File Type:ASCII text
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):404
                                                                                                                                                                                                                              Entropy (8bit):5.295845974604876
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:12:7ypwXFOvdZYeb8rcHEZrELFUt8pwX2/OpwXK5wZYeb8rcHEZrEZSJ:7yO1MbYeb8nZrExg8OVOkgYeb8nZrEZe
                                                                                                                                                                                                                              MD5:51385110DB2D5178E9EB8F5D44F3AC67
                                                                                                                                                                                                                              SHA1:737FB48673ECE31422800F6D8B690BC5E7E477D3
                                                                                                                                                                                                                              SHA-256:84A294644E1E2252F9748992D8A05071FE82FF3055C387CA746A7D542D72397B
                                                                                                                                                                                                                              SHA-512:96C0034C325567D0A48D4B28013BC32881BF66ED0BB610F64B6C1E5754958BB4BCE731CB4435B54244031CF66FA529A55C396732B6BAA0303D291938CA962E31
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview:2025/03/07-14:10:22.558 1560 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold/MANIFEST-000001.2025/03/07-14:10:22.559 1560 Recovering log #3.2025/03/07-14:10:22.559 1560 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold/000003.log .

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold\LOG.old (copy)

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                              File Type:ASCII text
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):404
                                                                                                                                                                                                                              Entropy (8bit):5.295845974604876
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:12:7ypwXFOvdZYeb8rcHEZrELFUt8pwX2/OpwXK5wZYeb8rcHEZrEZSJ:7yO1MbYeb8nZrExg8OVOkgYeb8nZrEZe
                                                                                                                                                                                                                              MD5:51385110DB2D5178E9EB8F5D44F3AC67
                                                                                                                                                                                                                              SHA1:737FB48673ECE31422800F6D8B690BC5E7E477D3
                                                                                                                                                                                                                              SHA-256:84A294644E1E2252F9748992D8A05071FE82FF3055C387CA746A7D542D72397B
                                                                                                                                                                                                                              SHA-512:96C0034C325567D0A48D4B28013BC32881BF66ED0BB610F64B6C1E5754958BB4BCE731CB4435B54244031CF66FA529A55C396732B6BAA0303D291938CA962E31
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview:2025/03/07-14:10:22.558 1560 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold/MANIFEST-000001.2025/03/07-14:10:22.559 1560 Recovering log #3.2025/03/07-14:10:22.559 1560 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold/000003.log .

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                              File Type:OpenPGP Secret Key Version 4
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):1986
                                                                                                                                                                                                                              Entropy (8bit):5.648049098120602
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:48:sZEThc8MkvvyeXRcV03748pyXBWwScRHHS2/48ylsT:smXvykRlbOxRTQ8osT
                                                                                                                                                                                                                              MD5:D5E0B733DCC24B73F69CF75EC21E8FF8
                                                                                                                                                                                                                              SHA1:A843D44867FC8EB9F251E83BB135DA05C52AF4C7
                                                                                                                                                                                                                              SHA-256:4A667CEAE2A22AFFE8E783702998A4E5FE9981AA3CED48E2E1E3F62DC5868C58
                                                                                                                                                                                                                              SHA-512:A5A81829FE2D87EB91657CEFF699FB8F700E8737042788A335B7999357BFEA3D5F69E295D89056DD8FD39F386CD8B41D47AFA8EBCBA25890C4CBB1B1BF10B0DD
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview:.....................VERSION.1..META:https://ntp.msn.com............!_https://ntp.msn.com..LastKnownPV..1741374632803.._https://ntp.msn.com..MUID!.2AE5DD6B582E6D0F30EDC8C359996CFE.%_https://ntp.msn.com..authRecordTrail...[{"time":"2025-03-07T19:10:32.718Z","action":"NUT","result":"SUCCESS","state":{"isSignedIn":false,"accountType":"UNSUPPORTED_SOVEREIGNTY","signedInAccounts":[0],"storage":{"elt":0,"lt":0,"aace":0,"ace":0,"app_anon":0,"anon":0,"app_wid":0},"appType":"edgeChromium","pageType":"dhp"}}].._https://ntp.msn.com..bkgdV...{"cachedVideoId":-1,"lastUpdatedTime":1741374632897,"schedule":[-1,14,22,35,-1,-1,-1],"scheduleFixed":[-1,14,22,35,-1,-1,-1],"simpleSchedule":[26,40,19,13,11,20,44]}.%_https://ntp.msn.com..clean_meta_flag..1.5_https://ntp.msn.com..enableUndersideAutoOpenFromEdge..false.&_https://ntp.msn.com..oneSvcUniTunMode..header."_https://ntp.msn.com..pageVersions..{"dhp":"20250306.449"}.*_https://ntp.msn.com..pivotSelectionSource..sticky.#_https://ntp.msn.com..selectedP

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                              File Type:ASCII text
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):329
                                                                                                                                                                                                                              Entropy (8bit):5.189607586858135
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:6:iOypwiR14DM+q2PFi23oH+Tcwt8a2jMGIFUt8pwiR78aSgZmwOpwiRQiDMVkwOFe:7ypwQ4DM+vdZYeb8EFUt8pwgSg/OpwD5
                                                                                                                                                                                                                              MD5:759965376DAA20BAD2BF8B5FEF5D59F3
                                                                                                                                                                                                                              SHA1:6749AE1B6EB90DB5AD3E87CDD577FC3D1EC66B6B
                                                                                                                                                                                                                              SHA-256:14AFDC606FE3E81ED6CC6D77AC69840043D88586F622BF9A782560A79985CE68
                                                                                                                                                                                                                              SHA-512:44262747846F44250F695B0C0348DD729B44CA222071B97CFE5711AB99713DFAC7518E6CCA543C4C87EF1F7148557D972408B8BC576910CF3F37591DBFD397D4
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview:2025/03/07-14:10:18.446 cfc Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb/MANIFEST-000001.2025/03/07-14:10:18.448 cfc Recovering log #3.2025/03/07-14:10:18.450 cfc Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb/000003.log .

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG.old (copy)

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                              File Type:ASCII text
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):329
                                                                                                                                                                                                                              Entropy (8bit):5.189607586858135
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:6:iOypwiR14DM+q2PFi23oH+Tcwt8a2jMGIFUt8pwiR78aSgZmwOpwiRQiDMVkwOFe:7ypwQ4DM+vdZYeb8EFUt8pwgSg/OpwD5
                                                                                                                                                                                                                              MD5:759965376DAA20BAD2BF8B5FEF5D59F3
                                                                                                                                                                                                                              SHA1:6749AE1B6EB90DB5AD3E87CDD577FC3D1EC66B6B
                                                                                                                                                                                                                              SHA-256:14AFDC606FE3E81ED6CC6D77AC69840043D88586F622BF9A782560A79985CE68
                                                                                                                                                                                                                              SHA-512:44262747846F44250F695B0C0348DD729B44CA222071B97CFE5711AB99713DFAC7518E6CCA543C4C87EF1F7148557D972408B8BC576910CF3F37591DBFD397D4
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview:2025/03/07-14:10:18.446 cfc Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb/MANIFEST-000001.2025/03/07-14:10:18.448 cfc Recovering log #3.2025/03/07-14:10:18.450 cfc Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb/000003.log .

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\2747ec84-c725-4784-a45b-52e453a64703.tmp

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                              Category:modified
                                                                                                                                                                                                                              Size (bytes):1698
                                                                                                                                                                                                                              Entropy (8bit):5.278520470349417
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:48:YXsTA8sT4fcdsEleeIkBCcks1CgHks4CgHLbg:8IwkeIkBjTsTLs
                                                                                                                                                                                                                              MD5:AA72832487AEAC9C1595C3FA2360EE70
                                                                                                                                                                                                                              SHA1:464D73D01E0571122AC1271D293AEDC3B9FAFFE0
                                                                                                                                                                                                                              SHA-256:E9930EEF7E9C8735EAC0081298F0F97515CFD57203132D09A3419C9566F85759
                                                                                                                                                                                                                              SHA-512:22CB65E3715B2056ED2FB0B85BEC1CB72A84C5A71E4A21ECEF2AAF02CB6A2642D404D4C77A4CC978D1457AD9E7C828243E88E277CD267AB2DC24252930F94DFD
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview:{"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13388440222215663","port":443,"protocol_str":"quic"}],"anonymization":["GAAAABIAAABodHRwczovL2dvb2dsZS5jb20AAA==",false],"server":"https://clients2.google.com"},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13388440227465928","port":443,"protocol_str":"quic"}],"anonymization":["JAAAAB0AAABodHRwczovL2dvb2dsZXVzZXJjb250ZW50LmNvbQAAAA==",false],"server":"https://clients2.googleusercontent.com"},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13385941832116546","port":443,"protocol_str":"quic"}],"anonymization":["HAAAABUAAABodHRwczovL21pY3Jvc29mdC5jb20AAAA=",false],"server":"https://msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.com"},{"anonymization":["HAAAABUAAABodHRwczovL21pY3Jvc29mdC5jb20AAAA=",false],"server":"https://edge.microsoft.com","supports_spdy":true},{"anonymization":["FAAAAA8AAABodHRwczovL21zbi5jb20A",false],"server":"https://bro

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\369ea150-2020-4aa6-882e-46a018cfb6f0.tmp

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):2
                                                                                                                                                                                                                              Entropy (8bit):1.0
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:3:H:H
                                                                                                                                                                                                                              MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                              SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                              SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                              SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview:[]

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\7a415bbe-c3e0-40dd-81ba-89500103cbd3.tmp

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):40
                                                                                                                                                                                                                              Entropy (8bit):4.1275671571169275
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:3:Y2ktGMxkAXWMSN:Y2xFMSN
                                                                                                                                                                                                                              MD5:20D4B8FA017A12A108C87F540836E250
                                                                                                                                                                                                                              SHA1:1AC617FAC131262B6D3CE1F52F5907E31D5F6F00
                                                                                                                                                                                                                              SHA-256:6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
                                                                                                                                                                                                                              SHA-512:507B2B8A8A168FF8F2BDAFA5D9D341C44501A5F17D9F63F3D43BD586BC9E8AE33221887869FA86F845B7D067CB7D2A7009EFD71DDA36E03A40A74FEE04B86856
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview:{"SDCH":{"dictionaries":{},"version":2}}

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\7ce1878b-f6fc-4b2e-8d86-2ce4baf6ddba.tmp

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):189
                                                                                                                                                                                                                              Entropy (8bit):5.393576021085905
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:3:YWRAWNjRjSEfHNuN9WU//fVXloWGpzwaHJXB8HQXwlm9yJUA6XcIR6DghXMq3AmN:YWyWNBNuyU/XVVLGpZJXB8wXwlmUUAnC
                                                                                                                                                                                                                              MD5:DAC58004A79808E345D291B8327A3659
                                                                                                                                                                                                                              SHA1:B443637A52B644BC4755E7A32607EB96228D37C5
                                                                                                                                                                                                                              SHA-256:A1E24AA3E6AA166C1F8C2EF8C723E346D94D2BA490DB6630EFC171E2C8B52A24
                                                                                                                                                                                                                              SHA-512:A5CB9D2E0933F37371F01D5D99BAB3D1A24029942A815DA3A6C6EC68CCE05A449082C3AFC1319F833E76093413D61188B85ED336A5889E56F3DE1A270CC29B5B
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview:{"sts":[{"expiry":1772910651.030512,"host":"Mrhkytqi5a+5SqjNm+BlTzQkzpfkQMT31YM3RSLQ/U8=","mode":"force-https","sts_include_subdomains":false,"sts_observed":1741374651.030516}],"version":2}

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\91686b1d-aae3-41f6-9f9b-be1c6688b02f.tmp

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):2
                                                                                                                                                                                                                              Entropy (8bit):1.0
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:3:H:H
                                                                                                                                                                                                                              MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                              SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                              SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                              SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview:[]

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\933d2154-12a9-4684-b42e-076786f63a64.tmp

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):111
                                                                                                                                                                                                                              Entropy (8bit):4.718418993774295
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:3:YLb9N+eAXRfHDH2LS7PMVKJq0nMb1KKqk1Yn:YHpoeS7PMVKJTnMRKXk1Yn
                                                                                                                                                                                                                              MD5:807419CA9A4734FEAF8D8563A003B048
                                                                                                                                                                                                                              SHA1:A723C7D60A65886FFA068711F1E900CCC85922A6
                                                                                                                                                                                                                              SHA-256:AA10BF07B0D265BED28F2A475F3564D8DDB5E4D4FFEE0AB6F3A0CC564907B631
                                                                                                                                                                                                                              SHA-512:F10D496AE75DB5BA412BD9F17BF0C7DA7632DB92A3FABF7F24071E40F5759C6A875AD8F3A72BAD149DA58B3DA3B816077DF125D0D9F3544ADBA68C66353D206C
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview:{"net":{"http_server_properties":{"servers":[],"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"3G"}}}

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 8, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 8
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):20480
                                                                                                                                                                                                                              Entropy (8bit):2.79111885023573
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:96:te+AuHbQKXKQNmWPOaYM5jWUbhS3e4sFO/92QhuGWDfyzIoXckO0L/ZJV8Y:tT7X6QNmTwlhgLOOl2rGR3Xcf0L/ZJVb
                                                                                                                                                                                                                              MD5:6F65504D08C986732FF0B2BC0CB199EC
                                                                                                                                                                                                                              SHA1:3B394A35F4F57C590B3171BCD86C43E867F2779C
                                                                                                                                                                                                                              SHA-256:43163196A86805F0CEDF36D3F97E1CCA04E2F1A9BD00F205E1EDAEEA645CFAE8
                                                                                                                                                                                                                              SHA-512:6D5C95B19671ED35EEE8201B9254BE9523B612FFD975E06A1DFFB46880FA27EAE16D46E20827BB18BB63C334D769A2BC1302CEADFCFD2810A835C95DF8B1EDE2
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview:SQLite format 3......@ ..........................................................................j...$......g..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State (copy)

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):111
                                                                                                                                                                                                                              Entropy (8bit):4.718418993774295
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:3:YLb9N+eAXRfHDH2LS7PMVKJq0nMb1KKqk1Yn:YHpoeS7PMVKJTnMRKXk1Yn
                                                                                                                                                                                                                              MD5:807419CA9A4734FEAF8D8563A003B048
                                                                                                                                                                                                                              SHA1:A723C7D60A65886FFA068711F1E900CCC85922A6
                                                                                                                                                                                                                              SHA-256:AA10BF07B0D265BED28F2A475F3564D8DDB5E4D4FFEE0AB6F3A0CC564907B631
                                                                                                                                                                                                                              SHA-512:F10D496AE75DB5BA412BD9F17BF0C7DA7632DB92A3FABF7F24071E40F5759C6A875AD8F3A72BAD149DA58B3DA3B816077DF125D0D9F3544ADBA68C66353D206C
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview:{"net":{"http_server_properties":{"servers":[],"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"3G"}}}

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State~RF37e2a.TMP (copy)

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):111
                                                                                                                                                                                                                              Entropy (8bit):4.718418993774295
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:3:YLb9N+eAXRfHDH2LS7PMVKJq0nMb1KKqk1Yn:YHpoeS7PMVKJTnMRKXk1Yn
                                                                                                                                                                                                                              MD5:807419CA9A4734FEAF8D8563A003B048
                                                                                                                                                                                                                              SHA1:A723C7D60A65886FFA068711F1E900CCC85922A6
                                                                                                                                                                                                                              SHA-256:AA10BF07B0D265BED28F2A475F3564D8DDB5E4D4FFEE0AB6F3A0CC564907B631
                                                                                                                                                                                                                              SHA-512:F10D496AE75DB5BA412BD9F17BF0C7DA7632DB92A3FABF7F24071E40F5759C6A875AD8F3A72BAD149DA58B3DA3B816077DF125D0D9F3544ADBA68C66353D206C
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview:{"net":{"http_server_properties":{"servers":[],"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"3G"}}}

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Reporting and NEL

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 9, cookie 0x4, schema 4, UTF-8, version-valid-for 7
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):36864
                                                                                                                                                                                                                              Entropy (8bit):1.3778131074715754
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:96:JkIEumQv8m1ccnvSrLS39SelGFh5UpMw1a:+IEumQv8m1ccnvSrLEKUWr
                                                                                                                                                                                                                              MD5:DFDE9824F068B92ABEF2518A8A4CDD53
                                                                                                                                                                                                                              SHA1:CDC9115D3AF14A7BB19F4B126B735A6E686127C0
                                                                                                                                                                                                                              SHA-256:849C2681BEF0979CF390E5DEB8571F7DB266228F6AB30829DFC6862F3E4F7C17
                                                                                                                                                                                                                              SHA-512:DBDF91DBD225D7FE7C68BC384DFACEB91E9C90B792BDE54E9C6F8857D9861A080758ABA00E9A367963677D8FA707E632447E9FFFEB3440B8C0F857D64C100D40
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview:SQLite format 3......@ ..........................................................................j..........g...D.........7............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports (copy)

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):2
                                                                                                                                                                                                                              Entropy (8bit):1.0
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:3:H:H
                                                                                                                                                                                                                              MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                              SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                              SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                              SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview:[]

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports~RF27286.TMP (copy)

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):2
                                                                                                                                                                                                                              Entropy (8bit):1.0
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:3:H:H
                                                                                                                                                                                                                              MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                              SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                              SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                              SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview:[]

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports~RF289f6.TMP (copy)

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):2
                                                                                                                                                                                                                              Entropy (8bit):1.0
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:3:H:H
                                                                                                                                                                                                                              MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                              SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                              SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                              SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview:[]

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries (copy)

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):40
                                                                                                                                                                                                                              Entropy (8bit):4.1275671571169275
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:3:Y2ktGMxkAXWMSN:Y2xFMSN
                                                                                                                                                                                                                              MD5:20D4B8FA017A12A108C87F540836E250
                                                                                                                                                                                                                              SHA1:1AC617FAC131262B6D3CE1F52F5907E31D5F6F00
                                                                                                                                                                                                                              SHA-256:6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
                                                                                                                                                                                                                              SHA-512:507B2B8A8A168FF8F2BDAFA5D9D341C44501A5F17D9F63F3D43BD586BC9E8AE33221887869FA86F845B7D067CB7D2A7009EFD71DDA36E03A40A74FEE04B86856
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview:{"SDCH":{"dictionaries":{},"version":2}}

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity (copy)

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):189
                                                                                                                                                                                                                              Entropy (8bit):5.393576021085905
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:3:YWRAWNjRjSEfHNuN9WU//fVXloWGpzwaHJXB8HQXwlm9yJUA6XcIR6DghXMq3AmN:YWyWNBNuyU/XVVLGpZJXB8wXwlmUUAnC
                                                                                                                                                                                                                              MD5:DAC58004A79808E345D291B8327A3659
                                                                                                                                                                                                                              SHA1:B443637A52B644BC4755E7A32607EB96228D37C5
                                                                                                                                                                                                                              SHA-256:A1E24AA3E6AA166C1F8C2EF8C723E346D94D2BA490DB6630EFC171E2C8B52A24
                                                                                                                                                                                                                              SHA-512:A5CB9D2E0933F37371F01D5D99BAB3D1A24029942A815DA3A6C6EC68CCE05A449082C3AFC1319F833E76093413D61188B85ED336A5889E56F3DE1A270CC29B5B
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview:{"sts":[{"expiry":1772910651.030512,"host":"Mrhkytqi5a+5SqjNm+BlTzQkzpfkQMT31YM3RSLQ/U8=","mode":"force-https","sts_include_subdomains":false,"sts_observed":1741374651.030516}],"version":2}

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\f0e17e8b-cc8d-4fa5-964d-9e8822c0e5ce.tmp

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):2
                                                                                                                                                                                                                              Entropy (8bit):1.0
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:3:H:H
                                                                                                                                                                                                                              MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                              SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                              SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                              SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview:[]

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Nurturing\campaign_history

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):20480
                                                                                                                                                                                                                              Entropy (8bit):0.8350301952073809
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:24:TLSOUOq0afDdWec9sJlAMoqsgC7zn2z8ZI7J5fc:T+OUzDbg3sAM/sgCnn2ztc
                                                                                                                                                                                                                              MD5:0DAD8D7F079797377CD56DAE47E1A619
                                                                                                                                                                                                                              SHA1:A353C01C5B9BA9E0315ABA74D3337B7D6EE97CB2
                                                                                                                                                                                                                              SHA-256:7BDA584E0C1BE9E104065370FD279A7E771D7EB4F7E4CC7C80F146931F150E33
                                                                                                                                                                                                                              SHA-512:5A57C0D303672564DDEAA08B5DAAEE1BA24B67C46100720CE69F0908427ACE55F330D96A772D0E1F96B595FBBD70E6145AA464FC4F312EFE095F9AC909E304E8
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences (copy)

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):9906
                                                                                                                                                                                                                              Entropy (8bit):5.113394056238277
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:192:stZkdpmsGipIlN6xyk2Np8xbV+FP9QAXy933+PAcdJ:stZQmsGui4bbG1QF9nw
                                                                                                                                                                                                                              MD5:577E7C5CD4272BE96CCEC4A533C25CD7
                                                                                                                                                                                                                              SHA1:88DB7E5E99C00949C92F8F4355C932572A06CD27
                                                                                                                                                                                                                              SHA-256:05F4AABF94037DE302A822132A7BB468133FEF5F4482B85453C2D528B9861FF2
                                                                                                                                                                                                                              SHA-512:08F201A4D21B8B2F3DEDBC0FEC21DA81D70272A8FFAB5C4154FC1E8D8C4DCD8DC049703A4F7C139D2D21DA2AEB3C263BD718F1E770360CDCD31F61639C2C42AB
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13385828569213643","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340975013362099","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"should_reset_check_default_browser":false,"toolbar_extensions_hub_button_visibility":0,"underside_chat_bing_signed_in_status":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"browser_content_container_height":882,"browser_content_container_width":1236,"browser_content_container_x":0,"browser_content_container_y":102,"continuous_migration":{"ci_correction_for_holdout_treatment_state":1,"datatype_details_migration_performed":true},"co

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF2bc32.TMP (copy)

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):9906
                                                                                                                                                                                                                              Entropy (8bit):5.113394056238277
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:192:stZkdpmsGipIlN6xyk2Np8xbV+FP9QAXy933+PAcdJ:stZQmsGui4bbG1QF9nw
                                                                                                                                                                                                                              MD5:577E7C5CD4272BE96CCEC4A533C25CD7
                                                                                                                                                                                                                              SHA1:88DB7E5E99C00949C92F8F4355C932572A06CD27
                                                                                                                                                                                                                              SHA-256:05F4AABF94037DE302A822132A7BB468133FEF5F4482B85453C2D528B9861FF2
                                                                                                                                                                                                                              SHA-512:08F201A4D21B8B2F3DEDBC0FEC21DA81D70272A8FFAB5C4154FC1E8D8C4DCD8DC049703A4F7C139D2D21DA2AEB3C263BD718F1E770360CDCD31F61639C2C42AB
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13385828569213643","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340975013362099","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"should_reset_check_default_browser":false,"toolbar_extensions_hub_button_visibility":0,"underside_chat_bing_signed_in_status":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"browser_content_container_height":882,"browser_content_container_width":1236,"browser_content_container_x":0,"browser_content_container_y":102,"continuous_migration":{"ci_correction_for_holdout_treatment_state":1,"datatype_details_migration_performed":true},"co

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF2ec4a.TMP (copy)

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):9906
                                                                                                                                                                                                                              Entropy (8bit):5.113394056238277
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:192:stZkdpmsGipIlN6xyk2Np8xbV+FP9QAXy933+PAcdJ:stZQmsGui4bbG1QF9nw
                                                                                                                                                                                                                              MD5:577E7C5CD4272BE96CCEC4A533C25CD7
                                                                                                                                                                                                                              SHA1:88DB7E5E99C00949C92F8F4355C932572A06CD27
                                                                                                                                                                                                                              SHA-256:05F4AABF94037DE302A822132A7BB468133FEF5F4482B85453C2D528B9861FF2
                                                                                                                                                                                                                              SHA-512:08F201A4D21B8B2F3DEDBC0FEC21DA81D70272A8FFAB5C4154FC1E8D8C4DCD8DC049703A4F7C139D2D21DA2AEB3C263BD718F1E770360CDCD31F61639C2C42AB
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13385828569213643","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340975013362099","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"should_reset_check_default_browser":false,"toolbar_extensions_hub_button_visibility":0,"underside_chat_bing_signed_in_status":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"browser_content_container_height":882,"browser_content_container_width":1236,"browser_content_container_x":0,"browser_content_container_y":102,"continuous_migration":{"ci_correction_for_holdout_treatment_state":1,"datatype_details_migration_performed":true},"co

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF36dde.TMP (copy)

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):9906
                                                                                                                                                                                                                              Entropy (8bit):5.113394056238277
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:192:stZkdpmsGipIlN6xyk2Np8xbV+FP9QAXy933+PAcdJ:stZQmsGui4bbG1QF9nw
                                                                                                                                                                                                                              MD5:577E7C5CD4272BE96CCEC4A533C25CD7
                                                                                                                                                                                                                              SHA1:88DB7E5E99C00949C92F8F4355C932572A06CD27
                                                                                                                                                                                                                              SHA-256:05F4AABF94037DE302A822132A7BB468133FEF5F4482B85453C2D528B9861FF2
                                                                                                                                                                                                                              SHA-512:08F201A4D21B8B2F3DEDBC0FEC21DA81D70272A8FFAB5C4154FC1E8D8C4DCD8DC049703A4F7C139D2D21DA2AEB3C263BD718F1E770360CDCD31F61639C2C42AB
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13385828569213643","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340975013362099","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"should_reset_check_default_browser":false,"toolbar_extensions_hub_button_visibility":0,"underside_chat_bing_signed_in_status":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"browser_content_container_height":882,"browser_content_container_width":1236,"browser_content_container_x":0,"browser_content_container_y":102,"continuous_migration":{"ci_correction_for_holdout_treatment_state":1,"datatype_details_migration_performed":true},"co

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences (copy)

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):24853
                                                                                                                                                                                                                              Entropy (8bit):5.564399425773106
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:768:e+rIFmWPHbfLa8F1+UoAYDCx9Tuqh0VfUC9xbog/OVBEkctrw+1pStua:e+rIFmWPHbfLau1jagPcW+ut9
                                                                                                                                                                                                                              MD5:D28737F6C9566763306313C4C6C45886
                                                                                                                                                                                                                              SHA1:3A1D1189429DC8D2D610E7FD89438764E37A2675
                                                                                                                                                                                                                              SHA-256:D86A3C4D3C37339B23CEAAEC6469A3A2A61E6E089C95120A388C1CF4F391D7AE
                                                                                                                                                                                                                              SHA-512:44F57FDA0C8983AE2CB330150FAADF70AF4F6788FBAD63491F19CD2C9888E73CD5DC19E6FC6D2776ED01FF87B1A76B65D1BE9FD146C1BC9FBC10EC02DBABE3FB
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview:{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13385848218041096","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13385848218041096","location":5,"ma

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences~RF2abe6.TMP (copy)

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):24853
                                                                                                                                                                                                                              Entropy (8bit):5.564399425773106
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:768:e+rIFmWPHbfLa8F1+UoAYDCx9Tuqh0VfUC9xbog/OVBEkctrw+1pStua:e+rIFmWPHbfLau1jagPcW+ut9
                                                                                                                                                                                                                              MD5:D28737F6C9566763306313C4C6C45886
                                                                                                                                                                                                                              SHA1:3A1D1189429DC8D2D610E7FD89438764E37A2675
                                                                                                                                                                                                                              SHA-256:D86A3C4D3C37339B23CEAAEC6469A3A2A61E6E089C95120A388C1CF4F391D7AE
                                                                                                                                                                                                                              SHA-512:44F57FDA0C8983AE2CB330150FAADF70AF4F6788FBAD63491F19CD2C9888E73CD5DC19E6FC6D2776ED01FF87B1A76B65D1BE9FD146C1BC9FBC10EC02DBABE3FB
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview:{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13385848218041096","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13385848218041096","location":5,"ma

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\000001.dbtmp

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                              File Type:ASCII text
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):16
                                                                                                                                                                                                                              Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                                              MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                                              SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                                              SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                                              SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview:MANIFEST-000001.

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\000003.log

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):2403
                                                                                                                                                                                                                              Entropy (8bit):5.8072145990272555
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:24:F2xc5NmrcncmoCCRORpllg2hEaMfhHcldCRORpllg2h1Q1BECRORpllg2hEaPhHE:F2emUfrd6aMfxIrdv++rd6aPxTrd4Px3
                                                                                                                                                                                                                              MD5:EB8DC8C9AB467BB14855D2AB6AE162B7
                                                                                                                                                                                                                              SHA1:E18D1B96B292356C81BA91A66948CA6A4C752E12
                                                                                                                                                                                                                              SHA-256:6B9F823EEC5E27039742A96D3CA67144A336493118430AAC4F3D652643CDBE43
                                                                                                                                                                                                                              SHA-512:3C00BD5CEBDA24E5FA4D62FCC4B1D48DD9EC46C50FAAE1BC419D4469D27A91736F35542C0D02B7B33066266E6C444CB49951CD903596A207F12879CB2921EFEC
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview:....I................URES:0...INITDATA_NEXT_RESOURCE_ID.1..INITDATA_DB_VERSION.2BEC%.................INITDATA_NEXT_REGISTRATION_ID.1..INITDATA_NEXT_VERSION_ID.1.+INITDATA_UNIQUE_ORIGIN:https://ntp.msn.com/...REG:https://ntp.msn.com/.0......https://ntp.msn.com/edge/ntp...https://ntp.msn.com/edge/ntp/service-worker.js?bundles=latest&riverAgeMinutes=2880&navAgeMinutes=2880&networkTimeoutSeconds=5&bgTaskNetworkTimeoutSeconds=8&ssrBasePageNavAgeMinutes=360&enableEmptySectionRoute=true&enableNavPreload=true&enableFallbackVerticalsFeed=true&noCacheLayoutTemplates=true&cacheSSRBasePageResponse=true&enableStaticAdsRouting=true&enableWidgetsRegion=true .(.0.8.......@...Z.b.....trueh..h..h..h..h..h..h..h..h..h..h..h.!p.x.................................REGID_TO_ORIGIN:0.https://ntp.msn.com/..RES:0.0.......https://ntp.msn.com/edge/ntp/service-worker.js?bundles=latest&riverAgeMinutes=2880&navAgeMinutes=2880&networkTimeoutSeconds=5&bgTaskNetworkTimeoutSeconds=8&ssrBasePageNavAgeMinutes=360&enableE

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT (copy)

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                              File Type:ASCII text
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):16
                                                                                                                                                                                                                              Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                                              MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                                              SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                                              SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                                              SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview:MANIFEST-000001.

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\LOG

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                              File Type:ASCII text
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):293
                                                                                                                                                                                                                              Entropy (8bit):5.199748341697165
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:6:iOypwNqm81Fi23oH+TcwtE/a252KLlMpwrFw+q2PFi23oH+TcwtE/a2ZIFUv:7ypwNqHZYeb8xLOpwe+vdZYeb8J2FUv
                                                                                                                                                                                                                              MD5:F2062815C8F233874C8C79A7666EBC49
                                                                                                                                                                                                                              SHA1:0B7950E8061F1E35ED3C72CBDB7CF80C8CFFA776
                                                                                                                                                                                                                              SHA-256:48A5F5F7D1EA91EDAEDEB4D24BD3B5317999880FD326AF8325D562AB2267817B
                                                                                                                                                                                                                              SHA-512:5C910A1ED106D8B0556F9CAF18E19F780EF4235A8E2F3555ADB73B9E10E1EE4C557B30A9C4634871E2B2F8F02A67868133B41D26A88E311B82C13F0FAB34BDA5
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview:2025/03/07-14:10:39.044 64c Creating DB C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database since it was missing..2025/03/07-14:10:39.068 64c Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database/MANIFEST-000001.

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\MANIFEST-000001

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                              File Type:OpenPGP Secret Key
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):41
                                                                                                                                                                                                                              Entropy (8bit):4.704993772857998
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                                                                                                                                                                                                              MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                                                                                                                                                                                              SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                                                                                                                                                                                              SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                                                                                                                                                                                              SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview:.|.."....leveldb.BytewiseComparator......

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\2cc80dabc69f58b6_0

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):117113
                                                                                                                                                                                                                              Entropy (8bit):5.575017473997892
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:1536:mK906yxPXfOSO1jIoe4ML/NFHBBsCjNzNMLueyklY01:V9LyxPXfOSO1jve4ML/TBBscKyq1
                                                                                                                                                                                                                              MD5:CEFCFFB659D2C44A84051039D6A6E31C
                                                                                                                                                                                                                              SHA1:A920E3035159CA68475C1885C1596BEE3B4948CA
                                                                                                                                                                                                                              SHA-256:BA4F622E280775E58D8C68D100B65FB85DAF0D17110AA534D843135177C10A36
                                                                                                                                                                                                                              SHA-512:37066A37F0D0CD40F5D03976EE80433D5E8012E14734AC195B503CF21CA9745D4445B989902511869B4E7422D78B931094C4829D8DC8B34A573E73A252CB1233
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview:0\r..m..........rSG.....0!function(e,t){if("object"==typeof exports&&"object"==typeof module)module.exports=t();else if("function"==typeof define&&define.amd)define([],t);else{var s=t();for(var n in s)("object"==typeof exports?exports:e)[n]=s[n]}}(self,(()=>(()=>{"use strict";var e={894:()=>{try{self["workbox:cacheable-response:6.4.0"]&&_()}catch(e){}},81:()=>{try{self["workbox:core:6.4.0"]&&_()}catch(e){}},485:()=>{try{self["workbox:expiration:6.4.0"]&&_()}catch(e){}},484:()=>{try{self["workbox:navigation-preload:6.4.0"]&&_()}catch(e){}},248:()=>{try{self["workbox:precaching:6.4.0"]&&_()}catch(e){}},492:()=>{try{self["workbox:routing:6.4.0"]&&_()}catch(e){}},154:()=>{try{self["workbox:strategies:6.4.0"]&&_()}catch(e){}}},t={};function s(n){var a=t[n];if(void 0!==a)return a.exports;var r=t[n]={exports:{}};return e[n](r,r.exports,s),r.exports}s.g=function(){if("object"==typeof globalThis)return globalThis;try{return this||new Function("return this")()}catch(e){if("object"==typeof window

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\2cc80dabc69f58b6_1

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                              File Type:DIY-Thermocam raw data (Lepton 2.x), scale 256-28160, spot sensor temperature 0.000000, unit celsius, color scheme 0, calibration: offset 2955004608512.000000, slope 87351827168571162624.000000
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):195313
                                                                                                                                                                                                                              Entropy (8bit):6.38759356813311
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:3072:ifKLoBC5YnCNVwU9flqZL/mE+XOohg+Ma/UGXwLWcES:8cxVwqlQL/vkVhPMAS
                                                                                                                                                                                                                              MD5:564BCE9E73807AE8F1848A7B8025E9EB
                                                                                                                                                                                                                              SHA1:E7054DD28DA588BA2CBB84FBFA04410927A8FECD
                                                                                                                                                                                                                              SHA-256:25E5249F3521FD7D9814B82304AF64E4B1BC7CBD49F9031669AA37A2761F0F64
                                                                                                                                                                                                                              SHA-512:C3217544F55CC5CAE7E4FF684BE9C7EE3EBDE900C5E5AAB5445A9772C69AD0354ECC36DA067E9B71D6BFEDB1E07437A91C9F52B8EF98680F07EC7396FC6791A4
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview:0\r..m..........rSG.....0....z3.................;.....x..........,T.8..`,.....L`.....,T...`......L`......Rc..D.....exports...Rc.P+.....module....Rc.D......define....Rbr......amd....D..H...........".. ...".. ...!...a..2....]".. ...!...-.....!...|..c.....>a...8v............*.........".. ...!........./..4.....).....$Sb............I`....Da......... ..f..........`...p...0...j...p..H........Q...V/'l{...https://ntp.msn.com/edge/ntp/service-worker.js?bundles=latest&riverAgeMinutes=2880&navAgeMinutes=2880&networkTimeoutSeconds=5&bgTaskNetworkTimeoutSeconds=8&ssrBasePageNavAgeMinutes=360&enableEmptySectionRoute=true&enableNavPreload=true&enableFallbackVerticalsFeed=true&noCacheLayoutTemplates=true&cacheSSRBasePageResponse=true&enableStaticAdsRouting=true&enableWidgetsRegion=true.a........Db............D`.....y..A.`............,T.,.`......L`.....,T...`>....DL`.....DSb.....................q...1.c................I`....Da.....o...,T.`.`z.....L`..........a............a.........Dr8..............

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):24
                                                                                                                                                                                                                              Entropy (8bit):2.1431558784658327
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:3:m+l:m
                                                                                                                                                                                                                              MD5:54CB446F628B2EA4A5BCE5769910512E
                                                                                                                                                                                                                              SHA1:C27CA848427FE87F5CF4D0E0E3CD57151B0D820D
                                                                                                                                                                                                                              SHA-256:FBCFE23A2ECB82B7100C50811691DDE0A33AA3DA8D176BE9882A9DB485DC0F2D
                                                                                                                                                                                                                              SHA-512:8F6ED2E91AED9BD415789B1DBE591E7EAB29F3F1B48FDFA5E864D7BF4AE554ACC5D82B4097A770DABC228523253623E4296C5023CF48252E1B94382C43123CB0
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview:0\r..m..................

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\temp-index

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):72
                                                                                                                                                                                                                              Entropy (8bit):3.5931902015385067
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:3:KkFjXl/lW/l9/lxEstll+/lFV+r+:KMzyOs8P+r+
                                                                                                                                                                                                                              MD5:1B88EB7A313BAC09462406F9ACB8EA38
                                                                                                                                                                                                                              SHA1:3EC7CE44AD2B6F77727DA534D6A750712A83BC40
                                                                                                                                                                                                                              SHA-256:58A77C6B588F8A05ACB6736F48E90D31FA4E94DB953575F1A7DC976F6D4E40EE
                                                                                                                                                                                                                              SHA-512:252077F2B6123563B420539B8B74C05417917A537ADE1317F9ABC8263587480F0662C636BC265F6272239551B69B8531F0350B5E330D13D27DECF509538AAAA7
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview:@...?...oy retne.........................X....,................:...[./.

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index (copy)

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):72
                                                                                                                                                                                                                              Entropy (8bit):3.5931902015385067
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:3:KkFjXl/lW/l9/lxEstll+/lFV+r+:KMzyOs8P+r+
                                                                                                                                                                                                                              MD5:1B88EB7A313BAC09462406F9ACB8EA38
                                                                                                                                                                                                                              SHA1:3EC7CE44AD2B6F77727DA534D6A750712A83BC40
                                                                                                                                                                                                                              SHA-256:58A77C6B588F8A05ACB6736F48E90D31FA4E94DB953575F1A7DC976F6D4E40EE
                                                                                                                                                                                                                              SHA-512:252077F2B6123563B420539B8B74C05417917A537ADE1317F9ABC8263587480F0662C636BC265F6272239551B69B8531F0350B5E330D13D27DECF509538AAAA7
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview:@...?...oy retne.........................X....,................:...[./.

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RF317af.TMP (copy)

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):72
                                                                                                                                                                                                                              Entropy (8bit):3.5931902015385067
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:3:KkFjXl/lW/l9/lxEstll+/lFV+r+:KMzyOs8P+r+
                                                                                                                                                                                                                              MD5:1B88EB7A313BAC09462406F9ACB8EA38
                                                                                                                                                                                                                              SHA1:3EC7CE44AD2B6F77727DA534D6A750712A83BC40
                                                                                                                                                                                                                              SHA-256:58A77C6B588F8A05ACB6736F48E90D31FA4E94DB953575F1A7DC976F6D4E40EE
                                                                                                                                                                                                                              SHA-512:252077F2B6123563B420539B8B74C05417917A537ADE1317F9ABC8263587480F0662C636BC265F6272239551B69B8531F0350B5E330D13D27DECF509538AAAA7
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview:@...?...oy retne.........................X....,................:...[./.

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):5743
                                                                                                                                                                                                                              Entropy (8bit):3.434959063948892
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:96:XjG9b275T1ts8MLVbpmTrdZJvp+S+ViuvplnrYU0/gtOXNOzSAuCOatWK:zJxIR0TrFp+SKiuzrJ0/gt1WVCOa
                                                                                                                                                                                                                              MD5:44ED3CE76E6DBC65F64599BA65C7E454
                                                                                                                                                                                                                              SHA1:379F0367B63845D99F21B499554ABD21739DCAFE
                                                                                                                                                                                                                              SHA-256:B22C27A8290BAF5518E2FAC1976EEFD59D176F87E632EC53F68C59976142C74C
                                                                                                                                                                                                                              SHA-512:2EB485AA15DE09A01F4CC650522DB43F705C5E2550F89BCB3E1F2C38DE7D16C5B87507A316534DA0EE614E05853C517AEB6D8FB19E524D390573E54F6C5183E3
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview:*...#................version.1..namespace-..&f.................&f.................&f.................&f.................&f.................x.b................next-map-id.1.Cnamespace-ad6ccfe8_29b2_4167_a3b9_b7b8d31430de-https://ntp.msn.com/.0..x*................map-0-shd_sweeper.){.".x.-.m.s.-.f.l.i.g.h.t.I.d.".:.".m.s.n.a.l.l.e.x.p.u.s.e.r.s.,.p.r.g.-.s.p.-.l.i.v.e.a.p.i.,.p.r.g.-.f.i.n.-.c.o.m.p.o.f.,.p.r.g.-.f.i.n.-.h.p.o.f.l.i.o.,.p.r.g.-.f.i.n.-.p.o.f.l.i.o.,.p.r.g.-.h.p.-.n.b.-.i.n.f.s.v.,.1.s.-.w.p.o.-.m.s.n.a.d.,.1.s.-.w.p.o.-.w.a.t.e.r.f.a.l.l.,.p.r.g.-.1.s.w.-.h.o.m.e.m.s.n.,.p.r.g.-.1.s.w.-.s.a.x.a.i.v.2.,.p.r.g.-.h.o.m.e.t.o.-.h.p.m.s.n.,.p.r.g.-.h.p.-.f.v.-.n.o.b.a.d.,.p.r.g.-.h.p.-.r.d.c.v.,.p.r.g.-.h.p.-.s.f.-.f.v.,.p.r.g.-.h.p.-.s.w.i.t.c.h.f.e.e.d.,.p.r.g.-.m.s.n.-.i.d.,.p.r.g.-.n.o.d.i.s.p.a.d.,.p.r.g.-.p.r.2.-.h.o.m.e.m.s.n.,.p.r.g.-.1.s.w.-.c.c.-.c.a.l.f.b.v.c.,.p.r.g.-.1.s.w.-.s.a.-.c.a.l.f.b.v.c.,.p.r.g.-.m.s.n.-.b.l.s.b.i.d.m.h.o.,.u.p.d.a.t.e.-.h.i.d.e.-.c.,.p.

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                              File Type:ASCII text
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):317
                                                                                                                                                                                                                              Entropy (8bit):5.194687194208134
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:6:iOypwidUMDM+q2PFi23oH+TcwtrQMxIFUt8pwidctgZmwOpwidlDMVkwOFi23oHs:7ypwrMDM+vdZYebCFUt8pwZtg/OpwGDl
                                                                                                                                                                                                                              MD5:4328159D1DCCFE350AE55F92B438BF45
                                                                                                                                                                                                                              SHA1:1EFE27F4E36AE02947C940233D65315968E14E92
                                                                                                                                                                                                                              SHA-256:80CABA81EE79FCA8900529F73B618A9A2496E9AA1B15BF8B692FF4CA14813E2F
                                                                                                                                                                                                                              SHA-512:563CCE2A8713CA3BBA06CF3E4F950B51841954C737C50B86F14EA83F877F98FD08190FBEBA23CF868F14989D2CDE0DB0590A8D9403F340EA7C4017B3631A8321
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview:2025/03/07-14:10:18.816 cfc Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage/MANIFEST-000001.2025/03/07-14:10:18.822 cfc Recovering log #3.2025/03/07-14:10:18.829 cfc Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage/000003.log .

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG.old (copy)

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                              File Type:ASCII text
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):317
                                                                                                                                                                                                                              Entropy (8bit):5.194687194208134
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:6:iOypwidUMDM+q2PFi23oH+TcwtrQMxIFUt8pwidctgZmwOpwidlDMVkwOFi23oHs:7ypwrMDM+vdZYebCFUt8pwZtg/OpwGDl
                                                                                                                                                                                                                              MD5:4328159D1DCCFE350AE55F92B438BF45
                                                                                                                                                                                                                              SHA1:1EFE27F4E36AE02947C940233D65315968E14E92
                                                                                                                                                                                                                              SHA-256:80CABA81EE79FCA8900529F73B618A9A2496E9AA1B15BF8B692FF4CA14813E2F
                                                                                                                                                                                                                              SHA-512:563CCE2A8713CA3BBA06CF3E4F950B51841954C737C50B86F14EA83F877F98FD08190FBEBA23CF868F14989D2CDE0DB0590A8D9403F340EA7C4017B3631A8321
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview:2025/03/07-14:10:18.816 cfc Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage/MANIFEST-000001.2025/03/07-14:10:18.822 cfc Recovering log #3.2025/03/07-14:10:18.829 cfc Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage/000003.log .

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Session_13385848220536192

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):1443
                                                                                                                                                                                                                              Entropy (8bit):3.803377329936935
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:24:3QSPUANAz3x6psAF4unxOPtLp3X2amEtG1ChqF1+Rl3jQKkOAM4w:3QSPU8ADx6zFELp2FEkCh203sHOp
                                                                                                                                                                                                                              MD5:CDCB5A7E7A65A2F3CE86275CCA645671
                                                                                                                                                                                                                              SHA1:54C84D9E807EEF3EF3F7656C4D921D3262083850
                                                                                                                                                                                                                              SHA-256:908F8EA5C3AA2A2792BFF14399DBEE85B736A1599D2D4C7BBDAB7A5EA0B0BF94
                                                                                                                                                                                                                              SHA-512:C8254A263F6DF1D2DD2BB673CE1E27277AFE305B351833764CBFF08DD016C3A29C9BE8A9642A500FCEA2D9B7CF5C0903440469DC1654FC1295675EC461F8825E
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview:SNSS.......d..D...........d..D......"d..D...........d..D.......d..D.......e..D.......e..D....!..e..D...............................d..De..D1..,...e..D$...ad6ccfe8_29b2_4167_a3b9_b7b8d31430de...d..D.......e..D......A........d..D...d..D.......................d..D....................5..0...d..D&...{5DC5B86D-CAF2-49C1-9E3A-A746C93976BC}.....d..D.......d..D..........................e..D...........e..D........edge://newtab/......N.e.w. .t.a.b...........!...............................................................x...............................x.........._./....._./.................................. ...................................................r...h.t.t.p.s.:././.n.t.p...m.s.n...c.o.m./.e.d.g.e./.n.t.p.?.l.o.c.a.l.e.=.e.n.-.G.B.&.t.i.t.l.e.=.N.e.w.%.2.0.t.a.b.&.d.s.p.=.1.&.s.p.=.B.i.n.g.&.i.s.F.R.E.M.o.d.a.l.B.a.c.k.g.r.o.u.n.d.=.1.&.s.t.a.r.t.p.a.g.e.=.1.&.P.C.=.U.5.3.1.....................................8.......0.......8............................................................

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Shortcuts

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):20480
                                                                                                                                                                                                                              Entropy (8bit):0.44194574462308833
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:12:TLiNCcUMskMVcIWGhWxBzEXx7AAQlvsdFxOUwa5qgufTJpbZ75fOS:TLisVMnYPhIY5Qlvsd6UwccNp15fB
                                                                                                                                                                                                                              MD5:B35F740AA7FFEA282E525838EABFE0A6
                                                                                                                                                                                                                              SHA1:A67822C17670CCE0BA72D3E9C8DA0CE755A3421A
                                                                                                                                                                                                                              SHA-256:5D599596D116802BAD422497CF68BE59EEB7A9135E3ED1C6BEACC48F73827161
                                                                                                                                                                                                                              SHA-512:05C0D33516B2C1AB6928FB34957AD3E03CB0A8B7EEC0FD627DD263589655A16DEA79100B6CC29095C3660C95FD2AFB2E4DD023F0597BD586DD664769CABB67F8
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview:SQLite format 3......@ ..........................................................................j..........g....."....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                              File Type:ASCII text
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):345
                                                                                                                                                                                                                              Entropy (8bit):5.172913551195339
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:6:iOypwiVSw+q2PFi23oH+Tcwt7Uh2ghZIFUt8pwiV4XZmwOpwiVWQVkwOFi23oH+Q:7ypw5w+vdZYebIhHh2FUt8pwR/OpwuVT
                                                                                                                                                                                                                              MD5:F1DDCBD0C46AAA22F3981AAE62183D41
                                                                                                                                                                                                                              SHA1:0DB5A1F5FD8487EF025086180FD86F4857449460
                                                                                                                                                                                                                              SHA-256:AB3C6D371C21C1B08392F267D68FB2B6665F851547FFE433FB14A6FB6C5F7AF7
                                                                                                                                                                                                                              SHA-512:6966EAF42E3E8547A6B9DA91A884B319690764344598B54E33DA8BBBB1B9B7BC42A43CB52181B4195EEF802660A17648C45B2C48F36CFD225CCDB6BB16FFE8EA
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview:2025/03/07-14:10:18.023 64c Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database/MANIFEST-000001.2025/03/07-14:10:18.024 64c Recovering log #3.2025/03/07-14:10:18.038 64c Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database/000003.log .

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG.old (copy)

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                              File Type:ASCII text
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):345
                                                                                                                                                                                                                              Entropy (8bit):5.172913551195339
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:6:iOypwiVSw+q2PFi23oH+Tcwt7Uh2ghZIFUt8pwiV4XZmwOpwiVWQVkwOFi23oH+Q:7ypw5w+vdZYebIhHh2FUt8pwR/OpwuVT
                                                                                                                                                                                                                              MD5:F1DDCBD0C46AAA22F3981AAE62183D41
                                                                                                                                                                                                                              SHA1:0DB5A1F5FD8487EF025086180FD86F4857449460
                                                                                                                                                                                                                              SHA-256:AB3C6D371C21C1B08392F267D68FB2B6665F851547FFE433FB14A6FB6C5F7AF7
                                                                                                                                                                                                                              SHA-512:6966EAF42E3E8547A6B9DA91A884B319690764344598B54E33DA8BBBB1B9B7BC42A43CB52181B4195EEF802660A17648C45B2C48F36CFD225CCDB6BB16FFE8EA
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview:2025/03/07-14:10:18.023 64c Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database/MANIFEST-000001.2025/03/07-14:10:18.024 64c Recovering log #3.2025/03/07-14:10:18.038 64c Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database/000003.log .

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\DawnCache\data_1

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):270336
                                                                                                                                                                                                                              Entropy (8bit):0.0012471779557650352
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:3:MsEllllkEthXllkl2zE:/M/xT02z
                                                                                                                                                                                                                              MD5:F50F89A0A91564D0B8A211F8921AA7DE
                                                                                                                                                                                                                              SHA1:112403A17DD69D5B9018B8CEDE023CB3B54EAB7D
                                                                                                                                                                                                                              SHA-256:B1E963D702392FB7224786E7D56D43973E9B9EFD1B89C17814D7C558FFC0CDEC
                                                                                                                                                                                                                              SHA-512:BF8CDA48CF1EC4E73F0DD1D4FA5562AF1836120214EDB74957430CD3E4A2783E801FA3F4ED2AFB375257CAEED4ABE958265237D6E0AACF35A9EDE7A2E8898D58
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\GPUCache\data_1

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):270336
                                                                                                                                                                                                                              Entropy (8bit):0.0012471779557650352
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:3:MsEllllkEthXllkl2zE:/M/xT02z
                                                                                                                                                                                                                              MD5:F50F89A0A91564D0B8A211F8921AA7DE
                                                                                                                                                                                                                              SHA1:112403A17DD69D5B9018B8CEDE023CB3B54EAB7D
                                                                                                                                                                                                                              SHA-256:B1E963D702392FB7224786E7D56D43973E9B9EFD1B89C17814D7C558FFC0CDEC
                                                                                                                                                                                                                              SHA-512:BF8CDA48CF1EC4E73F0DD1D4FA5562AF1836120214EDB74957430CD3E4A2783E801FA3F4ED2AFB375257CAEED4ABE958265237D6E0AACF35A9EDE7A2E8898D58
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb\LOG

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                              File Type:ASCII text
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):430
                                                                                                                                                                                                                              Entropy (8bit):5.231369530785992
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:12:7ypwyGyvdZYebvqBQFUt8pw7p/Opw2jR5wZYebvqBvJ:7yOJYbYebvZg8O7gOuDgYebvk
                                                                                                                                                                                                                              MD5:B93C1AF05BE837E1F852C6E357FFF121
                                                                                                                                                                                                                              SHA1:AF376C8379EFDDCBDD5ECA114A1C943699609179
                                                                                                                                                                                                                              SHA-256:1625B9B7D009BDE3D23789F5DDE27C8C92C8A06DC6641D5DB12D87269CF71706
                                                                                                                                                                                                                              SHA-512:C31B26C74BA935080BA5521F37BF84309F349E3715A6D4285813311640A35BA7B16FF08566B2C4DE52AE4A471EFE63646507A7A9B8AA62DA48C3014F7EEFDC26
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview:2025/03/07-14:10:18.839 1ec4 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb/MANIFEST-000001.2025/03/07-14:10:18.840 1ec4 Recovering log #3.2025/03/07-14:10:18.845 1ec4 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb/000003.log .

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb\LOG.old (copy)

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                              File Type:ASCII text
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):430
                                                                                                                                                                                                                              Entropy (8bit):5.231369530785992
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:12:7ypwyGyvdZYebvqBQFUt8pw7p/Opw2jR5wZYebvqBvJ:7yOJYbYebvZg8O7gOuDgYebvk
                                                                                                                                                                                                                              MD5:B93C1AF05BE837E1F852C6E357FFF121
                                                                                                                                                                                                                              SHA1:AF376C8379EFDDCBDD5ECA114A1C943699609179
                                                                                                                                                                                                                              SHA-256:1625B9B7D009BDE3D23789F5DDE27C8C92C8A06DC6641D5DB12D87269CF71706
                                                                                                                                                                                                                              SHA-512:C31B26C74BA935080BA5521F37BF84309F349E3715A6D4285813311640A35BA7B16FF08566B2C4DE52AE4A471EFE63646507A7A9B8AA62DA48C3014F7EEFDC26
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview:2025/03/07-14:10:18.839 1ec4 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb/MANIFEST-000001.2025/03/07-14:10:18.840 1ec4 Recovering log #3.2025/03/07-14:10:18.845 1ec4 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb/000003.log .

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\30a87269-4604-42c8-a0f1-ea68a8936ac2.tmp

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):2
                                                                                                                                                                                                                              Entropy (8bit):1.0
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:3:H:H
                                                                                                                                                                                                                              MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                              SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                              SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                              SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview:[]

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\45300311-fd1a-4da9-9171-c0fc9fef0ab2.tmp

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):111
                                                                                                                                                                                                                              Entropy (8bit):4.718418993774295
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:3:YLb9N+eAXRfHDH2LS7PMVKJq0nMb1KKqk1Yn:YHpoeS7PMVKJTnMRKXk1Yn
                                                                                                                                                                                                                              MD5:807419CA9A4734FEAF8D8563A003B048
                                                                                                                                                                                                                              SHA1:A723C7D60A65886FFA068711F1E900CCC85922A6
                                                                                                                                                                                                                              SHA-256:AA10BF07B0D265BED28F2A475F3564D8DDB5E4D4FFEE0AB6F3A0CC564907B631
                                                                                                                                                                                                                              SHA-512:F10D496AE75DB5BA412BD9F17BF0C7DA7632DB92A3FABF7F24071E40F5759C6A875AD8F3A72BAD149DA58B3DA3B816077DF125D0D9F3544ADBA68C66353D206C
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview:{"net":{"http_server_properties":{"servers":[],"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"3G"}}}

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\6a758a7d-295e-4999-9ebd-65a8734bd78e.tmp

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):2
                                                                                                                                                                                                                              Entropy (8bit):1.0
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:3:H:H
                                                                                                                                                                                                                              MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                              SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                              SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                              SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview:[]

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Network Persistent State (copy)

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):111
                                                                                                                                                                                                                              Entropy (8bit):4.718418993774295
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:3:YLb9N+eAXRfHDH2LS7PMVKJq0nMb1KKqk1Yn:YHpoeS7PMVKJTnMRKXk1Yn
                                                                                                                                                                                                                              MD5:807419CA9A4734FEAF8D8563A003B048
                                                                                                                                                                                                                              SHA1:A723C7D60A65886FFA068711F1E900CCC85922A6
                                                                                                                                                                                                                              SHA-256:AA10BF07B0D265BED28F2A475F3564D8DDB5E4D4FFEE0AB6F3A0CC564907B631
                                                                                                                                                                                                                              SHA-512:F10D496AE75DB5BA412BD9F17BF0C7DA7632DB92A3FABF7F24071E40F5759C6A875AD8F3A72BAD149DA58B3DA3B816077DF125D0D9F3544ADBA68C66353D206C
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview:{"net":{"http_server_properties":{"servers":[],"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"3G"}}}

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\SCT Auditing Pending Reports (copy)

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):2
                                                                                                                                                                                                                              Entropy (8bit):1.0
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:3:H:H
                                                                                                                                                                                                                              MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                              SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                              SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                              SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview:[]

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\SCT Auditing Pending Reports~RF28a06.TMP (copy)

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):2
                                                                                                                                                                                                                              Entropy (8bit):1.0
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:3:H:H
                                                                                                                                                                                                                              MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                              SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                              SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                              SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview:[]

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Sdch Dictionaries (copy)

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):40
                                                                                                                                                                                                                              Entropy (8bit):4.1275671571169275
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:3:Y2ktGMxkAXWMSN:Y2xFMSN
                                                                                                                                                                                                                              MD5:20D4B8FA017A12A108C87F540836E250
                                                                                                                                                                                                                              SHA1:1AC617FAC131262B6D3CE1F52F5907E31D5F6F00
                                                                                                                                                                                                                              SHA-256:6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
                                                                                                                                                                                                                              SHA-512:507B2B8A8A168FF8F2BDAFA5D9D341C44501A5F17D9F63F3D43BD586BC9E8AE33221887869FA86F845B7D067CB7D2A7009EFD71DDA36E03A40A74FEE04B86856
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview:{"SDCH":{"dictionaries":{},"version":2}}

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Trust Tokens

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 9, cookie 0x7, schema 4, UTF-8, version-valid-for 4
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):36864
                                                                                                                                                                                                                              Entropy (8bit):0.3886039372934488
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:24:TLqEeWOT/kIAoDJ84l5lDlnDMlRlyKDtM6UwccWfp15fBIe:T2EeWOT/nDtX5nDOvyKDhU1cSB
                                                                                                                                                                                                                              MD5:DEA619BA33775B1BAEEC7B32110CB3BD
                                                                                                                                                                                                                              SHA1:949B8246021D004B2E772742D34B2FC8863E1AAA
                                                                                                                                                                                                                              SHA-256:3669D76771207A121594B439280A67E3A6B1CBAE8CE67A42C8312D33BA18854B
                                                                                                                                                                                                                              SHA-512:7B9741E0339B30D73FACD4670A9898147BE62B8F063A59736AFDDC83D3F03B61349828F2AE88F682D42C177AE37E18349FD41654AEBA50DDF10CD6DC70FA5879
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview:SQLite format 3......@ ..........................................................................j..........g...}.....$.X..............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\ad49acfd-34af-4df0-9fde-4e9900d22d30.tmp

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):40
                                                                                                                                                                                                                              Entropy (8bit):4.1275671571169275
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:3:Y2ktGMxkAXWMSN:Y2xFMSN
                                                                                                                                                                                                                              MD5:20D4B8FA017A12A108C87F540836E250
                                                                                                                                                                                                                              SHA1:1AC617FAC131262B6D3CE1F52F5907E31D5F6F00
                                                                                                                                                                                                                              SHA-256:6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
                                                                                                                                                                                                                              SHA-512:507B2B8A8A168FF8F2BDAFA5D9D341C44501A5F17D9F63F3D43BD586BC9E8AE33221887869FA86F845B7D067CB7D2A7009EFD71DDA36E03A40A74FEE04B86856
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview:{"SDCH":{"dictionaries":{},"version":2}}

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\000003.log

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):80
                                                                                                                                                                                                                              Entropy (8bit):3.4921535629071894
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:3:S8ltHlS+QUl1ASEGhTFljl:S85aEFljl
                                                                                                                                                                                                                              MD5:69449520FD9C139C534E2970342C6BD8
                                                                                                                                                                                                                              SHA1:230FE369A09DEF748F8CC23AD70FD19ED8D1B885
                                                                                                                                                                                                                              SHA-256:3F2E9648DFDB2DDB8E9D607E8802FEF05AFA447E17733DD3FD6D933E7CA49277
                                                                                                                                                                                                                              SHA-512:EA34C39AEA13B281A6067DE20AD0CDA84135E70C97DB3CDD59E25E6536B19F7781E5FC0CA4A11C3618D43FC3BD3FBC120DD5C1C47821A248B8AD351F9F4E6367
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview:*...#................version.1..namespace-..&f.................&f...............

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\LOG

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                              File Type:ASCII text
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):415
                                                                                                                                                                                                                              Entropy (8bit):5.219207053523126
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:12:7ypwaDM+vdZYebvqBZFUt8pwqg/Opw+DMV5wZYebvqBaJ:7yOkbYebvyg8OuO7gYebvL
                                                                                                                                                                                                                              MD5:AC5490E119A81693355313D1B45559AF
                                                                                                                                                                                                                              SHA1:65BD3AE61B3EEB049971764002B2560ACB6E2359
                                                                                                                                                                                                                              SHA-256:B6E2E988DFE123D8772FF72E1A6258F948EA83629B6A94D048A0BEA91BC5AFDC
                                                                                                                                                                                                                              SHA-512:01F716D04248BE368CA825F72DD8D372ACC0178404B3BA5FD9336043D52CAB7CF0EF80F7AF286584FC1EF8DEBF6CB4DB62B1F818D5B3444908040B9F531E63FC
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview:2025/03/07-14:10:37.059 cfc Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage/MANIFEST-000001.2025/03/07-14:10:37.060 cfc Recovering log #3.2025/03/07-14:10:37.064 cfc Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage/000003.log .

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\LOG.old (copy)

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                              File Type:ASCII text
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):415
                                                                                                                                                                                                                              Entropy (8bit):5.219207053523126
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:12:7ypwaDM+vdZYebvqBZFUt8pwqg/Opw+DMV5wZYebvqBaJ:7yOkbYebvyg8OuO7gYebvL
                                                                                                                                                                                                                              MD5:AC5490E119A81693355313D1B45559AF
                                                                                                                                                                                                                              SHA1:65BD3AE61B3EEB049971764002B2560ACB6E2359
                                                                                                                                                                                                                              SHA-256:B6E2E988DFE123D8772FF72E1A6258F948EA83629B6A94D048A0BEA91BC5AFDC
                                                                                                                                                                                                                              SHA-512:01F716D04248BE368CA825F72DD8D372ACC0178404B3BA5FD9336043D52CAB7CF0EF80F7AF286584FC1EF8DEBF6CB4DB62B1F818D5B3444908040B9F531E63FC
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview:2025/03/07-14:10:37.059 cfc Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage/MANIFEST-000001.2025/03/07-14:10:37.060 cfc Recovering log #3.2025/03/07-14:10:37.064 cfc Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage/000003.log .

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                              File Type:ASCII text
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):321
                                                                                                                                                                                                                              Entropy (8bit):5.24855582411944
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:6:iOypwiXQUFtv1yq2PFi23oH+TcwtpIFUt8pwiXQjz1ZmwOpwiXQjlRkwOFi23oHs:7ypw0pAvdZYebmFUt8pw04z1/Opw04zs
                                                                                                                                                                                                                              MD5:1448CAC7C2F4DE24381D055D8EEE720E
                                                                                                                                                                                                                              SHA1:B9D299AB1ABE9D07CF640C702CF00FC2DC3C5B17
                                                                                                                                                                                                                              SHA-256:E4611197B8FC7B214141C9B59AE26E1C1CCB9D8F430CCDFD9FABE0979A16F843
                                                                                                                                                                                                                              SHA-512:73229E7FB5FA2052BFA513D199C94B13082A3C689BA04292C1DDAF50D10A0296B7DCF87552E1BB3AED043C417C7A711CA19BE5C36DC2802C076419480122E5E6
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview:2025/03/07-14:10:18.251 990 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB/MANIFEST-000001.2025/03/07-14:10:18.252 990 Recovering log #3.2025/03/07-14:10:18.252 990 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB/000003.log .

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG.old (copy)

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                              File Type:ASCII text
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):321
                                                                                                                                                                                                                              Entropy (8bit):5.24855582411944
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:6:iOypwiXQUFtv1yq2PFi23oH+TcwtpIFUt8pwiXQjz1ZmwOpwiXQjlRkwOFi23oHs:7ypw0pAvdZYebmFUt8pw04z1/Opw04zs
                                                                                                                                                                                                                              MD5:1448CAC7C2F4DE24381D055D8EEE720E
                                                                                                                                                                                                                              SHA1:B9D299AB1ABE9D07CF640C702CF00FC2DC3C5B17
                                                                                                                                                                                                                              SHA-256:E4611197B8FC7B214141C9B59AE26E1C1CCB9D8F430CCDFD9FABE0979A16F843
                                                                                                                                                                                                                              SHA-512:73229E7FB5FA2052BFA513D199C94B13082A3C689BA04292C1DDAF50D10A0296B7DCF87552E1BB3AED043C417C7A711CA19BE5C36DC2802C076419480122E5E6
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview:2025/03/07-14:10:18.251 990 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB/MANIFEST-000001.2025/03/07-14:10:18.252 990 Recovering log #3.2025/03/07-14:10:18.252 990 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB/000003.log .

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Web Data

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 10, database pages 91, cookie 0x36, schema 4, UTF-8, version-valid-for 10
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):196608
                                                                                                                                                                                                                              Entropy (8bit):1.2651283488451373
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:384:8/2qOB1nxCkM2SAELyKOMq+8wH0hLUZsrhVumd:Bq+n0J29ELyKOMq+8I0hAOf
                                                                                                                                                                                                                              MD5:F3A44A95B669AA3A697EAB13E8CC6D6D
                                                                                                                                                                                                                              SHA1:56EA93778BA540CAC260022581D286351ADE02E5
                                                                                                                                                                                                                              SHA-256:4B3FE291174AA62F2BE66B691E8FF006BCCFF78D42698141DBFD22532FE116A8
                                                                                                                                                                                                                              SHA-512:9D3F1B5B6150822E45A09564AC102B3C3768FE9A6BB3684E3A52EAB0728D4609BE11C9B3A5A3F3F068458AB73D374D440D11CCAD49EB17DB2321B5907F03CEFF
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview:SQLite format 3......@ .......[...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\WebStorage\QuotaManager

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 10, cookie 0x7, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):40960
                                                                                                                                                                                                                              Entropy (8bit):0.46713373752876164
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:48:Tnj7dojKsKmjKZKAsjZNOjAhts3N8g1j3UcB0iW8:v7doKsKuKZKlZNmu46yjx0I
                                                                                                                                                                                                                              MD5:9F00B0412BB0338138A8252FBEFD6283
                                                                                                                                                                                                                              SHA1:36193BF55DD3EBA060CBBCD031E87A3097CA2848
                                                                                                                                                                                                                              SHA-256:4B33FD0D32EF596FB1347465411403A53E53C4E78D4CED69642A81B8CFEE6BA5
                                                                                                                                                                                                                              SHA-512:A6A2B56A6C3B4FF3834475EE6A064CA72EB75D7D479FAE6EE4454655CBF23D1C74017C1011E3E022FCA113E602925539B245C46B36FA1F5B95B4BA7CC76A18C6
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview:SQLite format 3......@ ..........................................................................j.......w..g...........M...w..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\WebStorage\QuotaManager-journal

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):12824
                                                                                                                                                                                                                              Entropy (8bit):0.13766033093567093
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:3:6nfNllv/etXlZ+OibPl234//l/h4jRfn1d7jdtQfTlbW6wNdHXtXlZ+OaP:6nqlAnbw4puj3dndWl3atlA9
                                                                                                                                                                                                                              MD5:B22EA1AEB867C566428DACB70A5297AD
                                                                                                                                                                                                                              SHA1:FD299E11F8DE599D47D72008B5681C6D08A9C729
                                                                                                                                                                                                                              SHA-256:0172B5C43256726378EA64E9C5232CD535DF7ED8FFC8078AB0A590001C95593D
                                                                                                                                                                                                                              SHA-512:665DFF9D4AF175A98D22000D828B835E4B9C0A89C39482E39ACC085ED275B53063F3453CCDA332682DE817B2BF0F00E38B535D390B0E9E1D4965D0B4E26A31AB
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\arbitration_service_config.json

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                              File Type:ASCII text, with very long lines (3951), with CRLF line terminators
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):11755
                                                                                                                                                                                                                              Entropy (8bit):5.190465908239046
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:192:hH4vrmqRBB4W4PoiUDNaxvR5FCHFcoaSbqGEDI:hH4vrmUB6W4jR3GaSbqGEDI
                                                                                                                                                                                                                              MD5:07301A857C41B5854E6F84CA00B81EA0
                                                                                                                                                                                                                              SHA1:7441FC1018508FF4F3DBAA139A21634C08ED979C
                                                                                                                                                                                                                              SHA-256:2343C541E095E1D5F202E8D2A0807113E69E1969AF8E15E3644C51DB0BF33FBF
                                                                                                                                                                                                                              SHA-512:00ADE38E9D2F07C64648202F1D5F18A2DFB2781C0517EAEBCD567D8A77DBB7CB40A58B7C7D4EC03336A63A20D2E11DD64448F020C6FF72F06CA870AA2B4765E0
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview:{.. "DefaultCohort": {.. "21f3388b-c2a5-4791-8f6e-a4cad6d17f4f.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.BingHomePage.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Covid.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Finance.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Jobs.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.KnowledgeCard.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Local.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.NTP3PCLICK.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.NotifySearchPage.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Recipe.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.SearchPage.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Sports.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Travel.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Weather.Bubble": 1,.. "2cb2db96-3bd0-403e-abe2-9269b3761041.Bubble": 1,.

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\d7e39c84-6505-4a03-8058-c46395591cfb.tmp

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):40504
                                                                                                                                                                                                                              Entropy (8bit):5.560561876871161
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:768:e79Im87pLGLxAmWPHbfGa8F1+UoAYDCx9Tuqh0VfUC9xbog/OVZDTEkDtrwnA34i:e79ImgcxAmWPHbfGau1ja0DTPDWnA34i
                                                                                                                                                                                                                              MD5:DB89F50DD05ACFC3C03CC04C984EC40F
                                                                                                                                                                                                                              SHA1:3EF33EF78A204120CA0F6EC5E6DA5AEB7D413772
                                                                                                                                                                                                                              SHA-256:C28152B6A86B2DF5E0C2669003E086A38FF408D741C33DACD804A633D07EB9C9
                                                                                                                                                                                                                              SHA-512:61B31F50CF88238919173B1299F8B914EE8BF37AA91F952931FC302C6D817BD6C453587AA59BAC3D910A4751AB55E1D40C6AB2B406847376617BDC114B48F4D2
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview:{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13385848218041096","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13385848218041096","location":5,"ma

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\databases\Databases.db

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 7, cookie 0x4, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):28672
                                                                                                                                                                                                                              Entropy (8bit):0.3410017321959524
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:12:TLiqi/nGb0EiDFIlTSFbyrKZb9YwFOqAyl+FxOUwa5qgufTJpbZ75fOSG:TLiMNiD+lZk/Fj+6UwccNp15fBG
                                                                                                                                                                                                                              MD5:98643AF1CA5C0FE03CE8C687189CE56B
                                                                                                                                                                                                                              SHA1:ECADBA79A364D72354C658FD6EA3D5CF938F686B
                                                                                                                                                                                                                              SHA-256:4DC3BF7A36AB5DA80C0995FAF61ED0F96C4DE572F2D6FF9F120F9BC44B69E444
                                                                                                                                                                                                                              SHA-512:68B69FCE8EF5AB1DDA2994BA4DB111136BD441BC3EFC0251F57DC20A3095B8420669E646E2347EAB7BAF30CACA4BCF74BD88E049378D8DE57DE72E4B8A5FF74B
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview:SQLite format 3......@ ..........................................................................j..........g.....P....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\dd6547de-bf3d-4cfb-8866-bf327c785e91.tmp

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):13416
                                                                                                                                                                                                                              Entropy (8bit):5.221471341937468
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:192:stZJ99QTryDigabatSuypmsGipIlN6xyk22N/p8xbV+FP9QwIXy933+PAcdJ:stZPGKSu4msGui48bG1Qw99nw
                                                                                                                                                                                                                              MD5:4CE81AFBA3C107A3146C31EA9121F708
                                                                                                                                                                                                                              SHA1:2400C8CB0CEFC823E6800F4C0268C21BA884F74A
                                                                                                                                                                                                                              SHA-256:1B624A15105DF6971518133C31FE6E2A0A26D0797A35223DB29EE4A8E51BCEFF
                                                                                                                                                                                                                              SHA-512:45720E3A0BD6A261B5493DC713C49A820222597166CCB54759C16518FD18EEE6A9587F05CD7FE2DB103B933AB3A013375766958402D3914366E55C557AC8F3D0
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13385828569213643","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340975013362099","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"2caf0cf4-ea42-4083-b928-29b39da1182b":{"last_path":""},"2cb2db96-3bd0-403e-abe2-9269b3761041":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db-shm

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):32768
                                                                                                                                                                                                                              Entropy (8bit):0.10914902031346826
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:12:0zHSr/MLpEjVl/PnnnnnnnnnnnnnvoQrEo8VF4D:0zHSr/ioPnnnnnnnnnnnnnvBjpD
                                                                                                                                                                                                                              MD5:DF237469E454F9CF9022D87FA8F23471
                                                                                                                                                                                                                              SHA1:EE7FBB4624805E0B0469E2BA99FE6248F18441D5
                                                                                                                                                                                                                              SHA-256:6D594E0E880646724B795FDB6C8DAD62E3AB3608A050708075D1012E38D5DBEF
                                                                                                                                                                                                                              SHA-512:BD61460A43161FC7F6555F8282E081B6B023900493A86F0087F2E007374072197800E6C6A6BC7BBC45DAF1A8C5DAD7464E88848CB74BF94EEE978F794CF6417F
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview:..-.............U........QE..>.Y..^..6W.zZ`.}6v..-.............U........QE..>.Y..^..6W.zZ`.}6v........Q...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db-wal

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                              File Type:SQLite Write-Ahead Log, version 3007000
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):350232
                                                                                                                                                                                                                              Entropy (8bit):0.9819627552718343
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:384:+p7o407BMjx0IOx1Y7xzSsZxEjwxFg5x9i2xE8Md+vxE8n3EYxC+84Wyoy2cXyQm:Ix6xQxO0x5xSxnxI+x1xXZNy
                                                                                                                                                                                                                              MD5:1B374FF1C2043B8B30F47A919AF5B55F
                                                                                                                                                                                                                              SHA1:D7820EF1D8D996BDB16A6E57DC09F4C85B591A46
                                                                                                                                                                                                                              SHA-256:150ABF693D878C9BD179C7240A57074DC3146912B1DD28FEDE0BC0612B96FC1A
                                                                                                                                                                                                                              SHA-512:AEC30439EDD9D75D2815E0A952CD2D49F3DE29DA0BCD7875C127EBD5FB5213D81CA8CC509516DC071FAB8EC68752CFC8CD5B0F5E956F4B324CE5C16A1927B530
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview:7....-............^..6W3...B!N...........^..6W..&#_.V.SQLite format 3......@ ..........................................................................j.............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):514
                                                                                                                                                                                                                              Entropy (8bit):3.440598331880883
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:6:/XntM+1l3sedhOnQyOuuuuuuuuuuuuuuuuuBDsedhO3g:dlc8CdOuuuuuuuuuuuuuuuuuBw8d
                                                                                                                                                                                                                              MD5:C04F9CA1F57F649B3FDF4938F3FAC06B
                                                                                                                                                                                                                              SHA1:9C2199CAFBEA49C240C5D222D649821AE088BBBB
                                                                                                                                                                                                                              SHA-256:E6D0A1BBDFB897400D0864BFBBE9677EC56EF9DA4D6063BF02D3C003517CEC10
                                                                                                                                                                                                                              SHA-512:01133719819E8373D27F6366C1C5D21C16A217459DD57B3E8F6DB6199AF3F4FCD9913533A874016F2BCB9ED7162DD5BA55FB600343C05E3A3A3E91F359D8F208
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview:A..r.................20_1_1...1.,U.................20_1_1...1x...0................39_config..........6.....n ....1u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=.................#.0................39_config..........6.....n ...1

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                              File Type:ASCII text
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):320
                                                                                                                                                                                                                              Entropy (8bit):5.278810666812546
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:6:iOypwiIYNADM+q2PFi23oH+TcwtfrK+IFUt8pwixcAgZmwOpwixcADMVkwOFi23h:7ypwbYNADM+vdZYeb23FUt8pwbAg/OpH
                                                                                                                                                                                                                              MD5:DEEE977CBCE54AB5AC26CA19AD266535
                                                                                                                                                                                                                              SHA1:B72F93C4C7DDD6C33BA0927785B4D47992D7A24A
                                                                                                                                                                                                                              SHA-256:089B534D732052385753C7FF45711E71A0F2F38DC0468C4BC20251ACE64689D8
                                                                                                                                                                                                                              SHA-512:558F4AAB77EBD9A2589E8731061E0F0DA9BD28C267752DEEFA973006D551619EB3601B03377C8816284779506ACBCAA6994A2A6BD5F737EE8955B319A4930DF0
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview:2025/03/07-14:10:18.795 118c Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db/MANIFEST-000001.2025/03/07-14:10:18.796 118c Recovering log #3.2025/03/07-14:10:18.796 118c Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db/000003.log .

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG.old (copy)

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                              File Type:ASCII text
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):320
                                                                                                                                                                                                                              Entropy (8bit):5.278810666812546
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:6:iOypwiIYNADM+q2PFi23oH+TcwtfrK+IFUt8pwixcAgZmwOpwixcADMVkwOFi23h:7ypwbYNADM+vdZYeb23FUt8pwbAg/OpH
                                                                                                                                                                                                                              MD5:DEEE977CBCE54AB5AC26CA19AD266535
                                                                                                                                                                                                                              SHA1:B72F93C4C7DDD6C33BA0927785B4D47992D7A24A
                                                                                                                                                                                                                              SHA-256:089B534D732052385753C7FF45711E71A0F2F38DC0468C4BC20251ACE64689D8
                                                                                                                                                                                                                              SHA-512:558F4AAB77EBD9A2589E8731061E0F0DA9BD28C267752DEEFA973006D551619EB3601B03377C8816284779506ACBCAA6994A2A6BD5F737EE8955B319A4930DF0
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview:2025/03/07-14:10:18.795 118c Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db/MANIFEST-000001.2025/03/07-14:10:18.796 118c Recovering log #3.2025/03/07-14:10:18.796 118c Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db/000003.log .

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):787
                                                                                                                                                                                                                              Entropy (8bit):4.059252238767438
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:12:G0nYUtTNop//z3p/Uz0RuWlJhC+lvBavRtin01zvZDEtlkyBrgxvB1ys:G0nYUtypD3RUovhC+lvBOL+t3IvB8s
                                                                                                                                                                                                                              MD5:D8D8899761F621B63AD5ED6DF46D22FE
                                                                                                                                                                                                                              SHA1:23E6A39058AB3C1DEADC0AF2E0FFD0D84BB7F1BE
                                                                                                                                                                                                                              SHA-256:A5E0A78EE981FB767509F26021E1FA3C506F4E86860946CAC1DC4107EB3B3813
                                                                                                                                                                                                                              SHA-512:4F89F556138C0CF24D3D890717EB82067C5269063C84229E93F203A22028782902FA48FB0154F53E06339F2FDBE35A985CE728235EA429D8D157090D25F15A4E
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview:.h.6.................__global... .t...................__global... .9..b.................33_..........................33_........v.................21_.....vuNX.................21_.....<...................20_.....,.1..................19_.....QL.s.................18_.....<.J|.................37_...... .A.................38_..........................39_........].................20_.....Owa..................20_.....`..N.................19_.....D8.X.................18_......`...................37_..........................38_......\e..................39_.....dz.|.................9_.....'\c..................9_.......f-.................__global... .|.&R.................__global... ./....................__global... ..T...................__global... ...G..................__global... .

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                              File Type:ASCII text
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):338
                                                                                                                                                                                                                              Entropy (8bit):5.241778183308274
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:6:iOypwiTSUADM+q2PFi23oH+TcwtfrzAdIFUt8pwiTC+NAgZmwOpwi9cADMVkwOF0:7ypwwSUADM+vdZYeb9FUt8pwwCcAg/Oe
                                                                                                                                                                                                                              MD5:AEF8370F2F647BCD38E51E3215B7764C
                                                                                                                                                                                                                              SHA1:12996F0725A03C71EC9E0B63A9CF8822CFBF0F44
                                                                                                                                                                                                                              SHA-256:1C12FD050582E393EABCA53BFA4D50FBD37FA72DFB1F59770371A67011E034EB
                                                                                                                                                                                                                              SHA-512:A1B75FFC02A56BEB6975A934B84BF11B2EDEFABC74117CD1EBB42A435C32C4030B6CB47155BDCAE20ACDC778AFD632DB32EF0F6A87C3ED337B07B8982B54F8F7
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview:2025/03/07-14:10:18.670 118c Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata/MANIFEST-000001.2025/03/07-14:10:18.681 118c Recovering log #3.2025/03/07-14:10:18.792 118c Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata/000003.log .

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG.old (copy)

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                              File Type:ASCII text
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):338
                                                                                                                                                                                                                              Entropy (8bit):5.241778183308274
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:6:iOypwiTSUADM+q2PFi23oH+TcwtfrzAdIFUt8pwiTC+NAgZmwOpwi9cADMVkwOF0:7ypwwSUADM+vdZYeb9FUt8pwwCcAg/Oe
                                                                                                                                                                                                                              MD5:AEF8370F2F647BCD38E51E3215B7764C
                                                                                                                                                                                                                              SHA1:12996F0725A03C71EC9E0B63A9CF8822CFBF0F44
                                                                                                                                                                                                                              SHA-256:1C12FD050582E393EABCA53BFA4D50FBD37FA72DFB1F59770371A67011E034EB
                                                                                                                                                                                                                              SHA-512:A1B75FFC02A56BEB6975A934B84BF11B2EDEFABC74117CD1EBB42A435C32C4030B6CB47155BDCAE20ACDC778AFD632DB32EF0F6A87C3ED337B07B8982B54F8F7
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview:2025/03/07-14:10:18.670 118c Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata/MANIFEST-000001.2025/03/07-14:10:18.681 118c Recovering log #3.2025/03/07-14:10:18.792 118c Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata/000003.log .

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Last Browser

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):120
                                                                                                                                                                                                                              Entropy (8bit):3.32524464792714
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:3:tbloIlrJFlXnpQoWcNylRjlgbYnPdJiG6R7lZAUAl:tbdlrYoWcV0n1IGi7kBl
                                                                                                                                                                                                                              MD5:A397E5983D4A1619E36143B4D804B870
                                                                                                                                                                                                                              SHA1:AA135A8CC2469CFD1EF2D7955F027D95BE5DFBD4
                                                                                                                                                                                                                              SHA-256:9C70F766D3B84FC2BB298EFA37CC9191F28BEC336329CC11468CFADBC3B137F4
                                                                                                                                                                                                                              SHA-512:4159EA654152D2810C95648694DD71957C84EA825FCCA87B36F7E3282A72B30EF741805C610C5FA847CA186E34BDE9C289AAA7B6931C5B257F1D11255CD2A816
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview:C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.M.i.c.r.o.s.o.f.t.\.E.d.g.e.\.A.p.p.l.i.c.a.t.i.o.n.\.m.s.e.d.g.e...e.x.e.

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Last Version

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                              File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):13
                                                                                                                                                                                                                              Entropy (8bit):2.7192945256669794
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:3:NYLFRQI:ap2I
                                                                                                                                                                                                                              MD5:BF16C04B916ACE92DB941EBB1AF3CB18
                                                                                                                                                                                                                              SHA1:FA8DAEAE881F91F61EE0EE21BE5156255429AA8A
                                                                                                                                                                                                                              SHA-256:7FC23C9028A316EC0AC25B09B5B0D61A1D21E58DFCF84C2A5F5B529129729098
                                                                                                                                                                                                                              SHA-512:F0B7DF5517596B38D57C57B5777E008D6229AB5B1841BBE74602C77EEA2252BF644B8650C7642BD466213F62E15CC7AB5A95B28E26D3907260ED1B96A74B65FB
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview:117.0.2045.47

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State (copy)

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):56160
                                                                                                                                                                                                                              Entropy (8bit):6.104562769657611
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4kQGUXqgfbjQVE8bHNhEKMORWY9Qmm09QYqGwLWZkHU4:z/Ps+wsI7ynW8rkKMORrqfyW0e6kaoX
                                                                                                                                                                                                                              MD5:07B51847F43DBC0303C5947B66E1AA7E
                                                                                                                                                                                                                              SHA1:C9AA4A761ABE6161D2607DF3946F96A0311CA1AA
                                                                                                                                                                                                                              SHA-256:2FCEF9D78D7F8167C7D597AFD82D6CC77311720F9305A04CD8B1415BB80ADAC2
                                                                                                                                                                                                                              SHA-512:6573E28F1B77381A874E6CE9BE1D9860874E35183D50A94CE432513FD2A9685BB32C8A5D407FC42B5D61C65E2250B6B5D53AD8CBA7ABC3BD870BD57C7F0BC2CD
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF25b74.TMP (copy)

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):56160
                                                                                                                                                                                                                              Entropy (8bit):6.104562769657611
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4kQGUXqgfbjQVE8bHNhEKMORWY9Qmm09QYqGwLWZkHU4:z/Ps+wsI7ynW8rkKMORrqfyW0e6kaoX
                                                                                                                                                                                                                              MD5:07B51847F43DBC0303C5947B66E1AA7E
                                                                                                                                                                                                                              SHA1:C9AA4A761ABE6161D2607DF3946F96A0311CA1AA
                                                                                                                                                                                                                              SHA-256:2FCEF9D78D7F8167C7D597AFD82D6CC77311720F9305A04CD8B1415BB80ADAC2
                                                                                                                                                                                                                              SHA-512:6573E28F1B77381A874E6CE9BE1D9860874E35183D50A94CE432513FD2A9685BB32C8A5D407FC42B5D61C65E2250B6B5D53AD8CBA7ABC3BD870BD57C7F0BC2CD
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF25cbc.TMP (copy)

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):56160
                                                                                                                                                                                                                              Entropy (8bit):6.104562769657611
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4kQGUXqgfbjQVE8bHNhEKMORWY9Qmm09QYqGwLWZkHU4:z/Ps+wsI7ynW8rkKMORrqfyW0e6kaoX
                                                                                                                                                                                                                              MD5:07B51847F43DBC0303C5947B66E1AA7E
                                                                                                                                                                                                                              SHA1:C9AA4A761ABE6161D2607DF3946F96A0311CA1AA
                                                                                                                                                                                                                              SHA-256:2FCEF9D78D7F8167C7D597AFD82D6CC77311720F9305A04CD8B1415BB80ADAC2
                                                                                                                                                                                                                              SHA-512:6573E28F1B77381A874E6CE9BE1D9860874E35183D50A94CE432513FD2A9685BB32C8A5D407FC42B5D61C65E2250B6B5D53AD8CBA7ABC3BD870BD57C7F0BC2CD
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF2838e.TMP (copy)

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):56160
                                                                                                                                                                                                                              Entropy (8bit):6.104562769657611
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4kQGUXqgfbjQVE8bHNhEKMORWY9Qmm09QYqGwLWZkHU4:z/Ps+wsI7ynW8rkKMORrqfyW0e6kaoX
                                                                                                                                                                                                                              MD5:07B51847F43DBC0303C5947B66E1AA7E
                                                                                                                                                                                                                              SHA1:C9AA4A761ABE6161D2607DF3946F96A0311CA1AA
                                                                                                                                                                                                                              SHA-256:2FCEF9D78D7F8167C7D597AFD82D6CC77311720F9305A04CD8B1415BB80ADAC2
                                                                                                                                                                                                                              SHA-512:6573E28F1B77381A874E6CE9BE1D9860874E35183D50A94CE432513FD2A9685BB32C8A5D407FC42B5D61C65E2250B6B5D53AD8CBA7ABC3BD870BD57C7F0BC2CD
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF2ab78.TMP (copy)

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):56160
                                                                                                                                                                                                                              Entropy (8bit):6.104562769657611
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4kQGUXqgfbjQVE8bHNhEKMORWY9Qmm09QYqGwLWZkHU4:z/Ps+wsI7ynW8rkKMORrqfyW0e6kaoX
                                                                                                                                                                                                                              MD5:07B51847F43DBC0303C5947B66E1AA7E
                                                                                                                                                                                                                              SHA1:C9AA4A761ABE6161D2607DF3946F96A0311CA1AA
                                                                                                                                                                                                                              SHA-256:2FCEF9D78D7F8167C7D597AFD82D6CC77311720F9305A04CD8B1415BB80ADAC2
                                                                                                                                                                                                                              SHA-512:6573E28F1B77381A874E6CE9BE1D9860874E35183D50A94CE432513FD2A9685BB32C8A5D407FC42B5D61C65E2250B6B5D53AD8CBA7ABC3BD870BD57C7F0BC2CD
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF2ec69.TMP (copy)

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):56160
                                                                                                                                                                                                                              Entropy (8bit):6.104562769657611
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4kQGUXqgfbjQVE8bHNhEKMORWY9Qmm09QYqGwLWZkHU4:z/Ps+wsI7ynW8rkKMORrqfyW0e6kaoX
                                                                                                                                                                                                                              MD5:07B51847F43DBC0303C5947B66E1AA7E
                                                                                                                                                                                                                              SHA1:C9AA4A761ABE6161D2607DF3946F96A0311CA1AA
                                                                                                                                                                                                                              SHA-256:2FCEF9D78D7F8167C7D597AFD82D6CC77311720F9305A04CD8B1415BB80ADAC2
                                                                                                                                                                                                                              SHA-512:6573E28F1B77381A874E6CE9BE1D9860874E35183D50A94CE432513FD2A9685BB32C8A5D407FC42B5D61C65E2250B6B5D53AD8CBA7ABC3BD870BD57C7F0BC2CD
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF36dbf.TMP (copy)

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):56160
                                                                                                                                                                                                                              Entropy (8bit):6.104562769657611
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4kQGUXqgfbjQVE8bHNhEKMORWY9Qmm09QYqGwLWZkHU4:z/Ps+wsI7ynW8rkKMORrqfyW0e6kaoX
                                                                                                                                                                                                                              MD5:07B51847F43DBC0303C5947B66E1AA7E
                                                                                                                                                                                                                              SHA1:C9AA4A761ABE6161D2607DF3946F96A0311CA1AA
                                                                                                                                                                                                                              SHA-256:2FCEF9D78D7F8167C7D597AFD82D6CC77311720F9305A04CD8B1415BB80ADAC2
                                                                                                                                                                                                                              SHA-512:6573E28F1B77381A874E6CE9BE1D9860874E35183D50A94CE432513FD2A9685BB32C8A5D407FC42B5D61C65E2250B6B5D53AD8CBA7ABC3BD870BD57C7F0BC2CD
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Nurturing\campaign_history

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 6, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 6
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):20480
                                                                                                                                                                                                                              Entropy (8bit):0.6773696719930975
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:12:TLpUAFUxOUDaabZXiDiIF8izX4fhhdWeci2oesJaYi3islRud6zcQAJmdngzQdoO:TLiOUOq0afDdWec9sJhOs3fsuZ7J5fc
                                                                                                                                                                                                                              MD5:6FFCCB198DC6B17E165460E6E246B03C
                                                                                                                                                                                                                              SHA1:014A46B0E6E84089E1C20FA232F54CA737D5F023
                                                                                                                                                                                                                              SHA-256:D1B2EC8C9906C3418837FFB8E116AA59C026DE2D67B2AFDA956F14D0DC3851AF
                                                                                                                                                                                                                              SHA-512:846AE3D0A49A14BF82203A0FEDAD6E794F7E68C22A40EE0E014FEA99DFC676FAE4AFEB2C56F324E4361E83A35458C63E2ABAA7B28B6D23B20FA29EF47CBE87B3
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\customSettings

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                              File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):47
                                                                                                                                                                                                                              Entropy (8bit):4.3818353308528755
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:3:2jRo6jhM6ceYcUtS2djIn:5I2uxUt5Mn
                                                                                                                                                                                                                              MD5:48324111147DECC23AC222A361873FC5
                                                                                                                                                                                                                              SHA1:0DF8B2267ABBDBD11C422D23338262E3131A4223
                                                                                                                                                                                                                              SHA-256:D8D672F953E823063955BD9981532FC3453800C2E74C0CC3653D091088ABD3B3
                                                                                                                                                                                                                              SHA-512:E3B5DB7BA5E4E3DE3741F53D91B6B61D6EB9ECC8F4C07B6AE1C2293517F331B716114BAB41D7935888A266F7EBDA6FABA90023EFFEC850A929986053853F1E02
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview:customSettings_F95BA787499AB4FA9EFFF472CE383A14

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\customSettings_F95BA787499AB4FA9EFFF472CE383A14

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):35
                                                                                                                                                                                                                              Entropy (8bit):4.014438730983427
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:3:YDMGA2ADH/AYKEqsYq:YQXT/bKE1F
                                                                                                                                                                                                                              MD5:BB57A76019EADEDC27F04EB2FB1F1841
                                                                                                                                                                                                                              SHA1:8B41A1B995D45B7A74A365B6B1F1F21F72F86760
                                                                                                                                                                                                                              SHA-256:2BAE8302F9BD2D87AE26ACF692663DF1639B8E2068157451DA4773BD8BD30A2B
                                                                                                                                                                                                                              SHA-512:A455D7F8E0BE9A27CFB7BE8FE0B0E722B35B4C8F206CAD99064473F15700023D5995CC2C4FAFDB8FBB50F0BAB3EC8B241E9A512C0766AAAE1A86C3472C589FFD
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview:{"forceServiceDetermination":false}

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\edgeSettings

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                              File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):81
                                                                                                                                                                                                                              Entropy (8bit):4.3439888556902035
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:3:kDnaV6bVsFUIMf1HDOWg3djTHXoSWDSQ97P:kDYaoUIe1HDM3oskP
                                                                                                                                                                                                                              MD5:177F4D75F4FEE84EF08C507C3476C0D2
                                                                                                                                                                                                                              SHA1:08E17AEB4D4066AC034207420F1F73DD8BE3FAA0
                                                                                                                                                                                                                              SHA-256:21EE7A30C2409E0041CDA6C04EEE72688EB92FE995DC94487FF93AD32BD8F849
                                                                                                                                                                                                                              SHA-512:94FC142B3CC4844BF2C0A72BCE57363C554356C799F6E581AA3012E48375F02ABD820076A8C2902A3C6BE6AC4D8FA8D4F010D4FF261327E878AF5E5EE31038FB
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview:edgeSettings_2.0-48b11410dc937a1723bf4c5ad33ecdb286d8ec69544241bc373f753e64b396c1

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\edgeSettings_2.0-48b11410dc937a1723bf4c5ad33ecdb286d8ec69544241bc373f753e64b396c1

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):130439
                                                                                                                                                                                                                              Entropy (8bit):3.80180718117079
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:1536:RlIyFAMrwvaGbyLWzDr6PDofI8vsUnPRLz+PMh:weWGP7Eh
                                                                                                                                                                                                                              MD5:EB75CEFFE37E6DF9C171EE8380439EDA
                                                                                                                                                                                                                              SHA1:F00119BA869133D64E4F7F0181161BD47968FA23
                                                                                                                                                                                                                              SHA-256:48B11410DC937A1723BF4C5AD33ECDB286D8EC69544241BC373F753E64B396C1
                                                                                                                                                                                                                              SHA-512:044C5113D877CE2E3B42CF07670620937ED7BE2D8B3BF2BAB085C43EF4F64598A7AC56328DDBBE7F0F3CFB9EA49D38CA332BB4ECBFEDBE24AE53B14334A30C8E
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview:{.. "geoidMaps": {.. "au": "https://australia.smartscreen.microsoft.com/",.. "ch": "https://switzerland.smartscreen.microsoft.com/",.. "eu": "https://europe.smartscreen.microsoft.com/",.. "ffl4": "https://unitedstates1.ss.wd.microsoft.us/",.. "ffl4mod": "https://unitedstates4.ss.wd.microsoft.us/",.. "ffl5": "https://unitedstates2.ss.wd.microsoft.us/",.. "in": "https://india.smartscreen.microsoft.com/",.. "test": "https://eu-9.smartscreen.microsoft.com/",.. "uk": "https://unitedkingdom.smartscreen.microsoft.com/",.. "us": "https://unitedstates.smartscreen.microsoft.com/",.. "gw_au": "https://australia.smartscreen.microsoft.com/",.. "gw_ch": "https://switzerland.smartscreen.microsoft.com/",.. "gw_eu": "https://europe.smartscreen.microsoft.com/",.. "gw_ffl4": "https://unitedstates1.ss.wd.microsoft.us/",.. "gw_ffl4mod": "https://unitedstates4.ss.wd.microsoft.us/",.. "gw_ffl5": "https://unitedstates2.ss.wd.microsoft.us/",.. "gw_in": "https

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\synchronousLookupUris

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                              File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):40
                                                                                                                                                                                                                              Entropy (8bit):4.346439344671015
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:3:kfKbUPVXXMVQX:kygV5
                                                                                                                                                                                                                              MD5:6A3A60A3F78299444AACAA89710A64B6
                                                                                                                                                                                                                              SHA1:2A052BF5CF54F980475085EEF459D94C3CE5EF55
                                                                                                                                                                                                                              SHA-256:61597278D681774EFD8EB92F5836EB6362975A74CEF807CE548E50A7EC38E11F
                                                                                                                                                                                                                              SHA-512:C5D0419869A43D712B29A5A11DC590690B5876D1D95C1F1380C2F773CA0CB07B173474EE16FE66A6AF633B04CC84E58924A62F00DCC171B2656D554864BF57A4
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview:synchronousLookupUris_638343870221005468

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\synchronousLookupUris_638343870221005468

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):57
                                                                                                                                                                                                                              Entropy (8bit):4.556488479039065
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:3:GSCIPPlzYxi21goD:bCWBYx99D
                                                                                                                                                                                                                              MD5:3A05EAEA94307F8C57BAC69C3DF64E59
                                                                                                                                                                                                                              SHA1:9B852B902B72B9D5F7B9158E306E1A2C5F6112C8
                                                                                                                                                                                                                              SHA-256:A8EF112DF7DAD4B09AAA48C3E53272A2EEC139E86590FD80E2B7CBD23D14C09E
                                                                                                                                                                                                                              SHA-512:6080AEF2339031FAFDCFB00D3179285E09B707A846FD2EA03921467DF5930B3F9C629D37400D625A8571B900BC46021047770BAC238F6BAC544B48FB3D522FB0
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview:9.......murmur3.............,M.h...Z...8.\..<&Li.H..[.?m

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\topTraffic

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                              File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):29
                                                                                                                                                                                                                              Entropy (8bit):4.030394788231021
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:3:0xXeZUSXkcVn:0Re5kcV
                                                                                                                                                                                                                              MD5:52E2839549E67CE774547C9F07740500
                                                                                                                                                                                                                              SHA1:B172E16D7756483DF0CA0A8D4F7640DD5D557201
                                                                                                                                                                                                                              SHA-256:F81B7B9CE24F5A2B94182E817037B5F1089DC764BC7E55A9B0A6227A7E121F32
                                                                                                                                                                                                                              SHA-512:D80E7351E4D83463255C002D3FDCE7E5274177C24C4C728D7B7932D0BE3EBCFEB68E1E65697ED5E162E1B423BB8CDFA0864981C4B466D6AD8B5E724D84B4203B
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview:topTraffic_638004170464094982

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\topTraffic_170540185939602997400506234197983529371

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):575056
                                                                                                                                                                                                                              Entropy (8bit):7.999649474060713
                                                                                                                                                                                                                              Encrypted:true
                                                                                                                                                                                                                              SSDEEP:12288:fXdhUG0PlM/EXEBQlbk19RrH76Im4u8C1jJodha:Ji80e9Rb7Tm4u8CnR
                                                                                                                                                                                                                              MD5:BE5D1A12C1644421F877787F8E76642D
                                                                                                                                                                                                                              SHA1:06C46A95B4BD5E145E015FA7E358A2D1AC52C809
                                                                                                                                                                                                                              SHA-256:C1CE928FBEF4EF5A4207ABAFD9AB6382CC29D11DDECC215314B0522749EF6A5A
                                                                                                                                                                                                                              SHA-512:FD5B100E2F192164B77F4140ADF6DE0322F34D7B6F0CF14AED91BACAB18BB8F195F161F7CF8FB10651122A598CE474AC4DC39EDF47B6A85C90C854C2A3170960
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview:...._+jE.`..}....S..1....G}s..E....y".Wh.^.W.H...-...#.A...KR...9b........>k......bU.IVo...D......Y..[l.yx.......'c=..I0.....E.d...-...1 ....m../C...OQ.........qW..<:N.....38.u..X-..s....<..U.,Mi..._.......`.Y/.........^..,.E..........j@..G8..N.... ..Ea...4.+.79k.!T.-5W..!..@+..!.P..LDG.....V."....L.... .(#..$..&......C.....%A.T}....K_.S..'Q.".d....s....(j.D!......Ov..)*d0)."(..%..-..G..L.}....i.....m9;.....t.w..0....f?..-..M.c.3.....N7K.T..D>.3.x...z..u$5!..4..T.....U.O^L{.5..=E..'..;.}(|.6.:..f!.>...?M.8......P.D.J.I4.<...*.y.E....>....i%.6..Y.@..n.....M..r..C.f.;..<..0.H...F....h.......HB1]1....u..:...H..k....B.Q..J...@}j~.#...'Y.J~....I...ub.&..L[z..1.W/.Ck....M.......[.......N.F..z*.{nZ~d.V.4.u.K.V.......X.<p..cz..>*....X...W..da3(..g..Z$.L4.j=~.p.l.\.[e.&&.Y ...U)..._.^r0.,.{_......`S..[....(.\..p.bt.g..%.$+....f.....d....Im..f...W ......G..i_8a..ae..7....pS.....z-H..A.s.4.3..O.r.....u.S......a.}..v.-/..... ...a.x#./:...sS&U.().xL...pg

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\topTraffic_638004170464094982

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                              File Type:raw G3 (Group 3) FAX, byte-padded
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):460992
                                                                                                                                                                                                                              Entropy (8bit):7.999625908035124
                                                                                                                                                                                                                              Encrypted:true
                                                                                                                                                                                                                              SSDEEP:12288:KaRwcD8XXTZGZJHXBjOVX3xFttENr4+3eGPnKvJWXrydqb:KaR5oZ2MBFt8r4+3eG/URdqb
                                                                                                                                                                                                                              MD5:E9C502DB957CDB977E7F5745B34C32E6
                                                                                                                                                                                                                              SHA1:DBD72B0D3F46FA35A9FE2527C25271AEC08E3933
                                                                                                                                                                                                                              SHA-256:5A6B49358772DB0B5C682575F02E8630083568542B984D6D00727740506569D4
                                                                                                                                                                                                                              SHA-512:B846E682427CF144A440619258F5AA5C94CAEE7612127A60E4BD3C712F8FF614DA232D9A488E27FC2B0D53FD6ACF05409958AEA3B21EA2C1127821BD8E87A5CA
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview:...2lI.5.<C.;.{....._+jE.`..}....-...#.A...KR...l.M0,s...).9..........x.......F.b......jU....y.h'....L<...*..Z..*%.*..._...g.4yu...........'c=..I0..........qW..<:N....<..U.,Mi..._......'(..U.9.!........u....7...4. ..Ea...4.+.79k.!T.-5W..!..@+..$..t|1.E..7F...+..xf....z&_Q...-.B...)8R.c....0.......B.M.Z...0....&v..<..H...3.....N7K.T..D>.8......P.D.J.I4.B.H.VHy...@.Wc.Cl..6aD..j.....E..*4..mI..X]2.GH.G.L...E.F.=.J...@}j~.#...'Y.L[z..1.W/.Ck....L..X........J.NYd........>...N.F..z*.{nZ~d.N..../..6.\L...Q...+.w..p...>.S.iG...0]..8....S..)`B#.v..^.*.T.?...Z.rz.D'.!.T.w....S..8....V.4.u.K.V.......W.6s...Y.).[.c.X.S..........5.X7F...tQ....z.L.X..(3#j...8...i.[..j$.Q....0...]"W.c.H..n..2Te.ak...c..-F(..W2.b....3.]......c.d|.../....._...f.....d....Im..g.b..R.q.<x*x...i2..r.I()Iat..b.j.r@K.+5..C.....nJ.>*P,.V@.....s.4.3..O.r.....smd7...L.....].u&1../t.*.......uXb...=@.....wv......]....#.{$.w......i.....|.....?....E7...}$+..t).E.U..Q..~.`.)..Y@.6.h.......%(

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\local\uriCache

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                              File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):9
                                                                                                                                                                                                                              Entropy (8bit):3.169925001442312
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:3:CMzOn:CM6
                                                                                                                                                                                                                              MD5:B6F7A6B03164D4BF8E3531A5CF721D30
                                                                                                                                                                                                                              SHA1:A2134120D4712C7C629CDCEEF9DE6D6E48CA13FA
                                                                                                                                                                                                                              SHA-256:3D6F3F8F1456D7CE78DD9DFA8187318B38E731A658E513F561EE178766E74D39
                                                                                                                                                                                                                              SHA-512:4B473F45A5D45D420483EA1D9E93047794884F26781BBFE5370A554D260E80AD462E7EEB74D16025774935C3A80CBB2FD1293941EE3D7B64045B791B365F2B63
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview:uriCache_

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\local\uriCache_

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):179
                                                                                                                                                                                                                              Entropy (8bit):4.989765533686932
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:3:YTyLSmafBoTfIeRDHtDozRLuLgfGBkGAeekVy8HfzXNPIAciv+XXs:YWLSGTt1o9LuLgfGBPAzkVj/T8PXs
                                                                                                                                                                                                                              MD5:8E8F9482919D4E3E77F1FFC9653F5938
                                                                                                                                                                                                                              SHA1:4DEDBE2CD45AFBC233AA43F26B3B3C5F83955CD3
                                                                                                                                                                                                                              SHA-256:3625EA2417290D628A30B7E2A6B975E3519D067BB9E0490A4B0A66E1B25C7C56
                                                                                                                                                                                                                              SHA-512:0EBE752FD13695B0F00CA44975CAA6776235B15E401E3521AC22126A3087B653AA60AF9767E381C6728CEB86D0846B433A91DF205BCF924E2320C4AB53355F64
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview:{"version":1,"cache_data":[{"file_hash":"da2d278eafa98c1f","server_context":"1;f94c025f-7523-6972-b613-ce2c246c55ce;unkn:100;0.01","result":1,"expiration_time":1741475422225791}]}

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Variations

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):86
                                                                                                                                                                                                                              Entropy (8bit):4.3751917412896075
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:3:YQ3JYq9xSs0dMEJAELJ2rjozQan:YQ3Kq9X0dMgAEwjM
                                                                                                                                                                                                                              MD5:961E3604F228B0D10541EBF921500C86
                                                                                                                                                                                                                              SHA1:6E00570D9F78D9CFEBE67D4DA5EFE546543949A7
                                                                                                                                                                                                                              SHA-256:F7B24F2EB3D5EB0550527490395D2F61C3D2FE74BB9CB345197DAD81B58B5FED
                                                                                                                                                                                                                              SHA-512:535F930AFD2EF50282715C7E48859CC2D7B354FF4E6C156B94D5A2815F589B33189FFEDFCAF4456525283E993087F9F560D84CFCF497D189AB8101510A09C472
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview:{"user_experience_metrics.stability.exited_cleanly":false,"variations_crash_streak":0}

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\b6e2d9c1-ba62-4f5a-861b-d1868cb8c77b.tmp

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):57049
                                                                                                                                                                                                                              Entropy (8bit):6.10146964802421
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:1536:WMk16zRRSVKb3rkKMOR5tn6aopqfyW0e6x:WMYOGnKMOVnXOmyF/
                                                                                                                                                                                                                              MD5:821FD3889B04F9458B2F4E8E6A029519
                                                                                                                                                                                                                              SHA1:A71B7995A95BAE78D4A724FEC85A5FE183D79AAE
                                                                                                                                                                                                                              SHA-256:5D371D505DD99958BC64F397A81869A4C8C63CC2303E401995CAD68A0A7037A4
                                                                                                                                                                                                                              SHA-512:269E0842AED0EDB59E48C7247034081AC58119AB141B24565451079809F5432F0B62EE01E4EB89E9AA357CE699D584794EDCB09B4F1DCADD967A810343E3FF80
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview:{"abusive_adblocker_etag":"\"5E25271B8190D943537AD3FDB50874FC133E8B4A00380E2A6A888D63386F728B\"","browser":{"browser_build_version":"117.0.2045.47","browser_version_of_last_seen_whats_new":"117.0.2045.47","last_seen_whats_new_page_version":"117.0.2045.47"},"continuous_migration":{"local_guid":"34c7dd5e-f336-4151-8b1c-518d3c43e01f"},"desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL1dWZPktpH+KxP9ZDtU6GMujfykHY9txVpHyHIoYh2ODhBEkWiCAAdHVbEc/u+bCVb1dE8RqEqOdh806mbzw8VEXshM/PuKb27vha2luF9LHqKT96KVoru3G+mcquXVN/++4sOgleBBWeOvvvnn4YGs7wcLz8erb65+HMKPMVx9dVXbnisDT4wMa612TNj+6j9fUSA+xFpZPyH/9dVVQig59Wx4L5+Cwzjg799ubt/jJP48zeE9TuHwDjYBc/Ew+Ktvbv/z1ZWoe+rsjB4/7Abr5U+ajz9LXo9Px+21Mk1hoo/oX6HHjTLyKTjYyMJmCbLnO/hZMpjFAjSvxOIhbxgi5FK85m+ZCkuQu7UyKoxLO97yIFoYvbAluiw2oRoYgIQ2nG2AqJY2U+koRXQbbMm3fMsEX9JMK3GLbeAvNjhrlo5GOJiTA/oXLTdG6qXtmMBDiyS59PvY7eCklyb4QcfFi7tpdwu3VBt1XNorvM

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\db16df0e-bffc-4e9b-8131-0f90e3d7b543.tmp

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):57002
                                                                                                                                                                                                                              Entropy (8bit):6.1015744917615145
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:1536:GMk16zRRSVK43rkKMOR5tn6aopqfyW0e6x:GMYOGYKMOVnXOmyF/
                                                                                                                                                                                                                              MD5:D85DD631439C23E5C6D154016B9B5669
                                                                                                                                                                                                                              SHA1:91D98558853FFCFFB12961C0ADC34B42DE923446
                                                                                                                                                                                                                              SHA-256:2BD43B6E22F78E79B281F3DFBD581B6F120551D2941994C7B265B7460D3FFC19
                                                                                                                                                                                                                              SHA-512:A26A3068637F8BA58ADF651CC8DBB85D09CA8DEFF1082E97E664A8A5C4320B9202B7905207BCA0EC723B484A8D3FB8794BF07972EC182821E46A450B5271CEAC
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","browser":{"browser_build_version":"117.0.2045.47","browser_version_of_last_seen_whats_new":"117.0.2045.47","last_seen_whats_new_page_version":"117.0.2045.47"},"continuous_migration":{"local_guid":"34c7dd5e-f336-4151-8b1c-518d3c43e01f"},"desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL1dWZPktpH+KxP9ZDtU6GMujfykHY9txVpHyHIoYh2ODhBEkWiCAAdHVbEc/u+bCVb1dE8RqEqOdh806mbzw8VEXshM/PuKb27vha2luF9LHqKT96KVoru3G+mcquXVN/++4sOgleBBWeOvvvnn4YGs7wcLz8erb65+HMKPMVx9dVXbnisDT4wMa612TNj+6j9fUSA+xFpZPyH/9dVVQig59Wx4L5+Cwzjg799ubt/jJP48zeE9TuHwDjYBc/Ew+Ktvbv/z1ZWoe+rsjB4/7Abr5U+ajz9LXo9Px+21Mk1hoo/oX6HHjTLyKTjYyMJmCbLnO/hZMpjFAjSvxOIhbxgi5FK85m+ZCkuQu7UyKoxLO97yIFoYvbAluiw2oRoYgIQ2nG2AqJY2U+koRXQbbMm3fMsEX9JMK3GLbeAvNjhrlo5GOJiTA/oXLTdG6qXtmMBDiyS59PvY7eCklyb4QcfFi7tpdwu3VBt1XNorvM

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\e08be776-ee72-42bc-90fc-ab0a4aaa81e7.tmp

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):57002
                                                                                                                                                                                                                              Entropy (8bit):6.101562539164047
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:1536:WMk16zRRSVK43rkKMOR5tn6aopqfyW0e6x:WMYOGYKMOVnXOmyF/
                                                                                                                                                                                                                              MD5:3D45DCB737A2421C8648D77470A6399A
                                                                                                                                                                                                                              SHA1:0F029B18D51011C0E56A4B6AD35722C541BB73DF
                                                                                                                                                                                                                              SHA-256:928CCC8CBCD440FAA4771A3678AD793CDB01D4F55784F4304E61AC0DD534C505
                                                                                                                                                                                                                              SHA-512:A8F77CD72919846EB9345386BC67E2A28473DC8F6CA1A6D60D76DE168D00B0D828581E478C971F3142078C7999490C4A1398DB8AEFB22406447EBF5FCFDE2642
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview:{"abusive_adblocker_etag":"\"5E25271B8190D943537AD3FDB50874FC133E8B4A00380E2A6A888D63386F728B\"","browser":{"browser_build_version":"117.0.2045.47","browser_version_of_last_seen_whats_new":"117.0.2045.47","last_seen_whats_new_page_version":"117.0.2045.47"},"continuous_migration":{"local_guid":"34c7dd5e-f336-4151-8b1c-518d3c43e01f"},"desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL1dWZPktpH+KxP9ZDtU6GMujfykHY9txVpHyHIoYh2ODhBEkWiCAAdHVbEc/u+bCVb1dE8RqEqOdh806mbzw8VEXshM/PuKb27vha2luF9LHqKT96KVoru3G+mcquXVN/++4sOgleBBWeOvvvnn4YGs7wcLz8erb65+HMKPMVx9dVXbnisDT4wMa612TNj+6j9fUSA+xFpZPyH/9dVVQig59Wx4L5+Cwzjg799ubt/jJP48zeE9TuHwDjYBc/Ew+Ktvbv/z1ZWoe+rsjB4/7Abr5U+ajz9LXo9Px+21Mk1hoo/oX6HHjTLyKTjYyMJmCbLnO/hZMpjFAjSvxOIhbxgi5FK85m+ZCkuQu7UyKoxLO97yIFoYvbAluiw2oRoYgIQ2nG2AqJY2U+koRXQbbMm3fMsEX9JMK3GLbeAvNjhrlo5GOJiTA/oXLTdG6qXtmMBDiyS59PvY7eCklyb4QcfFi7tpdwu3VBt1XNorvM

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Tokenuserer\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):2278
                                                                                                                                                                                                                              Entropy (8bit):3.8446640836661614
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:48:uiTrlKxrgxvxl9Il8u9c2TMPDvf1zChDT6WrBd1rc:mGYgAaDvf1zChDri
                                                                                                                                                                                                                              MD5:2841D6CE04D3859486E17E0DB55AD1C3
                                                                                                                                                                                                                              SHA1:BCC17EE4897B7A009819A41AA6084AF259F06AD8
                                                                                                                                                                                                                              SHA-256:05082386654BA2E6FECAF41C2ADF1431BCAA87A0DE1736493778C494621B3C80
                                                                                                                                                                                                                              SHA-512:6AD0F471566CC0F7DE69E815D40205672940195C9C635494453B7E4B86DF553052591A99FACA3FA0DBB2A09EB5AC580886097550257984416C654BA4008F64D1
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview:{.".T.B.D.a.t.a.S.t.o.r.e.O.b.j.e.c.t.".:.{.".H.e.a.d.e.r.".:.{.".O.b.j.e.c.t.T.y.p.e.".:.".T.o.k.e.n.R.e.s.p.o.n.s.e.".,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.a.j.o.r.".:.2.,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.i.n.o.r.".:.1.}.,.".O.b.j.e.c.t.D.a.t.a.".:.{.".S.y.s.t.e.m.D.e.f.i.n.e.d.P.r.o.p.e.r.t.i.e.s.".:.{.".R.e.q.u.e.s.t.I.n.d.e.x.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".W.i.p.w.W.M.+.N.H.l.b.C.D.m.s.Z.p.8.S.O.s.j.h.t.F.B.s.=.".}.,.".E.x.p.i.r.a.t.i.o.n.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.M.u.p.9.J.y.P.2.w.E.=.".}.,.".S.t.a.t.u.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.A.A.A.A.A.=.=.".}.,.".R.e.s.p.o.n.s.e.B.y.t.e.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.t.r.u.e.,.".V.a.l.u.e.".:.".A.Q.A.A.A.N.C.M.n.d.8.B.F.d.E.R.j.H.o.A.w.E./.C.l.+.s.B.A.A.A.A.I.j.E.2.P.Q.

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Tokenuserer\Cache\cf7513a936f7effbb38627e56f8d1fce10eb12cc.tbres

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):4622
                                                                                                                                                                                                                              Entropy (8bit):4.0017739283089355
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:48:uiTrlKxEx9xD9Il8u9c2DDvnHRTLpG3sCFx3Nee6CcsP/M24r3F6lhYYWXEl+XKs:zYgMvnx83sCFOC3P4WWW2Kd1rMOK
                                                                                                                                                                                                                              MD5:9D6D71252EDEB79B156BF239D7E44335
                                                                                                                                                                                                                              SHA1:9B25143057E00A13DFAD7DD0B81AEC9AA67EB231
                                                                                                                                                                                                                              SHA-256:7B334A824719B923CBD49B5834987D2B31D737E2BEFF6F3550E3EC5BD9D07A39
                                                                                                                                                                                                                              SHA-512:16F45423153919645F5C1E831A1AC43B144E02450816474C52C8FD130D50E07F01E70D74F859547A4B21090661751D82176BBE34105A0C0205EE7A4258A6ADED
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview:{.".T.B.D.a.t.a.S.t.o.r.e.O.b.j.e.c.t.".:.{.".H.e.a.d.e.r.".:.{.".O.b.j.e.c.t.T.y.p.e.".:.".T.o.k.e.n.R.e.s.p.o.n.s.e.".,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.a.j.o.r.".:.2.,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.i.n.o.r.".:.1.}.,.".O.b.j.e.c.t.D.a.t.a.".:.{.".S.y.s.t.e.m.D.e.f.i.n.e.d.P.r.o.p.e.r.t.i.e.s.".:.{.".R.e.q.u.e.s.t.I.n.d.e.x.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".z.3.U.T.q.T.b.3.7./.u.z.h.i.f.l.b.4.0.f.z.h.D.r.E.s.w.=.".}.,.".E.x.p.i.r.a.t.i.o.n.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".x.M.Y.4.2.p.S.P.2.w.E.=.".}.,.".S.t.a.t.u.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.w.A.A.A.A.=.=.".}.,.".R.e.s.p.o.n.s.e.B.y.t.e.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.t.r.u.e.,.".V.a.l.u.e.".:.".A.Q.A.A.A.N.C.M.n.d.8.B.F.d.E.R.j.H.o.A.w.E./.C.l.+.s.B.A.A.A.A.I.j.E.2.P.Q.

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Tokenuserer\Cache\e8ddd4cbd9c0504aace6ef7a13fa20d04fd52408.tbres

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):2684
                                                                                                                                                                                                                              Entropy (8bit):3.9026119694089316
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:48:uiTrlKx68Wa7x7xl9Il8u9c2NCvWPTs4urxoXNMQachH5yt0W9+LeQJF/Hid/vc:aVYg6CvLrIthH5I06+Lx/
                                                                                                                                                                                                                              MD5:828C0E8230F0E897F6362670740167E4
                                                                                                                                                                                                                              SHA1:EF93DB2EAED799D13E8699FE9C50C69BE628D69C
                                                                                                                                                                                                                              SHA-256:DB75D10D12C9C00915A77023EA759606E8D92271A600853A062E8935CDA81DD9
                                                                                                                                                                                                                              SHA-512:904BE21E86966881CDCBC5CFF36ABA3AB045C86A0EE18328CF54A1F85B15883D993918DA6BD6DB373FFBB41A14891B4F61C8B065D3FF70538844DD800B818017
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview:{.".T.B.D.a.t.a.S.t.o.r.e.O.b.j.e.c.t.".:.{.".H.e.a.d.e.r.".:.{.".O.b.j.e.c.t.T.y.p.e.".:.".T.o.k.e.n.R.e.s.p.o.n.s.e.".,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.a.j.o.r.".:.2.,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.i.n.o.r.".:.1.}.,.".O.b.j.e.c.t.D.a.t.a.".:.{.".S.y.s.t.e.m.D.e.f.i.n.e.d.P.r.o.p.e.r.t.i.e.s.".:.{.".R.e.q.u.e.s.t.I.n.d.e.x.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".6.N.3.U.y.9.n.A.U.E.q.s.5.u.9.6.E./.o.g.0.E./.V.J.A.g.=.".}.,.".E.x.p.i.r.a.t.i.o.n.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".4.C.d.Y.C.m.a.u.3.A.E.=.".}.,.".S.t.a.t.u.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.A.A.A.A.A.=.=.".}.,.".R.e.s.p.o.n.s.e.B.y.t.e.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.t.r.u.e.,.".V.a.l.u.e.".:.".A.Q.A.A.A.N.C.M.n.d.8.B.F.d.E.R.j.H.o.A.w.E./.C.l.+.s.B.A.A.A.A.I.j.E.2.P.Q.

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\GJ1F663Z\json[1].json

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):1787
                                                                                                                                                                                                                              Entropy (8bit):5.37176292427312
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:48:SfNaoCEwTECEOfNaoCcCzfNaoCBCxfNaoCT0UrU0U8CQ:6NnCEwTECE2NnCcCrNnCBCNNnCT0UrU2
                                                                                                                                                                                                                              MD5:EFE3ECB9D87F55D7D4EEE565B84B624B
                                                                                                                                                                                                                              SHA1:433463E4A39902592FEAF45186A589B25ABF9CB0
                                                                                                                                                                                                                              SHA-256:140B389D9D5DF47BA3ECA303CF9E15EC1B2143850238CFDD7A5B9CDB07E5BF90
                                                                                                                                                                                                                              SHA-512:516831301D6360AC0E7176660A5EADBE405E80117DD705778DAB5B80414DAD1FC4535B41B43B2621C3D4943EB071EEC4CA975B0B130867A9EFE554D1023CF353
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview:[ {.. "description": "",.. "devtoolsFrontendUrl": "/devtools/inspector.html?ws=localhost:9223/devtools/page/9D466D1AF081959B6BC160C6175B5DD4",.. "id": "9D466D1AF081959B6BC160C6175B5DD4",.. "title": "Google Network Speech",.. "type": "background_page",.. "url": "chrome-extension://neajdppkdcdipfabeoofebfddakdcjhd/_generated_background_page.html",.. "webSocketDebuggerUrl": "ws://localhost:9223/devtools/page/9D466D1AF081959B6BC160C6175B5DD4"..}, {.. "description": "",.. "devtoolsFrontendUrl": "/devtools/inspector.html?ws=localhost:9223/devtools/page/C0D815A6026AB0BC7214DB00BC5BBC1D",.. "id": "C0D815A6026AB0BC7214DB00BC5BBC1D",.. "title": "Google Hangouts",.. "type": "background_page",.. "url": "chrome-extension://nkeimhogjdpnpccoofpliimaahmaaome/background.html",.. "webSocketDebuggerUrl": "ws://localhost:9223/devtools/page/C0D815A6026AB0BC7214DB00BC5BBC1D"..}, {.. "description": "",.. "devtoolsFrontendUrl": "/devtools/inspector.html?ws=localhost:9223/devtoo

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ONMZACOW\json[1].json

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):3500
                                                                                                                                                                                                                              Entropy (8bit):5.392219693672761
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:96:6NnC2tjtFHC2tqNnCMbC+NnCc9ChNnCFdgECgNnCECZNnC8DCnNnCOvvVwCOv6Ng:6NDp7QN3NQNm/N6N7KN3vvVMv6NHA
                                                                                                                                                                                                                              MD5:0653FE364F14E0EEB0DE240E8258F225
                                                                                                                                                                                                                              SHA1:2CD19C7FC303968E3897EB91E7FA35863832ED42
                                                                                                                                                                                                                              SHA-256:EFF9F56D6817C8E71327211914DB173FE61AE458BC0AEF8E7904EC42120F5FE2
                                                                                                                                                                                                                              SHA-512:86185CEB70E5DA9CF424B4B10E853813233EE4C2467B3EA830E090CB0E9394309F801FEB318000326C5628017A49A7D575EB1C9BE4049735F19004F88F02C64E
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview:[ {.. "description": "",.. "devtoolsFrontendUrl": "/devtools/inspector.html?ws=localhost:9223/devtools/page/7595BDC322523CDCB7A7C031F16DC934",.. "id": "7595BDC322523CDCB7A7C031F16DC934",.. "title": "Microsoft Voices",.. "type": "background_page",.. "url": "chrome-extension://jdiccldimpdaibmpdkjnbmckianbfold/_generated_background_page.html",.. "webSocketDebuggerUrl": "ws://localhost:9223/devtools/page/7595BDC322523CDCB7A7C031F16DC934"..}, {.. "description": "",.. "devtoolsFrontendUrl": "/devtools/inspector.html?ws=localhost:9223/devtools/page/720A4BCCAF3B809F87FBCE31DEA1D68B",.. "id": "720A4BCCAF3B809F87FBCE31DEA1D68B",.. "title": "WebRTC Internals Extension",.. "type": "background_page",.. "url": "chrome-extension://ncbjelpjchkpbikbpkcchkhkblodoama/_generated_background_page.html",.. "webSocketDebuggerUrl": "ws://localhost:9223/devtools/page/720A4BCCAF3B809F87FBCE31DEA1D68B"..}, {.. "description": "",.. "devtoolsFrontendUrl": "/devtools/inspector.html?ws

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\4fb27ee0-a29d-48a8-a74e-07c7f719ff4b.tmp

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                              File Type:JPEG image data, comment: "Lavc59.36.100", baseline, precision 8, 1280x720, components 3
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):1439803
                                                                                                                                                                                                                              Entropy (8bit):7.994504721590179
                                                                                                                                                                                                                              Encrypted:true
                                                                                                                                                                                                                              SSDEEP:24576:BMn6S6inRMuQbLojm2kJ0VbUJphEhnrK3wknwCG1ZqNIwUmu8Gip:WR4uUL9x+VIJ/eybnwCG1ZSRx
                                                                                                                                                                                                                              MD5:34335BE10C5F81CFA1D1A368B5EAD13F
                                                                                                                                                                                                                              SHA1:8D13C8622277B688044B7BC6F9B55FC80081E046
                                                                                                                                                                                                                              SHA-256:91E2DC63D0D7A2F553CC27B91C9CAC5593B2506E5F42A2DD22B3CFA4609FE7FA
                                                                                                                                                                                                                              SHA-512:3668426C19A24F913006080984F02EF7077FC0E644477E9F0891538A167850B4FEFB16DB18074A8C8F91A57F9963DAF62AA5755F33703F8A48D6E8C64EAA84FE
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview:.....XICC_PROFILE......HLino....mntrRGB XYZ .........1..acspMSFT....IEC sRGB.......................-HP ................................................cprt...P...3desc.......lwtpt........bkpt........rXYZ........gXYZ...,....bXYZ...@....dmnd...T...pdmdd........vued...L....view.......$lumi........meas.......$tech...0....rTRC...<....gTRC...<....bTRC...<....text....Copyright (c) 1998 Hewlett-Packard Company..desc........sRGB IEC61966-2.1............sRGB IEC61966-2.1..................................................XYZ .......Q........XYZ ................XYZ ......o...8.....XYZ ......b.........XYZ ......$.........desc........IEC http://www.iec.ch............IEC http://www.iec.ch..............................................desc........IEC 61966-2.1 Default RGB colour space - sRGB............IEC 61966-2.1 Default RGB colour space - sRGB......................desc.......,Reference Viewing Condition in IEC61966-2.1...........,Reference Viewing Condition in IEC61966-2.1..........................

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\8d892071-119b-48bc-b60d-aaaf5afa0330.tmp

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                              File Type:very short file (no magic)
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):1
                                                                                                                                                                                                                              Entropy (8bit):0.0
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:3:L:L
                                                                                                                                                                                                                              MD5:5058F1AF8388633F609CADB75A75DC9D
                                                                                                                                                                                                                              SHA1:3A52CE780950D4D969792A2559CD519D7EE8C727
                                                                                                                                                                                                                              SHA-256:CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
                                                                                                                                                                                                                              SHA-512:0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview:.

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\9000842a-875e-4e3b-ba7d-2e761205d0a4.tmp

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                              File Type:very short file (no magic)
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):1
                                                                                                                                                                                                                              Entropy (8bit):0.0
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:3:L:L
                                                                                                                                                                                                                              MD5:5058F1AF8388633F609CADB75A75DC9D
                                                                                                                                                                                                                              SHA1:3A52CE780950D4D969792A2559CD519D7EE8C727
                                                                                                                                                                                                                              SHA-256:CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
                                                                                                                                                                                                                              SHA-512:0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview:.

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\99adb395-cafd-4722-ad6f-fae64dbae21a.tmp

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                              File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 135363
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):76326
                                                                                                                                                                                                                              Entropy (8bit):7.9961120748813075
                                                                                                                                                                                                                              Encrypted:true
                                                                                                                                                                                                                              SSDEEP:1536:hS5Vvm808scZeEzFrSpzBUl4MZIGM/iysAGz8vBBrYunau6wp:GdS8scZNzFrMa4M+lKqeu/nr
                                                                                                                                                                                                                              MD5:01E352D35675990A139199DD86B38AAC
                                                                                                                                                                                                                              SHA1:E16163C81E5F36B3B819AA0A63BFA63D88548A91
                                                                                                                                                                                                                              SHA-256:148CDE42D38C62C1A1E8B8D3D4BD8830F0F8C2DC684E3C59B0A510E31011CA4A
                                                                                                                                                                                                                              SHA-512:75A58FFAD6E3E0546268CC863AE382B5429795D8BCED64BAE2D06BCEEB6C2E37BD656A3E335EB61B521888B76913F2D0281F8C9C081FF8637307AE5934D98C8B
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview:...........m{..(.}...7.\...N.D*.w..m..q....%XfL.*I.ql..;/.....s...E...0....`..A..[o^.^Y...F_.'.*.."L...^.......Y..W..l...E0..YY...:.&.u?....J..U<.q."...p.ib:.g.*.^.q.mr.....^&.{.E.....,EAp.q.......=.=.....z^.,d.^..J.R..zI4..2b?.-D5/.^...+.G..Y..?5..k........i.,.T#........_DV....P..d2......b\..L....o....Z.}../....CU.$.-..D9`..~......=....._.2O..?....b.{...7IY.L..q....K....T..5m.d.s.4.^... ..~<..7~6OS..b...^>.......s..n....k."..G.....L...z.U...... ... .ZY...,...kU1..N...(..V.r\$..s...X.It...x.mr..W....g........9DQR....*d......;L.S.....G... .._D.{.=.zI.g.Y~...`T..p.yO..4......8$..v.J..I.%..._.d.[..du5._._...?\..8.c.....U...fy.t....q.t....T@.......:zu..\,.!.I..AN_.....FeX..h.c.i.W.......(.....Y..F...R%.\..@.. 2(e,&.76..F+...l.t.$..`...........Wi.{.U.&(.b}...}.i..,...k....!..%...&.c..D-."..SQ.......q9....)j....7.".N....AX...).d./giR....uk.....s.....^...........:...~......(hP..K.@.&..?.E0:+D|9...U.q.cu..)t{.e...X...{.....z......LL&I6.=.

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\a9f1c016-dfdb-49be-b434-733d09d0a1bc.tmp

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                              File Type:JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1366x720, components 3
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):206855
                                                                                                                                                                                                                              Entropy (8bit):7.983996634657522
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:3072:5WcDW3D2an0GMJGqJCj+1ZxdmdopHjHTFYPQyairiVoo4XSWrPoiXvJddppWmEI5:l81Lel7E6lEMVo/S01fDpWmEgD
                                                                                                                                                                                                                              MD5:788DF0376CE061534448AA17288FEA95
                                                                                                                                                                                                                              SHA1:C3B9285574587B3D1950EE4A8D64145E93842AEB
                                                                                                                                                                                                                              SHA-256:B7FB1D3C27E04785757E013EC1AC4B1551D862ACD86F6888217AB82E642882A5
                                                                                                                                                                                                                              SHA-512:3AA9C1AA00060753422650BBFE58EEEA308DA018605A6C5287788C3E2909BE876367F83B541E1D05FE33F284741250706339010571D2E2D153A5C5A107D35001
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview:......Exif..II*.................Ducky.......2......Adobe.d...........................................................#"""#''''''''''..................................................!! !!''''''''''........V.."....................................................................................!1..AQ..aq."2....R..T....Br.#S.U..b..3Cs...t6.c.$D.5uV...4d.E&....%F......................!1..AQaq....."2......BRbr3CS....#..4.............?......1f.n..T......TP....E...........P.....@.........E..@......E.P........@........E.....P.P..A@@.E..@.P.P..AP.P..AP..@....T..AP.E..P.Z .. ....."... .....7.H...w.....t.....T....M.."... P..n.n..t5..*B.P..*(.................*.....................( ..................*.. .".... .".......(.. .".....*.. ....o......E.6... ..*..."........."J......Ah......@.@@....:@{6..wCp..3...((.(......................*...@..(...."....................*......*.. ........T.......@.@@........AP.P..@.E@....E@.d.E@.@@..@.P.T..@..@..P.D...@M........EO..."...=.wCp.....R......P.@......

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\cv_debug.log

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):1420
                                                                                                                                                                                                                              Entropy (8bit):5.429031206648664
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:24:Yac54VJfe54V80NBgu5SBxK0Npm25Spe0TxqXIp5r7qJ0ReL5uGx5uXml0h:Yac5oJG5o807d54xK07m25Ee0TxqXIpL
                                                                                                                                                                                                                              MD5:DA00051F94865B2AE8583D91A541E451
                                                                                                                                                                                                                              SHA1:CD32672AC4B0FC729F73CC18C4F89601922B179C
                                                                                                                                                                                                                              SHA-256:68E823D809AF0A173F5609A0594B6BE597128A0BF578ED5F85ACBD1D6309E373
                                                                                                                                                                                                                              SHA-512:526740D41A7D07411CEA6742EED20A5C3DFBACD34F46B984F1E3D46C1626AA61191C3A2DCE4EFB19D0055C518E84B656F3F4785DF1CD4ACD3A81ECAF2DAF989E
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview:{"logTime": "1005/094927", "correlationVector":"2Yoymfq2DNqKkEQxScdye6","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1005/094932", "correlationVector":"f8obPuKjAlRxEct+yTS+WU","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1005/094932", "correlationVector":"3424AD3BF2D647858C80467BB9A206FC","action":"FETCH_UX_CONFIG", "result":""}.{"logTime": "1005/102334", "correlationVector":"R7sA2ORjmzFG+jb9x+Jiab","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1005/102334", "correlationVector":"C4F87C103BB24B0EA24A826332D35037","action":"FETCH_UX_CONFIG", "result":""}.{"logTime": "1005/102550", "correlationVector":"gABMZMZtO1erzif4SmQ7ja","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1005/102550", "correlationVector":"15ED17FAD0C64F2DB623BFAC8C77343C","action":"FETCH_UX_CONFIG", "result":""}.{"logTime": "1005/103007", "correlationVector":"+pZdWNzglJOCMtTzwL811z","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1005/103008", "correlationVector":"F3AB7FFA

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\dbec1076-1d6d-464d-9f95-e7f10eab1831.tmp

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                              File Type:Google Chrome extension, version 3
                                                                                                                                                                                                                              Category:modified
                                                                                                                                                                                                                              Size (bytes):11185
                                                                                                                                                                                                                              Entropy (8bit):7.951995436832936
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:192:YEKh1jNlwQbamjq6Bcykrs3kAVg55GzVQM5F+XwsxNv7/lsoltBq0WG4ZeJTmrRb:fKT/BAzA05Gn5F+XV7NNltrWG4kJTm1b
                                                                                                                                                                                                                              MD5:78E47DDA17341BED7BE45DCCFD89AC87
                                                                                                                                                                                                                              SHA1:1AFDE30E46997452D11E4A2ADBBF35CCE7A1404F
                                                                                                                                                                                                                              SHA-256:67D161098BE68CD24FEBC0C7B48F515F199DDA72F20AE3BBB97FCF2542BB0550
                                                                                                                                                                                                                              SHA-512:9574A66D3756540479DC955C4057144283E09CAE11CE11EBCE801053BB48E536E67DC823B91895A9E3EE8D3CB27C065D5E9030C39A26CBF3F201348385B418A5
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview:Cr24..............0.."0...*.H.............0.........N.......E#......9e.u.q...VYY..@.+.C..k.O..bK.`..6.G..%.....3Z...e _.6....F..1p..K.Z......./ .3...OT..`..0...Y...FT..43.th.y...}....p.L...2S.&i.`..o...f.oH.....N..:..ijT.3.F{.0.,.f?'f.CQt;b_"Pc.. ..~S.I.c.8Z.;.....{G.a......k...>.`.o..%.$>;.....g.............jg?.R..@.:..........&..{...x@.Py..;kT....%F".S..w...N....9...A..@X.t!i.@..1;......1E..X.....[.~$....J......;=T.;)k..Y...$......S......M.P..P..>..=..u.....2p...w.9..1qw.a\A..Vj .C.....A..Cf1.r6.A...L. _m...[..l.Wr_../.. .B..9!.!+..ZG.K.......0.."0...*.H.............0.........^SUd%Q.L].......Cl2o...\[.....'*...;R=....N.C5....d. .....J.C>u.kr..Y..syJC.XS.q..E.n?....(G.5..)2.G..!.M.SS.{..U....!.EE..M[.#qs.A.1...g)nQ.c..G....Bd..7... .O.BI..KXQ..4.d.K.0......g.....-p....Z.E{...M&.~n.TE7..{0....5.#.C+3.y)pd9.e.........@..3.9..B.....I....2nX........2.?.~..S....]G.N.....Lr.O.Ve....9..D1.G..W)...P.?=.#..7.R.lz..a.wX.e..h.h.~....v..RP.@X....d.G

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\ed0f50e7-0e7e-46e4-a656-46bc14a4bced.tmp

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                              File Type:Google Chrome extension, version 3
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):154545
                                                                                                                                                                                                                              Entropy (8bit):7.839678617100523
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:3072:zZH5WPD5SqCJryow8AWTtwGrasOQNHjWRKnvXTwL:zpIPFCXjAWTtwGusOWmMvjwL
                                                                                                                                                                                                                              MD5:EAE462C55EBA847A1A8B58E58976B253
                                                                                                                                                                                                                              SHA1:4D7C9D59D6AE64EB852BD60B48C161125C820673
                                                                                                                                                                                                                              SHA-256:EBCDA644BCFBD0C9300227BAFDE696E8923DDB004B4EE619D7873E8A12EAE2AD
                                                                                                                                                                                                                              SHA-512:494481A98AB6C83B16B4E8D287D85BA66499501545DA45458ACC395DA89955971CF2A14E83C2DA041C79C580714B92B9409AA14017A16D0B80A7FF3D91BAD2A3
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview:Cr24..............0.."0...*.H.............0.........^...1"...w.g..t..2J.G1.)X4..=&.?[j,Lz..j.u.e[I.q*Ba/X...P.h..L.....2%3_o.......H.)'.=.e...?.......j..3UH.|.X.M..u..s[.*..?$....F%....I....)..,-./.e5).f..O.q.^........9..(.._.ph2..^.YBPXf_8....h[.v...S.*1`.#..5.SF.:f-.#.65.i..b.]9...y2.'....k[...................h...|..=.Ih.\...T.....}..u0...HVND......R....~D.H$9w._2.3.2...5.H.V.@....k;..c.V.7s....9o`_3qP{}....*.G....5.:.m..]..:.w|'..lG.../..,...G....g...O..}....K.Hk......T>..F7G.!n..h.j...J...XzbG..*..kK]!z..;.K.U.......1:..7w.....6...N.I!....[0Y0...*.H.=....*.H.=....B..............r...2..+Y.I...k..bR.j5Sl..8.......H"i.-l..`.Q.{...H0F.!...j9%2/.....(-.C.....].=....I.a..!......k..,i.....T.m.xM.W4.)`0..6R".%............m..8.....|.#......`..L0~..F-....B%.Bh.......H....R..~...Z....7Q...y....?.....[......t........J.R^....o....?.%....3h...8.....e..0.v..33.Si...._....3.d.S...Y....b.....O.s$......~...)l..g._.);.S.......yn@.....3iG.).I76.]..].t_..

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir8184_2031167299\CRX_INSTALL\_metadata\verified_contents.json

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):1753
                                                                                                                                                                                                                              Entropy (8bit):5.8889033066924155
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:48:Pxpr7Xka2NXDpfsBJODI19Kg1JqcJW9O//JE3ZBDcpu/x:L3XgNSz9/4kIO3u3Xgpq
                                                                                                                                                                                                                              MD5:738E757B92939B24CDBBD0EFC2601315
                                                                                                                                                                                                                              SHA1:77058CBAFA625AAFBEA867052136C11AD3332143
                                                                                                                                                                                                                              SHA-256:D23B2BA94BA22BBB681E6362AE5870ACD8A3280FA9E7241B86A9E12982968947
                                                                                                                                                                                                                              SHA-512:DCA3E12DD5A9F1802DB6D11B009FCE2B787E79B9F730094367C9F26D1D87AF1EA072FF5B10888648FB1231DD83475CF45594BB0C9915B655EE363A3127A5FFC2
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview:[.. {.. "description": "treehash per file",.. "signed_content": {.. "payload": "eyJpdGVtX2lkIjoiam1qZmxnanBjcGVwZWFmbW1nZHBma29na2doY3BpaGEiLCJpdGVtX3ZlcnNpb24iOiIxLjIuMSIsInByb3RvY29sX3ZlcnNpb24iOjEsImNvbnRlbnRfaGFzaGVzIjpbeyJmb3JtYXQiOiJ0cmVlaGFzaCIsImRpZ2VzdCI6InNoYTI1NiIsImJsb2NrX3NpemUiOjQwOTYsImhhc2hfYmxvY2tfc2l6ZSI6NDA5NiwiZmlsZXMiOlt7InBhdGgiOiJjb250ZW50LmpzIiwicm9vdF9oYXNoIjoiQS13R1JtV0VpM1lybmxQNktneUdrVWJ5Q0FoTG9JZnRRZGtHUnBEcnp1QSJ9LHsicGF0aCI6ImNvbnRlbnRfbmV3LmpzIiwicm9vdF9oYXNoIjoiVU00WVRBMHc5NFlqSHVzVVJaVTFlU2FBSjFXVENKcHhHQUtXMGxhcDIzUSJ9LHsicGF0aCI6Im1hbmlmZXN0Lmpzb24iLCJyb290X2hhc2giOiJKNXYwVTkwRmN0ejBveWJMZmZuNm5TbHFLU0h2bHF2YkdWYW9FeWFOZU1zIn1dfV19",.. "signatures": [.. {.. "header": {.. "kid": "publisher".. },.. "protected": "eyJhbGciOiJSUzI1NiJ9",.. "signature": "UglEEilkOml5P1W0X6wc-_dB87PQB73uMir11923av57zPKujb4IUe_lbGpn7cRZsy6x-8i9eEKxAW7L2TSmYqrcp4XtiON6ppcf27FWACXOUJDax9wlMr-EOtyZhykCnB9vR

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir8184_2031167299\CRX_INSTALL\content.js

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                              File Type:Unicode text, UTF-8 text, with very long lines (8031), with no line terminators
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):9815
                                                                                                                                                                                                                              Entropy (8bit):6.1716321262973315
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:192:+ThBV4L3npstQp6VRtROQGZ0UyVg4jq4HWeGBnUi65Ep4HdlyKyjFN3zEScQZBMX:+ThBVq3npozftROQIyVfjRZGB365Ey97
                                                                                                                                                                                                                              MD5:3D20584F7F6C8EAC79E17CCA4207FB79
                                                                                                                                                                                                                              SHA1:3C16DCC27AE52431C8CDD92FBAAB0341524D3092
                                                                                                                                                                                                                              SHA-256:0D40A5153CB66B5BDE64906CA3AE750494098F68AD0B4D091256939EEA243643
                                                                                                                                                                                                                              SHA-512:315D1B4CC2E70C72D7EB7D51E0F304F6E64AC13AE301FD2E46D585243A6C936B2AD35A0964745D291AE9B317C316A29760B9B9782C88CC6A68599DB531F87D59
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview:(()=>{"use strict";var e={1:(e,o)=>{Object.defineProperty(o,"__esModule",{value:!0}),o.newCwsPromotionalButtonCta=o.chromeToEdgeCwsButtonCtaMapping=void 0,o.chromeToEdgeCwsButtonCtaMapping={"...... ... Chrome":"...... ....","........ .. Chrome":".....",........:"..........",".......... .. Chrome":"..........","Chrome . .....":"...","Chrome .... ....":"....","Afegeix a Chrome":"Obt.n","Suprimeix de Chrome":"Suprimeix","P.idat do Chromu":"Z.skat","Odstranit z Chromu":"Odebrat","F.j til Chrome":"F.","Fjern fra Chrome":"Fjerne",Hinzuf.gen:"Abrufen","Aus Chrome entfernen":"Entfernen","Add to Chrome":"Get","Remove from Chrome":"Remove","A.adir a Chrome":"Obtener",Desinstalar:"Quitar","Agregar a Chrome":"Obtener","Eliminar de Chrome":"Quitar","Lisa Chrome'i":"Hangi","Chrome'ist eemaldamine":"Eemalda",.......H:"........","......... ... .. Chr

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir8184_2031167299\CRX_INSTALL\content_new.js

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                              File Type:Unicode text, UTF-8 text, with very long lines (8604), with no line terminators
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):10388
                                                                                                                                                                                                                              Entropy (8bit):6.174387413738973
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:192:+ThBV4L3npstQp6VRtROQGZ0UyVg4jq4HWeGBnUi65Ep4HdlyKyjFN3EbmE1F4fn:+ThBVq3npozftROQIyVfjRZGB365Ey9+
                                                                                                                                                                                                                              MD5:3DE1E7D989C232FC1B58F4E32DE15D64
                                                                                                                                                                                                                              SHA1:42B152EA7E7F31A964914F344543B8BF14B5F558
                                                                                                                                                                                                                              SHA-256:D4AA4602A1590A4B8A1BCE8B8D670264C9FB532ADC97A72BC10C43343650385A
                                                                                                                                                                                                                              SHA-512:177E5BDF3A1149B0229B6297BAF7B122602F7BD753F96AA41CCF2D15B2BCF6AF368A39BB20336CCCE121645EC097F6BEDB94666C74ACB6174EB728FBFC43BC2A
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview:(()=>{"use strict";var e={1:(e,o)=>{Object.defineProperty(o,"__esModule",{value:!0}),o.newCwsPromotionalButtonCta=o.chromeToEdgeCwsButtonCtaMapping=void 0,o.chromeToEdgeCwsButtonCtaMapping={"...... ... Chrome":"...... ....","........ .. Chrome":".....",........:"..........",".......... .. Chrome":"..........","Chrome . .....":"...","Chrome .... ....":"....","Afegeix a Chrome":"Obt.n","Suprimeix de Chrome":"Suprimeix","P.idat do Chromu":"Z.skat","Odstranit z Chromu":"Odebrat","F.j til Chrome":"F.","Fjern fra Chrome":"Fjerne",Hinzuf.gen:"Abrufen","Aus Chrome entfernen":"Entfernen","Add to Chrome":"Get","Remove from Chrome":"Remove","A.adir a Chrome":"Obtener",Desinstalar:"Quitar","Agregar a Chrome":"Obtener","Eliminar de Chrome":"Quitar","Lisa Chrome'i":"Hangi","Chrome'ist eemaldamine":"Eemalda",.......H:"........","......... ... .. Chr

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir8184_2031167299\CRX_INSTALL\manifest.json

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):962
                                                                                                                                                                                                                              Entropy (8bit):5.698567446030411
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:24:1Hg9+D3DRnbuF2+sUrzUu+Y9VwE+Fg41T1O:NBqY+6E+F7JO
                                                                                                                                                                                                                              MD5:E805E9E69FD6ECDCA65136957B1FB3BE
                                                                                                                                                                                                                              SHA1:2356F60884130C86A45D4B232A26062C7830E622
                                                                                                                                                                                                                              SHA-256:5694C91F7D165C6F25DAF0825C18B373B0A81EA122C89DA60438CD487455FD6A
                                                                                                                                                                                                                              SHA-512:049662EF470D2B9E030A06006894041AE6F787449E4AB1FBF4959ADCB88C6BB87A957490212697815BB3627763C01B7B243CF4E3C4620173A95795884D998A75
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview:{.. "content_scripts": [ {.. "js": [ "content.js" ],.. "matches": [ "https://chrome.google.com/webstore/*" ].. }, {.. "js": [ "content_new.js" ],.. "matches": [ "https://chromewebstore.google.com/*" ].. } ],.. "description": "Edge relevant text changes on select websites to improve user experience and precisely surfaces the action they want to take.",.. "key": "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu06p2Mjoy6yJDUUjCe8Hnqvtmjll73XqcbylxFZZWe+MCEAEK+1D0Nxrp0+IuWJL02CU3jbuR5KrJYoezA36M1oSGY5lIF/9NhXWEx5GrosxcBjxqEsdWv/eDoOOEbIvIO0ziMv7T1SUnmAA07wwq8DXWYuwlkZU/PA0Mxx0aNZ5+QyMfYqRmMpwxkwPG8gyU7kmacxgCY1v7PmmZo1vSIEOBYrxl064w5Q6s/dpalSJM9qeRnvRMLsszGY/J2bjQ1F0O2JfIlBjCOUg/89+U8ZJ1mObOFrKO4um8QnenXtH0WGmsvb5qBNrvbWNPuFgr2+w5JYlpSQ+O8zUCb8QZwIDAQAB",.. "manifest_version": 3,.. "name": "Edge relevant text changes",.. "update_url": "https://edge.microsoft.com/extensionwebstorebase/v1/crx",.. "version": "1.2.1"..}..

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir8184_2031167299\dbec1076-1d6d-464d-9f95-e7f10eab1831.tmp

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                              File Type:Google Chrome extension, version 3
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):11185
                                                                                                                                                                                                                              Entropy (8bit):7.951995436832936
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:192:YEKh1jNlwQbamjq6Bcykrs3kAVg55GzVQM5F+XwsxNv7/lsoltBq0WG4ZeJTmrRb:fKT/BAzA05Gn5F+XV7NNltrWG4kJTm1b
                                                                                                                                                                                                                              MD5:78E47DDA17341BED7BE45DCCFD89AC87
                                                                                                                                                                                                                              SHA1:1AFDE30E46997452D11E4A2ADBBF35CCE7A1404F
                                                                                                                                                                                                                              SHA-256:67D161098BE68CD24FEBC0C7B48F515F199DDA72F20AE3BBB97FCF2542BB0550
                                                                                                                                                                                                                              SHA-512:9574A66D3756540479DC955C4057144283E09CAE11CE11EBCE801053BB48E536E67DC823B91895A9E3EE8D3CB27C065D5E9030C39A26CBF3F201348385B418A5
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview:Cr24..............0.."0...*.H.............0.........N.......E#......9e.u.q...VYY..@.+.C..k.O..bK.`..6.G..%.....3Z...e _.6....F..1p..K.Z......./ .3...OT..`..0...Y...FT..43.th.y...}....p.L...2S.&i.`..o...f.oH.....N..:..ijT.3.F{.0.,.f?'f.CQt;b_"Pc.. ..~S.I.c.8Z.;.....{G.a......k...>.`.o..%.$>;.....g.............jg?.R..@.:..........&..{...x@.Py..;kT....%F".S..w...N....9...A..@X.t!i.@..1;......1E..X.....[.~$....J......;=T.;)k..Y...$......S......M.P..P..>..=..u.....2p...w.9..1qw.a\A..Vj .C.....A..Cf1.r6.A...L. _m...[..l.Wr_../.. .B..9!.!+..ZG.K.......0.."0...*.H.............0.........^SUd%Q.L].......Cl2o...\[.....'*...;R=....N.C5....d. .....J.C>u.kr..Y..syJC.XS.q..E.n?....(G.5..)2.G..!.M.SS.{..U....!.EE..M[.#qs.A.1...g)nQ.c..G....Bd..7... .O.BI..KXQ..4.d.K.0......g.....-p....Z.E{...M&.~n.TE7..{0....5.#.C+3.y)pd9.e.........@..3.9..B.....I....2nX........2.?.~..S....]G.N.....Lr.O.Ve....9..D1.G..W)...P.?=.#..7.R.lz..a.wX.e..h.h.~....v..RP.@X....d.G

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir8184_284520192\CRX_INSTALL\128.png

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                              File Type:PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):4982
                                                                                                                                                                                                                              Entropy (8bit):7.929761711048726
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:96:L7Rf7U1ylWb3KfyEfOXE+PIcvBirQFiAql1ZwKREkXCSAk:pTvWqfD+gl0sAql1u7kySAk
                                                                                                                                                                                                                              MD5:913064ADAAA4C4FA2A9D011B66B33183
                                                                                                                                                                                                                              SHA1:99EA751AC2597A080706C690612AEEEE43161FC1
                                                                                                                                                                                                                              SHA-256:AFB4CE8882EF7AE80976EBA7D87F6E07FCDDC8E9E84747E8D747D1E996DEA8EB
                                                                                                                                                                                                                              SHA-512:162BF69B1AD5122C6154C111816E4B87A8222E6994A72743ED5382D571D293E1467A2ED2FC6CC27789B644943CF617A56DA530B6A6142680C5B2497579A632B5
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview:.PNG........IHDR..............>a....=IDATx..]}...U..;...O.Q..QH.I(....v..E....GUb*..R[.4@%..hK..B..(.B..". ....&)U#.%...jZ...JC.8.....{.cfvgf.3;.....}ow.....{...P.B...*T.P.B...*Tx...=.Q..wv.w.....|.e.1.$.P.?..l_\.n.}...~.g.....Q...A.f....m.....{,...C2 %..X.......FE.1.N..f...Q..D.K87.....:g..Q.{............3@$.8.....{.....q....G.. .....5..y......)XK..F...D.......... ."8...J#.eM.i....H.E.....a.RIP.`......)..T.....! .[p`X.`..L.a....e. .T..2.....H..p$..02...j....\..........s{...Ymm~.a........f.$./.[.{..C.2:.0..6..]....`....NW.....0..o.T..$;k.2......_...k..{,.+........{..6...L..... .dw...l$..}...K...EV....0......P...e....k....+Go....qw.9.1...X2\..qfw0v.....N...{...l.."....f.A..I..+#.v....'..~E.N-k.........{...l.$..ga..1...$......x$X=}.N..S..B$p..`..`.ZG:c..RA.(.0......Gg.A.I..>...3u.u........_..KO.m.........C...,..c.......0...@_..m...-..7.......4LZ......j@.......\..'....u. QJ.:G..I`.w'B0..w.H..'b.0- ......|..}./.....e..,.K.1........W.u.v. ...\.o

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir8184_284520192\CRX_INSTALL\_locales\af\messages.json

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):908
                                                                                                                                                                                                                              Entropy (8bit):4.512512697156616
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:12:1HASvgMTCBxNB+kCIww3v+BBJ/wjsV8lCBxeBeRiGTCSU8biHULaBg/4srCBhUJJ:1HAkkJ+kCIwEg/wwbw0PXa22QLWmSDg
                                                                                                                                                                                                                              MD5:12403EBCCE3AE8287A9E823C0256D205
                                                                                                                                                                                                                              SHA1:C82D43C501FAE24BFE05DB8B8F95ED1C9AC54037
                                                                                                                                                                                                                              SHA-256:B40BDE5B612CFFF936370B32FB0C58CC205FC89937729504C6C0B527B60E2CBA
                                                                                                                                                                                                                              SHA-512:153401ECDB13086D2F65F9B9F20ACB3CEFE5E2AEFF1C31BA021BE35BF08AB0634812C33D1D34DA270E5693A8048FC5E2085E30974F6A703F75EA1622A0CA0FFD
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview:{.. "createnew": {.. "message": "SKEP NUWE".. },.. "explanationofflinedisabled": {.. "message": "Jy is vanlyn. As jy Google Dokumente sonder 'n internetverbinding wil gebruik, moet jy die volgende keer as jy aan die internet gekoppel is na instellings op die Google Dokumente-tuisblad gaan en vanlynsinkronisering aanskakel.".. },.. "explanationofflineenabled": {.. "message": "Jy is vanlyn, maar jy kan nog steeds beskikbare l.ers redigeer of nuwes skep.".. },.. "extdesc": {.. "message": "Skep, wysig en bekyk jou dokumente, sigblaaie en aanbiedings . alles sonder toegang tot die internet.".. },.. "extname": {.. "message": "Google Vanlyn Dokumente".. },.. "learnmore": {.. "message": "Kom meer te wete".. },.. "popuphelptext": {.. "message": "Skryf, redigeer en werk saam, waar jy ook al is, met of sonder 'n internetverbinding.".. }..}..

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir8184_284520192\CRX_INSTALL\_locales\am\messages.json

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):1285
                                                                                                                                                                                                                              Entropy (8bit):4.702209356847184
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:24:1HAn6bfEpxtmqMI91ivWjm/6GcCIoToCZzlgkX/Mj:W6bMt3MITFjm/Pcd4oCZhg6k
                                                                                                                                                                                                                              MD5:9721EBCE89EC51EB2BAEB4159E2E4D8C
                                                                                                                                                                                                                              SHA1:58979859B28513608626B563138097DC19236F1F
                                                                                                                                                                                                                              SHA-256:3D0361A85ADFCD35D0DE74135723A75B646965E775188F7DCDD35E3E42DB788E
                                                                                                                                                                                                                              SHA-512:FA3689E8663565D3C1C923C81A620B006EA69C99FB1EB15D07F8F45192ED9175A6A92315FA424159C1163382A3707B25B5FC23E590300C62CBE2DACE79D84871
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview:{.. "createnew": {.. "message": "... ...".. },.. "explanationofflinedisabled": {.. "message": "..... .. .... Google ..... ........ ..... ..... .Google .... ... .. .. .. ..... .... ....... .. ....... ... .. .. ..... .. ..... ....".. },.. "explanationofflineenabled": {.. "message": "..... .. .... ... .. .... .... ..... .... ... ..... .... .....".. },.. "extdesc": {.. "message": "...... ..... .... ... .. ..... ...... ..... .... .. ..... . .... .. ...... .....".. },.. "extname": {.. "message": "..... .. Goog

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir8184_284520192\CRX_INSTALL\_locales\ar\messages.json

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):1244
                                                                                                                                                                                                                              Entropy (8bit):4.5533961615623735
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:12:1HASvgPCBxNhieFTr9ogjIxurIyJCCBxeh6wAZKn7uCSUhStuysUm+WCBhSueW1Y:1HAgJzoaC6VEn7Css8yoXzzd
                                                                                                                                                                                                                              MD5:3EC93EA8F8422FDA079F8E5B3F386A73
                                                                                                                                                                                                                              SHA1:24640131CCFB21D9BC3373C0661DA02D50350C15
                                                                                                                                                                                                                              SHA-256:ABD0919121956AB535E6A235DE67764F46CFC944071FCF2302148F5FB0E8C65A
                                                                                                                                                                                                                              SHA-512:F40E879F85BC9B8120A9B7357ED44C22C075BF065F45BEA42BD5316AF929CBD035D5D6C35734E454AEF5B79D378E51A77A71FA23F9EBD0B3754159718FCEB95C
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview:{.. "createnew": {.. "message": "..... ....".. },.. "explanationofflinedisabled": {.. "message": "... ... ...... ........ ....... Google ... ..... .......... ..... ... ......... .. ...... ........ ........ Google ..... ........ ... ..... .. ..... ....... .... .... .... ..........".. },.. "explanationofflineenabled": {.. "message": "... ... ...... .... .. .... ....... ..... ....... ....... .. ..... ..... ......".. },.. "extdesc": {.. "message": "..... ......... ...... ........ ....... ......... ........ ....... .. ... ... ..... .........".. },.. "extname": {.. "message": "....... Google ... ......".. },.. "learnmore": {.. "messa

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir8184_284520192\CRX_INSTALL\_locales\az\messages.json

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):977
                                                                                                                                                                                                                              Entropy (8bit):4.867640976960053
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:24:1HAWNjbwlmyuAoW32Md+80cVLdUSERHtRo3SjX:J3wlzs42m+8TV+S4H0CjX
                                                                                                                                                                                                                              MD5:9A798FD298008074E59ECC253E2F2933
                                                                                                                                                                                                                              SHA1:1E93DA985E880F3D3350FC94F5CCC498EFC8C813
                                                                                                                                                                                                                              SHA-256:628145F4281FA825D75F1E332998904466ABD050E8B0DC8BB9B6A20488D78A66
                                                                                                                                                                                                                              SHA-512:9094480379F5AB711B3C32C55FD162290CB0031644EA09A145E2EF315DA12F2E55369D824AF218C3A7C37DD9A276AEEC127D8B3627D3AB45A14B0191ED2BBE70
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview:{.. "createnew": {.. "message": "YEN.S.N. YARADIN".. },.. "explanationofflinedisabled": {.. "message": "Oflayns.n.z. Google S.n.di internet ba.lant.s. olmadan istifad. etm.k ist.yirsinizs., Google S.n.din .sas s.hif.sind. ayarlara gedin v. n.vb.ti d.f. internet. qo.ulanda oflayn sinxronizasiyan. aktiv edin.".. },.. "explanationofflineenabled": {.. "message": "Oflayns.n.z, amma m.vcud fayllar. redakt. ed. v. yenil.rini yarada bil.rsiniz.".. },.. "extdesc": {.. "message": "S.n.d, c.dv.l v. t.qdimatlar.n ham.s.n. internet olmadan redakt. edin, yarad.n v. bax.n.".. },.. "extname": {.. "message": "Google S.n.d Oflayn".. },.. "learnmore": {.. "message": ".trafl. M.lumat".. },.. "popuphelptext": {.. "message": "Harda olma..n.zdan v. internet. qo.ulu olub-olmad...n.zdan as.l. olmayaraq, yaz.n, redakt. edin v. .m.kda.l.q edin.".. }..}..

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir8184_284520192\CRX_INSTALL\_locales\be\messages.json

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):3107
                                                                                                                                                                                                                              Entropy (8bit):3.535189746470889
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:48:YOWdTQ0QRk+QyJQAy6Qg4QWSe+QECTQLHQlQIfyQ0fnWQjQDrTQik+QvkZTQ+89b:GdTbyRvwgbCTEHQhyVues9oOT3rOCkV
                                                                                                                                                                                                                              MD5:68884DFDA320B85F9FC5244C2DD00568
                                                                                                                                                                                                                              SHA1:FD9C01E03320560CBBB91DC3D1917C96D792A549
                                                                                                                                                                                                                              SHA-256:DDF16859A15F3EB3334D6241975CA3988AC3EAFC3D96452AC3A4AFD3644C8550
                                                                                                                                                                                                                              SHA-512:7FF0FBD555B1F9A9A4E36B745CBFCAD47B33024664F0D99E8C080BE541420D1955D35D04B5E973C07725573E592CD0DD84FDBB867C63482BAFF6929ADA27CCDE
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview:{"createnew":{"message":"\u0421\u0422\u0412\u0410\u0420\u042b\u0426\u042c \u041d\u041e\u0412\u042b"},"explanationofflinedisabled":{"message":"\u0412\u044b \u045e \u043f\u0430\u0437\u0430\u0441\u0435\u0442\u043a\u0430\u0432\u044b\u043c \u0440\u044d\u0436\u044b\u043c\u0435. \u041a\u0430\u0431 \u043a\u0430\u0440\u044b\u0441\u0442\u0430\u0446\u0446\u0430 \u0414\u0430\u043a\u0443\u043c\u0435\u043d\u0442\u0430\u043c\u0456 Google \u0431\u0435\u0437 \u043f\u0430\u0434\u043a\u043b\u044e\u0447\u044d\u043d\u043d\u044f \u0434\u0430 \u0456\u043d\u0442\u044d\u0440\u043d\u044d\u0442\u0443, \u043f\u0435\u0440\u0430\u0439\u0434\u0437\u0456\u0446\u0435 \u0434\u0430 \u043d\u0430\u043b\u0430\u0434 \u043d\u0430 \u0433\u0430\u043b\u043e\u045e\u043d\u0430\u0439 \u0441\u0442\u0430\u0440\u043e\u043d\u0446\u044b \u0414\u0430\u043a\u0443\u043c\u0435\u043d\u0442\u0430\u045e Google \u0456 \u045e\u043a\u043b\u044e\u0447\u044b\u0446\u0435 \u0441\u0456\u043d\u0445\u0440\u0430\u043d\u0456\u0437\u0430\u0446\u044b\u044e

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir8184_284520192\CRX_INSTALL\_locales\bg\messages.json

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):1389
                                                                                                                                                                                                                              Entropy (8bit):4.561317517930672
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:24:1HAp1DQqUfZ+Yann08VOeadclUZbyMzZzsYvwUNn7nOyRK8/nn08V7:g1UTfZ+Ya08Uey3tflCRE08h
                                                                                                                                                                                                                              MD5:2E6423F38E148AC5A5A041B1D5989CC0
                                                                                                                                                                                                                              SHA1:88966FFE39510C06CD9F710DFAC8545672FFDCEB
                                                                                                                                                                                                                              SHA-256:AC4A8B5B7C0B0DD1C07910F30DCFBDF1BCB701CFCFD182B6153FD3911D566C0E
                                                                                                                                                                                                                              SHA-512:891FCDC6F07337970518322C69C6026896DD3588F41F1E6C8A1D91204412CAE01808F87F9F2DEA1754458D70F51C3CEF5F12A9E3FC011165A42B0844C75EC683
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview:{.. "createnew": {.. "message": ".........".. },.. "explanationofflinedisabled": {.. "message": "...... .... .. .. .......... Google ......... ... ........ ......, ........ ........... . ......... ........ .. Google ......... . ........ ...... .............. ......... ..., ...... ..... ...... . .........".. },.. "explanationofflineenabled": {.. "message": "...... ..., .. ... ...... .. ........... ......... ....... ... .. ......... .....".. },.. "extdesc": {.. "message": "............, .......... . ............ ...... ........., .......... ....... . ........... . ...... .... ... ...... .. .........".. },..

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir8184_284520192\CRX_INSTALL\_locales\bn\messages.json

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):1763
                                                                                                                                                                                                                              Entropy (8bit):4.25392954144533
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:24:1HABGtNOtIyHmVd+q+3X2AFl2DhrR7FAWS9+SMzI8QVAEq8yB0XtfOyvU7D:oshmm/+H2Ml2DrFPS9+S99EzBd7D
                                                                                                                                                                                                                              MD5:651375C6AF22E2BCD228347A45E3C2C9
                                                                                                                                                                                                                              SHA1:109AC3A912326171D77869854D7300385F6E628C
                                                                                                                                                                                                                              SHA-256:1DBF38E425C5C7FC39E8077A837DF0443692463BA1FBE94E288AB5A93242C46E
                                                                                                                                                                                                                              SHA-512:958AA7CF645FAB991F2ECA0937BA734861B373FB1C8BCC001599BE57C65E0917F7833A971D93A7A6423C5F54A4839D3A4D5F100C26EFA0D2A068516953989F9D
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview:{.. "createnew": {.. "message": ".... .... ....".. },.. "explanationofflinedisabled": {.. "message": ".... ....... ....... .... ......... ..... ..... Google ........ ....... ...., Google .......... ........ ....... ... ... .... ... .... ... ........... .... ....... .... ... ...... ..... .... .....".. },.. "explanationofflineenabled": {.. "message": ".... ....... ......, ...... .... .... ...... .......... ........ .... .. .... .... .... .... .......".. },.. "extdesc":

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir8184_284520192\CRX_INSTALL\_locales\ca\messages.json

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):930
                                                                                                                                                                                                                              Entropy (8bit):4.569672473374877
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:12:1HASvggoSCBxNFT0sXuqgEHQ2fTq9blUJYUJaw9CBxejZFPLOjCSUuE44pMiiDat:1HAtqs+BEHGpURxSp1iUPWCAXtRKe
                                                                                                                                                                                                                              MD5:D177261FFE5F8AB4B3796D26835F8331
                                                                                                                                                                                                                              SHA1:4BE708E2FFE0F018AC183003B74353AD646C1657
                                                                                                                                                                                                                              SHA-256:D6E65238187A430FF29D4C10CF1C46B3F0FA4B91A5900A17C5DFD16E67FFC9BD
                                                                                                                                                                                                                              SHA-512:E7D730304AED78C0F4A78DADBF835A22B3D8114FB41D67B2B26F4FE938B572763D3E127B7C1C81EBE7D538DA976A7A1E7ADC40F918F88AFADEA2201AE8AB47D0
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview:{.. "createnew": {.. "message": "CREA'N UN DE NOU".. },.. "explanationofflinedisabled": {.. "message": "No tens connexi.. Per utilitzar Documents de Google sense connexi. a Internet, ves a la configuraci. de la p.gina d'inici d'aquest servei i activa l'opci. per sincronitzar-se sense connexi. la propera vegada que estiguis connectat a la xarxa.".. },.. "explanationofflineenabled": {.. "message": "Tot i que no tens connexi., pots editar o crear fitxers.".. },.. "extdesc": {.. "message": "Edita, crea i consulta documents, fulls de c.lcul i presentacions, tot sense acc.s a Internet.".. },.. "extname": {.. "message": "Documents de Google sense connexi.".. },.. "learnmore": {.. "message": "M.s informaci.".. },.. "popuphelptext": {.. "message": "Escriu text, edita fitxers i col.labora-hi siguis on siguis, amb o sense connexi. a Internet.".. }..}..

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir8184_284520192\CRX_INSTALL\_locales\cs\messages.json

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):913
                                                                                                                                                                                                                              Entropy (8bit):4.947221919047
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:12:1HASvgdsbCBxNBmobXP15Dxoo60n40h6qCBxeBeGG/9jZCSUKFPDLZ2B2hCBhPLm:1HApJmoZ5e50nzQhwAd7dvYB2kDSGGKs
                                                                                                                                                                                                                              MD5:CCB00C63E4814F7C46B06E4A142F2DE9
                                                                                                                                                                                                                              SHA1:860936B2A500CE09498B07A457E0CCA6B69C5C23
                                                                                                                                                                                                                              SHA-256:21AE66CE537095408D21670585AD12599B0F575FF2CB3EE34E3A48F8CC71CFAB
                                                                                                                                                                                                                              SHA-512:35839DAC6C985A6CA11C1BFF5B8B5E59DB501FCB91298E2C41CB0816B6101BF322445B249EAEA0CEF38F76D73A4E198F2B6E25EEA8D8A94EA6007D386D4F1055
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview:{.. "createnew": {.. "message": "VYTVO.IT".. },.. "explanationofflinedisabled": {.. "message": "Jste offline. Pokud chcete Dokumenty Google pou..vat bez p.ipojen. k.internetu, a. budete p...t. online, p.ejd.te do nastaven. na domovsk. str.nce Dokument. Google a.zapn.te offline synchronizaci.".. },.. "explanationofflineenabled": {.. "message": "Jste offline, ale st.le m..ete upravovat dostupn. soubory nebo vytv..et nov..".. },.. "extdesc": {.. "message": "Upravujte, vytv..ejte a.zobrazujte sv. dokumenty, tabulky a.prezentace . v.e bez p..stupu k.internetu.".. },.. "extname": {.. "message": "Dokumenty Google offline".. },.. "learnmore": {.. "message": "Dal.. informace".. },.. "popuphelptext": {.. "message": "Pi.te, upravujte a.spolupracujte kdekoli, s.p.ipojen.m k.internetu i.bez n.j.".. }..}..

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir8184_284520192\CRX_INSTALL\_locales\cy\messages.json

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):806
                                                                                                                                                                                                                              Entropy (8bit):4.815663786215102
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:12:YGo35xMxy6gLr4Dn1eBVa1xzxyn1VFQB6FDVgdAJex9QH7uy+XJEjENK32J21j:Y735+yoeeRG54uDmdXx9Q7u3r83Xj
                                                                                                                                                                                                                              MD5:A86407C6F20818972B80B9384ACFBBED
                                                                                                                                                                                                                              SHA1:D1531CD0701371E95D2A6BB5EDCB79B949D65E7C
                                                                                                                                                                                                                              SHA-256:A482663292A913B02A9CDE4635C7C92270BF3C8726FD274475DC2C490019A7C9
                                                                                                                                                                                                                              SHA-512:D9FBF675514A890E9656F83572208830C6D977E34D5744C298A012515BC7EB5A17726ADD0D9078501393BABD65387C4F4D3AC0CC0F7C60C72E09F336DCA88DE7
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview:{"createnew":{"message":"CREU NEWYDD"},"explanationofflinedisabled":{"message":"Rydych chi all-lein. I ddefnyddio Dogfennau Google heb gysylltiad \u00e2'r rhyngrwyd, ewch i'r gosodiadau ar dudalen hafan Dogfennau Google a throi 'offine sync' ymlaen y tro nesaf y byddwch wedi'ch cysylltu \u00e2'r rhyngrwyd."},"explanationofflineenabled":{"message":"Rydych chi all-lein, ond gallwch barhau i olygu'r ffeiliau sydd ar gael neu greu rhai newydd."},"extdesc":{"message":"Gallwch olygu, creu a gweld eich dogfennau, taenlenni a chyflwyniadau \u2013 i gyd heb fynediad i'r rhyngrwyd."},"extname":{"message":"Dogfennau Google All-lein"},"learnmore":{"message":"DYSGU MWY"},"popuphelptext":{"message":"Ysgrifennwch, golygwch a chydweithiwch lle bynnag yr ydych, gyda chysylltiad \u00e2'r rhyngrwyd neu hebddo."}}.

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\scoped_dir8184_284520192\CRX_INSTALL\_locales\da\messages.json

                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):883
                                                                                                                                                                                                                              Entropy (8bit):4.5096240460083905
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:24:1HA4EFkQdUULMnf1yo+9qgpukAXW9bGJTvDyqdr:zEFkegfw9qwAXWNs/yu
                                                                                                                                                                                                                              MD5:B922F7FD0E8CCAC31B411FC26542C5BA
                                                                                                                                                                                                                              SHA1:2D25E153983E311E44A3A348B7D97AF9AAD21A30
                                                                                                                                                                                                                              SHA-256:48847D57C75AF51A44CBF8F7EF1A4496C2007E58ED56D340724FDA1604FF9195
                                                                                                                                                                                                                              SHA-512: